Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Audio averts playing when Desktop loads


  • Please log in to reply
14 replies to this topic

#1 vedekandy

vedekandy

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 13 June 2012 - 04:08 PM

Hi all,

I wonder if anyone can shed some light on this. I'm a fairly experienced PC user, and indeed usually help others remove viruses and the like, but I'm stumped on this one.

Upon loading the desktop, I will sometimes - not ALWAYS, just sometimes, possibly dependent on how fast my net connection comes up - have two audio adverts play in succession. The first is for Airwick, and the second for Cillit Bang - in total about 60 seconds, but with no window to accompany them. I quickly glanced at the Task Manager as it was happening, and noted nothing unusual (though I regret I didn't show processes from all users.)

I always hate to jump to conclusions, such as virus infection, but this is definitely not normal behaviour. So far I have:

1) Performed a Quick Scan using Malware Bytes, fully updated
2) Performed a full scan of the system drive using Comodo Antivirus
3) Used GMER's rootkit scanner
4) Attempted to use GMER's MBR tool, which sadly failed giving me an error
5) Checked all of my installed software to ensure nothing untoward has been installed - I can't see anything.

At this stage, I'm somewhat at a loss - I suspect a virus or malware, simply due to something happening which should not (invasive audio adverts) but I'm at a loss of what to do next.

Any suggestions would be welcomed!

Thanks,

-Andy H

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:04 PM

Posted 13 June 2012 - 08:00 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 vedekandy

vedekandy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 14 June 2012 - 11:42 AM

Thank you for your reply :)

The log from TDSSkiller is as follows:


17:39:24.0600 2664 TDSS rootkit removing tool 2.7.39.0 Jun 14 2012 08:11:46
17:39:24.0770 2664 ============================================================
17:39:24.0770 2664 Current date / time: 2012/06/14 17:39:24.0770
17:39:24.0770 2664 SystemInfo:
17:39:24.0770 2664 http://www.bleepingcomputer.com/forums/index.php?app=forums&module=post&section=post&do=reply_post&f=103&t=456910&qpid=2730758
17:39:24.0770 2664 OS Version: 6.1.7601 ServicePack: 1.0
17:39:24.0770 2664 Product type: Workstation
17:39:24.0770 2664 ComputerName: ANDY-PC
17:39:24.0771 2664 UserName: Andy
17:39:24.0771 2664 Windows directory: C:\Windows
17:39:24.0771 2664 System windows directory: C:\Windows
17:39:24.0771 2664 Running under WOW64
17:39:24.0771 2664 Processor architecture: Intel x64
17:39:24.0771 2664 Number of processors: 4
17:39:24.0771 2664 Page size: 0x1000
17:39:24.0771 2664 Boot type: Normal boot
17:39:24.0771 2664 ============================================================
17:39:28.0783 2664 Drive \Device\Harddisk2\DR2 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:39:28.0797 2664 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:39:28.0797 2664 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:39:28.0805 2664 Drive \Device\Harddisk4\DR4 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:39:28.0807 2664 ============================================================
17:39:28.0807 2664 \Device\Harddisk2\DR2:
17:39:28.0840 2664 MBR partitions:
17:39:28.0840 2664 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:39:28.0840 2664 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A352000
17:39:28.0840 2664 \Device\Harddisk0\DR0:
17:39:28.0840 2664 MBR partitions:
17:39:28.0840 2664 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
17:39:28.0840 2664 \Device\Harddisk1\DR1:
17:39:28.0840 2664 MBR partitions:
17:39:28.0840 2664 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
17:39:28.0840 2664 \Device\Harddisk4\DR4:
17:39:28.0841 2664 MBR partitions:
17:39:28.0841 2664 \Device\Harddisk4\DR4\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
17:39:28.0841 2664 ============================================================
17:39:28.0921 2664 C: <-> \Device\Harddisk2\DR2\Partition1
17:39:28.0928 2664 I: <-> \Device\Harddisk4\DR4\Partition0
17:39:28.0962 2664 E: <-> \Device\Harddisk0\DR0\Partition0
17:39:28.0979 2664 D: <-> \Device\Harddisk1\DR1\Partition0
17:39:28.0979 2664 ============================================================
17:39:28.0979 2664 Initialize success
17:39:28.0979 2664 ============================================================
17:40:06.0133 3336 ============================================================
17:40:06.0133 3336 Scan started
17:40:06.0133 3336 Mode: Manual; TDLFS;
17:40:06.0133 3336 ============================================================
17:40:07.0041 3336 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:40:07.0047 3336 1394ohci - ok
17:40:07.0110 3336 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:40:07.0116 3336 ACPI - ok
17:40:07.0139 3336 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:40:07.0142 3336 AcpiPmi - ok
17:40:07.0303 3336 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:40:07.0305 3336 AdobeARMservice - ok
17:40:07.0411 3336 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:40:07.0417 3336 adp94xx - ok
17:40:07.0432 3336 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:40:07.0458 3336 adpahci - ok
17:40:07.0469 3336 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:40:07.0471 3336 adpu320 - ok
17:40:07.0494 3336 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:40:07.0496 3336 AeLookupSvc - ok
17:40:07.0536 3336 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:40:07.0540 3336 AFD - ok
17:40:07.0574 3336 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:40:07.0576 3336 agp440 - ok
17:40:07.0594 3336 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:40:07.0596 3336 ALG - ok
17:40:07.0645 3336 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:40:07.0647 3336 aliide - ok
17:40:07.0677 3336 AMD External Events Utility (1ea72552bc6ab3a5d02e16a3004b3b97) C:\Windows\system32\atiesrxx.exe
17:40:07.0679 3336 AMD External Events Utility - ok
17:40:07.0701 3336 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:40:07.0704 3336 amdide - ok
17:40:07.0752 3336 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:40:07.0755 3336 AmdK8 - ok
17:40:08.0531 3336 amdkmdag (bfa9657adf7ddc29242a6e0e88de36fa) C:\Windows\system32\DRIVERS\atikmdag.sys
17:40:08.0655 3336 amdkmdag - ok
17:40:08.0861 3336 amdkmdap (8c493027d9b2399283e724e9862ebb42) C:\Windows\system32\DRIVERS\atikmpag.sys
17:40:08.0864 3336 amdkmdap - ok
17:40:08.0896 3336 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:40:08.0898 3336 AmdPPM - ok
17:40:08.0971 3336 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:40:08.0974 3336 amdsata - ok
17:40:08.0993 3336 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:40:08.0998 3336 amdsbs - ok
17:40:09.0016 3336 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:40:09.0016 3336 amdxata - ok
17:40:09.0053 3336 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:40:09.0055 3336 AppID - ok
17:40:09.0082 3336 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:40:09.0083 3336 AppIDSvc - ok
17:40:09.0115 3336 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:40:09.0116 3336 Appinfo - ok
17:40:09.0288 3336 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:40:09.0290 3336 Apple Mobile Device - ok
17:40:09.0343 3336 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
17:40:09.0346 3336 AppMgmt - ok
17:40:09.0365 3336 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:40:09.0368 3336 arc - ok
17:40:09.0378 3336 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:40:09.0380 3336 arcsas - ok
17:40:09.0431 3336 ArcSec (a7409b5c0e35ddee64f16f3054e5530b) C:\Windows\system32\drivers\ArcSec.sys
17:40:09.0434 3336 ArcSec - ok
17:40:09.0665 3336 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:40:09.0688 3336 aspnet_state - ok
17:40:09.0734 3336 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:40:09.0735 3336 AsyncMac - ok
17:40:09.0770 3336 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:40:09.0770 3336 atapi - ok
17:40:09.0797 3336 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
17:40:09.0799 3336 AtiHDAudioService - ok
17:40:09.0929 3336 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:40:09.0937 3336 AudioEndpointBuilder - ok
17:40:09.0943 3336 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:40:09.0947 3336 AudioSrv - ok
17:40:10.0019 3336 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:40:10.0020 3336 AxInstSV - ok
17:40:10.0067 3336 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:40:10.0086 3336 b06bdrv - ok
17:40:10.0149 3336 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:40:10.0155 3336 b57nd60a - ok
17:40:10.0193 3336 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:40:10.0195 3336 BDESVC - ok
17:40:10.0200 3336 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:40:10.0201 3336 Beep - ok
17:40:10.0256 3336 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:40:10.0263 3336 BFE - ok
17:40:10.0631 3336 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
17:40:10.0639 3336 BITS - ok
17:40:10.0712 3336 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:40:10.0714 3336 blbdrive - ok
17:40:10.0772 3336 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
17:40:10.0774 3336 Bonjour Service - ok
17:40:10.0796 3336 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:40:10.0798 3336 bowser - ok
17:40:10.0811 3336 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:40:10.0813 3336 BrFiltLo - ok
17:40:10.0818 3336 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:40:10.0819 3336 BrFiltUp - ok
17:40:10.0925 3336 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:40:10.0928 3336 Browser - ok
17:40:10.0953 3336 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:40:10.0957 3336 Brserid - ok
17:40:10.0970 3336 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:40:10.0973 3336 BrSerWdm - ok
17:40:10.0980 3336 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:40:10.0981 3336 BrUsbMdm - ok
17:40:10.0990 3336 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:40:10.0992 3336 BrUsbSer - ok
17:40:11.0071 3336 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
17:40:11.0079 3336 BthEnum - ok
17:40:11.0128 3336 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:40:11.0130 3336 BTHMODEM - ok
17:40:11.0171 3336 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
17:40:11.0174 3336 BthPan - ok
17:40:11.0289 3336 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
17:40:11.0298 3336 BTHPORT - ok
17:40:11.0334 3336 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:40:11.0337 3336 bthserv - ok
17:40:11.0384 3336 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
17:40:11.0387 3336 BTHUSB - ok
17:40:11.0438 3336 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:40:11.0441 3336 cdfs - ok
17:40:11.0506 3336 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:40:11.0508 3336 cdrom - ok
17:40:11.0554 3336 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:40:11.0557 3336 CertPropSvc - ok
17:40:11.0607 3336 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:40:11.0610 3336 circlass - ok
17:40:11.0709 3336 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:40:11.0724 3336 CLFS - ok
17:40:11.0794 3336 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:40:11.0799 3336 clr_optimization_v2.0.50727_32 - ok
17:40:11.0852 3336 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:40:11.0854 3336 clr_optimization_v2.0.50727_64 - ok
17:40:11.0898 3336 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:40:11.0980 3336 clr_optimization_v4.0.30319_32 - ok
17:40:12.0019 3336 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:40:12.0021 3336 clr_optimization_v4.0.30319_64 - ok
17:40:12.0068 3336 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:40:12.0073 3336 CmBatt - ok
17:40:12.0379 3336 cmdAgent (cee48ccc4d561ddb19c72f9fb55d28d5) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
17:40:12.0393 3336 cmdAgent - ok
17:40:12.0456 3336 cmderd (7eac5e62f0b93262984d450e0d497b61) C:\Windows\system32\DRIVERS\cmderd.sys
17:40:12.0457 3336 cmderd - ok
17:40:12.0474 3336 cmdGuard (0599d5a458d4e0e37ab84e9d1c5c73e5) C:\Windows\system32\DRIVERS\cmdguard.sys
17:40:12.0477 3336 cmdGuard - ok
17:40:12.0487 3336 cmdHlp (2d3e08c7106f748f9eff3dec14142d3e) C:\Windows\system32\DRIVERS\cmdhlp.sys
17:40:12.0488 3336 cmdHlp - ok
17:40:12.0550 3336 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:40:12.0560 3336 cmdide - ok
17:40:12.0635 3336 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:40:12.0645 3336 CNG - ok
17:40:12.0661 3336 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:40:12.0663 3336 Compbatt - ok
17:40:12.0729 3336 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:40:12.0730 3336 CompositeBus - ok
17:40:12.0732 3336 COMSysApp - ok
17:40:12.0749 3336 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:40:12.0751 3336 crcdisk - ok
17:40:12.0826 3336 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
17:40:12.0830 3336 CryptSvc - ok
17:40:12.0889 3336 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
17:40:12.0896 3336 CSC - ok
17:40:12.0987 3336 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
17:40:12.0993 3336 CscService - ok
17:40:13.0021 3336 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:40:13.0026 3336 DcomLaunch - ok
17:40:13.0042 3336 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:40:13.0045 3336 defragsvc - ok
17:40:13.0092 3336 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:40:13.0093 3336 DfsC - ok
17:40:13.0120 3336 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:40:13.0123 3336 Dhcp - ok
17:40:13.0141 3336 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:40:13.0141 3336 discache - ok
17:40:13.0169 3336 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:40:13.0169 3336 Disk - ok
17:40:13.0190 3336 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:40:13.0192 3336 Dnscache - ok
17:40:13.0260 3336 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:40:13.0265 3336 dot3svc - ok
17:40:13.0330 3336 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:40:13.0332 3336 DPS - ok
17:40:13.0361 3336 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:40:13.0363 3336 drmkaud - ok
17:40:13.0445 3336 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:40:13.0453 3336 DXGKrnl - ok
17:40:13.0478 3336 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:40:13.0481 3336 EapHost - ok
17:40:13.0670 3336 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:40:13.0775 3336 ebdrv - ok
17:40:13.0906 3336 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:40:13.0908 3336 EFS - ok
17:40:13.0949 3336 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:40:13.0955 3336 ehRecvr - ok
17:40:13.0977 3336 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:40:13.0978 3336 ehSched - ok
17:40:14.0076 3336 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
17:40:14.0078 3336 ElbyCDIO - ok
17:40:14.0198 3336 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:40:14.0207 3336 elxstor - ok
17:40:14.0236 3336 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:40:14.0245 3336 ErrDev - ok
17:40:14.0342 3336 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:40:14.0348 3336 EventSystem - ok
17:40:14.0411 3336 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:40:14.0415 3336 exfat - ok
17:40:14.0471 3336 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:40:14.0476 3336 fastfat - ok
17:40:14.0592 3336 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:40:14.0602 3336 Fax - ok
17:40:14.0615 3336 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:40:14.0616 3336 fdc - ok
17:40:14.0651 3336 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:40:14.0652 3336 fdPHost - ok
17:40:14.0659 3336 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:40:14.0660 3336 FDResPub - ok
17:40:14.0674 3336 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:40:14.0675 3336 FileInfo - ok
17:40:14.0681 3336 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:40:14.0683 3336 Filetrace - ok
17:40:15.0048 3336 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:40:15.0088 3336 FLEXnet Licensing Service - ok
17:40:15.0125 3336 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:40:15.0127 3336 flpydisk - ok
17:40:15.0154 3336 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:40:15.0157 3336 FltMgr - ok
17:40:15.0316 3336 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:40:15.0331 3336 FontCache - ok
17:40:15.0407 3336 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:40:15.0408 3336 FontCache3.0.0.0 - ok
17:40:15.0471 3336 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:40:15.0474 3336 FsDepends - ok
17:40:15.0511 3336 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
17:40:15.0512 3336 Fs_Rec - ok
17:40:15.0607 3336 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:40:15.0619 3336 fvevol - ok
17:40:15.0687 3336 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:40:15.0690 3336 gagp30kx - ok
17:40:15.0730 3336 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:40:15.0731 3336 GEARAspiWDM - ok
17:40:15.0796 3336 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:40:15.0808 3336 gpsvc - ok
17:40:15.0825 3336 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:40:15.0827 3336 hcw85cir - ok
17:40:15.0900 3336 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:40:15.0904 3336 HdAudAddService - ok
17:40:15.0987 3336 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:40:15.0988 3336 HDAudBus - ok
17:40:16.0013 3336 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:40:16.0015 3336 HidBatt - ok
17:40:16.0037 3336 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:40:16.0039 3336 HidBth - ok
17:40:16.0063 3336 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:40:16.0066 3336 HidIr - ok
17:40:16.0090 3336 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
17:40:16.0091 3336 hidserv - ok
17:40:16.0134 3336 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:40:16.0135 3336 HidUsb - ok
17:40:16.0179 3336 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:40:16.0181 3336 hkmsvc - ok
17:40:16.0264 3336 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:40:16.0278 3336 HomeGroupListener - ok
17:40:16.0320 3336 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:40:16.0323 3336 HomeGroupProvider - ok
17:40:16.0374 3336 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:40:16.0376 3336 HpSAMD - ok
17:40:16.0402 3336 HTCAND64 (cf44b25ae808765d7308f412ad492ddb) C:\Windows\system32\Drivers\ANDROIDUSB.sys
17:40:16.0403 3336 HTCAND64 - ok
17:40:16.0531 3336 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:40:16.0545 3336 HTTP - ok
17:40:16.0571 3336 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:40:16.0571 3336 hwpolicy - ok
17:40:16.0628 3336 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:40:16.0631 3336 i8042prt - ok
17:40:16.0681 3336 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:40:16.0687 3336 iaStorV - ok
17:40:16.0833 3336 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:40:16.0846 3336 idsvc - ok
17:40:16.0877 3336 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:40:16.0879 3336 iirsp - ok
17:40:16.0988 3336 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:40:16.0999 3336 IKEEXT - ok
17:40:17.0125 3336 inspect (efff0afd27cc97bf0e5e0bab78419de7) C:\Windows\system32\DRIVERS\inspect.sys
17:40:17.0127 3336 inspect - ok
17:40:17.0330 3336 IntcAzAudAddService (13089f31aa37cde1ce3784ee01a48484) C:\Windows\system32\drivers\RTKVHD64.sys
17:40:17.0342 3336 IntcAzAudAddService - ok
17:40:17.0507 3336 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:40:17.0508 3336 intelide - ok
17:40:17.0534 3336 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:40:17.0535 3336 intelppm - ok
17:40:17.0565 3336 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:40:17.0567 3336 IPBusEnum - ok
17:40:17.0596 3336 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:40:17.0597 3336 IpFilterDriver - ok
17:40:17.0687 3336 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:40:17.0694 3336 iphlpsvc - ok
17:40:17.0726 3336 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:40:17.0728 3336 IPMIDRV - ok
17:40:17.0753 3336 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:40:17.0755 3336 IPNAT - ok
17:40:17.0991 3336 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
17:40:18.0013 3336 iPod Service - ok
17:40:18.0036 3336 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:40:18.0037 3336 IRENUM - ok
17:40:18.0069 3336 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:40:18.0070 3336 isapnp - ok
17:40:18.0087 3336 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:40:18.0090 3336 iScsiPrt - ok
17:40:18.0119 3336 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:40:18.0120 3336 kbdclass - ok
17:40:18.0162 3336 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
17:40:18.0164 3336 kbdhid - ok
17:40:18.0195 3336 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:40:18.0197 3336 KeyIso - ok
17:40:18.0225 3336 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:40:18.0230 3336 KSecDD - ok
17:40:18.0275 3336 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:40:18.0280 3336 KSecPkg - ok
17:40:18.0301 3336 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:40:18.0302 3336 ksthunk - ok
17:40:18.0372 3336 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:40:18.0386 3336 KtmRm - ok
17:40:18.0448 3336 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
17:40:18.0451 3336 LanmanServer - ok
17:40:18.0498 3336 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:40:18.0500 3336 LanmanWorkstation - ok
17:40:18.0521 3336 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:40:18.0522 3336 lltdio - ok
17:40:18.0595 3336 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:40:18.0613 3336 lltdsvc - ok
17:40:18.0633 3336 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:40:18.0635 3336 lmhosts - ok
17:40:18.0692 3336 LMS (50c7ce53ef461870410355f1f2e7d515) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
17:40:18.0758 3336 LMS - ok
17:40:18.0885 3336 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:40:18.0889 3336 LSI_FC - ok
17:40:18.0925 3336 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:40:18.0928 3336 LSI_SAS - ok
17:40:18.0949 3336 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:40:18.0952 3336 LSI_SAS2 - ok
17:40:19.0013 3336 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:40:19.0016 3336 LSI_SCSI - ok
17:40:19.0061 3336 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:40:19.0064 3336 luafv - ok
17:40:19.0098 3336 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
17:40:19.0100 3336 LVPr2M64 - ok
17:40:19.0121 3336 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
17:40:19.0122 3336 LVPr2Mon - ok
17:40:19.0237 3336 LVRS64 (0c85b2b6fb74b36a251792d45e0ef860) C:\Windows\system32\DRIVERS\lvrs64.sys
17:40:19.0241 3336 LVRS64 - ok
17:40:19.0647 3336 LVUVC64 (ff3a488924b0032b1a9ca6948c1fa9e8) C:\Windows\system32\DRIVERS\lvuvc64.sys
17:40:19.0664 3336 LVUVC64 - ok
17:40:19.0776 3336 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys
17:40:19.0777 3336 MBfilt - ok
17:40:19.0851 3336 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:40:19.0855 3336 Mcx2Svc - ok
17:40:19.0878 3336 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:40:19.0880 3336 megasas - ok
17:40:19.0987 3336 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:40:19.0992 3336 MegaSR - ok
17:40:20.0032 3336 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
17:40:20.0033 3336 MEIx64 - ok
17:40:20.0143 3336 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
17:40:20.0218 3336 Microsoft Office Groove Audit Service - ok
17:40:20.0253 3336 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:40:20.0255 3336 MMCSS - ok
17:40:20.0284 3336 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:40:20.0286 3336 Modem - ok
17:40:20.0311 3336 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:40:20.0312 3336 monitor - ok
17:40:20.0340 3336 MotioninJoyXFilter (fc44ad48746ffa5fd640ef1260ab5ec2) C:\Windows\system32\DRIVERS\MijXfilt.sys
17:40:20.0342 3336 MotioninJoyXFilter - ok
17:40:20.0471 3336 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:40:20.0472 3336 mouclass - ok
17:40:20.0508 3336 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:40:20.0510 3336 mouhid - ok
17:40:20.0547 3336 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:40:20.0549 3336 mountmgr - ok
17:40:20.0575 3336 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:40:20.0584 3336 mpio - ok
17:40:20.0597 3336 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:40:20.0598 3336 mpsdrv - ok
17:40:20.0650 3336 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:40:20.0657 3336 MpsSvc - ok
17:40:20.0686 3336 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:40:20.0688 3336 MRxDAV - ok
17:40:20.0711 3336 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:40:20.0714 3336 mrxsmb - ok
17:40:20.0732 3336 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:40:20.0735 3336 mrxsmb10 - ok
17:40:20.0744 3336 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:40:20.0745 3336 mrxsmb20 - ok
17:40:20.0816 3336 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:40:20.0818 3336 msahci - ok
17:40:20.0901 3336 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:40:20.0905 3336 msdsm - ok
17:40:20.0950 3336 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:40:20.0955 3336 MSDTC - ok
17:40:20.0980 3336 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:40:20.0981 3336 Msfs - ok
17:40:20.0997 3336 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:40:20.0999 3336 mshidkmdf - ok
17:40:21.0004 3336 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:40:21.0005 3336 msisadrv - ok
17:40:21.0033 3336 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:40:21.0038 3336 MSiSCSI - ok
17:40:21.0042 3336 msiserver - ok
17:40:21.0134 3336 MSI_MSIBIOS_010507 (192476c10371dc83243d67432b2cdcbf) C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys
17:40:21.0136 3336 MSI_MSIBIOS_010507 - ok
17:40:21.0169 3336 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:40:21.0171 3336 MSKSSRV - ok
17:40:21.0191 3336 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:40:21.0193 3336 MSPCLOCK - ok
17:40:21.0205 3336 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:40:21.0207 3336 MSPQM - ok
17:40:21.0248 3336 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:40:21.0253 3336 MsRPC - ok
17:40:21.0291 3336 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:40:21.0292 3336 mssmbios - ok
17:40:21.0350 3336 MSSQL$SQLEXPRESS - ok
17:40:21.0444 3336 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
17:40:21.0449 3336 MSSQLServerADHelper - ok
17:40:21.0475 3336 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:40:21.0477 3336 MSTEE - ok
17:40:22.0019 3336 msvsmon90 (0f4dd44765a7d23e0cd9965ee900558f) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
17:40:22.0105 3336 msvsmon90 - ok
17:40:22.0199 3336 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:40:22.0206 3336 MTConfig - ok
17:40:22.0214 3336 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:40:22.0215 3336 Mup - ok
17:40:22.0271 3336 MySQL - ok
17:40:22.0320 3336 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:40:22.0326 3336 napagent - ok
17:40:22.0360 3336 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:40:22.0376 3336 NativeWifiP - ok
17:40:22.0446 3336 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:40:22.0460 3336 NDIS - ok
17:40:22.0512 3336 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:40:22.0514 3336 NdisCap - ok
17:40:22.0537 3336 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:40:22.0539 3336 NdisTapi - ok
17:40:22.0578 3336 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:40:22.0580 3336 Ndisuio - ok
17:40:22.0625 3336 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:40:22.0627 3336 NdisWan - ok
17:40:22.0656 3336 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:40:22.0657 3336 NDProxy - ok
17:40:22.0700 3336 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:40:22.0703 3336 NetBIOS - ok
17:40:22.0765 3336 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:40:22.0769 3336 NetBT - ok
17:40:22.0807 3336 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:40:22.0808 3336 Netlogon - ok
17:40:22.0831 3336 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:40:22.0835 3336 Netman - ok
17:40:22.0980 3336 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:40:23.0001 3336 NetMsmqActivator - ok
17:40:23.0011 3336 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:40:23.0013 3336 NetPipeActivator - ok
17:40:23.0093 3336 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:40:23.0100 3336 netprofm - ok
17:40:23.0104 3336 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:40:23.0106 3336 NetTcpActivator - ok
17:40:23.0111 3336 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:40:23.0112 3336 NetTcpPortSharing - ok
17:40:23.0192 3336 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:40:23.0195 3336 nfrd960 - ok
17:40:23.0278 3336 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:40:23.0284 3336 NlaSvc - ok
17:40:23.0310 3336 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:40:23.0313 3336 Npfs - ok
17:40:23.0334 3336 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:40:23.0336 3336 nsi - ok
17:40:23.0365 3336 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:40:23.0366 3336 nsiproxy - ok
17:40:23.0521 3336 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:40:23.0580 3336 Ntfs - ok
17:40:23.0696 3336 NTIOLib_1_0_4 (1b32c54b95121ab1683c7b83b2db4b96) C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys
17:40:23.0697 3336 NTIOLib_1_0_4 - ok
17:40:23.0794 3336 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:40:23.0795 3336 Null - ok
17:40:23.0879 3336 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:40:23.0883 3336 nvraid - ok
17:40:23.0933 3336 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:40:23.0937 3336 nvstor - ok
17:40:23.0981 3336 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:40:23.0985 3336 nv_agp - ok
17:40:24.0187 3336 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:40:24.0289 3336 odserv - ok
17:40:24.0343 3336 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:40:24.0346 3336 ohci1394 - ok
17:40:24.0432 3336 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:40:24.0439 3336 ose - ok
17:40:24.0507 3336 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:40:24.0513 3336 p2pimsvc - ok
17:40:24.0536 3336 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:40:24.0542 3336 p2psvc - ok
17:40:24.0564 3336 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:40:24.0566 3336 Parport - ok
17:40:24.0585 3336 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
17:40:24.0586 3336 partmgr - ok
17:40:24.0612 3336 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:40:24.0614 3336 PcaSvc - ok
17:40:24.0682 3336 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:40:24.0684 3336 pci - ok
17:40:24.0696 3336 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:40:24.0697 3336 pciide - ok
17:40:24.0719 3336 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:40:24.0722 3336 pcmcia - ok
17:40:24.0733 3336 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:40:24.0734 3336 pcw - ok
17:40:24.0767 3336 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:40:24.0789 3336 PEAUTH - ok
17:40:24.0839 3336 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
17:40:24.0860 3336 PeerDistSvc - ok
17:40:24.0982 3336 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:40:25.0021 3336 PerfHost - ok
17:40:25.0185 3336 PhidgetWebservice21 (4a175f57a3475d0ad5eb2b41accbda0e) C:\Program Files\Phidgets\PhidgetWindowsService21.exe
17:40:25.0241 3336 PhidgetWebservice21 - ok
17:40:25.0438 3336 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:40:25.0454 3336 pla - ok
17:40:25.0563 3336 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:40:25.0569 3336 PlugPlay - ok
17:40:25.0593 3336 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:40:25.0596 3336 PNRPAutoReg - ok
17:40:25.0619 3336 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:40:25.0622 3336 PNRPsvc - ok
17:40:25.0672 3336 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:40:25.0678 3336 PolicyAgent - ok
17:40:25.0721 3336 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:40:25.0724 3336 Power - ok
17:40:25.0988 3336 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:40:25.0997 3336 PptpMiniport - ok
17:40:26.0019 3336 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:40:26.0021 3336 Processor - ok
17:40:26.0065 3336 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
17:40:26.0068 3336 ProfSvc - ok
17:40:26.0084 3336 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:40:26.0085 3336 ProtectedStorage - ok
17:40:26.0190 3336 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:40:26.0197 3336 Psched - ok
17:40:26.0255 3336 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:40:26.0295 3336 ql2300 - ok
17:40:26.0660 3336 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:40:26.0662 3336 ql40xx - ok
17:40:26.0688 3336 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:40:26.0692 3336 QWAVE - ok
17:40:26.0702 3336 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:40:26.0703 3336 QWAVEdrv - ok
17:40:26.0715 3336 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:40:26.0717 3336 RasAcd - ok
17:40:26.0737 3336 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:40:26.0739 3336 RasAgileVpn - ok
17:40:26.0748 3336 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:40:26.0750 3336 RasAuto - ok
17:40:26.0781 3336 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:40:26.0799 3336 Rasl2tp - ok
17:40:26.0863 3336 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:40:26.0867 3336 RasMan - ok
17:40:26.0883 3336 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:40:26.0884 3336 RasPppoe - ok
17:40:26.0900 3336 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:40:26.0902 3336 RasSstp - ok
17:40:26.0916 3336 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:40:26.0920 3336 rdbss - ok
17:40:26.0936 3336 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:40:26.0937 3336 rdpbus - ok
17:40:26.0957 3336 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:40:26.0957 3336 RDPCDD - ok
17:40:27.0068 3336 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
17:40:27.0071 3336 RDPDR - ok
17:40:27.0088 3336 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:40:27.0089 3336 RDPENCDD - ok
17:40:27.0118 3336 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:40:27.0119 3336 RDPREFMP - ok
17:40:27.0180 3336 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
17:40:27.0182 3336 RdpVideoMiniport - ok
17:40:27.0247 3336 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
17:40:27.0253 3336 RDPWD - ok
17:40:27.0312 3336 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:40:27.0316 3336 rdyboost - ok
17:40:27.0348 3336 RecFltr (aa39ad162a4cb52ff18f18264336a85b) C:\Windows\system32\drivers\RecFltr.sys
17:40:27.0350 3336 RecFltr - ok
17:40:27.0399 3336 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:40:27.0403 3336 RemoteAccess - ok
17:40:27.0452 3336 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:40:27.0457 3336 RemoteRegistry - ok
17:40:27.0520 3336 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
17:40:27.0538 3336 RFCOMM - ok
17:40:27.0563 3336 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:40:27.0567 3336 RpcEptMapper - ok
17:40:27.0596 3336 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:40:27.0599 3336 RpcLocator - ok
17:40:27.0656 3336 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:40:27.0660 3336 RpcSs - ok
17:40:27.0698 3336 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:40:27.0709 3336 rspndr - ok
17:40:27.0761 3336 RTL8167 (9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:40:27.0763 3336 RTL8167 - ok
17:40:27.0808 3336 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
17:40:27.0810 3336 s3cap - ok
17:40:27.0839 3336 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:40:27.0840 3336 SamSs - ok
17:40:27.0858 3336 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:40:27.0861 3336 sbp2port - ok
17:40:27.0892 3336 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:40:27.0896 3336 SCardSvr - ok
17:40:27.0936 3336 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:40:27.0938 3336 scfilter - ok
17:40:28.0027 3336 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:40:28.0044 3336 Schedule - ok
17:40:28.0118 3336 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:40:28.0119 3336 SCPolicySvc - ok
17:40:28.0189 3336 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:40:28.0193 3336 SDRSVC - ok
17:40:28.0386 3336 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:40:28.0387 3336 secdrv - ok
17:40:28.0432 3336 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:40:28.0435 3336 seclogon - ok
17:40:28.0461 3336 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
17:40:28.0463 3336 SENS - ok
17:40:28.0503 3336 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:40:28.0506 3336 SensrSvc - ok
17:40:28.0525 3336 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:40:28.0526 3336 Serenum - ok
17:40:28.0577 3336 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:40:28.0580 3336 Serial - ok
17:40:28.0629 3336 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:40:28.0631 3336 sermouse - ok
17:40:28.0682 3336 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:40:28.0687 3336 SessionEnv - ok
17:40:28.0705 3336 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:40:28.0724 3336 sffdisk - ok
17:40:28.0784 3336 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:40:28.0786 3336 sffp_mmc - ok
17:40:28.0802 3336 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:40:28.0804 3336 sffp_sd - ok
17:40:28.0833 3336 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:40:28.0835 3336 sfloppy - ok
17:40:28.0870 3336 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:40:28.0876 3336 SharedAccess - ok
17:40:28.0965 3336 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:40:28.0972 3336 ShellHWDetection - ok
17:40:29.0000 3336 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:40:29.0004 3336 SiSRaid2 - ok
17:40:29.0039 3336 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:40:29.0042 3336 SiSRaid4 - ok
17:40:29.0176 3336 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
17:40:29.0179 3336 SkypeUpdate - ok
17:40:29.0266 3336 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:40:29.0269 3336 Smb - ok
17:40:29.0328 3336 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:40:29.0331 3336 SNMPTRAP - ok
17:40:29.0366 3336 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:40:29.0367 3336 spldr - ok
17:40:29.0459 3336 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:40:29.0465 3336 Spooler - ok
17:40:29.0851 3336 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:40:29.0865 3336 sppsvc - ok
17:40:30.0009 3336 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:40:30.0012 3336 sppuinotify - ok
17:40:30.0137 3336 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:40:30.0140 3336 SQLBrowser - ok
17:40:30.0203 3336 SQLWriter (3c432a96363097870995e2a3c8b66abd) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:40:30.0204 3336 SQLWriter - ok
17:40:30.0332 3336 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:40:30.0339 3336 srv - ok
17:40:30.0386 3336 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:40:30.0397 3336 srv2 - ok
17:40:30.0410 3336 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:40:30.0414 3336 srvnet - ok
17:40:30.0490 3336 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:40:30.0505 3336 SSDPSRV - ok
17:40:30.0516 3336 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:40:30.0520 3336 SstpSvc - ok
17:40:30.0642 3336 Steam Client Service - ok
17:40:30.0672 3336 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:40:30.0675 3336 stexstor - ok
17:40:30.0755 3336 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:40:30.0769 3336 stisvc - ok
17:40:30.0800 3336 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
17:40:30.0801 3336 storflt - ok
17:40:30.0829 3336 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
17:40:30.0831 3336 storvsc - ok
17:40:30.0857 3336 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:40:30.0858 3336 swenum - ok
17:40:30.0963 3336 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
17:40:30.0971 3336 SwitchBoard - ok
17:40:31.0056 3336 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:40:31.0065 3336 swprv - ok
17:40:31.0071 3336 Synth3dVsc - ok
17:40:31.0305 3336 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:40:31.0354 3336 SysMain - ok
17:40:31.0492 3336 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:40:31.0497 3336 TabletInputService - ok
17:40:31.0548 3336 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:40:31.0563 3336 TapiSrv - ok
17:40:31.0589 3336 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:40:31.0591 3336 TBS - ok
17:40:31.0860 3336 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
17:40:31.0929 3336 Tcpip - ok
17:40:32.0147 3336 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
17:40:32.0160 3336 TCPIP6 - ok
17:40:32.0339 3336 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:40:32.0340 3336 tcpipreg - ok
17:40:32.0356 3336 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:40:32.0357 3336 TDPIPE - ok
17:40:32.0375 3336 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:40:32.0377 3336 TDTCP - ok
17:40:32.0434 3336 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:40:32.0453 3336 tdx - ok
17:40:32.0509 3336 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:40:32.0511 3336 TermDD - ok
17:40:32.0587 3336 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:40:32.0607 3336 TermService - ok
17:40:32.0628 3336 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:40:32.0632 3336 Themes - ok
17:40:32.0660 3336 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:40:32.0661 3336 THREADORDER - ok
17:40:32.0676 3336 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:40:32.0679 3336 TrkWks - ok
17:40:32.0737 3336 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:40:32.0739 3336 TrustedInstaller - ok
17:40:32.0784 3336 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:40:32.0786 3336 tssecsrv - ok
17:40:32.0822 3336 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:40:32.0824 3336 TsUsbFlt - ok
17:40:32.0829 3336 tsusbhub - ok
17:40:32.0883 3336 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:40:32.0886 3336 tunnel - ok
17:40:32.0908 3336 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:40:32.0912 3336 uagp35 - ok
17:40:32.0946 3336 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:40:32.0952 3336 udfs - ok
17:40:32.0982 3336 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:40:32.0986 3336 UI0Detect - ok
17:40:33.0049 3336 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:40:33.0051 3336 uliagpkx - ok
17:40:33.0062 3336 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
17:40:33.0064 3336 umbus - ok
17:40:33.0088 3336 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:40:33.0089 3336 UmPass - ok
17:40:33.0126 3336 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
17:40:33.0131 3336 UmRdpService - ok
17:40:33.0830 3336 UNS (374ebda379a8f38e0cfc2211611e7167) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
17:40:33.0906 3336 UNS - ok
17:40:34.0449 3336 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:40:34.0456 3336 upnphost - ok
17:40:34.0495 3336 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
17:40:34.0497 3336 USBAAPL64 - ok
17:40:34.0554 3336 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
17:40:34.0563 3336 usbaudio - ok
17:40:34.0616 3336 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:40:34.0618 3336 usbccgp - ok
17:40:34.0648 3336 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:40:34.0651 3336 usbcir - ok
17:40:34.0681 3336 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
17:40:34.0684 3336 usbehci - ok
17:40:34.0709 3336 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:40:34.0714 3336 usbhub - ok
17:40:34.0740 3336 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
17:40:34.0742 3336 usbohci - ok
17:40:34.0764 3336 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:40:34.0766 3336 usbprint - ok
17:40:34.0781 3336 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:40:34.0784 3336 USBSTOR - ok
17:40:34.0806 3336 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:40:34.0809 3336 usbuhci - ok
17:40:34.0827 3336 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
17:40:34.0831 3336 usbvideo - ok
17:40:34.0856 3336 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:40:34.0859 3336 UxSms - ok
17:40:34.0874 3336 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:40:34.0876 3336 VaultSvc - ok
17:40:34.0924 3336 VBoxDrv (ba20a718e25228b9d69d72e4f19edeb5) C:\Windows\system32\DRIVERS\VBoxDrv.sys
17:40:34.0927 3336 VBoxDrv - ok
17:40:34.0967 3336 VBoxNetAdp (48630b4530c80aaf3dde9633e4291d8c) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
17:40:34.0970 3336 VBoxNetAdp - ok
17:40:34.0997 3336 VBoxNetFlt (8b86a00d13e2dcbfe320061f3435faff) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
17:40:35.0000 3336 VBoxNetFlt - ok
17:40:35.0035 3336 VBoxUSB (9617a5d24439180e9d7def202ff79f4a) C:\Windows\system32\Drivers\VBoxUSB.sys
17:40:35.0038 3336 VBoxUSB - ok
17:40:35.0055 3336 VBoxUSBMon (cec73cea22b7258c0a8f2354dc49d25c) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
17:40:35.0058 3336 VBoxUSBMon - ok
17:40:35.0086 3336 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
17:40:35.0087 3336 VClone - ok
17:40:35.0121 3336 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:40:35.0122 3336 vdrvroot - ok
17:40:35.0171 3336 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:40:35.0181 3336 vds - ok
17:40:35.0224 3336 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:40:35.0227 3336 vga - ok
17:40:35.0245 3336 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:40:35.0247 3336 VgaSave - ok
17:40:35.0252 3336 VGPU - ok
17:40:35.0279 3336 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:40:35.0283 3336 vhdmp - ok
17:40:35.0297 3336 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:40:35.0299 3336 viaide - ok
17:40:35.0324 3336 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
17:40:35.0327 3336 vmbus - ok
17:40:35.0337 3336 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
17:40:35.0339 3336 VMBusHID - ok
17:40:35.0389 3336 vmm (21c96aa588d3993191761a08dbaabb15) C:\Windows\system32\Drivers\vmm.sys
17:40:35.0392 3336 vmm - ok
17:40:35.0419 3336 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:40:35.0421 3336 volmgr - ok
17:40:35.0516 3336 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:40:35.0522 3336 volmgrx - ok
17:40:35.0544 3336 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:40:35.0548 3336 volsnap - ok
17:40:35.0617 3336 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
17:40:35.0620 3336 vpcbus - ok
17:40:35.0659 3336 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
17:40:35.0661 3336 vpcnfltr - ok
17:40:35.0675 3336 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
17:40:35.0677 3336 vpcusb - ok
17:40:35.0702 3336 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
17:40:35.0705 3336 vpcvmm - ok
17:40:35.0737 3336 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:40:35.0742 3336 vsmraid - ok
17:40:36.0047 3336 VSPerfDrv100 (ca64a8838b4674d14bdf88aba2f253ea) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
17:40:36.0125 3336 VSPerfDrv100 - ok
17:40:36.0630 3336 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:40:36.0653 3336 VSS - ok
17:40:36.0786 3336 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
17:40:36.0788 3336 vwifibus - ok
17:40:36.0845 3336 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:40:36.0853 3336 W32Time - ok
17:40:36.0899 3336 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:40:36.0901 3336 WacomPen - ok
17:40:36.0947 3336 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:40:36.0952 3336 WANARP - ok
17:40:36.0956 3336 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:40:36.0957 3336 Wanarpv6 - ok
17:40:37.0043 3336 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:40:37.0060 3336 WatAdminSvc - ok
17:40:37.0440 3336 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:40:37.0480 3336 wbengine - ok
17:40:37.0633 3336 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:40:37.0640 3336 WbioSrvc - ok
17:40:37.0695 3336 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:40:37.0719 3336 wcncsvc - ok
17:40:37.0737 3336 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:40:37.0741 3336 WcsPlugInService - ok
17:40:37.0794 3336 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:40:37.0796 3336 Wd - ok
17:40:37.0830 3336 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:40:37.0838 3336 Wdf01000 - ok
17:40:37.0860 3336 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:40:37.0863 3336 WdiServiceHost - ok
17:40:37.0867 3336 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:40:37.0870 3336 WdiSystemHost - ok
17:40:37.0950 3336 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:40:37.0965 3336 WebClient - ok
17:40:38.0011 3336 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:40:38.0017 3336 Wecsvc - ok
17:40:38.0032 3336 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:40:38.0035 3336 wercplsupport - ok
17:40:38.0073 3336 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:40:38.0077 3336 WerSvc - ok
17:40:38.0145 3336 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:40:38.0146 3336 WfpLwf - ok
17:40:38.0162 3336 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:40:38.0164 3336 WIMMount - ok
17:40:38.0201 3336 WinDefend - ok
17:40:38.0214 3336 WinHttpAutoProxySvc - ok
17:40:38.0306 3336 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:40:38.0311 3336 Winmgmt - ok
17:40:38.0708 3336 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:40:38.0747 3336 WinRM - ok
17:40:38.0931 3336 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
17:40:38.0933 3336 WinUsb - ok
17:40:38.0978 3336 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:40:38.0987 3336 Wlansvc - ok
17:40:39.0082 3336 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:40:39.0092 3336 wlidsvc - ok
17:40:39.0521 3336 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:40:39.0523 3336 WmiAcpi - ok
17:40:39.0629 3336 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:40:39.0634 3336 wmiApSrv - ok
17:40:39.0670 3336 WMPNetworkSvc - ok
17:40:39.0679 3336 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:40:39.0681 3336 WPCSvc - ok
17:40:39.0715 3336 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:40:39.0729 3336 WPDBusEnum - ok
17:40:39.0742 3336 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:40:39.0743 3336 ws2ifsl - ok
17:40:39.0759 3336 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
17:40:39.0761 3336 wscsvc - ok
17:40:39.0764 3336 WSearch - ok
17:40:39.0935 3336 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
17:40:39.0987 3336 wuauserv - ok
17:40:40.0106 3336 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:40:40.0108 3336 WudfPf - ok
17:40:40.0156 3336 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:40:40.0160 3336 WUDFRd - ok
17:40:40.0201 3336 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:40:40.0204 3336 wudfsvc - ok
17:40:40.0250 3336 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:40:40.0255 3336 WwanSvc - ok
17:40:40.0291 3336 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
17:40:40.0293 3336 xusb21 - ok
17:40:40.0332 3336 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
17:40:40.0868 3336 \Device\Harddisk2\DR2 - ok
17:40:40.0882 3336 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:40:40.0967 3336 \Device\Harddisk0\DR0 - ok
17:40:40.0994 3336 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
17:40:41.0047 3336 \Device\Harddisk1\DR1 - ok
17:40:41.0051 3336 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk4\DR4
17:40:41.0258 3336 \Device\Harddisk4\DR4 - ok
17:40:41.0271 3336 Boot (0x1200) (9e57974c54e898796489a3c058895064) \Device\Harddisk2\DR2\Partition0
17:40:41.0293 3336 \Device\Harddisk2\DR2\Partition0 - ok
17:40:41.0310 3336 Boot (0x1200) (aa28e7812292302faec3f053b538508a) \Device\Harddisk2\DR2\Partition1
17:40:41.0336 3336 \Device\Harddisk2\DR2\Partition1 - ok
17:40:41.0354 3336 Boot (0x1200) (8ace6e4c8a128c4564ea2d60ec54f521) \Device\Harddisk0\DR0\Partition0
17:40:41.0355 3336 \Device\Harddisk0\DR0\Partition0 - ok
17:40:41.0357 3336 Boot (0x1200) (0c035d47262da9b9820a29ee73991aee) \Device\Harddisk1\DR1\Partition0
17:40:41.0358 3336 \Device\Harddisk1\DR1\Partition0 - ok
17:40:41.0477 3336 Boot (0x1200) (f1e861787d2bdeb82e2f897c485408a4) \Device\Harddisk4\DR4\Partition0
17:40:41.0480 3336 \Device\Harddisk4\DR4\Partition0 - ok
17:40:41.0481 3336 ============================================================
17:40:41.0481 3336 Scan finished
17:40:41.0481 3336 ============================================================
17:40:41.0491 3904 Detected object count: 0
17:40:41.0491 3904 Actual detected object count: 0

GMER won't work as I'm on Windows 7 64-bit, unfortunately.

Right now I'm running a scan using aswMBR which has found nothing so far, but seems to be hung on scanning PreEmptive Solutions\Common\LAC\tamper\<some long filename.dll> - which is odd as it's a 12k file, and part of the Dotfuscator stuff for Visual Studio (I'm a coder!) I'll post something as soon as I have it, but if it takes more than half an hour to scan a 12k file then I can only assume something's gone wrong.

Edited by vedekandy, 14 June 2012 - 12:22 PM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:04 PM

Posted 14 June 2012 - 12:24 PM

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Please post ESET and aswmbr log together

#5 vedekandy

vedekandy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 14 June 2012 - 12:49 PM

Ok, I assumed that the program was still running (as the HD light was flashing, and it didn't inform me that it had finished) but it's refused to do anything more, and allowed me to save the log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-14 17:43:24
-----------------------------
17:43:24.984 OS Version: Windows x64 6.1.7601 Service Pack 1
17:43:24.984 Number of processors: 4 586 0x2A07
17:43:24.985 ComputerName: ANDY-PC UserName: Andy
17:43:26.352 Initialize success
17:45:03.622 AVAST engine defs: 12061400
17:46:29.884 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
17:46:29.887 Disk 0 Vendor: SAMSUNG_HD103SI 1AG01118 Size: 953869MB BusType: 3
17:46:29.890 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-4
17:46:29.893 Disk 1 Vendor: ST31000528AS CC38 Size: 953869MB BusType: 3
17:46:29.896 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T0L0-0
17:46:29.899 Disk 2 Vendor: ST3500418AS CC35 Size: 476938MB BusType: 3
17:46:29.920 Disk 2 MBR read successfully
17:46:29.923 Disk 2 MBR scan
17:46:29.928 Disk 2 Windows 7 default MBR code
17:46:29.934 Disk 2 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:46:29.948 Disk 2 Partition 2 00 07 HPFS/NTFS NTFS 476836 MB offset 206848
17:46:29.966 Disk 2 scanning C:\Windows\system32\drivers
17:46:42.234 Service scanning
17:47:01.976 Modules scanning
17:47:01.981 Disk 2 trace - called modules:
17:47:02.001 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
17:47:02.005 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0xfffffa8007d97060]
17:47:02.009 3 CLASSPNP.SYS[fffff8800195c43f] -> nt!IofCallDriver -> [0xfffffa8007ad3580]
17:47:02.013 5 ACPI.sys[fffff88000d747a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007ad5060]
17:47:08.875 AVAST engine scan C:\Windows
17:47:10.823 AVAST engine scan C:\Windows\system32
17:53:21.945 AVAST engine scan C:\Windows\system32\drivers
17:53:44.021 AVAST engine scan C:\Users\Andy
18:00:48.124 AVAST engine scan C:\ProgramData
18:45:51.913 Disk 2 MBR has been saved successfully to "C:\Users\Andy\Documents\MBR.dat"
18:45:51.914 The log file has been saved successfully to "C:\Users\Andy\Documents\aswMBR.txt"

As mentioned before, I can't run the other program as I'm using an x64 Windows 7 :( I did run it yesterday (not knowing this) and used the only three checkboxes it allowed, and it showed nothing out of the ordinary.

Running the ESET scanner now, and will put the results here when done - thank you!

#6 vedekandy

vedekandy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 14 June 2012 - 01:17 PM

Hmmm. That was fun - at around 13% my PC bluescreened with error 0x7e, pointing to lvrs64.sys. I notice via websearches that that's related to a Logitech driver (I have a webcam and a mouse from them). I'll try to run ESET again and see if it gets further this time!

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:04 PM

Posted 14 June 2012 - 01:18 PM

Try to run it in safemode with networking

#8 vedekandy

vedekandy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 14 June 2012 - 04:04 PM

Whew! After 2.5 hours, the scan completed. It found four trojans - though technically four of the same one!

D:\Stuff from Drive D\Laptop Backup 6th Nov\Drive F\Recoveries - using overwrite, with deleted files\Copy of Recovered from USB stick\Projects\PoD and related\PodSystem19012998PC\PodSystem19012998PC\OBJ\Debug\xDSYS~1(10).EXE a variant of Win32/Kryptik.CBE trojan cleaned by deleting - quarantined
D:\Stuff from Drive D\Laptop Backup 6th Nov\Drive F\Recoveries - using overwrite, with deleted files\Copy of Recovered from USB stick\Projects\PoD and related\PodSystem19012998PC\PodSystem19012998PC\OBJ\Debug\xDSYS~1(18).EXE a variant of Win32/Kryptik.CBE trojan cleaned by deleting - quarantined
D:\Stuff from Drive D\Laptop Backup 6th Nov\Drive F\Recoveries - using overwrite, with deleted files\Recovered from USB stick\Projects\PoD and related\PodSystem19012998PC\PodSystem19012998PC\OBJ\Debug\xDSYS~1(10).EXE a variant of Win32/Kryptik.CBE trojan cleaned by deleting - quarantined
D:\Stuff from Drive D\Laptop Backup 6th Nov\Drive F\Recoveries - using overwrite, with deleted files\Recovered from USB stick\Projects\PoD and related\PodSystem19012998PC\PodSystem19012998PC\OBJ\Debug\xDSYS~1(18).EXE a variant of Win32/Kryptik.CBE trojan cleaned by deleting - quarantined

All of them are copies of project files from an old USB development stick, but none of those files have ever been executed (at least, never on this system - these are just backups).

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:04 PM

Posted 14 June 2012 - 04:12 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#10 vedekandy

vedekandy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 15 June 2012 - 11:51 AM

Hi there,

The scan took a while, so I left it running overnight! The full scan of MBAM found two trojans, which again have never been executed - they were in unfamiliar files to me, and I don't run anything from an untrusted source. Scanning again this evening has shown no items to be concerned about.

My MiniToolbox shows the follow in the log:


MiniToolBox by Farbar Version: 09-06-2012
Ran by Andy (administrator) on 15-06-2012 at 17:40:42
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================




========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = ローカル エリア接続 (Connected)
VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add address name="VirtualBox Host-Only Network-QoS Packet Scheduler-0000" address=192.168.56.1 mask=255.255.255.0
add address name="VirtualBox Host-Only Network" address=192.168.56.1 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Andy-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter ローカル エリア接続:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 6C-62-6D-CC-59-0C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::2535:14f2:48c1:2684%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.65(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 15 June 2012 16:59:19
Lease Expires . . . . . . . . . . : 16 June 2012 16:59:19
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 241984109
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-36-6A-54-6C-62-6D-CC-59-0C
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VirtualBox Host-Only Network:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
Physical Address. . . . . . . . . : 08-00-27-00-14-4F
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a00c:83fd:739e:59e6%20(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 503840807
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-36-6A-54-6C-62-6D-CC-59-0C
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{20CD9C58-FD12-4E5B-B99D-D2EECE071C24}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{1921C234-77A8-44BC-92BE-E0AC971C917F}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.254

Name: google.com
Addresses: 2a00:1450:4009:804::1004
173.194.34.105
173.194.34.97
173.194.34.101
173.194.34.103
173.194.34.99
173.194.34.102
173.194.34.96
173.194.34.110
173.194.34.100
173.194.34.98
173.194.34.104


Pinging google.com [173.194.41.98] with 32 bytes of data:
Reply from 173.194.41.98: bytes=32 time=23ms TTL=55
Reply from 173.194.41.98: bytes=32 time=22ms TTL=55

Ping statistics for 173.194.41.98:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 22ms, Maximum = 23ms, Average = 22ms
Server: UnKnown
Address: 192.168.1.254

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=154ms TTL=52
Reply from 209.191.122.70: bytes=32 time=155ms TTL=52

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 154ms, Maximum = 155ms, Average = 154ms
Server: UnKnown
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...6c 62 6d cc 59 0c ......Realtek PCIe GBE Family Controller
20...08 00 27 00 14 4f ......VirtualBox Host-Only Ethernet Adapter
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.65 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.65 276
192.168.1.65 255.255.255.255 On-link 192.168.1.65 276
192.168.1.255 255.255.255.255 On-link 192.168.1.65 276
192.168.56.0 255.255.255.0 On-link 192.168.56.1 276
192.168.56.1 255.255.255.255 On-link 192.168.56.1 276
192.168.56.255 255.255.255.255 On-link 192.168.56.1 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.56.1 276
224.0.0.0 240.0.0.0 On-link 192.168.1.65 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.56.1 276
255.255.255.255 255.255.255.255 On-link 192.168.1.65 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
20 276 fe80::/64 On-link
10 276 fe80::/64 On-link
10 276 fe80::2535:14f2:48c1:2684/128
On-link
20 276 fe80::a00c:83fd:739e:59e6/128
On-link
1 306 ff00::/8 On-link
20 276 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 09 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 10 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 09 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 10 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/14/2012 07:17:15 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/14/2012 06:53:20 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/11/2012 03:24:34 PM) (Source: Application Hang) (User: )
Description: The program Diablo III.exe version 1.0.2.9950 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 19d4

Start Time: 01cd47da3cc93dfa

Termination Time: 26

Application Path: C:\Program Files (x86)\Diablo III\Diablo III.exe

Report Id: 1df88c9b-b3d1-11e1-af42-6c626dcc590c

Error: (06/08/2012 04:24:54 PM) (Source: Application Error) (User: )
Description: Faulting application name: CurseClient.exe, version: 4.0.0.10, time stamp: 0x4f45612f
Faulting module name: Flash64_11_2_202_235.ocx, version: 11.2.202.235, time stamp: 0x4f9af802
Exception code: 0xc0000409
Fault offset: 0x0000000000796257
Faulting process id: 0xd4c
Faulting application start time: 0xCurseClient.exe0
Faulting application path: CurseClient.exe1
Faulting module path: CurseClient.exe2
Report Id: CurseClient.exe3

Error: (06/04/2012 02:21:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7223

Error: (06/04/2012 02:21:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7223

Error: (06/04/2012 02:21:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/04/2012 02:21:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6225

Error: (06/04/2012 02:21:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6225

Error: (06/04/2012 02:21:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (06/15/2012 05:37:04 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR12.

Error: (06/15/2012 05:36:41 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR6.

Error: (06/15/2012 05:36:40 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR6.

Error: (06/15/2012 05:36:39 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR6.

Error: (06/15/2012 05:36:38 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR6.

Error: (06/15/2012 05:36:33 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR7.

Error: (06/15/2012 05:36:31 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR6.

Error: (06/14/2012 07:09:14 PM) (Source: BugCheck) (User: )
Description: 0x0000007e (0xffffffffc0000005, 0xfffff88002746f8a, 0xfffff880069de758, 0xfffff880069ddfb0)C:\Windows\MEMORY.DMP061412-23961-01

Error: (06/14/2012 07:09:08 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 19:07:25 on ?2012/?06/?14 was unexpected.

Error: (06/13/2012 06:51:26 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\Andy\AppData\Local\Temp\mbr.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
10Tec iGrid.NET 3.0 (Version: 3.0)
Adobe Acrobat X Pro - English, Fran軋is, Deutsch (Version: 10.1.3)
Adobe AIR (Version: 1.5.3.9120)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Dreamweaver CS5 (Version: 11.0)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.235)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.2.202.235)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Reader X (10.1.3) (Version: 10.1.3)
AMD APP SDK Runtime (Version: 2.4.595.9)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
Android SDK Tools (Version: 1.16)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
ArcSoft TotalMedia Theatre 5 (Version: 5.0.1.80)
ArcSoft TotalMedia Theatre 5 (Version: 5.0.1.87)
ATI Catalyst Install Manager (Version: 3.0.816.0)
AviSynth 2.5
Bonjour (Version: 3.0.0.10)
CameraHelperMsi (Version: 13.30.1395.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2011.0308.2325.42017)
Catalyst Control Center Graphics Previews Common (Version: 2011.0308.2325.42017)
Catalyst Control Center InstallProxy (Version: 2011.0308.2325.42017)
ccc-utility64 (Version: 2011.0308.2325.42017)
CCC Help English (Version: 2011.0308.2324.42017)
CLAMP (Version: 1.4.0)
COMODO Internet Security (Version: 5.3.50343.1263)
Crystal Reports Basic for Visual Studio 2008 (Version: 10.5.0.0)
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (Version: 10.5.0.0)
Crystal Reports for Visual Studio (Version: 12.51.0.240)
Curse Client (Version: 4.0.1.260)
D3DX10 (Version: 15.4.2368.0902)
Defraggler (Version: 2.09)
Diablo III (Version: 1.0.2.9991)
Dotfuscator Software Services - Community Edition (Version: 5.0.2500.0)
Dropbox (Version: 1.4.7)
DVD Decrypter (Remove Only)
Eraser 6.0.8.2273 (Version: 6.0.2273)
erLT (Version: 1.20.138.34)
ESET Online Scanner v3
FileZilla Client 3.5.1 (Version: 3.5.1)
Folding@home-x86 (Version: 6.23)
Fotosizer 1.31 (Version: 1.31)
Google Chrome (Version: 19.0.1084.56)
Google Talk (remove only)
Google Talk Plugin (Version: 2.9.10.7526)
HTC Driver Installer (Version: 2.0.7.016)
ImgBurn (Version: 2.5.5.0)
Intel® Management Engine Components (Version: 7.0.0.1144)
iTunes (Version: 10.5.0.142)
Java Auto Updater (Version: 2.0.7.1)
Java SE Development Kit 7 Update 4 (64-bit) (Version: 1.7.0.40)
Java™ 6 Update 31 (Version: 6.0.310)
Java™ 7 Update 4 (64-bit) (Version: 7.0.40)
JavaFX 2.1.0 (64-bit) (Version: 2.1.0)
JavaFX 2.1.0 SDK (64-bit) (Version: 2.1.0)
Junk Mail filter update (Version: 15.4.3502.0922)
Live Update 5 (Version: 5.0.060)
Logitech Webcam Software (Version: 2.30)
LWS Facebook (Version: 13.30.1346.0)
LWS Gallery (Version: 13.30.1379.0)
LWS Help_main (Version: 13.30.1396.0)
LWS Launcher (Version: 13.30.1379.0)
LWS Motion Detection (Version: 13.30.1395.0)
LWS Pictures And Video (Version: 13.30.1395.0)
LWS Twitter (Version: 13.30.1346.0)
LWS Video Mask Maker (Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (Version: 13.30.1379.0)
LWS WLM Plugin (Version: 1.30.1201.0)
LWS YouTube Plugin (Version: 13.30.1346.0)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Compact Framework 2.0 SP2 (Version: 2.0.7045)
Microsoft .NET Compact Framework 3.5 (Version: 3.5.7283)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (Version: 2.0.50217.0)
Microsoft ASP.NET MVC 2 (Version: 2.0.50217.0)
Microsoft Device Emulator (64 bit) version 3.0 - ENU (Version: 9.0.21022)
Microsoft Document Explorer 2008
Microsoft Document Explorer 2008 (Version: 9.0.21022)
Microsoft Expression Blend 3 SDK (Version: 1.0.1343.0)
Microsoft Expression Blend 4 (Version: 4.0.20901.0)
Microsoft Expression Blend 4 Add-in for Adobe FXG Import (Version: 1.0.10901.0)
Microsoft Expression Blend SDK for .NET 4 (Version: 2.0.20525.0)
Microsoft Expression Blend SDK for Silverlight 4 (Version: 2.0.20525.0)
Microsoft Expression Blend SDK for Windows Phone 7 (Version: 2.0.20901.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.2.3.0)
Microsoft Help Viewer 1.1 (Version: 1.1.40219)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visual Web Developer 2007 (Version: 12.0.4518.1066)
Microsoft Office Visual Web Developer MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Silverlight 3 SDK (Version: 3.0.40818.0)
Microsoft Silverlight 4 SDK (Version: 4.0.50826.0)
Microsoft Silverlight Tools for Visual Studio 2010 (Version: 10.0.30319.400)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (Version: 9.4.5000.00)
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (Version: 10.50.1750.9)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (Version: 10.50.1750.9)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1750.9)
Microsoft SQL Server 2008 R2 Management Objects (x64) (Version: 10.50.1750.9)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (Version: 10.50.1750.9)
Microsoft SQL Server Compact 3.5 Design Tools ENU (Version: 3.5.5386.0)
Microsoft SQL Server Compact 3.5 for Devices ENU (Version: 3.5.5386.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Database Publishing Wizard 1.2 (Version: 1.2.0.0)
Microsoft SQL Server Database Publishing Wizard 1.4 (Version: 10.1.2512.8)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server System CLR Types (Version: 10.50.1750.9)
Microsoft SQL Server System CLR Types (x64) (Version: 10.50.1750.9)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (Version: 1.0.3010.0)
Microsoft Sync Framework SDK v1.0 SP1 (Version: 1.0.3010.0)
Microsoft Sync Framework Services v1.0 SP1 (x64) (Version: 1.0.3010.0)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (Version: 2.0.3010.0)
Microsoft Team Foundation Server 2010 Object Model - ENU (Version: 10.0.40219)
Microsoft Visual C++ Compilers 2010 Standard - enu - x64 (Version: 10.0.40219)
Microsoft Visual C++ Compilers 2010 Standard - enu - x86 (Version: 10.0.40219)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual F# 2.0 Runtime (Version: 10.0.40219)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio 2008 Professional Edition - ENU (Version: 9.0.21022)
Microsoft Visual Studio 2008 Remote Debugger - ENU
Microsoft Visual Studio 2008 Remote Debugger - ENU (Version: 9.0.21022)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.40219)
Microsoft Visual Studio 2010 Express for Windows Phone - ENU (Version: 10.0.40219)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (Version: 10.0.40219)
Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (Version: 10.0.40219)
Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 10.0.40219)
Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU (Version: 10.0.40219)
Microsoft Visual Studio 2010 Service Pack 1 (Version: 10.0.40219)
Microsoft Visual Studio 2010 SharePoint Developer Tools (Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.31119)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.31124)
Microsoft Visual Studio 2010 Ultimate - ENU (Version: 10.0.30319)
Microsoft Visual Studio 2010 Ultimate - ENU (Version: 10.0.40219)
Microsoft Visual Studio Macro Tools (Version: 9.0.30729)
Microsoft Visual Studio Web Authoring Component (Version: 12.0.4518.1066)
Microsoft Windows Phone 7 Developer Resources (Version: 7.0.7003.0)
Microsoft Windows Phone Developer Tools - ENU (Version: 10.0.40219)
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools (Version: 3.5.21022)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (Version: 6.1.5288.17011)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (Version: 6.1.5288.17011)
Microsoft Windows SDK for Visual Studio 2008 Tools (Version: 6.1.5288.17011)
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools (Version: 6.1.5288.17011)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
Microsoft XNA Game Studio 4.0 (ARP entry) (Version: 4.0.20823.0)
Microsoft XNA Game Studio 4.0 (Redists) (Version: 4.0.20823.0)
Microsoft XNA Game Studio 4.0 (Shared Components) (Version: 4.0.20823.0)
Microsoft XNA Game Studio 4.0 (Version: 4.0.20823.0)
Microsoft XNA Game Studio 4.0 (Visual Studio) (Version: 4.0.20823.0)
Microsoft XNA Game Studio 4.0 (XnaLiveProxy) (Version: 4.0.20823.0)
Microsoft XNA Game Studio 4.0 Documentation (Version: 4.0.20823.0)
Microsoft XNA Game Studio 4.0 Windows Phone Extensions (Version: 4.0.20823.0)
Microsoft XNA Game Studio Platform Tools (Version: 1.3.0.0)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 1.00.0000)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
Music Manager
MySQL Server 5.5 (Version: 5.5.12)
Oracle VM VirtualBox 4.1.16 (Version: 4.1.16)
PCSX2 - Playstation 2 Emulator
PDF Settings CS5 (Version: 10.0)
Phidget21 Libraries (Version: 3.1.183)
PrimoPDF -- brought to you by Nitro PDF Software (Version: 5)
QuickTime (Version: 7.70.80.34)
Razer Reclusa Config (Version: 1.05)
Realtek Ethernet Controller Driver (Version: 7.48.823.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6299)
Rosetta Stone Version 3 (Version: 3.3.5.2)
SEGA Genesis & Mega Drive Classics
Skype? 5.9 (Version: 5.9.123)
Sonic CD
Sonic Generations Demo
Spiral Knights
SQLyog Community 9.30 (Version: 9.30)
Steam (Version: 1.0.0.0)
Super-Charger
System Requirements Lab CYRI (Version: 4.4.26.0)
TeamSpeak 3 Client
The Sims・3 (Version: 1.29.55)
Torchlight
TuneUp Utilities Language Pack (en-US) (Version: 12.0.3010.5)
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221) (Version: 1)
VC Runtimes MSI (Version: 9.0.21022)
Videora iPod touch Converter 6 (Version: 6)
VirtualCloneDrive
Visual Studio .NET Prerequisites - English (Version: 9.0.21022)
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio 2010 Prerequisites - English (Version: 10.0.40219)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (Version: 4.0.8080.0)
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.21022)
VLC media player 2.0.1 (Version: 2.0.1)
WCF RIA Services V1.0 SP1 (Version: 4.1.60114.0)
Web Deployment Tool (Version: 1.1.0618)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Mobile 5.0 SDK R2 for Pocket PC (Version: 5.00.1700.5.14343.06)
Windows Mobile 5.0 SDK R2 for Smartphone (Version: 5.00.1700.5.14343.06)
Windows Phone 7 Add-in for Visual Studio 2010 - ENU (Version: 10.0.30319)
Windows Phone Emulator x64 - ENU (Version: 10.0.30319)
Windows XP Mode (Version: 1.3.7600.16423)
WinRAR 4.00 (64-bit) (Version: 4.00.0)
WMV9/VC-1 Video Playback (Version: 1.00.0000)
World of Warcraft Beta (Version: 5.0.1.15752)
WPF Toolkit February 2010 (Version 3.5.50211.1) (Version: 3.5.50211.1)
XBMC
XviD MPEG4 Video Codec (remove only)
μTorrent (Version: 3.1.3)

========================= Memory info: ===================================

Percentage of memory in use: 31%
Total physical RAM: 8174.64 MB
Available physical RAM: 5616.12 MB
Total Pagefile: 16347.47 MB
Available Pagefile: 12875.55 MB
Total Virtual: 4095.88 MB
Available Virtual: 3960.2 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:243.31 GB) NTFS
2 Drive d: (Internal Media) (Fixed) (Total:931.51 GB) (Free:77.37 GB) NTFS
3 Drive e: (Internal Media 2) (Fixed) (Total:931.51 GB) (Free:262.47 GB) NTFS

========================= Users: ========================================

User accounts for \\ANDY-PC

Administrator Andy Christine
Guest


**** End of log ****


The "System errors" are perhaps explainable - I was playing a video file from a USB stick before running this scan, and it came loose when I knocked it slightly (causing windows to lose and then find it again); however, it's only one USB device, not the number that it's reporting? The "MBR.sys" error was from before I posted here; having read up about various rootkits I decided to run GMER's tool (which didn't work; now I know why!) EDIT: I ran "mbr.exe" using GMER's instructions and the log said something about an unrecognised code, and it couldn't continue. I don't remember seeing anything about mbr.sys, and have never seen that in my application data before?

Edited by vedekandy, 15 June 2012 - 12:03 PM.


#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:04 PM

Posted 15 June 2012 - 02:24 PM

Please most MBAM log :thumbup2:

#12 vedekandy

vedekandy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 15 June 2012 - 04:58 PM

From the full scan, started last night - I saved the log before deleting both of those files, so they're both now gone! Again, neither file has been run as I don't know where they came from.


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.13.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Andy :: ANDY-PC [administrator]

14/06/2012 22:19:15
mbam-log-2012-06-15 (06-25-16).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 746889
Time elapsed: 2 hour(s), 1 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Andy\Desktop\FROM STICK\Files.exe (Backdoor.RBot) -> No action taken.
D:\Stuff from Drive D\Andy\Documents\From original install, desktop\Vista\Wallpapers\Windows Vista SP1.EXE (Trojan.Delf.BAT) -> No action taken.

(end)

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:04 PM

Posted 15 June 2012 - 06:08 PM

Do you still have issue?

#14 vedekandy

vedekandy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 15 June 2012 - 06:15 PM

I haven't heard the adverts in the past day or so when rebooting the machine, although it's only occasionally that they appear - so I can only hope it's stopped. I have my fingers crossed :) Considering the number of tests ran, and nothing has been found (other than unopened trojans) I feel a lot safer, anyway!

Thank you for your help, it's very much appreciated :)

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:04 PM

Posted 15 June 2012 - 06:21 PM

:thumbup2:

Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off


Update your antivirus frequently,do not click on suspicious links

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users