Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware, Need Help


  • Please log in to reply
15 replies to this topic

#1 ufuentes84

ufuentes84

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 16 May 2012 - 02:56 PM

Mod Edit: Split from http://www.bleepingcomputer.com/forums/topic451084.html/page__p__2701181#entry2701181 - Hamluis.

size="5"][/size]Hello Broni, I'm having the same problems and my MS Excel also stopped working.
I caught 2 viruses yesterday and removed them with regular MS security essentials antivirus and with the malware bytes program...but I still have the issues.
I didn't write any names down :( or save them, but one was a trojan. something and the other was rogue. something.
I don't know how to read these things, but i noticed an infected file on the mbr scan.


I followed all of your steps below and here are the results:

Security Check
-------------------
Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 29
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
``````````End of Log````````````

Farbar Service Scanner
----------------------------
Farbar Service Scanner Version: 11-05-2012
Ran by Mary 2 (administrator) on 16-05-2012 at 14:20:26
Running from "C:\Users\Mary 2\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

MiniTool Box
-------------------------
MiniToolBox by Farbar Version: 18-01-2012
Ran by Mary 2 (administrator) on 16-05-2012 at 14:23:11
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "localhost,127.0.0.1"
"network.proxy.type", 0
========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® Centrino® Advanced-N 6250 AGN = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)
Intel® Centrino® WiMAX 6250 = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Mary2-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Centrino® WiMAX 6250
Physical Address. . . . . . . . . : 64-D4-DA-1F-CA-F4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
Physical Address. . . . . . . . . : 00-23-15-B8-44-35
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 00-23-15-B8-44-35
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Intel® Centrino® Advanced-N 6250 AGN
Physical Address. . . . . . . . . : 00-23-15-B8-44-34
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a0bb:b66:1b1:1226%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.10.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, May 16, 2012 9:57:11 AM
Lease Expires . . . . . . . . . . : Saturday, June 22, 2148 8:51:33 PM
Default Gateway . . . . . . . . . : 192.168.10.1
DHCP Server . . . . . . . . . . . : 192.168.10.1
DHCPv6 IAID . . . . . . . . . . . : 318776085
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-DB-AF-7F-1C-75-08-81-89-5B
DNS Servers . . . . . . . . . . . : 192.168.10.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 1C-75-08-81-89-5B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{5383F192-F504-4BA3-A545-C0747AA86B13}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:3c56:828:3f57:f5fd(Preferred)
Link-local IPv6 Address . . . . . : fe80::3c56:828:3f57:f5fd%19(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{F6FEB825-5EDE-49C1-96BE-84FF291DF6DE}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{2930C07D-B06C-4B16-803F-FA8D688FB11C}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A959992B-A9FA-4D61-A282-B75A205DF6D6}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.Belkin:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.10.1

DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 74.125.227.110
74.125.227.96
74.125.227.97
74.125.227.98
74.125.227.99
74.125.227.100
74.125.227.101
74.125.227.102
74.125.227.103
74.125.227.104
74.125.227.105


Pinging google.com [74.125.227.96] with 32 bytes of data:
Reply from 74.125.227.96: bytes=32 time=38ms TTL=56
Reply from 74.125.227.96: bytes=32 time=39ms TTL=56

Ping statistics for 74.125.227.96:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 38ms, Maximum = 39ms, Average = 38ms
Server: UnKnown
Address: 192.168.10.1

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=40ms TTL=51
Reply from 209.191.122.70: bytes=32 time=42ms TTL=51

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 40ms, Maximum = 42ms, Average = 41ms
Server: UnKnown
Address: 192.168.10.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
15...64 d4 da 1f ca f4 ......Intel® Centrino® WiMAX 6250
14...00 23 15 b8 44 35 ......Microsoft Virtual WiFi Miniport Adapter #2
13...00 23 15 b8 44 35 ......Microsoft Virtual WiFi Miniport Adapter
12...00 23 15 b8 44 34 ......Intel® Centrino® Advanced-N 6250 AGN
10...1c 75 08 81 89 5b ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
32...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
19...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
33...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
41...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.10.1 192.168.10.2 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.10.0 255.255.255.0 On-link 192.168.10.2 281
192.168.10.2 255.255.255.255 On-link 192.168.10.2 281
192.168.10.255 255.255.255.255 On-link 192.168.10.2 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.10.2 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.10.2 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
19 58 ::/0 On-link
1 306 ::1/128 On-link
19 58 2001::/32 On-link
19 306 2001:0:5ef5:79fd:3c56:828:3f57:f5fd/128
On-link
12 281 fe80::/64 On-link
19 306 fe80::/64 On-link
19 306 fe80::3c56:828:3f57:f5fd/128
On-link
12 281 fe80::a0bb:b66:1b1:1226/128
On-link
1 306 ff00::/8 On-link
19 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/16/2012 02:13:55 PM) (Source: Application Error) (User: )
Description: Faulting application name: EXCEL.EXE, version: 12.0.6661.5000, time stamp: 0x4f7cda6d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x40000015
Fault offset: 0x0000000a
Faulting process id: 0x1a68
Faulting application start time: 0xEXCEL.EXE0
Faulting application path: EXCEL.EXE1
Faulting module path: EXCEL.EXE2
Report Id: EXCEL.EXE3

Error: (05/16/2012 02:09:38 PM) (Source: Application Error) (User: )
Description: Faulting application name: EXCEL.EXE, version: 12.0.6661.5000, time stamp: 0x4f7cda6d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x40000015
Fault offset: 0x0000ddd6
Faulting process id: 0x31c
Faulting application start time: 0xEXCEL.EXE0
Faulting application path: EXCEL.EXE1
Faulting module path: EXCEL.EXE2
Report Id: EXCEL.EXE3

Error: (05/16/2012 02:09:38 PM) (Source: Microsoft Office 12) (User: )
Description: Accepted Safe Mode action : Microsoft Office Excel.

Error: (05/16/2012 02:09:06 PM) (Source: Application Error) (User: )
Description: Faulting application name: EXCEL.EXE, version: 12.0.6661.5000, time stamp: 0x4f7cda6d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x40000015
Fault offset: 0x0000210c
Faulting process id: 0xe30
Faulting application start time: 0xEXCEL.EXE0
Faulting application path: EXCEL.EXE1
Faulting module path: EXCEL.EXE2
Report Id: EXCEL.EXE3

Error: (05/16/2012 02:07:43 PM) (Source: Application Error) (User: )
Description: Faulting application name: EXCEL.EXE, version: 12.0.6661.5000, time stamp: 0x4f7cda6d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x40000015
Fault offset: 0x0000c9f5
Faulting process id: 0x950
Faulting application start time: 0xEXCEL.EXE0
Faulting application path: EXCEL.EXE1
Faulting module path: EXCEL.EXE2
Report Id: EXCEL.EXE3

Error: (05/16/2012 01:17:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4733148

Error: (05/16/2012 01:17:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4733148

Error: (05/16/2012 01:17:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/16/2012 11:59:10 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9204

Error: (05/16/2012 11:59:10 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9204


System errors:
=============
Error: (05/15/2012 11:23:19 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.125.1826.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (05/15/2012 11:23:19 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.125.1826.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (05/15/2012 11:23:19 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.125.1826.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (05/13/2012 09:16:22 AM) (Source: DCOM) (User: Mary 2)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}Mary2-PCMary 2S-1-5-21-4240040055-4260628421-666798547-1000LocalHost (Using LRPC)

Error: (05/13/2012 09:16:22 AM) (Source: DCOM) (User: Mary 2)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}Mary2-PCMary 2S-1-5-21-4240040055-4260628421-666798547-1000LocalHost (Using LRPC)

Error: (05/13/2012 08:17:43 AM) (Source: DCOM) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (05/12/2012 07:56:04 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.125.1581.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (05/08/2012 09:36:00 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.125.1330.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (05/06/2012 10:40:02 PM) (Source: DCOM) (User: Mary 2)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}Mary2-PCMary 2S-1-5-21-4240040055-4260628421-666798547-1000LocalHost (Using LRPC)

Error: (05/06/2012 10:40:02 PM) (Source: DCOM) (User: Mary 2)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}Mary2-PCMary 2S-1-5-21-4240040055-4260628421-666798547-1000LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================
Error: (05/16/2012 02:13:55 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 0 seconds with 0 seconds of active time. This session ended with a crash.

Error: (05/16/2012 02:09:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.

Error: (05/16/2012 02:09:06 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 0 seconds with 0 seconds of active time. This session ended with a crash.

Error: (05/16/2012 02:07:43 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Adobe AIR (Version: 3.2.0.2070)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.235)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.2.202.235)
Adobe Reader 9.5.1 (Version: 9.5.1)
Adobe Shockwave Player 11.6 (Version: 11.6.0.626)
Amazon MP3 Downloader 1.0.12 (Version: 1.0.12)
Amazon MP3 Uploader (Version: 1.0.6)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Best Buy pc app (Version: 3.0.0.0)
Best Buy pc app (Version: 3.1.2.1)
Bing Bar (Version: 7.1.361.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
Bonjour (Version: 3.0.0.10)
Coupon Printer for Windows (Version: 5.0.0.0)
D3DX10 (Version: 15.4.2368.0902)
DIRECTV Player (Version: 4.00)
ExamView Pro
Flickr Uploadr 3.2.1
Google Chrome (Version: 18.0.1025.168)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.111)
HP Deskjet 1000 J110 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 1000 J110 series Help (Version: 140.0.65.65)
HP Deskjet 1000 J110 series Product Improvement Study (Version: 22.50.231.0)
HP Photo Creations (Version: 1.0.0.${CAB_VERSION})
HP Update (Version: 5.002.006.003)
Intel PROSet Wireless
Intel WiMAX Tutorial (Version: 1.5.3.1)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2189)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® PROSet/Wireless WiFi Software (Version: 13.03.0000)
Intel® Rapid Storage Technology (Version: 9.5.7.1002)
Intel® PROSet/Wireless WiMAX Software (Version: 2.03.2000)
Intel® Wireless Display (Version: 1.2.20.0)
iTunes (Version: 10.6.1.7)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
JMicron Flash Media Controller Driver (Version: 1.0.44.1)
Jobulator (Version: 3.04)
Junk Mail filter update (Version: 15.4.3502.0922)
Label@Once 1.0 (Version: 1.0)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 7.0.1 (x86 en-US) (Version: 7.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
QuickTime (Version: 7.71.80.42)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.20.503.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6069)
Rosetta Stone Ltd Services (Version: 3.2.18)
Synaptics Pointing Device Driver (Version: 15.0.8.1)
TeacherWorks
Toshiba App Place (Version: 1.0.6.3)
TOSHIBA Application Installer (Version: 9.0.1.1)
TOSHIBA Assist (Version: 3.00.11)
Toshiba Book Place (Version: 2.0.5271)
TOSHIBA Bulletin Board (Version: 1.6.08.64)
TOSHIBA Disc Creator (Version: 2.1.0.2 for x64)
TOSHIBA DVD PLAYER (Version: 3.01.2.12-A)
TOSHIBA eco Utility (Version: 1.2.18.64)
TOSHIBA Face Recognition (Version: 3.1.3.64)
TOSHIBA Flash Cards Support Utility (Version: 1.63.0.6C)
TOSHIBA Hardware Setup (Version: 1.63.0.26C)
TOSHIBA HDD Protection (Version: 2.2.0.4)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6)
TOSHIBA Media Controller (Version: 1.0.80.8.64)
TOSHIBA Media Controller Plug-in (Version: 1.0.5.11)
TOSHIBA PC Health Monitor (Version: 1.7.1.64)
TOSHIBA Quality Application (Version: 1.0.3)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 for x64)
TOSHIBA ReelTime (Version: 1.7.16.64)
TOSHIBA Service Station (Version: 2.2.9)
TOSHIBA Sleep Utility (Version: 1.4.1.2)
TOSHIBA Supervisor Password (Version: 1.63.0.9C)
TOSHIBA Value Added Package (Version: 1.3.19.64)
TOSHIBA Web Camera Application (Version: 1.1.1.16)
ToshibaRegistration (Version: 1.0.4)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Utility Common Driver (Version: 1.0.52.1C)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

========================= Devices: ================================


**** End of log ****

malwarebytes results from yesterday
---------------------------------------
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.16.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mary 2 :: MARY2-PC [administrator]

5/15/2012 10:26:56 PM
mbam-log-2012-05-15 (22-26-56).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 138068
Time elapsed: 35 minute(s), 39 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Mary 2\AppData\Local\Temp\0.1418270908543937 (Trojan.Happili) -> Quarantined and deleted successfully.

(end)

AND here is the log from today's scan.................
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.16.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mary 2 :: MARY2-PC [administrator]

5/16/2012 10:53:50 AM
mbam-log-2012-05-16 (10-53-50).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 402954
Time elapsed: 1 hour(s), 3 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

MBR
----------------------

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-16 14:27:08
-----------------------------
14:27:08.919 OS Version: Windows x64 6.1.7601 Service Pack 1
14:27:08.919 Number of processors: 4 586 0x2505
14:27:08.920 ComputerName: MARY2-PC UserName: Mary 2
14:27:10.675 Initialize success
14:43:15.588 AVAST engine defs: 12051600
14:46:11.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:46:11.333 Disk 0 Vendor: TOSHIBA_ GH10 Size: 610480MB BusType: 3
14:46:11.352 Disk 0 MBR read successfully
14:46:11.356 Disk 0 MBR scan
14:46:11.366 Disk 0 Windows VISTA default MBR code
14:46:11.383 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
14:46:11.445 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 596659 MB offset 3074048
14:46:11.500 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 12320 MB offset 1225031680
14:46:11.579 Disk 0 scanning C:\windows\system32\drivers
14:46:25.434 Service scanning
14:47:17.318 Modules scanning
14:47:17.336 Disk 0 trace - called modules:
14:47:17.391 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys iaStor.sys hal.dll
14:47:17.731 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80069fb060]
14:47:17.742 3 CLASSPNP.SYS[fffff880017aa43f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa80069fa060]
14:47:17.752 5 thpdrv.sys[fffff88001bd8cc0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049c8050]
14:47:19.547 AVAST engine scan C:\windows
14:47:23.304 AVAST engine scan C:\windows\system32
14:52:01.185 AVAST engine scan C:\windows\system32\drivers
14:52:30.454 AVAST engine scan C:\Users\Mary 2
14:52:53.134 File: C:\Users\Mary 2\AppData\Local\CrashDumps\Apps\xliptjd.dll **INFECTED** Win32:Tracur-HZ [Trj]
14:54:14.159 Disk 0 MBR has been saved successfully to "C:\Users\Mary 2\Desktop\MBR.dat"
14:54:14.165 The log file has been saved successfully to "C:\Users\Mary 2\Desktop\aswMBR.txt"






*********************************I did not click on FIX MBR, I only clicked on Save log.
Thanks!

Edited by hamluis, 16 May 2012 - 06:32 PM.
PM sent new OP - Hamluis.


BC AdBot (Login to Remove)

 


#2 ufuentes84

ufuentes84
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 16 May 2012 - 03:03 PM

Sorry, I thought the MBR scan was finished but it wasn't....it just showed smething else infected...i'll post it again when im sure its done.

#3 ufuentes84

ufuentes84
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 16 May 2012 - 03:09 PM

Here's the MBR file that shows two infections.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-16 14:27:08
-----------------------------
14:27:08.919 OS Version: Windows x64 6.1.7601 Service Pack 1
14:27:08.919 Number of processors: 4 586 0x2505
14:27:08.920 ComputerName: MARY2-PC UserName: Mary 2
14:27:10.675 Initialize success
14:43:15.588 AVAST engine defs: 12051600
14:46:11.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:46:11.333 Disk 0 Vendor: TOSHIBA_ GH10 Size: 610480MB BusType: 3
14:46:11.352 Disk 0 MBR read successfully
14:46:11.356 Disk 0 MBR scan
14:46:11.366 Disk 0 Windows VISTA default MBR code
14:46:11.383 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
14:46:11.445 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 596659 MB offset 3074048
14:46:11.500 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 12320 MB offset 1225031680
14:46:11.579 Disk 0 scanning C:\windows\system32\drivers
14:46:25.434 Service scanning
14:47:17.318 Modules scanning
14:47:17.336 Disk 0 trace - called modules:
14:47:17.391 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys iaStor.sys hal.dll
14:47:17.731 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80069fb060]
14:47:17.742 3 CLASSPNP.SYS[fffff880017aa43f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa80069fa060]
14:47:17.752 5 thpdrv.sys[fffff88001bd8cc0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049c8050]
14:47:19.547 AVAST engine scan C:\windows
14:47:23.304 AVAST engine scan C:\windows\system32
14:52:01.185 AVAST engine scan C:\windows\system32\drivers
14:52:30.454 AVAST engine scan C:\Users\Mary 2
14:52:53.134 File: C:\Users\Mary 2\AppData\Local\CrashDumps\Apps\xliptjd.dll **INFECTED** Win32:Tracur-HZ [Trj]
14:54:14.159 Disk 0 MBR has been saved successfully to "C:\Users\Mary 2\Desktop\MBR.dat"
14:54:14.165 The log file has been saved successfully to "C:\Users\Mary 2\Desktop\aswMBR.txt"
15:01:06.157 File: C:\Users\Mary 2\AppData\Local\Temp\nsi56E0.tmp\xliptjd.dll **INFECTED** Win32:Tracur-HZ [Trj]
15:08:25.019 Disk 0 MBR has been saved successfully to "C:\Users\Mary 2\Desktop\MBR.dat"
15:08:25.021 The log file has been saved successfully to "C:\Users\Mary 2\Desktop\aswMBR.txt"

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:04 PM

Posted 16 May 2012 - 07:38 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Re run aswmbr and post after finishing these scans

good luck

#5 ufuentes84

ufuentes84
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 16 May 2012 - 10:00 PM

20:09:58.0590 2780 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
20:09:59.0032 2780 ============================================================
20:09:59.0032 2780 Current date / time: 2012/05/16 20:09:59.0032
20:09:59.0032 2780 SystemInfo:
20:09:59.0032 2780
20:09:59.0032 2780 OS Version: 6.1.7601 ServicePack: 1.0
20:09:59.0032 2780 Product type: Workstation
20:09:59.0033 2780 ComputerName: MARY2-PC
20:09:59.0033 2780 UserName: Mary 2
20:09:59.0033 2780 Windows directory: C:\windows
20:09:59.0033 2780 System windows directory: C:\windows
20:09:59.0033 2780 Running under WOW64
20:09:59.0033 2780 Processor architecture: Intel x64
20:09:59.0033 2780 Number of processors: 4
20:09:59.0033 2780 Page size: 0x1000
20:09:59.0033 2780 Boot type: Normal boot
20:09:59.0033 2780 ============================================================
20:09:59.0435 2780 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:09:59.0447 2780 ============================================================
20:09:59.0447 2780 \Device\Harddisk0\DR0:
20:09:59.0447 2780 MBR partitions:
20:09:59.0447 2780 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x48D59800
20:09:59.0447 2780 ============================================================
20:09:59.0469 2780 C: <-> \Device\Harddisk0\DR0\Partition0
20:09:59.0469 2780 ============================================================
20:09:59.0469 2780 Initialize success
20:09:59.0469 2780 ============================================================
20:10:03.0017 5080 ============================================================
20:10:03.0017 5080 Scan started
20:10:03.0017 5080 Mode: Manual;
20:10:03.0017 5080 ============================================================
20:10:03.0417 5080 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
20:10:03.0422 5080 1394ohci - ok
20:10:03.0478 5080 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
20:10:03.0483 5080 ACPI - ok
20:10:03.0518 5080 acpials (12c5274cd87449a2a37a607cdb321922) C:\windows\system32\DRIVERS\acpials.sys
20:10:03.0520 5080 acpials - ok
20:10:03.0560 5080 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
20:10:03.0561 5080 AcpiPmi - ok
20:10:03.0688 5080 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:10:03.0692 5080 AdobeFlashPlayerUpdateSvc - ok
20:10:03.0764 5080 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
20:10:03.0772 5080 adp94xx - ok
20:10:03.0813 5080 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
20:10:03.0819 5080 adpahci - ok
20:10:03.0854 5080 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
20:10:03.0858 5080 adpu320 - ok
20:10:03.0884 5080 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
20:10:03.0886 5080 AeLookupSvc - ok
20:10:03.0949 5080 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
20:10:03.0957 5080 AFD - ok
20:10:03.0996 5080 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
20:10:03.0998 5080 agp440 - ok
20:10:04.0040 5080 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
20:10:04.0042 5080 ALG - ok
20:10:04.0081 5080 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
20:10:04.0082 5080 aliide - ok
20:10:04.0099 5080 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
20:10:04.0100 5080 amdide - ok
20:10:04.0139 5080 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
20:10:04.0141 5080 AmdK8 - ok
20:10:04.0162 5080 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
20:10:04.0164 5080 AmdPPM - ok
20:10:04.0211 5080 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
20:10:04.0213 5080 amdsata - ok
20:10:04.0257 5080 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
20:10:04.0261 5080 amdsbs - ok
20:10:04.0283 5080 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
20:10:04.0284 5080 amdxata - ok
20:10:04.0330 5080 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
20:10:04.0332 5080 AppID - ok
20:10:04.0352 5080 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
20:10:04.0353 5080 AppIDSvc - ok
20:10:04.0392 5080 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
20:10:04.0393 5080 Appinfo - ok
20:10:04.0514 5080 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:10:04.0515 5080 Apple Mobile Device - ok
20:10:04.0561 5080 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
20:10:04.0564 5080 arc - ok
20:10:04.0586 5080 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
20:10:04.0589 5080 arcsas - ok
20:10:04.0630 5080 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
20:10:04.0632 5080 AsyncMac - ok
20:10:04.0671 5080 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
20:10:04.0671 5080 atapi - ok
20:10:04.0803 5080 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
20:10:04.0820 5080 AudioEndpointBuilder - ok
20:10:04.0830 5080 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
20:10:04.0833 5080 AudioSrv - ok
20:10:04.0882 5080 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
20:10:04.0883 5080 AxInstSV - ok
20:10:04.0958 5080 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
20:10:04.0965 5080 b06bdrv - ok
20:10:05.0008 5080 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
20:10:05.0012 5080 b57nd60a - ok
20:10:05.0148 5080 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
20:10:05.0152 5080 BBSvc - ok
20:10:05.0222 5080 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
20:10:05.0226 5080 BBUpdate - ok
20:10:05.0264 5080 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
20:10:05.0266 5080 BDESVC - ok
20:10:05.0306 5080 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
20:10:05.0307 5080 Beep - ok
20:10:05.0394 5080 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
20:10:05.0405 5080 BFE - ok
20:10:05.0471 5080 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
20:10:05.0487 5080 BITS - ok
20:10:05.0548 5080 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
20:10:05.0550 5080 blbdrive - ok
20:10:05.0636 5080 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:10:05.0643 5080 Bonjour Service - ok
20:10:05.0689 5080 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
20:10:05.0691 5080 bowser - ok
20:10:05.0724 5080 bpenum (f46dd257fad7d2d097ef32e72220a06c) C:\windows\system32\DRIVERS\bpenum.sys
20:10:05.0726 5080 bpenum - ok
20:10:05.0768 5080 bpmp (e82060aed0f28ed8909f2b07fa276185) C:\windows\system32\DRIVERS\bpmp.sys
20:10:05.0771 5080 bpmp - ok
20:10:05.0803 5080 bpusb (fc6313a5a45c1ae53d0491f0057d5a4d) C:\windows\system32\Drivers\bpusb.sys
20:10:05.0805 5080 bpusb - ok
20:10:05.0849 5080 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
20:10:05.0851 5080 BrFiltLo - ok
20:10:05.0872 5080 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
20:10:05.0873 5080 BrFiltUp - ok
20:10:05.0928 5080 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
20:10:05.0931 5080 Browser - ok
20:10:05.0969 5080 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
20:10:05.0974 5080 Brserid - ok
20:10:06.0002 5080 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
20:10:06.0004 5080 BrSerWdm - ok
20:10:06.0013 5080 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
20:10:06.0014 5080 BrUsbMdm - ok
20:10:06.0043 5080 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
20:10:06.0044 5080 BrUsbSer - ok
20:10:06.0074 5080 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
20:10:06.0076 5080 BTHMODEM - ok
20:10:06.0115 5080 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
20:10:06.0118 5080 bthserv - ok
20:10:06.0155 5080 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
20:10:06.0157 5080 cdfs - ok
20:10:06.0202 5080 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
20:10:06.0205 5080 cdrom - ok
20:10:06.0249 5080 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
20:10:06.0251 5080 CertPropSvc - ok
20:10:06.0300 5080 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
20:10:06.0302 5080 circlass - ok
20:10:06.0354 5080 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
20:10:06.0360 5080 CLFS - ok
20:10:06.0422 5080 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:10:06.0425 5080 clr_optimization_v2.0.50727_32 - ok
20:10:06.0457 5080 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:10:06.0460 5080 clr_optimization_v2.0.50727_64 - ok
20:10:06.0526 5080 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:10:06.0529 5080 clr_optimization_v4.0.30319_32 - ok
20:10:06.0558 5080 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:10:06.0561 5080 clr_optimization_v4.0.30319_64 - ok
20:10:06.0592 5080 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
20:10:06.0594 5080 CmBatt - ok
20:10:06.0635 5080 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
20:10:06.0637 5080 cmdide - ok
20:10:06.0694 5080 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
20:10:06.0700 5080 CNG - ok
20:10:06.0758 5080 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
20:10:06.0759 5080 Compbatt - ok
20:10:06.0782 5080 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
20:10:06.0785 5080 CompositeBus - ok
20:10:06.0802 5080 COMSysApp - ok
20:10:06.0817 5080 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
20:10:06.0818 5080 crcdisk - ok
20:10:06.0868 5080 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
20:10:06.0870 5080 CryptSvc - ok
20:10:06.0940 5080 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
20:10:06.0946 5080 DcomLaunch - ok
20:10:06.0988 5080 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
20:10:06.0993 5080 defragsvc - ok
20:10:07.0042 5080 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
20:10:07.0044 5080 DfsC - ok
20:10:07.0093 5080 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
20:10:07.0098 5080 Dhcp - ok
20:10:07.0128 5080 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
20:10:07.0128 5080 discache - ok
20:10:07.0167 5080 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
20:10:07.0169 5080 Disk - ok
20:10:07.0248 5080 DMAgent (c4aebbeb530706b45b7916161a1f525d) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
20:10:07.0252 5080 DMAgent - ok
20:10:07.0290 5080 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
20:10:07.0293 5080 Dnscache - ok
20:10:07.0359 5080 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
20:10:07.0363 5080 dot3svc - ok
20:10:07.0397 5080 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
20:10:07.0399 5080 DPS - ok
20:10:07.0432 5080 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
20:10:07.0433 5080 drmkaud - ok
20:10:07.0500 5080 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
20:10:07.0510 5080 DXGKrnl - ok
20:10:07.0555 5080 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
20:10:07.0557 5080 EapHost - ok
20:10:07.0767 5080 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
20:10:07.0841 5080 ebdrv - ok
20:10:07.0937 5080 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
20:10:07.0939 5080 EFS - ok
20:10:08.0023 5080 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
20:10:08.0032 5080 ehRecvr - ok
20:10:08.0062 5080 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
20:10:08.0064 5080 ehSched - ok
20:10:08.0154 5080 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
20:10:08.0164 5080 elxstor - ok
20:10:08.0196 5080 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
20:10:08.0198 5080 ErrDev - ok
20:10:08.0248 5080 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
20:10:08.0253 5080 EventSystem - ok
20:10:08.0402 5080 EvtEng (bdfcb7e8c108d042b213957d2b044e7e) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
20:10:08.0423 5080 EvtEng - ok
20:10:08.0528 5080 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
20:10:08.0532 5080 exfat - ok
20:10:08.0555 5080 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
20:10:08.0559 5080 fastfat - ok
20:10:08.0629 5080 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
20:10:08.0650 5080 Fax - ok
20:10:08.0691 5080 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
20:10:08.0692 5080 fdc - ok
20:10:08.0721 5080 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
20:10:08.0722 5080 fdPHost - ok
20:10:08.0735 5080 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
20:10:08.0736 5080 FDResPub - ok
20:10:08.0756 5080 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
20:10:08.0758 5080 FileInfo - ok
20:10:08.0804 5080 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
20:10:08.0805 5080 Filetrace - ok
20:10:08.0840 5080 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
20:10:08.0842 5080 flpydisk - ok
20:10:08.0912 5080 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
20:10:08.0916 5080 FltMgr - ok
20:10:09.0002 5080 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
20:10:09.0020 5080 FontCache - ok
20:10:09.0096 5080 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:10:09.0098 5080 FontCache3.0.0.0 - ok
20:10:09.0153 5080 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
20:10:09.0155 5080 FsDepends - ok
20:10:09.0177 5080 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
20:10:09.0179 5080 Fs_Rec - ok
20:10:09.0226 5080 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
20:10:09.0229 5080 fvevol - ok
20:10:09.0260 5080 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
20:10:09.0262 5080 gagp30kx - ok
20:10:09.0294 5080 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
20:10:09.0295 5080 GEARAspiWDM - ok
20:10:09.0361 5080 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
20:10:09.0371 5080 gpsvc - ok
20:10:09.0443 5080 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:10:09.0446 5080 gupdate - ok
20:10:09.0475 5080 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:10:09.0476 5080 gupdatem - ok
20:10:09.0537 5080 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:10:09.0540 5080 gusvc - ok
20:10:09.0587 5080 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
20:10:09.0588 5080 hcw85cir - ok
20:10:09.0665 5080 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
20:10:09.0670 5080 HdAudAddService - ok
20:10:09.0715 5080 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
20:10:09.0717 5080 HDAudBus - ok
20:10:09.0750 5080 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
20:10:09.0752 5080 HECIx64 - ok
20:10:09.0791 5080 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
20:10:09.0792 5080 HidBatt - ok
20:10:09.0822 5080 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
20:10:09.0824 5080 HidBth - ok
20:10:09.0849 5080 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
20:10:09.0851 5080 HidIr - ok
20:10:09.0880 5080 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
20:10:09.0881 5080 hidserv - ok
20:10:09.0928 5080 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
20:10:09.0929 5080 HidUsb - ok
20:10:09.0980 5080 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
20:10:09.0984 5080 hkmsvc - ok
20:10:10.0034 5080 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
20:10:10.0039 5080 HomeGroupListener - ok
20:10:10.0082 5080 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
20:10:10.0087 5080 HomeGroupProvider - ok
20:10:10.0128 5080 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
20:10:10.0130 5080 HpSAMD - ok
20:10:10.0202 5080 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
20:10:10.0214 5080 HTTP - ok
20:10:10.0247 5080 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
20:10:10.0248 5080 hwpolicy - ok
20:10:10.0296 5080 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
20:10:10.0298 5080 i8042prt - ok
20:10:10.0361 5080 iaStor (85977cd13fc16069ce0af7943a811775) C:\windows\system32\DRIVERS\iaStor.sys
20:10:10.0367 5080 iaStor - ok
20:10:10.0441 5080 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
20:10:10.0448 5080 iaStorV - ok
20:10:10.0557 5080 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:10:10.0570 5080 idsvc - ok
20:10:11.0107 5080 igfx (1be8d9ca4f2363b8e8015621878e0043) C:\windows\system32\DRIVERS\igdkmd64.sys
20:10:11.0318 5080 igfx - ok
20:10:11.0423 5080 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
20:10:11.0425 5080 iirsp - ok
20:10:11.0505 5080 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
20:10:11.0521 5080 IKEEXT - ok
20:10:11.0561 5080 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
20:10:11.0564 5080 Impcd - ok
20:10:11.0743 5080 IntcAzAudAddService (490947a9aff7ca31ef2e08f5776105eb) C:\windows\system32\drivers\RTKVHD64.sys
20:10:11.0777 5080 IntcAzAudAddService - ok
20:10:11.0909 5080 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\windows\system32\DRIVERS\IntcDAud.sys
20:10:11.0914 5080 IntcDAud - ok
20:10:11.0947 5080 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
20:10:11.0949 5080 intelide - ok
20:10:11.0988 5080 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
20:10:11.0989 5080 intelppm - ok
20:10:12.0011 5080 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
20:10:12.0014 5080 IPBusEnum - ok
20:10:12.0047 5080 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
20:10:12.0049 5080 IpFilterDriver - ok
20:10:12.0102 5080 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
20:10:12.0110 5080 iphlpsvc - ok
20:10:12.0142 5080 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
20:10:12.0144 5080 IPMIDRV - ok
20:10:12.0176 5080 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
20:10:12.0178 5080 IPNAT - ok
20:10:12.0321 5080 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
20:10:12.0334 5080 iPod Service - ok
20:10:12.0374 5080 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
20:10:12.0376 5080 IRENUM - ok
20:10:12.0408 5080 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
20:10:12.0410 5080 isapnp - ok
20:10:12.0464 5080 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
20:10:12.0468 5080 iScsiPrt - ok
20:10:12.0532 5080 JMCR (19496fe93696c929392f1595ed1f8bb3) C:\windows\system32\DRIVERS\jmcr.sys
20:10:12.0535 5080 JMCR - ok
20:10:12.0589 5080 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
20:10:12.0591 5080 kbdclass - ok
20:10:12.0631 5080 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
20:10:12.0633 5080 kbdhid - ok
20:10:12.0670 5080 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:10:12.0672 5080 KeyIso - ok
20:10:12.0684 5080 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
20:10:12.0686 5080 KSecDD - ok
20:10:12.0705 5080 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
20:10:12.0708 5080 KSecPkg - ok
20:10:12.0736 5080 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
20:10:12.0737 5080 ksthunk - ok
20:10:12.0786 5080 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
20:10:12.0793 5080 KtmRm - ok
20:10:12.0856 5080 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
20:10:12.0862 5080 LanmanServer - ok
20:10:12.0895 5080 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
20:10:12.0900 5080 LanmanWorkstation - ok
20:10:12.0934 5080 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
20:10:12.0935 5080 lltdio - ok
20:10:12.0973 5080 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
20:10:12.0979 5080 lltdsvc - ok
20:10:13.0002 5080 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
20:10:13.0004 5080 lmhosts - ok
20:10:13.0087 5080 LMS (23de5b62b0445a6f874be633c95b483e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
20:10:13.0090 5080 LMS - ok
20:10:13.0132 5080 LPCFilter (41e122f6d1448c94cc05196bc41d6bfb) C:\windows\system32\DRIVERS\LPCFilter.sys
20:10:13.0133 5080 LPCFilter - ok
20:10:13.0185 5080 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
20:10:13.0188 5080 LSI_FC - ok
20:10:13.0207 5080 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
20:10:13.0210 5080 LSI_SAS - ok
20:10:13.0254 5080 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
20:10:13.0256 5080 LSI_SAS2 - ok
20:10:13.0278 5080 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
20:10:13.0280 5080 LSI_SCSI - ok
20:10:13.0308 5080 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
20:10:13.0310 5080 luafv - ok
20:10:13.0345 5080 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
20:10:13.0348 5080 Mcx2Svc - ok
20:10:13.0378 5080 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
20:10:13.0380 5080 megasas - ok
20:10:13.0415 5080 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
20:10:13.0420 5080 MegaSR - ok
20:10:13.0453 5080 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
20:10:13.0456 5080 MMCSS - ok
20:10:13.0483 5080 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
20:10:13.0485 5080 Modem - ok
20:10:13.0514 5080 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
20:10:13.0514 5080 monitor - ok
20:10:13.0567 5080 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
20:10:13.0569 5080 mouclass - ok
20:10:13.0611 5080 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
20:10:13.0612 5080 mouhid - ok
20:10:13.0642 5080 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
20:10:13.0644 5080 mountmgr - ok
20:10:13.0703 5080 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\windows\system32\DRIVERS\MpFilter.sys
20:10:13.0706 5080 MpFilter - ok
20:10:13.0745 5080 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
20:10:13.0748 5080 mpio - ok
20:10:13.0780 5080 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
20:10:13.0782 5080 mpsdrv - ok
20:10:13.0857 5080 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
20:10:13.0868 5080 MpsSvc - ok
20:10:13.0906 5080 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
20:10:13.0909 5080 MRxDAV - ok
20:10:13.0944 5080 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
20:10:13.0946 5080 mrxsmb - ok
20:10:13.0995 5080 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
20:10:13.0999 5080 mrxsmb10 - ok
20:10:14.0038 5080 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
20:10:14.0041 5080 mrxsmb20 - ok
20:10:14.0077 5080 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
20:10:14.0078 5080 msahci - ok
20:10:14.0113 5080 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
20:10:14.0116 5080 msdsm - ok
20:10:14.0148 5080 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
20:10:14.0153 5080 MSDTC - ok
20:10:14.0190 5080 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
20:10:14.0191 5080 Msfs - ok
20:10:14.0219 5080 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
20:10:14.0221 5080 mshidkmdf - ok
20:10:14.0238 5080 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
20:10:14.0239 5080 msisadrv - ok
20:10:14.0279 5080 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
20:10:14.0283 5080 MSiSCSI - ok
20:10:14.0286 5080 msiserver - ok
20:10:14.0316 5080 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
20:10:14.0318 5080 MSKSSRV - ok
20:10:14.0412 5080 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:10:14.0412 5080 MsMpSvc - ok
20:10:14.0452 5080 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
20:10:14.0453 5080 MSPCLOCK - ok
20:10:14.0468 5080 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
20:10:14.0469 5080 MSPQM - ok
20:10:14.0510 5080 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
20:10:14.0514 5080 MsRPC - ok
20:10:14.0558 5080 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
20:10:14.0558 5080 mssmbios - ok
20:10:14.0592 5080 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
20:10:14.0593 5080 MSTEE - ok
20:10:14.0603 5080 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
20:10:14.0604 5080 MTConfig - ok
20:10:14.0629 5080 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
20:10:14.0630 5080 Mup - ok
20:10:14.0723 5080 MyWiFiDHCPDNS (93cd1c4ecb8658a35e5e6eba02d43e4f) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
20:10:14.0728 5080 MyWiFiDHCPDNS - ok
20:10:14.0790 5080 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
20:10:14.0799 5080 napagent - ok
20:10:14.0861 5080 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
20:10:14.0867 5080 NativeWifiP - ok
20:10:14.0966 5080 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
20:10:14.0981 5080 NDIS - ok
20:10:15.0022 5080 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
20:10:15.0023 5080 NdisCap - ok
20:10:15.0051 5080 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
20:10:15.0052 5080 NdisTapi - ok
20:10:15.0102 5080 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
20:10:15.0104 5080 Ndisuio - ok
20:10:15.0140 5080 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
20:10:15.0143 5080 NdisWan - ok
20:10:15.0159 5080 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
20:10:15.0161 5080 NDProxy - ok
20:10:15.0203 5080 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
20:10:15.0203 5080 NetBIOS - ok
20:10:15.0254 5080 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
20:10:15.0257 5080 NetBT - ok
20:10:15.0283 5080 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:10:15.0284 5080 Netlogon - ok
20:10:15.0337 5080 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
20:10:15.0343 5080 Netman - ok
20:10:15.0385 5080 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
20:10:15.0393 5080 netprofm - ok
20:10:15.0456 5080 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:10:15.0459 5080 NetTcpPortSharing - ok
20:10:15.0909 5080 NETwNs64 (eb43840babf5589e33186d094de7381d) C:\windows\system32\DRIVERS\NETwNs64.sys
20:10:16.0075 5080 NETwNs64 - ok
20:10:16.0183 5080 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
20:10:16.0185 5080 nfrd960 - ok
20:10:16.0229 5080 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\windows\system32\DRIVERS\NisDrvWFP.sys
20:10:16.0232 5080 NisDrv - ok
20:10:16.0319 5080 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
20:10:16.0323 5080 NisSrv - ok
20:10:16.0377 5080 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
20:10:16.0383 5080 NlaSvc - ok
20:10:16.0412 5080 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
20:10:16.0413 5080 Npfs - ok
20:10:16.0447 5080 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
20:10:16.0449 5080 nsi - ok
20:10:16.0466 5080 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
20:10:16.0467 5080 nsiproxy - ok
20:10:16.0590 5080 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
20:10:16.0617 5080 Ntfs - ok
20:10:16.0737 5080 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
20:10:16.0739 5080 Null - ok
20:10:16.0781 5080 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
20:10:16.0784 5080 nvraid - ok
20:10:16.0811 5080 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
20:10:16.0815 5080 nvstor - ok
20:10:16.0863 5080 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
20:10:16.0866 5080 nv_agp - ok
20:10:17.0007 5080 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:10:17.0012 5080 odserv - ok
20:10:17.0043 5080 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
20:10:17.0046 5080 ohci1394 - ok
20:10:17.0109 5080 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:10:17.0112 5080 ose - ok
20:10:17.0149 5080 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
20:10:17.0154 5080 p2pimsvc - ok
20:10:17.0201 5080 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
20:10:17.0209 5080 p2psvc - ok
20:10:17.0245 5080 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
20:10:17.0247 5080 Parport - ok
20:10:17.0279 5080 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
20:10:17.0280 5080 partmgr - ok
20:10:17.0314 5080 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
20:10:17.0317 5080 PcaSvc - ok
20:10:17.0365 5080 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
20:10:17.0367 5080 pci - ok
20:10:17.0378 5080 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
20:10:17.0379 5080 pciide - ok
20:10:17.0417 5080 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
20:10:17.0420 5080 pcmcia - ok
20:10:17.0438 5080 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
20:10:17.0439 5080 pcw - ok
20:10:17.0488 5080 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
20:10:17.0497 5080 PEAUTH - ok
20:10:17.0567 5080 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
20:10:17.0569 5080 PerfHost - ok
20:10:17.0623 5080 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
20:10:17.0625 5080 PGEffect - ok
20:10:17.0755 5080 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
20:10:17.0780 5080 pla - ok
20:10:17.0843 5080 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
20:10:17.0852 5080 PlugPlay - ok
20:10:17.0880 5080 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
20:10:17.0883 5080 PNRPAutoReg - ok
20:10:17.0917 5080 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
20:10:17.0923 5080 PNRPsvc - ok
20:10:17.0976 5080 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
20:10:17.0984 5080 PolicyAgent - ok
20:10:18.0028 5080 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
20:10:18.0032 5080 Power - ok
20:10:18.0103 5080 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
20:10:18.0105 5080 PptpMiniport - ok
20:10:18.0135 5080 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
20:10:18.0137 5080 Processor - ok
20:10:18.0162 5080 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
20:10:18.0167 5080 ProfSvc - ok
20:10:18.0205 5080 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:10:18.0207 5080 ProtectedStorage - ok
20:10:18.0258 5080 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
20:10:18.0260 5080 Psched - ok
20:10:18.0355 5080 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
20:10:18.0380 5080 ql2300 - ok
20:10:18.0490 5080 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
20:10:18.0493 5080 ql40xx - ok
20:10:18.0546 5080 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
20:10:18.0550 5080 QWAVE - ok
20:10:18.0564 5080 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
20:10:18.0565 5080 QWAVEdrv - ok
20:10:18.0587 5080 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
20:10:18.0589 5080 RasAcd - ok
20:10:18.0623 5080 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
20:10:18.0625 5080 RasAgileVpn - ok
20:10:18.0666 5080 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
20:10:18.0669 5080 RasAuto - ok
20:10:18.0735 5080 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
20:10:18.0737 5080 Rasl2tp - ok
20:10:18.0792 5080 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
20:10:18.0799 5080 RasMan - ok
20:10:18.0859 5080 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
20:10:18.0861 5080 RasPppoe - ok
20:10:18.0877 5080 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
20:10:18.0879 5080 RasSstp - ok
20:10:18.0931 5080 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
20:10:18.0935 5080 rdbss - ok
20:10:18.0965 5080 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
20:10:18.0967 5080 rdpbus - ok
20:10:18.0977 5080 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
20:10:18.0978 5080 RDPCDD - ok
20:10:19.0011 5080 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
20:10:19.0012 5080 RDPENCDD - ok
20:10:19.0023 5080 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
20:10:19.0024 5080 RDPREFMP - ok
20:10:19.0068 5080 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
20:10:19.0071 5080 RDPWD - ok
20:10:19.0130 5080 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
20:10:19.0133 5080 rdyboost - ok
20:10:19.0252 5080 RegSrvc (a6baea839cc888d4961ab5fe16bb8c4a) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
20:10:19.0265 5080 RegSrvc - ok
20:10:19.0303 5080 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
20:10:19.0306 5080 RemoteAccess - ok
20:10:19.0326 5080 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
20:10:19.0330 5080 RemoteRegistry - ok
20:10:19.0505 5080 RosettaStoneDaemon (e7062dbd907e0c5ceeb5abdaf07e6b32) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
20:10:19.0527 5080 RosettaStoneDaemon - ok
20:10:19.0635 5080 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
20:10:19.0638 5080 RpcEptMapper - ok
20:10:19.0665 5080 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
20:10:19.0667 5080 RpcLocator - ok
20:10:19.0790 5080 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
20:10:19.0800 5080 RpcSs - ok
20:10:19.0872 5080 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
20:10:19.0874 5080 rspndr - ok
20:10:19.0928 5080 RTL8167 (ba3e57c89e6f63808d3f2b11e1a2ad3c) C:\windows\system32\DRIVERS\Rt64win7.sys
20:10:19.0933 5080 RTL8167 - ok
20:10:19.0972 5080 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:10:19.0974 5080 SamSs - ok
20:10:20.0009 5080 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
20:10:20.0012 5080 sbp2port - ok
20:10:20.0041 5080 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
20:10:20.0046 5080 SCardSvr - ok
20:10:20.0071 5080 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
20:10:20.0073 5080 scfilter - ok
20:10:20.0159 5080 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
20:10:20.0177 5080 Schedule - ok
20:10:20.0217 5080 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
20:10:20.0219 5080 SCPolicySvc - ok
20:10:20.0283 5080 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\drivers\sdbus.sys
20:10:20.0286 5080 sdbus - ok
20:10:20.0327 5080 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
20:10:20.0332 5080 SDRSVC - ok
20:10:20.0363 5080 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
20:10:20.0365 5080 secdrv - ok
20:10:20.0403 5080 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
20:10:20.0406 5080 seclogon - ok
20:10:20.0433 5080 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
20:10:20.0436 5080 SENS - ok
20:10:20.0460 5080 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
20:10:20.0463 5080 SensrSvc - ok
20:10:20.0495 5080 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
20:10:20.0496 5080 Serenum - ok
20:10:20.0519 5080 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
20:10:20.0522 5080 Serial - ok
20:10:20.0550 5080 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
20:10:20.0552 5080 sermouse - ok
20:10:20.0591 5080 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
20:10:20.0594 5080 SessionEnv - ok
20:10:20.0622 5080 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
20:10:20.0623 5080 sffdisk - ok
20:10:20.0646 5080 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
20:10:20.0647 5080 sffp_mmc - ok
20:10:20.0658 5080 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
20:10:20.0659 5080 sffp_sd - ok
20:10:20.0692 5080 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
20:10:20.0693 5080 sfloppy - ok
20:10:20.0739 5080 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
20:10:20.0744 5080 SharedAccess - ok
20:10:20.0794 5080 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
20:10:20.0800 5080 ShellHWDetection - ok
20:10:20.0838 5080 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
20:10:20.0839 5080 SiSRaid2 - ok
20:10:20.0854 5080 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
20:10:20.0856 5080 SiSRaid4 - ok
20:10:20.0890 5080 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
20:10:20.0892 5080 Smb - ok
20:10:20.0949 5080 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
20:10:20.0952 5080 SNMPTRAP - ok
20:10:20.0962 5080 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
20:10:20.0963 5080 spldr - ok
20:10:21.0016 5080 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
20:10:21.0024 5080 Spooler - ok
20:10:21.0232 5080 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
20:10:21.0298 5080 sppsvc - ok
20:10:21.0394 5080 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
20:10:21.0398 5080 sppuinotify - ok
20:10:21.0468 5080 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
20:10:21.0476 5080 srv - ok
20:10:21.0510 5080 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
20:10:21.0515 5080 srv2 - ok
20:10:21.0538 5080 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
20:10:21.0540 5080 srvnet - ok
20:10:21.0598 5080 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
20:10:21.0603 5080 SSDPSRV - ok
20:10:21.0617 5080 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
20:10:21.0620 5080 SstpSvc - ok
20:10:21.0650 5080 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
20:10:21.0651 5080 stexstor - ok
20:10:21.0728 5080 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
20:10:21.0738 5080 stisvc - ok
20:10:21.0764 5080 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
20:10:21.0766 5080 swenum - ok
20:10:21.0842 5080 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
20:10:21.0851 5080 swprv - ok
20:10:21.0897 5080 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
20:10:21.0902 5080 SynTP - ok
20:10:22.0032 5080 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
20:10:22.0066 5080 SysMain - ok
20:10:22.0163 5080 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
20:10:22.0168 5080 TabletInputService - ok
20:10:22.0204 5080 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
20:10:22.0213 5080 TapiSrv - ok
20:10:22.0243 5080 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
20:10:22.0246 5080 TBS - ok
20:10:22.0423 5080 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
20:10:22.0450 5080 Tcpip - ok
20:10:22.0664 5080 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
20:10:22.0680 5080 TCPIP6 - ok
20:10:22.0784 5080 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
20:10:22.0786 5080 tcpipreg - ok
20:10:22.0818 5080 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
20:10:22.0819 5080 tdcmdpst - ok
20:10:22.0850 5080 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
20:10:22.0852 5080 TDPIPE - ok
20:10:22.0884 5080 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
20:10:22.0885 5080 TDTCP - ok
20:10:22.0919 5080 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
20:10:22.0922 5080 tdx - ok
20:10:22.0955 5080 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
20:10:22.0957 5080 TermDD - ok
20:10:22.0999 5080 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
20:10:23.0011 5080 TermService - ok
20:10:23.0039 5080 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
20:10:23.0042 5080 Themes - ok
20:10:23.0072 5080 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys
20:10:23.0073 5080 Thpdrv - ok
20:10:23.0084 5080 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS
20:10:23.0085 5080 Thpevm - ok
20:10:23.0136 5080 Thpsrv (f6927bba3b09aff26a53a9191f7378f9) C:\windows\system32\ThpSrv.exe
20:10:23.0145 5080 Thpsrv - ok
20:10:23.0175 5080 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
20:10:23.0177 5080 THREADORDER - ok
20:10:23.0252 5080 TMachInfo (f120967184a27e927052e8ddbb727851) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
20:10:23.0253 5080 TMachInfo - ok
20:10:23.0290 5080 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe
20:10:23.0295 5080 TODDSrv - ok
20:10:23.0398 5080 TosCoSrv (db9719688c08f42705feb3f6a0c98b91) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
20:10:23.0405 5080 TosCoSrv - ok
20:10:23.0467 5080 TOSHIBA eco Utility Service (152da63a2843e7e63eca8ae90d853763) C:\Program Files\TOSHIBA\TECO\TecoService.exe
20:10:23.0474 5080 TOSHIBA eco Utility Service - ok
20:10:23.0532 5080 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
20:10:23.0534 5080 TOSHIBA HDD SSD Alert Service - ok
20:10:23.0609 5080 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
20:10:23.0617 5080 tos_sps64 - ok
20:10:23.0702 5080 TPCHSrv (6f9e17819bfa53cff67cb1e16669500f) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
20:10:23.0712 5080 TPCHSrv - ok
20:10:23.0806 5080 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
20:10:23.0811 5080 TrkWks - ok
20:10:23.0877 5080 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
20:10:23.0880 5080 TrustedInstaller - ok
20:10:23.0932 5080 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
20:10:23.0933 5080 tssecsrv - ok
20:10:23.0975 5080 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
20:10:23.0977 5080 TsUsbFlt - ok
20:10:24.0033 5080 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
20:10:24.0036 5080 tunnel - ok
20:10:24.0083 5080 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
20:10:24.0084 5080 TVALZ - ok
20:10:24.0125 5080 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
20:10:24.0126 5080 TVALZFL - ok
20:10:24.0162 5080 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
20:10:24.0164 5080 uagp35 - ok
20:10:24.0211 5080 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
20:10:24.0214 5080 udfs - ok
20:10:24.0244 5080 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
20:10:24.0247 5080 UI0Detect - ok
20:10:24.0287 5080 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
20:10:24.0289 5080 uliagpkx - ok
20:10:24.0345 5080 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
20:10:24.0347 5080 umbus - ok
20:10:24.0377 5080 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
20:10:24.0379 5080 UmPass - ok
20:10:24.0596 5080 UNS (cc3775100aba633984f73dfae1f55cae) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
20:10:24.0636 5080 UNS - ok
20:10:24.0746 5080 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
20:10:24.0755 5080 upnphost - ok
20:10:24.0828 5080 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\windows\system32\Drivers\usbaapl64.sys
20:10:24.0831 5080 USBAAPL64 - ok
20:10:24.0868 5080 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
20:10:24.0871 5080 usbccgp - ok
20:10:24.0918 5080 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
20:10:24.0921 5080 usbcir - ok
20:10:24.0941 5080 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
20:10:24.0943 5080 usbehci - ok
20:10:24.0991 5080 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
20:10:24.0996 5080 usbhub - ok
20:10:25.0031 5080 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
20:10:25.0032 5080 usbohci - ok
20:10:25.0068 5080 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
20:10:25.0069 5080 usbprint - ok
20:10:25.0115 5080 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
20:10:25.0116 5080 usbscan - ok
20:10:25.0157 5080 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
20:10:25.0160 5080 USBSTOR - ok
20:10:25.0176 5080 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
20:10:25.0177 5080 usbuhci - ok
20:10:25.0251 5080 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
20:10:25.0256 5080 usbvideo - ok
20:10:25.0285 5080 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
20:10:25.0289 5080 UxSms - ok
20:10:25.0327 5080 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:10:25.0329 5080 VaultSvc - ok
20:10:25.0380 5080 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
20:10:25.0382 5080 vdrvroot - ok
20:10:25.0458 5080 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
20:10:25.0470 5080 vds - ok
20:10:25.0500 5080 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
20:10:25.0502 5080 vga - ok
20:10:25.0522 5080 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
20:10:25.0523 5080 VgaSave - ok
20:10:25.0558 5080 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
20:10:25.0562 5080 vhdmp - ok
20:10:25.0575 5080 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
20:10:25.0577 5080 viaide - ok
20:10:25.0601 5080 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
20:10:25.0603 5080 volmgr - ok
20:10:25.0653 5080 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
20:10:25.0659 5080 volmgrx - ok
20:10:25.0701 5080 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
20:10:25.0705 5080 volsnap - ok
20:10:25.0756 5080 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
20:10:25.0760 5080 vsmraid - ok
20:10:25.0855 5080 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
20:10:25.0872 5080 VSS - ok
20:10:25.0973 5080 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
20:10:25.0974 5080 vwifibus - ok
20:10:25.0997 5080 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
20:10:25.0999 5080 vwififlt - ok
20:10:26.0012 5080 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
20:10:26.0013 5080 vwifimp - ok
20:10:26.0058 5080 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
20:10:26.0063 5080 W32Time - ok
20:10:26.0089 5080 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
20:10:26.0091 5080 WacomPen - ok
20:10:26.0146 5080 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
20:10:26.0149 5080 WANARP - ok
20:10:26.0155 5080 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
20:10:26.0157 5080 Wanarpv6 - ok
20:10:26.0260 5080 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
20:10:26.0277 5080 WatAdminSvc - ok
20:10:26.0390 5080 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
20:10:26.0412 5080 wbengine - ok
20:10:26.0505 5080 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
20:10:26.0512 5080 WbioSrvc - ok
20:10:26.0565 5080 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
20:10:26.0574 5080 wcncsvc - ok
20:10:26.0595 5080 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
20:10:26.0598 5080 WcsPlugInService - ok
20:10:26.0666 5080 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
20:10:26.0668 5080 Wd - ok
20:10:26.0720 5080 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
20:10:26.0731 5080 Wdf01000 - ok
20:10:26.0753 5080 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
20:10:26.0758 5080 WdiServiceHost - ok
20:10:26.0763 5080 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
20:10:26.0767 5080 WdiSystemHost - ok
20:10:26.0808 5080 wdkmd (fe31110e39a0b11abae1ba43a2dc94f9) C:\windows\system32\DRIVERS\WDKMD.sys
20:10:26.0810 5080 wdkmd - ok
20:10:26.0856 5080 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
20:10:26.0863 5080 WebClient - ok
20:10:26.0899 5080 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
20:10:26.0905 5080 Wecsvc - ok
20:10:26.0928 5080 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
20:10:26.0932 5080 wercplsupport - ok
20:10:26.0970 5080 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
20:10:26.0974 5080 WerSvc - ok
20:10:27.0005 5080 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
20:10:27.0007 5080 WfpLwf - ok
20:10:27.0109 5080 WiMAXAppSrv (f3c522691316a24328a7b58b0a86028d) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
20:10:27.0121 5080 WiMAXAppSrv - ok
20:10:27.0141 5080 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
20:10:27.0143 5080 WIMMount - ok
20:10:27.0172 5080 WinDefend - ok
20:10:27.0178 5080 WinHttpAutoProxySvc - ok
20:10:27.0252 5080 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
20:10:27.0257 5080 Winmgmt - ok
20:10:27.0402 5080 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
20:10:27.0431 5080 WinRM - ok
20:10:27.0563 5080 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
20:10:27.0565 5080 WinUsb - ok
20:10:27.0648 5080 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
20:10:27.0664 5080 Wlansvc - ok
20:10:27.0729 5080 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:10:27.0731 5080 wlcrasvc - ok
20:10:27.0940 5080 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:10:27.0968 5080 wlidsvc - ok
20:10:28.0074 5080 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
20:10:28.0076 5080 WmiAcpi - ok
20:10:28.0147 5080 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
20:10:28.0152 5080 wmiApSrv - ok
20:10:28.0203 5080 WMPNetworkSvc - ok
20:10:28.0234 5080 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
20:10:28.0237 5080 WPCSvc - ok
20:10:28.0278 5080 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
20:10:28.0283 5080 WPDBusEnum - ok
20:10:28.0317 5080 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
20:10:28.0318 5080 ws2ifsl - ok
20:10:28.0350 5080 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
20:10:28.0354 5080 wscsvc - ok
20:10:28.0361 5080 WSearch - ok
20:10:28.0527 5080 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
20:10:28.0581 5080 wuauserv - ok
20:10:28.0703 5080 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
20:10:28.0705 5080 WudfPf - ok
20:10:28.0733 5080 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
20:10:28.0737 5080 WUDFRd - ok
20:10:28.0773 5080 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
20:10:28.0780 5080 wudfsvc - ok
20:10:28.0819 5080 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
20:10:28.0826 5080 WwanSvc - ok
20:10:28.0951 5080 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
20:10:28.0961 5080 YahooAUService - ok
20:10:29.0004 5080 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
20:10:29.0244 5080 \Device\Harddisk0\DR0 - ok
20:10:29.0263 5080 Boot (0x1200) (7435fd853944c7870b9c51121f2d5bbd) \Device\Harddisk0\DR0\Partition0
20:10:29.0264 5080 \Device\Harddisk0\DR0\Partition0 - ok
20:10:29.0266 5080 ============================================================
20:10:29.0266 5080 Scan finished
20:10:29.0266 5080 ============================================================
20:10:29.0282 0568 Detected object count: 0
20:10:29.0282 0568 Actual detected object count: 0
20:11:55.0031 4520 ============================================================
20:11:55.0031 4520 Scan started
20:11:55.0031 4520 Mode: Manual; TDLFS;
20:11:55.0031 4520 ============================================================
20:11:55.0313 4520 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
20:11:55.0314 4520 1394ohci - ok
20:11:55.0358 4520 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
20:11:55.0360 4520 ACPI - ok
20:11:55.0394 4520 acpials (12c5274cd87449a2a37a607cdb321922) C:\windows\system32\DRIVERS\acpials.sys
20:11:55.0395 4520 acpials - ok
20:11:55.0426 4520 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
20:11:55.0427 4520 AcpiPmi - ok
20:11:55.0561 4520 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:11:55.0564 4520 AdobeFlashPlayerUpdateSvc - ok
20:11:55.0622 4520 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
20:11:55.0627 4520 adp94xx - ok
20:11:55.0673 4520 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
20:11:55.0677 4520 adpahci - ok
20:11:55.0708 4520 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
20:11:55.0711 4520 adpu320 - ok
20:11:55.0738 4520 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
20:11:55.0739 4520 AeLookupSvc - ok
20:11:55.0793 4520 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
20:11:55.0798 4520 AFD - ok
20:11:55.0828 4520 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
20:11:55.0828 4520 agp440 - ok
20:11:55.0848 4520 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
20:11:55.0849 4520 ALG - ok
20:11:55.0868 4520 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
20:11:55.0869 4520 aliide - ok
20:11:55.0897 4520 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
20:11:55.0898 4520 amdide - ok
20:11:55.0927 4520 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
20:11:55.0927 4520 AmdK8 - ok
20:11:55.0950 4520 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
20:11:55.0951 4520 AmdPPM - ok
20:11:55.0987 4520 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
20:11:55.0988 4520 amdsata - ok
20:11:56.0022 4520 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
20:11:56.0024 4520 amdsbs - ok
20:11:56.0048 4520 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
20:11:56.0049 4520 amdxata - ok
20:11:56.0084 4520 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
20:11:56.0085 4520 AppID - ok
20:11:56.0105 4520 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
20:11:56.0106 4520 AppIDSvc - ok
20:11:56.0135 4520 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
20:11:56.0136 4520 Appinfo - ok
20:11:56.0234 4520 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:11:56.0236 4520 Apple Mobile Device - ok
20:11:56.0260 4520 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
20:11:56.0261 4520 arc - ok
20:11:56.0284 4520 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
20:11:56.0286 4520 arcsas - ok
20:11:56.0305 4520 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
20:11:56.0306 4520 AsyncMac - ok
20:11:56.0336 4520 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
20:11:56.0337 4520 atapi - ok
20:11:56.0401 4520 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
20:11:56.0406 4520 AudioEndpointBuilder - ok
20:11:56.0415 4520 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
20:11:56.0420 4520 AudioSrv - ok
20:11:56.0460 4520 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
20:11:56.0461 4520 AxInstSV - ok
20:11:56.0509 4520 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
20:11:56.0513 4520 b06bdrv - ok
20:11:56.0539 4520 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
20:11:56.0540 4520 b57nd60a - ok
20:11:56.0654 4520 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
20:11:56.0657 4520 BBSvc - ok
20:11:56.0697 4520 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
20:11:56.0700 4520 BBUpdate - ok
20:11:56.0740 4520 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
20:11:56.0742 4520 BDESVC - ok
20:11:56.0771 4520 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
20:11:56.0771 4520 Beep - ok
20:11:56.0836 4520 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
20:11:56.0844 4520 BFE - ok
20:11:56.0901 4520 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
20:11:56.0911 4520 BITS - ok
20:11:56.0959 4520 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
20:11:56.0959 4520 blbdrive - ok
20:11:57.0032 4520 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:11:57.0036 4520 Bonjour Service - ok
20:11:57.0065 4520 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
20:11:57.0066 4520 bowser - ok
20:11:57.0089 4520 bpenum (f46dd257fad7d2d097ef32e72220a06c) C:\windows\system32\DRIVERS\bpenum.sys
20:11:57.0090 4520 bpenum - ok
20:11:57.0111 4520 bpmp (e82060aed0f28ed8909f2b07fa276185) C:\windows\system32\DRIVERS\bpmp.sys
20:11:57.0113 4520 bpmp - ok
20:11:57.0135 4520 bpusb (fc6313a5a45c1ae53d0491f0057d5a4d) C:\windows\system32\Drivers\bpusb.sys
20:11:57.0136 4520 bpusb - ok
20:11:57.0158 4520 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
20:11:57.0159 4520 BrFiltLo - ok
20:11:57.0181 4520 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
20:11:57.0182 4520 BrFiltUp - ok
20:11:57.0214 4520 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
20:11:57.0216 4520 Browser - ok
20:11:57.0245 4520 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
20:11:57.0248 4520 Brserid - ok
20:11:57.0268 4520 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
20:11:57.0269 4520 BrSerWdm - ok
20:11:57.0277 4520 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
20:11:57.0278 4520 BrUsbMdm - ok
20:11:57.0297 4520 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
20:11:57.0298 4520 BrUsbSer - ok
20:11:57.0316 4520 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
20:11:57.0317 4520 BTHMODEM - ok
20:11:57.0347 4520 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
20:11:57.0349 4520 bthserv - ok
20:11:57.0376 4520 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
20:11:57.0377 4520 cdfs - ok
20:11:57.0412 4520 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
20:11:57.0413 4520 cdrom - ok
20:11:57.0447 4520 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
20:11:57.0448 4520 CertPropSvc - ok
20:11:57.0477 4520 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
20:11:57.0478 4520 circlass - ok
20:11:57.0531 4520 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
20:11:57.0535 4520 CLFS - ok
20:11:57.0599 4520 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:11:57.0600 4520 clr_optimization_v2.0.50727_32 - ok
20:11:57.0656 4520 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:11:57.0658 4520 clr_optimization_v2.0.50727_64 - ok
20:11:57.0704 4520 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:11:57.0705 4520 clr_optimization_v4.0.30319_32 - ok
20:11:57.0734 4520 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:11:57.0735 4520 clr_optimization_v4.0.30319_64 - ok
20:11:57.0757 4520 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
20:11:57.0758 4520 CmBatt - ok
20:11:57.0778 4520 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
20:11:57.0779 4520 cmdide - ok
20:11:57.0834 4520 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
20:11:57.0838 4520 CNG - ok
20:11:57.0855 4520 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
20:11:57.0856 4520 Compbatt - ok
20:11:57.0869 4520 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
20:11:57.0870 4520 CompositeBus - ok
20:11:57.0875 4520 COMSysApp - ok
20:11:57.0892 4520 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
20:11:57.0893 4520 crcdisk - ok
20:11:57.0933 4520 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
20:11:57.0935 4520 CryptSvc - ok
20:11:57.0993 4520 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
20:11:57.0999 4520 DcomLaunch - ok
20:11:58.0040 4520 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
20:11:58.0043 4520 defragsvc - ok
20:11:58.0086 4520 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
20:11:58.0087 4520 DfsC - ok
20:11:58.0134 4520 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
20:11:58.0138 4520 Dhcp - ok
20:11:58.0159 4520 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
20:11:58.0160 4520 discache - ok
20:11:58.0177 4520 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
20:11:58.0178 4520 Disk - ok
20:11:58.0248 4520 DMAgent (c4aebbeb530706b45b7916161a1f525d) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
20:11:58.0252 4520 DMAgent - ok
20:11:58.0286 4520 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
20:11:58.0289 4520 Dnscache - ok
20:11:58.0335 4520 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
20:11:58.0338 4520 dot3svc - ok
20:11:58.0374 4520 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
20:11:58.0376 4520 DPS - ok
20:11:58.0397 4520 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
20:11:58.0398 4520 drmkaud - ok
20:11:58.0478 4520 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
20:11:58.0487 4520 DXGKrnl - ok
20:11:58.0520 4520 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
20:11:58.0523 4520 EapHost - ok
20:11:58.0729 4520 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
20:11:58.0756 4520 ebdrv - ok
20:11:58.0858 4520 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
20:11:58.0860 4520 EFS - ok
20:11:58.0946 4520 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
20:11:58.0955 4520 ehRecvr - ok
20:11:58.0993 4520 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
20:11:58.0994 4520 ehSched - ok
20:11:59.0074 4520 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
20:11:59.0078 4520 elxstor - ok
20:11:59.0106 4520 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
20:11:59.0107 4520 ErrDev - ok
20:11:59.0159 4520 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
20:11:59.0164 4520 EventSystem - ok
20:11:59.0305 4520 EvtEng (bdfcb7e8c108d042b213957d2b044e7e) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
20:11:59.0321 4520 EvtEng - ok
20:11:59.0437 4520 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
20:11:59.0440 4520 exfat - ok
20:11:59.0465 4520 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
20:11:59.0468 4520 fastfat - ok
20:11:59.0526 4520 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
20:11:59.0532 4520 Fax - ok
20:11:59.0567 4520 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
20:11:59.0568 4520 fdc - ok
20:11:59.0598 4520 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
20:11:59.0599 4520 fdPHost - ok
20:11:59.0612 4520 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
20:11:59.0613 4520 FDResPub - ok
20:11:59.0631 4520 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
20:11:59.0632 4520 FileInfo - ok
20:11:59.0657 4520 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
20:11:59.0658 4520 Filetrace - ok
20:11:59.0672 4520 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
20:11:59.0673 4520 flpydisk - ok
20:11:59.0716 4520 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
20:11:59.0718 4520 FltMgr - ok
20:11:59.0771 4520 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
20:11:59.0778 4520 FontCache - ok
20:11:59.0838 4520 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:11:59.0839 4520 FontCache3.0.0.0 - ok
20:11:59.0872 4520 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
20:11:59.0873 4520 FsDepends - ok
20:11:59.0898 4520 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
20:11:59.0898 4520 Fs_Rec - ok
20:11:59.0930 4520 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
20:11:59.0932 4520 fvevol - ok
20:11:59.0959 4520 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
20:11:59.0960 4520 gagp30kx - ok
20:11:59.0982 4520 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
20:11:59.0982 4520 GEARAspiWDM - ok
20:12:00.0054 4520 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
20:12:00.0063 4520 gpsvc - ok
20:12:00.0121 4520 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe20:12:00.0123 4520 gupdate - ok
20:12:00.0131 4520 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:12:00.0132 4520 gupdatem - ok
20:12:00.0167 4520 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:12:00.0168 4520 gusvc - ok
20:12:00.0208 4520 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
20:12:00.0209 4520 hcw85cir - ok
20:12:00.0249 4520 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
20:12:00.0252 4520 HdAudAddService - ok
20:12:00.0269 4520 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
20:12:00.0270 4520 HDAudBus - ok
20:12:00.0294 4520 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
20:12:00.0295 4520 HECIx64 - ok
20:12:00.0323 4520 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
20:12:00.0323 4520 HidBatt - ok
20:12:00.0342 4520 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
20:12:00.0344 4520 HidBth - ok
20:12:00.0360 4520 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
20:12:00.0361 4520 HidIr - ok
20:12:00.0390 4520 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
20:12:00.0391 4520 hidserv - ok
20:12:00.0428 4520 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
20:12:00.0428 4520 HidUsb - ok
20:12:00.0468 4520 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
20:12:00.0470 4520 hkmsvc - ok
20:12:00.0510 4520 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
20:12:00.0513 4520 HomeGroupListener - ok
20:12:00.0558 4520 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
20:12:00.0563 4520 HomeGroupProvider - ok
20:12:00.0594 4520 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
20:12:00.0595 4520 HpSAMD - ok
20:12:00.0670 4520 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
20:12:00.0677 4520 HTTP - ok
20:12:00.0702 4520 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
20:12:00.0702 4520 hwpolicy - ok
20:12:00.0728 4520 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
20:12:00.0729 4520 i8042prt - ok
20:12:00.0784 4520 iaStor (85977cd13fc16069ce0af7943a811775) C:\windows\system32\DRIVERS\iaStor.sys
20:12:00.0788 4520 iaStor - ok
20:12:00.0840 4520 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
20:12:00.0844 4520 iaStorV - ok
20:12:00.0956 4520 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:12:00.0965 4520 idsvc - ok
20:12:01.0525 4520 igfx (1be8d9ca4f2363b8e8015621878e0043) C:\windows\system32\DRIVERS\igdkmd64.sys
20:12:01.0576 4520 igfx - ok
20:12:01.0667 4520 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
20:12:01.0668 4520 iirsp - ok
20:12:01.0736 4520 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
20:12:01.0745 4520 IKEEXT - ok
20:12:01.0770 4520 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
20:12:01.0772 4520 Impcd - ok
20:12:01.0925 4520 IntcAzAudAddService (490947a9aff7ca31ef2e08f5776105eb) C:\windows\system32\drivers\RTKVHD64.sys
20:12:01.0940 4520 IntcAzAudAddService - ok
20:12:02.0055 4520 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\windows\system32\DRIVERS\IntcDAud.sys
20:12:02.0059 4520 IntcDAud - ok
20:12:02.0102 4520 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
20:12:02.0103 4520 intelide - ok
20:12:02.0133 4520 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
20:12:02.0134 4520 intelppm - ok
20:12:02.0176 4520 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
20:12:02.0179 4520 IPBusEnum - ok
20:12:02.0213 4520 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
20:12:02.0214 4520 IpFilterDriver - ok
20:12:02.0268 4520 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
20:12:02.0275 4520 iphlpsvc - ok
20:12:02.0307 4520 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
20:12:02.0309 4520 IPMIDRV - ok
20:12:02.0341 4520 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
20:12:02.0342 4520 IPNAT - ok
20:12:02.0441 4520 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
20:12:02.0450 4520 iPod Service - ok
20:12:02.0474 4520 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
20:12:02.0474 4520 IRENUM - ok
20:12:02.0508 4520 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
20:12:02.0509 4520 isapnp - ok
20:12:02.0552 4520 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
20:12:02.0554 4520 iScsiPrt - ok
20:12:02.0597 4520 JMCR (19496fe93696c929392f1595ed1f8bb3) C:\windows\system32\DRIVERS\jmcr.sys
20:12:02.0598 4520 JMCR - ok
20:12:02.0633 4520 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
20:12:02.0634 4520 kbdclass - ok
20:12:02.0664 4520 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
20:12:02.0665 4520 kbdhid - ok
20:12:02.0725 4520 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:12:02.0728 4520 KeyIso - ok
20:12:02.0750 4520 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
20:12:02.0751 4520 KSecDD - ok
20:12:02.0770 4520 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
20:12:02.0772 4520 KSecPkg - ok
20:12:02.0791 4520 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
20:12:02.0791 4520 ksthunk - ok
20:12:02.0839 4520 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
20:12:02.0843 4520 KtmRm - ok
20:12:02.0889 4520 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
20:12:02.0893 4520 LanmanServer - ok
20:12:02.0928 4520 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
20:12:02.0931 4520 LanmanWorkstation - ok
20:12:02.0944 4520 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
20:12:02.0946 4520 lltdio - ok
20:12:02.0983 4520 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
20:12:02.0986 4520 lltdsvc - ok
20:12:03.0001 4520 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
20:12:03.0003 4520 lmhosts - ok
20:12:03.0073 4520 LMS (23de5b62b0445a6f874be633c95b483e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
20:12:03.0076 4520 LMS - ok
20:12:03.0098 4520 LPCFilter (41e122f6d1448c94cc05196bc41d6bfb) C:\windows\system32\DRIVERS\LPCFilter.sys
20:12:03.0099 4520 LPCFilter - ok
20:12:03.0140 4520 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
20:12:03.0141 4520 LSI_FC - ok
20:12:03.0161 4520 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
20:12:03.0163 4520 LSI_SAS - ok
20:12:03.0187 4520 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
20:12:03.0188 4520 LSI_SAS2 - ok
20:12:03.0209 4520 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
20:12:03.0211 4520 LSI_SCSI - ok
20:12:03.0228 4520 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
20:12:03.0229 4520 luafv - ok
20:12:03.0267 4520 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
20:12:03.0270 4520 Mcx2Svc - ok
20:12:03.0299 4520 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
20:12:03.0300 4520 megasas - ok
20:12:03.0324 4520 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
20:12:03.0327 4520 MegaSR - ok
20:12:03.0362 4520 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
20:12:03.0363 4520 MMCSS - ok
20:12:03.0382 4520 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
20:12:03.0383 4520 Modem - ok
20:12:03.0402 4520 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
20:12:03.0402 4520 monitor - ok
20:12:03.0433 4520 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
20:12:03.0434 4520 mouclass - ok
20:12:03.0465 4520 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
20:12:03.0466 4520 mouhid - ok
20:12:03.0496 4520 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
20:12:03.0497 4520 mountmgr - ok
20:12:03.0540 4520 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\windows\system32\DRIVERS\MpFilter.sys
20:12:03.0542 4520 MpFilter - ok
20:12:03.0579 4520 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
20:12:03.0580 4520 mpio - ok
20:12:03.0614 4520 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
20:12:03.0615 4520 mpsdrv - ok
20:12:03.0690 4520 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
20:12:03.0698 4520 MpsSvc - ok
20:12:03.0738 4520 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
20:12:03.0739 4520 MRxDAV - ok
20:12:03.0777 4520 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
20:12:03.0778 4520 mrxsmb - ok
20:12:03.0828 4520 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
20:12:03.0831 4520 mrxsmb10 - ok
20:12:03.0870 4520 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
20:12:03.0872 4520 mrxsmb20 - ok
20:12:03.0910 4520 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
20:12:03.0911 4520 msahci - ok
20:12:03.0944 4520 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
20:12:03.0946 4520 msdsm - ok
20:12:03.0980 4520 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
20:12:03.0983 4520 MSDTC - ok
20:12:04.0023 4520 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
20:12:04.0023 4520 Msfs - ok
20:12:04.0041 4520 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
20:12:04.0041 4520 mshidkmdf - ok
20:12:04.0049 4520 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
20:12:04.0050 4520 msisadrv - ok
20:12:04.0091 4520 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
20:12:04.0094 4520 MSiSCSI - ok
20:12:04.0100 4520 msiserver - ok
20:12:04.0127 4520 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
20:12:04.0127 4520 MSKSSRV - ok
20:12:04.0189 4520 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:12:04.0189 4520 MsMpSvc - ok
20:12:04.0218 4520 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
20:12:04.0219 4520 MSPCLOCK - ok
20:12:04.0234 4520 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
20:12:04.0234 4520 MSPQM - ok
20:12:04.0283 4520 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
20:12:04.0287 4520 MsRPC - ok
20:12:04.0323 4520 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
20:12:04.0324 4520 mssmbios - ok
20:12:04.0346 4520 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
20:12:04.0346 4520 MSTEE - ok
20:12:04.0368 4520 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
20:12:04.0369 4520 MTConfig - ok
20:12:04.0394 4520 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
20:12:04.0395 4520 Mup - ok
20:12:04.0461 4520 MyWiFiDHCPDNS (93cd1c4ecb8658a35e5e6eba02d43e4f) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
20:12:04.0464 4520 MyWiFiDHCPDNS - ok
20:12:04.0519 4520 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
20:12:04.0527 4520 napagent - ok
20:12:04.0572 4520 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
20:12:04.0576 4520 NativeWifiP - ok
20:12:04.0682 4520 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
20:12:04.0690 4520 NDIS - ok
20:12:04.0720 4520 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
20:12:04.0721 4520 NdisCap - ok
20:12:04.0738 4520 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
20:12:04.0738 4520 NdisTapi - ok
20:12:04.0778 4520 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
20:12:04.0779 4520 Ndisuio - ok
20:12:04.0817 4520 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
20:12:04.0819 4520 NdisWan - ok
20:12:04.0835 4520 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
20:12:04.0836 4520 NDProxy - ok
20:12:04.0867 4520 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
20:12:04.0868 4520 NetBIOS - ok
20:12:04.0918 4520 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
20:12:04.0920 4520 NetBT - ok
20:12:04.0948 4520 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:12:04.0949 4520 Netlogon - ok
20:12:04.0990 4520 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
20:12:04.0994 4520 Netman - ok
20:12:05.0028 4520 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
20:12:05.0033 4520 netprofm - ok
20:12:05.0100 4520 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:12:05.0101 4520 NetTcpPortSharing - ok
20:12:05.0558 4520 NETwNs64 (eb43840babf5589e33186d094de7381d) C:\windows\system32\DRIVERS\NETwNs64.sys
20:12:05.0597 4520 NETwNs64 - ok
20:12:05.0692 4520 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
20:12:05.0693 4520 nfrd960 - ok
20:12:05.0728 4520 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\windows\system32\DRIVERS\NisDrvWFP.sys
20:12:05.0730 4520 NisDrv - ok
20:12:05.0806 4520 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
20:12:05.0809 4520 NisSrv - ok
20:12:05.0863 4520 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
20:12:05.0867 4520 NlaSvc - ok
20:12:05.0899 4520 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
20:12:05.0900 4520 Npfs - ok
20:12:05.0934 4520 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
20:12:05.0936 4520 nsi - ok
20:12:05.0954 4520 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
20:12:05.0955 4520 nsiproxy - ok
20:12:06.0073 4520 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
20:12:06.0089 4520 Ntfs - ok
20:12:06.0191 4520 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
20:12:06.0192 4520 Null - ok
20:12:06.0234 4520 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
20:12:06.0236 4520 nvraid - ok
20:12:06.0262 4520 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
20:12:06.0264 4520 nvstor - ok
20:12:06.0284 4520 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
20:12:06.0285 4520 nv_agp - ok
20:12:06.0383 4520 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:12:06.0388 4520 odserv - ok
20:12:06.0419 4520 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
20:12:06.0420 4520 ohci1394 - ok
20:12:06.0463 4520 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:12:06.0464 4520 ose - ok
20:12:06.0504 4520 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
20:12:06.0508 4520 p2pimsvc - ok
20:12:06.0544 4520 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
20:12:06.0549 4520 p2psvc - ok
20:12:06.0578 4520 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
20:12:06.0580 4520 Parport - ok
20:12:06.0615 4520 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
20:12:06.0616 4520 partmgr - ok
20:12:06.0682 4520 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
20:12:06.0685 4520 PcaSvc - ok
20:12:06.0734 4520 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
20:12:06.0736 4520 pci - ok
20:12:06.0777 4520 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
20:12:06.0778 4520 pciide - ok
20:12:06.0821 4520 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
20:12:06.0823 4520 pcmcia - ok
20:12:06.0849 4520 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
20:12:06.0850 4520 pcw - ok
20:12:06.0898 4520 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
20:12:06.0904 4520 PEAUTH - ok
20:12:06.0976 4520 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
20:12:06.0979 4520 PerfHost - ok
20:12:07.0021 4520 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
20:12:07.0022 4520 PGEffect - ok
20:12:07.0123 4520 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
20:12:07.0138 4520 pla - ok
20:12:07.0196 4520 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
20:12:07.0200 4520 PlugPlay - ok
20:12:07.0222 4520 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
20:12:07.0224 4520 PNRPAutoReg - ok
20:12:07.0260 4520 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
20:12:07.0263 4520 PNRPsvc - ok
20:12:07.0317 4520 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
20:12:07.0322 4520 PolicyAgent - ok
20:12:07.0360 4520 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
20:12:07.0364 4520 Power - ok
20:12:07.0434 4520 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
20:12:07.0436 4520 PptpMiniport - ok
20:12:07.0465 4520 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
20:12:07.0467 4520 Processor - ok
20:12:07.0492 4520 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
20:12:07.0495 4520 ProfSvc - ok
20:12:07.0525 4520 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:12:07.0527 4520 ProtectedStorage - ok
20:12:07.0567 4520 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
20:12:07.0569 4520 Psched - ok
20:12:07.0662 4520 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
20:12:07.0675 4520 ql2300 - ok
20:12:07.0777 4520 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
20:12:07.0779 4520 ql40xx - ok
20:12:07.0821 4520 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
20:12:07.0825 4520 QWAVE - ok
20:12:07.0838 4520 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
20:12:07.0839 4520 QWAVEdrv - ok
20:12:07.0863 4520 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
20:12:07.0864 4520 RasAcd - ok
20:12:07.0899 4520 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
20:12:07.0900 4520 RasAgileVpn - ok
20:12:07.0931 4520 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
20:12:07.0933 4520 RasAuto - ok
20:12:07.0968 4520 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
20:12:07.0970 4520 Rasl2tp - ok
20:12:08.0021 4520 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
20:12:08.0025 4520 RasMan - ok
20:12:08.0057 4520 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
20:12:08.0058 4520 RasPppoe - ok
20:12:08.0075 4520 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
20:12:08.0076 4520 RasSstp - ok
20:12:08.0129 4520 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
20:12:08.0132 4520 rdbss - ok
20:12:08.0164 4520 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
20:12:08.0165 4520 rdpbus - ok
20:12:08.0187 4520 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
20:12:08.0187 4520 RDPCDD - ok
20:12:08.0198 4520 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
20:12:08.0199 4520 RDPENCDD - ok
20:12:08.0210 4520 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
20:12:08.0211 4520 RDPREFMP - ok
20:12:08.0255 4520 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
20:12:08.0257 4520 RDPWD - ok
20:12:08.0294 4520 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
20:12:08.0297 4520 rdyboost - ok
20:12:08.0414 4520 RegSrvc (a6baea839cc888d4961ab5fe16bb8c4a) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
20:12:08.0422 4520 RegSrvc - ok
20:12:08.0456 4520 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
20:12:08.0457 4520 RemoteAccess - ok
20:12:08.0479 4520 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
20:12:08.0482 4520 RemoteRegistry - ok
20:12:08.0625 4520 RosettaStoneDaemon (e7062dbd907e0c5ceeb5abdaf07e6b32) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
20:12:08.0641 4520 RosettaStoneDaemon - ok
20:12:08.0754 4520 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
20:12:08.0758 4520 RpcEptMapper - ok
20:12:08.0785 4520 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
20:12:08.0787 4520 RpcLocator - ok
20:12:08.0838 4520 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
20:12:08.0844 4520 RpcSs - ok
20:12:08.0903 4520 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
20:12:08.0905 4520 rspndr - ok
20:12:08.0940 4520 RTL8167 (ba3e57c89e6f63808d3f2b11e1a2ad3c) C:\windows\system32\DRIVERS\Rt64win7.sys
20:12:08.0943 4520 RTL8167 - ok
20:12:08.0970 4520 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:12:08.0972 4520 SamSs - ok
20:12:09.0006 4520 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
20:12:09.0007 4520 sbp2port - ok
20:12:09.0040 4520 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
20:12:09.0044 4520 SCardSvr - ok
20:12:09.0079 4520 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
20:12:09.0080 4520 scfilter - ok
20:12:09.0169 4520 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
20:12:09.0181 4520 Schedule - ok
20:12:09.0216 4520 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
20:12:09.0217 4520 SCPolicySvc - ok
20:12:09.0259 4520 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\drivers\sdbus.sys
20:12:09.0261 4520 sdbus - ok
20:12:09.0290 4520 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
20:12:09.0294 4520 SDRSVC - ok
20:12:09.0317 4520 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
20:12:09.0318 4520 secdrv - ok
20:12:09.0356 4520 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
20:12:09.0359 4520 seclogon - ok
20:12:09.0387 4520 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
20:12:09.0390 4520 SENS - ok
20:12:09.0403 4520 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
20:12:09.0406 4520 SensrSvc - ok
20:12:09.0427 4520 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
20:12:09.0428 4520 Serenum - ok
20:12:09.0454 4520 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
20:12:09.0455 4520 Serial - ok
20:12:09.0483 4520 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
20:12:09.0484 4520 sermouse - ok
20:12:09.0525 4520 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
20:12:09.0528 4520 SessionEnv - ok
20:12:09.0565 4520 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
20:12:09.0566 4520 sffdisk - ok
20:12:09.0578 4520 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
20:12:09.0578 4520 sffp_mmc - ok
20:12:09.0590 4520 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
20:12:09.0591 4520 sffp_sd - ok
20:12:09.0624 4520 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
20:12:09.0624 4520 sfloppy - ok
20:12:09.0671 4520 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
20:12:09.0675 4520 SharedAccess - ok
20:12:09.0725 4520 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
20:12:09.0731 4520 ShellHWDetection - ok
20:12:09.0758 4520 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
20:12:09.0759 4520 SiSRaid2 - ok
20:12:09.0776 4520 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
20:12:09.0777 4520 SiSRaid4 - ok
20:12:09.0800 4520 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
20:12:09.0801 4520 Smb - ok
20:12:09.0836 4520 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
20:12:09.0839 4520 SNMPTRAP - ok
20:12:09.0849 4520 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
20:12:09.0850 4520 spldr - ok
20:12:09.0903 4520 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
20:12:09.0909 4520 Spooler - ok
20:12:10.0132 4520 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
20:12:10.0162 4520 sppsvc - ok
20:12:10.0270 4520 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
20:12:10.0274 4520 sppuinotify - ok
20:12:10.0345 4520 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
20:12:10.0350 4520 srv - ok
20:12:10.0388 4520 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
20:12:10.0391 4520 srv2 - ok
20:12:10.0413 4520 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
20:12:10.0414 4520 srvnet - ok
20:12:10.0442 4520 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
20:12:10.0445 4520 SSDPSRV - ok
20:12:10.0459 4520 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
20:12:10.0461 4520 SstpSvc - ok
20:12:10.0492 4520 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
20:12:10.0493 4520 stexstor - ok
20:12:10.0559 4520 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
20:12:10.0565 4520 stisvc - ok
20:12:10.0596 4520 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
20:12:10.0596 4520 swenum - ok
20:12:10.0665 4520 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
20:12:10.0672 4520 swprv - ok
20:12:10.0718 4520 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
20:12:10.0721 4520 SynTP - ok
20:12:10.0848 4520 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
20:12:10.0869 4520 SysMain - ok
20:12:10.0972 4520 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
20:12:10.0976 4520 TabletInputService - ok
20:12:11.0012 4520 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
20:12:11.0016 4520 TapiSrv - ok
20:12:11.0041 4520 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
20:12:11.0044 4520 TBS - ok
20:12:11.0203 4520 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
20:12:11.0223 4520 Tcpip - ok
20:12:11.0436 4520 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
20:12:11.0449 4520 TCPIP6 - ok
20:12:11.0538 4520 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
20:12:11.0539 4520 tcpipreg - ok
20:12:11.0572 4520 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
20:12:11.0573 4520 tdcmdpst - ok
20:12:11.0593 4520 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
20:12:11.0594 4520 TDPIPE - ok
20:12:11.0616 4520 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
20:12:11.0616 4520 TDTCP - ok
20:12:11.0651 4520 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
20:12:11.0652 4520 tdx - ok
20:12:11.0686 4520 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
20:12:11.0687 4520 TermDD - ok
20:12:11.0734 4520 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
20:12:11.0741 4520 TermService - ok
20:12:11.0770 4520 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
20:12:11.0772 4520 Themes - ok
20:12:11.0803 4520 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys
20:12:11.0804 4520 Thpdrv - ok
20:12:11.0816 4520 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS
20:12:11.0816 4520 Thpevm - ok
20:12:11.0866 4520 Thpsrv (f6927bba3b09aff26a53a9191f7378f9) C:\windows\system32\ThpSrv.exe
20:12:11.0871 4520 Thpsrv - ok
20:12:11.0896 4520 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
20:12:11.0898 4520 THREADORDER - ok
20:12:11.0963 4520 TMachInfo (f120967184a27e927052e8ddbb727851) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
20:12:11.0964 4520 TMachInfo - ok
20:12:11.0999 4520 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe
20:12:12.0004 4520 TODDSrv - ok
20:12:12.0090 4520 TosCoSrv (db9719688c08f42705feb3f6a0c98b91) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
20:12:12.0096 4520 TosCoSrv - ok
20:12:12.0166 4520 TOSHIBA eco Utility Service (152da63a2843e7e63eca8ae90d853763) C:\Program Files\TOSHIBA\TECO\TecoService.exe
20:12:12.0168 4520 TOSHIBA eco Utility Service - ok
20:12:12.0219 4520 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
20:12:12.0221 4520 TOSHIBA HDD SSD Alert Service - ok
20:12:12.0297 4520 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
20:12:12.0302 4520 tos_sps64 - ok
20:12:12.0394 4520 TPCHSrv (6f9e17819bfa53cff67cb1e16669500f) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
20:12:12.0401 4520 TPCHSrv - ok
20:12:12.0504 4520 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
20:12:12.0509 4520 TrkWks - ok
20:12:12.0576 4520 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
20:12:12.0579 4520 TrustedInstaller - ok
20:12:12.0641 4520 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
20:12:12.0642 4520 tssecsrv - ok
20:12:12.0673 4520 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
20:12:12.0674 4520 TsUsbFlt - ok
20:12:12.0708 4520 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
20:12:12.0710 4520 tunnel - ok
20:12:12.0737 4520 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
20:12:12.0738 4520 TVALZ - ok
20:12:12.0768 4520 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
20:12:12.0768 4520 TVALZFL - ok
20:12:12.0805 4520 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
20:12:12.0806 4520 uagp35 - ok
20:12:12.0854 4520 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
20:12:12.0857 4520 udfs - ok
20:12:12.0887 4520 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
20:12:12.0889 4520 UI0Detect - ok
20:12:12.0918 4520 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
20:12:12.0919 4520 uliagpkx - ok
20:12:12.0955 4520 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
20:12:12.0955 4520 umbus - ok
20:12:12.0987 4520 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
20:12:12.0987 4520 UmPass - ok
20:12:13.0176 4520 UNS (cc3775100aba633984f73dfae1f55cae) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
20:12:13.0191 4520 UNS - ok
20:12:13.0300 4520 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
20:12:13.0306 4520 upnphost - ok
20:12:13.0371 4520 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\windows\system32\Drivers\usbaapl64.sys
20:12:13.0372 4520 USBAAPL64 - ok
20:12:13.0411 4520 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
20:12:13.0412 4520 usbccgp - ok
20:12:13.0439 4520 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
20:12:13.0440 4520 usbcir - ok
20:12:13.0461 4520 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
20:12:13.0463 4520 usbehci - ok
20:12:13.0500 4520 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
20:12:13.0504 4520 usbhub - ok
20:12:13.0540 4520 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
20:12:13.0541 4520 usbohci - ok
20:12:13.0566 4520 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
20:12:13.0567 4520 usbprint - ok
20:12:13.0602 4520 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
20:12:13.0603 4520 usbscan - ok
20:12:13.0644 4520 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
20:12:13.0646 4520 USBSTOR - ok
20:12:13.0662 4520 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
20:12:13.0663 4520 usbuhci - ok
20:12:13.0694 4520 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
20:12:13.0696 4520 usbvideo - ok
20:12:13.0717 4520 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
20:12:13.0720 4520 UxSms - ok
20:12:13.0748 4520 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:12:13.0750 4520 VaultSvc - ok
20:12:13.0790 4520 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
20:12:13.0791 4520 vdrvroot - ok
20:12:13.0845 4520 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
20:12:13.0853 4520 vds - ok
20:12:13.0875 4520 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
20:12:13.0876 4520 vga - ok
20:12:13.0897 4520 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
20:12:13.0897 4520 VgaSave - ok
20:12:13.0933 4520 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
20:12:13.0935 4520 vhdmp - ok
20:12:13.0951 4520 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
20:12:13.0952 4520 viaide - ok
20:12:13.0966 4520 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
20:12:13.0967 4520 volmgr - ok
20:12:14.0018 4520 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
20:12:14.0021 4520 volmgrx - ok
20:12:14.0065 4520 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
20:12:14.0067 4520 volsnap - ok
20:12:14.0098 4520 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
20:12:14.0100 4520 vsmraid - ok
20:12:14.0219 4520 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
20:12:14.0236 4520 VSS - ok
20:12:14.0327 4520 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
20:12:14.0328 4520 vwifibus - ok
20:12:14.0350 4520 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
20:12:14.0351 4520 vwififlt - ok
20:12:14.0366 4520 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
20:12:14.0367 4520 vwifimp - ok
20:12:14.0412 4520 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
20:12:14.0417 4520 W32Time - ok
20:12:14.0443 4520 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
20:12:14.0444 4520 WacomPen - ok
20:12:14.0477 4520 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
20:12:14.0478 4520 WANARP - ok
20:12:14.0482 4520 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
20:12:14.0483 4520 Wanarpv6 - ok
20:12:14.0582 4520 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
20:12:14.0594 4520 WatAdminSvc - ok
20:12:14.0740 4520 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
20:12:14.0760 4520 wbengine - ok
20:12:14.0859 4520 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
20:12:14.0864 4520 WbioSrvc - ok
20:12:14.0909 4520 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
20:12:14.0916 4520 wcncsvc - ok
20:12:14.0938 4520 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
20:12:14.0940 4520 WcsPlugInService - ok
20:12:14.0998 4520 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
20:12:14.0998 4520 Wd - ok
20:12:15.0049 4520 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
20:12:15.0054 4520 Wdf01000 - ok
20:12:15.0073 4520 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
20:12:15.0074 4520 WdiServiceHost - ok
20:12:15.0077 4520 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
20:12:15.0079 4520 WdiSystemHost - ok
20:12:15.0105 4520 wdkmd (fe31110e39a0b11abae1ba43a2dc94f9) C:\windows\system32\DRIVERS\WDKMD.sys
20:12:15.0105 4520 wdkmd - ok
20:12:15.0142 4520 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
20:12:15.0145 4520 WebClient - ok
20:12:15.0186 4520 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
20:12:15.0189 4520 Wecsvc - ok
20:12:15.0204 4520 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
20:12:15.0206 4520 wercplsupport - ok
20:12:15.0225 4520 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
20:12:15.0227 4520 WerSvc - ok
20:12:15.0248 4520 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
20:12:15.0249 4520 WfpLwf - ok
20:12:15.0360 4520 WiMAXAppSrv (f3c522691316a24328a7b58b0a86028d) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
20:12:15.0370 4520 WiMAXAppSrv - ok
20:12:15.0384 4520 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
20:12:15.0385 4520 WIMMount - ok
20:12:15.0415 4520 WinDefend - ok
20:12:15.0424 4520 WinHttpAutoProxySvc - ok
20:12:15.0517 4520 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
20:12:15.0520 4520 Winmgmt - ok
20:12:15.0658 4520 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
20:12:15.0676 4520 WinRM - ok
20:12:15.0783 4520 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
20:12:15.0784 4520 WinUsb - ok
20:12:15.0856 4520 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
20:12:15.0868 4520 Wlansvc - ok
20:12:15.0928 4520 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:12:15.0929 4520 wlcrasvc - ok
20:12:16.0107 4520 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:12:16.0125 4520 wlidsvc - ok
20:12:16.0228 4520 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
20:12:16.0229 4520 WmiAcpi - ok
20:12:16.0300 4520 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
20:12:16.0303 4520 wmiApSrv - ok
20:12:16.0346 4520 WMPNetworkSvc - ok
20:12:16.0376 4520 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
20:12:16.0379 4520 WPCSvc - ok
20:12:16.0421 4520 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
20:12:16.0424 4520 WPDBusEnum - ok
20:12:16.0460 4520 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
20:12:16.0461 4520 ws2ifsl - ok
20:12:16.0492 4520 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
20:12:16.0496 4520 wscsvc - ok
20:12:16.0500 4520 WSearch - ok
20:12:16.0670 4520 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
20:12:16.0694 4520 wuauserv - ok
20:12:16.0801 4520 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
20:12:16.0803 4520 WudfPf - ok
20:12:16.0832 4520 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
20:12:16.0834 4520 WUDFRd - ok
20:12:16.0872 4520 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
20:12:16.0876 4520 wudfsvc - ok
20:12:16.0907 4520 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
20:12:16.0912 4520 WwanSvc - ok
20:12:17.0018 4520 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
20:12:17.0025 4520 YahooAUService - ok
20:12:17.0058 4520 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
20:12:18.0127 4520 \Device\Harddisk0\DR0 - ok
20:12:18.0162 4520 Boot (0x1200) (7435fd853944c7870b9c51121f2d5bbd) \Device\Harddisk0\DR0\Partition0
20:12:18.0164 4520 \Device\Harddisk0\DR0\Partition0 - ok
20:12:18.0164 4520 ============================================================
20:12:18.0164 4520 Scan finished
20:12:18.0165 4520 ============================================================
20:12:18.0178 4032 Detected object count: 0
20:12:18.0178 4032 Actual detected object count: 0

Here's the MBR file that shows two infections.

aswMBR version 0.9.9.1665 Copyrightę 2011 AVAST Software
Run date: 2012-05-16 14:27:08
----------------------------- 14:27:08.919 OS Version: Windows x64 6.1.7601 Service Pack 1
14:27:08.919 Number of processors: 4 586 0x2505
14:27:08.920 ComputerName: MARY2-PC UserName: Mary 2
14:27:10.675 Initialize success
14:43:15.588 AVAST engine defs: 12051600
14:46:11.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:46:11.333 Disk 0 Vendor: TOSHIBA_ GH10 Size: 610480MB BusType: 3
14:46:11.352 Disk 0 MBR read successfully
14:46:11.356 Disk 0 MBR scan
14:46:11.366 Disk 0 Windows VISTA default MBR code
14:46:11.383 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
14:46:11.445 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 596659 MB offset 3074048
14:46:11.500 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 12320 MB offset 1225031680
14:46:11.579 Disk 0 scanning C:\windows\system32\drivers
14:46:25.434 Service scanning
14:47:17.318 Modules scanning
14:47:17.336 Disk 0 trace - called modules:
14:47:17.391 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys iaStor.sys hal.dll
14:47:17.731 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80069fb060]
14:47:17.742 3 CLASSPNP.SYS[fffff880017aa43f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa80069fa060]
14:47:17.752 5 thpdrv.sys[fffff88001bd8cc0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049c8050]
14:47:19.547 AVAST engine scan C:\windows
14:47:23.304 AVAST engine scan C:\windows\system32
14:52:01.185 AVAST engine scan C:\windows\system32\drivers
14:52:30.454 AVAST engine scan C:\Users\Mary 2
14:52:53.134 File: C:\Users\Mary 2\AppData\Local\CrashDumps\Apps\xliptjd.dll **INFECTED** Win32:Tracur-HZ [Trj]
14:54:14.159 Disk 0 MBR has been saved successfully to "C:\Users\Mary 2\Desktop\MBR.dat"
14:54:14.165 The log file has been saved successfully to "C:\Users\Mary 2\Desktop\aswMBR.txt"
15:01:06.157 File: C:\Users\Mary 2\AppData\Local\Temp\nsi56E0.tmp\xliptjd.dll **INFECTED** Win32:Tracur-HZ [Trj]
15:08:25.019 Disk 0 MBR has been saved successfully to "C:\Users\Mary 2\Desktop\MBR.dat"
15:08:25.021 The log file has been saved successfully to "C:\Users\Mary 2\Desktop\aswMBR.txt"




C:\Users\Mary 2\AppData\Local\CrashDumps\Apps\xliptjd.dll a variant of Win32/Kryptik.AFRA trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\Mary 2\AppData\Local\Temp\NODC60E.tmp a variant of Win32/Kryptik.AFRA trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\Mary 2\AppData\Local\Temp\nsi56E0.tmp\xliptjd.dll a variant of Win32/Kryptik.AFRA trojan cleaned by deleting - quarantined
C:\Users\Mary 2\Downloads\cnet_abmsetup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

Now I'm fixing to re-run the MBR thing....hopefully that'll do it! I'll post after it finishes. Thanks

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:04 PM

Posted 16 May 2012 - 10:03 PM

Restart the PC and run aswmbr :thumbup2:

#7 ufuentes84

ufuentes84
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 16 May 2012 - 10:28 PM

Okay, just restarted and am now running aswmbr :)
this popped up after restart "There was a problem starting c:\users\mary2\appdate\local\crashdumps\apps\sliptjd.dll The specified module could not be found."

#8 ufuentes84

ufuentes84
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 16 May 2012 - 10:29 PM

Where do I pay you or donate to you? I don't like getting all this help for free! I paid the other guy on the other post by accident b/c I thought he'd be the one helping me lol But I would at least like to give a little something to you for your help with this matter! Do you have a donate page setup like the last guy had?

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:04 PM

Posted 16 May 2012 - 11:05 PM

this popped up after restart "There was a problem starting c:\users\mary2\appdate\local\crashdumps\apps\sliptjd.dll The specified module could not be found."

Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

upload the log file to

www.filedropper.com

Post the link here

good luck

#10 ufuentes84

ufuentes84
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 24 May 2012 - 11:53 AM

Sorry this has taken me so long...I just had to leave this computer off until I was able to get back to this...
Here's the link for the autoruns file http://www.filedropper.com/autoruns_2

the aswmbr shows that theres nothing....but I still get redirected... i bought symantec and it cleaned out 4 viruses.... but
even after doing everything listed and buying symantec....i still get redirected....
are there anymore steps i can take??

i'm surprised nothing is showing up on aswmbr....i will re try that today and post that file.
thank you so much for all your help...

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:04 PM

Posted 24 May 2012 - 12:44 PM

Re run aswmbr again and post the log,do you still have the startup error?

Which browser are you getting redirected? If it is a specific browser,reinstall it and check for redirects

#12 ufuentes84

ufuentes84
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 24 May 2012 - 12:47 PM

Okay...here's the aswmbr log....

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-24 11:56:31
-----------------------------
11:56:31.589 OS Version: Windows x64 6.1.7601 Service Pack 1
11:56:31.589 Number of processors: 4 586 0x2505
11:56:31.590 ComputerName: MARY2-PC UserName: Mary 2
11:56:33.883 Initialize success
12:16:58.699 AVAST engine defs: 12052401
12:18:10.117 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:18:10.120 Disk 0 Vendor: TOSHIBA_ GH10 Size: 610480MB BusType: 3
12:18:10.143 Disk 0 MBR read successfully
12:18:10.146 Disk 0 MBR scan
12:18:10.185 Disk 0 Windows VISTA default MBR code
12:18:10.188 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
12:18:10.224 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 596659 MB offset 3074048
12:18:10.257 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 12320 MB offset 1225031680
12:18:10.301 Disk 0 scanning C:\windows\system32\drivers
12:18:21.188 Service scanning
12:19:05.646 Modules scanning
12:19:05.647 Disk 0 trace - called modules:
12:19:05.714 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys iaStor.sys hal.dll
12:19:05.717 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cb4060]
12:19:05.718 3 CLASSPNP.SYS[fffff8800182c43f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8004c9f710]
12:19:05.719 5 thpdrv.sys[fffff88001d72cc0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049b7050]
12:19:08.314 AVAST engine scan C:\windows
12:19:11.125 AVAST engine scan C:\windows\system32
12:22:13.001 AVAST engine scan C:\windows\system32\drivers
12:22:36.346 AVAST engine scan C:\Users\Mary 2
12:35:07.471 File: C:\Users\Mary 2\AppData\Local\MicrosoftStore\downloader.bundle **HIDDEN**
12:35:07.925 File: C:\Users\Mary 2\AppData\Local\MicrosoftStore\downloader.dll **HIDDEN**
12:35:08.353 File: C:\Users\Mary 2\AppData\Local\MicrosoftStore\launcher.bundle **HIDDEN**
12:35:08.676 File: C:\Users\Mary 2\AppData\Local\MicrosoftStore\launcher.dll **HIDDEN**
12:35:24.304 AVAST engine scan C:\ProgramData
12:36:50.350 Scan finished successfully
12:45:10.636 Disk 0 MBR has been saved successfully to "C:\Users\Mary 2\Downloads\MBR.dat"
12:45:10.645 The log file has been saved successfully to "C:\Users\Mary 2\Downloads\aswMBR 052412.txt"


and I am going to restart now and see if the startup error still exists.

also its in google chrome that i get redirected...

#13 ufuentes84

ufuentes84
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 24 May 2012 - 12:53 PM

Ok just restarted and yes still have the startup error...
I'm fixing to reinstall google chrome like you said....

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:04 PM

Posted 24 May 2012 - 12:57 PM

Launch autoruns and uncheck this entry

HKCU\Software\Microsoft\Windows\CurrentVersion\Run"

+ "Apps" "" "" "File not found: C:\Users\Mary 2\AppData\Local\CrashDumps\Apps\xliptjd.dll"

Press Windows+R key and type

notepad and click ok

Now copy this script
@echo off
del /f /s /q "C:\Users\Mary 2\AppData\Local\MicrosoftStore\downloader.bundle"
del /f /s /q "C:\Users\Mary 2\AppData\Local\MicrosoftStore\downloader.dll"
del /f /s /q "C:\Users\Mary 2\AppData\Local\MicrosoftStore\launcher.bundle"
del /f /s /q "C:\Users\Mary 2\AppData\Local\MicrosoftStore\launcher.dll"
del %0

Save it as

filename:Remove.bat
save as type:All types

Run the bat file

Post the new aswmbr log

Reinstall chrome and let me know if you still have redirects

Edited by narenxp, 24 May 2012 - 01:21 PM.


#15 ufuentes84

ufuentes84
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 24 May 2012 - 01:54 PM

Okay, there is no startup error anymore! whew :)

And I just left google chrome and firefox off....
I kept internet explorer and it was having redirects too, but it seems that they have stopped, so it all appears to be okay! :)
Thanks for your help...I'm hoping it really is good to go now!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users