Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TDSS; redirects


  • This topic is locked This topic is locked
25 replies to this topic

#1 kaiso

kaiso

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 20 June 2012 - 03:23 AM

Infected with TDSS; redirects. Additional, when PC is idle and disconnected from the Internet, there are random bursts of disk activity and continuous ping-like flashes as shown by the disk activity LED. PC= Windows 7 Home Premium SP1, 64 bit; 2.7GHz; 4GB RAM.

Ran the following:
1. Tdsskiller with default settings: No threats. Ran again, with the former, and also selected verify digital signatures and detect TDLFS file system: 3 warnings, including TDSS file system, as shown below. Complete results are available if needed.

2. (a) Kaspersky Pure 2.0 Full Scan: no threats. (b) Kaspersky Pure 2.0 Critical Areas Scan: The first 92% of the Critical Area Scan completes in ~2 sec. The last 8% (Program Files and some Windows/System32 dll files) completes in ~7 minutes. Though my settings include a rootkit scan, I can not auto-run, nor manually run, a rootkit scan.

3. Malwarebytes full scan with PUP, PUM, P2P checked: no threats. Ran Malwarebytes Chameleon: no threats. Re-downloaded Malwarebytes with "Save As" random name and ran: no threats.

4. Gmer. According to bleepingcomputer.com/download/gmer/, gmer is compatible with Windows 7-64bit, so assuming(?) gmer should have all scan options available. However, when gmer is launched, most scan options are deselected (gray, unable to activate-select), except for Services, Registry (HKCU, HKLM without full keys), Files, c:, ADS--all of which are auto-checked. Tried downloading gmer with the random filename, the zip file, and tried "save as" using iexplore.exe, or another random filename. Same result: All aforementioned scan items are gray. Running Gmer as described: Gmer hasn't found any system modification.

Would greatly appreciate your help in solving this issue. Thank you.
==========
Tdsskiller
==========
20:26:35.0327 2552 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
20:26:37.0355 2552 ============================================================
20:26:37.0355 2552 Current date / time: 2012/06/19 20:26:37.0355
20:26:37.0355 2552 SystemInfo:
20:26:37.0355 2552
20:26:37.0355 2552 OS Version: 6.1.7601 ServicePack: 1.0
20:26:37.0355 2552 Product type: Workstation
20:26:37.0355 2552 ComputerName: STING-PC
20:26:37.0355 2552 UserName: gabe
20:26:37.0355 2552 Windows directory: C:\Windows
20:26:37.0355 2552 System windows directory: C:\Windows
20:26:37.0355 2552 Running under WOW64
20:26:37.0355 2552 Processor architecture: Intel x64
20:26:37.0355 2552 Number of processors: 2
20:26:37.0355 2552 Page size: 0x1000
20:26:37.0355 2552 Boot type: Normal boot
20:26:37.0355 2552 ============================================================
20:26:38.0135 2552 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59,
SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
20:26:38.0150 2552 ============================================================
20:26:38.0150 2552 \Device\Harddisk0\DR0:
20:26:38.0150 2552 MBR partitions:
20:26:38.0150 2552 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:26:38.0150 2552 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x38B71800
20:26:38.0150 2552 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38BA4000, BlocksNum 0x17E1800
20:26:38.0150 2552 ============================================================
20:26:38.0166 2552 C: <-> \Device\Harddisk0\DR0\Partition1
20:26:38.0197 2552 D: <-> \Device\Harddisk0\DR0\Partition2
20:26:38.0197 2552 ============================================================
20:26:38.0197 2552 Initialize success
20:26:38.0197 2552 ============================================================
20:26:51.0192 1712 ============================================================
20:26:51.0192 1712 Scan started
20:26:51.0192 1712 Mode: Manual; SigCheck; TDLFS;
20:26:51.0192 1712 ============================================================
.
.
20:27:13.0749 1712 LightScribeService (108333981c841eb0ff198aa5dfcf3d3b) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:27:13.0765 1712 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
20:27:13.0765 1712 LightScribeService - detected UnsignedFile.Multi.Generic (1)
.
.
.20:27:14.0358 1712 McciCMService64 (be3d584d7c021eb7d89166eecb83c341) C:\Program Files\Common Files\Motive\McciCMService.exe
20:27:14.0389 1712 McciCMService64 ( UnsignedFile.Multi.Generic ) - warning
20:27:14.0389 1712 McciCMService64 - detected UnsignedFile.Multi.Generic (1)
.
.
20:27:41.0923 1712 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:27:41.0923 1712 \Device\Harddisk0\DR0 - detected TDSS File System (1)
.
.
20:27:42.0017 1712 ============================================================
20:27:42.0017 1712 Scan finished
20:27:42.0017 1712 ============================================================
20:27:42.0032 3968 Detected object count: 3
20:27:42.0032 3968 Actual detected object count: 3
20:36:32.0484 3968 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:32.0484 3968 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:32.0484 3968 McciCMService64 ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:32.0484 3968 McciCMService64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:32.0484 3968 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:36:32.0484 3968 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
20:36:35.0869 1396 Deinitialize success

=========
DDS
=========
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by gabe at 20:41:32 on 2012-06-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3966.2890 [GMT -7:00]
.
AV: Kaspersky PURE 2.0 *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky PURE 2.0 *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 2.0 *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
uSearch Bar = Preserve
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
mStart Page = about:blank
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [HPADVISOR]
uRun: [Google Update] "C:\Users\sting\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [<NO NAME>]
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab
TCP: Interfaces\{DF4B6D31-8A27-4C04-9896-4C32350A8C15} : NameServer = 66.218.44.5,66.218.44.90
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
BHO-X64: link filter bho - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [(Default)]
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\gabe\AppData\Roaming\Mozilla\Firefox\Profiles\jzl79p17.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
.
============= SERVICES / DRIVERS ===============
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\system32\DRIVERS\CSCrySec.sys --> C:\Windows\system32\DRIVERS\CSCrySec.sys [?]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys --> C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys [?]
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 nm3;Microsoft Network Monitor 3 Driver;C:\Windows\system32\DRIVERS\nm3.sys --> C:\Windows\system32\DRIVERS\nm3.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-4 654408]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\system32\DRIVERS\teamviewervpn.sys --> C:\Windows\system32\DRIVERS\teamviewervpn.sys [?]
S2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe [2011-12-24 202296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-1 113120]
S3 rcmirror;rcmirror;C:\Windows\system32\DRIVERS\rcmirror.sys --> C:\Windows\system32\DRIVERS\rcmirror.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
S4 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-10-24 517632]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-4-5 158856]
S4 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-4-25 2666880]
.
=============== Created Last 30 ================
.
2012-06-20 03:19:12 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-20 03:19:12 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-18 16:55:18 -------- d-----w- C:\Users\gabe\AppData\Local\Thunderbird
2012-06-18 16:18:27 -------- d-----w- C:\Users\gabe\AppData\Local\Adobe
2012-06-14 06:51:43 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-09 14:54:00 -------- d-----w- C:\Users\gabe\AppData\Local\Macromedia
2012-06-09 14:53:21 -------- d-----w- C:\Users\gabe\AppData\Local\Mozilla
2012-06-04 21:45:37 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-04 21:45:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-04 21:42:44 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{76AD255C-FB29-47F4-8F51-971081F1728C}\mpengine.dll
2012-05-31 01:44:24 -------- d-----w- C:\Users\gabe\AppData\Roaming\Malwarebytes
2012-05-26 07:44:00 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-05-24 05:51:20 8955792 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2012-05-21 18:51:52 -------- d-----r- C:\Backup
2012-05-21 18:50:11 85048 ----a-w- C:\Windows\System32\drivers\CSCrySec.sys
2012-05-21 18:50:11 66104 ----a-w- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys
2012-05-21 18:49:38 -------- d-----w- C:\Program Files (x86)\Common Files\InfoWatch
2012-05-21 18:49:36 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-05-21 18:49:36 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
.
==================== Find3M ====================
.
2012-06-09 14:52:56 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-09 14:52:56 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-07-24 02:17:59 20367424 ----a-w- C:\Program Files (x86)\GIMP.exe
.
============= FINISH: 20:41:50.15 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:08 AM

Posted 21 June 2012 - 12:26 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 kaiso

kaiso
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 21 June 2012 - 04:22 PM

Greetings Gringo, thank you for your response. Security Check and ComboFix ran without problem. However,

1. Subsequent to ComboFix, I can't open any file or app: e.g. checkup.txt, yourInstructions.txt, myResponse.txt, notepad, notepad++, Firefox, Thunderbird, etc. Cannot access e.g. regedit, event logs, services. The error: Illegal operation attempted on a registry key that has been marked for deletion.

Note: All of the aforementioned were available early a.m. and subsequent to running SecurityCheck, but not after ComboFix.

Tried Unblocking the file or app (right-click, select Properties, General tab), then clicking the file or app to launch, is unsuccessful. I get the same error as in Item 1.

2. Additional Info. Truly apologize for introducing this new variable. Kaspersky Pure 2.0 Trial expired last night. Prior to expiration notice, I ran a full scan: no threats. Ran a Critical Services Scan: 92% completed in ~3 sec; 8% in ~7 minutes. Could not run rootkit scan (i.e. same results as originally posted). _However_, this time, looking at details, it showed a rootkit scan was auto-run 7 hours previously: no threats. I did not change my settings since initial install. I uninstalled Kaspersky, turned on Windows Firewall, and intended to install MSE this a.m. as a temporary AV. However, I received your email, clicked the link, and proceeded with the tests.

3. ComboFix: Mbam was off; comboFix rebooted once. Unable to test for redirects, as cannot access any browser.

4. I was able to copy your requested logs to a thumbdrive and am completing this post via another computer. Please advise how to proceed? Thank you. (This is bleak - don't see the Watch Topic button, I'll check my settings after submission)

===========
checkup.txt
===========
Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Malwarebytes Anti-Malware version 1.61.0.1400
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0.1)
Mozilla Thunderbird (12.0.1)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

==========
ComboFix
==========

ComboFix 12-06-21.01 - gabe 06/21/2012 11:38:08.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3966.2859 [GMT -7:00]
Running from: c:\users\gabe\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions

)))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\RadioPI_4eEI
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\SysWow64\zlibwapi.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21

)))))))))))))))))))))))))))))))
.
.
2012-06-21 18:08 . 2012-06-21 18:32 -------- d-----w-

c:\users\gabe\AppData\Roaming\Notepad++
2012-06-21 17:15 . 2012-05-31 04:04 9013136 ----a-w-

c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE161DD8-057A-4993-84BF-

2C58A734B6CC}\mpengine.dll
2012-06-20 03:52 . 2012-06-20 03:52 -------- d-----w- c:\program

files\7-Zip
2012-06-20 03:19 . 2012-06-20 03:19 770384 ----a-w- c:\program files (x86)

\Mozilla Firefox\msvcr100.dll
2012-06-20 03:19 . 2012-06-20 03:19 421200 ----a-w- c:\program files (x86)

\Mozilla Firefox\msvcp100.dll
2012-06-18 16:55 . 2012-06-18 16:55 -------- d-----w-

c:\users\gabe\AppData\Roaming\Thunderbird
2012-06-18 16:55 . 2012-06-18 16:55 -------- d-----w-

c:\users\gabe\AppData\Local\Thunderbird
2012-06-18 16:18 . 2012-06-18 16:18 -------- d-----w-

c:\users\gabe\AppData\Local\Adobe
2012-06-18 09:27 . 2012-06-18 09:27 -------- d-----w-

c:\users\sting\AppData\Roaming\Thunderbird
2012-06-18 09:27 . 2012-06-18 09:27 -------- d-----w-

c:\users\sting\AppData\Local\Thunderbird
2012-06-14 06:51 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32

\cryptsvc.dll
2012-06-09 15:21 . 2012-06-09 15:21 -------- d-----w-

c:\users\sting\AppData\Local\Macromedia
2012-06-09 14:54 . 2012-06-09 14:54 -------- d-----w-

c:\users\gabe\AppData\Local\Macromedia
2012-06-09 14:53 . 2012-06-09 14:53 -------- d-----w-

c:\users\gabe\AppData\Local\Mozilla
2012-06-04 21:45 . 2012-06-04 21:45 -------- d-----w- c:\program files

(x86)\Malwarebytes' Anti-Malware
2012-06-04 21:45 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32

\drivers\mbam.sys
2012-05-31 01:44 . 2012-05-31 01:44 -------- d-----w-

c:\users\gabe\AppData\Roaming\Malwarebytes
2012-05-30 14:59 . 2012-05-30 14:59 -------- d-----w- c:\program files

(x86)\Mozilla Thunderbird
2012-05-26 07:44 . 2012-05-26 09:03 -------- d---a-w- C:\Kaspersky

Rescue Disk 10.0
2012-05-25 00:25 . 2012-05-25 00:25 -------- d-----w- c:\users\slego
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report

))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-09 14:52 . 2012-04-12 14:10 426184 ----a-w- c:\windows\SysWow64

\FlashPlayerApp.exe
2012-06-09 14:52 . 2011-08-10 14:39 70344 ----a-w- c:\windows\SysWow64

\FlashPlayerCPLApp.cpl
2012-03-30 11:35 . 2012-05-08 19:09 1918320 ----a-w- c:\windows\system32

\drivers\tcpip.sys
2011-07-24 02:17 . 2011-07-24 02:17 20367424 ----a-w- c:\program files

(x86)\GIMP.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points

))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04

843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-

Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN

v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18

138576]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla

Maintenance Service\maintenanceservice.exe [2012-06-20 113120]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32

\Wat\WatAdminSvc.exe [x]
R4 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)

\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R4 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe

[2010-04-30 517632]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05

158856]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7

\TeamViewer_Service.exe [2012-03-19 2666880]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common

Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-

Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-

Malware\mbamservice.exe [2012-04-04 654408]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-211626621-121016887-1560855888-

1001Core.job
- c:\users\sting\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-06 05:16]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-211626621-121016887-1560855888-

1001UA.job
- c:\users\sting\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-06 05:16]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-211626621-121016887-1560855888-

1005Core.job
- c:\users\slego\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-03 21:38]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-211626621-121016887-1560855888-

1005UA.job
- c:\users\slego\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-03 21:38]
.
2012-04-07 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{DF4B6D31-8A27-4C04-9896-4C32350A8C15}: NameServer =

66.218.44.5,66.218.44.90
FF - ProfilePath -

c:\users\gabe\AppData\Roaming\Mozilla\Firefox\Profiles\jzl79p17.default\
FF - prefs.js: browser.search.selectedEngine - Startpage (SSL)
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-HPADVISOR - (no file)
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield

Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
AddRemove-Google Chrome -

c:\users\sting\AppData\Local\Google\Chrome\Application\16.0.912.75\Installer\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-

872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64

\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-

872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-

872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-

872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-

444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-

444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-

444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-

444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-

444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-

444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-

444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-

444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-

444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-

444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-

444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-

444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-

444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-

444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-

444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-

7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-

7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-

7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-

08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2012-06-21 11:46:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-21 18:46
.
Pre-Run: 442,760,818,688 bytes free
Post-Run: 442,240,348,160 bytes free
.
- - End Of File - - 7E6721FBB72E954ACE8EF9708C59813A

#4 kaiso

kaiso
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 21 June 2012 - 05:34 PM

Gringo, please read my comments in my original reply? This reply is to try to enter the combofix log without all the linefeeds. I apologize, I didn't preview the previous post.

========
ComboFix
========
ComboFix 12-06-21.01 - gabe 06/21/2012 11:38:08.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3966.2859 [GMT -7:00]
Running from: c:\users\gabe\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\RadioPI_4eEI
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\SysWow64\zlibwapi.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 )))))))))))))))))))))))))))))))
.
.
2012-06-21 18:08 . 2012-06-21 18:32 -------- d-----w- c:\users\gabe\AppData\Roaming\Notepad++
2012-06-21 17:15 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE161DD8-057A-4993-84BF-2C58A734B6CC}\mpengine.dll
2012-06-20 03:52 . 2012-06-20 03:52 -------- d-----w- c:\program files\7-Zip
2012-06-20 03:19 . 2012-06-20 03:19 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-20 03:19 . 2012-06-20 03:19 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-18 16:55 . 2012-06-18 16:55 -------- d-----w- c:\users\gabe\AppData\Roaming\Thunderbird
2012-06-18 16:55 . 2012-06-18 16:55 -------- d-----w- c:\users\gabe\AppData\Local\Thunderbird
2012-06-18 16:18 . 2012-06-18 16:18 -------- d-----w- c:\users\gabe\AppData\Local\Adobe
2012-06-18 09:27 . 2012-06-18 09:27 -------- d-----w- c:\users\sting\AppData\Roaming\Thunderbird
2012-06-18 09:27 . 2012-06-18 09:27 -------- d-----w- c:\users\sting\AppData\Local\Thunderbird
2012-06-14 06:51 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-09 15:21 . 2012-06-09 15:21 -------- d-----w- c:\users\sting\AppData\Local\Macromedia
2012-06-09 14:54 . 2012-06-09 14:54 -------- d-----w- c:\users\gabe\AppData\Local\Macromedia
2012-06-09 14:53 . 2012-06-09 14:53 -------- d-----w- c:\users\gabe\AppData\Local\Mozilla
2012-06-04 21:45 . 2012-06-04 21:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-04 21:45 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-31 01:44 . 2012-05-31 01:44 -------- d-----w- c:\users\gabe\AppData\Roaming\Malwarebytes
2012-05-30 14:59 . 2012-05-30 14:59 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2012-05-26 07:44 . 2012-05-26 09:03 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-05-25 00:25 . 2012-05-25 00:25 -------- d-----w- c:\users\slego
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-09 14:52 . 2012-04-12 14:10 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-09 14:52 . 2011-08-10 14:39 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-30 11:35 . 2012-05-08 19:09 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-07-24 02:17 . 2011-07-24 02:17 20367424 ----a-w- c:\program files (x86)\GIMP.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-20 113120]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R4 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-04-30 517632]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-211626621-121016887-1560855888-1001Core.job
- c:\users\sting\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-06 05:16]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-211626621-121016887-1560855888-1001UA.job
- c:\users\sting\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-06 05:16]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-211626621-121016887-1560855888-1005Core.job
- c:\users\slego\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-03 21:38]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-211626621-121016887-1560855888-1005UA.job
- c:\users\slego\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-03 21:38]
.
2012-04-07 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{DF4B6D31-8A27-4C04-9896-4C32350A8C15}: NameServer = 66.218.44.5,66.218.44.90
FF - ProfilePath - c:\users\gabe\AppData\Roaming\Mozilla\Firefox\Profiles\jzl79p17.default\
FF - prefs.js: browser.search.selectedEngine - Startpage (SSL)
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-HPADVISOR - (no file)
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
AddRemove-Google Chrome - c:\users\sting\AppData\Local\Google\Chrome\Application\16.0.912.75\Installer\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2012-06-21 11:46:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-21 18:46
.
Pre-Run: 442,760,818,688 bytes free
Post-Run: 442,240,348,160 bytes free
.
- - End Of File - - 7E6721FBB72E954ACE8EF9708C59813A

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:08 AM

Posted 21 June 2012 - 11:06 PM

greetings


restart the computer to clear the errors and run this next and let me know about the computer status


I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 kaiso

kaiso
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 22 June 2012 - 12:17 AM

Greetings,

Restart was successful. Thank you. All files, apps, regedit, services, event logs, etc. accessible.

No problems running tdsskiller or aswMBR. Tdsskiller gives same results as my original post. That is, tdsskiller with default settings: no threats. Tdsskiller with default settings and Verify Digital Signatures and Detect TDLFS file system: 3 warnings, including TDSS file system. Both logs posted below.

==========
tdsskiller
==========
21:34:41.0682 2984 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
21:34:42.0587 2984 ============================================================
21:34:42.0587 2984 Current date / time: 2012/06/21 21:34:42.0587
21:34:42.0587 2984 SystemInfo:
21:34:42.0587 2984
21:34:42.0587 2984 OS Version: 6.1.7601 ServicePack: 1.0
21:34:42.0587 2984 Product type: Workstation
21:34:42.0587 2984 ComputerName: STING-PC
21:34:42.0587 2984 UserName: gabe
21:34:42.0587 2984 Windows directory: C:\Windows
21:34:42.0587 2984 System windows directory: C:\Windows
21:34:42.0587 2984 Running under WOW64
21:34:42.0587 2984 Processor architecture: Intel x64
21:34:42.0587 2984 Number of processors: 2
21:34:42.0587 2984 Page size: 0x1000
21:34:42.0587 2984 Boot type: Normal boot
21:34:42.0587 2984 ============================================================
21:34:43.0413 2984 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
21:34:43.0429 2984 ============================================================
21:34:43.0429 2984 \Device\Harddisk0\DR0:
21:34:43.0429 2984 MBR partitions:
21:34:43.0429 2984 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:34:43.0429 2984 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x38B71800
21:34:43.0429 2984 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38BA4000, BlocksNum 0x17E1800
21:34:43.0429 2984 ============================================================
21:34:43.0429 2984 C: <-> \Device\Harddisk0\DR0\Partition1
21:34:43.0429 2984 D: <-> \Device\Harddisk0\DR0\Partition2
21:34:43.0429 2984 ============================================================
21:34:43.0429 2984 Initialize success
21:34:43.0429 2984 ============================================================
21:35:05.0472 2968 ============================================================
21:35:05.0472 2968 Scan started
21:35:05.0472 2968 Mode: Manual;
21:35:05.0472 2968 ============================================================
21:35:06.0033 2968 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:35:06.0033 2968 1394ohci - ok
21:35:06.0080 2968 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:35:06.0080 2968 ACPI - ok
21:35:06.0111 2968 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:35:06.0111 2968 AcpiPmi - ok
21:35:06.0189 2968 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:35:06.0189 2968 AdobeARMservice - ok
21:35:06.0221 2968 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:35:06.0221 2968 adp94xx - ok
21:35:06.0252 2968 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:35:06.0252 2968 adpahci - ok
21:35:06.0267 2968 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:35:06.0267 2968 adpu320 - ok
21:35:06.0299 2968 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:35:06.0299 2968 AeLookupSvc - ok
21:35:06.0345 2968 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:35:06.0345 2968 AFD - ok
21:35:06.0408 2968 AgereModemAudio (48008d4ea73c1058f36d323a644410d4) C:\Program Files\LSI SoftModem\agr64svc.exe
21:35:06.0408 2968 AgereModemAudio - ok
21:35:06.0455 2968 AgereSoftModem (ddf52c4c92d831a4cdb7788b37585e36) C:\Windows\system32\DRIVERS\agrsm64.sys
21:35:06.0486 2968 AgereSoftModem - ok
21:35:06.0517 2968 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:35:06.0517 2968 agp440 - ok
21:35:06.0548 2968 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:35:06.0548 2968 ALG - ok
21:35:06.0579 2968 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:35:06.0579 2968 aliide - ok
21:35:06.0595 2968 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:35:06.0595 2968 amdide - ok
21:35:06.0611 2968 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:35:06.0611 2968 AmdK8 - ok
21:35:06.0626 2968 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:35:06.0642 2968 AmdPPM - ok
21:35:06.0673 2968 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:35:06.0673 2968 amdsata - ok
21:35:06.0689 2968 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:35:06.0689 2968 amdsbs - ok
21:35:06.0704 2968 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:35:06.0704 2968 amdxata - ok
21:35:06.0735 2968 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:35:06.0751 2968 AppID - ok
21:35:06.0767 2968 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:35:06.0767 2968 AppIDSvc - ok
21:35:06.0813 2968 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:35:06.0813 2968 Appinfo - ok
21:35:06.0845 2968 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:35:06.0845 2968 arc - ok
21:35:06.0860 2968 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:35:06.0860 2968 arcsas - ok
21:35:06.0891 2968 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:35:06.0891 2968 AsyncMac - ok
21:35:06.0923 2968 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:35:06.0938 2968 atapi - ok
21:35:06.0969 2968 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:35:06.0985 2968 AudioEndpointBuilder - ok
21:35:07.0001 2968 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:35:07.0001 2968 AudioSrv - ok
21:35:07.0032 2968 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:35:07.0032 2968 AxInstSV - ok
21:35:07.0063 2968 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:35:07.0063 2968 b06bdrv - ok
21:35:07.0094 2968 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:35:07.0094 2968 b57nd60a - ok
21:35:07.0125 2968 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:35:07.0125 2968 BDESVC - ok
21:35:07.0141 2968 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:35:07.0141 2968 Beep - ok
21:35:07.0203 2968 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:35:07.0203 2968 BFE - ok
21:35:07.0235 2968 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
21:35:07.0250 2968 BITS - ok
21:35:07.0281 2968 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:35:07.0281 2968 blbdrive - ok
21:35:07.0313 2968 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:35:07.0313 2968 bowser - ok
21:35:07.0328 2968 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:35:07.0328 2968 BrFiltLo - ok
21:35:07.0344 2968 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:35:07.0344 2968 BrFiltUp - ok
21:35:07.0375 2968 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:35:07.0375 2968 BridgeMP - ok
21:35:07.0422 2968 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:35:07.0422 2968 Browser - ok
21:35:07.0437 2968 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:35:07.0453 2968 Brserid - ok
21:35:07.0453 2968 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:35:07.0469 2968 BrSerWdm - ok
21:35:07.0469 2968 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:35:07.0469 2968 BrUsbMdm - ok
21:35:07.0484 2968 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:35:07.0484 2968 BrUsbSer - ok
21:35:07.0515 2968 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:35:07.0515 2968 BTHMODEM - ok
21:35:07.0562 2968 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:35:07.0562 2968 bthserv - ok
21:35:07.0578 2968 catchme - ok
21:35:07.0625 2968 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:35:07.0625 2968 cdfs - ok
21:35:07.0671 2968 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:35:07.0671 2968 cdrom - ok
21:35:07.0703 2968 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:35:07.0703 2968 CertPropSvc - ok
21:35:07.0718 2968 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:35:07.0718 2968 circlass - ok
21:35:07.0749 2968 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:35:07.0765 2968 CLFS - ok
21:35:07.0827 2968 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:35:07.0827 2968 clr_optimization_v2.0.50727_32 - ok
21:35:07.0859 2968 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:35:07.0859 2968 clr_optimization_v2.0.50727_64 - ok
21:35:07.0937 2968 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:35:07.0937 2968 clr_optimization_v4.0.30319_32 - ok
21:35:07.0952 2968 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:35:07.0952 2968 clr_optimization_v4.0.30319_64 - ok
21:35:07.0983 2968 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:35:07.0983 2968 CmBatt - ok
21:35:08.0015 2968 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:35:08.0015 2968 cmdide - ok
21:35:08.0046 2968 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:35:08.0061 2968 CNG - ok
21:35:08.0093 2968 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:35:08.0093 2968 Compbatt - ok
21:35:08.0108 2968 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:35:08.0108 2968 CompositeBus - ok
21:35:08.0124 2968 COMSysApp - ok
21:35:08.0139 2968 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:35:08.0139 2968 crcdisk - ok
21:35:08.0171 2968 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
21:35:08.0171 2968 CryptSvc - ok
21:35:08.0217 2968 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:35:08.0217 2968 DcomLaunch - ok
21:35:08.0249 2968 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:35:08.0249 2968 defragsvc - ok
21:35:08.0295 2968 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:35:08.0295 2968 DfsC - ok
21:35:08.0342 2968 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:35:08.0467 2968 Dhcp - ok
21:35:08.0483 2968 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:35:08.0483 2968 discache - ok
21:35:08.0545 2968 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:35:08.0545 2968 Disk - ok
21:35:08.0561 2968 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:35:08.0576 2968 Dnscache - ok
21:35:08.0607 2968 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:35:08.0607 2968 dot3svc - ok
21:35:08.0639 2968 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:35:08.0639 2968 DPS - ok
21:35:08.0670 2968 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:35:08.0670 2968 drmkaud - ok
21:35:08.0717 2968 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:35:08.0717 2968 DXGKrnl - ok
21:35:08.0732 2968 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:35:08.0732 2968 EapHost - ok
21:35:08.0810 2968 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:35:08.0873 2968 ebdrv - ok
21:35:08.0935 2968 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:35:08.0951 2968 EFS - ok
21:35:08.0997 2968 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:35:08.0997 2968 ehRecvr - ok
21:35:09.0013 2968 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:35:09.0013 2968 ehSched - ok
21:35:09.0060 2968 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:35:09.0075 2968 elxstor - ok
21:35:09.0091 2968 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:35:09.0091 2968 ErrDev - ok
21:35:09.0138 2968 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:35:09.0138 2968 EventSystem - ok
21:35:09.0153 2968 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:35:09.0153 2968 exfat - ok
21:35:09.0169 2968 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:35:09.0169 2968 fastfat - ok
21:35:09.0216 2968 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:35:09.0231 2968 Fax - ok
21:35:09.0247 2968 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:35:09.0247 2968 fdc - ok
21:35:09.0263 2968 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:35:09.0263 2968 fdPHost - ok
21:35:09.0263 2968 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:35:09.0263 2968 FDResPub - ok
21:35:09.0278 2968 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:35:09.0278 2968 FileInfo - ok
21:35:09.0294 2968 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:35:09.0294 2968 Filetrace - ok
21:35:09.0294 2968 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:35:09.0294 2968 flpydisk - ok
21:35:09.0341 2968 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:35:09.0341 2968 FltMgr - ok
21:35:09.0387 2968 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:35:09.0419 2968 FontCache - ok
21:35:09.0450 2968 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:35:09.0450 2968 FontCache3.0.0.0 - ok
21:35:09.0481 2968 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:35:09.0481 2968 FsDepends - ok
21:35:09.0497 2968 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:35:09.0497 2968 Fs_Rec - ok
21:35:09.0543 2968 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:35:09.0543 2968 fvevol - ok
21:35:09.0575 2968 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:35:09.0575 2968 gagp30kx - ok
21:35:09.0606 2968 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:35:09.0606 2968 GEARAspiWDM - ok
21:35:09.0637 2968 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:35:09.0653 2968 gpsvc - ok
21:35:09.0668 2968 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:35:09.0668 2968 hcw85cir - ok
21:35:09.0699 2968 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:35:09.0699 2968 HDAudBus - ok
21:35:09.0715 2968 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:35:09.0715 2968 HidBatt - ok
21:35:09.0715 2968 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:35:09.0715 2968 HidBth - ok
21:35:09.0731 2968 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:35:09.0731 2968 HidIr - ok
21:35:09.0762 2968 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
21:35:09.0762 2968 hidserv - ok
21:35:09.0793 2968 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:35:09.0793 2968 HidUsb - ok
21:35:09.0824 2968 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:35:09.0824 2968 hkmsvc - ok
21:35:09.0855 2968 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:35:09.0855 2968 HomeGroupListener - ok
21:35:09.0871 2968 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:35:09.0871 2968 HomeGroupProvider - ok
21:35:09.0949 2968 HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
21:35:09.0965 2968 HP Support Assistant Service - ok
21:35:10.0011 2968 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
21:35:10.0011 2968 HPDrvMntSvc.exe - ok
21:35:10.0058 2968 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
21:35:10.0058 2968 hpqwmiex - ok
21:35:10.0105 2968 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:35:10.0121 2968 HpSAMD - ok
21:35:10.0167 2968 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:35:10.0167 2968 HTTP - ok
21:35:10.0183 2968 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:35:10.0199 2968 hwpolicy - ok
21:35:10.0230 2968 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:35:10.0230 2968 i8042prt - ok
21:35:10.0261 2968 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:35:10.0277 2968 iaStorV - ok
21:35:10.0323 2968 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:35:10.0339 2968 idsvc - ok
21:35:10.0355 2968 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:35:10.0370 2968 iirsp - ok
21:35:10.0401 2968 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:35:10.0417 2968 IKEEXT - ok
21:35:10.0495 2968 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
21:35:10.0511 2968 IntcAzAudAddService - ok
21:35:10.0589 2968 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:35:10.0589 2968 intelide - ok
21:35:10.0604 2968 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:35:10.0604 2968 intelppm - ok
21:35:10.0823 2968 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:35:10.0823 2968 IPBusEnum - ok
21:35:10.0854 2968 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:35:10.0854 2968 IpFilterDriver - ok
21:35:10.0885 2968 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:35:10.0885 2968 iphlpsvc - ok
21:35:10.0916 2968 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:35:10.0916 2968 IPMIDRV - ok
21:35:10.0932 2968 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:35:10.0932 2968 IPNAT - ok
21:35:10.0947 2968 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:35:10.0947 2968 IRENUM - ok
21:35:10.0963 2968 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:35:10.0963 2968 isapnp - ok
21:35:10.0994 2968 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:35:10.0994 2968 iScsiPrt - ok
21:35:11.0010 2968 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:35:11.0010 2968 kbdclass - ok
21:35:11.0057 2968 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:35:11.0057 2968 kbdhid - ok
21:35:11.0072 2968 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:35:11.0072 2968 KeyIso - ok
21:35:11.0088 2968 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:35:11.0088 2968 KSecDD - ok
21:35:11.0119 2968 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:35:11.0119 2968 KSecPkg - ok
21:35:11.0135 2968 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:35:11.0135 2968 ksthunk - ok
21:35:11.0150 2968 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:35:11.0166 2968 KtmRm - ok
21:35:11.0197 2968 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
21:35:11.0197 2968 LanmanServer - ok
21:35:11.0228 2968 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:35:11.0228 2968 LanmanWorkstation - ok
21:35:11.0275 2968 LightScribeService (108333981c841eb0ff198aa5dfcf3d3b) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
21:35:11.0291 2968 LightScribeService - ok
21:35:11.0306 2968 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:35:11.0306 2968 lltdio - ok
21:35:11.0322 2968 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:35:11.0337 2968 lltdsvc - ok
21:35:11.0337 2968 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:35:11.0337 2968 lmhosts - ok
21:35:11.0369 2968 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:35:11.0369 2968 LSI_FC - ok
21:35:11.0384 2968 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:35:11.0384 2968 LSI_SAS - ok
21:35:11.0384 2968 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:35:11.0400 2968 LSI_SAS2 - ok
21:35:11.0415 2968 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:35:11.0415 2968 LSI_SCSI - ok
21:35:11.0431 2968 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:35:11.0431 2968 luafv - ok
21:35:11.0493 2968 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
21:35:11.0493 2968 MBAMProtector - ok
21:35:11.0571 2968 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:35:11.0571 2968 MBAMService - ok
21:35:11.0634 2968 McciCMService64 (be3d584d7c021eb7d89166eecb83c341) C:\Program Files\Common Files\Motive\McciCMService.exe
21:35:11.0649 2968 McciCMService64 - ok
21:35:11.0665 2968 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:35:11.0681 2968 Mcx2Svc - ok
21:35:11.0712 2968 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:35:11.0712 2968 megasas - ok
21:35:11.0727 2968 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:35:11.0743 2968 MegaSR - ok
21:35:11.0759 2968 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:35:11.0759 2968 MMCSS - ok
21:35:11.0774 2968 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:35:11.0774 2968 Modem - ok
21:35:11.0805 2968 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:35:11.0805 2968 monitor - ok
21:35:11.0837 2968 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:35:11.0837 2968 mouclass - ok
21:35:11.0852 2968 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:35:11.0852 2968 mouhid - ok
21:35:11.0883 2968 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:35:11.0883 2968 mountmgr - ok
21:35:11.0961 2968 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:35:11.0961 2968 MozillaMaintenance - ok
21:35:11.0977 2968 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:35:11.0977 2968 mpio - ok
21:35:11.0993 2968 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:35:11.0993 2968 mpsdrv - ok
21:35:12.0039 2968 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:35:12.0039 2968 MpsSvc - ok
21:35:12.0102 2968 MREMP50a64 - ok
21:35:12.0102 2968 MREMPR5 - ok
21:35:12.0117 2968 MRENDIS5 - ok
21:35:12.0117 2968 MRESP50a64 - ok
21:35:12.0149 2968 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:35:12.0149 2968 MRxDAV - ok
21:35:12.0180 2968 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:35:12.0180 2968 mrxsmb - ok
21:35:12.0211 2968 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:35:12.0211 2968 mrxsmb10 - ok
21:35:12.0227 2968 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:35:12.0227 2968 mrxsmb20 - ok
21:35:12.0305 2968 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:35:12.0305 2968 msahci - ok
21:35:12.0320 2968 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:35:12.0320 2968 msdsm - ok
21:35:12.0351 2968 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:35:12.0351 2968 MSDTC - ok
21:35:12.0383 2968 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:35:12.0383 2968 Msfs - ok
21:35:12.0398 2968 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:35:12.0398 2968 mshidkmdf - ok
21:35:12.0429 2968 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:35:12.0429 2968 msisadrv - ok
21:35:12.0445 2968 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:35:12.0445 2968 MSiSCSI - ok
21:35:12.0445 2968 msiserver - ok
21:35:12.0476 2968 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:35:12.0476 2968 MSKSSRV - ok
21:35:12.0492 2968 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:35:12.0492 2968 MSPCLOCK - ok
21:35:12.0492 2968 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:35:12.0492 2968 MSPQM - ok
21:35:12.0523 2968 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:35:12.0523 2968 MsRPC - ok
21:35:12.0554 2968 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:35:12.0554 2968 mssmbios - ok
21:35:12.0554 2968 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:35:12.0554 2968 MSTEE - ok
21:35:12.0570 2968 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:35:12.0570 2968 MTConfig - ok
21:35:12.0585 2968 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:35:12.0585 2968 Mup - ok
21:35:12.0617 2968 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:35:12.0632 2968 napagent - ok
21:35:12.0648 2968 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:35:12.0648 2968 NativeWifiP - ok
21:35:12.0679 2968 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:35:12.0695 2968 NDIS - ok
21:35:12.0710 2968 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:35:12.0710 2968 NdisCap - ok
21:35:12.0726 2968 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:35:12.0741 2968 NdisTapi - ok
21:35:12.0757 2968 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:35:12.0757 2968 Ndisuio - ok
21:35:12.0788 2968 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:35:12.0804 2968 NdisWan - ok
21:35:12.0835 2968 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:35:12.0835 2968 NDProxy - ok
21:35:12.0851 2968 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:35:12.0851 2968 NetBIOS - ok
21:35:12.0882 2968 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:35:12.0882 2968 NetBT - ok
21:35:12.0897 2968 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:35:12.0913 2968 Netlogon - ok
21:35:12.0944 2968 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:35:12.0944 2968 Netman - ok
21:35:12.0975 2968 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:35:12.0975 2968 netprofm - ok
21:35:13.0022 2968 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:35:13.0022 2968 NetTcpPortSharing - ok
21:35:13.0038 2968 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:35:13.0038 2968 nfrd960 - ok
21:35:13.0085 2968 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:35:13.0085 2968 NlaSvc - ok
21:35:13.0147 2968 nm3 (f554c5fd7bd1efa4da5cfe2eed86391f) C:\Windows\system32\DRIVERS\nm3.sys
21:35:13.0147 2968 nm3 - ok
21:35:13.0147 2968 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:35:13.0147 2968 Npfs - ok
21:35:13.0178 2968 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:35:13.0178 2968 nsi - ok
21:35:13.0178 2968 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:35:13.0194 2968 nsiproxy - ok
21:35:13.0256 2968 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:35:13.0272 2968 Ntfs - ok
21:35:13.0350 2968 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:35:13.0350 2968 Null - ok
21:35:13.0724 2968 nvlddmkm (c967514483fa30a0a352e70bb6414d1d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:35:13.0802 2968 nvlddmkm - ok
21:35:13.0865 2968 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
21:35:13.0865 2968 NVNET - ok
21:35:13.0896 2968 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:35:13.0896 2968 nvraid - ok
21:35:13.0911 2968 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:35:13.0911 2968 nvstor - ok
21:35:13.0927 2968 nvstor64 (6ba747b1a9297a6c0271700d12fdd495) C:\Windows\system32\DRIVERS\nvstor64.sys
21:35:13.0927 2968 nvstor64 - ok
21:35:13.0958 2968 nvsvc (e26706a65d97ef9188b1d7bfa23c96c2) C:\Windows\system32\nvvsvc.exe
21:35:13.0974 2968 nvsvc - ok
21:35:13.0989 2968 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:35:13.0989 2968 nv_agp - ok
21:35:14.0021 2968 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:35:14.0021 2968 ohci1394 - ok
21:35:14.0052 2968 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:35:14.0052 2968 p2pimsvc - ok
21:35:14.0083 2968 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:35:14.0083 2968 p2psvc - ok
21:35:14.0114 2968 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:35:14.0114 2968 Parport - ok
21:35:14.0130 2968 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
21:35:14.0130 2968 partmgr - ok
21:35:14.0145 2968 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:35:14.0161 2968 PcaSvc - ok
21:35:14.0177 2968 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:35:14.0192 2968 pci - ok
21:35:14.0208 2968 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:35:14.0208 2968 pciide - ok
21:35:14.0223 2968 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:35:14.0223 2968 pcmcia - ok
21:35:14.0239 2968 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:35:14.0239 2968 pcw - ok
21:35:14.0255 2968 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:35:14.0270 2968 PEAUTH - ok
21:35:14.0317 2968 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:35:14.0317 2968 PerfHost - ok
21:35:14.0364 2968 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:35:14.0395 2968 pla - ok
21:35:14.0442 2968 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:35:14.0442 2968 PlugPlay - ok
21:35:14.0457 2968 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:35:14.0457 2968 PNRPAutoReg - ok
21:35:14.0473 2968 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:35:14.0473 2968 PNRPsvc - ok
21:35:14.0504 2968 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:35:14.0504 2968 PolicyAgent - ok
21:35:14.0535 2968 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:35:14.0535 2968 Power - ok
21:35:14.0582 2968 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:35:14.0582 2968 PptpMiniport - ok
21:35:14.0598 2968 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:35:14.0598 2968 Processor - ok
21:35:14.0645 2968 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
21:35:14.0645 2968 ProfSvc - ok
21:35:14.0660 2968 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:35:14.0660 2968 ProtectedStorage - ok
21:35:14.0691 2968 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:35:14.0707 2968 Psched - ok
21:35:14.0754 2968 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:35:14.0769 2968 ql2300 - ok
21:35:14.0832 2968 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:35:14.0832 2968 ql40xx - ok
21:35:14.0863 2968 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:35:14.0863 2968 QWAVE - ok
21:35:14.0879 2968 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:35:14.0879 2968 QWAVEdrv - ok
21:35:14.0894 2968 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:35:14.0894 2968 RasAcd - ok
21:35:14.0910 2968 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:35:14.0910 2968 RasAgileVpn - ok
21:35:14.0925 2968 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:35:14.0925 2968 RasAuto - ok
21:35:14.0957 2968 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:35:14.0957 2968 Rasl2tp - ok
21:35:14.0988 2968 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:35:14.0988 2968 RasMan - ok
21:35:15.0003 2968 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:35:15.0003 2968 RasPppoe - ok
21:35:15.0019 2968 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:35:15.0019 2968 RasSstp - ok
21:35:15.0035 2968 rcmirror (96597c96d5acf4a3ef0b24d396853879) C:\Windows\system32\DRIVERS\rcmirror.sys
21:35:15.0035 2968 rcmirror - ok
21:35:15.0066 2968 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:35:15.0066 2968 rdbss - ok
21:35:15.0081 2968 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:35:15.0081 2968 rdpbus - ok
21:35:15.0081 2968 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:35:15.0081 2968 RDPCDD - ok
21:35:15.0097 2968 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:35:15.0097 2968 RDPENCDD - ok
21:35:15.0113 2968 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:35:15.0113 2968 RDPREFMP - ok
21:35:15.0144 2968 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
21:35:15.0144 2968 RDPWD - ok
21:35:15.0191 2968 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:35:15.0191 2968 rdyboost - ok
21:35:15.0222 2968 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:35:15.0222 2968 RemoteAccess - ok
21:35:15.0253 2968 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:35:15.0253 2968 RemoteRegistry - ok
21:35:15.0269 2968 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:35:15.0269 2968 RpcEptMapper - ok
21:35:15.0284 2968 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:35:15.0284 2968 RpcLocator - ok
21:35:15.0315 2968 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:35:15.0315 2968 RpcSs - ok
21:35:15.0347 2968 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:35:15.0347 2968 rspndr - ok
21:35:15.0362 2968 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:35:15.0362 2968 SamSs - ok
21:35:15.0409 2968 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:35:15.0409 2968 sbp2port - ok
21:35:15.0425 2968 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:35:15.0440 2968 SCardSvr - ok
21:35:15.0456 2968 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:35:15.0456 2968 scfilter - ok
21:35:15.0503 2968 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:35:15.0518 2968 Schedule - ok
21:35:15.0549 2968 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:35:15.0549 2968 SCPolicySvc - ok
21:35:15.0581 2968 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:35:15.0581 2968 SDRSVC - ok
21:35:15.0627 2968 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:35:15.0627 2968 secdrv - ok
21:35:15.0627 2968 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:35:15.0627 2968 seclogon - ok
21:35:15.0659 2968 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
21:35:15.0659 2968 SENS - ok
21:35:15.0674 2968 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:35:15.0674 2968 SensrSvc - ok
21:35:15.0690 2968 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:35:15.0690 2968 Serenum - ok
21:35:15.0705 2968 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:35:15.0705 2968 Serial - ok
21:35:15.0721 2968 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:35:15.0721 2968 sermouse - ok
21:35:15.0752 2968 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:35:15.0752 2968 SessionEnv - ok
21:35:15.0768 2968 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:35:15.0768 2968 sffdisk - ok
21:35:15.0783 2968 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:35:15.0799 2968 sffp_mmc - ok
21:35:15.0799 2968 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:35:15.0799 2968 sffp_sd - ok
21:35:15.0815 2968 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:35:15.0815 2968 sfloppy - ok
21:35:15.0846 2968 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:35:15.0846 2968 SharedAccess - ok
21:35:15.0877 2968 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:35:15.0877 2968 ShellHWDetection - ok
21:35:15.0893 2968 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:35:15.0908 2968 SiSRaid2 - ok
21:35:15.0908 2968 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:35:15.0908 2968 SiSRaid4 - ok
21:35:15.0971 2968 SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files (x86)\Skype\Updater\Updater.exe
21:35:15.0986 2968 SkypeUpdate - ok
21:35:16.0002 2968 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:35:16.0002 2968 Smb - ok
21:35:16.0033 2968 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:35:16.0033 2968 SNMPTRAP - ok
21:35:16.0049 2968 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:35:16.0049 2968 spldr - ok
21:35:16.0095 2968 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:35:16.0095 2968 Spooler - ok
21:35:16.0205 2968 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:35:16.0267 2968 sppsvc - ok
21:35:16.0329 2968 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:35:16.0329 2968 sppuinotify - ok
21:35:16.0376 2968 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:35:16.0376 2968 srv - ok
21:35:16.0407 2968 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:35:16.0407 2968 srv2 - ok
21:35:16.0423 2968 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:35:16.0423 2968 srvnet - ok
21:35:16.0439 2968 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:35:16.0439 2968 SSDPSRV - ok
21:35:16.0454 2968 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:35:16.0454 2968 SstpSvc - ok
21:35:16.0485 2968 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:35:16.0485 2968 stexstor - ok
21:35:16.0517 2968 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:35:16.0532 2968 stisvc - ok
21:35:16.0548 2968 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:35:16.0548 2968 swenum - ok
21:35:16.0579 2968 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:35:16.0595 2968 swprv - ok
21:35:16.0657 2968 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:35:16.0673 2968 SysMain - ok
21:35:16.0751 2968 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:35:16.0751 2968 TabletInputService - ok
21:35:16.0766 2968 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:35:16.0782 2968 TapiSrv - ok
21:35:16.0797 2968 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:35:16.0797 2968 TBS - ok
21:35:16.0860 2968 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
21:35:16.0891 2968 Tcpip - ok
21:35:16.0985 2968 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
21:35:16.0985 2968 TCPIP6 - ok
21:35:17.0063 2968 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:35:17.0063 2968 tcpipreg - ok
21:35:17.0094 2968 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:35:17.0094 2968 TDPIPE - ok
21:35:17.0109 2968 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:35:17.0109 2968 TDTCP - ok
21:35:17.0141 2968 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:35:17.0141 2968 tdx - ok
21:35:17.0265 2968 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
21:35:17.0281 2968 TeamViewer7 - ok
21:35:17.0359 2968 teamviewervpn (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
21:35:17.0359 2968 teamviewervpn - ok
21:35:17.0375 2968 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:35:17.0375 2968 TermDD - ok
21:35:17.0421 2968 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:35:17.0437 2968 TermService - ok
21:35:17.0453 2968 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:35:17.0453 2968 Themes - ok
21:35:17.0468 2968 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:35:17.0468 2968 THREADORDER - ok
21:35:17.0499 2968 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:35:17.0499 2968 TrkWks - ok
21:35:17.0546 2968 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:35:17.0546 2968 TrustedInstaller - ok
21:35:17.0577 2968 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:35:17.0577 2968 tssecsrv - ok
21:35:17.0609 2968 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:35:17.0609 2968 TsUsbFlt - ok
21:35:17.0655 2968 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:35:17.0655 2968 tunnel - ok
21:35:17.0671 2968 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:35:17.0671 2968 uagp35 - ok
21:35:17.0687 2968 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:35:17.0687 2968 udfs - ok
21:35:17.0718 2968 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:35:17.0718 2968 UI0Detect - ok
21:35:17.0749 2968 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:35:17.0749 2968 uliagpkx - ok
21:35:17.0780 2968 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:35:17.0780 2968 umbus - ok
21:35:17.0796 2968 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:35:17.0796 2968 UmPass - ok
21:35:17.0811 2968 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:35:17.0827 2968 upnphost - ok
21:35:17.0827 2968 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:35:17.0827 2968 usbccgp - ok
21:35:17.0858 2968 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:35:17.0858 2968 usbcir - ok
21:35:17.0874 2968 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:35:17.0874 2968 usbehci - ok
21:35:17.0905 2968 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:35:17.0905 2968 usbhub - ok
21:35:17.0905 2968 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
21:35:17.0905 2968 usbohci - ok
21:35:17.0936 2968 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:35:17.0936 2968 usbprint - ok
21:35:17.0952 2968 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:35:17.0952 2968 usbscan - ok
21:35:17.0967 2968 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:35:17.0967 2968 USBSTOR - ok
21:35:17.0983 2968 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:35:17.0983 2968 usbuhci - ok
21:35:18.0030 2968 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:35:18.0030 2968 UxSms - ok
21:35:18.0061 2968 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:35:18.0061 2968 VaultSvc - ok
21:35:18.0077 2968 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:35:18.0077 2968 vdrvroot - ok
21:35:18.0123 2968 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:35:18.0123 2968 vds - ok
21:35:18.0139 2968 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:35:18.0139 2968 vga - ok
21:35:18.0155 2968 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:35:18.0155 2968 VgaSave - ok
21:35:18.0186 2968 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:35:18.0186 2968 vhdmp - ok
21:35:18.0201 2968 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:35:18.0201 2968 viaide - ok
21:35:18.0217 2968 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:35:18.0217 2968 volmgr - ok
21:35:18.0248 2968 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:35:18.0248 2968 volmgrx - ok
21:35:18.0279 2968 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:35:18.0279 2968 volsnap - ok
21:35:18.0311 2968 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:35:18.0311 2968 vsmraid - ok
21:35:18.0373 2968 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:35:18.0404 2968 VSS - ok
21:35:18.0467 2968 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:35:18.0467 2968 vwifibus - ok
21:35:18.0498 2968 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:35:18.0498 2968 W32Time - ok
21:35:18.0513 2968 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:35:18.0513 2968 WacomPen - ok
21:35:18.0560 2968 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:35:18.0560 2968 WANARP - ok
21:35:18.0560 2968 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:35:18.0560 2968 Wanarpv6 - ok
21:35:18.0607 2968 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:35:18.0638 2968 WatAdminSvc - ok
21:35:18.0685 2968 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:35:18.0716 2968 wbengine - ok
21:35:18.0779 2968 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:35:18.0794 2968 WbioSrvc - ok
21:35:18.0825 2968 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:35:18.0825 2968 wcncsvc - ok
21:35:18.0841 2968 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:35:18.0841 2968 WcsPlugInService - ok
21:35:18.0872 2968 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:35:18.0872 2968 Wd - ok
21:35:18.0888 2968 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:35:18.0903 2968 Wdf01000 - ok
21:35:18.0919 2968 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:35:18.0935 2968 WdiServiceHost - ok
21:35:18.0935 2968 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:35:18.0935 2968 WdiSystemHost - ok
21:35:18.0966 2968 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:35:18.0966 2968 WebClient - ok
21:35:18.0981 2968 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:35:18.0981 2968 Wecsvc - ok
21:35:18.0997 2968 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:35:18.0997 2968 wercplsupport - ok
21:35:19.0013 2968 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:35:19.0013 2968 WerSvc - ok
21:35:19.0059 2968 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:35:19.0059 2968 WfpLwf - ok
21:35:19.0075 2968 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:35:19.0075 2968 WIMMount - ok
21:35:19.0106 2968 WinDefend - ok
21:35:19.0122 2968 WinHttpAutoProxySvc - ok
21:35:19.0169 2968 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:35:19.0169 2968 Winmgmt - ok
21:35:19.0247 2968 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:35:19.0278 2968 WinRM - ok
21:35:19.0371 2968 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:35:19.0387 2968 Wlansvc - ok
21:35:19.0434 2968 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:35:19.0434 2968 WmiAcpi - ok
21:35:19.0465 2968 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:35:19.0465 2968 wmiApSrv - ok
21:35:19.0512 2968 WMPNetworkSvc - ok
21:35:19.0543 2968 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:35:19.0543 2968 WPCSvc - ok
21:35:19.0574 2968 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:35:19.0574 2968 WPDBusEnum - ok
21:35:19.0590 2968 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:35:19.0590 2968 ws2ifsl - ok
21:35:19.0605 2968 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
21:35:19.0621 2968 wscsvc - ok
21:35:19.0621 2968 WSearch - ok
21:35:19.0683 2968 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
21:35:19.0715 2968 wuauserv - ok
21:35:19.0793 2968 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:35:19.0793 2968 WudfPf - ok
21:35:19.0824 2968 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:35:19.0839 2968 WUDFRd - ok
21:35:19.0855 2968 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:35:19.0855 2968 wudfsvc - ok
21:35:19.0886 2968 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:35:19.0886 2968 WwanSvc - ok
21:35:19.0917 2968 MBR (0x1B8) (a5b154d4f8d7652cdc798e81446ea5d5) \Device\Harddisk0\DR0
21:35:20.0011 2968 \Device\Harddisk0\DR0 - ok
21:35:20.0027 2968 Boot (0x1200) (d1d43bbf62cbc1966edbc3328a1be677) \Device\Harddisk0\DR0\Partition0
21:35:20.0027 2968 \Device\Harddisk0\DR0\Partition0 - ok
21:35:20.0027 2968 Boot (0x1200) (cc7910e32c6928ee463e83c1f400a988) \Device\Harddisk0\DR0\Partition1
21:35:20.0042 2968 \Device\Harddisk0\DR0\Partition1 - ok
21:35:20.0058 2968 Boot (0x1200) (1ee363b586308bcd5baebea8a3188fd3) \Device\Harddisk0\DR0\Partition2
21:35:20.0073 2968 \Device\Harddisk0\DR0\Partition2 - ok
21:35:20.0073 2968 ============================================================
21:35:20.0073 2968 Scan finished
21:35:20.0073 2968 ============================================================
21:35:20.0073 2900 Detected object count: 0
21:35:20.0073 2900 Actual detected object count: 0
21:37:40.0073 2216 ============================================================
21:37:40.0073 2216 Scan started
21:37:40.0073 2216 Mode: Manual; SigCheck; TDLFS;
21:37:40.0073 2216 ============================================================
21:37:40.0400 2216 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:37:40.0478 2216 1394ohci - ok
21:37:40.0494 2216 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:37:40.0509 2216 ACPI - ok
21:37:40.0541 2216 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:37:40.0619 2216 AcpiPmi - ok
21:37:40.0665 2216 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:37:40.0681 2216 AdobeARMservice - ok
21:37:40.0712 2216 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:37:40.0743 2216 adp94xx - ok
21:37:40.0759 2216 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:37:40.0775 2216 adpahci - ok
21:37:40.0790 2216 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:37:40.0790 2216 adpu320 - ok
21:37:40.0821 2216 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:37:40.0899 2216 AeLookupSvc - ok
21:37:40.0931 2216 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:37:40.0946 2216 AFD - ok
21:37:40.0993 2216 AgereModemAudio (48008d4ea73c1058f36d323a644410d4) C:\Program Files\LSI SoftModem\agr64svc.exe
21:37:41.0102 2216 AgereModemAudio - ok
21:37:41.0165 2216 AgereSoftModem (ddf52c4c92d831a4cdb7788b37585e36) C:\Windows\system32\DRIVERS\agrsm64.sys
21:37:41.0196 2216 AgereSoftModem - ok
21:37:41.0227 2216 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:37:41.0227 2216 agp440 - ok
21:37:41.0243 2216 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:37:41.0274 2216 ALG - ok
21:37:41.0305 2216 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:37:41.0305 2216 aliide - ok
21:37:41.0321 2216 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:37:41.0336 2216 amdide - ok
21:37:41.0352 2216 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:37:41.0399 2216 AmdK8 - ok
21:37:41.0414 2216 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:37:41.0445 2216 AmdPPM - ok
21:37:41.0477 2216 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:37:41.0492 2216 amdsata - ok
21:37:41.0508 2216 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:37:41.0508 2216 amdsbs - ok
21:37:41.0523 2216 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:37:41.0539 2216 amdxata - ok
21:37:41.0555 2216 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:37:41.0679 2216 AppID - ok
21:37:41.0711 2216 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:37:41.0757 2216 AppIDSvc - ok
21:37:41.0773 2216 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:37:41.0804 2216 Appinfo - ok
21:37:41.0835 2216 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:37:41.0835 2216 arc - ok
21:37:41.0851 2216 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:37:41.0867 2216 arcsas - ok
21:37:41.0882 2216 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:37:41.0929 2216 AsyncMac - ok
21:37:41.0945 2216 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:37:41.0960 2216 atapi - ok
21:37:41.0991 2216 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:37:42.0038 2216 AudioEndpointBuilder - ok
21:37:42.0038 2216 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:37:42.0085 2216 AudioSrv - ok
21:37:42.0101 2216 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:37:42.0179 2216 AxInstSV - ok
21:37:42.0210 2216 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:37:42.0241 2216 b06bdrv - ok
21:37:42.0257 2216 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:37:42.0288 2216 b57nd60a - ok
21:37:42.0303 2216 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:37:42.0335 2216 BDESVC - ok
21:37:42.0335 2216 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:37:42.0381 2216 Beep - ok
21:37:42.0413 2216 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:37:42.0459 2216 BFE - ok
21:37:42.0506 2216 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
21:37:42.0553 2216 BITS - ok
21:37:42.0600 2216 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:37:42.0615 2216 blbdrive - ok
21:37:42.0647 2216 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:37:42.0678 2216 bowser - ok
21:37:42.0693 2216 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:37:42.0725 2216 BrFiltLo - ok
21:37:42.0740 2216 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:37:42.0756 2216 BrFiltUp - ok
21:37:42.0771 2216 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:37:42.0818 2216 BridgeMP - ok
21:37:42.0849 2216 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:37:42.0896 2216 Browser - ok
21:37:42.0912 2216 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:37:42.0943 2216 Brserid - ok
21:37:42.0959 2216 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:37:42.0990 2216 BrSerWdm - ok
21:37:43.0005 2216 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:37:43.0021 2216 BrUsbMdm - ok
21:37:43.0037 2216 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:37:43.0052 2216 BrUsbSer - ok
21:37:43.0068 2216 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:37:43.0099 2216 BTHMODEM - ok
21:37:43.0115 2216 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:37:43.0161 2216 bthserv - ok
21:37:43.0161 2216 catchme - ok
21:37:43.0177 2216 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:37:43.0224 2216 cdfs - ok
21:37:43.0239 2216 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:37:43.0271 2216 cdrom - ok
21:37:43.0333 2216 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:37:43.0427 2216 CertPropSvc - ok
21:37:43.0458 2216 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:37:43.0473 2216 circlass - ok
21:37:43.0489 2216 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:37:43.0505 2216 CLFS - ok
21:37:43.0567 2216 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:37:43.0583 2216 clr_optimization_v2.0.50727_32 - ok
21:37:43.0629 2216 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:37:43.0645 2216 clr_optimization_v2.0.50727_64 - ok
21:37:43.0692 2216 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:37:43.0723 2216 clr_optimization_v4.0.30319_32 - ok
21:37:43.0739 2216 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:37:43.0739 2216 clr_optimization_v4.0.30319_64 - ok
21:37:43.0770 2216 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:37:43.0785 2216 CmBatt - ok
21:37:43.0817 2216 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:37:43.0817 2216 cmdide - ok
21:37:43.0848 2216 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:37:43.0863 2216 CNG - ok
21:37:43.0879 2216 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:37:43.0879 2216 Compbatt - ok
21:37:43.0895 2216 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:37:43.0926 2216 CompositeBus - ok
21:37:43.0926 2216 COMSysApp - ok
21:37:43.0941 2216 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:37:43.0957 2216 crcdisk - ok
21:37:43.0988 2216 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
21:37:44.0004 2216 CryptSvc - ok
21:37:44.0035 2216 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:37:44.0082 2216 DcomLaunch - ok
21:37:44.0097 2216 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:37:44.0144 2216 defragsvc - ok
21:37:44.0175 2216 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:37:44.0207 2216 DfsC - ok
21:37:44.0238 2216 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:37:44.0269 2216 Dhcp - ok
21:37:44.0285 2216 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:37:44.0316 2216 discache - ok
21:37:44.0347 2216 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:37:44.0347 2216 Disk - ok
21:37:44.0378 2216 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:37:44.0409 2216 Dnscache - ok
21:37:44.0441 2216 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:37:44.0487 2216 dot3svc - ok
21:37:44.0519 2216 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:37:44.0550 2216 DPS - ok
21:37:44.0565 2216 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:37:44.0597 2216 drmkaud - ok
21:37:44.0643 2216 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:37:44.0659 2216 DXGKrnl - ok
21:37:44.0675 2216 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:37:44.0721 2216 EapHost - ok
21:37:44.0799 2216 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:37:44.0846 2216 ebdrv - ok
21:37:44.0924 2216 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:37:44.0971 2216 EFS - ok
21:37:45.0018 2216 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:37:45.0049 2216 ehRecvr - ok
21:37:45.0065 2216 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:37:45.0080 2216 ehSched - ok
21:37:45.0111 2216 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:37:45.0127 2216 elxstor - ok
21:37:45.0158 2216 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:37:45.0174 2216 ErrDev - ok
21:37:45.0221 2216 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:37:45.0252 2216 EventSystem - ok
21:37:45.0283 2216 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:37:45.0314 2216 exfat - ok
21:37:45.0330 2216 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:37:45.0361 2216 fastfat - ok
21:37:45.0423 2216 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:37:45.0455 2216 Fax - ok
21:37:45.0470 2216 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:37:45.0486 2216 fdc - ok
21:37:45.0501 2216 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:37:45.0533 2216 fdPHost - ok
21:37:45.0548 2216 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:37:45.0579 2216 FDResPub - ok
21:37:45.0595 2216 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:37:45.0611 2216 FileInfo - ok
21:37:45.0611 2216 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:37:45.0657 2216 Filetrace - ok
21:37:45.0673 2216 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:37:45.0689 2216 flpydisk - ok
21:37:45.0720 2216 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:37:45.0735 2216 FltMgr - ok
21:37:45.0782 2216 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:37:45.0813 2216 FontCache - ok
21:37:45.0860 2216 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:37:45.0860 2216 FontCache3.0.0.0 - ok
21:37:45.0891 2216 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:37:45.0907 2216 FsDepends - ok
21:37:45.0923 2216 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:37:45.0938 2216 Fs_Rec - ok
21:37:45.0954 2216 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:37:45.0969 2216 fvevol - ok
21:37:45.0985 2216 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:37:46.0001 2216 gagp30kx - ok
21:37:46.0032 2216 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:37:46.0032 2216 GEARAspiWDM - ok
21:37:46.0079 2216 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:37:46.0110 2216 gpsvc - ok
21:37:46.0125 2216 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:37:46.0141 2216 hcw85cir - ok
21:37:46.0172 2216 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:37:46.0203 2216 HDAudBus - ok
21:37:46.0203 2216 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:37:46.0219 2216 HidBatt - ok
21:37:46.0235 2216 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:37:46.0250 2216 HidBth - ok
21:37:46.0266 2216 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:37:46.0281 2216 HidIr - ok
21:37:46.0297 2216 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
21:37:46.0328 2216 hidserv - ok
21:37:46.0359 2216 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:37:46.0375 2216 HidUsb - ok
21:37:46.0391 2216 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:37:46.0437 2216 hkmsvc - ok
21:37:46.0453 2216 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:37:46.0484 2216 HomeGroupListener - ok
21:37:46.0515 2216 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:37:46.0531 2216 HomeGroupProvider - ok
21:37:46.0593 2216 HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
21:37:46.0625 2216 HP Support Assistant Service - ok
21:37:46.0656 2216 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
21:37:46.0671 2216 HPDrvMntSvc.exe - ok
21:37:46.0703 2216 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
21:37:46.0718 2216 hpqwmiex - ok
21:37:46.0765 2216 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:37:46.0781 2216 HpSAMD - ok
21:37:46.0812 2216 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:37:46.0859 2216 HTTP - ok
21:37:46.0874 2216 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:37:46.0890 2216 hwpolicy - ok
21:37:46.0921 2216 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:37:46.0937 2216 i8042prt - ok
21:37:46.0968 2216 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:37:46.0983 2216 iaStorV - ok
21:37:47.0030 2216 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:37:47.0046 2216 idsvc - ok
21:37:47.0077 2216 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:37:47.0077 2216 iirsp - ok
21:37:47.0124 2216 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:37:47.0155 2216 IKEEXT - ok
21:37:47.0233 2216 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
21:37:47.0280 2216 IntcAzAudAddService - ok
21:37:47.0358 2216 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:37:47.0373 2216 intelide - ok
21:37:47.0389 2216 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:37:47.0420 2216 intelppm - ok
21:37:47.0436 2216 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:37:47.0467 2216 IPBusEnum - ok
21:37:47.0498 2216 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:37:47.0529 2216 IpFilterDriver - ok
21:37:47.0561 2216 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:37:47.0607 2216 iphlpsvc - ok
21:37:47.0639 2216 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:37:47.0654 2216 IPMIDRV - ok
21:37:47.0670 2216 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:37:47.0701 2216 IPNAT - ok
21:37:47.0717 2216 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:37:47.0732 2216 IRENUM - ok
21:37:47.0748 2216 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:37:47.0763 2216 isapnp - ok
21:37:47.0763 2216 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:37:47.0779 2216 iScsiPrt - ok
21:37:47.0810 2216 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:37:47.0810 2216 kbdclass - ok
21:37:47.0841 2216 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:37:47.0857 2216 kbdhid - ok
21:37:47.0888 2216 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:37:47.0888 2216 KeyIso - ok
21:37:47.0904 2216 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:37:47.0919 2216 KSecDD - ok
21:37:47.0935 2216 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:37:47.0951 2216 KSecPkg - ok
21:37:47.0966 2216 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:37:48.0013 2216 ksthunk - ok
21:37:48.0029 2216 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:37:48.0075 2216 KtmRm - ok
21:37:48.0107 2216 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
21:37:48.0138 2216 LanmanServer - ok
21:37:48.0169 2216 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:37:48.0200 2216 LanmanWorkstation - ok
21:37:48.0247 2216 LightScribeService (108333981c841eb0ff198aa5dfcf3d3b) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
21:37:48.0263 2216 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
21:37:48.0263 2216 LightScribeService - detected UnsignedFile.Multi.Generic (1)
21:37:48.0278 2216 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:37:48.0341 2216 lltdio - ok
21:37:48.0356 2216 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:37:48.0403 2216 lltdsvc - ok
21:37:48.0434 2216 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:37:48.0465 2216 lmhosts - ok
21:37:48.0543 2216 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:37:48.0575 2216 LSI_FC - ok
21:37:48.0575 2216 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:37:48.0590 2216 LSI_SAS - ok
21:37:48.0606 2216 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:37:48.0606 2216 LSI_SAS2 - ok
21:37:48.0621 2216 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:37:48.0637 2216 LSI_SCSI - ok
21:37:48.0637 2216 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:37:48.0684 2216 luafv - ok
21:37:48.0699 2216 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
21:37:48.0715 2216 MBAMProtector - ok
21:37:48.0746 2216 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:37:48.0762 2216 MBAMService - ok
21:37:48.0840 2216 McciCMService64 (be3d584d7c021eb7d89166eecb83c341) C:\Program Files\Common Files\Motive\McciCMService.exe
21:37:48.0855 2216 McciCMService64 ( UnsignedFile.Multi.Generic ) - warning
21:37:48.0855 2216 McciCMService64 - detected UnsignedFile.Multi.Generic (1)
21:37:48.0887 2216 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:37:48.0902 2216 Mcx2Svc - ok
21:37:48.0949 2216 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:37:48.0949 2216 megasas - ok
21:37:48.0965 2216 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:37:48.0980 2216 MegaSR - ok
21:37:49.0011 2216 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:37:49.0043 2216 MMCSS - ok
21:37:49.0058 2216 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:37:49.0089 2216 Modem - ok
21:37:49.0121 2216 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:37:49.0136 2216 monitor - ok
21:37:49.0152 2216 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:37:49.0167 2216 mouclass - ok
21:37:49.0183 2216 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:37:49.0199 2216 mouhid - ok
21:37:49.0230 2216 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:37:49.0230 2216 mountmgr - ok
21:37:49.0292 2216 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:37:49.0308 2216 MozillaMaintenance - ok
21:37:49.0339 2216 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:37:49.0355 2216 mpio - ok
21:37:49.0370 2216 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:37:49.0401 2216 mpsdrv - ok
21:37:49.0433 2216 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:37:49.0479 2216 MpsSvc - ok
21:37:49.0526 2216 MREMP50a64 - ok
21:37:49.0526 2216 MREMPR5 - ok
21:37:49.0542 2216 MRENDIS5 - ok
21:37:49.0542 2216 MRESP50a64 - ok
21:37:49.0573 2216 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:37:49.0589 2216 MRxDAV - ok
21:37:49.0620 2216 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:37:49.0635 2216 mrxsmb - ok
21:37:49.0667 2216 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:37:49.0682 2216 mrxsmb10 - ok
21:37:49.0698 2216 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:37:49.0713 2216 mrxsmb20 - ok
21:37:49.0729 2216 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:37:49.0729 2216 msahci - ok
21:37:49.0745 2216 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:37:49.0760 2216 msdsm - ok
21:37:49.0776 2216 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:37:49.0791 2216 MSDTC - ok
21:37:49.0823 2216 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:37:49.0854 2216 Msfs - ok
21:37:49.0869 2216 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:37:49.0901 2216 mshidkmdf - ok
21:37:49.0932 2216 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:37:49.0932 2216 msisadrv - ok
21:37:49.0963 2216 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:37:49.0994 2216 MSiSCSI - ok
21:37:49.0994 2216 msiserver - ok
21:37:49.0994 2216 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:37:50.0041 2216 MSKSSRV - ok
21:37:50.0057 2216 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:37:50.0088 2216 MSPCLOCK - ok
21:37:50.0103 2216 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:37:50.0135 2216 MSPQM - ok
21:37:50.0166 2216 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:37:50.0181 2216 MsRPC - ok
21:37:50.0213 2216 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:37:50.0228 2216 mssmbios - ok
21:37:50.0244 2216 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:37:50.0275 2216 MSTEE - ok
21:37:50.0291 2216 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:37:50.0291 2216 MTConfig - ok
21:37:50.0306 2216 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:37:50.0322 2216 Mup - ok
21:37:50.0353 2216 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:37:50.0400 2216 napagent - ok
21:37:50.0415 2216 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:37:50.0447 2216 NativeWifiP - ok
21:37:50.0462 2216 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:37:50.0493 2216 NDIS - ok
21:37:50.0509 2216 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:37:50.0540 2216 NdisCap - ok
21:37:50.0556 2216 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:37:50.0587 2216 NdisTapi - ok
21:37:50.0603 2216 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:37:50.0649 2216 Ndisuio - ok
21:37:50.0665 2216 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:37:50.0712 2216 NdisWan - ok
21:37:50.0743 2216 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:37:50.0774 2216 NDProxy - ok
21:37:50.0790 2216 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:37:50.0837 2216 NetBIOS - ok
21:37:50.0852 2216 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:37:50.0899 2216 NetBT - ok
21:37:50.0915 2216 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:37:50.0930 2216 Netlogon - ok
21:37:50.0961 2216 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:37:50.0993 2216 Netman - ok
21:37:51.0024 2216 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:37:51.0071 2216 netprofm - ok
21:37:51.0102 2216 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:37:51.0133 2216 NetTcpPortSharing - ok
21:37:51.0149 2216 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:37:51.0164 2216 nfrd960 - ok
21:37:51.0180 2216 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:37:51.0227 2216 NlaSvc - ok
21:37:51.0258 2216 nm3 (f554c5fd7bd1efa4da5cfe2eed86391f) C:\Windows\system32\DRIVERS\nm3.sys
21:37:51.0258 2216 nm3 - ok
21:37:51.0273 2216 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:37:51.0305 2216 Npfs - ok
21:37:51.0320 2216 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:37:51.0351 2216 nsi - ok
21:37:51.0367 2216 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:37:51.0398 2216 nsiproxy - ok
21:37:51.0445 2216 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:37:51.0476 2216 Ntfs - ok
21:37:51.0554 2216 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:37:51.0617 2216 Null - ok
21:37:51.0897 2216 nvlddmkm (c967514483fa30a0a352e70bb6414d1d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:37:52.0085 2216 nvlddmkm - ok
21:37:52.0163 2216 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
21:37:52.0178 2216 NVNET - ok
21:37:52.0209 2216 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:37:52.0225 2216 nvraid - ok
21:37:52.0241 2216 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:37:52.0256 2216 nvstor - ok
21:37:52.0272 2216 nvstor64 (6ba747b1a9297a6c0271700d12fdd495) C:\Windows\system32\DRIVERS\nvstor64.sys
21:37:52.0272 2216 nvstor64 - ok
21:37:52.0303 2216 nvsvc (e26706a65d97ef9188b1d7bfa23c96c2) C:\Windows\system32\nvvsvc.exe
21:37:52.0303 2216 nvsvc - ok
21:37:52.0334 2216 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:37:52.0334 2216 nv_agp - ok
21:37:52.0365 2216 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:37:52.0397 2216 ohci1394 - ok
21:37:52.0412 2216 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:37:52.0443 2216 p2pimsvc - ok
21:37:52.0475 2216 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:37:52.0490 2216 p2psvc - ok
21:37:52.0506 2216 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:37:52.0521 2216 Parport - ok
21:37:52.0537 2216 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
21:37:52.0553 2216 partmgr - ok
21:37:52.0553 2216 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:37:52.0584 2216 PcaSvc - ok
21:37:52.0599 2216 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:37:52.0615 2216 pci - ok
21:37:52.0631 2216 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:37:52.0646 2216 pciide - ok
21:37:52.0662 2216 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:37:52.0677 2216 pcmcia - ok
21:37:52.0677 2216 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:37:52.0693 2216 pcw - ok
21:37:52.0724 2216 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:37:52.0755 2216 PEAUTH - ok
21:37:52.0802 2216 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:37:52.0833 2216 PerfHost - ok
21:37:52.0880 2216 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:37:52.0927 2216 pla - ok
21:37:52.0958 2216 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:37:52.0974 2216 PlugPlay - ok
21:37:53.0005 2216 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:37:53.0005 2216 PNRPAutoReg - ok
21:37:53.0021 2216 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:37:53.0036 2216 PNRPsvc - ok
21:37:53.0067 2216 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:37:53.0114 2216 PolicyAgent - ok
21:37:53.0130 2216 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:37:53.0177 2216 Power - ok
21:37:53.0223 2216 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:37:53.0286 2216 PptpMiniport - ok
21:37:53.0317 2216 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:37:53.0333 2216 Processor - ok
21:37:53.0364 2216 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
21:37:53.0379 2216 ProfSvc - ok
21:37:53.0411 2216 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:37:53.0411 2216 ProtectedStorage - ok
21:37:53.0457 2216 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:37:53.0504 2216 Psched - ok
21:37:53.0645 2216 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:37:53.0691 2216 ql2300 - ok
21:37:53.0785 2216 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:37:53.0801 2216 ql40xx - ok
21:37:53.0816 2216 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:37:53.0847 2216 QWAVE - ok
21:37:53.0847 2216 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:37:53.0879 2216 QWAVEdrv - ok
21:37:53.0894 2216 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:37:53.0925 2216 RasAcd - ok
21:37:53.0925 2216 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:37:53.0957 2216 RasAgileVpn - ok
21:37:53.0972 2216 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:37:54.0003 2216 RasAuto - ok
21:37:54.0050 2216 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:37:54.0081 2216 Rasl2tp - ok
21:37:54.0113 2216 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:37:54.0144 2216 RasMan - ok
21:37:54.0175 2216 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:37:54.0222 2216 RasPppoe - ok
21:37:54.0237 2216 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:37:54.0269 2216 RasSstp - ok
21:37:54.0284 2216 rcmirror (96597c96d5acf4a3ef0b24d396853879) C:\Windows\system32\DRIVERS\rcmirror.sys
21:37:54.0315 2216 rcmirror - ok
21:37:54.0347 2216 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:37:54.0378 2216 rdbss - ok
21:37:54.0393 2216 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:37:54.0409 2216 rdpbus - ok
21:37:54.0425 2216 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:37:54.0456 2216 RDPCDD - ok
21:37:54.0471 2216 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:37:54.0518 2216 RDPENCDD - ok
21:37:54.0518 2216 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:37:54.0549 2216 RDPREFMP - ok
21:37:54.0581 2216 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
21:37:54.0596 2216 RDPWD - ok
21:37:54.0627 2216 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:37:54.0643 2216 rdyboost - ok
21:37:54.0659 2216 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:37:54.0690 2216 RemoteAccess - ok
21:37:54.0705 2216 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:37:54.0737 2216 RemoteRegistry - ok
21:37:54.0768 2216 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:37:54.0799 2216 RpcEptMapper - ok
21:37:54.0830 2216 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:37:54.0846 2216 RpcLocator - ok
21:37:54.0877 2216 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:37:54.0924 2216 RpcSs - ok
21:37:54.0939 2216 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:37:54.0971 2216 rspndr - ok
21:37:55.0002 2216 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:37:55.0002 2216 SamSs - ok
21:37:55.0033 2216 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:37:55.0049 2216 sbp2port - ok
21:37:55.0064 2216 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:37:55.0095 2216 SCardSvr - ok
21:37:55.0111 2216 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:37:55.0158 2216 scfilter - ok
21:37:55.0189 2216 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:37:55.0236 2216 Schedule - ok
21:37:55.0267 2216 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:37:55.0298 2216 SCPolicySvc - ok
21:37:55.0329 2216 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:37:55.0345 2216 SDRSVC - ok
21:37:55.0376 2216 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:37:55.0423 2216 secdrv - ok
21:37:55.0423 2216 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:37:55.0470 2216 seclogon - ok
21:37:55.0501 2216 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
21:37:55.0532 2216 SENS - ok
21:37:55.0548 2216 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:37:55.0579 2216 SensrSvc - ok
21:37:55.0595 2216 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:37:55.0610 2216 Serenum - ok
21:37:55.0626 2216 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:37:55.0641 2216 Serial - ok
21:37:55.0657 2216 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:37:55.0673 2216 sermouse - ok
21:37:55.0688 2216 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:37:55.0735 2216 SessionEnv - ok
21:37:55.0751 2216 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:37:55.0766 2216 sffdisk - ok
21:37:55.0782 2216 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:37:55.0813 2216 sffp_mmc - ok
21:37:55.0813 2216 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:37:55.0829 2216 sffp_sd - ok
21:37:55.0844 2216 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:37:55.0860 2216 sfloppy - ok
21:37:55.0875 2216 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:37:55.0922 2216 SharedAccess - ok
21:37:55.0938 2216 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:37:55.0985 2216 ShellHWDetection - ok
21:37:56.0000 2216 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:37:56.0016 2216 SiSRaid2 - ok
21:37:56.0016 2216 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:37:56.0031 2216 SiSRaid4 - ok
21:37:56.0063 2216 SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files (x86)\Skype\Updater\Updater.exe
21:37:56.0078 2216 SkypeUpdate - ok
21:37:56.0094 2216 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:37:56.0125 2216 Smb - ok
21:37:56.0156 2216 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:37:56.0172 2216 SNMPTRAP - ok
21:37:56.0187 2216 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:37:56.0187 2216 spldr - ok
21:37:56.0234 2216 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:37:56.0265 2216 Spooler - ok
21:37:56.0359 2216 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:37:56.0437 2216 sppsvc - ok
21:37:56.0515 2216 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:37:56.0562 2216 sppuinotify - ok
21:37:56.0609 2216 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:37:56.0640 2216 srv - ok
21:37:56.0655 2216 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:37:56.0655 2216 srv2 - ok
21:37:56.0671 2216 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:37:56.0687 2216 srvnet - ok
21:37:56.0718 2216 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:37:56.0749 2216 SSDPSRV - ok
21:37:56.0780 2216 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:37:56.0811 2216 SstpSvc - ok
21:37:56.0827 2216 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:37:56.0843 2216 stexstor - ok
21:37:56.0874 2216 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:37:56.0905 2216 stisvc - ok
21:37:56.0921 2216 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:37:56.0936 2216 swenum - ok
21:37:56.0952 2216 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:37:56.0983 2216 swprv - ok
21:37:57.0045 2216 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:37:57.0092 2216 SysMain - ok
21:37:57.0155 2216 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:37:57.0170 2216 TabletInputService - ok
21:37:57.0186 2216 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:37:57.0233 2216 TapiSrv - ok
21:37:57.0248 2216 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:37:57.0279 2216 TBS - ok
21:37:57.0342 2216 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
21:37:57.0373 2216 Tcpip - ok
21:37:57.0451 2216 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
21:37:57.0482 2216 TCPIP6 - ok
21:37:57.0560 2216 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:37:57.0591 2216 tcpipreg - ok
21:37:57.0607 2216 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:37:57.0638 2216 TDPIPE - ok
21:37:57.0654 2216 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:37:57.0669 2216 TDTCP - ok
21:37:57.0701 2216 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:37:57.0732 2216 tdx - ok
21:37:57.0825 2216 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
21:37:57.0872 2216 TeamViewer7 - ok
21:37:57.0935 2216 teamviewervpn (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
21:37:57.0966 2216 teamviewervpn - ok
21:37:57.0997 2216 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:37:57.0997 2216 TermDD - ok
21:37:58.0044 2216 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:37:58.0091 2216 TermService - ok
21:37:58.0122 2216 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:37:58.0137 2216 Themes - ok
21:37:58.0153 2216 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:37:58.0184 2216 THREADORDER - ok
21:37:58.0200 2216 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:37:58.0231 2216 TrkWks - ok
21:37:58.0278 2216 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:37:58.0340 2216 TrustedInstaller - ok
21:37:58.0356 2216 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:37:58.0403 2216 tssecsrv - ok
21:37:58.0418 2216 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:37:58.0434 2216 TsUsbFlt - ok
21:37:58.0465 2216 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:37:58.0512 2216 tunnel - ok
21:37:58.0527 2216 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:37:58.0527 2216 uagp35 - ok
21:37:58.0559 2216 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:37:58.0605 2216 udfs - ok
21:37:58.0637 2216 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:37:58.0637 2216 UI0Detect - ok
21:37:58.0668 2216 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:37:58.0683 2216 uliagpkx - ok
21:37:58.0699 2216 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:37:58.0699 2216 umbus - ok
21:37:58.0715 2216 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:37:58.0730 2216 UmPass - ok
21:37:58.0761 2216 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:37:58.0793 2216 upnphost - ok
21:37:58.0808 2216 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:37:58.0824 2216 usbccgp - ok
21:37:58.0839 2216 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:37:58.0855 2216 usbcir - ok
21:37:58.0871 2216 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:37:58.0886 2216 usbehci - ok
21:37:58.0902 2216 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:37:58.0917 2216 usbhub - ok
21:37:58.0933 2216 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
21:37:58.0949 2216 usbohci - ok
21:37:58.0964 2216 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:37:58.0995 2216 usbprint - ok
21:37:59.0011 2216 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:37:59.0042 2216 usbscan - ok
21:37:59.0058 2216 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:37:59.0089 2216 USBSTOR - ok
21:37:59.0105 2216 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:37:59.0120 2216 usbuhci - ok
21:37:59.0136 2216 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:37:59.0183 2216 UxSms - ok
21:37:59.0214 2216 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:37:59.0214 2216 VaultSvc - ok
21:37:59.0229 2216 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:37:59.0229 2216 vdrvroot - ok
21:37:59.0261 2216 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:37:59.0307 2216 vds - ok
21:37:59.0323 2216 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:37:59.0323 2216 vga - ok
21:37:59.0339 2216 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:37:59.0385 2216 VgaSave - ok
21:37:59.0417 2216 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:37:59.0417 2216 vhdmp - ok
21:37:59.0432 2216 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:37:59.0448 2216 viaide - ok
21:37:59.0463 2216 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:37:59.0463 2216 volmgr - ok
21:37:59.0495 2216 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:37:59.0510 2216 volmgrx - ok
21:37:59.0541 2216 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:37:59.0557 2216 volsnap - ok
21:37:59.0573 2216 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:37:59.0573 2216 vsmraid - ok
21:37:59.0635 2216 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:37:59.0682 2216 VSS - ok
21:37:59.0744 2216 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:37:59.0791 2216 vwifibus - ok
21:37:59.0822 2216 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:37:59.0853 2216 W32Time - ok
21:37:59.0869 2216 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:37:59.0900 2216 WacomPen - ok
21:37:59.0916 2216 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:37:59.0963 2216 WANARP - ok
21:37:59.0963 2216 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:37:59.0994 2216 Wanarpv6 - ok
21:38:00.0041 2216 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:38:00.0056 2216 WatAdminSvc - ok
21:38:00.0119 2216 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:38:00.0150 2216 wbengine - ok
21:38:00.0228 2216 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:38:00.0259 2216 WbioSrvc - ok
21:38:00.0290 2216 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:38:00.0306 2216 wcncsvc - ok
21:38:00.0321 2216 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:38:00.0337 2216 WcsPlugInService - ok
21:38:00.0368 2216 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:38:00.0384 2216 Wd - ok
21:38:00.0399 2216 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:38:00.0415 2216 Wdf01000 - ok
21:38:00.0431 2216 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:38:00.0509 2216 WdiServiceHost - ok
21:38:00.0524 2216 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:38:00.0540 2216 WdiSystemHost - ok
21:38:00.0571 2216 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:38:00.0602 2216 WebClient - ok
21:38:00.0618 2216 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:38:00.0665 2216 Wecsvc - ok
21:38:00.0680 2216 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:38:00.0711 2216 wercplsupport - ok
21:38:00.0711 2216 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:38:00.0743 2216 WerSvc - ok
21:38:00.0789 2216 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:38:00.0836 2216 WfpLwf - ok
21:38:00.0852 2216 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:38:00.0852 2216 WIMMount - ok
21:38:00.0883 2216 WinDefend - ok
21:38:00.0883 2216 WinHttpAutoProxySvc - ok
21:38:00.0945 2216 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:38:00.0992 2216 Winmgmt - ok
21:38:01.0055 2216 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:38:01.0101 2216 WinRM - ok
21:38:01.0211 2216 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:38:01.0242 2216 Wlansvc - ok
21:38:01.0289 2216 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:38:01.0320 2216 WmiAcpi - ok
21:38:01.0367 2216 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:38:01.0398 2216 wmiApSrv - ok
21:38:01.0429 2216 WMPNetworkSvc - ok
21:38:01.0460 2216 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:38:01.0491 2216 WPCSvc - ok
21:38:01.0523 2216 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:38:01.0538 2216 WPDBusEnum - ok
21:38:01.0554 2216 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:38:01.0585 2216 ws2ifsl - ok
21:38:01.0601 2216 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
21:38:01.0616 2216 wscsvc - ok
21:38:01.0632 2216 WSearch - ok
21:38:01.0694 2216 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
21:38:01.0757 2216 wuauserv - ok
21:38:01.0835 2216 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:38:01.0913 2216 WudfPf - ok
21:38:01.0913 2216 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:38:01.0959 2216 WUDFRd - ok
21:38:01.0991 2216 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:38:02.0022 2216 wudfsvc - ok
21:38:02.0037 2216 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:38:02.0069 2216 WwanSvc - ok
21:38:02.0084 2216 MBR (0x1B8) (a5b154d4f8d7652cdc798e81446ea5d5) \Device\Harddisk0\DR0
21:38:02.0240 2216 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:38:02.0240 2216 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:38:02.0240 2216 Boot (0x1200) (d1d43bbf62cbc1966edbc3328a1be677) \Device\Harddisk0\DR0\Partition0
21:38:02.0240 2216 \Device\Harddisk0\DR0\Partition0 - ok
21:38:02.0271 2216 Boot (0x1200) (cc7910e32c6928ee463e83c1f400a988) \Device\Harddisk0\DR0\Partition1
21:38:02.0271 2216 \Device\Harddisk0\DR0\Partition1 - ok
21:38:02.0303 2216 Boot (0x1200) (1ee363b586308bcd5baebea8a3188fd3) \Device\Harddisk0\DR0\Partition2
21:38:02.0303 2216 \Device\Harddisk0\DR0\Partition2 - ok
21:38:02.0303 2216 ============================================================
21:38:02.0303 2216 Scan finished
21:38:02.0303 2216 ============================================================
21:38:02.0365 2952 Detected object count: 3
21:38:02.0365 2952 Actual detected object count: 3
21:38:31.0755 2952 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
21:38:31.0755 2952 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:38:31.0771 2952 McciCMService64 ( UnsignedFile.Multi.Generic ) - skipped by user
21:38:31.0771 2952 McciCMService64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:38:31.0771 2952 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
21:38:31.0771 2952 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
21:41:24.0569 1612 Deinitialize success

=======
aswMBR
=======
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-21 21:41:44
-----------------------------
21:41:44.877 OS Version: Windows x64 6.1.7601 Service Pack 1
21:41:44.877 Number of processors: 2 586 0x602
21:41:44.877 ComputerName: STING-PC UserName: gabe
21:41:46.921 Initialize success
21:48:01.266 AVAST engine defs: 12062101
21:48:29.003 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000053
21:48:29.018 Disk 0 Vendor: ST350041 HP34 Size: 476940MB BusType: 3
21:48:29.034 Disk 0 MBR read successfully
21:48:29.034 Disk 0 MBR scan
21:48:29.049 Disk 0 unknown MBR code
21:48:29.049 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:48:29.065 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 464611 MB offset 206848
21:48:29.081 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12227 MB offset 951730176
21:48:29.127 Disk 0 scanning C:\Windows\system32\drivers
21:48:38.815 Service scanning
21:48:55.725 Modules scanning
21:48:55.741 Disk 0 trace - called modules:
21:48:55.757 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
21:48:56.271 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80047f2470]
21:48:56.271 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8004689040]
21:48:56.287 5 ACPI.sys[fffff88000f727a1] -> nt!IofCallDriver -> \Device\00000053[0xfffffa80046899c0]
21:49:04.149 AVAST engine scan C:\Windows
21:49:06.287 AVAST engine scan C:\Windows\system32
21:51:35.969 AVAST engine scan C:\Windows\system32\drivers
21:51:47.091 AVAST engine scan C:\Users\gabe
21:51:54.221 AVAST engine scan C:\ProgramData
21:52:25.171 Scan finished successfully
21:53:39.458 Disk 0 MBR has been saved successfully to "C:\Users\gabe\Desktop\MBR.dat"
21:53:39.458 The log file has been saved successfully to "C:\Users\gabe\Desktop\aswMBR.txt"

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:08 AM

Posted 22 June 2012 - 12:30 AM

greetings

please run TDSSKiller once more and when it detects

21:38:31.0771 2952 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
21:38:31.0771 2952 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip


select fix this time - the other items it detected are fine


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 kaiso

kaiso
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 22 June 2012 - 02:49 AM

Greetings,

The selections I have are Skip, Copy to Quarantine, and Delete. Reluctant to proceed without your advice? Thank you. After this is resolved will you advise how to remove these apps please? Combofix = via Run combofix /Uninstall?

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:08 AM

Posted 22 June 2012 - 03:25 AM

choose delete and of course I will tell you how to remove all the tools



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 kaiso

kaiso
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 22 June 2012 - 10:58 AM

Greetings,

Deleted. Result: "1 threat neutralized". Redirects in original post were random. That is, out of 10 addresses/links (never the same), they occurred ~4-5 times; unable to track. Redirects now: out of 10 addresses/links: 0 redirects. Ping-like activity in original post was 80% due to geo.kaspersky.com. Subsequent to removal of Kaspersky Pure, it removed another 10-15% (visual only; no tools). Now: the PC is quiet; untraceable IPs are no longer showing in the firewall.

ComboFix deleted the c:/windows/system32/drivers/etc/hosts. Upon completion, may I reinstall the MVPS hosts file? Thank you.

#11 kaiso

kaiso
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 22 June 2012 - 01:03 PM

Gringo,

I had to shut-down for the utility company. On reboot, the ping-like disk activity returned. However, it no longer has the bursts of activity as previously referenced. This may be benign?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:08 AM

Posted 22 June 2012 - 06:37 PM

greetings


send me a new tdsskiller report and then we will move from there



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 kaiso

kaiso
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 22 June 2012 - 06:51 PM

Greetings, all items checked.

16:46:26.0356 3104 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
16:46:26.0871 3104 ============================================================
16:46:26.0871 3104 Current date / time: 2012/06/22 16:46:26.0871
16:46:26.0871 3104 SystemInfo:
16:46:26.0871 3104
16:46:26.0871 3104 OS Version: 6.1.7601 ServicePack: 1.0
16:46:26.0871 3104 Product type: Workstation
16:46:26.0871 3104 ComputerName: STING-PC
16:46:26.0887 3104 UserName: gabe
16:46:26.0887 3104 Windows directory: C:\Windows
16:46:26.0887 3104 System windows directory: C:\Windows
16:46:26.0887 3104 Running under WOW64
16:46:26.0887 3104 Processor architecture: Intel x64
16:46:26.0887 3104 Number of processors: 2
16:46:26.0887 3104 Page size: 0x1000
16:46:26.0887 3104 Boot type: Normal boot
16:46:26.0887 3104 ============================================================
16:46:27.0604 3104 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
16:46:27.0620 3104 ============================================================
16:46:27.0620 3104 \Device\Harddisk0\DR0:
16:46:27.0620 3104 MBR partitions:
16:46:27.0620 3104 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:46:27.0620 3104 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x38B71800
16:46:27.0620 3104 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38BA4000, BlocksNum 0x17E1800
16:46:27.0620 3104 ============================================================
16:46:27.0635 3104 C: <-> \Device\Harddisk0\DR0\Partition1
16:46:27.0667 3104 D: <-> \Device\Harddisk0\DR0\Partition2
16:46:27.0667 3104 ============================================================
16:46:27.0667 3104 Initialize success
16:46:27.0667 3104 ============================================================
16:46:35.0981 2168 ============================================================
16:46:35.0981 2168 Scan started
16:46:35.0981 2168 Mode: Manual; SigCheck; TDLFS;
16:46:35.0981 2168 ============================================================
16:46:36.0605 2168 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:46:36.0683 2168 1394ohci - ok
16:46:36.0715 2168 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:46:36.0730 2168 ACPI - ok
16:46:36.0761 2168 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:46:36.0808 2168 AcpiPmi - ok
16:46:36.0871 2168 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:46:36.0886 2168 AdobeARMservice - ok
16:46:36.0917 2168 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:46:36.0949 2168 adp94xx - ok
16:46:36.0964 2168 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:46:36.0980 2168 adpahci - ok
16:46:36.0995 2168 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:46:37.0011 2168 adpu320 - ok
16:46:37.0042 2168 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:46:37.0089 2168 AeLookupSvc - ok
16:46:37.0136 2168 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:46:37.0167 2168 AFD - ok
16:46:37.0229 2168 AgereModemAudio (48008d4ea73c1058f36d323a644410d4) C:\Program Files\LSI SoftModem\agr64svc.exe
16:46:37.0245 2168 AgereModemAudio - ok
16:46:37.0292 2168 AgereSoftModem (ddf52c4c92d831a4cdb7788b37585e36) C:\Windows\system32\DRIVERS\agrsm64.sys
16:46:37.0339 2168 AgereSoftModem - ok
16:46:37.0370 2168 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:46:37.0385 2168 agp440 - ok
16:46:37.0417 2168 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:46:37.0432 2168 ALG - ok
16:46:37.0463 2168 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:46:37.0479 2168 aliide - ok
16:46:37.0495 2168 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:46:37.0495 2168 amdide - ok
16:46:37.0526 2168 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:46:37.0557 2168 AmdK8 - ok
16:46:37.0573 2168 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:46:37.0604 2168 AmdPPM - ok
16:46:37.0651 2168 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:46:37.0651 2168 amdsata - ok
16:46:37.0682 2168 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:46:37.0697 2168 amdsbs - ok
16:46:37.0697 2168 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:46:37.0713 2168 amdxata - ok
16:46:37.0729 2168 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:46:37.0775 2168 AppID - ok
16:46:37.0791 2168 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:46:37.0822 2168 AppIDSvc - ok
16:46:37.0869 2168 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:46:37.0916 2168 Appinfo - ok
16:46:37.0963 2168 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:46:37.0978 2168 arc - ok
16:46:37.0994 2168 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:46:37.0994 2168 arcsas - ok
16:46:38.0025 2168 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:46:38.0072 2168 AsyncMac - ok
16:46:38.0150 2168 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:46:38.0150 2168 atapi - ok
16:46:38.0212 2168 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:46:38.0259 2168 AudioEndpointBuilder - ok
16:46:38.0275 2168 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:46:38.0306 2168 AudioSrv - ok
16:46:38.0337 2168 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:46:38.0368 2168 AxInstSV - ok
16:46:38.0399 2168 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:46:38.0431 2168 b06bdrv - ok
16:46:38.0462 2168 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:46:38.0493 2168 b57nd60a - ok
16:46:38.0524 2168 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:46:38.0540 2168 BDESVC - ok
16:46:38.0555 2168 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:46:38.0602 2168 Beep - ok
16:46:38.0665 2168 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:46:38.0711 2168 BFE - ok
16:46:38.0743 2168 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
16:46:38.0789 2168 BITS - ok
16:46:38.0836 2168 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:46:38.0852 2168 blbdrive - ok
16:46:38.0883 2168 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:46:38.0899 2168 bowser - ok
16:46:38.0930 2168 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:46:38.0977 2168 BrFiltLo - ok
16:46:38.0992 2168 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:46:39.0008 2168 BrFiltUp - ok
16:46:39.0023 2168 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
16:46:39.0070 2168 BridgeMP - ok
16:46:39.0101 2168 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:46:39.0133 2168 Browser - ok
16:46:39.0164 2168 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:46:39.0179 2168 Brserid - ok
16:46:39.0195 2168 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:46:39.0226 2168 BrSerWdm - ok
16:46:39.0242 2168 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:46:39.0273 2168 BrUsbMdm - ok
16:46:39.0273 2168 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:46:39.0304 2168 BrUsbSer - ok
16:46:39.0320 2168 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:46:39.0335 2168 BTHMODEM - ok
16:46:39.0367 2168 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:46:39.0413 2168 bthserv - ok
16:46:39.0429 2168 catchme - ok
16:46:39.0460 2168 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:46:39.0507 2168 cdfs - ok
16:46:39.0554 2168 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:46:39.0569 2168 cdrom - ok
16:46:39.0601 2168 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:46:39.0647 2168 CertPropSvc - ok
16:46:39.0679 2168 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:46:39.0694 2168 circlass - ok
16:46:39.0725 2168 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:46:39.0741 2168 CLFS - ok
16:46:39.0803 2168 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:46:39.0803 2168 clr_optimization_v2.0.50727_32 - ok
16:46:39.0850 2168 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:46:39.0866 2168 clr_optimization_v2.0.50727_64 - ok
16:46:39.0928 2168 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:46:39.0928 2168 clr_optimization_v4.0.30319_32 - ok
16:46:39.0959 2168 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:46:39.0975 2168 clr_optimization_v4.0.30319_64 - ok
16:46:40.0006 2168 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:46:40.0022 2168 CmBatt - ok
16:46:40.0053 2168 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:46:40.0053 2168 cmdide - ok
16:46:40.0100 2168 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:46:40.0115 2168 CNG - ok
16:46:40.0147 2168 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:46:40.0147 2168 Compbatt - ok
16:46:40.0162 2168 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:46:40.0193 2168 CompositeBus - ok
16:46:40.0209 2168 COMSysApp - ok
16:46:40.0225 2168 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:46:40.0225 2168 crcdisk - ok
16:46:40.0271 2168 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
16:46:40.0287 2168 CryptSvc - ok
16:46:40.0334 2168 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:46:40.0381 2168 DcomLaunch - ok
16:46:40.0396 2168 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:46:40.0443 2168 defragsvc - ok
16:46:40.0474 2168 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:46:40.0521 2168 DfsC - ok
16:46:40.0568 2168 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:46:40.0599 2168 Dhcp - ok
16:46:40.0615 2168 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:46:40.0646 2168 discache - ok
16:46:40.0661 2168 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:46:40.0677 2168 Disk - ok
16:46:40.0708 2168 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:46:40.0739 2168 Dnscache - ok
16:46:40.0771 2168 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:46:40.0802 2168 dot3svc - ok
16:46:40.0817 2168 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:46:40.0849 2168 DPS - ok
16:46:40.0880 2168 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:46:40.0895 2168 drmkaud - ok
16:46:40.0958 2168 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:46:40.0973 2168 DXGKrnl - ok
16:46:40.0989 2168 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:46:41.0036 2168 EapHost - ok
16:46:41.0114 2168 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:46:41.0192 2168 ebdrv - ok
16:46:41.0254 2168 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:46:41.0285 2168 EFS - ok
16:46:41.0332 2168 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:46:41.0363 2168 ehRecvr - ok
16:46:41.0379 2168 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:46:41.0395 2168 ehSched - ok
16:46:41.0441 2168 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:46:41.0457 2168 elxstor - ok
16:46:41.0488 2168 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:46:41.0519 2168 ErrDev - ok
16:46:41.0613 2168 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:46:41.0644 2168 EventSystem - ok
16:46:41.0660 2168 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:46:41.0691 2168 exfat - ok
16:46:41.0707 2168 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:46:41.0753 2168 fastfat - ok
16:46:41.0800 2168 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:46:41.0831 2168 Fax - ok
16:46:41.0847 2168 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:46:41.0863 2168 fdc - ok
16:46:41.0894 2168 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:46:41.0925 2168 fdPHost - ok
16:46:41.0925 2168 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:46:41.0956 2168 FDResPub - ok
16:46:41.0956 2168 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:46:41.0972 2168 FileInfo - ok
16:46:41.0987 2168 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:46:42.0034 2168 Filetrace - ok
16:46:42.0050 2168 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:46:42.0050 2168 flpydisk - ok
16:46:42.0097 2168 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:46:42.0112 2168 FltMgr - ok
16:46:42.0159 2168 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:46:42.0190 2168 FontCache - ok
16:46:42.0253 2168 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:46:42.0253 2168 FontCache3.0.0.0 - ok
16:46:42.0284 2168 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:46:42.0299 2168 FsDepends - ok
16:46:42.0331 2168 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:46:42.0331 2168 Fs_Rec - ok
16:46:42.0377 2168 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:46:42.0393 2168 fvevol - ok
16:46:42.0409 2168 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:46:42.0424 2168 gagp30kx - ok
16:46:42.0455 2168 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:46:42.0455 2168 GEARAspiWDM - ok
16:46:42.0518 2168 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:46:42.0565 2168 gpsvc - ok
16:46:42.0565 2168 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:46:42.0580 2168 hcw85cir - ok
16:46:42.0611 2168 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:46:42.0643 2168 HDAudBus - ok
16:46:42.0643 2168 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:46:42.0658 2168 HidBatt - ok
16:46:42.0674 2168 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:46:42.0689 2168 HidBth - ok
16:46:42.0705 2168 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:46:42.0721 2168 HidIr - ok
16:46:42.0752 2168 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
16:46:42.0783 2168 hidserv - ok
16:46:42.0830 2168 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:46:42.0830 2168 HidUsb - ok
16:46:42.0861 2168 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:46:42.0908 2168 hkmsvc - ok
16:46:42.0939 2168 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:46:42.0955 2168 HomeGroupListener - ok
16:46:42.0986 2168 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:46:43.0017 2168 HomeGroupProvider - ok
16:46:43.0079 2168 HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
16:46:43.0095 2168 HP Support Assistant Service - ok
16:46:43.0157 2168 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
16:46:43.0157 2168 HPDrvMntSvc.exe - ok
16:46:43.0189 2168 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
16:46:43.0220 2168 hpqwmiex - ok
16:46:43.0267 2168 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:46:43.0267 2168 HpSAMD - ok
16:46:43.0329 2168 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:46:43.0376 2168 HTTP - ok
16:46:43.0391 2168 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:46:43.0407 2168 hwpolicy - ok
16:46:43.0454 2168 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
16:46:43.0454 2168 i8042prt - ok
16:46:43.0501 2168 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:46:43.0516 2168 iaStorV - ok
16:46:43.0563 2168 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:46:43.0579 2168 idsvc - ok
16:46:43.0610 2168 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:46:43.0625 2168 iirsp - ok
16:46:43.0672 2168 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:46:43.0703 2168 IKEEXT - ok
16:46:43.0797 2168 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
16:46:43.0844 2168 IntcAzAudAddService - ok
16:46:43.0922 2168 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:46:43.0937 2168 intelide - ok
16:46:43.0953 2168 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:46:43.0969 2168 intelppm - ok
16:46:44.0000 2168 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:46:44.0047 2168 IPBusEnum - ok
16:46:44.0078 2168 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:46:44.0109 2168 IpFilterDriver - ok
16:46:44.0140 2168 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:46:44.0171 2168 iphlpsvc - ok
16:46:44.0203 2168 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:46:44.0234 2168 IPMIDRV - ok
16:46:44.0249 2168 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:46:44.0296 2168 IPNAT - ok
16:46:44.0312 2168 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:46:44.0327 2168 IRENUM - ok
16:46:44.0343 2168 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:46:44.0343 2168 isapnp - ok
16:46:44.0374 2168 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:46:44.0390 2168 iScsiPrt - ok
16:46:44.0421 2168 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:46:44.0437 2168 kbdclass - ok
16:46:44.0468 2168 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:46:44.0483 2168 kbdhid - ok
16:46:44.0515 2168 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:46:44.0515 2168 KeyIso - ok
16:46:44.0546 2168 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:46:44.0561 2168 KSecDD - ok
16:46:44.0577 2168 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:46:44.0593 2168 KSecPkg - ok
16:46:44.0624 2168 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:46:44.0655 2168 ksthunk - ok
16:46:44.0686 2168 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:46:44.0733 2168 KtmRm - ok
16:46:44.0780 2168 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
16:46:44.0811 2168 LanmanServer - ok
16:46:44.0842 2168 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:46:44.0889 2168 LanmanWorkstation - ok
16:46:44.0936 2168 LightScribeService (108333981c841eb0ff198aa5dfcf3d3b) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
16:46:44.0936 2168 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
16:46:44.0936 2168 LightScribeService - detected UnsignedFile.Multi.Generic (1)
16:46:44.0983 2168 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:46:45.0029 2168 lltdio - ok
16:46:45.0045 2168 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:46:45.0092 2168 lltdsvc - ok
16:46:45.0107 2168 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:46:45.0139 2168 lmhosts - ok
16:46:45.0170 2168 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:46:45.0170 2168 LSI_FC - ok
16:46:45.0185 2168 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:46:45.0201 2168 LSI_SAS - ok
16:46:45.0217 2168 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:46:45.0217 2168 LSI_SAS2 - ok
16:46:45.0232 2168 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:46:45.0248 2168 LSI_SCSI - ok
16:46:45.0279 2168 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:46:45.0310 2168 luafv - ok
16:46:45.0357 2168 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
16:46:45.0373 2168 MBAMProtector - ok
16:46:45.0435 2168 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:46:45.0451 2168 MBAMService - ok
16:46:45.0529 2168 McciCMService64 (be3d584d7c021eb7d89166eecb83c341) C:\Program Files\Common Files\Motive\McciCMService.exe
16:46:45.0544 2168 McciCMService64 ( UnsignedFile.Multi.Generic ) - warning
16:46:45.0544 2168 McciCMService64 - detected UnsignedFile.Multi.Generic (1)
16:46:45.0607 2168 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:46:45.0622 2168 Mcx2Svc - ok
16:46:45.0669 2168 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:46:45.0669 2168 megasas - ok
16:46:45.0700 2168 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:46:45.0716 2168 MegaSR - ok
16:46:45.0747 2168 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:46:45.0794 2168 MMCSS - ok
16:46:45.0794 2168 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:46:45.0825 2168 Modem - ok
16:46:45.0872 2168 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:46:45.0887 2168 monitor - ok
16:46:45.0934 2168 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:46:45.0934 2168 mouclass - ok
16:46:45.0965 2168 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:46:45.0981 2168 mouhid - ok
16:46:46.0012 2168 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:46:46.0028 2168 mountmgr - ok
16:46:46.0090 2168 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:46:46.0106 2168 MozillaMaintenance - ok
16:46:46.0121 2168 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:46:46.0137 2168 mpio - ok
16:46:46.0153 2168 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:46:46.0184 2168 mpsdrv - ok
16:46:46.0231 2168 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:46:46.0277 2168 MpsSvc - ok
16:46:46.0324 2168 MREMP50a64 - ok
16:46:46.0324 2168 MREMPR5 - ok
16:46:46.0340 2168 MRENDIS5 - ok
16:46:46.0340 2168 MRESP50a64 - ok
16:46:46.0371 2168 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:46:46.0402 2168 MRxDAV - ok
16:46:46.0418 2168 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:46:46.0465 2168 mrxsmb - ok
16:46:46.0496 2168 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:46:46.0511 2168 mrxsmb10 - ok
16:46:46.0527 2168 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:46:46.0543 2168 mrxsmb20 - ok
16:46:46.0574 2168 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:46:46.0574 2168 msahci - ok
16:46:46.0589 2168 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:46:46.0605 2168 msdsm - ok
16:46:46.0621 2168 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:46:46.0652 2168 MSDTC - ok
16:46:46.0683 2168 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:46:46.0714 2168 Msfs - ok
16:46:46.0730 2168 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:46:46.0761 2168 mshidkmdf - ok
16:46:46.0792 2168 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:46:46.0792 2168 msisadrv - ok
16:46:46.0823 2168 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:46:46.0855 2168 MSiSCSI - ok
16:46:46.0855 2168 msiserver - ok
16:46:46.0886 2168 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:46:46.0917 2168 MSKSSRV - ok
16:46:46.0933 2168 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:46:46.0979 2168 MSPCLOCK - ok
16:46:46.0979 2168 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:46:47.0026 2168 MSPQM - ok
16:46:47.0057 2168 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:46:47.0073 2168 MsRPC - ok
16:46:47.0120 2168 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:46:47.0120 2168 mssmbios - ok
16:46:47.0135 2168 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:46:47.0182 2168 MSTEE - ok
16:46:47.0198 2168 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:46:47.0213 2168 MTConfig - ok
16:46:47.0229 2168 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:46:47.0245 2168 Mup - ok
16:46:47.0276 2168 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:46:47.0323 2168 napagent - ok
16:46:47.0369 2168 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:46:47.0401 2168 NativeWifiP - ok
16:46:47.0447 2168 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:46:47.0463 2168 NDIS - ok
16:46:47.0479 2168 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:46:47.0510 2168 NdisCap - ok
16:46:47.0541 2168 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:46:47.0572 2168 NdisTapi - ok
16:46:47.0588 2168 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:46:47.0635 2168 Ndisuio - ok
16:46:47.0650 2168 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:46:47.0697 2168 NdisWan - ok
16:46:47.0728 2168 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:46:47.0759 2168 NDProxy - ok
16:46:47.0791 2168 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:46:47.0837 2168 NetBIOS - ok
16:46:47.0853 2168 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:46:47.0900 2168 NetBT - ok
16:46:47.0931 2168 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:46:47.0931 2168 Netlogon - ok
16:46:47.0978 2168 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:46:48.0025 2168 Netman - ok
16:46:48.0040 2168 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:46:48.0087 2168 netprofm - ok
16:46:48.0134 2168 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:46:48.0149 2168 NetTcpPortSharing - ok
16:46:48.0181 2168 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:46:48.0181 2168 nfrd960 - ok
16:46:48.0227 2168 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:46:48.0259 2168 NlaSvc - ok
16:46:48.0305 2168 nm3 (f554c5fd7bd1efa4da5cfe2eed86391f) C:\Windows\system32\DRIVERS\nm3.sys
16:46:48.0321 2168 nm3 - ok
16:46:48.0337 2168 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:46:48.0352 2168 Npfs - ok
16:46:48.0383 2168 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:46:48.0415 2168 nsi - ok
16:46:48.0446 2168 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:46:48.0461 2168 nsiproxy - ok
16:46:48.0524 2168 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:46:48.0571 2168 Ntfs - ok
16:46:48.0633 2168 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:46:48.0680 2168 Null - ok
16:46:49.0023 2168 nvlddmkm (c967514483fa30a0a352e70bb6414d1d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:46:49.0226 2168 nvlddmkm - ok
16:46:49.0273 2168 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
16:46:49.0288 2168 NVNET - ok
16:46:49.0319 2168 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:46:49.0319 2168 nvraid - ok
16:46:49.0335 2168 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:46:49.0351 2168 nvstor - ok
16:46:49.0382 2168 nvstor64 (6ba747b1a9297a6c0271700d12fdd495) C:\Windows\system32\DRIVERS\nvstor64.sys
16:46:49.0382 2168 nvstor64 - ok
16:46:49.0429 2168 nvsvc (e26706a65d97ef9188b1d7bfa23c96c2) C:\Windows\system32\nvvsvc.exe
16:46:49.0444 2168 nvsvc - ok
16:46:49.0460 2168 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:46:49.0475 2168 nv_agp - ok
16:46:49.0507 2168 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:46:49.0522 2168 ohci1394 - ok
16:46:49.0553 2168 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:46:49.0585 2168 p2pimsvc - ok
16:46:49.0600 2168 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:46:49.0616 2168 p2psvc - ok
16:46:49.0647 2168 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:46:49.0663 2168 Parport - ok
16:46:49.0678 2168 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
16:46:49.0694 2168 partmgr - ok
16:46:49.0709 2168 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:46:49.0725 2168 PcaSvc - ok
16:46:49.0756 2168 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:46:49.0772 2168 pci - ok
16:46:49.0803 2168 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:46:49.0803 2168 pciide - ok
16:46:49.0834 2168 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:46:49.0850 2168 pcmcia - ok
16:46:49.0865 2168 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:46:49.0881 2168 pcw - ok
16:46:49.0912 2168 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:46:49.0959 2168 PEAUTH - ok
16:46:50.0021 2168 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:46:50.0037 2168 PerfHost - ok
16:46:50.0099 2168 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:46:50.0162 2168 pla - ok
16:46:50.0209 2168 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:46:50.0240 2168 PlugPlay - ok
16:46:50.0255 2168 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:46:50.0271 2168 PNRPAutoReg - ok
16:46:50.0287 2168 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:46:50.0302 2168 PNRPsvc - ok
16:46:50.0333 2168 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:46:50.0380 2168 PolicyAgent - ok
16:46:50.0411 2168 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:46:50.0458 2168 Power - ok
16:46:50.0505 2168 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:46:50.0552 2168 PptpMiniport - ok
16:46:50.0567 2168 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:46:50.0567 2168 Processor - ok
16:46:50.0599 2168 PROCEXP150 - ok
16:46:50.0630 2168 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
16:46:50.0645 2168 ProfSvc - ok
16:46:50.0677 2168 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:46:50.0677 2168 ProtectedStorage - ok
16:46:50.0708 2168 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:46:50.0755 2168 Psched - ok
16:46:50.0817 2168 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:46:50.0864 2168 ql2300 - ok
16:46:50.0942 2168 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:46:50.0942 2168 ql40xx - ok
16:46:50.0973 2168 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:46:50.0989 2168 QWAVE - ok
16:46:51.0004 2168 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:46:51.0035 2168 QWAVEdrv - ok
16:46:51.0035 2168 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:46:51.0067 2168 RasAcd - ok
16:46:51.0082 2168 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:46:51.0129 2168 RasAgileVpn - ok
16:46:51.0129 2168 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:46:51.0176 2168 RasAuto - ok
16:46:51.0207 2168 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:46:51.0238 2168 Rasl2tp - ok
16:46:51.0301 2168 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:46:51.0332 2168 RasMan - ok
16:46:51.0347 2168 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:46:51.0379 2168 RasPppoe - ok
16:46:51.0410 2168 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:46:51.0457 2168 RasSstp - ok
16:46:51.0472 2168 rcmirror (96597c96d5acf4a3ef0b24d396853879) C:\Windows\system32\DRIVERS\rcmirror.sys
16:46:51.0488 2168 rcmirror - ok
16:46:51.0519 2168 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:46:51.0566 2168 rdbss - ok
16:46:51.0566 2168 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:46:51.0597 2168 rdpbus - ok
16:46:51.0613 2168 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:46:51.0644 2168 RDPCDD - ok
16:46:51.0675 2168 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:46:51.0706 2168 RDPENCDD - ok
16:46:51.0722 2168 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:46:51.0753 2168 RDPREFMP - ok
16:46:51.0784 2168 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
16:46:51.0800 2168 RDPWD - ok
16:46:51.0831 2168 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:46:51.0847 2168 rdyboost - ok
16:46:51.0878 2168 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:46:51.0909 2168 RemoteAccess - ok
16:46:51.0940 2168 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:46:51.0971 2168 RemoteRegistry - ok
16:46:52.0003 2168 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:46:52.0034 2168 RpcEptMapper - ok
16:46:52.0049 2168 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:46:52.0081 2168 RpcLocator - ok
16:46:52.0112 2168 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:46:52.0143 2168 RpcSs - ok
16:46:52.0159 2168 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:46:52.0190 2168 rspndr - ok
16:46:52.0221 2168 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:46:52.0237 2168 SamSs - ok
16:46:52.0268 2168 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:46:52.0268 2168 sbp2port - ok
16:46:52.0299 2168 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:46:52.0330 2168 SCardSvr - ok
16:46:52.0361 2168 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:46:52.0393 2168 scfilter - ok
16:46:52.0455 2168 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:46:52.0517 2168 Schedule - ok
16:46:52.0549 2168 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:46:52.0580 2168 SCPolicySvc - ok
16:46:52.0611 2168 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:46:52.0627 2168 SDRSVC - ok
16:46:52.0673 2168 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:46:52.0705 2168 secdrv - ok
16:46:52.0705 2168 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:46:52.0736 2168 seclogon - ok
16:46:52.0767 2168 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
16:46:52.0814 2168 SENS - ok
16:46:52.0829 2168 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:46:52.0861 2168 SensrSvc - ok
16:46:52.0876 2168 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:46:52.0892 2168 Serenum - ok
16:46:52.0907 2168 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:46:52.0907 2168 Serial - ok
16:46:52.0939 2168 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:46:52.0954 2168 sermouse - ok
16:46:52.0985 2168 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:46:53.0032 2168 SessionEnv - ok
16:46:53.0032 2168 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:46:53.0063 2168 sffdisk - ok
16:46:53.0079 2168 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:46:53.0095 2168 sffp_mmc - ok
16:46:53.0095 2168 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:46:53.0110 2168 sffp_sd - ok
16:46:53.0126 2168 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:46:53.0141 2168 sfloppy - ok
16:46:53.0173 2168 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:46:53.0204 2168 SharedAccess - ok
16:46:53.0251 2168 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:46:53.0297 2168 ShellHWDetection - ok
16:46:53.0313 2168 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:46:53.0329 2168 SiSRaid2 - ok
16:46:53.0344 2168 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:46:53.0360 2168 SiSRaid4 - ok
16:46:53.0422 2168 SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files (x86)\Skype\Updater\Updater.exe
16:46:53.0422 2168 SkypeUpdate - ok
16:46:53.0453 2168 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:46:53.0485 2168 Smb - ok
16:46:53.0516 2168 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:46:53.0531 2168 SNMPTRAP - ok
16:46:53.0547 2168 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:46:53.0563 2168 spldr - ok
16:46:53.0609 2168 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:46:53.0641 2168 Spooler - ok
16:46:53.0750 2168 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:46:53.0843 2168 sppsvc - ok
16:46:53.0921 2168 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:46:53.0953 2168 sppuinotify - ok
16:46:53.0999 2168 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:46:54.0031 2168 srv - ok
16:46:54.0046 2168 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:46:54.0062 2168 srv2 - ok
16:46:54.0077 2168 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:46:54.0093 2168 srvnet - ok
16:46:54.0140 2168 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:46:54.0171 2168 SSDPSRV - ok
16:46:54.0187 2168 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:46:54.0218 2168 SstpSvc - ok
16:46:54.0233 2168 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:46:54.0249 2168 stexstor - ok
16:46:54.0296 2168 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:46:54.0327 2168 stisvc - ok
16:46:54.0343 2168 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:46:54.0358 2168 swenum - ok
16:46:54.0389 2168 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:46:54.0436 2168 swprv - ok
16:46:54.0499 2168 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:46:54.0561 2168 SysMain - ok
16:46:54.0623 2168 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:46:54.0655 2168 TabletInputService - ok
16:46:54.0670 2168 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:46:54.0717 2168 TapiSrv - ok
16:46:54.0733 2168 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:46:54.0779 2168 TBS - ok
16:46:54.0842 2168 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
16:46:54.0904 2168 Tcpip - ok
16:46:54.0982 2168 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
16:46:55.0029 2168 TCPIP6 - ok
16:46:55.0091 2168 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:46:55.0123 2168 tcpipreg - ok
16:46:55.0154 2168 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:46:55.0169 2168 TDPIPE - ok
16:46:55.0185 2168 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:46:55.0201 2168 TDTCP - ok
16:46:55.0232 2168 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:46:55.0263 2168 tdx - ok
16:46:55.0388 2168 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
16:46:55.0435 2168 TeamViewer7 - ok
16:46:55.0513 2168 teamviewervpn (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
16:46:55.0528 2168 teamviewervpn - ok
16:46:55.0544 2168 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:46:55.0559 2168 TermDD - ok
16:46:55.0591 2168 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:46:55.0637 2168 TermService - ok
16:46:55.0669 2168 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:46:55.0700 2168 Themes - ok
16:46:55.0715 2168 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:46:55.0747 2168 THREADORDER - ok
16:46:55.0778 2168 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:46:55.0809 2168 TrkWks - ok
16:46:55.0856 2168 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:46:55.0887 2168 TrustedInstaller - ok
16:46:55.0903 2168 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:46:55.0949 2168 tssecsrv - ok
16:46:55.0981 2168 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:46:55.0996 2168 TsUsbFlt - ok
16:46:56.0027 2168 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:46:56.0074 2168 tunnel - ok
16:46:56.0090 2168 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:46:56.0105 2168 uagp35 - ok
16:46:56.0137 2168 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:46:56.0183 2168 udfs - ok
16:46:56.0215 2168 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:46:56.0215 2168 UI0Detect - ok
16:46:56.0261 2168 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:46:56.0277 2168 uliagpkx - ok
16:46:56.0308 2168 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:46:56.0308 2168 umbus - ok
16:46:56.0339 2168 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:46:56.0355 2168 UmPass - ok
16:46:56.0386 2168 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:46:56.0433 2168 upnphost - ok
16:46:56.0433 2168 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:46:56.0449 2168 usbccgp - ok
16:46:56.0480 2168 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:46:56.0495 2168 usbcir - ok
16:46:56.0511 2168 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:46:56.0527 2168 usbehci - ok
16:46:56.0558 2168 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:46:56.0589 2168 usbhub - ok
16:46:56.0605 2168 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
16:46:56.0620 2168 usbohci - ok
16:46:56.0651 2168 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:46:56.0683 2168 usbprint - ok
16:46:56.0714 2168 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:46:56.0729 2168 usbscan - ok
16:46:56.0745 2168 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:46:56.0776 2168 USBSTOR - ok
16:46:56.0776 2168 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:46:56.0792 2168 usbuhci - ok
16:46:56.0823 2168 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:46:56.0854 2168 UxSms - ok
16:46:56.0885 2168 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:46:56.0885 2168 VaultSvc - ok
16:46:56.0901 2168 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:46:56.0917 2168 vdrvroot - ok
16:46:56.0948 2168 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:46:56.0995 2168 vds - ok
16:46:57.0010 2168 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:46:57.0026 2168 vga - ok
16:46:57.0026 2168 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:46:57.0073 2168 VgaSave - ok
16:46:57.0088 2168 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:46:57.0104 2168 vhdmp - ok
16:46:57.0135 2168 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:46:57.0135 2168 viaide - ok
16:46:57.0166 2168 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:46:57.0166 2168 volmgr - ok
16:46:57.0213 2168 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:46:57.0229 2168 volmgrx - ok
16:46:57.0260 2168 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:46:57.0275 2168 volsnap - ok
16:46:57.0291 2168 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:46:57.0307 2168 vsmraid - ok
16:46:57.0369 2168 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:46:57.0447 2168 VSS - ok
16:46:57.0525 2168 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
16:46:57.0541 2168 vwifibus - ok
16:46:57.0572 2168 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:46:57.0603 2168 W32Time - ok
16:46:57.0619 2168 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:46:57.0634 2168 WacomPen - ok
16:46:57.0665 2168 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:46:57.0712 2168 WANARP - ok
16:46:57.0712 2168 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:46:57.0743 2168 Wanarpv6 - ok
16:46:57.0790 2168 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
16:46:57.0837 2168 WatAdminSvc - ok
16:46:57.0899 2168 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:46:57.0962 2168 wbengine - ok
16:46:58.0024 2168 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:46:58.0040 2168 WbioSrvc - ok
16:46:58.0087 2168 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:46:58.0102 2168 wcncsvc - ok
16:46:58.0118 2168 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:46:58.0118 2168 WcsPlugInService - ok
16:46:58.0165 2168 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:46:58.0165 2168 Wd - ok
16:46:58.0196 2168 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:46:58.0227 2168 Wdf01000 - ok
16:46:58.0227 2168 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:46:58.0243 2168 WdiServiceHost - ok
16:46:58.0258 2168 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:46:58.0274 2168 WdiSystemHost - ok
16:46:58.0289 2168 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:46:58.0321 2168 WebClient - ok
16:46:58.0336 2168 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:46:58.0367 2168 Wecsvc - ok
16:46:58.0383 2168 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:46:58.0414 2168 wercplsupport - ok
16:46:58.0445 2168 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:46:58.0477 2168 WerSvc - ok
16:46:58.0523 2168 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:46:58.0555 2168 WfpLwf - ok
16:46:58.0570 2168 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:46:58.0570 2168 WIMMount - ok
16:46:58.0601 2168 WinDefend - ok
16:46:58.0617 2168 WinHttpAutoProxySvc - ok
16:46:58.0664 2168 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:46:58.0695 2168 Winmgmt - ok
16:46:58.0773 2168 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:46:58.0851 2168 WinRM - ok
16:46:58.0945 2168 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:46:58.0976 2168 Wlansvc - ok
16:46:59.0023 2168 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:46:59.0038 2168 WmiAcpi - ok
16:46:59.0069 2168 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:46:59.0101 2168 wmiApSrv - ok
16:46:59.0147 2168 WMPNetworkSvc - ok
16:46:59.0179 2168 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:46:59.0194 2168 WPCSvc - ok
16:46:59.0225 2168 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:46:59.0241 2168 WPDBusEnum - ok
16:46:59.0257 2168 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:46:59.0288 2168 ws2ifsl - ok
16:46:59.0303 2168 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
16:46:59.0319 2168 wscsvc - ok
16:46:59.0319 2168 WSearch - ok
16:46:59.0381 2168 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
16:46:59.0475 2168 wuauserv - ok
16:46:59.0553 2168 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:46:59.0600 2168 WudfPf - ok
16:46:59.0631 2168 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:46:59.0662 2168 WUDFRd - ok
16:46:59.0693 2168 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:46:59.0725 2168 wudfsvc - ok
16:46:59.0756 2168 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:46:59.0787 2168 WwanSvc - ok
16:46:59.0803 2168 MBR (0x1B8) (a5b154d4f8d7652cdc798e81446ea5d5) \Device\Harddisk0\DR0
16:46:59.0974 2168 \Device\Harddisk0\DR0 - ok
16:46:59.0974 2168 Boot (0x1200) (d1d43bbf62cbc1966edbc3328a1be677) \Device\Harddisk0\DR0\Partition0
16:46:59.0974 2168 \Device\Harddisk0\DR0\Partition0 - ok
16:47:00.0005 2168 Boot (0x1200) (cc7910e32c6928ee463e83c1f400a988) \Device\Harddisk0\DR0\Partition1
16:47:00.0005 2168 \Device\Harddisk0\DR0\Partition1 - ok
16:47:00.0037 2168 Boot (0x1200) (1ee363b586308bcd5baebea8a3188fd3) \Device\Harddisk0\DR0\Partition2
16:47:00.0037 2168 \Device\Harddisk0\DR0\Partition2 - ok
16:47:00.0037 2168 ============================================================
16:47:00.0037 2168 Scan finished
16:47:00.0037 2168 ============================================================
16:47:00.0052 2004 Detected object count: 2
16:47:00.0052 2004 Actual detected object count: 2
16:47:07.0213 2004 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
16:47:07.0213 2004 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:47:07.0213 2004 McciCMService64 ( UnsignedFile.Multi.Generic ) - skipped by user
16:47:07.0213 2004 McciCMService64 ( UnsignedFile.Multi.Generic ) - User select action: Skip

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:08 AM

Posted 22 June 2012 - 07:46 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 kaiso

kaiso
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 22 June 2012 - 08:18 PM

Greetings,

No problems running. Had to restart after the log was created and displayed. Re PC, same ping-like (disk) activity.

ComboFix 12-06-21.01 - gabe 06/22/2012 17:58:25.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3966.2751 [GMT -7:00]
Running from: c:\users\gabe\Desktop\ComboFix.exe
Command switches used :: c:\users\gabe\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 01:02 . 2012-06-23 01:02 -------- d-----w- c:\users\sting\AppData\Local\temp
2012-06-23 01:02 . 2012-06-23 01:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-23 01:02 . 2012-06-23 01:02 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-06-22 23:08 . 2012-06-22 23:09 -------- d-----w- C:\tdssNew
2012-06-22 15:10 . 2012-06-22 15:10 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-22 04:36 . 2012-06-22 04:37 -------- d-----w- C:\tdssOld
2012-06-21 18:08 . 2012-06-21 18:32 -------- d-----w- c:\users\gabe\AppData\Roaming\Notepad++
2012-06-21 17:15 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE161DD8-057A-4993-84BF-2C58A734B6CC}\mpengine.dll
2012-06-20 03:52 . 2012-06-20 03:52 -------- d-----w- c:\program files\7-Zip
2012-06-20 03:19 . 2012-06-20 03:19 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-20 03:19 . 2012-06-20 03:19 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-18 16:55 . 2012-06-18 16:55 -------- d-----w- c:\users\gabe\AppData\Roaming\Thunderbird
2012-06-18 16:55 . 2012-06-18 16:55 -------- d-----w- c:\users\gabe\AppData\Local\Thunderbird
2012-06-18 16:18 . 2012-06-18 16:18 -------- d-----w- c:\users\gabe\AppData\Local\Adobe
2012-06-18 09:27 . 2012-06-18 09:27 -------- d-----w- c:\users\sting\AppData\Roaming\Thunderbird
2012-06-18 09:27 . 2012-06-18 09:27 -------- d-----w- c:\users\sting\AppData\Local\Thunderbird
2012-06-14 06:51 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-09 15:21 . 2012-06-09 15:21 -------- d-----w- c:\users\sting\AppData\Local\Macromedia
2012-06-09 14:54 . 2012-06-09 14:54 -------- d-----w- c:\users\gabe\AppData\Local\Macromedia
2012-06-09 14:53 . 2012-06-09 14:53 -------- d-----w- c:\users\gabe\AppData\Local\Mozilla
2012-06-04 21:45 . 2012-06-04 21:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-04 21:45 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-31 01:44 . 2012-05-31 01:44 -------- d-----w- c:\users\gabe\AppData\Roaming\Malwarebytes
2012-05-30 14:59 . 2012-05-30 14:59 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2012-05-26 07:44 . 2012-05-26 09:03 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-05-25 00:25 . 2012-05-25 00:25 -------- d-----w- c:\users\slego
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-09 14:52 . 2012-04-12 14:10 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-09 14:52 . 2011-08-10 14:39 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-30 11:35 . 2012-05-08 19:09 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-07-24 02:17 . 2011-07-24 02:17 20367424 ----a-w- c:\program files (x86)\GIMP.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-21_18.42.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-28 18:43 . 2012-06-22 17:19 46512 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-22 18:10 44858 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-11 11:18 . 2012-06-22 04:26 2392 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-05-25 00:26 . 2012-06-22 18:10 4696 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-211626621-121016887-1560855888-1005_UserData.bin
+ 2012-01-14 22:33 . 2012-06-22 04:28 2776 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-211626621-121016887-1560855888-1003_UserData.bin
+ 2012-06-23 01:03 . 2012-06-23 01:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-21 18:42 . 2012-06-21 18:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-23 01:03 . 2012-06-23 01:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-21 18:42 . 2012-06-21 18:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-06-22 18:12 624162 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-21 17:53 624162 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-22 18:12 106538 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-21 17:53 106538 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-06-23 01:03 336520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-21 18:41 336520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-25 05:58 . 2012-06-23 01:03 730436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-211626621-121016887-1560855888-1005-8192.dat
+ 2012-01-14 22:40 . 2012-06-23 01:03 337288 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-211626621-121016887-1560855888-1003-8192.dat
- 2012-01-14 22:40 . 2012-06-20 08:54 337288 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-211626621-121016887-1560855888-1003-8192.dat
+ 2012-06-02 23:05 . 2012-06-23 01:03 584870 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-211626621-121016887-1560855888-1003-12288.dat
+ 2010-10-23 07:57 . 2012-06-22 16:44 3096572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-211626621-121016887-1560855888-1001-8192.dat
- 2010-10-23 07:57 . 2012-06-20 08:54 3096572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-211626621-121016887-1560855888-1001-8192.dat
+ 2011-06-16 16:21 . 2012-06-23 01:03 1963486 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-211626621-121016887-1560855888-1001-12288.dat
- 2011-06-16 16:21 . 2012-06-20 08:54 1963486 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-211626621-121016887-1560855888-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-20 113120]
R3 PROCEXP150;PROCEXP150;c:\windows\system32\Drivers\PROCEXP150.SYS [x]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R4 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-04-30 517632]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-211626621-121016887-1560855888-1001Core.job
- c:\users\sting\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-06 05:16]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-211626621-121016887-1560855888-1001UA.job
- c:\users\sting\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-06 05:16]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-211626621-121016887-1560855888-1005Core.job
- c:\users\slego\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-03 21:38]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-211626621-121016887-1560855888-1005UA.job
- c:\users\slego\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-03 21:38]
.
2012-04-07 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{DF4B6D31-8A27-4C04-9896-4C32350A8C15}: NameServer = 66.218.44.5,66.218.44.90
FF - ProfilePath - c:\users\gabe\AppData\Roaming\Mozilla\Firefox\Profiles\jzl79p17.default\
FF - prefs.js: browser.search.selectedEngine - Startpage (SSL)
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2012-06-22 18:07:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-23 01:07
ComboFix2.txt 2012-06-21 18:46
.
Pre-Run: 441,251,270,656 bytes free
Post-Run: 441,284,325,376 bytes free
.
- - End Of File - - 61B3517F6F6F8CA57DE2FE930C2A2437




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users