Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

computer very slow and choppy


  • This topic is locked This topic is locked
36 replies to this topic

#1 dialout

dialout

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 24 May 2012 - 12:25 PM

and keystrokes dont aways appear. i keep hving to go back and fix things...notice the (L) in always missing, and the (A) in having...its not specific to any key.

I had norton on here, but it would not run, so i un-installed it, and tried trend micro...neither have found anything.

gmer did not generate a log, and said it found no changes, however i could not select all the boxes as the example shows.

the kids play games on this laptop, so i have no idea what they may have downloaded...the only time i see it is when it is not working right.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:32 AM

Posted 24 May 2012 - 12:28 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 dialout

dialout
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 24 May 2012 - 01:43 PM

thanks for the fast reply. I started to scans as you suggested...and they have just completed. however there seems to be a problem. My internet explorer icon is gone from the tray, and if I use the one in the start menu it says illegal operation attempted on a registry key that has been marked for deletion.

I cant get that laptop back online to post the results

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:32 AM

Posted 24 May 2012 - 02:06 PM

restart the computer
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 dialout

dialout
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 24 May 2012 - 02:46 PM

bck online...i should have known that...it restarted once combofix ran so i figured that was all it needed...here are the logs.


Results of screen317's Security Check version 0.99.38
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Trend Micro Titanium Maximum Security 2012
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 31
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Symantec Norton Online Backup NOBuAgent.exe
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
``````````End of Log````````````









ComboFix 12-05-24.02 - sheila 05/24/2012 13:50:18.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1979.1006 [GMT -4:00]
Running from: c:\users\sheila\Desktop\ComboFix.exe
AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\sheila\Desktop\ua\Angel.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-24 to 2012-05-24 )))))))))))))))))))))))))))))))
.
.
2012-05-22 15:18 . 2012-05-22 15:18 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-19 22:48 . 2012-05-19 22:48 -------- d-----w- c:\users\sheila\AppData\Roaming\Blue Tea Games
2012-05-19 22:45 . 2012-05-19 22:47 -------- d-----w- c:\program files (x86)\Dark Parables - The Exiled Prince
2012-05-19 14:03 . 2012-05-19 14:04 -------- d-----w- c:\program files (x86)\Roads of Rome
2012-05-18 22:49 . 2012-05-18 22:51 -------- d-----w- c:\program files (x86)\Redemption Cemetery - Curse of the Raven
2012-05-18 19:58 . 2012-05-18 19:58 -------- d-----w- c:\users\sheila\AppData\Roaming\GameMill Entertainment
2012-05-18 19:58 . 2012-05-18 19:58 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-05-18 19:58 . 2012-05-18 19:58 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-05-18 19:58 . 2012-05-18 19:58 -------- d-----w- c:\program files (x86)\OpenAL
2012-05-18 19:58 . 2012-05-18 19:58 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-05-18 19:58 . 2012-05-18 19:58 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-05-17 00:01 . 2012-05-17 00:01 -------- d-----w- c:\users\sheila\AppData\Roaming\tabagames
2012-05-12 21:09 . 2012-05-24 17:57 -------- d-----w- C:\temp
2012-05-12 21:08 . 2012-05-12 21:08 -------- d-----w- c:\users\sheila\AppData\Local\Trend Micro
2012-05-12 21:07 . 2012-05-12 21:03 67344 ----a-w- c:\windows\system32\drivers\tmeevw.sys
2012-05-12 21:07 . 2012-05-12 21:03 210704 ----a-w- c:\windows\system32\drivers\tmnciesc.sys
2012-05-12 21:07 . 2012-05-12 21:03 105744 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2012-05-12 21:07 . 2012-05-12 21:03 91920 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2012-05-12 21:07 . 2012-05-12 21:03 70928 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2012-05-12 21:07 . 2012-05-12 21:03 167696 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-05-12 21:07 . 2012-05-12 21:10 -------- d-----w- c:\programdata\Trend Micro
2012-05-12 21:06 . 2012-05-12 21:06 56 ----a-w- c:\windows\system32\SupportTool.exe.bat
2012-05-12 21:06 . 2012-05-12 21:06 -------- d-----w- c:\program files\Trend Micro
2012-05-11 22:52 . 2012-05-11 22:52 -------- d-----w- c:\users\sheila\AppData\Roaming\GameDevo
2012-05-11 21:22 . 2012-05-11 21:22 -------- d-----w- c:\programdata\Trymedia
2012-05-10 17:08 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 17:08 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 17:08 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 17:08 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 17:08 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 17:08 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 17:08 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 17:08 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 17:08 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 17:08 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-06 15:22 . 2012-05-06 15:23 -------- d-----w- c:\program files (x86)\House of 1000 Doors - The Palm of Zoroaster
2012-05-05 21:07 . 2012-05-05 21:07 -------- d-----w- c:\users\sheila\AppData\Roaming\Jumb-O-Fun Games
2012-05-01 07:18 . 2012-05-01 07:18 0 ----a-w- c:\windows\SysWow64\shoCC10.tmp
2012-04-28 18:47 . 2012-05-16 20:50 -------- d-----w- c:\users\sheila\AppData\Roaming\Awem
2012-04-28 18:17 . 2012-04-30 14:16 -------- d-----w- c:\programdata\VirtualizedApplications
2012-04-28 16:06 . 2012-04-28 16:06 -------- d-----w- c:\users\sheila\AppData\Local\SoftGrid Client
2012-04-28 16:06 . 2012-05-09 21:19 -------- d-----w- c:\users\sheila\AppData\Roaming\SoftGrid Client
2012-04-28 16:05 . 2012-05-01 07:01 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2012-04-28 16:04 . 2012-04-28 16:07 -------- d-----w- c:\users\sheila\AppData\Roaming\TP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 06:46 . 2012-04-15 23:40 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-15 23:40 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-15 23:40 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-15 23:40 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-15 23:40 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-15 23:40 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-15 23:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 15:42 . 2010-10-16 19:35 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-28 06:39 . 2012-04-11 23:56 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 05:38 . 2012-04-11 23:56 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 04:31 . 2012-04-11 23:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 03:52 . 2012-04-11 23:56 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 15:28 1307928 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-08-16 2736128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-09-29 584760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"GIDDesktop"="c:\program files (x86)\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2012-5-18 6038128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 GIDv2;GIDv2; [x]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-09-17 92216]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-09-29 26680]
S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-05-18 65648]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2010-09-07 202048]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 tmeevw;tmeevw;c:\windows\system32\DRIVERS\tmeevw.sys [x]
S3 tmnciesc;tmnciesc;c:\windows\system32\DRIVERS\tmnciesc.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 21:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 14:26 435976 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-19 c:\windows\Tasks\HPCeeScheduleForSHEILA-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 410648]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-09-22 6489704]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Utopia Angel - c:\users\sheila\Desktop\ua\Angel.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8} - c:\program files (x86)\InstallShield Installation Information\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-05-24 14:05:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-24 18:05
.
Pre-Run: 175,295,848,448 bytes free
Post-Run: 174,881,869,824 bytes free
.
- - End Of File - - 50453821FB6F69F947D5B6D20572066F

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:32 AM

Posted 24 May 2012 - 02:51 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 dialout

dialout
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 25 May 2012 - 09:49 AM

10:46:37.0062 2348 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
10:46:39.0122 2348 ============================================================
10:46:39.0122 2348 Current date / time: 2012/05/25 10:46:39.0122
10:46:39.0122 2348 SystemInfo:
10:46:39.0122 2348
10:46:39.0122 2348 OS Version: 6.1.7601 ServicePack: 1.0
10:46:39.0122 2348 Product type: Workstation
10:46:39.0122 2348 ComputerName: SHEILA-HP
10:46:39.0122 2348 UserName: sheila
10:46:39.0122 2348 Windows directory: C:\Windows
10:46:39.0122 2348 System windows directory: C:\Windows
10:46:39.0122 2348 Running under WOW64
10:46:39.0122 2348 Processor architecture: Intel x64
10:46:39.0122 2348 Number of processors: 1
10:46:39.0122 2348 Page size: 0x1000
10:46:39.0122 2348 Boot type: Normal boot
10:46:39.0122 2348 ============================================================
10:46:40.0822 2348 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:46:40.0838 2348 ============================================================
10:46:40.0838 2348 \Device\Harddisk0\DR0:
10:46:40.0838 2348 MBR partitions:
10:46:40.0838 2348 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
10:46:40.0838 2348 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1AB71800
10:46:40.0838 2348 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1ABD5800, BlocksNum 0x25BC000
10:46:40.0838 2348 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x33970
10:46:40.0838 2348 ============================================================
10:46:40.0884 2348 C: <-> \Device\Harddisk0\DR0\Partition1
10:46:40.0931 2348 D: <-> \Device\Harddisk0\DR0\Partition2
10:46:40.0962 2348 ============================================================
10:46:40.0962 2348 Initialize success
10:46:40.0962 2348 ============================================================
10:46:43.0739 5644 ============================================================
10:46:43.0739 5644 Scan started
10:46:43.0739 5644 Mode: Manual;
10:46:43.0739 5644 ============================================================
10:46:44.0878 5644 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:46:44.0894 5644 1394ohci - ok
10:46:44.0940 5644 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:46:44.0956 5644 ACPI - ok
10:46:45.0003 5644 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:46:45.0003 5644 AcpiPmi - ok
10:46:45.0081 5644 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:46:45.0096 5644 adp94xx - ok
10:46:45.0159 5644 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:46:45.0174 5644 adpahci - ok
10:46:45.0221 5644 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:46:45.0221 5644 adpu320 - ok
10:46:45.0268 5644 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:46:45.0284 5644 AeLookupSvc - ok
10:46:45.0377 5644 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
10:46:45.0408 5644 AERTFilters - ok
10:46:45.0533 5644 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:46:45.0549 5644 AFD - ok
10:46:45.0596 5644 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:46:45.0596 5644 agp440 - ok
10:46:45.0642 5644 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:46:45.0642 5644 ALG - ok
10:46:45.0689 5644 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:46:45.0689 5644 aliide - ok
10:46:45.0720 5644 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:46:45.0720 5644 amdide - ok
10:46:45.0752 5644 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:46:45.0767 5644 AmdK8 - ok
10:46:45.0783 5644 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:46:45.0798 5644 AmdPPM - ok
10:46:45.0830 5644 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:46:45.0845 5644 amdsata - ok
10:46:45.0892 5644 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:46:45.0908 5644 amdsbs - ok
10:46:45.0923 5644 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:46:45.0923 5644 amdxata - ok
10:46:46.0064 5644 Amsp (1b7d1f0a0dfadbc797c16364792a7aa5) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
10:46:46.0110 5644 Amsp - ok
10:46:46.0173 5644 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:46:46.0173 5644 AppID - ok
10:46:46.0220 5644 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:46:46.0235 5644 AppIDSvc - ok
10:46:46.0282 5644 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:46:46.0298 5644 Appinfo - ok
10:46:46.0422 5644 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:46:46.0532 5644 arc - ok
10:46:46.0563 5644 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:46:46.0578 5644 arcsas - ok
10:46:46.0610 5644 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:46:46.0610 5644 AsyncMac - ok
10:46:46.0672 5644 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:46:46.0672 5644 atapi - ok
10:46:46.0734 5644 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:46:46.0766 5644 AudioEndpointBuilder - ok
10:46:46.0766 5644 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:46:46.0781 5644 AudioSrv - ok
10:46:46.0859 5644 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:46:46.0859 5644 AxInstSV - ok
10:46:46.0937 5644 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:46:46.0953 5644 b06bdrv - ok
10:46:47.0000 5644 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:46:47.0015 5644 b57nd60a - ok
10:46:47.0140 5644 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
10:46:47.0171 5644 BBSvc - ok
10:46:47.0218 5644 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
10:46:47.0234 5644 BBUpdate - ok
10:46:47.0280 5644 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:46:47.0296 5644 BDESVC - ok
10:46:47.0327 5644 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:46:47.0327 5644 Beep - ok
10:46:47.0436 5644 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
10:46:47.0452 5644 BFE - ok
10:46:47.0514 5644 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
10:46:47.0546 5644 BITS - ok
10:46:47.0608 5644 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:46:47.0624 5644 blbdrive - ok
10:46:47.0655 5644 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:46:47.0655 5644 bowser - ok
10:46:47.0686 5644 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:46:47.0686 5644 BrFiltLo - ok
10:46:47.0702 5644 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:46:47.0702 5644 BrFiltUp - ok
10:46:47.0780 5644 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
10:46:47.0780 5644 BridgeMP - ok
10:46:47.0811 5644 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:46:47.0826 5644 Browser - ok
10:46:47.0858 5644 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:46:47.0858 5644 Brserid - ok
10:46:47.0889 5644 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:46:47.0889 5644 BrSerWdm - ok
10:46:47.0904 5644 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:46:47.0920 5644 BrUsbMdm - ok
10:46:47.0936 5644 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:46:47.0936 5644 BrUsbSer - ok
10:46:47.0967 5644 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:46:47.0967 5644 BTHMODEM - ok
10:46:48.0014 5644 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:46:48.0014 5644 bthserv - ok
10:46:48.0045 5644 catchme - ok
10:46:48.0092 5644 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:46:48.0092 5644 cdfs - ok
10:46:48.0138 5644 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
10:46:48.0138 5644 cdrom - ok
10:46:48.0201 5644 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:46:48.0201 5644 CertPropSvc - ok
10:46:48.0248 5644 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:46:48.0248 5644 circlass - ok
10:46:48.0294 5644 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:46:48.0310 5644 CLFS - ok
10:46:48.0482 5644 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:46:48.0528 5644 clr_optimization_v2.0.50727_32 - ok
10:46:48.0591 5644 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:46:48.0669 5644 clr_optimization_v2.0.50727_64 - ok
10:46:48.0731 5644 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:46:48.0778 5644 clr_optimization_v4.0.30319_32 - ok
10:46:48.0903 5644 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:46:48.0965 5644 clr_optimization_v4.0.30319_64 - ok
10:46:49.0043 5644 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
10:46:49.0043 5644 clwvd - ok
10:46:49.0074 5644 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:46:49.0090 5644 CmBatt - ok
10:46:49.0121 5644 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:46:49.0121 5644 cmdide - ok
10:46:49.0184 5644 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
10:46:49.0199 5644 CNG - ok
10:46:49.0230 5644 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:46:49.0246 5644 Compbatt - ok
10:46:49.0293 5644 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:46:49.0293 5644 CompositeBus - ok
10:46:49.0308 5644 COMSysApp - ok
10:46:49.0340 5644 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:46:49.0340 5644 crcdisk - ok
10:46:49.0418 5644 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
10:46:49.0418 5644 CryptSvc - ok
10:46:49.0589 5644 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
10:46:49.0636 5644 cvhsvc - ok
10:46:49.0714 5644 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:46:49.0730 5644 DcomLaunch - ok
10:46:49.0761 5644 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:46:49.0776 5644 defragsvc - ok
10:46:49.0839 5644 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:46:49.0854 5644 DfsC - ok
10:46:49.0917 5644 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:46:49.0932 5644 Dhcp - ok
10:46:49.0964 5644 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:46:49.0964 5644 discache - ok
10:46:50.0026 5644 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:46:50.0026 5644 Disk - ok
10:46:50.0057 5644 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:46:50.0073 5644 Dnscache - ok
10:46:50.0120 5644 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:46:50.0120 5644 dot3svc - ok
10:46:50.0151 5644 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:46:50.0151 5644 DPS - ok
10:46:50.0198 5644 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:46:50.0198 5644 drmkaud - ok
10:46:50.0276 5644 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:46:50.0338 5644 DXGKrnl - ok
10:46:50.0385 5644 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:46:50.0385 5644 EapHost - ok
10:46:50.0525 5644 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:46:50.0634 5644 ebdrv - ok
10:46:50.0728 5644 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
10:46:50.0744 5644 EFS - ok
10:46:50.0853 5644 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:46:50.0900 5644 ehRecvr - ok
10:46:50.0931 5644 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:46:50.0946 5644 ehSched - ok
10:46:51.0024 5644 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:46:51.0040 5644 elxstor - ok
10:46:51.0087 5644 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:46:51.0087 5644 ErrDev - ok
10:46:51.0180 5644 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:46:51.0196 5644 EventSystem - ok
10:46:51.0243 5644 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:46:51.0243 5644 exfat - ok
10:46:51.0274 5644 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:46:51.0274 5644 fastfat - ok
10:46:51.0368 5644 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:46:51.0399 5644 Fax - ok
10:46:51.0430 5644 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:46:51.0430 5644 fdc - ok
10:46:51.0477 5644 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:46:51.0477 5644 fdPHost - ok
10:46:51.0492 5644 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:46:51.0492 5644 FDResPub - ok
10:46:51.0524 5644 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:46:51.0524 5644 FileInfo - ok
10:46:51.0539 5644 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:46:51.0539 5644 Filetrace - ok
10:46:51.0570 5644 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:46:51.0570 5644 flpydisk - ok
10:46:51.0617 5644 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:46:51.0633 5644 FltMgr - ok
10:46:51.0695 5644 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
10:46:51.0742 5644 FontCache - ok
10:46:51.0820 5644 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:46:51.0820 5644 FontCache3.0.0.0 - ok
10:46:51.0851 5644 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:46:51.0867 5644 FsDepends - ok
10:46:51.0898 5644 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
10:46:51.0898 5644 Fs_Rec - ok
10:46:51.0945 5644 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:46:51.0960 5644 fvevol - ok
10:46:52.0007 5644 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:46:52.0007 5644 gagp30kx - ok
10:46:52.0070 5644 GameConsoleService (d154305de6090e6e84e525f84bb08a06) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
10:46:52.0116 5644 GameConsoleService - ok
10:46:52.0179 5644 GIDv2 (9ba22aee7f531ef9ce085cc2e1112bc4) C:\Windows\system32\drivers\GIDv2.sys
10:46:52.0179 5644 GIDv2 - ok
10:46:52.0257 5644 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:46:52.0288 5644 gpsvc - ok
10:46:52.0304 5644 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:46:52.0304 5644 hcw85cir - ok
10:46:52.0366 5644 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:46:52.0397 5644 HdAudAddService - ok
10:46:52.0475 5644 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:46:52.0475 5644 HDAudBus - ok
10:46:52.0506 5644 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:46:52.0506 5644 HidBatt - ok
10:46:52.0538 5644 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:46:52.0553 5644 HidBth - ok
10:46:52.0569 5644 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:46:52.0569 5644 HidIr - ok
10:46:52.0616 5644 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
10:46:52.0616 5644 hidserv - ok
10:46:52.0678 5644 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:46:52.0678 5644 HidUsb - ok
10:46:52.0725 5644 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:46:52.0725 5644 hkmsvc - ok
10:46:52.0772 5644 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:46:52.0787 5644 HomeGroupListener - ok
10:46:52.0834 5644 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:46:52.0834 5644 HomeGroupProvider - ok
10:46:52.0943 5644 HP Health Check Service (37965381364b2e106e1dd7d74cdcaa43) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
10:46:52.0974 5644 HP Health Check Service - ok
10:46:53.0068 5644 HP Wireless Assistant Service (c930128c8f8ff03d8f8c42b570920d56) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
10:46:53.0084 5644 HP Wireless Assistant Service - ok
10:46:53.0130 5644 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
10:46:53.0146 5644 HPClientSvc - ok
10:46:53.0193 5644 HPDrvMntSvc.exe (f323230c391771611bbe9363b88c3e3e) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
10:46:53.0208 5644 HPDrvMntSvc.exe - ok
10:46:53.0271 5644 hpqwmiex (5311386f0ec157d155bb07a1d420fb4d) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
10:46:53.0318 5644 hpqwmiex - ok
10:46:53.0442 5644 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:46:53.0442 5644 HpSAMD - ok
10:46:53.0505 5644 HPWMISVC (854197d1270d20193fe2d4b14784aade) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
10:46:53.0520 5644 HPWMISVC - ok
10:46:53.0598 5644 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:46:53.0614 5644 HTTP - ok
10:46:53.0661 5644 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:46:53.0661 5644 hwpolicy - ok
10:46:53.0723 5644 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:46:53.0723 5644 i8042prt - ok
10:46:53.0770 5644 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
10:46:53.0786 5644 iaStor - ok
10:46:53.0848 5644 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:46:53.0879 5644 iaStorV - ok
10:46:53.0988 5644 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:46:54.0020 5644 idsvc - ok
10:46:54.0113 5644 IDVaultSvc (dc6f40e409d70c008c0bb77605c34ac8) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
10:46:54.0129 5644 IDVaultSvc - ok
10:46:54.0690 5644 igfx (898ab5bfed7040d7ab07af01885eb944) C:\Windows\system32\DRIVERS\igdkmd64.sys
10:46:54.0893 5644 igfx - ok
10:46:55.0392 5644 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:46:55.0392 5644 iirsp - ok
10:46:55.0455 5644 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:46:55.0486 5644 IKEEXT - ok
10:46:55.0611 5644 IntcAzAudAddService (d311e2dd59a34079d89c249b2a4d9fdb) C:\Windows\system32\drivers\RTKVHD64.sys
10:46:55.0704 5644 IntcAzAudAddService - ok
10:46:55.0814 5644 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:46:55.0814 5644 intelide - ok
10:46:55.0860 5644 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:46:55.0860 5644 intelppm - ok
10:46:55.0907 5644 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:46:55.0907 5644 IPBusEnum - ok
10:46:55.0954 5644 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:46:55.0954 5644 IpFilterDriver - ok
10:46:56.0016 5644 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:46:56.0048 5644 iphlpsvc - ok
10:46:56.0094 5644 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:46:56.0094 5644 IPMIDRV - ok
10:46:56.0126 5644 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:46:56.0126 5644 IPNAT - ok
10:46:56.0157 5644 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:46:56.0157 5644 IRENUM - ok
10:46:56.0188 5644 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:46:56.0188 5644 isapnp - ok
10:46:56.0235 5644 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:46:56.0235 5644 iScsiPrt - ok
10:46:56.0266 5644 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
10:46:56.0266 5644 kbdclass - ok
10:46:56.0313 5644 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
10:46:56.0313 5644 kbdhid - ok
10:46:56.0360 5644 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:46:56.0360 5644 KeyIso - ok
10:46:56.0391 5644 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
10:46:56.0391 5644 KSecDD - ok
10:46:56.0422 5644 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
10:46:56.0422 5644 KSecPkg - ok
10:46:56.0453 5644 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:46:56.0453 5644 ksthunk - ok
10:46:56.0516 5644 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:46:56.0531 5644 KtmRm - ok
10:46:56.0609 5644 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
10:46:56.0625 5644 LanmanServer - ok
10:46:56.0672 5644 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:46:56.0672 5644 LanmanWorkstation - ok
10:46:56.0750 5644 LightScribeService (fcbdcc6f1801e32244235608e1277752) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
10:46:56.0765 5644 LightScribeService - ok
10:46:56.0812 5644 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:46:56.0812 5644 lltdio - ok
10:46:56.0843 5644 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:46:56.0859 5644 lltdsvc - ok
10:46:56.0890 5644 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:46:56.0890 5644 lmhosts - ok
10:46:56.0952 5644 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:46:56.0952 5644 LSI_FC - ok
10:46:56.0984 5644 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:46:56.0999 5644 LSI_SAS - ok
10:46:57.0015 5644 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:46:57.0015 5644 LSI_SAS2 - ok
10:46:57.0046 5644 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:46:57.0046 5644 LSI_SCSI - ok
10:46:57.0077 5644 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:46:57.0093 5644 luafv - ok
10:46:57.0155 5644 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:46:57.0155 5644 Mcx2Svc - ok
10:46:57.0186 5644 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:46:57.0186 5644 megasas - ok
10:46:57.0233 5644 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:46:57.0233 5644 MegaSR - ok
10:46:57.0280 5644 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:46:57.0280 5644 MMCSS - ok
10:46:57.0327 5644 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:46:57.0327 5644 Modem - ok
10:46:57.0374 5644 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:46:57.0374 5644 monitor - ok
10:46:57.0514 5644 MotoHelper (36ac4deceae4226a5b5dd038c49658e1) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
10:46:57.0530 5644 MotoHelper - ok
10:46:57.0592 5644 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:46:57.0592 5644 mouclass - ok
10:46:57.0639 5644 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:46:57.0639 5644 mouhid - ok
10:46:57.0701 5644 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:46:57.0701 5644 mountmgr - ok
10:46:57.0748 5644 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:46:57.0748 5644 mpio - ok
10:46:57.0779 5644 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:46:57.0779 5644 mpsdrv - ok
10:46:57.0857 5644 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
10:46:57.0873 5644 MpsSvc - ok
10:46:57.0920 5644 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:46:57.0920 5644 MRxDAV - ok
10:46:57.0966 5644 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:46:57.0982 5644 mrxsmb - ok
10:46:58.0029 5644 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:46:58.0044 5644 mrxsmb10 - ok
10:46:58.0060 5644 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:46:58.0060 5644 mrxsmb20 - ok
10:46:58.0091 5644 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:46:58.0107 5644 msahci - ok
10:46:58.0138 5644 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:46:58.0154 5644 msdsm - ok
10:46:58.0185 5644 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:46:58.0200 5644 MSDTC - ok
10:46:58.0247 5644 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:46:58.0247 5644 Msfs - ok
10:46:58.0278 5644 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:46:58.0278 5644 mshidkmdf - ok
10:46:58.0325 5644 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:46:58.0325 5644 msisadrv - ok
10:46:58.0372 5644 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:46:58.0388 5644 MSiSCSI - ok
10:46:58.0403 5644 msiserver - ok
10:46:58.0419 5644 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:46:58.0419 5644 MSKSSRV - ok
10:46:58.0450 5644 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:46:58.0450 5644 MSPCLOCK - ok
10:46:58.0481 5644 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:46:58.0481 5644 MSPQM - ok
10:46:58.0528 5644 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:46:58.0544 5644 MsRPC - ok
10:46:58.0590 5644 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:46:58.0590 5644 mssmbios - ok
10:46:58.0622 5644 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:46:58.0622 5644 MSTEE - ok
10:46:58.0653 5644 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:46:58.0653 5644 MTConfig - ok
10:46:58.0684 5644 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:46:58.0684 5644 Mup - ok
10:46:58.0746 5644 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:46:58.0762 5644 napagent - ok
10:46:58.0824 5644 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:46:58.0824 5644 NativeWifiP - ok
10:46:58.0918 5644 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:46:58.0980 5644 NDIS - ok
10:46:59.0012 5644 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:46:59.0012 5644 NdisCap - ok
10:46:59.0043 5644 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:46:59.0043 5644 NdisTapi - ok
10:46:59.0105 5644 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:46:59.0105 5644 Ndisuio - ok
10:46:59.0136 5644 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:46:59.0152 5644 NdisWan - ok
10:46:59.0168 5644 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:46:59.0168 5644 NDProxy - ok
10:46:59.0214 5644 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:46:59.0214 5644 NetBIOS - ok
10:46:59.0261 5644 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:46:59.0261 5644 NetBT - ok
10:46:59.0292 5644 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:46:59.0292 5644 Netlogon - ok
10:46:59.0355 5644 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:46:59.0386 5644 Netman - ok
10:46:59.0417 5644 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:46:59.0433 5644 netprofm - ok
10:46:59.0495 5644 netr28x (aa1d8f9de032be4e8303af33368fdfc8) C:\Windows\system32\DRIVERS\netr28x.sys
10:46:59.0542 5644 netr28x - ok
10:46:59.0636 5644 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:46:59.0636 5644 NetTcpPortSharing - ok
10:46:59.0870 5644 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
10:47:00.0010 5644 netw5v64 - ok
10:47:00.0119 5644 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:47:00.0119 5644 nfrd960 - ok
10:47:00.0197 5644 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:47:00.0213 5644 NlaSvc - ok
10:47:00.0400 5644 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
10:47:00.0525 5644 NOBU - ok
10:47:00.0634 5644 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:47:00.0634 5644 Npfs - ok
10:47:00.0681 5644 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:47:00.0681 5644 nsi - ok
10:47:00.0696 5644 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:47:00.0696 5644 nsiproxy - ok
10:47:00.0806 5644 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:47:00.0837 5644 Ntfs - ok
10:47:00.0930 5644 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:47:00.0930 5644 Null - ok
10:47:00.0977 5644 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:47:00.0977 5644 nvraid - ok
10:47:01.0024 5644 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:47:01.0040 5644 nvstor - ok
10:47:01.0102 5644 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:47:01.0102 5644 nv_agp - ok
10:47:01.0133 5644 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:47:01.0133 5644 ohci1394 - ok
10:47:01.0227 5644 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:47:01.0242 5644 ose - ok
10:47:01.0508 5644 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:47:01.0788 5644 osppsvc - ok
10:47:01.0898 5644 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:47:01.0913 5644 p2pimsvc - ok
10:47:01.0960 5644 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:47:01.0976 5644 p2psvc - ok
10:47:02.0054 5644 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:47:02.0054 5644 Parport - ok
10:47:02.0085 5644 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
10:47:02.0085 5644 partmgr - ok
10:47:02.0132 5644 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:47:02.0132 5644 PcaSvc - ok
10:47:02.0178 5644 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:47:02.0194 5644 pci - ok
10:47:02.0210 5644 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:47:02.0210 5644 pciide - ok
10:47:02.0256 5644 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:47:02.0272 5644 pcmcia - ok
10:47:02.0303 5644 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:47:02.0303 5644 pcw - ok
10:47:02.0366 5644 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:47:02.0381 5644 PEAUTH - ok
10:47:02.0459 5644 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:47:02.0475 5644 PerfHost - ok
10:47:02.0615 5644 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:47:02.0662 5644 pla - ok
10:47:02.0724 5644 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
10:47:02.0740 5644 PlugPlay - ok
10:47:02.0771 5644 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:47:02.0787 5644 PNRPAutoReg - ok
10:47:02.0818 5644 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:47:02.0818 5644 PNRPsvc - ok
10:47:02.0865 5644 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:47:02.0896 5644 PolicyAgent - ok
10:47:02.0943 5644 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:47:02.0943 5644 Power - ok
10:47:03.0036 5644 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:47:03.0036 5644 PptpMiniport - ok
10:47:03.0083 5644 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:47:03.0083 5644 Processor - ok
10:47:03.0146 5644 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
10:47:03.0161 5644 ProfSvc - ok
10:47:03.0208 5644 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:47:03.0208 5644 ProtectedStorage - ok
10:47:03.0255 5644 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:47:03.0255 5644 Psched - ok
10:47:03.0348 5644 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:47:03.0411 5644 ql2300 - ok
10:47:03.0504 5644 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:47:03.0504 5644 ql40xx - ok
10:47:03.0551 5644 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:47:03.0567 5644 QWAVE - ok
10:47:03.0598 5644 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:47:03.0598 5644 QWAVEdrv - ok
10:47:03.0629 5644 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:47:03.0629 5644 RasAcd - ok
10:47:03.0660 5644 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:47:03.0676 5644 RasAgileVpn - ok
10:47:03.0707 5644 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:47:03.0707 5644 RasAuto - ok
10:47:03.0754 5644 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:47:03.0754 5644 Rasl2tp - ok
10:47:03.0894 5644 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:47:03.0926 5644 RasMan - ok
10:47:03.0957 5644 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:47:03.0957 5644 RasPppoe - ok
10:47:03.0988 5644 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:47:03.0988 5644 RasSstp - ok
10:47:04.0050 5644 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:47:04.0066 5644 rdbss - ok
10:47:04.0097 5644 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:47:04.0097 5644 rdpbus - ok
10:47:04.0128 5644 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:47:04.0128 5644 RDPCDD - ok
10:47:04.0160 5644 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:47:04.0160 5644 RDPENCDD - ok
10:47:04.0191 5644 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:47:04.0191 5644 RDPREFMP - ok
10:47:04.0238 5644 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
10:47:04.0238 5644 RDPWD - ok
10:47:04.0300 5644 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:47:04.0316 5644 rdyboost - ok
10:47:04.0347 5644 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:47:04.0362 5644 RemoteAccess - ok
10:47:04.0409 5644 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:47:04.0409 5644 RemoteRegistry - ok
10:47:04.0487 5644 RoxioNow Service (c1568e17039b2ec2b73a4f880ddd51e5) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
10:47:04.0518 5644 RoxioNow Service - ok
10:47:04.0565 5644 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:47:04.0565 5644 RpcEptMapper - ok
10:47:04.0596 5644 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:47:04.0596 5644 RpcLocator - ok
10:47:04.0659 5644 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:47:04.0674 5644 RpcSs - ok
10:47:04.0737 5644 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:47:04.0737 5644 rspndr - ok
10:47:04.0784 5644 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:47:04.0799 5644 RTL8167 - ok
10:47:04.0877 5644 RtVOsdService (4ea7e5df0cb237156176fa0349e6e87f) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
10:47:04.0908 5644 RtVOsdService - ok
10:47:04.0955 5644 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:47:04.0955 5644 SamSs - ok
10:47:05.0002 5644 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:47:05.0002 5644 sbp2port - ok
10:47:05.0033 5644 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:47:05.0033 5644 SCardSvr - ok
10:47:05.0080 5644 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:47:05.0080 5644 scfilter - ok
10:47:05.0158 5644 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:47:05.0236 5644 Schedule - ok
10:47:05.0283 5644 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:47:05.0283 5644 SCPolicySvc - ok
10:47:05.0345 5644 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
10:47:05.0345 5644 sdbus - ok
10:47:05.0361 5644 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:47:05.0376 5644 SDRSVC - ok
10:47:05.0408 5644 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:47:05.0408 5644 secdrv - ok
10:47:05.0423 5644 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:47:05.0439 5644 seclogon - ok
10:47:05.0454 5644 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
10:47:05.0470 5644 SENS - ok
10:47:05.0501 5644 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:47:05.0517 5644 SensrSvc - ok
10:47:05.0532 5644 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:47:05.0532 5644 Serenum - ok
10:47:05.0579 5644 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:47:05.0579 5644 Serial - ok
10:47:05.0626 5644 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:47:05.0626 5644 sermouse - ok
10:47:05.0673 5644 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:47:05.0688 5644 SessionEnv - ok
10:47:05.0720 5644 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:47:05.0720 5644 sffdisk - ok
10:47:05.0735 5644 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:47:05.0751 5644 sffp_mmc - ok
10:47:05.0766 5644 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:47:05.0782 5644 sffp_sd - ok
10:47:05.0813 5644 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:47:05.0813 5644 sfloppy - ok
10:47:05.0876 5644 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
10:47:05.0891 5644 Sftfs - ok
10:47:06.0016 5644 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
10:47:06.0078 5644 sftlist - ok
10:47:06.0141 5644 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
10:47:06.0141 5644 Sftplay - ok
10:47:06.0188 5644 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
10:47:06.0188 5644 Sftredir - ok
10:47:06.0219 5644 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
10:47:06.0219 5644 Sftvol - ok
10:47:06.0266 5644 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
10:47:06.0297 5644 sftvsa - ok
10:47:06.0375 5644 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:47:06.0390 5644 SharedAccess - ok
10:47:06.0437 5644 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:47:06.0453 5644 ShellHWDetection - ok
10:47:06.0500 5644 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:47:06.0500 5644 SiSRaid2 - ok
10:47:06.0546 5644 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:47:06.0546 5644 SiSRaid4 - ok
10:47:06.0578 5644 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:47:06.0593 5644 Smb - ok
10:47:06.0656 5644 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:47:06.0656 5644 SNMPTRAP - ok
10:47:06.0687 5644 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:47:06.0687 5644 spldr - ok
10:47:06.0749 5644 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:47:06.0796 5644 Spooler - ok
10:47:06.0968 5644 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:47:07.0077 5644 sppsvc - ok
10:47:07.0170 5644 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:47:07.0186 5644 sppuinotify - ok
10:47:07.0248 5644 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:47:07.0264 5644 srv - ok
10:47:07.0311 5644 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:47:07.0326 5644 srv2 - ok
10:47:07.0389 5644 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
10:47:07.0404 5644 SrvHsfHDA - ok
10:47:07.0482 5644 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
10:47:07.0529 5644 SrvHsfV92 - ok
10:47:07.0654 5644 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
10:47:07.0685 5644 SrvHsfWinac - ok
10:47:07.0732 5644 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:47:07.0732 5644 srvnet - ok
10:47:07.0779 5644 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:47:07.0779 5644 SSDPSRV - ok
10:47:07.0810 5644 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:47:07.0810 5644 SstpSvc - ok
10:47:07.0857 5644 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:47:07.0857 5644 stexstor - ok
10:47:07.0919 5644 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:47:07.0950 5644 stisvc - ok
10:47:07.0997 5644 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:47:07.0997 5644 swenum - ok
10:47:08.0044 5644 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:47:08.0075 5644 swprv - ok
10:47:08.0169 5644 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys
10:47:08.0231 5644 SynTP - ok
10:47:08.0403 5644 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:47:08.0465 5644 SysMain - ok
10:47:08.0574 5644 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:47:08.0574 5644 TabletInputService - ok
10:47:08.0606 5644 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:47:08.0621 5644 TapiSrv - ok
10:47:08.0652 5644 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:47:08.0652 5644 TBS - ok
10:47:08.0793 5644 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
10:47:08.0855 5644 Tcpip - ok
10:47:09.0027 5644 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
10:47:09.0042 5644 TCPIP6 - ok
10:47:09.0152 5644 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:47:09.0152 5644 tcpipreg - ok
10:47:09.0198 5644 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:47:09.0198 5644 TDPIPE - ok
10:47:09.0230 5644 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
10:47:09.0245 5644 TDTCP - ok
10:47:09.0308 5644 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:47:09.0308 5644 tdx - ok
10:47:09.0370 5644 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:47:09.0417 5644 TermDD - ok
10:47:09.0510 5644 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:47:09.0526 5644 TermService - ok
10:47:09.0557 5644 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:47:09.0573 5644 Themes - ok
10:47:09.0604 5644 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:47:09.0604 5644 THREADORDER - ok
10:47:09.0666 5644 tmactmon (e386dd8ec68c67ca3e2a3abdc1df5c56) C:\Windows\system32\DRIVERS\tmactmon.sys
10:47:09.0682 5644 tmactmon - ok
10:47:09.0760 5644 tmcomm (ab011c569487fd65c8944ddf8cbb2572) C:\Windows\system32\DRIVERS\tmcomm.sys
10:47:09.0760 5644 tmcomm - ok
10:47:09.0822 5644 tmeevw (1161f882b3cfa8076870a09924e0adc2) C:\Windows\system32\DRIVERS\tmeevw.sys
10:47:09.0822 5644 tmeevw - ok
10:47:09.0869 5644 tmevtmgr (8870a3d7305455b47adccd226f8e51bc) C:\Windows\system32\DRIVERS\tmevtmgr.sys
10:47:09.0885 5644 tmevtmgr - ok
10:47:09.0932 5644 tmnciesc (f0ae672ee91e7f1ef24644621b57ca7f) C:\Windows\system32\DRIVERS\tmnciesc.sys
10:47:09.0947 5644 tmnciesc - ok
10:47:09.0994 5644 tmtdi (065cb7d9278d778fb9ef62cead01433f) C:\Windows\system32\DRIVERS\tmtdi.sys
10:47:09.0994 5644 tmtdi - ok
10:47:10.0056 5644 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:47:10.0056 5644 TrkWks - ok
10:47:10.0119 5644 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:47:10.0134 5644 TrustedInstaller - ok
10:47:10.0181 5644 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:47:10.0197 5644 tssecsrv - ok
10:47:10.0228 5644 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:47:10.0228 5644 TsUsbFlt - ok
10:47:10.0306 5644 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:47:10.0306 5644 tunnel - ok
10:47:10.0337 5644 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:47:10.0337 5644 uagp35 - ok
10:47:10.0400 5644 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:47:10.0415 5644 udfs - ok
10:47:10.0478 5644 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:47:10.0478 5644 UI0Detect - ok
10:47:10.0540 5644 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:47:10.0540 5644 uliagpkx - ok
10:47:10.0571 5644 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
10:47:10.0571 5644 umbus - ok
10:47:10.0602 5644 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:47:10.0602 5644 UmPass - ok
10:47:10.0649 5644 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:47:10.0665 5644 upnphost - ok
10:47:10.0712 5644 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
10:47:10.0712 5644 usbccgp - ok
10:47:10.0774 5644 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:47:10.0774 5644 usbcir - ok
10:47:10.0805 5644 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
10:47:10.0805 5644 usbehci - ok
10:47:10.0836 5644 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:47:10.0868 5644 usbhub - ok
10:47:10.0899 5644 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
10:47:10.0899 5644 usbohci - ok
10:47:10.0914 5644 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:47:10.0914 5644 usbprint - ok
10:47:10.0961 5644 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:47:10.0961 5644 USBSTOR - ok
10:47:10.0992 5644 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
10:47:10.0992 5644 usbuhci - ok
10:47:11.0024 5644 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:47:11.0024 5644 UxSms - ok
10:47:11.0070 5644 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:47:11.0070 5644 VaultSvc - ok
10:47:11.0117 5644 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:47:11.0117 5644 vdrvroot - ok
10:47:11.0180 5644 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:47:11.0211 5644 vds - ok
10:47:11.0258 5644 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:47:11.0258 5644 vga - ok
10:47:11.0289 5644 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:47:11.0289 5644 VgaSave - ok
10:47:11.0336 5644 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:47:11.0351 5644 vhdmp - ok
10:47:11.0367 5644 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:47:11.0367 5644 viaide - ok
10:47:11.0414 5644 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:47:11.0414 5644 volmgr - ok
10:47:11.0460 5644 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:47:11.0476 5644 volmgrx - ok
10:47:11.0523 5644 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:47:11.0538 5644 volsnap - ok
10:47:11.0585 5644 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:47:11.0585 5644 vsmraid - ok
10:47:11.0694 5644 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:47:11.0757 5644 VSS - ok
10:47:11.0850 5644 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:47:11.0850 5644 vwifibus - ok
10:47:11.0882 5644 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:47:11.0897 5644 vwififlt - ok
10:47:11.0944 5644 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:47:11.0960 5644 W32Time - ok
10:47:11.0991 5644 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:47:11.0991 5644 WacomPen - ok
10:47:12.0053 5644 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:47:12.0069 5644 WANARP - ok
10:47:12.0084 5644 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:47:12.0084 5644 Wanarpv6 - ok
10:47:12.0194 5644 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
10:47:12.0272 5644 WatAdminSvc - ok
10:47:12.0365 5644 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:47:12.0412 5644 wbengine - ok
10:47:12.0506 5644 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:47:12.0506 5644 WbioSrvc - ok
10:47:12.0568 5644 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:47:12.0584 5644 wcncsvc - ok
10:47:12.0599 5644 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:47:12.0599 5644 WcsPlugInService - ok
10:47:12.0662 5644 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:47:12.0662 5644 Wd - ok
10:47:12.0708 5644 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:47:12.0755 5644 Wdf01000 - ok
10:47:12.0771 5644 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:47:12.0786 5644 WdiServiceHost - ok
10:47:12.0786 5644 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:47:12.0786 5644 WdiSystemHost - ok
10:47:12.0849 5644 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:47:12.0864 5644 WebClient - ok
10:47:12.0896 5644 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:47:12.0911 5644 Wecsvc - ok
10:47:12.0958 5644 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:47:12.0958 5644 wercplsupport - ok
10:47:13.0005 5644 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:47:13.0005 5644 WerSvc - ok
10:47:13.0083 5644 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:47:13.0083 5644 WfpLwf - ok
10:47:13.0114 5644 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:47:13.0114 5644 WIMMount - ok
10:47:13.0145 5644 WinDefend - ok
10:47:13.0161 5644 WinHttpAutoProxySvc - ok
10:47:13.0223 5644 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:47:13.0254 5644 Winmgmt - ok
10:47:13.0410 5644 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:47:13.0488 5644 WinRM - ok
10:47:13.0644 5644 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:47:13.0676 5644 Wlansvc - ok
10:47:13.0847 5644 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:47:13.0925 5644 wlidsvc - ok
10:47:14.0050 5644 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:47:14.0066 5644 WmiAcpi - ok
10:47:14.0128 5644 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:47:14.0144 5644 wmiApSrv - ok
10:47:14.0206 5644 WMPNetworkSvc - ok
10:47:14.0237 5644 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:47:14.0253 5644 WPCSvc - ok
10:47:14.0300 5644 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:47:14.0315 5644 WPDBusEnum - ok
10:47:14.0346 5644 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:47:14.0346 5644 ws2ifsl - ok
10:47:14.0378 5644 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
10:47:14.0378 5644 wscsvc - ok
10:47:14.0393 5644 WSearch - ok
10:47:14.0518 5644 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
10:47:14.0596 5644 wuauserv - ok
10:47:14.0705 5644 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:47:14.0705 5644 WudfPf - ok
10:47:14.0752 5644 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:47:14.0768 5644 WUDFRd - ok
10:47:14.0814 5644 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:47:14.0814 5644 wudfsvc - ok
10:47:14.0861 5644 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:47:14.0861 5644 WwanSvc - ok
10:47:14.0924 5644 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
10:47:14.0939 5644 yukonw7 - ok
10:47:14.0970 5644 MBR (0x1B8) (6d06fbacf20c1175bda3ab8ce42a2436) \Device\Harddisk0\DR0
10:47:15.0158 5644 \Device\Harddisk0\DR0 - ok
10:47:15.0158 5644 Boot (0x1200) (ccf93909cc85d6fc1556322152ed7054) \Device\Harddisk0\DR0\Partition0
10:47:15.0158 5644 \Device\Harddisk0\DR0\Partition0 - ok
10:47:15.0189 5644 Boot (0x1200) (f187f5c131d901d72e955510980fdfe8) \Device\Harddisk0\DR0\Partition1
10:47:15.0189 5644 \Device\Harddisk0\DR0\Partition1 - ok
10:47:15.0236 5644 Boot (0x1200) (3b9bb59bf514fd16609c35291000f858) \Device\Harddisk0\DR0\Partition2
10:47:15.0236 5644 \Device\Harddisk0\DR0\Partition2 - ok
10:47:15.0267 5644 Boot (0x1200) (4f6546b17a4c0c8a153ebc0a5e77db48) \Device\Harddisk0\DR0\Partition3
10:47:15.0267 5644 \Device\Harddisk0\DR0\Partition3 - ok
10:47:15.0267 5644 ============================================================
10:47:15.0267 5644 Scan finished
10:47:15.0267 5644 ============================================================
10:47:15.0282 2280 Detected object count: 0
10:47:15.0282 2280 Actual detected object count: 0






aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-24 16:43:54
-----------------------------
16:43:54.181 OS Version: Windows x64 6.1.7601 Service Pack 1
16:43:54.181 Number of processors: 1 586 0x170A
16:43:54.181 ComputerName: SHEILA-HP UserName: sheila
16:44:05.319 Initialize success
16:44:14.975 AVAST engine defs: 12052401
16:44:29.483 The log file has been saved successfully to "C:\Users\sheila\Desktop\aswMBRlog.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-25 10:29:49
-----------------------------
10:29:49.027 OS Version: Windows x64 6.1.7601 Service Pack 1
10:29:49.027 Number of processors: 1 586 0x170A
10:29:49.027 ComputerName: SHEILA-HP UserName: sheila
10:29:53.051 Initialize success
10:30:02.879 AVAST engine defs: 12052401
10:30:06.155 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:30:06.155 Disk 0 Vendor: ST925031 0005 Size: 238475MB BusType: 3
10:30:06.187 Disk 0 MBR read successfully
10:30:06.187 Disk 0 MBR scan
10:30:06.218 Disk 0 unknown MBR code
10:30:06.218 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
10:30:06.265 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 218851 MB offset 409600
10:30:06.311 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 19320 MB offset 448616448
10:30:06.343 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
10:30:06.452 Disk 0 scanning C:\Windows\system32\drivers
10:30:32.535 Service scanning
10:31:09.304 Modules scanning
10:31:09.304 Disk 0 trace - called modules:
10:31:09.866 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
10:31:09.881 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004484060]
10:31:09.881 3 CLASSPNP.SYS[fffff88001ba143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800222f050]
10:31:10.895 AVAST engine scan C:\Windows
10:31:18.337 AVAST engine scan C:\Windows\system32
10:37:51.255 AVAST engine scan C:\Windows\system32\drivers
10:38:12.595 AVAST engine scan C:\Users\sheila
10:42:51.243 AVAST engine scan C:\ProgramData
10:45:37.961 Scan finished successfully
10:46:04.699 Disk 0 MBR has been saved successfully to "C:\Users\sheila\Desktop\MBR.dat"
10:46:04.715 The log file has been saved successfully to "C:\Users\sheila\Desktop\aswMBRlog.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:32 AM

Posted 25 May 2012 - 12:03 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 dialout

dialout
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 25 May 2012 - 05:28 PM

Combo fix is hanging after its restart. Says it is preparing log report...but it has been all day. I ran it this morning

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:32 AM

Posted 25 May 2012 - 05:52 PM

Hello

Ok lets try this, I want you to run the combofix script in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 dialout

dialout
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 25 May 2012 - 06:23 PM

came back to it...the last post was from my phone...and voila...report.

ComboFix 12-05-24.02 - sheila 05/24/2012 13:50:18.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1979.1006 [GMT -4:00]
Running from: c:\users\sheila\Desktop\ComboFix.exe
AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\sheila\Desktop\ua\Angel.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-24 to 2012-05-24 )))))))))))))))))))))))))))))))
.
.
2012-05-22 15:18 . 2012-05-22 15:18 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-19 22:48 . 2012-05-19 22:48 -------- d-----w- c:\users\sheila\AppData\Roaming\Blue Tea Games
2012-05-19 22:45 . 2012-05-19 22:47 -------- d-----w- c:\program files (x86)\Dark Parables - The Exiled Prince
2012-05-19 14:03 . 2012-05-19 14:04 -------- d-----w- c:\program files (x86)\Roads of Rome
2012-05-18 22:49 . 2012-05-18 22:51 -------- d-----w- c:\program files (x86)\Redemption Cemetery - Curse of the Raven
2012-05-18 19:58 . 2012-05-18 19:58 -------- d-----w- c:\users\sheila\AppData\Roaming\GameMill Entertainment
2012-05-18 19:58 . 2012-05-18 19:58 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-05-18 19:58 . 2012-05-18 19:58 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-05-18 19:58 . 2012-05-18 19:58 -------- d-----w- c:\program files (x86)\OpenAL
2012-05-18 19:58 . 2012-05-18 19:58 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-05-18 19:58 . 2012-05-18 19:58 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-05-17 00:01 . 2012-05-17 00:01 -------- d-----w- c:\users\sheila\AppData\Roaming\tabagames
2012-05-12 21:09 . 2012-05-24 17:57 -------- d-----w- C:\temp
2012-05-12 21:08 . 2012-05-12 21:08 -------- d-----w- c:\users\sheila\AppData\Local\Trend Micro
2012-05-12 21:07 . 2012-05-12 21:03 67344 ----a-w- c:\windows\system32\drivers\tmeevw.sys
2012-05-12 21:07 . 2012-05-12 21:03 210704 ----a-w- c:\windows\system32\drivers\tmnciesc.sys
2012-05-12 21:07 . 2012-05-12 21:03 105744 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2012-05-12 21:07 . 2012-05-12 21:03 91920 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2012-05-12 21:07 . 2012-05-12 21:03 70928 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2012-05-12 21:07 . 2012-05-12 21:03 167696 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-05-12 21:07 . 2012-05-12 21:10 -------- d-----w- c:\programdata\Trend Micro
2012-05-12 21:06 . 2012-05-12 21:06 56 ----a-w- c:\windows\system32\SupportTool.exe.bat
2012-05-12 21:06 . 2012-05-12 21:06 -------- d-----w- c:\program files\Trend Micro
2012-05-11 22:52 . 2012-05-11 22:52 -------- d-----w- c:\users\sheila\AppData\Roaming\GameDevo
2012-05-11 21:22 . 2012-05-11 21:22 -------- d-----w- c:\programdata\Trymedia
2012-05-10 17:08 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 17:08 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 17:08 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 17:08 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 17:08 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 17:08 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 17:08 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 17:08 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 17:08 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 17:08 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-06 15:22 . 2012-05-06 15:23 -------- d-----w- c:\program files (x86)\House of 1000 Doors - The Palm of Zoroaster
2012-05-05 21:07 . 2012-05-05 21:07 -------- d-----w- c:\users\sheila\AppData\Roaming\Jumb-O-Fun Games
2012-05-01 07:18 . 2012-05-01 07:18 0 ----a-w- c:\windows\SysWow64\shoCC10.tmp
2012-04-28 18:47 . 2012-05-16 20:50 -------- d-----w- c:\users\sheila\AppData\Roaming\Awem
2012-04-28 18:17 . 2012-04-30 14:16 -------- d-----w- c:\programdata\VirtualizedApplications
2012-04-28 16:06 . 2012-04-28 16:06 -------- d-----w- c:\users\sheila\AppData\Local\SoftGrid Client
2012-04-28 16:06 . 2012-05-09 21:19 -------- d-----w- c:\users\sheila\AppData\Roaming\SoftGrid Client
2012-04-28 16:05 . 2012-05-01 07:01 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2012-04-28 16:04 . 2012-04-28 16:07 -------- d-----w- c:\users\sheila\AppData\Roaming\TP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 06:46 . 2012-04-15 23:40 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-15 23:40 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-15 23:40 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-15 23:40 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-15 23:40 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-15 23:40 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-15 23:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 15:42 . 2010-10-16 19:35 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-28 06:39 . 2012-04-11 23:56 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 05:38 . 2012-04-11 23:56 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 04:31 . 2012-04-11 23:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 03:52 . 2012-04-11 23:56 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 15:28 1307928 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-08-16 2736128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-09-29 584760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"GIDDesktop"="c:\program files (x86)\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2012-5-18 6038128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 GIDv2;GIDv2; [x]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-09-17 92216]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-09-29 26680]
S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-05-18 65648]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2010-09-07 202048]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 tmeevw;tmeevw;c:\windows\system32\DRIVERS\tmeevw.sys [x]
S3 tmnciesc;tmnciesc;c:\windows\system32\DRIVERS\tmnciesc.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 21:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 14:26 435976 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-19 c:\windows\Tasks\HPCeeScheduleForSHEILA-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 410648]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-09-22 6489704]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Utopia Angel - c:\users\sheila\Desktop\ua\Angel.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8} - c:\program files (x86)\InstallShield Installation Information\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-05-24 14:05:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-24 18:05
.
Pre-Run: 175,295,848,448 bytes free
Post-Run: 174,881,869,824 bytes free
.
- - End Of File - - 50453821FB6F69F947D5B6D20572066F

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:32 AM

Posted 25 May 2012 - 09:49 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 dialout

dialout
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 27 May 2012 - 10:56 AM

11:30:10.0769 4404 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
11:30:11.0308 4404 ============================================================
11:30:11.0308 4404 Current date / time: 2012/05/27 11:30:11.0308
11:30:11.0308 4404 SystemInfo:
11:30:11.0308 4404
11:30:11.0308 4404 OS Version: 6.1.7601 ServicePack: 1.0
11:30:11.0308 4404 Product type: Workstation
11:30:11.0308 4404 ComputerName: SHEILA-HP
11:30:11.0308 4404 UserName: sheila
11:30:11.0308 4404 Windows directory: C:\Windows
11:30:11.0308 4404 System windows directory: C:\Windows
11:30:11.0308 4404 Running under WOW64
11:30:11.0308 4404 Processor architecture: Intel x64
11:30:11.0308 4404 Number of processors: 1
11:30:11.0308 4404 Page size: 0x1000
11:30:11.0308 4404 Boot type: Normal boot
11:30:11.0308 4404 ============================================================
11:30:12.0459 4404 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:30:12.0465 4404 ============================================================
11:30:12.0465 4404 \Device\Harddisk0\DR0:
11:30:12.0465 4404 MBR partitions:
11:30:12.0465 4404 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
11:30:12.0465 4404 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1AB71800
11:30:12.0465 4404 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1ABD5800, BlocksNum 0x25BC000
11:30:12.0465 4404 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x33970
11:30:12.0465 4404 ============================================================
11:30:12.0489 4404 C: <-> \Device\Harddisk0\DR0\Partition1
11:30:12.0533 4404 D: <-> \Device\Harddisk0\DR0\Partition2
11:30:12.0607 4404 ============================================================
11:30:12.0607 4404 Initialize success
11:30:12.0607 4404 ============================================================
11:30:17.0936 5796 ============================================================
11:30:17.0936 5796 Scan started
11:30:17.0936 5796 Mode: Manual;
11:30:17.0936 5796 ============================================================
11:30:21.0224 5796 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:30:21.0239 5796 1394ohci - ok
11:30:21.0291 5796 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:30:21.0306 5796 ACPI - ok
11:30:21.0358 5796 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:30:21.0378 5796 AcpiPmi - ok
11:30:21.0466 5796 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:30:21.0490 5796 adp94xx - ok
11:30:21.0771 5796 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:30:21.0837 5796 adpahci - ok
11:30:21.0884 5796 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:30:21.0888 5796 adpu320 - ok
11:30:21.0935 5796 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:30:21.0938 5796 AeLookupSvc - ok
11:30:22.0012 5796 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
11:30:22.0027 5796 AERTFilters - ok
11:30:22.0102 5796 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:30:22.0122 5796 AFD - ok
11:30:22.0158 5796 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:30:22.0162 5796 agp440 - ok
11:30:22.0198 5796 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:30:22.0202 5796 ALG - ok
11:30:22.0250 5796 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:30:22.0252 5796 aliide - ok
11:30:22.0275 5796 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:30:22.0278 5796 amdide - ok
11:30:22.0321 5796 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:30:22.0324 5796 AmdK8 - ok
11:30:22.0352 5796 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:30:22.0355 5796 AmdPPM - ok
11:30:22.0398 5796 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:30:22.0418 5796 amdsata - ok
11:30:22.0461 5796 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:30:22.0466 5796 amdsbs - ok
11:30:22.0490 5796 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:30:22.0492 5796 amdxata - ok
11:30:22.0619 5796 Amsp (1b7d1f0a0dfadbc797c16364792a7aa5) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
11:30:22.0636 5796 Amsp - ok
11:30:22.0716 5796 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:30:22.0719 5796 AppID - ok
11:30:22.0758 5796 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:30:22.0762 5796 AppIDSvc - ok
11:30:22.0818 5796 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:30:22.0821 5796 Appinfo - ok
11:30:22.0924 5796 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:30:22.0928 5796 arc - ok
11:30:22.0964 5796 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:30:22.0969 5796 arcsas - ok
11:30:22.0998 5796 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:30:23.0002 5796 AsyncMac - ok
11:30:23.0062 5796 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:30:23.0065 5796 atapi - ok
11:30:23.0136 5796 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:30:23.0157 5796 AudioEndpointBuilder - ok
11:30:23.0170 5796 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:30:23.0176 5796 AudioSrv - ok
11:30:23.0318 5796 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:30:23.0322 5796 AxInstSV - ok
11:30:23.0389 5796 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:30:23.0409 5796 b06bdrv - ok
11:30:23.0465 5796 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:30:23.0472 5796 b57nd60a - ok
11:30:23.0675 5796 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
11:30:23.0692 5796 BBSvc - ok
11:30:23.0734 5796 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
11:30:23.0736 5796 BBUpdate - ok
11:30:23.0781 5796 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:30:23.0785 5796 BDESVC - ok
11:30:23.0827 5796 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:30:23.0830 5796 Beep - ok
11:30:23.0917 5796 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:30:23.0937 5796 BFE - ok
11:30:23.0993 5796 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
11:30:24.0044 5796 BITS - ok
11:30:24.0108 5796 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:30:24.0111 5796 blbdrive - ok
11:30:24.0199 5796 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:30:24.0217 5796 bowser - ok
11:30:24.0236 5796 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:30:24.0239 5796 BrFiltLo - ok
11:30:24.0256 5796 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:30:24.0259 5796 BrFiltUp - ok
11:30:24.0329 5796 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
11:30:24.0332 5796 BridgeMP - ok
11:30:24.0366 5796 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:30:24.0370 5796 Browser - ok
11:30:24.0405 5796 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:30:24.0411 5796 Brserid - ok
11:30:24.0435 5796 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:30:24.0439 5796 BrSerWdm - ok
11:30:24.0462 5796 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:30:24.0465 5796 BrUsbMdm - ok
11:30:24.0488 5796 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:30:24.0490 5796 BrUsbSer - ok
11:30:24.0519 5796 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:30:24.0522 5796 BTHMODEM - ok
11:30:24.0564 5796 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:30:24.0568 5796 bthserv - ok
11:30:24.0716 5796 catchme - ok
11:30:24.0755 5796 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:30:24.0759 5796 cdfs - ok
11:30:24.0811 5796 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:30:24.0816 5796 cdrom - ok
11:30:24.0872 5796 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:30:24.0875 5796 CertPropSvc - ok
11:30:24.0918 5796 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:30:24.0922 5796 circlass - ok
11:30:24.0966 5796 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:30:24.0982 5796 CLFS - ok
11:30:25.0052 5796 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:30:25.0056 5796 clr_optimization_v2.0.50727_32 - ok
11:30:25.0104 5796 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:30:25.0115 5796 clr_optimization_v2.0.50727_64 - ok
11:30:25.0183 5796 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:30:25.0205 5796 clr_optimization_v4.0.30319_32 - ok
11:30:25.0263 5796 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:30:25.0268 5796 clr_optimization_v4.0.30319_64 - ok
11:30:25.0315 5796 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
11:30:25.0318 5796 clwvd - ok
11:30:25.0356 5796 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:30:25.0359 5796 CmBatt - ok
11:30:25.0401 5796 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:30:25.0404 5796 cmdide - ok
11:30:25.0465 5796 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:30:25.0485 5796 CNG - ok
11:30:25.0535 5796 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:30:25.0538 5796 Compbatt - ok
11:30:25.0593 5796 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:30:25.0597 5796 CompositeBus - ok
11:30:25.0635 5796 COMSysApp - ok
11:30:25.0696 5796 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:30:25.0699 5796 crcdisk - ok
11:30:25.0800 5796 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
11:30:25.0805 5796 CryptSvc - ok
11:30:25.0941 5796 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
11:30:25.0987 5796 cvhsvc - ok
11:30:26.0061 5796 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:30:26.0086 5796 DcomLaunch - ok
11:30:26.0121 5796 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:30:26.0137 5796 defragsvc - ok
11:30:26.0210 5796 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:30:26.0214 5796 DfsC - ok
11:30:26.0288 5796 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:30:26.0302 5796 Dhcp - ok
11:30:26.0453 5796 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:30:26.0454 5796 discache - ok
11:30:26.0686 5796 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:30:26.0689 5796 Disk - ok
11:30:26.0930 5796 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:30:26.0942 5796 Dnscache - ok
11:30:27.0188 5796 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:30:27.0254 5796 dot3svc - ok
11:30:27.0344 5796 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:30:27.0347 5796 DPS - ok
11:30:27.0394 5796 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:30:27.0398 5796 drmkaud - ok
11:30:27.0523 5796 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:30:27.0564 5796 DXGKrnl - ok
11:30:27.0614 5796 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:30:27.0618 5796 EapHost - ok
11:30:27.0791 5796 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:30:27.0884 5796 ebdrv - ok
11:30:28.0364 5796 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:30:28.0368 5796 EFS - ok
11:30:28.0791 5796 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:30:28.0870 5796 ehRecvr - ok
11:30:28.0918 5796 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:30:28.0922 5796 ehSched - ok
11:30:29.0006 5796 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:30:29.0029 5796 elxstor - ok
11:30:29.0072 5796 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:30:29.0075 5796 ErrDev - ok
11:30:29.0254 5796 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:30:29.0270 5796 EventSystem - ok
11:30:29.0398 5796 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:30:29.0406 5796 exfat - ok
11:30:29.0434 5796 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:30:29.0440 5796 fastfat - ok
11:30:29.0541 5796 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:30:29.0560 5796 Fax - ok
11:30:29.0595 5796 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:30:29.0598 5796 fdc - ok
11:30:29.0643 5796 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:30:29.0646 5796 fdPHost - ok
11:30:29.0664 5796 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:30:29.0667 5796 FDResPub - ok
11:30:29.0686 5796 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:30:29.0689 5796 FileInfo - ok
11:30:29.0706 5796 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:30:29.0709 5796 Filetrace - ok
11:30:29.0740 5796 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:30:29.0742 5796 flpydisk - ok
11:30:29.0810 5796 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:30:29.0816 5796 FltMgr - ok
11:30:29.0895 5796 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:30:29.0937 5796 FontCache - ok
11:30:30.0003 5796 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:30:30.0006 5796 FontCache3.0.0.0 - ok
11:30:30.0048 5796 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:30:30.0051 5796 FsDepends - ok
11:30:30.0085 5796 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
11:30:30.0088 5796 Fs_Rec - ok
11:30:30.0143 5796 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:30:30.0148 5796 fvevol - ok
11:30:30.0192 5796 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:30:30.0195 5796 gagp30kx - ok
11:30:30.0277 5796 GameConsoleService (d154305de6090e6e84e525f84bb08a06) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
11:30:30.0304 5796 GameConsoleService - ok
11:30:30.0377 5796 GIDv2 (9ba22aee7f531ef9ce085cc2e1112bc4) C:\Windows\system32\drivers\GIDv2.sys
11:30:30.0380 5796 GIDv2 - ok
11:30:30.0451 5796 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:30:30.0475 5796 gpsvc - ok
11:30:30.0509 5796 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:30:30.0513 5796 hcw85cir - ok
11:30:30.0623 5796 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:30:30.0647 5796 HdAudAddService - ok
11:30:30.0680 5796 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:30:30.0691 5796 HDAudBus - ok
11:30:30.0766 5796 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:30:30.0770 5796 HidBatt - ok
11:30:30.0810 5796 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:30:30.0815 5796 HidBth - ok
11:30:30.0839 5796 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:30:30.0843 5796 HidIr - ok
11:30:30.0877 5796 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
11:30:30.0880 5796 hidserv - ok
11:30:30.0942 5796 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:30:30.0946 5796 HidUsb - ok
11:30:30.0990 5796 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:30:30.0994 5796 hkmsvc - ok
11:30:31.0036 5796 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:30:31.0042 5796 HomeGroupListener - ok
11:30:31.0087 5796 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:30:31.0093 5796 HomeGroupProvider - ok
11:30:31.0198 5796 HP Health Check Service (37965381364b2e106e1dd7d74cdcaa43) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
11:30:31.0236 5796 HP Health Check Service - ok
11:30:31.0332 5796 HP Wireless Assistant Service (c930128c8f8ff03d8f8c42b570920d56) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
11:30:31.0354 5796 HP Wireless Assistant Service - ok
11:30:31.0403 5796 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
11:30:31.0416 5796 HPClientSvc - ok
11:30:31.0466 5796 HPDrvMntSvc.exe (f323230c391771611bbe9363b88c3e3e) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
11:30:31.0482 5796 HPDrvMntSvc.exe - ok
11:30:31.0548 5796 hpqwmiex (5311386f0ec157d155bb07a1d420fb4d) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
11:30:31.0603 5796 hpqwmiex - ok
11:30:31.0751 5796 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:30:31.0754 5796 HpSAMD - ok
11:30:31.0828 5796 HPWMISVC (854197d1270d20193fe2d4b14784aade) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
11:30:31.0843 5796 HPWMISVC - ok
11:30:31.0912 5796 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:30:31.0933 5796 HTTP - ok
11:30:31.0974 5796 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:30:31.0976 5796 hwpolicy - ok
11:30:32.0017 5796 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:30:32.0021 5796 i8042prt - ok
11:30:32.0076 5796 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
11:30:32.0080 5796 iaStor - ok
11:30:32.0139 5796 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:30:32.0160 5796 iaStorV - ok
11:30:32.0272 5796 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:30:32.0313 5796 idsvc - ok
11:30:32.0413 5796 IDVaultSvc (dc6f40e409d70c008c0bb77605c34ac8) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
11:30:32.0433 5796 IDVaultSvc - ok
11:30:33.0015 5796 igfx (898ab5bfed7040d7ab07af01885eb944) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:30:33.0228 5796 igfx - ok
11:30:33.0349 5796 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:30:33.0352 5796 iirsp - ok
11:30:33.0429 5796 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:30:33.0457 5796 IKEEXT - ok
11:30:33.0632 5796 IntcAzAudAddService (d311e2dd59a34079d89c249b2a4d9fdb) C:\Windows\system32\drivers\RTKVHD64.sys
11:30:33.0774 5796 IntcAzAudAddService - ok
11:30:33.0895 5796 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:30:33.0898 5796 intelide - ok
11:30:33.0942 5796 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:30:33.0946 5796 intelppm - ok
11:30:33.0981 5796 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:30:33.0985 5796 IPBusEnum - ok
11:30:34.0032 5796 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:30:34.0035 5796 IpFilterDriver - ok
11:30:34.0102 5796 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:30:34.0126 5796 iphlpsvc - ok
11:30:34.0168 5796 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:30:34.0172 5796 IPMIDRV - ok
11:30:34.0210 5796 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:30:34.0213 5796 IPNAT - ok
11:30:34.0242 5796 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:30:34.0244 5796 IRENUM - ok
11:30:34.0272 5796 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:30:34.0276 5796 isapnp - ok
11:30:34.0309 5796 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:30:34.0315 5796 iScsiPrt - ok
11:30:34.0344 5796 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:30:34.0347 5796 kbdclass - ok
11:30:34.0392 5796 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:30:34.0395 5796 kbdhid - ok
11:30:34.0438 5796 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:30:34.0441 5796 KeyIso - ok
11:30:34.0460 5796 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:30:34.0463 5796 KSecDD - ok
11:30:34.0486 5796 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:30:34.0491 5796 KSecPkg - ok
11:30:34.0526 5796 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:30:34.0529 5796 ksthunk - ok
11:30:34.0582 5796 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:30:34.0598 5796 KtmRm - ok
11:30:34.0658 5796 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
11:30:34.0664 5796 LanmanServer - ok
11:30:34.0711 5796 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:30:34.0716 5796 LanmanWorkstation - ok
11:30:34.0800 5796 LightScribeService (fcbdcc6f1801e32244235608e1277752) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
11:30:34.0823 5796 LightScribeService - ok
11:30:34.0863 5796 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:30:34.0866 5796 lltdio - ok
11:30:34.0898 5796 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:30:34.0913 5796 lltdsvc - ok
11:30:34.0932 5796 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:30:34.0936 5796 lmhosts - ok
11:30:34.0995 5796 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:30:34.0999 5796 LSI_FC - ok
11:30:35.0037 5796 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:30:35.0041 5796 LSI_SAS - ok
11:30:35.0065 5796 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:30:35.0069 5796 LSI_SAS2 - ok
11:30:35.0094 5796 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:30:35.0098 5796 LSI_SCSI - ok
11:30:35.0128 5796 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:30:35.0132 5796 luafv - ok
11:30:35.0201 5796 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:30:35.0205 5796 Mcx2Svc - ok
11:30:35.0234 5796 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:30:35.0237 5796 megasas - ok
11:30:35.0273 5796 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:30:35.0283 5796 MegaSR - ok
11:30:35.0339 5796 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:30:35.0343 5796 MMCSS - ok
11:30:35.0382 5796 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:30:35.0385 5796 Modem - ok
11:30:35.0424 5796 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:30:35.0425 5796 monitor - ok
11:30:35.0505 5796 MotoHelper (36ac4deceae4226a5b5dd038c49658e1) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
11:30:35.0527 5796 MotoHelper - ok
11:30:35.0597 5796 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:30:35.0600 5796 mouclass - ok
11:30:35.0690 5796 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:30:35.0693 5796 mouhid - ok
11:30:35.0743 5796 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:30:35.0747 5796 mountmgr - ok
11:30:35.0801 5796 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:30:35.0805 5796 mpio - ok
11:30:35.0833 5796 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:30:35.0837 5796 mpsdrv - ok
11:30:35.0907 5796 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:30:35.0914 5796 MpsSvc - ok
11:30:35.0958 5796 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:30:35.0962 5796 MRxDAV - ok
11:30:36.0008 5796 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:30:36.0013 5796 mrxsmb - ok
11:30:36.0067 5796 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:30:36.0073 5796 mrxsmb10 - ok
11:30:36.0092 5796 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:30:36.0096 5796 mrxsmb20 - ok
11:30:36.0134 5796 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:30:36.0137 5796 msahci - ok
11:30:36.0181 5796 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:30:36.0185 5796 msdsm - ok
11:30:36.0218 5796 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:30:36.0223 5796 MSDTC - ok
11:30:36.0272 5796 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:30:36.0275 5796 Msfs - ok
11:30:36.0304 5796 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:30:36.0307 5796 mshidkmdf - ok
11:30:36.0344 5796 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:30:36.0347 5796 msisadrv - ok
11:30:36.0382 5796 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:30:36.0387 5796 MSiSCSI - ok
11:30:36.0398 5796 msiserver - ok
11:30:36.0425 5796 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:30:36.0429 5796 MSKSSRV - ok
11:30:36.0453 5796 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:30:36.0457 5796 MSPCLOCK - ok
11:30:36.0479 5796 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:30:36.0483 5796 MSPQM - ok
11:30:36.0532 5796 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:30:36.0549 5796 MsRPC - ok
11:30:36.0600 5796 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:30:36.0603 5796 mssmbios - ok
11:30:36.0630 5796 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:30:36.0633 5796 MSTEE - ok
11:30:36.0661 5796 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:30:36.0664 5796 MTConfig - ok
11:30:36.0690 5796 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:30:36.0694 5796 Mup - ok
11:30:36.0753 5796 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:30:36.0777 5796 napagent - ok
11:30:36.0833 5796 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:30:36.0840 5796 NativeWifiP - ok
11:30:36.0923 5796 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:30:36.0951 5796 NDIS - ok
11:30:36.0991 5796 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:30:36.0993 5796 NdisCap - ok
11:30:37.0021 5796 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:30:37.0024 5796 NdisTapi - ok
11:30:37.0080 5796 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:30:37.0085 5796 Ndisuio - ok
11:30:37.0122 5796 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:30:37.0127 5796 NdisWan - ok
11:30:37.0152 5796 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:30:37.0156 5796 NDProxy - ok
11:30:37.0193 5796 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:30:37.0196 5796 NetBIOS - ok
11:30:37.0269 5796 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:30:37.0274 5796 NetBT - ok
11:30:37.0322 5796 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:30:37.0325 5796 Netlogon - ok
11:30:37.0377 5796 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:30:37.0394 5796 Netman - ok
11:30:37.0427 5796 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:30:37.0447 5796 netprofm - ok
11:30:37.0565 5796 netr28x (aa1d8f9de032be4e8303af33368fdfc8) C:\Windows\system32\DRIVERS\netr28x.sys
11:30:37.0598 5796 netr28x - ok
11:30:37.0898 5796 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:30:37.0927 5796 NetTcpPortSharing - ok
11:30:38.0366 5796 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
11:30:38.0495 5796 netw5v64 - ok
11:30:38.0630 5796 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:30:38.0633 5796 nfrd960 - ok
11:30:38.0709 5796 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:30:38.0725 5796 NlaSvc - ok
11:30:38.0897 5796 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
11:30:39.0051 5796 NOBU - ok
11:30:39.0200 5796 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:30:39.0208 5796 Npfs - ok
11:30:39.0238 5796 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:30:39.0243 5796 nsi - ok
11:30:39.0258 5796 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:30:39.0259 5796 nsiproxy - ok
11:30:39.0365 5796 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:30:39.0410 5796 Ntfs - ok
11:30:39.0498 5796 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:30:39.0501 5796 Null - ok
11:30:39.0545 5796 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:30:39.0564 5796 nvraid - ok
11:30:39.0603 5796 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:30:39.0619 5796 nvstor - ok
11:30:39.0762 5796 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:30:39.0766 5796 nv_agp - ok
11:30:39.0807 5796 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:30:39.0811 5796 ohci1394 - ok
11:30:39.0904 5796 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:30:39.0923 5796 ose - ok
11:30:40.0148 5796 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:30:40.0407 5796 osppsvc - ok
11:30:40.0506 5796 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:30:40.0523 5796 p2pimsvc - ok
11:30:40.0580 5796 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:30:40.0600 5796 p2psvc - ok
11:30:40.0655 5796 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:30:40.0662 5796 Parport - ok
11:30:40.0696 5796 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
11:30:40.0699 5796 partmgr - ok
11:30:40.0740 5796 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:30:40.0745 5796 PcaSvc - ok
11:30:40.0781 5796 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:30:40.0786 5796 pci - ok
11:30:40.0812 5796 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:30:40.0816 5796 pciide - ok
11:30:40.0851 5796 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:30:40.0856 5796 pcmcia - ok
11:30:40.0891 5796 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:30:40.0895 5796 pcw - ok
11:30:40.0937 5796 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:30:40.0957 5796 PEAUTH - ok
11:30:41.0034 5796 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:30:41.0051 5796 PerfHost - ok
11:30:41.0188 5796 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:30:41.0227 5796 pla - ok
11:30:41.0289 5796 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:30:41.0310 5796 PlugPlay - ok
11:30:41.0336 5796 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:30:41.0340 5796 PNRPAutoReg - ok
11:30:41.0376 5796 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:30:41.0380 5796 PNRPsvc - ok
11:30:41.0441 5796 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:30:41.0461 5796 PolicyAgent - ok
11:30:41.0503 5796 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:30:41.0510 5796 Power - ok
11:30:41.0596 5796 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:30:41.0599 5796 PptpMiniport - ok
11:30:41.0641 5796 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:30:41.0646 5796 Processor - ok
11:30:41.0686 5796 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
11:30:41.0692 5796 ProfSvc - ok
11:30:41.0735 5796 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:30:41.0737 5796 ProtectedStorage - ok
11:30:41.0788 5796 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:30:41.0791 5796 Psched - ok
11:30:41.0876 5796 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:30:41.0916 5796 ql2300 - ok
11:30:42.0016 5796 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:30:42.0020 5796 ql40xx - ok
11:30:42.0061 5796 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:30:42.0078 5796 QWAVE - ok
11:30:42.0105 5796 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:30:42.0109 5796 QWAVEdrv - ok
11:30:42.0133 5796 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:30:42.0136 5796 RasAcd - ok
11:30:42.0208 5796 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:30:42.0211 5796 RasAgileVpn - ok
11:30:42.0249 5796 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:30:42.0253 5796 RasAuto - ok
11:30:42.0318 5796 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:30:42.0323 5796 Rasl2tp - ok
11:30:42.0350 5796 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:30:42.0367 5796 RasMan - ok
11:30:42.0414 5796 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:30:42.0417 5796 RasPppoe - ok
11:30:42.0456 5796 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:30:42.0461 5796 RasSstp - ok
11:30:42.0510 5796 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:30:42.0525 5796 rdbss - ok
11:30:42.0570 5796 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:30:42.0572 5796 rdpbus - ok
11:30:42.0598 5796 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:30:42.0599 5796 RDPCDD - ok
11:30:42.0636 5796 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:30:42.0637 5796 RDPENCDD - ok
11:30:42.0715 5796 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:30:42.0716 5796 RDPREFMP - ok
11:30:42.0763 5796 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
11:30:42.0768 5796 RDPWD - ok
11:30:42.0835 5796 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:30:42.0840 5796 rdyboost - ok
11:30:42.0875 5796 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:30:42.0879 5796 RemoteAccess - ok
11:30:42.0923 5796 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:30:42.0929 5796 RemoteRegistry - ok
11:30:43.0007 5796 RoxioNow Service (c1568e17039b2ec2b73a4f880ddd51e5) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
11:30:43.0035 5796 RoxioNow Service - ok
11:30:43.0081 5796 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:30:43.0086 5796 RpcEptMapper - ok
11:30:43.0117 5796 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:30:43.0121 5796 RpcLocator - ok
11:30:43.0184 5796 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:30:43.0190 5796 RpcSs - ok
11:30:43.0261 5796 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:30:43.0265 5796 rspndr - ok
11:30:43.0306 5796 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:30:43.0329 5796 RTL8167 - ok
11:30:43.0409 5796 RtVOsdService (4ea7e5df0cb237156176fa0349e6e87f) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
11:30:43.0440 5796 RtVOsdService - ok
11:30:43.0496 5796 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:30:43.0498 5796 SamSs - ok
11:30:43.0540 5796 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:30:43.0544 5796 sbp2port - ok
11:30:43.0578 5796 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:30:43.0584 5796 SCardSvr - ok
11:30:43.0620 5796 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:30:43.0624 5796 scfilter - ok
11:30:43.0705 5796 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:30:43.0754 5796 Schedule - ok
11:30:43.0800 5796 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:30:43.0803 5796 SCPolicySvc - ok
11:30:43.0870 5796 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
11:30:43.0874 5796 sdbus - ok
11:30:43.0900 5796 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:30:43.0905 5796 SDRSVC - ok
11:30:43.0944 5796 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:30:43.0947 5796 secdrv - ok
11:30:43.0972 5796 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:30:43.0976 5796 seclogon - ok
11:30:44.0004 5796 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
11:30:44.0009 5796 SENS - ok
11:30:44.0050 5796 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:30:44.0054 5796 SensrSvc - ok
11:30:44.0090 5796 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:30:44.0094 5796 Serenum - ok
11:30:44.0116 5796 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:30:44.0120 5796 Serial - ok
11:30:44.0163 5796 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:30:44.0174 5796 sermouse - ok
11:30:44.0234 5796 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:30:44.0239 5796 SessionEnv - ok
11:30:44.0273 5796 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:30:44.0276 5796 sffdisk - ok
11:30:44.0294 5796 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:30:44.0297 5796 sffp_mmc - ok
11:30:44.0327 5796 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:30:44.0331 5796 sffp_sd - ok
11:30:44.0371 5796 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:30:44.0374 5796 sfloppy - ok
11:30:44.0434 5796 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
11:30:44.0475 5796 Sftfs - ok
11:30:44.0667 5796 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
11:30:44.0734 5796 sftlist - ok
11:30:44.0913 5796 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
11:30:44.0919 5796 Sftplay - ok
11:30:44.0963 5796 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
11:30:44.0982 5796 Sftredir - ok
11:30:45.0012 5796 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
11:30:45.0015 5796 Sftvol - ok
11:30:45.0060 5796 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
11:30:45.0093 5796 sftvsa - ok
11:30:45.0134 5796 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:30:45.0149 5796 SharedAccess - ok
11:30:45.0206 5796 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:30:45.0222 5796 ShellHWDetection - ok
11:30:45.0264 5796 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:30:45.0267 5796 SiSRaid2 - ok
11:30:45.0315 5796 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:30:45.0319 5796 SiSRaid4 - ok
11:30:45.0413 5796 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:30:45.0417 5796 Smb - ok
11:30:45.0470 5796 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:30:45.0475 5796 SNMPTRAP - ok
11:30:45.0490 5796 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:30:45.0493 5796 spldr - ok
11:30:45.0563 5796 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:30:45.0604 5796 Spooler - ok
11:30:45.0770 5796 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:30:45.0886 5796 sppsvc - ok
11:30:45.0973 5796 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:30:45.0977 5796 sppuinotify - ok
11:30:46.0046 5796 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:30:46.0066 5796 srv - ok
11:30:46.0098 5796 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:30:46.0112 5796 srv2 - ok
11:30:46.0170 5796 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:30:46.0187 5796 SrvHsfHDA - ok
11:30:46.0262 5796 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
11:30:46.0314 5796 SrvHsfV92 - ok
11:30:46.0429 5796 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
11:30:46.0453 5796 SrvHsfWinac - ok
11:30:46.0498 5796 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:30:46.0502 5796 srvnet - ok
11:30:46.0559 5796 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:30:46.0577 5796 SSDPSRV - ok
11:30:46.0604 5796 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:30:46.0608 5796 SstpSvc - ok
11:30:46.0648 5796 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:30:46.0651 5796 stexstor - ok
11:30:46.0733 5796 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:30:46.0755 5796 stisvc - ok
11:30:46.0795 5796 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:30:46.0798 5796 swenum - ok
11:30:46.0845 5796 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:30:46.0869 5796 swprv - ok
11:30:46.0970 5796 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys
11:30:47.0009 5796 SynTP - ok
11:30:47.0178 5796 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:30:47.0227 5796 SysMain - ok
11:30:47.0332 5796 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:30:47.0335 5796 TabletInputService - ok
11:30:47.0365 5796 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:30:47.0381 5796 TapiSrv - ok
11:30:47.0411 5796 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:30:47.0416 5796 TBS - ok
11:30:47.0567 5796 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
11:30:47.0623 5796 Tcpip - ok
11:30:47.0872 5796 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
11:30:47.0885 5796 TCPIP6 - ok
11:30:47.0985 5796 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:30:47.0989 5796 tcpipreg - ok
11:30:48.0033 5796 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:30:48.0036 5796 TDPIPE - ok
11:30:48.0075 5796 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:30:48.0078 5796 TDTCP - ok
11:30:48.0132 5796 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:30:48.0136 5796 tdx - ok
11:30:48.0182 5796 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:30:48.0186 5796 TermDD - ok
11:30:48.0230 5796 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:30:48.0251 5796 TermService - ok
11:30:48.0280 5796 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:30:48.0284 5796 Themes - ok
11:30:48.0335 5796 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:30:48.0339 5796 THREADORDER - ok
11:30:48.0392 5796 tmactmon (e386dd8ec68c67ca3e2a3abdc1df5c56) C:\Windows\system32\DRIVERS\tmactmon.sys
11:30:48.0396 5796 tmactmon - ok
11:30:48.0479 5796 tmcomm (ab011c569487fd65c8944ddf8cbb2572) C:\Windows\system32\DRIVERS\tmcomm.sys
11:30:48.0484 5796 tmcomm - ok
11:30:48.0544 5796 tmeevw (1161f882b3cfa8076870a09924e0adc2) C:\Windows\system32\DRIVERS\tmeevw.sys
11:30:48.0557 5796 tmeevw - ok
11:30:48.0604 5796 tmevtmgr (8870a3d7305455b47adccd226f8e51bc) C:\Windows\system32\DRIVERS\tmevtmgr.sys
11:30:48.0607 5796 tmevtmgr - ok
11:30:48.0667 5796 tmnciesc (f0ae672ee91e7f1ef24644621b57ca7f) C:\Windows\system32\DRIVERS\tmnciesc.sys
11:30:48.0672 5796 tmnciesc - ok
11:30:48.0723 5796 tmtdi (065cb7d9278d778fb9ef62cead01433f) C:\Windows\system32\DRIVERS\tmtdi.sys
11:30:48.0727 5796 tmtdi - ok
11:30:48.0778 5796 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:30:48.0783 5796 TrkWks - ok
11:30:48.0848 5796 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:30:48.0866 5796 TrustedInstaller - ok
11:30:48.0939 5796 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:30:48.0943 5796 tssecsrv - ok
11:30:48.0979 5796 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:30:48.0983 5796 TsUsbFlt - ok
11:30:49.0051 5796 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:30:49.0055 5796 tunnel - ok
11:30:49.0092 5796 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:30:49.0095 5796 uagp35 - ok
11:30:49.0147 5796 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:30:49.0161 5796 udfs - ok
11:30:49.0224 5796 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:30:49.0229 5796 UI0Detect - ok
11:30:49.0284 5796 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:30:49.0288 5796 uliagpkx - ok
11:30:49.0318 5796 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:30:49.0321 5796 umbus - ok
11:30:49.0354 5796 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:30:49.0357 5796 UmPass - ok
11:30:49.0405 5796 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:30:49.0421 5796 upnphost - ok
11:30:49.0464 5796 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
11:30:49.0468 5796 usbccgp - ok
11:30:49.0526 5796 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:30:49.0530 5796 usbcir - ok
11:30:49.0556 5796 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:30:49.0559 5796 usbehci - ok
11:30:49.0599 5796 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:30:49.0617 5796 usbhub - ok
11:30:49.0647 5796 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:30:49.0650 5796 usbohci - ok
11:30:49.0669 5796 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:30:49.0671 5796 usbprint - ok
11:30:49.0712 5796 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:30:49.0716 5796 USBSTOR - ok
11:30:49.0741 5796 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
11:30:49.0744 5796 usbuhci - ok
11:30:49.0777 5796 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:30:49.0781 5796 UxSms - ok
11:30:49.0823 5796 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:30:49.0825 5796 VaultSvc - ok
11:30:49.0866 5796 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:30:49.0870 5796 vdrvroot - ok
11:30:49.0932 5796 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:30:49.0956 5796 vds - ok
11:30:50.0011 5796 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:30:50.0022 5796 vga - ok
11:30:50.0045 5796 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:30:50.0048 5796 VgaSave - ok
11:30:50.0091 5796 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:30:50.0099 5796 vhdmp - ok
11:30:50.0128 5796 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:30:50.0132 5796 viaide - ok
11:30:50.0158 5796 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:30:50.0162 5796 volmgr - ok
11:30:50.0208 5796 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:30:50.0222 5796 volmgrx - ok
11:30:50.0258 5796 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:30:50.0264 5796 volsnap - ok
11:30:50.0313 5796 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:30:50.0318 5796 vsmraid - ok
11:30:50.0421 5796 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:30:50.0493 5796 VSS - ok
11:30:50.0626 5796 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:30:50.0630 5796 vwifibus - ok
11:30:50.0661 5796 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:30:50.0664 5796 vwififlt - ok
11:30:50.0711 5796 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:30:50.0726 5796 W32Time - ok
11:30:50.0763 5796 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:30:50.0767 5796 WacomPen - ok
11:30:50.0833 5796 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:30:50.0838 5796 WANARP - ok
11:30:50.0856 5796 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:30:50.0862 5796 Wanarpv6 - ok
11:30:50.0957 5796 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:30:51.0021 5796 WatAdminSvc - ok
11:30:51.0115 5796 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:30:51.0190 5796 wbengine - ok
11:30:51.0298 5796 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:30:51.0305 5796 WbioSrvc - ok
11:30:51.0352 5796 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:30:51.0372 5796 wcncsvc - ok
11:30:51.0395 5796 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:30:51.0400 5796 WcsPlugInService - ok
11:30:51.0443 5796 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:30:51.0457 5796 Wd - ok
11:30:51.0502 5796 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:30:51.0524 5796 Wdf01000 - ok
11:30:51.0558 5796 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:30:51.0562 5796 WdiServiceHost - ok
11:30:51.0572 5796 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:30:51.0576 5796 WdiSystemHost - ok
11:30:51.0622 5796 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:30:51.0706 5796 WebClient - ok
11:30:51.0739 5796 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:30:51.0746 5796 Wecsvc - ok
11:30:51.0775 5796 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:30:51.0779 5796 wercplsupport - ok
11:30:51.0807 5796 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:30:51.0811 5796 WerSvc - ok
11:30:51.0886 5796 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:30:51.0892 5796 WfpLwf - ok
11:30:51.0942 5796 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:30:51.0945 5796 WIMMount - ok
11:30:51.0976 5796 WinDefend - ok
11:30:51.0992 5796 WinHttpAutoProxySvc - ok
11:30:52.0069 5796 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:30:52.0074 5796 Winmgmt - ok
11:30:52.0185 5796 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:30:52.0234 5796 WinRM - ok
11:30:52.0382 5796 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:30:52.0411 5796 Wlansvc - ok
11:30:52.0581 5796 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:30:52.0647 5796 wlidsvc - ok
11:30:52.0764 5796 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:30:52.0767 5796 WmiAcpi - ok
11:30:52.0835 5796 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:30:52.0841 5796 wmiApSrv - ok
11:30:52.0890 5796 WMPNetworkSvc - ok
11:30:52.0930 5796 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:30:52.0934 5796 WPCSvc - ok
11:30:52.0977 5796 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:30:52.0983 5796 WPDBusEnum - ok
11:30:53.0016 5796 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:30:53.0018 5796 ws2ifsl - ok
11:30:53.0046 5796 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
11:30:53.0050 5796 wscsvc - ok
11:30:53.0062 5796 WSearch - ok
11:30:53.0190 5796 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
11:30:53.0271 5796 wuauserv - ok
11:30:53.0384 5796 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:30:53.0387 5796 WudfPf - ok
11:30:53.0434 5796 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:30:53.0439 5796 WUDFRd - ok
11:30:53.0483 5796 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:30:53.0487 5796 wudfsvc - ok
11:30:53.0534 5796 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:30:53.0542 5796 WwanSvc - ok
11:30:53.0625 5796 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
11:30:53.0639 5796 yukonw7 - ok
11:30:53.0673 5796 MBR (0x1B8) (6d06fbacf20c1175bda3ab8ce42a2436) \Device\Harddisk0\DR0
11:30:53.0864 5796 \Device\Harddisk0\DR0 - ok
11:30:53.0873 5796 Boot (0x1200) (ccf93909cc85d6fc1556322152ed7054) \Device\Harddisk0\DR0\Partition0
11:30:53.0875 5796 \Device\Harddisk0\DR0\Partition0 - ok
11:30:53.0891 5796 Boot (0x1200) (f187f5c131d901d72e955510980fdfe8) \Device\Harddisk0\DR0\Partition1
11:30:53.0893 5796 \Device\Harddisk0\DR0\Partition1 - ok
11:30:53.0931 5796 Boot (0x1200) (3b9bb59bf514fd16609c35291000f858) \Device\Harddisk0\DR0\Partition2
11:30:53.0934 5796 \Device\Harddisk0\DR0\Partition2 - ok
11:30:53.0956 5796 Boot (0x1200) (4f6546b17a4c0c8a153ebc0a5e77db48) \Device\Harddisk0\DR0\Partition3
11:30:53.0958 5796 \Device\Harddisk0\DR0\Partition3 - ok
11:30:53.0962 5796 ============================================================
11:30:53.0962 5796 Scan finished
11:30:53.0962 5796 ============================================================
11:30:53.0981 3784 Detected object count: 0
11:30:53.0981 3784 Actual detected object count: 0



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-27 11:32:45
-----------------------------
11:32:45.559 OS Version: Windows x64 6.1.7601 Service Pack 1
11:32:45.559 Number of processors: 1 586 0x170A
11:32:45.561 ComputerName: SHEILA-HP UserName: sheila
11:32:47.491 Initialize success
11:46:02.104 The log file has been saved successfully to "C:\Users\sheila\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-27 11:32:45
-----------------------------
11:32:45.559 OS Version: Windows x64 6.1.7601 Service Pack 1
11:32:45.559 Number of processors: 1 586 0x170A
11:32:45.561 ComputerName: SHEILA-HP UserName: sheila
11:32:47.491 Initialize success
11:46:02.104 The log file has been saved successfully to "C:\Users\sheila\Desktop\aswMBR.txt"
11:51:50.767 AVAST engine defs: 12052700
11:52:48.983 The log file has been saved successfully to "C:\Users\sheila\Desktop\aswMBR.txt"

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:32 AM

Posted 27 May 2012 - 11:11 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 dialout

dialout
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 27 May 2012 - 02:01 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-27 11:32:45
-----------------------------
11:32:45.559 OS Version: Windows x64 6.1.7601 Service Pack 1
11:32:45.559 Number of processors: 1 586 0x170A
11:32:45.561 ComputerName: SHEILA-HP UserName: sheila
11:32:47.491 Initialize success
11:46:02.104 The log file has been saved successfully to "C:\Users\sheila\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-27 11:32:45
-----------------------------
11:32:45.559 OS Version: Windows x64 6.1.7601 Service Pack 1
11:32:45.559 Number of processors: 1 586 0x170A
11:32:45.561 ComputerName: SHEILA-HP UserName: sheila
11:32:47.491 Initialize success
11:46:02.104 The log file has been saved successfully to "C:\Users\sheila\Desktop\aswMBR.txt"
11:51:50.767 AVAST engine defs: 12052700
11:52:48.983 The log file has been saved successfully to "C:\Users\sheila\Desktop\aswMBR.txt"


combofox log to follow




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users