Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Keeps Blasting Random Sound Clips (Possible Trojan?)


  • This topic is locked This topic is locked
30 replies to this topic

#1 Seraphite

Seraphite

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 22 April 2012 - 10:35 AM

Edit: I noticed you guys don't like the files attached and just want them copy pasted, so here you are.
UPDATE 4/22/2012: I figured since this was a sound problem I should probably check my sound mixer on the taskbar (derp). Turns out all the sound is coming from something called "Media Dashboard", and it is labelled with a Windows logo (looks like the start button). I have muted the sound as a quick fix, but I still want to get rid of the damn thing.

Hello,

My computer started blaring sound clips through the speakers yesterday, some British ADs, but mostly terrible hip-hop music. It's not coming through and program or process. I have tried everything I can think of, and even though it goes away for maybe 15 minutes when I restart, it comes back immediately after that. Could someone please help me? Let me know if there is any other information I can give you.

Much thanks!

DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Nick at 10:39:20 on 2012-04-22
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.2411 [GMT -5:00]
.
AV: Prevx 3.0 *Enabled/Updated* {85194EF3-9578-0A22-9A51-A9FE4DD90287}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Prevx 3.0 *Enabled/Updated* {3E78AF17-B342-05AC-A0E1-928C365E483A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\TEMP\mrt4AC5.tmp\stdrt.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
C:\Users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\SysWOW64\FpsGunTray.exe
C:\Program Files (x86)\Razer\Lycosa\razerhid.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Prevx\prevx.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\WUDFHost.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [AirVideoServer] C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
mRun: [FpsGun] C:\Windows\system32\FpsGunTray.exe
mRun: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Nick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\Nick\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 68.87.85.98 68.87.69.146
TCP: Interfaces\{459A6361-6B12-40F0-922D-84988E8DDE2A} : DhcpNameServer = 68.87.85.98 68.87.69.146
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [FpsGun] C:\Windows\system32\FpsGunTray.exe
mRun-x64: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe"
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\i2k8gr9y.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z137&form=ZGAADF&install_date=20111215&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Nick\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 pxscan;pxscan;C:\Windows\system32\drivers\pxscan.sys --> C:\Windows\system32\drivers\pxscan.sys [?]
R1 pxrts;pxrts;C:\Windows\system32\drivers\pxrts.sys --> C:\Windows\system32\drivers\pxrts.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 CSIScanner;CSIScanner;C:\Program Files\Prevx\prevx.exe [2011-6-21 6746280]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-22 654408]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 pxkbf;pxkbf;C:\Windows\system32\drivers\pxkbf.sys --> C:\Windows\system32\drivers\pxkbf.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 Adobe Licensing Console;Adobe Licensing Console;C:\Windows\SysWOW64\lnsecsl.exe [2012-4-20 905070]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2011-4-22 129856]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-22 15:19:09 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4D81A742-4C45-4240-9D94-0257B127DDD5}\offreg.dll
2012-04-22 15:18:40 -------- d-sh--w- C:\$RECYCLE.BIN
2012-04-22 07:30:13 -------- d-----w- C:\Users\Nick\AppData\Local\Eraser 6
2012-04-22 06:50:47 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-22 06:50:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-22 06:18:41 98816 ----a-w- C:\Windows\sed.exe
2012-04-22 06:18:41 518144 ----a-w- C:\Windows\SWREG.exe
2012-04-22 06:18:41 256000 ----a-w- C:\Windows\PEV.exe
2012-04-22 06:18:41 208896 ----a-w- C:\Windows\MBR.exe
2012-04-21 15:31:37 -------- d-----w- C:\Users\Nick\AppData\Roaming\Image-Line
2012-04-20 21:57:30 -------- d-----w- C:\Program Files (x86)\ASIO4ALL v2
2012-04-20 21:57:14 225280 ----a-w- C:\Windows\SysWow64\rewire.dll
2012-04-20 21:57:14 -------- d-----w- C:\Program Files (x86)\VstPlugins
2012-04-20 21:57:03 1554944 ----a-w- C:\Windows\SysWow64\vorbis.acm
2012-04-20 21:56:59 -------- d-----w- C:\Program Files (x86)\Outsim
2012-04-20 21:55:03 -------- d-----w- C:\Program Files (x86)\Image-Line
2012-04-20 21:53:11 905070 ----a-w- C:\Windows\SysWow64\lnsecsl.exe
2012-04-20 21:29:39 -------- d-----w- C:\Users\Nick\AppData\Roaming\VOCALOID3
2012-04-20 21:29:38 -------- d--h--w- C:\Users\Nick\AppData\Local\{ABBDEAEF-5AED-4c34-A22D-057A13C52D1E}
2012-04-20 21:29:37 -------- d-----w- C:\Users\Nick\AppData\Roaming\VCLDASGN3
2012-04-20 20:57:06 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes
2012-04-20 16:03:12 -------- d-----w- C:\Users\Nick\AppData\Local\VOCALOID3
2012-04-20 16:02:36 -------- d-----w- C:\Program Files (x86)\VOCALOID3AE
2012-04-20 16:02:27 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-04-20 16:02:27 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2012-04-20 16:02:27 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2012-04-17 12:09:59 -------- d-----w- C:\Users\Nick\AppData\Roaming\DVDVideoSoft
2012-04-16 02:09:38 -------- d-----r- C:\Users\Nick\Dropbox
2012-04-16 02:08:11 -------- d-----w- C:\Users\Nick\AppData\Roaming\Dropbox
2012-04-14 22:05:34 -------- d-----w- C:\Windows\SysWow64\xlive
2012-04-14 22:05:31 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-04-12 10:01:58 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-12 10:01:58 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-12 10:01:58 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-12 10:00:33 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 10:00:33 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 10:00:33 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-12 10:00:31 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 10:00:31 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-12 10:00:31 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 10:00:31 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-05 06:43:23 -------- d-----w- C:\Users\Nick\AppData\Local\AirVideoServer
2012-04-05 06:43:21 -------- d-----w- C:\jexepackres
2012-04-05 06:43:17 -------- d-----w- C:\Program Files (x86)\AirVideoServer
2012-04-05 06:30:54 -------- d-----w- C:\ProgramData\xml_param
2012-04-05 06:28:19 -------- d-----w- C:\Users\Nick\AppData\Roaming\Wondershare Video Converter Ultimate
2012-04-05 06:27:46 -------- d-----w- C:\Users\Nick\AppData\Local\Wondershare
2012-04-05 06:27:43 -------- d-----w- C:\Program Files (x86)\Common Files\Wondershare
2012-04-05 06:27:36 892928 ----a-w- C:\Windows\SysWow64\iconv.dll
2012-04-05 06:27:36 675840 ----a-w- C:\Windows\SysWow64\ac3filter.ax
2012-04-05 06:27:36 496640 ----a-w- C:\Windows\SysWow64\xvid.ax
2012-04-05 06:27:35 -------- d-----w- C:\Program Files (x86)\Wondershare
2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-02-28 06:39:37 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 05:38:52 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 04:31:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 03:52:27 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-15 16:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 16:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-07 16:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 10:39:54.22 ===============



Attach log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/1/2011 10:51:24 PM
System Uptime: 4/22/2012 10:18:19 AM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-870A-UD3
Processor: AMD Phenom™ II X6 1055T Processor | Socket M2 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 485.962 GiB free.
D: is CDROM (UDF)
E: is Removable
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Ethernet Controller
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_06\4&3694E160&0&00A9
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_06\4&3694E160&0&00A9
Service:
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_50071458&REV_03\4&91A636&0&0048
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_50071458&REV_03\4&91A636&0&0048
Service:
.
==== System Restore Points ===================
.
RP164: 4/20/2012 3:57:20 PM - Device Driver Package Install: Elaborate Bytes AG Storage controllers
RP165: 4/22/2012 1:18:46 AM - ComboFix created restore point
RP166: 4/22/2012 2:26:32 AM - Installed Eraser 6.0.9.2343
RP167: 4/22/2012 10:22:54 AM - Removed Eraser 6.0.9.2343
RP168: 4/22/2012 10:23:38 AM - Removed Eraser 6.0.9.2343
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Adobe AIR
Adobe Digital Editions
Adobe Reader X (10.1.3)
Air Video Server 2.4.3
Alien Swarm
Alliance of Valiant Arms
AnimusRO Full Client 1.7
Apple Application Support
Apple Software Update
ApRadar 3.3.0.14 Update
ASIO4ALL
Battlefield 2
BIT.TRIP BEAT
Champions Online: Free For All
Dead Space
Dead Space 2
Desura
Dinner Date
Dota 2
Dropbox
Dual-Core Optimizer
Duke Nukem Forever
FINAL FANTASY XI Test Client
FINAL FANTASY XI: Ultimate Collection - Abyssea Edition
FINAL FANTASY XIV
Finale 2008
FL Studio 10
FLAC To MP3 V4.0.4
Forsaken World
FPSGUN Mouse
GameSpy Comrade
Garritan Instruments for Finale
Geometry Wars: Retro Evolved
Google Chrome
IL Download Manager
Japanese Fonts Support For Adobe Reader X
Java Auto Updater
Java™ 6 Update 26
League of Legends
Livestream Procaster
LOLReplay
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Flight
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 4.0
Mozilla Firefox 11.0 (x86 en-US)
OpenAL
Pando Media Booster
Portal
Portal 2
PunkBuster Services
Puzzle Pirates
QuickTime
Razer Lycosa
Realm of the Mad God
S.T.A.L.K.E.R.: Call of Pripyat
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Skype Click to Call
Skype™ 5.8
SpaceChem - Demo
Spiral Knights
Star Trek Online
Star Wars: The Old Republic
StarCraft II
Steam
System Requirements Lab
Team Fortress 2
Terraria
The Elder Scrolls V: Skyrim
The Sims™ Medieval
Universe Sandbox
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VirtualCloneDrive
VLC media player 2.0.1
Wings of Prey - Demo
WinRAR 4.00 (32-bit)
Wise Registry Cleaner 6.14
XSplit
.
==== Event Viewer Messages From Past Week ========
.
4/22/2012 2:55:32 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
4/22/2012 2:48:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
4/22/2012 2:45:33 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
4/22/2012 2:45:33 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/22/2012 2:45:33 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/22/2012 2:45:33 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/22/2012 2:45:30 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/22/2012 2:45:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/22/2012 2:45:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/22/2012 2:45:15 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache ElbyCDIO NetBIOS NetBT nsiproxy Psched pxrts rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
4/22/2012 2:45:13 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/22/2012 2:45:13 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/22/2012 2:45:13 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/22/2012 2:45:13 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/22/2012 2:45:13 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/22/2012 2:45:13 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
4/22/2012 2:45:13 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/22/2012 2:45:13 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/22/2012 2:45:13 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/22/2012 2:45:13 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/22/2012 2:45:13 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/22/2012 2:45:13 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/22/2012 2:30:44 AM, Error: Service Control Manager [7031] - The CSIScanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
4/22/2012 10:19:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Licensing Console service to connect.
4/22/2012 10:19:08 AM, Error: Service Control Manager [7000] - The Adobe Licensing Console service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/22/2012 1:42:32 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
4/22/2012 1:42:28 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
4/22/2012 1:42:28 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/22/2012 1:39:29 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
4/22/2012 1:14:12 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
4/22/2012 1:14:03 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
4/22/2012 1:14:03 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
4/22/2012 1:13:35 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
4/22/2012 1:13:32 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
4/22/2012 1:03:41 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache ElbyCDIO NetBIOS NetBT nsiproxy Psched pxrts rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
4/21/2012 11:51:26 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
4/21/2012 11:51:15 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ElbyCDIO pxrts spldr Wanarpv6
4/20/2012 5:31:18 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================

Edited by Seraphite, 22 April 2012 - 12:12 PM.


BC AdBot (Login to Remove)

 


#2 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:03:36 PM

Posted 24 April 2012 - 02:43 PM

Hi Seraphite and welcome to BP, my name is Mark and I will be helping you.

We are in the process of researching and investigating your log. Please be patient as we develop a fix for your specific problems.

Before doing anything further, if you have not already done so, you should back up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. If that occurs there may be no option but to reformat and reinstall the OS or perform a full system recovery. The safest practice is not to backup any files with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.



#3 Seraphite

Seraphite
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 25 April 2012 - 12:20 AM

Thank you very much for taking the time to assist me!

I eagerly await your response. :)

#4 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:03:36 PM

Posted 25 April 2012 - 02:23 AM

The logs show that you are running two Anti Virus, Windows Defender and Prevx 3.0 CSI Scanner. Please disable Windows Defender as follows:

Click on Start > Control Panel > Windows Defender > Tools > Options > Real Time Protection (in the left pane).
Uncheck the box next to Use real-time protection (recommended), click on Save and close all the windows and reboot the PC.

Your log results show that ComboFix has been run on this machine. Please post the results of your ComboFix log for review.

ComboFix will create and save a log to the root directory, usually C:\ComboFix.txt. To retrieve the log, launch Windows Explorer, navigate to the root directory (C:\) and double-click on it to open in Notepad. Copy and Paste the log into your next reply. If you cannot find the log please tell me and continue with the following scan.



Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!
-- The tool is frequently updated...if you used TDSSKiller before, delete that version and download the most current one before using again.

Be sure to print out and follow the instructions for performing a scan.
  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop.
  • Alternatively, you can download TDSSKiller.exe and use that instead.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If an update is available, TDSSKiller will prompt you to update and download the most current version. Click Load Update. Close TDSSKiller and start again.
  • When the program opens, click the Change parameters.

    Posted Image

  • Under "Additional options", check the boxes next to Verify file digital signatures and Detect TDLFS file system, then click OK.

    Posted Image

  • Click the Start Scan button.

    Posted Image

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If 'Suspicious objects' are detected, the default action will be Skip. Leave the default set to Skip and click on Continue.
  • If Malicious objects are detected, they will show in the Scan results - Select action for found objects and offer three options.

    Posted Image

  • Ensure Cure is selected...then click Continue -> Reboot computer for cure completion.

    Posted Image

  • Important! -> If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it to something else before beginning the download and saving to the computer or to perform the scan in "safe mode".

#5 Seraphite

Seraphite
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 25 April 2012 - 06:53 AM

Combofix:

ComboFix 12-04-20.03 - Nick 04/22/2012 2:48.3.6 - x64 MINIMAL
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.2790 [GMT -5:00]
Running from: c:\users\Nick\Desktop\ComboFix.exe
AV: Prevx 3.0 *Enabled/Updated* {85194EF3-9578-0A22-9A51-A9FE4DD90287}
SP: Prevx 3.0 *Enabled/Updated* {3E78AF17-B342-05AC-A0E1-928C365E483A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-22 to 2012-04-22 )))))))))))))))))))))))))))))))
.
.
2012-04-22 07:55 . 2012-04-22 07:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-22 07:45 . 2012-04-22 07:48 -------- d-----w- C:\32788R22FWJFW
2012-04-22 07:30 . 2012-04-22 07:30 -------- d-----w- c:\users\Nick\AppData\Local\Eraser 6
2012-04-22 07:26 . 2012-04-22 07:26 -------- d-----w- c:\program files\Eraser
2012-04-22 06:50 . 2012-04-22 06:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-22 06:50 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-21 15:31 . 2012-04-21 15:31 -------- d-----w- c:\users\Nick\AppData\Roaming\Image-Line
2012-04-20 21:57 . 2012-04-20 21:57 -------- d-----w- c:\program files (x86)\ASIO4ALL v2
2012-04-20 21:57 . 2012-04-20 21:57 -------- d-----w- c:\program files (x86)\VstPlugins
2012-04-20 21:57 . 2006-06-20 08:56 225280 ----a-w- c:\windows\SysWow64\rewire.dll
2012-04-20 21:57 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm
2012-04-20 21:56 . 2012-04-20 21:56 -------- d-----w- c:\program files (x86)\Outsim
2012-04-20 21:55 . 2012-04-20 21:57 -------- d-----w- c:\program files (x86)\Image-Line
2012-04-20 21:53 . 2012-04-20 21:53 905070 ----a-w- c:\windows\SysWow64\lnsecsl.exe
2012-04-20 21:29 . 2012-04-20 21:29 -------- d-----w- c:\users\Nick\AppData\Roaming\VOCALOID3
2012-04-20 21:29 . 2012-04-20 21:29 -------- d-----w- c:\users\Nick\AppData\Roaming\VCLDASGN3
2012-04-20 20:57 . 2012-04-20 20:57 -------- d-----w- c:\program files (x86)\Elaborate Bytes
2012-04-20 16:03 . 2012-04-20 21:29 -------- d-----w- c:\users\Nick\AppData\Local\VOCALOID3
2012-04-20 16:02 . 2012-04-20 21:06 -------- d-----w- c:\program files (x86)\VOCALOID3AE
2012-04-20 16:02 . 2012-04-20 16:02 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-04-20 16:02 . 2012-04-20 16:02 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-04-20 16:02 . 2012-04-20 16:02 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2012-04-17 12:10 . 2012-04-17 12:11 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2012-04-17 12:10 . 2012-04-17 12:10 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2012-04-17 12:09 . 2012-04-17 12:11 -------- d-----w- c:\users\Nick\AppData\Roaming\DVDVideoSoft
2012-04-16 02:09 . 2012-04-22 07:42 -------- d-----r- c:\users\Nick\Dropbox
2012-04-16 02:08 . 2012-04-22 07:42 -------- d-----w- c:\users\Nick\AppData\Roaming\Dropbox
2012-04-14 22:05 . 2012-04-14 22:05 -------- d-----w- c:\windows\SysWow64\xlive
2012-04-14 22:05 . 2012-04-14 22:05 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-04-12 10:01 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 10:01 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 10:01 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 10:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 10:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 10:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 10:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 10:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 10:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 10:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-05 06:43 . 2012-04-05 06:45 -------- d-----w- c:\users\Nick\AppData\Local\AirVideoServer
2012-04-05 06:43 . 2012-04-22 07:42 -------- d-----w- C:\jexepackres
2012-04-05 06:43 . 2012-04-05 06:43 -------- d-----w- c:\program files (x86)\AirVideoServer
2012-04-05 06:30 . 2012-04-05 06:30 -------- d-----w- c:\programdata\xml_param
2012-04-05 06:28 . 2012-04-05 06:28 -------- d-----w- c:\users\Nick\AppData\Roaming\Wondershare Video Converter Ultimate
2012-04-05 06:27 . 2012-04-05 06:27 -------- d-----w- c:\users\Nick\AppData\Local\Wondershare
2012-04-05 06:27 . 2012-04-05 06:27 -------- d-----w- c:\program files (x86)\Common Files\Wondershare
2012-04-05 06:27 . 2012-03-26 19:24 892928 ----a-w- c:\windows\SysWow64\iconv.dll
2012-04-05 06:27 . 2012-03-26 19:24 675840 ----a-w- c:\windows\SysWow64\ac3filter.ax
2012-04-05 06:27 . 2012-03-26 19:24 496640 ----a-w- c:\windows\SysWow64\xvid.ax
2012-04-05 06:27 . 2012-04-09 18:55 -------- d-----w- c:\program files (x86)\Wondershare
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-15 05:51 . 2009-08-18 17:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-04-15 05:51 . 2009-08-18 16:24 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-17 06:38 . 2012-03-13 19:58 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 19:58 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 19:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 19:58 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 16:01 . 2012-02-15 16:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-10 06:36 . 2012-03-13 19:59 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 19:59 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 16:02 . 2012-02-07 16:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34 . 2012-03-13 19:59 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-13 19:58 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-13 19:58 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-13 19:58 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-22_06.41.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-14 03:16 . 2012-04-22 07:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-12-14 03:16 . 2012-04-22 06:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-04-22 05:04 . 2012-04-22 06:13 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012042220120423\index.dat
+ 2012-04-22 05:04 . 2012-04-22 07:42 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012042220120423\index.dat
+ 2011-03-02 04:59 . 2012-04-22 07:43 26840 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-22 07:43 30372 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-03-02 04:53 . 2012-04-22 07:43 10328 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1868069452-3031015027-2408761648-1001_UserData.bin
- 2011-03-02 04:52 . 2012-04-22 06:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-02 04:52 . 2012-04-22 07:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-02 04:52 . 2012-04-22 06:14 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-03-02 04:52 . 2012-04-22 07:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-03-02 04:52 . 2012-04-22 07:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-03-02 04:52 . 2012-04-22 06:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-02 04:58 . 2012-04-22 07:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-02 04:58 . 2012-04-22 06:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-02 04:58 . 2012-04-22 07:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-03-02 04:58 . 2012-04-22 06:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-22 07:27 . 2012-04-22 07:27 93345 c:\windows\Installer\{3D33F6F0-4D90-484D-A1D9-09AE791CCBD9}\Eraser.exe
+ 2011-05-31 08:31 . 2012-04-22 07:40 3372 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-04-22 07:41 . 2012-04-22 07:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-22 06:40 . 2012-04-22 06:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-22 07:41 . 2012-04-22 07:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-22 04:44 . 2012-04-22 07:42 118183 c:\windows\SysWOW64\key.dat
+ 2011-12-14 03:16 . 2012-04-22 07:42 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2011-12-14 03:16 . 2012-04-22 06:14 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2009-07-14 02:36 . 2012-04-22 06:19 663222 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-22 07:37 663222 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-22 06:19 122090 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-22 07:37 122090 c:\windows\system32\perfc009.dat
+ 2009-07-14 04:46 . 2012-04-22 07:35 104192 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 05:01 . 2012-04-22 06:40 401356 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-22 07:40 401356 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-04-22 06:41 1114112 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-22 07:41 1114112 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:45 . 2012-04-22 07:34 7378914 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-04-12 10:22 7378914 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:54 . 2012-04-22 06:41 12107776 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-22 07:41 12107776 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-22 06:41 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-22 07:41 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-20 07:38 . 2012-04-22 07:41 66792300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1868069452-3031015027-2408761648-1001-12288.dat
- 2011-04-20 07:38 . 2012-04-22 06:40 66792300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1868069452-3031015027-2408761648-1001-12288.dat
+ 2012-04-22 07:26 . 2012-04-22 07:26 16904192 c:\windows\Installer\5ab9c.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-11-24 1242448]
"AirVideoServer"="c:\program files (x86)\AirVideoServer\AirVideoServer.exe" [2010-09-22 4923784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FpsGun"="c:\windows\system32\FpsGunTray.exe" [2007-12-17 36864]
"Lycosa"="c:\program files (x86)\Razer\Lycosa\razerhid.exe" [2007-11-20 147456]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-03-27 1686528]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [x]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 Adobe Licensing Console;Adobe Licensing Console;c:\windows\SysWOW64\lnsecsl.exe [2012-04-20 905070]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2011-06-21 6746280]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2011-04-22 129856]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\steam\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [x]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1868069452-3031015027-2408761648-1001Core.job
- c:\users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-12 06:35]
.
2012-04-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1868069452-3031015027-2408761648-1001UA.job
- c:\users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-12 06:35]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 2320752]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2011-11-05 980368]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Nick\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 68.87.85.98 68.87.69.146
FF - ProfilePath - c:\users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\i2k8gr9y.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z137&form=ZGAADF&install_date=20111215&q=
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-22 02:57:01
ComboFix-quarantined-files.txt 2012-04-22 07:57
ComboFix2.txt 2012-04-22 07:10
ComboFix3.txt 2012-04-22 06:46
.
Pre-Run: 522,172,080,128 bytes free
Post-Run: 522,017,914,880 bytes free
.
- - End Of File - - 0AAB6FBFD3AE56B18B78731E4B3FE32F


TDSSKiller:


06:44:25.0411 0348 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
06:44:25.0771 0348 ============================================================
06:44:25.0771 0348 Current date / time: 2012/04/25 06:44:25.0771
06:44:25.0771 0348 SystemInfo:
06:44:25.0771 0348
06:44:25.0771 0348 OS Version: 6.1.7601 ServicePack: 1.0
06:44:25.0771 0348 Product type: Workstation
06:44:25.0771 0348 ComputerName: NICK-PC
06:44:25.0771 0348 UserName: Nick
06:44:25.0771 0348 Windows directory: C:\Windows
06:44:25.0771 0348 System windows directory: C:\Windows
06:44:25.0771 0348 Running under WOW64
06:44:25.0771 0348 Processor architecture: Intel x64
06:44:25.0771 0348 Number of processors: 6
06:44:25.0771 0348 Page size: 0x1000
06:44:25.0771 0348 Boot type: Normal boot
06:44:25.0771 0348 ============================================================
06:44:26.0691 0348 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
06:44:26.0691 0348 ============================================================
06:44:26.0691 0348 \Device\Harddisk0\DR0:
06:44:26.0691 0348 MBR partitions:
06:44:26.0691 0348 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
06:44:26.0691 0348 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
06:44:26.0691 0348 ============================================================
06:44:26.0721 0348 C: <-> \Device\Harddisk0\DR0\Partition1
06:44:26.0721 0348 ============================================================
06:44:26.0721 0348 Initialize success
06:44:26.0721 0348 ============================================================
06:46:00.0431 0344 ============================================================
06:46:00.0431 0344 Scan started
06:46:00.0431 0344 Mode: Manual; SigCheck; TDLFS;
06:46:00.0431 0344 ============================================================
06:46:01.0311 0344 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
06:46:01.0501 0344 1394ohci - ok
06:46:01.0551 0344 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
06:46:01.0571 0344 ACPI - ok
06:46:01.0601 0344 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
06:46:01.0671 0344 AcpiPmi - ok
06:46:01.0891 0344 Adobe Licensing Console (d13dc8b68779ada1176a52f39eef10ff) C:\Windows\SysWOW64\lnsecsl.exe
06:46:01.0931 0344 Adobe Licensing Console ( UnsignedFile.Multi.Generic ) - warning
06:46:01.0931 0344 Adobe Licensing Console - detected UnsignedFile.Multi.Generic (1)
06:46:01.0991 0344 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
06:46:02.0011 0344 AdobeARMservice - ok
06:46:02.0071 0344 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
06:46:02.0111 0344 adp94xx - ok
06:46:02.0131 0344 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
06:46:02.0141 0344 adpahci - ok
06:46:02.0151 0344 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
06:46:02.0161 0344 adpu320 - ok
06:46:02.0181 0344 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
06:46:02.0311 0344 AeLookupSvc - ok
06:46:02.0351 0344 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
06:46:02.0421 0344 AFD - ok
06:46:02.0451 0344 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
06:46:02.0471 0344 agp440 - ok
06:46:02.0481 0344 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
06:46:02.0531 0344 ALG - ok
06:46:02.0541 0344 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
06:46:02.0551 0344 aliide - ok
06:46:02.0561 0344 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
06:46:02.0571 0344 amdide - ok
06:46:02.0591 0344 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
06:46:02.0641 0344 AmdK8 - ok
06:46:02.0651 0344 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
06:46:02.0691 0344 AmdPPM - ok
06:46:02.0741 0344 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
06:46:02.0771 0344 amdsata - ok
06:46:02.0781 0344 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
06:46:02.0801 0344 amdsbs - ok
06:46:02.0801 0344 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
06:46:02.0811 0344 amdxata - ok
06:46:02.0841 0344 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
06:46:02.0951 0344 AppID - ok
06:46:02.0961 0344 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
06:46:02.0991 0344 AppIDSvc - ok
06:46:03.0021 0344 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
06:46:03.0051 0344 Appinfo - ok
06:46:03.0131 0344 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
06:46:03.0141 0344 Apple Mobile Device - ok
06:46:03.0171 0344 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
06:46:03.0211 0344 AppMgmt - ok
06:46:03.0221 0344 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
06:46:03.0241 0344 arc - ok
06:46:03.0261 0344 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
06:46:03.0271 0344 arcsas - ok
06:46:03.0351 0344 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
06:46:03.0421 0344 aspnet_state - ok
06:46:03.0441 0344 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
06:46:03.0501 0344 AsyncMac - ok
06:46:03.0501 0344 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
06:46:03.0511 0344 atapi - ok
06:46:03.0551 0344 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
06:46:03.0621 0344 AudioEndpointBuilder - ok
06:46:03.0621 0344 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
06:46:03.0651 0344 AudioSrv - ok
06:46:03.0671 0344 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
06:46:03.0741 0344 AxInstSV - ok
06:46:03.0771 0344 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
06:46:03.0831 0344 b06bdrv - ok
06:46:03.0851 0344 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
06:46:03.0901 0344 b57nd60a - ok
06:46:03.0921 0344 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
06:46:03.0981 0344 BDESVC - ok
06:46:03.0991 0344 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
06:46:04.0051 0344 Beep - ok
06:46:04.0141 0344 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
06:46:04.0191 0344 BFE - ok
06:46:04.0241 0344 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
06:46:04.0281 0344 BITS - ok
06:46:04.0321 0344 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
06:46:04.0321 0344 blbdrive - ok
06:46:04.0381 0344 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
06:46:04.0421 0344 Bonjour Service - ok
06:46:04.0462 0344 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
06:46:04.0472 0344 bowser - ok
06:46:04.0482 0344 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
06:46:04.0542 0344 BrFiltLo - ok
06:46:04.0552 0344 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
06:46:04.0562 0344 BrFiltUp - ok
06:46:04.0612 0344 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
06:46:04.0642 0344 BridgeMP - ok
06:46:04.0682 0344 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
06:46:04.0742 0344 Browser - ok
06:46:04.0752 0344 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
06:46:04.0782 0344 Brserid - ok
06:46:04.0792 0344 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
06:46:04.0802 0344 BrSerWdm - ok
06:46:04.0812 0344 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
06:46:04.0822 0344 BrUsbMdm - ok
06:46:04.0822 0344 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
06:46:04.0832 0344 BrUsbSer - ok
06:46:04.0852 0344 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
06:46:04.0862 0344 BTHMODEM - ok
06:46:04.0892 0344 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
06:46:04.0952 0344 bthserv - ok
06:46:04.0972 0344 catchme - ok
06:46:04.0992 0344 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
06:46:05.0022 0344 cdfs - ok
06:46:05.0062 0344 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
06:46:05.0082 0344 cdrom - ok
06:46:05.0112 0344 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
06:46:05.0192 0344 CertPropSvc - ok
06:46:05.0202 0344 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
06:46:05.0222 0344 circlass - ok
06:46:05.0242 0344 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
06:46:05.0262 0344 CLFS - ok
06:46:05.0312 0344 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:46:05.0332 0344 clr_optimization_v2.0.50727_32 - ok
06:46:05.0362 0344 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
06:46:05.0382 0344 clr_optimization_v2.0.50727_64 - ok
06:46:05.0412 0344 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:46:05.0512 0344 clr_optimization_v4.0.30319_32 - ok
06:46:05.0532 0344 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
06:46:05.0542 0344 clr_optimization_v4.0.30319_64 - ok
06:46:05.0552 0344 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
06:46:05.0572 0344 CmBatt - ok
06:46:05.0602 0344 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
06:46:05.0622 0344 cmdide - ok
06:46:05.0662 0344 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
06:46:05.0732 0344 CNG - ok
06:46:05.0742 0344 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
06:46:05.0752 0344 Compbatt - ok
06:46:05.0782 0344 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
06:46:05.0812 0344 CompositeBus - ok
06:46:05.0812 0344 COMSysApp - ok
06:46:05.0832 0344 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
06:46:05.0842 0344 crcdisk - ok
06:46:05.0862 0344 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
06:46:05.0922 0344 CryptSvc - ok
06:46:05.0952 0344 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
06:46:05.0992 0344 CSC - ok
06:46:06.0032 0344 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
06:46:06.0082 0344 CscService - ok
06:46:06.0322 0344 CSIScanner (5131d2469b6b19dc20b446ebe43ebb79) C:\Program Files\Prevx\prevx.exe
06:46:06.0772 0344 CSIScanner - ok
06:46:06.0842 0344 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
06:46:06.0892 0344 DcomLaunch - ok
06:46:06.0922 0344 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
06:46:06.0952 0344 defragsvc - ok
06:46:07.0002 0344 Desura Install Service (d69563a0b74c2b4b027d8556d337f3ee) C:\Program Files (x86)\Common Files\Desura\desura_service.exe
06:46:07.0032 0344 Desura Install Service - ok
06:46:07.0052 0344 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
06:46:07.0102 0344 DfsC - ok
06:46:07.0122 0344 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
06:46:07.0152 0344 Dhcp - ok
06:46:07.0182 0344 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
06:46:07.0222 0344 discache - ok
06:46:07.0232 0344 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
06:46:07.0242 0344 Disk - ok
06:46:07.0262 0344 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
06:46:07.0312 0344 Dnscache - ok
06:46:07.0352 0344 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
06:46:07.0402 0344 dot3svc - ok
06:46:07.0442 0344 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
06:46:07.0472 0344 DPS - ok
06:46:07.0492 0344 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
06:46:07.0502 0344 drmkaud - ok
06:46:07.0592 0344 dump_wmimmc - ok
06:46:07.0662 0344 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
06:46:07.0692 0344 DXGKrnl - ok
06:46:07.0702 0344 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
06:46:07.0732 0344 EapHost - ok
06:46:07.0832 0344 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
06:46:07.0892 0344 ebdrv - ok
06:46:07.0952 0344 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
06:46:08.0002 0344 EFS - ok
06:46:08.0052 0344 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
06:46:08.0112 0344 ehRecvr - ok
06:46:08.0132 0344 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
06:46:08.0162 0344 ehSched - ok
06:46:08.0232 0344 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
06:46:08.0252 0344 ElbyCDIO - ok
06:46:08.0272 0344 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
06:46:08.0302 0344 elxstor - ok
06:46:08.0322 0344 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
06:46:08.0342 0344 ErrDev - ok
06:46:08.0382 0344 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
06:46:08.0402 0344 EventSystem - ok
06:46:08.0422 0344 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
06:46:08.0452 0344 exfat - ok
06:46:08.0472 0344 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
06:46:08.0492 0344 fastfat - ok
06:46:08.0522 0344 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
06:46:08.0572 0344 Fax - ok
06:46:08.0592 0344 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
06:46:08.0622 0344 fdc - ok
06:46:08.0632 0344 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
06:46:08.0672 0344 fdPHost - ok
06:46:08.0682 0344 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
06:46:08.0702 0344 FDResPub - ok
06:46:08.0732 0344 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
06:46:08.0742 0344 FileInfo - ok
06:46:08.0742 0344 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
06:46:08.0762 0344 Filetrace - ok
06:46:08.0772 0344 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
06:46:08.0782 0344 flpydisk - ok
06:46:08.0802 0344 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
06:46:08.0812 0344 FltMgr - ok
06:46:08.0862 0344 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
06:46:08.0912 0344 FontCache - ok
06:46:08.0982 0344 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
06:46:08.0992 0344 FontCache3.0.0.0 - ok
06:46:09.0012 0344 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
06:46:09.0032 0344 FsDepends - ok
06:46:09.0062 0344 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
06:46:09.0072 0344 Fs_Rec - ok
06:46:09.0112 0344 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
06:46:09.0132 0344 fvevol - ok
06:46:09.0142 0344 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
06:46:09.0152 0344 gagp30kx - ok
06:46:09.0182 0344 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
06:46:09.0182 0344 GEARAspiWDM - ok
06:46:09.0222 0344 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
06:46:09.0262 0344 gpsvc - ok
06:46:09.0282 0344 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
06:46:09.0332 0344 hcw85cir - ok
06:46:09.0362 0344 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
06:46:09.0392 0344 HdAudAddService - ok
06:46:09.0402 0344 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
06:46:09.0432 0344 HDAudBus - ok
06:46:09.0452 0344 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
06:46:09.0452 0344 HidBatt - ok
06:46:09.0462 0344 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
06:46:09.0492 0344 HidBth - ok
06:46:09.0492 0344 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
06:46:09.0512 0344 HidIr - ok
06:46:09.0512 0344 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
06:46:09.0542 0344 hidserv - ok
06:46:09.0552 0344 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
06:46:09.0562 0344 HidUsb - ok
06:46:09.0592 0344 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
06:46:09.0612 0344 hkmsvc - ok
06:46:09.0642 0344 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
06:46:09.0682 0344 HomeGroupListener - ok
06:46:09.0702 0344 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
06:46:09.0722 0344 HomeGroupProvider - ok
06:46:09.0742 0344 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
06:46:09.0752 0344 HpSAMD - ok
06:46:09.0792 0344 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
06:46:09.0832 0344 HTTP - ok
06:46:09.0852 0344 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
06:46:09.0862 0344 hwpolicy - ok
06:46:09.0892 0344 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
06:46:09.0892 0344 i8042prt - ok
06:46:09.0922 0344 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
06:46:09.0932 0344 iaStorV - ok
06:46:10.0012 0344 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
06:46:10.0062 0344 idsvc - ok
06:46:10.0072 0344 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
06:46:10.0082 0344 iirsp - ok
06:46:10.0122 0344 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
06:46:10.0162 0344 IKEEXT - ok
06:46:10.0182 0344 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
06:46:10.0182 0344 intelide - ok
06:46:10.0192 0344 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
06:46:10.0202 0344 intelppm - ok
06:46:10.0212 0344 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
06:46:10.0242 0344 IPBusEnum - ok
06:46:10.0292 0344 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:46:10.0312 0344 IpFilterDriver - ok
06:46:10.0382 0344 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
06:46:10.0422 0344 iphlpsvc - ok
06:46:10.0442 0344 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
06:46:10.0442 0344 IPMIDRV - ok
06:46:10.0452 0344 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
06:46:10.0492 0344 IPNAT - ok
06:46:10.0572 0344 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
06:46:10.0602 0344 iPod Service - ok
06:46:10.0612 0344 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
06:46:10.0622 0344 IRENUM - ok
06:46:10.0632 0344 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
06:46:10.0642 0344 isapnp - ok
06:46:10.0662 0344 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
06:46:10.0672 0344 iScsiPrt - ok
06:46:10.0692 0344 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
06:46:10.0692 0344 kbdclass - ok
06:46:10.0702 0344 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
06:46:10.0722 0344 kbdhid - ok
06:46:10.0752 0344 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
06:46:10.0752 0344 KeyIso - ok
06:46:10.0762 0344 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
06:46:10.0772 0344 KSecDD - ok
06:46:10.0782 0344 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
06:46:10.0792 0344 KSecPkg - ok
06:46:10.0792 0344 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
06:46:10.0822 0344 ksthunk - ok
06:46:10.0842 0344 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
06:46:10.0882 0344 KtmRm - ok
06:46:10.0912 0344 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
06:46:10.0932 0344 LanmanServer - ok
06:46:10.0972 0344 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
06:46:11.0022 0344 LanmanWorkstation - ok
06:46:11.0032 0344 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
06:46:11.0072 0344 lltdio - ok
06:46:11.0092 0344 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
06:46:11.0122 0344 lltdsvc - ok
06:46:11.0132 0344 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
06:46:11.0152 0344 lmhosts - ok
06:46:11.0172 0344 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
06:46:11.0172 0344 LSI_FC - ok
06:46:11.0182 0344 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
06:46:11.0192 0344 LSI_SAS - ok
06:46:11.0202 0344 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
06:46:11.0212 0344 LSI_SAS2 - ok
06:46:11.0222 0344 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
06:46:11.0232 0344 LSI_SCSI - ok
06:46:11.0242 0344 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
06:46:11.0272 0344 luafv - ok
06:46:11.0322 0344 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
06:46:11.0342 0344 MBAMProtector - ok
06:46:11.0422 0344 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
06:46:11.0452 0344 MBAMService - ok
06:46:11.0482 0344 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
06:46:11.0502 0344 Mcx2Svc - ok
06:46:11.0512 0344 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
06:46:11.0522 0344 megasas - ok
06:46:11.0542 0344 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
06:46:11.0552 0344 MegaSR - ok
06:46:11.0562 0344 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
06:46:11.0592 0344 MMCSS - ok
06:46:11.0602 0344 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
06:46:11.0642 0344 Modem - ok
06:46:11.0642 0344 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
06:46:11.0662 0344 monitor - ok
06:46:11.0692 0344 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
06:46:11.0702 0344 mouclass - ok
06:46:11.0702 0344 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
06:46:11.0732 0344 mouhid - ok
06:46:11.0742 0344 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
06:46:11.0752 0344 mountmgr - ok
06:46:11.0782 0344 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
06:46:11.0782 0344 mpio - ok
06:46:11.0802 0344 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
06:46:11.0822 0344 mpsdrv - ok
06:46:11.0912 0344 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
06:46:11.0972 0344 MpsSvc - ok
06:46:11.0992 0344 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
06:46:12.0042 0344 MRxDAV - ok
06:46:12.0062 0344 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
06:46:12.0082 0344 mrxsmb - ok
06:46:12.0122 0344 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:46:12.0152 0344 mrxsmb10 - ok
06:46:12.0172 0344 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:46:12.0182 0344 mrxsmb20 - ok
06:46:12.0202 0344 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
06:46:12.0212 0344 msahci - ok
06:46:12.0222 0344 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
06:46:12.0242 0344 msdsm - ok
06:46:12.0262 0344 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
06:46:12.0272 0344 MSDTC - ok
06:46:12.0312 0344 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
06:46:12.0342 0344 Msfs - ok
06:46:12.0342 0344 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
06:46:12.0382 0344 mshidkmdf - ok
06:46:12.0402 0344 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
06:46:12.0412 0344 msisadrv - ok
06:46:12.0432 0344 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
06:46:12.0452 0344 MSiSCSI - ok
06:46:12.0452 0344 msiserver - ok
06:46:12.0472 0344 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
06:46:12.0492 0344 MSKSSRV - ok
06:46:12.0502 0344 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
06:46:12.0542 0344 MSPCLOCK - ok
06:46:12.0562 0344 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
06:46:12.0592 0344 MSPQM - ok
06:46:12.0622 0344 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
06:46:12.0632 0344 MsRPC - ok
06:46:12.0642 0344 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
06:46:12.0652 0344 mssmbios - ok
06:46:12.0662 0344 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
06:46:12.0692 0344 MSTEE - ok
06:46:12.0702 0344 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
06:46:12.0702 0344 MTConfig - ok
06:46:12.0712 0344 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
06:46:12.0712 0344 Mup - ok
06:46:12.0762 0344 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
06:46:12.0782 0344 napagent - ok
06:46:12.0802 0344 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
06:46:12.0822 0344 NativeWifiP - ok
06:46:12.0862 0344 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
06:46:12.0882 0344 NDIS - ok
06:46:12.0902 0344 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
06:46:12.0922 0344 NdisCap - ok
06:46:12.0932 0344 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
06:46:12.0952 0344 NdisTapi - ok
06:46:12.0982 0344 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
06:46:13.0012 0344 Ndisuio - ok
06:46:13.0042 0344 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
06:46:13.0072 0344 NdisWan - ok
06:46:13.0102 0344 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
06:46:13.0122 0344 NDProxy - ok
06:46:13.0122 0344 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
06:46:13.0162 0344 NetBIOS - ok
06:46:13.0192 0344 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
06:46:13.0232 0344 NetBT - ok
06:46:13.0252 0344 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
06:46:13.0262 0344 Netlogon - ok
06:46:13.0282 0344 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
06:46:13.0312 0344 Netman - ok
06:46:13.0382 0344 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:46:13.0432 0344 NetMsmqActivator - ok
06:46:13.0432 0344 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:46:13.0442 0344 NetPipeActivator - ok
06:46:13.0452 0344 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
06:46:13.0482 0344 netprofm - ok
06:46:13.0542 0344 netr28x (b72bb9496a126fcfc7fc5945ded9b411) C:\Windows\system32\DRIVERS\netr28x.sys
06:46:13.0582 0344 netr28x - ok
06:46:13.0592 0344 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:46:13.0602 0344 NetTcpActivator - ok
06:46:13.0602 0344 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:46:13.0612 0344 NetTcpPortSharing - ok
06:46:13.0622 0344 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
06:46:13.0632 0344 nfrd960 - ok
06:46:13.0662 0344 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
06:46:13.0722 0344 NlaSvc - ok
06:46:13.0732 0344 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
06:46:13.0752 0344 Npfs - ok
06:46:13.0752 0344 npggsvc - ok
06:46:13.0762 0344 NPPTNT2 - ok
06:46:13.0822 0344 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
06:46:13.0892 0344 nsi - ok
06:46:13.0902 0344 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
06:46:13.0942 0344 nsiproxy - ok
06:46:14.0012 0344 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
06:46:14.0042 0344 Ntfs - ok
06:46:14.0082 0344 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
06:46:14.0112 0344 Null - ok
06:46:14.0422 0344 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
06:46:14.0552 0344 nvlddmkm - ok
06:46:14.0612 0344 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
06:46:14.0622 0344 nvraid - ok
06:46:14.0632 0344 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
06:46:14.0642 0344 nvstor - ok
06:46:14.0672 0344 nvsvc (43bc8151893ae6afe42e149d663c2221) C:\Windows\system32\nvvsvc.exe
06:46:14.0682 0344 nvsvc - ok
06:46:14.0692 0344 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
06:46:14.0692 0344 nv_agp - ok
06:46:14.0782 0344 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
06:46:14.0812 0344 odserv - ok
06:46:14.0842 0344 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
06:46:14.0862 0344 ohci1394 - ok
06:46:14.0872 0344 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:46:14.0892 0344 ose - ok
06:46:14.0912 0344 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
06:46:14.0942 0344 p2pimsvc - ok
06:46:14.0972 0344 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
06:46:14.0992 0344 p2psvc - ok
06:46:15.0002 0344 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
06:46:15.0012 0344 Parport - ok
06:46:15.0032 0344 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
06:46:15.0042 0344 partmgr - ok
06:46:15.0062 0344 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
06:46:15.0082 0344 PcaSvc - ok
06:46:15.0102 0344 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
06:46:15.0112 0344 pci - ok
06:46:15.0112 0344 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
06:46:15.0122 0344 pciide - ok
06:46:15.0142 0344 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
06:46:15.0152 0344 pcmcia - ok
06:46:15.0152 0344 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
06:46:15.0162 0344 pcw - ok
06:46:15.0192 0344 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
06:46:15.0222 0344 PEAUTH - ok
06:46:15.0282 0344 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
06:46:15.0332 0344 PeerDistSvc - ok
06:46:15.0372 0344 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
06:46:15.0402 0344 PerfHost - ok
06:46:15.0542 0344 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
06:46:15.0602 0344 pla - ok
06:46:15.0642 0344 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
06:46:15.0672 0344 PlugPlay - ok
06:46:15.0672 0344 PnkBstrA - ok
06:46:15.0692 0344 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
06:46:15.0692 0344 PNRPAutoReg - ok
06:46:15.0712 0344 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
06:46:15.0722 0344 PNRPsvc - ok
06:46:15.0742 0344 Point64 (9abff71ff6f3b9492686d3403fa5dcdb) C:\Windows\system32\DRIVERS\point64k.sys
06:46:15.0752 0344 Point64 - ok
06:46:15.0782 0344 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
06:46:15.0822 0344 PolicyAgent - ok
06:46:15.0842 0344 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
06:46:15.0872 0344 Power - ok
06:46:15.0902 0344 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
06:46:15.0932 0344 PptpMiniport - ok
06:46:15.0942 0344 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
06:46:15.0962 0344 Processor - ok
06:46:15.0982 0344 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
06:46:16.0012 0344 ProfSvc - ok
06:46:16.0032 0344 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
06:46:16.0042 0344 ProtectedStorage - ok
06:46:16.0062 0344 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
06:46:16.0082 0344 Psched - ok
06:46:16.0102 0344 pxkbf (ba5f7c107eace67973b4b798832a74c7) C:\Windows\system32\drivers\pxkbf.sys
06:46:16.0102 0344 pxkbf - ok
06:46:16.0112 0344 pxrts (007e57428802f587d0d6737ae7a9d989) C:\Windows\system32\drivers\pxrts.sys
06:46:16.0112 0344 pxrts - ok
06:46:16.0132 0344 pxscan (66d4d00c8908888a68b749d91f1e6789) C:\Windows\system32\drivers\pxscan.sys
06:46:16.0132 0344 pxscan - ok
06:46:16.0192 0344 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
06:46:16.0222 0344 ql2300 - ok
06:46:16.0272 0344 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
06:46:16.0282 0344 ql40xx - ok
06:46:16.0292 0344 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
06:46:16.0322 0344 QWAVE - ok
06:46:16.0332 0344 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
06:46:16.0362 0344 QWAVEdrv - ok
06:46:16.0372 0344 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
06:46:16.0392 0344 RasAcd - ok
06:46:16.0412 0344 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
06:46:16.0432 0344 RasAgileVpn - ok
06:46:16.0442 0344 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
06:46:16.0472 0344 RasAuto - ok
06:46:16.0512 0344 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
06:46:16.0532 0344 Rasl2tp - ok
06:46:16.0572 0344 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
06:46:16.0592 0344 RasMan - ok
06:46:16.0612 0344 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
06:46:16.0642 0344 RasPppoe - ok
06:46:16.0652 0344 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
06:46:16.0682 0344 RasSstp - ok
06:46:16.0712 0344 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
06:46:16.0742 0344 rdbss - ok
06:46:16.0772 0344 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
06:46:16.0812 0344 rdpbus - ok
06:46:16.0822 0344 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
06:46:16.0852 0344 RDPCDD - ok
06:46:16.0882 0344 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
06:46:16.0892 0344 RDPDR - ok
06:46:16.0902 0344 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
06:46:16.0932 0344 RDPENCDD - ok
06:46:16.0942 0344 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
06:46:16.0962 0344 RDPREFMP - ok
06:46:16.0992 0344 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
06:46:17.0022 0344 RDPWD - ok
06:46:17.0052 0344 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
06:46:17.0092 0344 rdyboost - ok
06:46:17.0122 0344 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
06:46:17.0152 0344 RemoteAccess - ok
06:46:17.0172 0344 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
06:46:17.0192 0344 RemoteRegistry - ok
06:46:17.0212 0344 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
06:46:17.0232 0344 RpcEptMapper - ok
06:46:17.0242 0344 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
06:46:17.0262 0344 RpcLocator - ok
06:46:17.0302 0344 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
06:46:17.0342 0344 RpcSs - ok
06:46:17.0352 0344 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
06:46:17.0382 0344 rspndr - ok
06:46:17.0402 0344 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
06:46:17.0462 0344 s3cap - ok
06:46:17.0492 0344 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
06:46:17.0502 0344 SamSs - ok
06:46:17.0542 0344 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
06:46:17.0552 0344 sbp2port - ok
06:46:17.0572 0344 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
06:46:17.0612 0344 SCardSvr - ok
06:46:17.0622 0344 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
06:46:17.0652 0344 scfilter - ok
06:46:17.0712 0344 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
06:46:17.0752 0344 Schedule - ok
06:46:17.0792 0344 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
06:46:17.0812 0344 SCPolicySvc - ok
06:46:17.0842 0344 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
06:46:17.0862 0344 SDRSVC - ok
06:46:17.0892 0344 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
06:46:17.0952 0344 secdrv - ok
06:46:17.0962 0344 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
06:46:18.0002 0344 seclogon - ok
06:46:18.0012 0344 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
06:46:18.0032 0344 SENS - ok
06:46:18.0042 0344 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
06:46:18.0052 0344 SensrSvc - ok
06:46:18.0062 0344 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
06:46:18.0072 0344 Serenum - ok
06:46:18.0092 0344 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
06:46:18.0092 0344 Serial - ok
06:46:18.0112 0344 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
06:46:18.0122 0344 sermouse - ok
06:46:18.0162 0344 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
06:46:18.0212 0344 SessionEnv - ok
06:46:18.0242 0344 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
06:46:18.0252 0344 sffdisk - ok
06:46:18.0252 0344 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
06:46:18.0262 0344 sffp_mmc - ok
06:46:18.0272 0344 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
06:46:18.0282 0344 sffp_sd - ok
06:46:18.0282 0344 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
06:46:18.0292 0344 sfloppy - ok
06:46:18.0322 0344 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
06:46:18.0362 0344 SharedAccess - ok
06:46:18.0633 0344 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
06:46:18.0723 0344 ShellHWDetection - ok
06:46:18.0773 0344 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
06:46:18.0803 0344 SiSRaid2 - ok
06:46:18.0933 0344 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
06:46:18.0973 0344 SiSRaid4 - ok
06:46:19.0223 0344 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe
06:46:19.0253 0344 SkypeUpdate - ok
06:46:19.0263 0344 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
06:46:19.0303 0344 Smb - ok
06:46:19.0323 0344 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
06:46:19.0343 0344 SNMPTRAP - ok
06:46:19.0353 0344 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
06:46:19.0353 0344 spldr - ok
06:46:19.0383 0344 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
06:46:19.0413 0344 Spooler - ok
06:46:19.0583 0344 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
06:46:19.0663 0344 sppsvc - ok
06:46:19.0723 0344 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
06:46:19.0743 0344 sppuinotify - ok
06:46:19.0803 0344 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
06:46:19.0843 0344 srv - ok
06:46:19.0863 0344 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
06:46:19.0893 0344 srv2 - ok
06:46:19.0913 0344 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
06:46:19.0923 0344 srvnet - ok
06:46:19.0933 0344 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
06:46:19.0963 0344 SSDPSRV - ok
06:46:19.0983 0344 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
06:46:20.0013 0344 SstpSvc - ok
06:46:20.0033 0344 Steam Client Service - ok
06:46:20.0043 0344 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
06:46:20.0053 0344 stexstor - ok
06:46:20.0093 0344 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
06:46:20.0123 0344 stisvc - ok
06:46:20.0143 0344 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
06:46:20.0153 0344 storflt - ok
06:46:20.0173 0344 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
06:46:20.0203 0344 StorSvc - ok
06:46:20.0213 0344 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
06:46:20.0223 0344 storvsc - ok
06:46:20.0253 0344 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
06:46:20.0253 0344 swenum - ok
06:46:20.0283 0344 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
06:46:20.0323 0344 swprv - ok
06:46:20.0433 0344 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
06:46:20.0513 0344 SysMain - ok
06:46:20.0563 0344 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
06:46:20.0573 0344 TabletInputService - ok
06:46:20.0623 0344 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
06:46:20.0703 0344 TapiSrv - ok
06:46:20.0713 0344 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
06:46:20.0743 0344 TBS - ok
06:46:20.0853 0344 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
06:46:20.0913 0344 Tcpip - ok
06:46:20.0973 0344 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
06:46:21.0003 0344 TCPIP6 - ok
06:46:21.0043 0344 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
06:46:21.0093 0344 tcpipreg - ok
06:46:21.0103 0344 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
06:46:21.0113 0344 TDPIPE - ok
06:46:21.0143 0344 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
06:46:21.0163 0344 TDTCP - ok
06:46:21.0193 0344 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
06:46:21.0213 0344 tdx - ok
06:46:21.0213 0344 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
06:46:21.0223 0344 TermDD - ok
06:46:21.0283 0344 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
06:46:21.0353 0344 TermService - ok
06:46:21.0363 0344 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
06:46:21.0383 0344 Themes - ok
06:46:21.0403 0344 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
06:46:21.0433 0344 THREADORDER - ok
06:46:21.0443 0344 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
06:46:21.0463 0344 TrkWks - ok
06:46:21.0493 0344 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
06:46:21.0533 0344 TrustedInstaller - ok
06:46:21.0543 0344 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
06:46:21.0573 0344 tssecsrv - ok
06:46:21.0603 0344 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
06:46:21.0613 0344 TsUsbFlt - ok
06:46:21.0653 0344 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
06:46:21.0703 0344 tunnel - ok
06:46:21.0703 0344 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
06:46:21.0713 0344 uagp35 - ok
06:46:21.0743 0344 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
06:46:21.0783 0344 udfs - ok
06:46:21.0793 0344 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
06:46:21.0803 0344 UI0Detect - ok
06:46:21.0823 0344 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
06:46:21.0833 0344 uliagpkx - ok
06:46:21.0863 0344 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
06:46:21.0873 0344 umbus - ok
06:46:21.0883 0344 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
06:46:21.0903 0344 UmPass - ok
06:46:21.0913 0344 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
06:46:21.0923 0344 UmRdpService - ok
06:46:21.0933 0344 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
06:46:21.0973 0344 upnphost - ok
06:46:22.0003 0344 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
06:46:22.0033 0344 USBAAPL64 - ok
06:46:22.0053 0344 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
06:46:22.0093 0344 usbaudio - ok
06:46:22.0113 0344 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
06:46:22.0133 0344 usbccgp - ok
06:46:22.0163 0344 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
06:46:22.0183 0344 usbcir - ok
06:46:22.0203 0344 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
06:46:22.0233 0344 usbehci - ok
06:46:22.0283 0344 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
06:46:22.0333 0344 usbhub - ok
06:46:22.0363 0344 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
06:46:22.0393 0344 usbohci - ok
06:46:22.0403 0344 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
06:46:22.0423 0344 usbprint - ok
06:46:22.0443 0344 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:46:22.0483 0344 USBSTOR - ok
06:46:22.0503 0344 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
06:46:22.0523 0344 usbuhci - ok
06:46:22.0533 0344 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
06:46:22.0583 0344 UxSms - ok
06:46:22.0623 0344 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
06:46:22.0633 0344 VaultSvc - ok
06:46:22.0663 0344 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
06:46:22.0693 0344 VClone - ok
06:46:22.0723 0344 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
06:46:22.0723 0344 vdrvroot - ok
06:46:22.0773 0344 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
06:46:22.0803 0344 vds - ok
06:46:22.0813 0344 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
06:46:22.0823 0344 vga - ok
06:46:22.0833 0344 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
06:46:22.0863 0344 VgaSave - ok
06:46:22.0883 0344 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
06:46:22.0893 0344 vhdmp - ok
06:46:22.0903 0344 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
06:46:22.0903 0344 viaide - ok
06:46:22.0923 0344 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
06:46:22.0933 0344 vmbus - ok
06:46:22.0943 0344 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
06:46:22.0953 0344 VMBusHID - ok
06:46:22.0963 0344 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
06:46:22.0973 0344 volmgr - ok
06:46:23.0003 0344 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
06:46:23.0013 0344 volmgrx - ok
06:46:23.0023 0344 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
06:46:23.0033 0344 volsnap - ok
06:46:23.0043 0344 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
06:46:23.0053 0344 vsmraid - ok
06:46:23.0143 0344 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
06:46:23.0203 0344 VSS - ok
06:46:23.0263 0344 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
06:46:23.0283 0344 vwifibus - ok
06:46:23.0303 0344 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
06:46:23.0323 0344 vwififlt - ok
06:46:23.0323 0344 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
06:46:23.0343 0344 vwifimp - ok
06:46:23.0363 0344 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
06:46:23.0393 0344 W32Time - ok
06:46:23.0403 0344 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
06:46:23.0423 0344 WacomPen - ok
06:46:23.0433 0344 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
06:46:23.0453 0344 WANARP - ok
06:46:23.0453 0344 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
06:46:23.0484 0344 Wanarpv6 - ok
06:46:23.0784 0344 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
06:46:23.0814 0344 WatAdminSvc - ok
06:46:23.0874 0344 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
06:46:23.0914 0344 wbengine - ok
06:46:23.0954 0344 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
06:46:23.0964 0344 WbioSrvc - ok
06:46:23.0994 0344 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
06:46:24.0024 0344 wcncsvc - ok
06:46:24.0034 0344 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
06:46:24.0044 0344 WcsPlugInService - ok
06:46:24.0054 0344 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
06:46:24.0064 0344 Wd - ok
06:46:24.0094 0344 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
06:46:24.0114 0344 Wdf01000 - ok
06:46:24.0114 0344 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
06:46:24.0164 0344 WdiServiceHost - ok
06:46:24.0164 0344 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
06:46:24.0174 0344 WdiSystemHost - ok
06:46:24.0204 0344 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
06:46:24.0214 0344 WebClient - ok
06:46:24.0234 0344 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
06:46:24.0264 0344 Wecsvc - ok
06:46:24.0264 0344 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
06:46:24.0304 0344 wercplsupport - ok
06:46:24.0314 0344 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
06:46:24.0334 0344 WerSvc - ok
06:46:24.0344 0344 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
06:46:24.0364 0344 WfpLwf - ok
06:46:24.0374 0344 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
06:46:24.0384 0344 WIMMount - ok
06:46:24.0414 0344 WinDefend - ok
06:46:24.0424 0344 WinHttpAutoProxySvc - ok
06:46:24.0594 0344 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
06:46:24.0654 0344 Winmgmt - ok
06:46:25.0154 0344 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
06:46:25.0214 0344 WinRM - ok
06:46:25.0294 0344 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
06:46:25.0314 0344 WinUsb - ok
06:46:25.0344 0344 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
06:46:25.0394 0344 Wlansvc - ok
06:46:25.0574 0344 wlidsvc (98f138897ef4246381d197cb81846d62) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
06:46:25.0644 0344 wlidsvc - ok
06:46:25.0674 0344 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
06:46:25.0674 0344 WmiAcpi - ok
06:46:25.0694 0344 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
06:46:25.0714 0344 wmiApSrv - ok
06:46:25.0714 0344 WMPNetworkSvc - ok
06:46:25.0724 0344 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
06:46:25.0744 0344 WPCSvc - ok
06:46:25.0774 0344 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
06:46:25.0814 0344 WPDBusEnum - ok
06:46:25.0814 0344 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
06:46:25.0844 0344 ws2ifsl - ok
06:46:25.0884 0344 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
06:46:25.0894 0344 wscsvc - ok
06:46:25.0894 0344 WSearch - ok
06:46:25.0994 0344 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
06:46:26.0054 0344 wuauserv - ok
06:46:26.0114 0344 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
06:46:26.0174 0344 WudfPf - ok
06:46:26.0194 0344 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
06:46:26.0214 0344 WUDFRd - ok
06:46:26.0244 0344 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
06:46:26.0264 0344 wudfsvc - ok
06:46:26.0284 0344 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
06:46:26.0304 0344 WwanSvc - ok
06:46:26.0324 0344 xusb21 (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys
06:46:26.0334 0344 xusb21 - ok
06:46:26.0344 0344 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
06:46:26.0444 0344 \Device\Harddisk0\DR0 - ok
06:46:26.0444 0344 Boot (0x1200) (e5f1d8459ba76aca19fa8cdf729e4d09) \Device\Harddisk0\DR0\Partition0
06:46:26.0454 0344 \Device\Harddisk0\DR0\Partition0 - ok
06:46:26.0454 0344 Boot (0x1200) (942aa930e78a561d05874b8827c0b14d) \Device\Harddisk0\DR0\Partition1
06:46:26.0464 0344 \Device\Harddisk0\DR0\Partition1 - ok
06:46:26.0464 0344 ============================================================
06:46:26.0464 0344 Scan finished
06:46:26.0464 0344 ============================================================
06:46:26.0474 3400 Detected object count: 1
06:46:26.0474 3400 Actual detected object count: 1
06:47:44.0123 3400 Adobe Licensing Console ( UnsignedFile.Multi.Generic ) - skipped by user
06:47:44.0123 3400 Adobe Licensing Console ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:48:00.0985 1072 ============================================================
06:48:00.0985 1072 Scan started
06:48:00.0985 1072 Mode: Manual; SigCheck; TDLFS;
06:48:00.0985 1072 ============================================================
06:48:01.0795 1072 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
06:48:01.0815 1072 1394ohci - ok
06:48:01.0905 1072 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
06:48:01.0935 1072 ACPI - ok
06:48:01.0975 1072 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
06:48:01.0985 1072 AcpiPmi - ok
06:48:02.0455 1072 Adobe Licensing Console (d13dc8b68779ada1176a52f39eef10ff) C:\Windows\SysWOW64\lnsecsl.exe
06:48:02.0475 1072 Adobe Licensing Console ( UnsignedFile.Multi.Generic ) - warning
06:48:02.0475 1072 Adobe Licensing Console - detected UnsignedFile.Multi.Generic (1)
06:48:02.0585 1072 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
06:48:02.0605 1072 AdobeARMservice - ok
06:48:02.0675 1072 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
06:48:02.0705 1072 adp94xx - ok
06:48:02.0775 1072 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
06:48:02.0795 1072 adpahci - ok
06:48:02.0815 1072 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
06:48:02.0825 1072 adpu320 - ok
06:48:02.0855 1072 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
06:48:02.0905 1072 AeLookupSvc - ok
06:48:02.0955 1072 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
06:48:02.0965 1072 AFD - ok
06:48:02.0985 1072 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
06:48:02.0995 1072 agp440 - ok
06:48:03.0015 1072 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
06:48:03.0015 1072 ALG - ok
06:48:03.0065 1072 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
06:48:03.0065 1072 aliide - ok
06:48:03.0095 1072 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
06:48:03.0105 1072 amdide - ok
06:48:03.0125 1072 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
06:48:03.0125 1072 AmdK8 - ok
06:48:03.0135 1072 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
06:48:03.0145 1072 AmdPPM - ok
06:48:03.0225 1072 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
06:48:03.0255 1072 amdsata - ok
06:48:03.0275 1072 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
06:48:03.0285 1072 amdsbs - ok
06:48:03.0305 1072 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
06:48:03.0315 1072 amdxata - ok
06:48:03.0355 1072 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
06:48:03.0385 1072 AppID - ok
06:48:03.0405 1072 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
06:48:03.0435 1072 AppIDSvc - ok
06:48:03.0455 1072 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
06:48:03.0475 1072 Appinfo - ok
06:48:03.0705 1072 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
06:48:03.0725 1072 Apple Mobile Device - ok
06:48:03.0745 1072 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
06:48:03.0755 1072 AppMgmt - ok
06:48:03.0765 1072 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
06:48:03.0775 1072 arc - ok
06:48:03.0825 1072 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
06:48:03.0855 1072 arcsas - ok
06:48:04.0015 1072 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
06:48:04.0025 1072 aspnet_state - ok
06:48:04.0055 1072 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
06:48:04.0095 1072 AsyncMac - ok
06:48:04.0135 1072 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
06:48:04.0145 1072 atapi - ok
06:48:04.0245 1072 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
06:48:04.0295 1072 AudioEndpointBuilder - ok
06:48:04.0305 1072 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
06:48:04.0335 1072 AudioSrv - ok
06:48:04.0465 1072 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
06:48:04.0485 1072 AxInstSV - ok
06:48:04.0585 1072 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
06:48:04.0605 1072 b06bdrv - ok
06:48:04.0645 1072 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
06:48:04.0655 1072 b57nd60a - ok
06:48:04.0685 1072 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
06:48:04.0695 1072 BDESVC - ok
06:48:04.0705 1072 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
06:48:04.0725 1072 Beep - ok
06:48:04.0875 1072 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
06:48:04.0925 1072 BFE - ok
06:48:04.0985 1072 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
06:48:05.0015 1072 BITS - ok
06:48:05.0065 1072 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
06:48:05.0085 1072 blbdrive - ok
06:48:05.0145 1072 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
06:48:05.0165 1072 Bonjour Service - ok
06:48:05.0195 1072 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
06:48:05.0205 1072 bowser - ok
06:48:05.0215 1072 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
06:48:05.0215 1072 BrFiltLo - ok
06:48:05.0245 1072 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
06:48:05.0255 1072 BrFiltUp - ok
06:48:05.0265 1072 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
06:48:05.0285 1072 BridgeMP - ok
06:48:05.0355 1072 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
06:48:05.0385 1072 Browser - ok
06:48:05.0405 1072 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
06:48:05.0415 1072 Brserid - ok
06:48:05.0415 1072 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
06:48:05.0425 1072 BrSerWdm - ok
06:48:05.0435 1072 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
06:48:05.0435 1072 BrUsbMdm - ok
06:48:05.0475 1072 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
06:48:05.0495 1072 BrUsbSer - ok
06:48:05.0615 1072 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
06:48:05.0655 1072 BTHMODEM - ok
06:48:05.0715 1072 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
06:48:05.0765 1072 bthserv - ok
06:48:05.0765 1072 catchme - ok
06:48:05.0785 1072 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
06:48:05.0805 1072 cdfs - ok
06:48:05.0855 1072 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
06:48:05.0855 1072 cdrom - ok
06:48:05.0895 1072 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
06:48:05.0945 1072 CertPropSvc - ok
06:48:06.0035 1072 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
06:48:06.0065 1072 circlass - ok
06:48:06.0085 1072 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
06:48:06.0105 1072 CLFS - ok
06:48:06.0155 1072 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:48:06.0175 1072 clr_optimization_v2.0.50727_32 - ok
06:48:06.0205 1072 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
06:48:06.0225 1072 clr_optimization_v2.0.50727_64 - ok
06:48:06.0385 1072 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:48:06.0405 1072 clr_optimization_v4.0.30319_32 - ok
06:48:06.0425 1072 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
06:48:06.0435 1072 clr_optimization_v4.0.30319_64 - ok
06:48:06.0445 1072 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
06:48:06.0455 1072 CmBatt - ok
06:48:06.0505 1072 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
06:48:06.0515 1072 cmdide - ok
06:48:06.0565 1072 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
06:48:06.0595 1072 CNG - ok
06:48:06.0625 1072 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
06:48:06.0625 1072 Compbatt - ok
06:48:06.0686 1072 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
06:48:06.0696 1072 CompositeBus - ok
06:48:06.0696 1072 COMSysApp - ok
06:48:06.0706 1072 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
06:48:06.0716 1072 crcdisk - ok
06:48:06.0756 1072 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
06:48:06.0806 1072 CryptSvc - ok
06:48:06.0916 1072 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
06:48:06.0926 1072 CSC - ok
06:48:07.0026 1072 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
06:48:07.0046 1072 CscService - ok
06:48:07.0706 1072 CSIScanner (5131d2469b6b19dc20b446ebe43ebb79) C:\Program Files\Prevx\prevx.exe
06:48:07.0796 1072 CSIScanner - ok
06:48:07.0926 1072 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
06:48:07.0976 1072 DcomLaunch - ok
06:48:08.0006 1072 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
06:48:08.0026 1072 defragsvc - ok
06:48:08.0096 1072 Desura Install Service (d69563a0b74c2b4b027d8556d337f3ee) C:\Program Files (x86)\Common Files\Desura\desura_service.exe
06:48:08.0126 1072 Desura Install Service - ok
06:48:08.0166 1072 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
06:48:08.0236 1072 DfsC - ok
06:48:08.0266 1072 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
06:48:08.0286 1072 Dhcp - ok
06:48:08.0296 1072 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
06:48:08.0326 1072 discache - ok
06:48:08.0326 1072 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
06:48:08.0336 1072 Disk - ok
06:48:08.0376 1072 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
06:48:08.0386 1072 Dnscache - ok
06:48:08.0426 1072 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
06:48:08.0446 1072 dot3svc - ok
06:48:08.0556 1072 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
06:48:08.0606 1072 DPS - ok
06:48:08.0626 1072 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
06:48:08.0636 1072 drmkaud - ok
06:48:08.0726 1072 dump_wmimmc - ok
06:48:09.0616 1072 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
06:48:09.0656 1072 DXGKrnl - ok
06:48:09.0696 1072 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
06:48:09.0756 1072 EapHost - ok
06:48:10.0026 1072 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
06:48:10.0056 1072 ebdrv - ok
06:48:10.0106 1072 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
06:48:10.0116 1072 EFS - ok
06:48:10.0166 1072 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
06:48:10.0176 1072 ehRecvr - ok
06:48:10.0196 1072 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
06:48:10.0206 1072 ehSched - ok
06:48:10.0226 1072 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
06:48:10.0236 1072 ElbyCDIO - ok
06:48:10.0336 1072 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
06:48:10.0356 1072 elxstor - ok
06:48:10.0406 1072 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
06:48:10.0406 1072 ErrDev - ok
06:48:10.0476 1072 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
06:48:10.0516 1072 EventSystem - ok
06:48:10.0566 1072 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
06:48:10.0626 1072 exfat - ok
06:48:10.0656 1072 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
06:48:10.0686 1072 fastfat - ok
06:48:10.0766 1072 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
06:48:10.0786 1072 Fax - ok
06:48:10.0786 1072 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
06:48:10.0796 1072 fdc - ok
06:48:10.0796 1072 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
06:48:10.0826 1072 fdPHost - ok
06:48:10.0846 1072 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
06:48:10.0866 1072 FDResPub - ok
06:48:10.0886 1072 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
06:48:10.0886 1072 FileInfo - ok
06:48:10.0896 1072 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
06:48:10.0916 1072 Filetrace - ok
06:48:10.0946 1072 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
06:48:10.0956 1072 flpydisk - ok
06:48:10.0976 1072 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
06:48:10.0986 1072 FltMgr - ok
06:48:11.0286 1072 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
06:48:11.0306 1072 FontCache - ok
06:48:11.0406 1072 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
06:48:11.0426 1072 FontCache3.0.0.0 - ok
06:48:11.0556 1072 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
06:48:11.0576 1072 FsDepends - ok
06:48:11.0626 1072 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
06:48:11.0646 1072 Fs_Rec - ok
06:48:11.0666 1072 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
06:48:11.0686 1072 fvevol - ok
06:48:11.0726 1072 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
06:48:11.0736 1072 gagp30kx - ok
06:48:11.0806 1072 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
06:48:11.0826 1072 GEARAspiWDM - ok
06:48:12.0056 1072 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
06:48:12.0086 1072 gpsvc - ok
06:48:12.0096 1072 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
06:48:12.0096 1072 hcw85cir - ok
06:48:12.0146 1072 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
06:48:12.0156 1072 HdAudAddService - ok
06:48:12.0176 1072 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
06:48:12.0186 1072 HDAudBus - ok
06:48:12.0196 1072 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
06:48:12.0206 1072 HidBatt - ok
06:48:12.0206 1072 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
06:48:12.0216 1072 HidBth - ok
06:48:12.0216 1072 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
06:48:12.0226 1072 HidIr - ok
06:48:12.0256 1072 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
06:48:12.0286 1072 hidserv - ok
06:48:12.0316 1072 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
06:48:12.0326 1072 HidUsb - ok
06:48:12.0376 1072 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
06:48:12.0426 1072 hkmsvc - ok
06:48:12.0456 1072 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
06:48:12.0466 1072 HomeGroupListener - ok
06:48:12.0496 1072 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
06:48:12.0506 1072 HomeGroupProvider - ok
06:48:12.0566 1072 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
06:48:12.0586 1072 HpSAMD - ok
06:48:12.0656 1072 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
06:48:12.0696 1072 HTTP - ok
06:48:12.0726 1072 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
06:48:12.0736 1072 hwpolicy - ok
06:48:12.0766 1072 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
06:48:12.0776 1072 i8042prt - ok
06:48:12.0856 1072 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
06:48:12.0876 1072 iaStorV - ok
06:48:13.0006 1072 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
06:48:13.0036 1072 idsvc - ok
06:48:13.0056 1072 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
06:48:13.0056 1072 iirsp - ok
06:48:13.0186 1072 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
06:48:13.0216 1072 IKEEXT - ok
06:48:13.0246 1072 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
06:48:13.0256 1072 intelide - ok
06:48:13.0286 1072 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
06:48:13.0306 1072 intelppm - ok
06:48:13.0366 1072 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
06:48:13.0396 1072 IPBusEnum - ok
06:48:13.0406 1072 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:48:13.0426 1072 IpFilterDriver - ok
06:48:13.0516 1072 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
06:48:13.0556 1072 iphlpsvc - ok
06:48:13.0596 1072 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
06:48:13.0596 1072 IPMIDRV - ok
06:48:13.0606 1072 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
06:48:13.0626 1072 IPNAT - ok
06:48:13.0806 1072 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
06:48:13.0836 1072 iPod Service - ok
06:48:13.0856 1072 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
06:48:13.0866 1072 IRENUM - ok
06:48:13.0896 1072 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
06:48:13.0906 1072 isapnp - ok
06:48:13.0936 1072 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
06:48:13.0946 1072 iScsiPrt - ok
06:48:13.0976 1072 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
06:48:13.0986 1072 kbdclass - ok
06:48:14.0016 1072 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
06:48:14.0026 1072 kbdhid - ok
06:48:14.0066 1072 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
06:48:14.0076 1072 KeyIso - ok
06:48:14.0106 1072 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
06:48:14.0116 1072 KSecDD - ok
06:48:14.0196 1072 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
06:48:14.0216 1072 KSecPkg - ok
06:48:14.0236 1072 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
06:48:14.0256 1072 ksthunk - ok
06:48:14.0276 1072 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
06:48:14.0306 1072 KtmRm - ok
06:48:14.0336 1072 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
06:48:14.0356 1072 LanmanServer - ok
06:48:14.0416 1072 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
06:48:14.0476 1072 LanmanWorkstation - ok
06:48:14.0496 1072 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
06:48:14.0516 1072 lltdio - ok
06:48:14.0626 1072 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
06:48:14.0676 1072 lltdsvc - ok
06:48:14.0696 1072 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
06:48:14.0716 1072 lmhosts - ok
06:48:14.0766 1072 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
06:48:14.0766 1072 LSI_FC - ok
06:48:14.0786 1072 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
06:48:14.0796 1072 LSI_SAS - ok
06:48:14.0806 1072 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
06:48:14.0816 1072 LSI_SAS2 - ok
06:48:14.0826 1072 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
06:48:14.0836 1072 LSI_SCSI - ok
06:48:14.0846 1072 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
06:48:14.0876 1072 luafv - ok
06:48:14.0926 1072 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
06:48:14.0956 1072 MBAMProtector - ok
06:48:15.0076 1072 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
06:48:15.0096 1072 MBAMService - ok
06:48:15.0206 1072 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
06:48:15.0236 1072 Mcx2Svc - ok
06:48:15.0256 1072 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
06:48:15.0266 1072 megasas - ok
06:48:15.0356 1072 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
06:48:15.0386 1072 MegaSR - ok
06:48:15.0406 1072 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
06:48:15.0426 1072 MMCSS - ok
06:48:15.0446 1072 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
06:48:15.0466 1072 Modem - ok
06:48:15.0476 1072 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
06:48:15.0476 1072 monitor - ok
06:48:15.0556 1072 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
06:48:15.0576 1072 mouclass - ok
06:48:15.0606 1072 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
06:48:15.0616 1072 mouhid - ok
06:48:15.0636 1072 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
06:48:15.0646 1072 mountmgr - ok
06:48:15.0666 1072 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
06:48:15.0676 1072 mpio - ok
06:48:15.0806 1072 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
06:48:15.0846 1072 mpsdrv - ok
06:48:16.0216 1072 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
06:48:16.0256 1072 MpsSvc - ok
06:48:16.0346 1072 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
06:48:16.0366 1072 MRxDAV - ok
06:48:16.0406 1072 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
06:48:16.0406 1072 mrxsmb - ok
06:48:16.0536 1072 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:48:16.0546 1072 mrxsmb10 - ok
06:48:16.0616 1072 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:48:16.0636 1072 mrxsmb20 - ok
06:48:16.0706 1072 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
06:48:16.0726 1072 msahci - ok
06:48:16.0786 1072 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
06:48:16.0796 1072 msdsm - ok
06:48:16.0816 1072 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
06:48:16.0826 1072 MSDTC - ok
06:48:16.0836 1072 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
06:48:16.0856 1072 Msfs - ok
06:48:16.0866 1072 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
06:48:16.0886 1072 mshidkmdf - ok
06:48:16.0906 1072 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
06:48:16.0916 1072 msisadrv - ok
06:48:16.0936 1072 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
06:48:16.0956 1072 MSiSCSI - ok
06:48:16.0966 1072 msiserver - ok
06:48:16.0986 1072 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
06:48:17.0006 1072 MSKSSRV - ok
06:48:17.0016 1072 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
06:48:17.0036 1072 MSPCLOCK - ok
06:48:17.0046 1072 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
06:48:17.0066 1072 MSPQM - ok
06:48:17.0086 1072 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
06:48:17.0096 1072 MsRPC - ok
06:48:17.0106 1072 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
06:48:17.0116 1072 mssmbios - ok
06:48:17.0126 1072 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
06:48:17.0146 1072 MSTEE - ok
06:48:17.0156 1072 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
06:48:17.0166 1072 MTConfig - ok
06:48:17.0166 1072 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
06:48:17.0176 1072 Mup - ok
06:48:17.0206 1072 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
06:48:17.0226 1072 napagent - ok
06:48:17.0246 1072 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
06:48:17.0256 1072 NativeWifiP - ok
06:48:17.0296 1072 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
06:48:17.0316 1072 NDIS - ok
06:48:17.0326 1072 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
06:48:17.0346 1072 NdisCap - ok
06:48:17.0356 1072 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
06:48:17.0376 1072 NdisTapi - ok
06:48:17.0406 1072 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
06:48:17.0456 1072 Ndisuio - ok
06:48:17.0476 1072 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
06:48:17.0496 1072 NdisWan - ok
06:48:17.0516 1072 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
06:48:17.0536 1072 NDProxy - ok
06:48:17.0616 1072 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
06:48:17.0656 1072 NetBIOS - ok
06:48:17.0726 1072 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
06:48:17.0776 1072 NetBT - ok
06:48:17.0826 1072 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
06:48:17.0836 1072 Netlogon - ok
06:48:17.0866 1072 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
06:48:17.0906 1072 Netman - ok
06:48:17.0976 1072 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:48:17.0996 1072 NetMsmqActivator - ok
06:48:17.0996 1072 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:48:18.0006 1072 NetPipeActivator - ok
06:48:18.0026 1072 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
06:48:18.0046 1072 netprofm - ok
06:48:18.0096 1072 netr28x (b72bb9496a126fcfc7fc5945ded9b411) C:\Windows\system32\DRIVERS\netr28x.sys
06:48:18.0116 1072 netr28x - ok
06:48:18.0126 1072 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:48:18.0136 1072 NetTcpActivator - ok
06:48:18.0136 1072 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:48:18.0146 1072 NetTcpPortSharing - ok
06:48:18.0166 1072 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
06:48:18.0166 1072 nfrd960 - ok
06:48:18.0186 1072 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
06:48:18.0206 1072 NlaSvc - ok
06:48:18.0266 1072 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
06:48:18.0286 1072 Npfs - ok
06:48:18.0286 1072 npggsvc - ok
06:48:18.0286 1072 NPPTNT2 - ok
06:48:18.0296 1072 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
06:48:18.0316 1072 nsi - ok
06:48:18.0316 1072 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
06:48:18.0346 1072 nsiproxy - ok
06:48:18.0656 1072 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
06:48:18.0697 1072 Ntfs - ok
06:48:19.0167 1072 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
06:48:19.0227 1072 Null - ok
06:48:20.0017 1072 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
06:48:20.0157 1072 nvlddmkm - ok
06:48:20.0617 1072 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
06:48:20.0627 1072 nvraid - ok
06:48:20.0667 1072 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
06:48:20.0677 1072 nvstor - ok
06:48:20.0847 1072 nvsvc (43bc8151893ae6afe42e149d663c2221) C:\Windows\system32\nvvsvc.exe
06:48:20.0877 1072 nvsvc - ok
06:48:20.0967 1072 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
06:48:20.0997 1072 nv_agp - ok
06:48:21.0517 1072 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
06:48:21.0557 1072 odserv - ok
06:48:21.0607 1072 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
06:48:21.0617 1072 ohci1394 - ok
06:48:21.0647 1072 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:48:21.0657 1072 ose - ok
06:48:22.0047 1072 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
06:48:22.0067 1072 p2pimsvc - ok
06:48:22.0497 1072 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
06:48:22.0527 1072 p2psvc - ok
06:48:22.0597 1072 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
06:48:22.0627 1072 Parport - ok
06:48:22.0657 1072 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
06:48:22.0667 1072 partmgr - ok
06:48:22.0807 1072 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
06:48:22.0847 1072 PcaSvc - ok
06:48:23.0027 1072 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
06:48:23.0057 1072 pci - ok
06:48:23.0087 1072 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
06:48:23.0097 1072 pciide - ok
06:48:23.0417 1072 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
06:48:23.0447 1072 pcmcia - ok
06:48:23.0447 1072 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
06:48:23.0457 1072 pcw - ok
06:48:23.0497 1072 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
06:48:23.0617 1072 PEAUTH - ok
06:48:23.0677 1072 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
06:48:23.0697 1072 PeerDistSvc - ok
06:48:24.0177 1072 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
06:48:24.0197 1072 PerfHost - ok
06:48:24.0647 1072 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
06:48:24.0688 1072 pla - ok
06:48:25.0088 1072 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
06:48:25.0128 1072 PlugPlay - ok
06:48:25.0128 1072 PnkBstrA - ok
06:48:25.0148 1072 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
06:48:25.0158 1072 PNRPAutoReg - ok
06:48:25.0188 1072 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
06:48:25.0198 1072 PNRPsvc - ok
06:48:25.0228 1072 Point64 (9abff71ff6f3b9492686d3403fa5dcdb) C:\Windows\system32\DRIVERS\point64k.sys
06:48:25.0238 1072 Point64 - ok
06:48:25.0458 1072 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
06:48:25.0508 1072 PolicyAgent - ok
06:48:25.0538 1072 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
06:48:25.0558 1072 Power - ok
06:48:25.0598 1072 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
06:48:25.0648 1072 PptpMiniport - ok
06:48:25.0668 1072 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
06:48:25.0678 1072 Processor - ok
06:48:25.0698 1072 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
06:48:25.0718 1072 ProfSvc - ok
06:48:25.0768 1072 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
06:48:25.0778 1072 ProtectedStorage - ok
06:48:25.0808 1072 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
06:48:25.0828 1072 Psched - ok
06:48:25.0848 1072 pxkbf (ba5f7c107eace67973b4b798832a74c7) C:\Windows\system32\drivers\pxkbf.sys
06:48:25.0848 1072 pxkbf - ok
06:48:25.0868 1072 pxrts (007e57428802f587d0d6737ae7a9d989) C:\Windows\system32\drivers\pxrts.sys
06:48:25.0868 1072 pxrts - ok
06:48:25.0878 1072 pxscan (66d4d00c8908888a68b749d91f1e6789) C:\Windows\system32\drivers\pxscan.sys
06:48:25.0888 1072 pxscan - ok
06:48:25.0938 1072 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
06:48:25.0968 1072 ql2300 - ok
06:48:26.0018 1072 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
06:48:26.0028 1072 ql40xx - ok
06:48:26.0058 1072 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
06:48:26.0068 1072 QWAVE - ok
06:48:26.0078 1072 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
06:48:26.0088 1072 QWAVEdrv - ok
06:48:26.0098 1072 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
06:48:26.0118 1072 RasAcd - ok
06:48:26.0138 1072 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
06:48:26.0158 1072 RasAgileVpn - ok
06:48:26.0168 1072 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
06:48:26.0198 1072 RasAuto - ok
06:48:26.0248 1072 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
06:48:26.0298 1072 Rasl2tp - ok
06:48:26.0428 1072 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
06:48:26.0478 1072 RasMan - ok
06:48:26.0528 1072 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
06:48:26.0548 1072 RasPppoe - ok
06:48:26.0588 1072 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
06:48:26.0608 1072 RasSstp - ok
06:48:26.0698 1072 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
06:48:26.0748 1072 rdbss - ok
06:48:26.0768 1072 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
06:48:26.0778 1072 rdpbus - ok
06:48:26.0798 1072 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
06:48:26.0818 1072 RDPCDD - ok
06:48:27.0018 1072 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
06:48:27.0028 1072 RDPDR - ok
06:48:27.0048 1072 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
06:48:27.0078 1072 RDPENCDD - ok
06:48:27.0088 1072 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
06:48:27.0108 1072 RDPREFMP - ok
06:48:27.0158 1072 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
06:48:27.0168 1072 RDPWD - ok
06:48:27.0238 1072 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
06:48:27.0258 1072 rdyboost - ok
06:48:27.0288 1072 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
06:48:27.0318 1072 RemoteAccess - ok
06:48:27.0338 1072 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
06:48:27.0368 1072 RemoteRegistry - ok
06:48:27.0398 1072 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
06:48:27.0418 1072 RpcEptMapper - ok
06:48:27.0438 1072 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
06:48:27.0448 1072 RpcLocator - ok
06:48:27.0508 1072 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
06:48:27.0528 1072 RpcSs - ok
06:48:27.0568 1072 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
06:48:27.0588 1072 rspndr - ok
06:48:27.0638 1072 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
06:48:27.0638 1072 s3cap - ok
06:48:27.0718 1072 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
06:48:27.0748 1072 SamSs - ok
06:48:27.0788 1072 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
06:48:27.0798 1072 sbp2port - ok
06:48:27.0848 1072 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
06:48:27.0888 1072 SCardSvr - ok
06:48:27.0928 1072 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
06:48:27.0948 1072 scfilter - ok
06:48:28.0048 1072 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
06:48:28.0088 1072 Schedule - ok
06:48:28.0148 1072 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
06:48:28.0208 1072 SCPolicySvc - ok
06:48:28.0318 1072 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
06:48:28.0348 1072 SDRSVC - ok
06:48:28.0368 1072 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
06:48:28.0388 1072 secdrv - ok
06:48:28.0418 1072 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
06:48:28.0438 1072 seclogon - ok
06:48:28.0458 1072 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
06:48:28.0478 1072 SENS - ok
06:48:28.0488 1072 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
06:48:28.0488 1072 SensrSvc - ok
06:48:28.0498 1072 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
06:48:28.0508 1072 Serenum - ok
06:48:28.0528 1072 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
06:48:28.0538 1072 Serial - ok
06:48:28.0568 1072 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
06:48:28.0568 1072 sermouse - ok
06:48:28.0608 1072 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
06:48:28.0628 1072 SessionEnv - ok
06:48:28.0658 1072 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
06:48:28.0668 1072 sffdisk - ok
06:48:28.0668 1072 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
06:48:28.0678 1072 sffp_mmc - ok
06:48:28.0688 1072 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
06:48:28.0698 1072 sffp_sd - ok
06:48:28.0708 1072 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
06:48:28.0718 1072 sfloppy - ok
06:48:28.0768 1072 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
06:48:28.0798 1072 SharedAccess - ok
06:48:28.0898 1072 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
06:48:28.0958 1072 ShellHWDetection - ok
06:48:28.0968 1072 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
06:48:28.0978 1072 SiSRaid2 - ok
06:48:29.0068 1072 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
06:48:29.0098 1072 SiSRaid4 - ok
06:48:29.0198 1072 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe
06:48:29.0218 1072 SkypeUpdate - ok
06:48:29.0238 1072 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
06:48:29.0268 1072 Smb - ok
06:48:29.0298 1072 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
06:48:29.0308 1072 SNMPTRAP - ok
06:48:29.0318 1072 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
06:48:29.0328 1072 spldr - ok
06:48:29.0358 1072 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
06:48:29.0378 1072 Spooler - ok
06:48:29.0608 1072 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
06:48:29.0658 1072 sppsvc - ok
06:48:29.0718 1072 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
06:48:29.0758 1072 sppuinotify - ok
06:48:29.0878 1072 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
06:48:29.0898 1072 srv - ok
06:48:29.0928 1072 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
06:48:29.0938 1072 srv2 - ok
06:48:29.0968 1072 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
06:48:29.0978 1072 srvnet - ok
06:48:29.0988 1072 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
06:48:30.0018 1072 SSDPSRV - ok
06:48:30.0128 1072 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
06:48:30.0188 1072 SstpSvc - ok
06:48:30.0208 1072 Steam Client Service - ok
06:48:30.0218 1072 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
06:48:30.0228 1072 stexstor - ok
06:48:30.0348 1072 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
06:48:30.0368 1072 stisvc - ok
06:48:30.0438 1072 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
06:48:30.0458 1072 storflt - ok
06:48:30.0488 1072 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
06:48:30.0498 1072 StorSvc - ok
06:48:30.0598 1072 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
06:48:30.0618 1072 storvsc - ok
06:48:30.0658 1072 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
06:48:30.0668 1072 swenum - ok
06:48:30.0688 1072 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
06:48:30.0708 1072 swprv - ok
06:48:30.0798 1072 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
06:48:30.0818 1072 SysMain - ok
06:48:30.0868 1072 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
06:48:30.0878 1072 TabletInputService - ok
06:48:30.0928 1072 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
06:48:30.0948 1072 TapiSrv - ok
06:48:30.0958 1072 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
06:48:30.0988 1072 TBS - ok
06:48:31.0058 1072 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
06:48:31.0088 1072 Tcpip - ok
06:48:31.0158 1072 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
06:48:31.0178 1072 TCPIP6 - ok
06:48:31.0228 1072 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
06:48:31.0248 1072 tcpipreg - ok
06:48:31.0258 1072 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
06:48:31.0258 1072 TDPIPE - ok
06:48:31.0288 1072 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
06:48:31.0298 1072 TDTCP - ok
06:48:31.0328 1072 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
06:48:31.0348 1072 tdx - ok
06:48:31.0358 1072 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
06:48:31.0358 1072 TermDD - ok
06:48:31.0408 1072 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
06:48:31.0438 1072 TermService - ok
06:48:31.0438 1072 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
06:48:31.0448 1072 Themes - ok
06:48:31.0468 1072 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
06:48:31.0488 1072 THREADORDER - ok
06:48:31.0508 1072 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
06:48:31.0528 1072 TrkWks - ok
06:48:31.0568 1072 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
06:48:31.0588 1072 TrustedInstaller - ok
06:48:31.0608 1072 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
06:48:31.0638 1072 tssecsrv - ok
06:48:31.0648 1072 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
06:48:31.0658 1072 TsUsbFlt - ok
06:48:31.0688 1072 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
06:48:31.0708 1072 tunnel - ok
06:48:31.0708 1072 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
06:48:31.0718 1072 uagp35 - ok
06:48:31.0748 1072 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
06:48:31.0768 1072 udfs - ok
06:48:31.0788 1072 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
06:48:31.0798 1072 UI0Detect - ok
06:48:31.0818 1072 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
06:48:31.0828 1072 uliagpkx - ok
06:48:31.0858 1072 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
06:48:31.0868 1072 umbus - ok
06:48:31.0868 1072 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
06:48:31.0878 1072 UmPass - ok
06:48:31.0898 1072 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
06:48:31.0908 1072 UmRdpService - ok
06:48:31.0928 1072 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
06:48:31.0948 1072 upnphost - ok
06:48:31.0978 1072 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
06:48:31.0988 1072 USBAAPL64 - ok
06:48:32.0008 1072 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
06:48:32.0018 1072 usbaudio - ok
06:48:32.0048 1072 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
06:48:32.0058 1072 usbccgp - ok
06:48:32.0088 1072 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
06:48:32.0098 1072 usbcir - ok
06:48:32.0118 1072 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
06:48:32.0128 1072 usbehci - ok
06:48:32.0148 1072 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
06:48:32.0158 1072 usbhub - ok
06:48:32.0158 1072 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
06:48:32.0168 1072 usbohci - ok
06:48:32.0188 1072 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
06:48:32.0198 1072 usbprint - ok
06:48:32.0208 1072 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:48:32.0218 1072 USBSTOR - ok
06:48:32.0228 1072 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
06:48:32.0238 1072 usbuhci - ok
06:48:32.0248 1072 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
06:48:32.0278 1072 UxSms - ok
06:48:32.0298 1072 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
06:48:32.0308 1072 VaultSvc - ok
06:48:32.0388 1072 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
06:48:32.0408 1072 VClone - ok
06:48:32.0468 1072 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
06:48:32.0478 1072 vdrvroot - ok
06:48:32.0578 1072 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
06:48:32.0618 1072 vds - ok
06:48:32.0648 1072 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
06:48:32.0658 1072 vga - ok
06:48:32.0668 1072 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
06:48:32.0688 1072 VgaSave - ok
06:48:32.0808 1072 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
06:48:32.0818 1072 vhdmp - ok
06:48:32.0868 1072 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
06:48:32.0898 1072 viaide - ok
06:48:32.0988 1072 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
06:48:33.0018 1072 vmbus - ok
06:48:33.0048 1072 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
06:48:33.0058 1072 VMBusHID - ok
06:48:33.0278 1072 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
06:48:33.0308 1072 volmgr - ok
06:48:33.0518 1072 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
06:48:33.0538 1072 volmgrx - ok
06:48:33.0558 1072 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
06:48:33.0568 1072 volsnap - ok
06:48:33.0588 1072 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
06:48:33.0598 1072 vsmraid - ok
06:48:33.0668 1072 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
06:48:33.0698 1072 VSS - ok
06:48:33.0878 1072 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
06:48:33.0888 1072 vwifibus - ok
06:48:33.0908 1072 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
06:48:33.0918 1072 vwififlt - ok
06:48:33.0958 1072 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
06:48:33.0968 1072 vwifimp - ok
06:48:34.0008 1072 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
06:48:34.0028 1072 W32Time - ok
06:48:34.0078 1072 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
06:48:34.0088 1072 WacomPen - ok
06:48:34.0178 1072 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
06:48:34.0218 1072 WANARP - ok
06:48:34.0218 1072 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
06:48:34.0248 1072 Wanarpv6 - ok
06:48:34.0488 1072 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
06:48:34.0528 1072 WatAdminSvc - ok
06:48:34.0728 1072 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
06:48:34.0768 1072 wbengine - ok
06:48:34.0928 1072 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
06:48:34.0948 1072 WbioSrvc - ok
06:48:35.0048 1072 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
06:48:35.0078 1072 wcncsvc - ok
06:48:35.0098 1072 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
06:48:35.0108 1072 WcsPlugInService - ok
06:48:35.0218 1072 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
06:48:35.0238 1072 Wd - ok
06:48:35.0268 1072 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
06:48:35.0288 1072 Wdf01000 - ok
06:48:35.0358 1072 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
06:48:35.0388 1072 WdiServiceHost - ok
06:48:35.0388 1072 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
06:48:35.0408 1072 WdiSystemHost - ok
06:48:35.0478 1072 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
06:48:35.0498 1072 WebClient - ok
06:48:35.0548 1072 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
06:48:35.0578 1072 Wecsvc - ok
06:48:35.0588 1072 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
06:48:35.0608 1072 wercplsupport - ok
06:48:35.0648 1072 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
06:48:35.0678 1072 WerSvc - ok
06:48:35.0688 1072 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
06:48:35.0718 1072 WfpLwf - ok
06:48:35.0748 1072 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
06:48:35.0758 1072 WIMMount - ok
06:48:35.0838 1072 WinDefend - ok
06:48:35.0848 1072 WinHttpAutoProxySvc - ok
06:48:35.0888 1072 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
06:48:35.0908 1072 Winmgmt - ok
06:48:36.0018 1072 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
06:48:36.0048 1072 WinRM - ok
06:48:36.0238 1072 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
06:48:36.0258 1072 WinUsb - ok
06:48:36.0618 1072 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
06:48:36.0658 1072 Wlansvc - ok
06:48:36.0858 1072 wlidsvc (98f138897ef4246381d197cb81846d62) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
06:48:36.0878 1072 wlidsvc - ok
06:48:36.0958 1072 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
06:48:36.0978 1072 WmiAcpi - ok
06:48:37.0048 1072 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
06:48:37.0068 1072 wmiApSrv - ok
06:48:37.0088 1072 WMPNetworkSvc - ok
06:48:37.0108 1072 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
06:48:37.0118 1072 WPCSvc - ok
06:48:37.0168 1072 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
06:48:37.0188 1072 WPDBusEnum - ok
06:48:37.0218 1072 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
06:48:37.0248 1072 ws2ifsl - ok
06:48:37.0308 1072 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
06:48:37.0318 1072 wscsvc - ok
06:48:37.0318 1072 WSearch - ok
06:48:37.0428 1072 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
06:48:37.0468 1072 wuauserv - ok
06:48:37.0598 1072 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
06:48:37.0638 1072 WudfPf - ok
06:48:37.0698 1072 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
06:48:37.0718 1072 WUDFRd - ok
06:48:37.0748 1072 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
06:48:37.0808 1072 wudfsvc - ok
06:48:37.0828 1072 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
06:48:37.0848 1072 WwanSvc - ok
06:48:37.0868 1072 xusb21 (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys
06:48:37.0868 1072 xusb21 - ok
06:48:37.0878 1072 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
06:48:38.0228 1072 \Device\Harddisk0\DR0 - ok
06:48:38.0228 1072 Boot (0x1200) (e5f1d8459ba76aca19fa8cdf729e4d09) \Device\Harddisk0\DR0\Partition0
06:48:38.0228 1072 \Device\Harddisk0\DR0\Partition0 - ok
06:48:38.0248 1072 Boot (0x1200) (942aa930e78a561d05874b8827c0b14d) \Device\Harddisk0\DR0\Partition1
06:48:38.0248 1072 \Device\Harddisk0\DR0\Partition1 - ok
06:48:38.0248 1072 ============================================================
06:48:38.0248 1072 Scan finished
06:48:38.0248 1072 ============================================================
06:48:38.0258 3324 Detected object count: 1
06:48:38.0258 3324 Actual detected object count: 1
06:48:43.0879 3324 Adobe Licensing Console ( UnsignedFile.Multi.Generic ) - skipped by user
06:48:43.0879 3324 Adobe Licensing Console ( UnsignedFile.Multi.Generic ) - User select action: Skip

#6 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:03:36 PM

Posted 25 April 2012 - 09:02 AM

Thanks for those. The Combofix log you have posted is from the third run that you did, could you please post the 1st one for review.

The TDSSKiller log is clean.

#7 Seraphite

Seraphite
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 25 April 2012 - 11:49 AM

Unfortunately, it seems the most recent Combofix run overwrote the previous log I had. I'm really sorry about that. Unless you know of a way to get the old log back?

#8 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:03:36 PM

Posted 25 April 2012 - 12:16 PM

Ok, not to worry about the CF log, there is nothing of any significance in your logs and no trace of Media Dashboard in the list of installed programs.

Please see if you can find it in the list of installed programs under Programs and Features via the Control Panel, if not found there please also look in your Internet Explorers add-ons list. Click on Tools on the main page and look in Manage add-ons.

If you still cannot find it open Explorer and type Media Dashboard into the Search box and see if anything comes up. Please post the details of anything found.

#9 Seraphite

Seraphite
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 25 April 2012 - 12:37 PM

I can't find any trace of it anywhere. It's not in my processes, plugins, or even anywhere in explorer. But it's definitely there. I've attached a screenshot of it.

#10 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:03:36 PM

Posted 25 April 2012 - 04:54 PM

Ok, can you confirm why you had been using Combofix or was its use only in response to this problem?

It seems quite likely that this is not related to Malware and that the program has been bundled with something else you have installed quite recently. It may even appear in the Programs and Features list under a different name, is there anything there that you do not recognise?

Open Programs and Features and click on the Installed On tab and it will list them in date order. Send in a screenshot of the window.

#11 Seraphite

Seraphite
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 25 April 2012 - 06:02 PM

I ran combofix for this problem only.

I just uninstalled everything within the past week to see if it went away. It didn't. There wasn't anything I didn't personally install on the list. However, I did find that it's running a process! I am the only user on this computer, so I was surprised to find over double the processing running on "other users". Anyway, it's running as stdrt.exe - Media Dashboard

What should I do?

(your site won't let me attach files anymore, says I've passed my limit or something, so here's a link tot he screenshot)
http://na.leagueoflegends.com/board/attachment.php?attachmentid=429037&stc=1&d=1335394835

#12 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:03:36 PM

Posted 26 April 2012 - 05:49 AM

Unfortunately the link you provided above is showing an error "invalid attachment specified".

We need to check that file so please submit it to Jotti and post the results, as follows:

1. Click HERE to get to Jotti's site.

2. At the top of the Jotti window, use the Browse button to locate the following file on your system:

You should find it here C:\Windows\TEMP\mrt4AC5.tmp\stdrt.exe <---this one

3. Once you have located the file, click SUBMIT and the content of the file will be uploaded by the site and analysed.

4. Please provide me with the results of the analysis.


Please also uninstall Fl stduio 10 as that is one program our research disclosed was responsible for creating the file.

NOTE: To correct the problem with posting attachments.
Click on your user name at the top of the page and select My Settings.
To the left of the page click on Manage Attachments.
You can then select and delete previous attachments allowing you to post attachments again.

Edited by mark1956, 26 April 2012 - 05:57 AM.


#13 Seraphite

Seraphite
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 26 April 2012 - 07:11 AM

http://virusscan.jotti.org/en/scanresult/3833be0db4b8ae71d0bca0a52f65857b39fd5c0d

I've also attached the screen again just in case you needed to see it. And, I uninstalled FL studio along with everything else from the past week or two.

#14 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:03:36 PM

Posted 26 April 2012 - 10:03 AM

The Jotti results are a good sign the file is not infected.

As the icon in the Mixer is a Windows Icon and some discussion topics indicate stdrt.exe *32 is related to Windows Media Center, that may explain it. All indications are that it's related to some type of media software but it certainly does not appear to be malware.

As there are so many mixed results for this file we would like to investigate further. Follow these instructions and see what other information you can gather.

Please download and run Process Explorer

-- Process Explorer shows two panes by default: the upper pane is always a process list and the bottom pane either shows the list of DLLs loaded into the process selected in the upper pane, or the list of operating system resource handles (files, Registry keys, synchronization objects) the process has open. In the menu at the top select View > Lower Pane View to change between DLLs and Handles. Locate and click on the file in the top pane and see what is associated with it in the bottom pane.

Please also download and run System Explorer

-- System Explorer provides a security check of running processes using their online security database when you first launch the program. Just press the Security Scan tab at the top, then click Start Security Check. After the check you can click the link to See the results of the security check >>. Keep in mind, that the check is not a guarantee of what is or is not detected as malware. Click on Details next to the file entry in the results and see what information it supplies.

Edited by mark1956, 26 April 2012 - 10:07 AM.


#15 Seraphite

Seraphite
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 26 April 2012 - 09:47 PM

Process Explorer:

Attached File  stdrtprocess.gif   296.99KB   5 downloads


System Explorer Link:

http://systemexplorer.net/scanresults.php?sid=sDncBgBx2bHg

In case the link isn't up long-term, it said everything was clean, though it came up with 8 "Unknown" files.

%programfiles%\razer\lycosa\ razerlan.dll (keyboard)
%windir%\syswow64\ FpsGunTray.exe (mouse)
%windir%\temp\mrt4f09.tmp\ KcBoxA.mfx
%windir%\temp\mrt4f09.tmp\ kcedit.mfx
%windir%\temp\mrt4f09.tmp\ KcWebX.mfx
%windir%\temp\mrt4f09.tmp\ MMFS2.dll
%windir%\temp\mrt4f09.tmp\ stdrt.exe
%windir%\temp\mrt4f09.tmp\ Yaso.mfx

No idea what the rest are for, and of course the stdrt.exe is lumped in there.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users