Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Issues


  • Please log in to reply
33 replies to this topic

#1 Ashok_Chandra

Ashok_Chandra

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 13 July 2012 - 11:08 AM

IE, Firefox & Opera browsers getting auto-refreshed every 5 seconds and after a few refreshes I get redirected to the below URL
res://ieframe.dll/acr_error.htm#bleepingcomputer.com,http://www.bleepingcomputer.com/forums/topic182397.html

Further, if I get search results using bing, google, yahoo or any other search engine, the hyperlinks of the results get misdirected to a junk website and the URL gets altered.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:47 AM

Posted 13 July 2012 - 12:53 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)



Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Ashok_Chandra

Ashok_Chandra
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 13 July 2012 - 04:10 PM

TDSSKiller.2.7.45.0_13.07.2012_15.26.09_log
-------------------------------------------
15:26:09.0395 1572 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
15:26:10.0050 1572 ============================================================
15:26:10.0050 1572 Current date / time: 2012/07/13 15:26:10.0050
15:26:10.0050 1572 SystemInfo:
15:26:10.0050 1572
15:26:10.0050 1572 OS Version: 6.1.7601 ServicePack: 1.0
15:26:10.0050 1572 Product type: Workstation
15:26:10.0050 1572 ComputerName: CTSNJY12495
15:26:10.0050 1572 UserName: ctsuser
15:26:10.0050 1572 Windows directory: C:\Windows
15:26:10.0050 1572 System windows directory: C:\Windows
15:26:10.0050 1572 Processor architecture: Intel x86
15:26:10.0050 1572 Number of processors: 2
15:26:10.0050 1572 Page size: 0x1000
15:26:10.0050 1572 Boot type: Safe boot with network
15:26:10.0050 1572 ============================================================
15:26:11.0204 1572 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize:

0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags

0x00000050
15:26:11.0204 1572 ============================================================
15:26:11.0204 1572 \Device\Harddisk0\DR0:
15:26:11.0204 1572 MBR partitions:
15:26:11.0204 1572 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800,

BlocksNum 0x1D1C4800
15:26:11.0204 1572 ============================================================
15:26:11.0251 1572 C: <-> \Device\Harddisk0\DR0\Partition0
15:26:11.0251 1572 ============================================================
15:26:11.0251 1572 Initialize success
15:26:11.0251 1572 ============================================================
15:26:58.0613 1864 ============================================================
15:26:58.0613 1864 Scan started
15:26:58.0613 1864 Mode: Manual; TDLFS;
15:26:58.0613 1864 ============================================================
15:27:00.0282 1864 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files

\SUPERAntiSpyware\SASCORE.EXE
15:27:00.0282 1864 !SASCORE - ok
15:27:00.0547 1864 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows

\system32\DRIVERS\1394ohci.sys
15:27:00.0547 1864 1394ohci - ok
15:27:00.0578 1864 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows

\system32\drivers\ACPI.sys
15:27:00.0578 1864 ACPI - ok
15:27:00.0625 1864 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows

\system32\drivers\acpipmi.sys
15:27:00.0625 1864 AcpiPmi - ok
15:27:00.0734 1864 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files

\Common Files\Adobe\ARM\1.0\armsvc.exe
15:27:00.0734 1864 AdobeARMservice - ok
15:27:00.0828 1864 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows

\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:27:00.0844 1864 AdobeFlashPlayerUpdateSvc - ok
15:27:00.0922 1864 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows

\system32\drivers\adp94xx.sys
15:27:00.0953 1864 adp94xx - ok
15:27:01.0000 1864 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows

\system32\drivers\adpahci.sys
15:27:01.0031 1864 adpahci - ok
15:27:01.0062 1864 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows

\system32\drivers\adpu320.sys
15:27:01.0078 1864 adpu320 - ok
15:27:01.0109 1864 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows

\System32\aelupsvc.dll
15:27:01.0109 1864 AeLookupSvc - ok
15:27:01.0171 1864 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows

\system32\drivers\afd.sys
15:27:01.0171 1864 AFD - ok
15:27:01.0249 1864 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows

\system32\drivers\agp440.sys
15:27:01.0249 1864 agp440 - ok
15:27:01.0280 1864 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows

\system32\drivers\djsvs.sys
15:27:01.0296 1864 aic78xx - ok
15:27:01.0327 1864 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows

\System32\alg.exe
15:27:01.0327 1864 ALG - ok
15:27:01.0343 1864 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows

\system32\drivers\aliide.sys
15:27:01.0343 1864 aliide - ok
15:27:01.0374 1864 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows

\system32\drivers\amdagp.sys
15:27:01.0374 1864 amdagp - ok
15:27:01.0390 1864 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows

\system32\drivers\amdide.sys
15:27:01.0390 1864 amdide - ok
15:27:01.0421 1864 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows

\system32\drivers\amdk8.sys
15:27:01.0421 1864 AmdK8 - ok
15:27:01.0483 1864 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows

\system32\drivers\amdppm.sys
15:27:01.0483 1864 AmdPPM - ok
15:27:01.0514 1864 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows

\system32\drivers\amdsata.sys
15:27:01.0514 1864 amdsata - ok
15:27:01.0546 1864 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows

\system32\drivers\amdsbs.sys
15:27:01.0561 1864 amdsbs - ok
15:27:01.0608 1864 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows

\system32\drivers\amdxata.sys
15:27:01.0608 1864 amdxata - ok
15:27:01.0748 1864 ApfiltrService (9910a9c7d307a9e156d951248601c33e) C:\Windows

\system32\DRIVERS\Apfiltr.sys
15:27:01.0748 1864 ApfiltrService - ok
15:27:01.0780 1864 AppID (aea177f783e20150ace5383ee368da19) C:\Windows

\system32\drivers\appid.sys
15:27:01.0780 1864 AppID - ok
15:27:01.0826 1864 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows

\System32\appidsvc.dll
15:27:01.0826 1864 AppIDSvc - ok
15:27:01.0842 1864 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows

\System32\appinfo.dll
15:27:01.0842 1864 Appinfo - ok
15:27:01.0982 1864 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files

\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:27:01.0982 1864 Apple Mobile Device - ok
15:27:02.0185 1864 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows

\System32\appmgmts.dll
15:27:02.0201 1864 AppMgmt - ok
15:27:02.0263 1864 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows

\system32\drivers\arc.sys
15:27:02.0263 1864 arc - ok
15:27:02.0279 1864 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows

\system32\drivers\arcsas.sys
15:27:02.0279 1864 arcsas - ok
15:27:02.0310 1864 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows

\system32\DRIVERS\asyncmac.sys
15:27:02.0310 1864 AsyncMac - ok
15:27:02.0326 1864 atapi (338c86357871c167a96ab976519bf59e) C:\Windows

\system32\drivers\atapi.sys
15:27:02.0326 1864 atapi - ok
15:27:02.0435 1864 ATSwpWDF (befe54e9bc648a3c79c917a63b6ee7da) C:\Windows

\system32\Drivers\ATSwpWDF.sys
15:27:02.0450 1864 ATSwpWDF - ok
15:27:02.0638 1864 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows

\System32\Audiosrv.dll
15:27:02.0653 1864 AudioEndpointBuilder - ok
15:27:02.0653 1864 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows

\System32\Audiosrv.dll
15:27:02.0669 1864 Audiosrv - ok
15:27:02.0716 1864 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows

\System32\AxInstSV.dll
15:27:02.0716 1864 AxInstSV - ok
15:27:02.0762 1864 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows

\system32\drivers\bxvbdx.sys
15:27:02.0778 1864 b06bdrv - ok
15:27:02.0825 1864 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows

\system32\DRIVERS\b57nd60x.sys
15:27:02.0840 1864 b57nd60x - ok
15:27:02.0872 1864 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows

\System32\bdesvc.dll
15:27:02.0872 1864 BDESVC - ok
15:27:02.0903 1864 Beep (505506526a9d467307b3c393dedaf858) C:\Windows

\system32\drivers\Beep.sys
15:27:02.0903 1864 Beep - ok
15:27:02.0965 1864 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows

\System32\qmgr.dll
15:27:03.0137 1864 BITS - ok
15:27:03.0152 1864 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows

\system32\DRIVERS\blbdrive.sys
15:27:03.0152 1864 blbdrive - ok
15:27:03.0293 1864 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files

\Bonjour\mDNSResponder.exe
15:27:03.0308 1864 Bonjour Service - ok
15:27:03.0340 1864 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows

\system32\DRIVERS\bowser.sys
15:27:03.0340 1864 bowser - ok
15:27:03.0371 1864 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows

\system32\drivers\BrFiltLo.sys
15:27:03.0371 1864 BrFiltLo - ok
15:27:03.0386 1864 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows

\system32\drivers\BrFiltUp.sys
15:27:03.0386 1864 BrFiltUp - ok
15:27:03.0418 1864 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows

\System32\browser.dll
15:27:03.0433 1864 Browser - ok
15:27:03.0464 1864 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows

\System32\Drivers\Brserid.sys
15:27:03.0464 1864 Brserid - ok
15:27:03.0496 1864 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows

\System32\Drivers\BrSerWdm.sys
15:27:03.0496 1864 BrSerWdm - ok
15:27:03.0527 1864 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows

\System32\Drivers\BrUsbMdm.sys
15:27:03.0527 1864 BrUsbMdm - ok
15:27:03.0542 1864 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows

\System32\Drivers\BrUsbSer.sys
15:27:03.0542 1864 BrUsbSer - ok
15:27:03.0558 1864 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows

\system32\drivers\bthmodem.sys
15:27:03.0558 1864 BTHMODEM - ok
15:27:03.0605 1864 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows

\system32\bthserv.dll
15:27:03.0605 1864 bthserv - ok
15:27:03.0792 1864 CcmExec (92e1c6aa2baa06e255a52b64dd057b31) C:\Windows

\system32\CCM\CcmExec.exe
15:27:03.0808 1864 CcmExec - ok
15:27:03.0917 1864 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows

\system32\DRIVERS\cdfs.sys
15:27:03.0917 1864 cdfs - ok
15:27:03.0979 1864 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows

\system32\DRIVERS\cdrom.sys
15:27:03.0995 1864 cdrom - ok
15:27:04.0042 1864 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows

\System32\certprop.dll
15:27:04.0042 1864 CertPropSvc - ok
15:27:04.0073 1864 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows

\system32\drivers\circlass.sys
15:27:04.0073 1864 circlass - ok
15:27:04.0120 1864 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows

\system32\CLFS.sys
15:27:04.0151 1864 CLFS - ok
15:27:04.0354 1864 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:

\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:27:04.0369 1864 clr_optimization_v2.0.50727_32 - ok
15:27:04.0432 1864 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:

\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:27:04.0432 1864 clr_optimization_v4.0.30319_32 - ok
15:27:04.0478 1864 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows

\system32\DRIVERS\CmBatt.sys
15:27:04.0478 1864 CmBatt - ok
15:27:04.0494 1864 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows

\system32\drivers\cmdide.sys
15:27:04.0494 1864 cmdide - ok
15:27:04.0556 1864 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows

\system32\Drivers\cng.sys
15:27:04.0556 1864 CNG - ok
15:27:04.0619 1864 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows

\system32\drivers\compbatt.sys
15:27:04.0619 1864 Compbatt - ok
15:27:04.0650 1864 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows

\system32\DRIVERS\CompositeBus.sys
15:27:04.0650 1864 CompositeBus - ok
15:27:04.0666 1864 COMSysApp - ok
15:27:04.0681 1864 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows

\system32\drivers\crcdisk.sys
15:27:04.0681 1864 crcdisk - ok
15:27:04.0759 1864 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows

\system32\cryptsvc.dll
15:27:04.0759 1864 CryptSvc - ok
15:27:04.0822 1864 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows

\system32\drivers\csc.sys
15:27:04.0853 1864 CSC - ok
15:27:04.0915 1864 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows

\System32\cscsvc.dll
15:27:04.0946 1864 CscService - ok
15:27:05.0009 1864 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows

\system32\DRIVERS\CVirtA.sys
15:27:05.0009 1864 CVirtA - ok
15:27:05.0212 1864 CVPND (08d8fa119f2ad6ac0377fb667523482e) C:\Program Files\Cisco

Systems\VPN Client\cvpnd.exe
15:27:05.0243 1864 CVPND - ok
15:27:05.0414 1864 CVPNDRVA (1c2999966f0f36aa44eaecbee70cf770) C:\Windows

\system32\Drivers\CVPNDRVA.sys
15:27:05.0414 1864 CVPNDRVA - ok
15:27:05.0477 1864 dc3d (90f8539fa0de4aafe4fdbe7f95d6a512) C:\Windows

\system32\DRIVERS\dc3d.sys
15:27:05.0477 1864 dc3d - ok
15:27:05.0524 1864 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows

\system32\rpcss.dll
15:27:05.0539 1864 DcomLaunch - ok
15:27:05.0586 1864 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows

\System32\defragsvc.dll
15:27:05.0586 1864 defragsvc - ok
15:27:05.0633 1864 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows

\system32\Drivers\dfsc.sys
15:27:05.0633 1864 DfsC - ok
15:27:05.0680 1864 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows

\system32\dhcpcore.dll
15:27:05.0695 1864 Dhcp - ok
15:27:05.0726 1864 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows

\system32\drivers\discache.sys
15:27:05.0726 1864 discache - ok
15:27:05.0773 1864 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows

\system32\drivers\disk.sys
15:27:05.0773 1864 Disk - ok
15:27:05.0789 1864 dmvsc (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows

\system32\drivers\dmvsc.sys
15:27:05.0804 1864 dmvsc - ok
15:27:05.0836 1864 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\Windows

\system32\DRIVERS\dne2000.sys
15:27:05.0836 1864 DNE - ok
15:27:05.0882 1864 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows

\System32\dnsrslvr.dll
15:27:05.0882 1864 Dnscache - ok
15:27:05.0929 1864 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows

\System32\dot3svc.dll
15:27:05.0945 1864 dot3svc - ok
15:27:06.0007 1864 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows

\system32\DRIVERS\Dot4.sys
15:27:06.0007 1864 Dot4 - ok
15:27:06.0070 1864 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows

\system32\DRIVERS\Dot4Prt.sys
15:27:06.0070 1864 Dot4Print - ok
15:27:06.0116 1864 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows

\system32\DRIVERS\dot4usb.sys
15:27:06.0116 1864 dot4usb - ok
15:27:06.0132 1864 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows

\system32\dps.dll
15:27:06.0148 1864 DPS - ok
15:27:06.0194 1864 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows

\system32\drivers\drmkaud.sys
15:27:06.0194 1864 drmkaud - ok
15:27:06.0241 1864 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows

\System32\drivers\dxgkrnl.sys
15:27:06.0257 1864 DXGKrnl - ok
15:27:06.0319 1864 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows

\System32\eapsvc.dll
15:27:06.0319 1864 EapHost - ok
15:27:06.0522 1864 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows

\system32\drivers\evbdx.sys
15:27:06.0616 1864 ebdrv - ok
15:27:06.0756 1864 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows

\System32\lsass.exe
15:27:06.0756 1864 EFS - ok
15:27:06.0834 1864 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome

\ehRecvr.exe
15:27:06.0850 1864 ehRecvr - ok
15:27:06.0881 1864 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome

\ehsched.exe
15:27:06.0881 1864 ehSched - ok
15:27:06.0974 1864 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows

\system32\drivers\elxstor.sys
15:27:07.0021 1864 elxstor - ok
15:27:07.0052 1864 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows

\system32\drivers\errdev.sys
15:27:07.0052 1864 ErrDev - ok
15:27:07.0115 1864 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows

\system32\es.dll
15:27:07.0115 1864 EventSystem - ok
15:27:07.0162 1864 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows

\system32\drivers\exfat.sys
15:27:07.0162 1864 exfat - ok
15:27:07.0193 1864 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows

\system32\drivers\fastfat.sys
15:27:07.0193 1864 fastfat - ok
15:27:07.0240 1864 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows

\system32\fxssvc.exe
15:27:07.0255 1864 Fax - ok
15:27:07.0286 1864 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows

\system32\drivers\fdc.sys
15:27:07.0286 1864 fdc - ok
15:27:07.0302 1864 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows

\system32\fdPHost.dll
15:27:07.0302 1864 fdPHost - ok
15:27:07.0318 1864 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows

\system32\fdrespub.dll
15:27:07.0318 1864 FDResPub - ok
15:27:07.0333 1864 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows

\system32\drivers\fileinfo.sys
15:27:07.0333 1864 FileInfo - ok
15:27:07.0349 1864 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows

\system32\drivers\filetrace.sys
15:27:07.0349 1864 Filetrace - ok
15:27:07.0364 1864 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows

\system32\drivers\flpydisk.sys
15:27:07.0364 1864 flpydisk - ok
15:27:07.0396 1864 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows

\system32\drivers\fltmgr.sys
15:27:07.0411 1864 FltMgr - ok
15:27:07.0474 1864 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows

\system32\FntCache.dll
15:27:07.0505 1864 FontCache - ok
15:27:07.0598 1864 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows

\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:27:07.0614 1864 FontCache3.0.0.0 - ok
15:27:07.0645 1864 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows

\system32\drivers\FsDepends.sys
15:27:07.0645 1864 FsDepends - ok
15:27:07.0692 1864 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows

\system32\drivers\Fs_Rec.sys
15:27:07.0692 1864 Fs_Rec - ok
15:27:07.0723 1864 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows

\system32\DRIVERS\fvevol.sys
15:27:07.0739 1864 fvevol - ok
15:27:07.0770 1864 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows

\system32\drivers\gagp30kx.sys
15:27:07.0770 1864 gagp30kx - ok
15:27:07.0817 1864 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows

\system32\DRIVERS\GEARAspiWDM.sys
15:27:07.0817 1864 GEARAspiWDM - ok
15:27:07.0864 1864 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows

\System32\gpsvc.dll
15:27:07.0895 1864 gpsvc - ok
15:27:07.0926 1864 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows

\system32\drivers\hcw85cir.sys
15:27:07.0926 1864 hcw85cir - ok
15:27:07.0973 1864 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows

\system32\drivers\HdAudio.sys
15:27:08.0004 1864 HdAudAddService - ok
15:27:08.0035 1864 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows

\system32\DRIVERS\HDAudBus.sys
15:27:08.0035 1864 HDAudBus - ok
15:27:08.0066 1864 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows

\system32\drivers\HECI.sys
15:27:08.0066 1864 HECI - ok
15:27:08.0082 1864 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows

\system32\drivers\HidBatt.sys
15:27:08.0082 1864 HidBatt - ok
15:27:08.0098 1864 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows

\system32\drivers\hidbth.sys
15:27:08.0098 1864 HidBth - ok
15:27:08.0129 1864 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows

\system32\drivers\hidir.sys
15:27:08.0129 1864 HidIr - ok
15:27:08.0176 1864 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows

\system32\hidserv.dll
15:27:08.0176 1864 hidserv - ok
15:27:08.0222 1864 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows

\system32\DRIVERS\hidusb.sys
15:27:08.0222 1864 HidUsb - ok
15:27:08.0254 1864 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows

\system32\kmsvc.dll
15:27:08.0254 1864 hkmsvc - ok
15:27:08.0269 1864 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows

\system32\ListSvc.dll
15:27:08.0285 1864 HomeGroupListener - ok
15:27:08.0332 1864 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows

\system32\provsvc.dll
15:27:08.0347 1864 HomeGroupProvider - ok
15:27:08.0488 1864 hpqcxs08 (08457d8f8149757c70cea59c71ec5d27) C:\Program Files\HP

\Digital Imaging\bin\hpqcxs08.dll
15:27:08.0503 1864 hpqcxs08 - ok
15:27:08.0534 1864 hpqddsvc (75cc8c5146a3fb76221a7606628778d5) C:\Program Files\HP

\Digital Imaging\bin\hpqddsvc.dll
15:27:08.0534 1864 hpqddsvc - ok
15:27:08.0566 1864 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows

\system32\drivers\HpSAMD.sys
15:27:08.0566 1864 HpSAMD - ok
15:27:08.0612 1864 HPSLPSVC (83db5dd8be71cba5447fbd7a48fdbeda) C:\Program Files\HP

\Digital Imaging\bin\HPSLPSVC32.DLL
15:27:08.0659 1864 HPSLPSVC - ok
15:27:08.0737 1864 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows

\system32\drivers\HTTP.sys
15:27:08.0753 1864 HTTP - ok
15:27:08.0784 1864 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows

\system32\drivers\hwpolicy.sys
15:27:08.0784 1864 hwpolicy - ok
15:27:08.0831 1864 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows

\system32\DRIVERS\i8042prt.sys
15:27:08.0831 1864 i8042prt - ok
15:27:08.0893 1864 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows

\system32\drivers\iaStorV.sys
15:27:08.0909 1864 iaStorV - ok
15:27:08.0956 1864 IBMPMDRV (2d46bfa8fbcdc2998b827154724bd173) C:\Windows

\system32\drivers\ibmpmdrv.sys
15:27:08.0956 1864 IBMPMDRV - ok
15:27:08.0971 1864 IBMPMSVC (5265df48f072689dac6b9b169f443578) C:\Windows

\system32\ibmpmsvc.exe
15:27:08.0971 1864 IBMPMSVC - ok
15:27:09.0096 1864 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows

\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:27:09.0112 1864 idsvc - ok
15:27:09.0626 1864 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows

\system32\DRIVERS\igdkmd32.sys
15:27:09.0860 1864 igfx - ok
15:27:10.0016 1864 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows

\system32\drivers\iirsp.sys
15:27:10.0032 1864 iirsp - ok
15:27:10.0094 1864 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows

\System32\ikeext.dll
15:27:10.0110 1864 IKEEXT - ok
15:27:10.0344 1864 IntcAzAudAddService (0edfd6e6c959900aa58b7f7c609f9e3c) C:\Windows

\system32\drivers\RTKVHDA.sys
15:27:10.0406 1864 IntcAzAudAddService - ok
15:27:10.0578 1864 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows

\system32\drivers\intelide.sys
15:27:10.0578 1864 intelide - ok
15:27:10.0609 1864 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows

\system32\DRIVERS\intelppm.sys
15:27:10.0609 1864 intelppm - ok
15:27:10.0640 1864 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows

\system32\ipbusenum.dll
15:27:10.0656 1864 IPBusEnum - ok
15:27:10.0672 1864 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows

\system32\DRIVERS\ipfltdrv.sys
15:27:10.0672 1864 IpFilterDriver - ok
15:27:10.0687 1864 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows

\system32\drivers\IPMIDrv.sys
15:27:10.0687 1864 IPMIDRV - ok
15:27:10.0703 1864 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows

\system32\drivers\ipnat.sys
15:27:10.0718 1864 IPNAT - ok
15:27:10.0828 1864 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod

\bin\iPodService.exe
15:27:10.0859 1864 iPod Service - ok
15:27:10.0906 1864 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows

\system32\drivers\irenum.sys
15:27:10.0906 1864 IRENUM - ok
15:27:10.0921 1864 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows

\system32\drivers\isapnp.sys
15:27:10.0921 1864 isapnp - ok
15:27:10.0968 1864 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows

\system32\drivers\msiscsi.sys
15:27:10.0984 1864 iScsiPrt - ok
15:27:11.0030 1864 JMCR (8bbe388234c79e51ebb091edbfa77ea7) C:\Windows

\system32\DRIVERS\jmcr.sys
15:27:11.0046 1864 JMCR - ok
15:27:11.0077 1864 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows

\system32\DRIVERS\kbdclass.sys
15:27:11.0077 1864 kbdclass - ok
15:27:11.0108 1864 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows

\system32\DRIVERS\kbdhid.sys
15:27:11.0108 1864 kbdhid - ok
15:27:11.0140 1864 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows

\system32\lsass.exe
15:27:11.0140 1864 KeyIso - ok
15:27:11.0171 1864 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows

\system32\Drivers\ksecdd.sys
15:27:11.0171 1864 KSecDD - ok
15:27:11.0202 1864 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows

\system32\Drivers\ksecpkg.sys
15:27:11.0218 1864 KSecPkg - ok
15:27:11.0249 1864 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows

\system32\msdtckrm.dll
15:27:11.0264 1864 KtmRm - ok
15:27:11.0296 1864 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows

\system32\srvsvc.dll
15:27:11.0311 1864 LanmanServer - ok
15:27:11.0342 1864 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows

\System32\wkssvc.dll
15:27:11.0374 1864 LanmanWorkstation - ok
15:27:11.0420 1864 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows

\system32\DRIVERS\lltdio.sys
15:27:11.0420 1864 lltdio - ok
15:27:11.0452 1864 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows

\System32\lltdsvc.dll
15:27:11.0467 1864 lltdsvc - ok
15:27:11.0498 1864 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows

\System32\lmhsvc.dll
15:27:11.0498 1864 lmhosts - ok
15:27:11.0639 1864 LMS (dbc1136a62bd4decc3632df650284c2e) C:\Program Files

\Intel\Intel® Management Engine Components\LMS\LMS.exe
15:27:11.0639 1864 LMS - ok
15:27:11.0717 1864 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows

\system32\drivers\lsi_fc.sys
15:27:11.0717 1864 LSI_FC - ok
15:27:11.0732 1864 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows

\system32\drivers\lsi_sas.sys
15:27:11.0732 1864 LSI_SAS - ok
15:27:11.0748 1864 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows

\system32\drivers\lsi_sas2.sys
15:27:11.0748 1864 LSI_SAS2 - ok
15:27:11.0764 1864 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows

\system32\drivers\lsi_scsi.sys
15:27:11.0764 1864 LSI_SCSI - ok
15:27:11.0779 1864 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows

\system32\drivers\luafv.sys
15:27:11.0779 1864 luafv - ok
15:27:11.0857 1864 McAfeeFramework (062d80f13d762f7bc2f38430d60f5048) C:\Program Files

\McAfee\Common Framework\FrameworkService.exe
15:27:11.0857 1864 McAfeeFramework - ok
15:27:11.0920 1864 McShield (50182e471b44c7a0f63b46e2def08b0f) C:\Program Files

\Common Files\McAfee\SystemCore\\mcshield.exe
15:27:11.0920 1864 McShield - ok
15:27:11.0982 1864 McTaskManager (b15bb3aef59158b4e1dda5328c842713) C:\Program Files

\McAfee\VirusScan Enterprise\VsTskMgr.exe
15:27:11.0998 1864 McTaskManager - ok
15:27:12.0044 1864 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows

\system32\Mcx2Svc.dll
15:27:12.0044 1864 Mcx2Svc - ok
15:27:12.0263 1864 MediaMall Server (fac9c67658c54dfae3731364d522dacf) C:\Program Files

\MediaMall\MediaMallServer.exe
15:27:12.0372 1864 MediaMall Server - ok
15:27:12.0544 1864 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows

\system32\drivers\megasas.sys
15:27:12.0544 1864 megasas - ok
15:27:12.0606 1864 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows

\system32\drivers\MegaSR.sys
15:27:12.0606 1864 MegaSR - ok
15:27:12.0653 1864 mfeapfk (c0d975d64c1af8057f2d75b1297a6979) C:\Windows

\system32\drivers\mfeapfk.sys
15:27:12.0653 1864 mfeapfk - ok
15:27:12.0715 1864 mfeavfk (c169326049a8a03d5f905b34f5a65f8c) C:\Windows

\system32\drivers\mfeavfk.sys
15:27:12.0731 1864 mfeavfk - ok
15:27:12.0762 1864 mfebopk (50b0253b2484a306a20d8695c5ae5858) C:\Windows

\system32\drivers\mfebopk.sys
15:27:12.0762 1864 mfebopk - ok
15:27:12.0809 1864 mfehidk (188b40866db2ab8ef262febc65291687) C:\Windows

\system32\drivers\mfehidk.sys
15:27:12.0824 1864 mfehidk - ok
15:27:12.0871 1864 mferkdet (c1b30af2e18e69bf8ceb39b33f32d3c1) C:\Windows

\system32\drivers\mferkdet.sys
15:27:12.0887 1864 mferkdet - ok
15:27:12.0918 1864 mfevtp (49c8e20d178be981ff28523a942a570f) C:\Windows

\system32\mfevtps.exe
15:27:12.0934 1864 mfevtp - ok
15:27:12.0949 1864 mfewfpk (451b49f0e10d6058ced5b56852d82c8b) C:\Windows

\system32\drivers\mfewfpk.sys
15:27:12.0949 1864 mfewfpk - ok
15:27:13.0074 1864 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb)

C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
15:27:13.0090 1864 Microsoft Office Groove Audit Service - ok
15:27:13.0105 1864 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows

\system32\mmcss.dll
15:27:13.0105 1864 MMCSS - ok
15:27:13.0121 1864 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows

\system32\drivers\modem.sys
15:27:13.0121 1864 Modem - ok
15:27:13.0183 1864 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows

\system32\DRIVERS\monitor.sys
15:27:13.0183 1864 monitor - ok
15:27:13.0214 1864 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows

\system32\DRIVERS\mouclass.sys
15:27:13.0214 1864 mouclass - ok
15:27:13.0246 1864 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows

\system32\DRIVERS\mouhid.sys
15:27:13.0246 1864 mouhid - ok
15:27:13.0261 1864 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows

\system32\drivers\mountmgr.sys
15:27:13.0261 1864 mountmgr - ok
15:27:13.0355 1864 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files

\Mozilla Maintenance Service\maintenanceservice.exe
15:27:13.0370 1864 MozillaMaintenance - ok
15:27:13.0386 1864 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows

\system32\drivers\mpio.sys
15:27:13.0386 1864 mpio - ok
15:27:13.0402 1864 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows

\system32\drivers\mpsdrv.sys
15:27:13.0417 1864 mpsdrv - ok
15:27:13.0433 1864 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows

\system32\drivers\mrxdav.sys
15:27:13.0433 1864 MRxDAV - ok
15:27:13.0480 1864 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows

\system32\DRIVERS\mrxsmb.sys
15:27:13.0480 1864 mrxsmb - ok
15:27:13.0511 1864 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows

\system32\DRIVERS\mrxsmb10.sys
15:27:13.0526 1864 mrxsmb10 - ok
15:27:13.0526 1864 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows

\system32\DRIVERS\mrxsmb20.sys
15:27:13.0542 1864 mrxsmb20 - ok
15:27:13.0542 1864 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows

\system32\drivers\msahci.sys
15:27:13.0542 1864 msahci - ok
15:27:13.0573 1864 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows

\system32\drivers\msdsm.sys
15:27:13.0573 1864 msdsm - ok
15:27:13.0620 1864 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows

\System32\msdtc.exe
15:27:13.0620 1864 MSDTC - ok
15:27:13.0682 1864 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows

\system32\drivers\Msfs.sys
15:27:13.0682 1864 Msfs - ok
15:27:13.0682 1864 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows

\System32\drivers\mshidkmdf.sys
15:27:13.0682 1864 mshidkmdf - ok
15:27:13.0714 1864 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows

\system32\drivers\msisadrv.sys
15:27:13.0714 1864 msisadrv - ok
15:27:13.0760 1864 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows

\system32\iscsiexe.dll
15:27:13.0760 1864 MSiSCSI - ok
15:27:13.0760 1864 msiserver - ok
15:27:13.0807 1864 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows

\system32\drivers\MSKSSRV.sys
15:27:13.0823 1864 MSKSSRV - ok
15:27:13.0838 1864 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows

\system32\drivers\MSPCLOCK.sys
15:27:13.0838 1864 MSPCLOCK - ok
15:27:13.0854 1864 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows

\system32\drivers\MSPQM.sys
15:27:13.0854 1864 MSPQM - ok
15:27:13.0885 1864 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows

\system32\drivers\MsRPC.sys
15:27:13.0901 1864 MsRPC - ok
15:27:13.0948 1864 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows

\system32\DRIVERS\mssmbios.sys
15:27:13.0948 1864 mssmbios - ok
15:27:13.0963 1864 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows

\system32\drivers\MSTEE.sys
15:27:13.0963 1864 MSTEE - ok
15:27:13.0994 1864 msvad_simple (00c7b2306f1ca5389a1ac6d1df9c2e25) C:\Windows

\system32\drivers\povrtdev.sys
15:27:13.0994 1864 msvad_simple - ok
15:27:13.0994 1864 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows

\system32\drivers\MTConfig.sys
15:27:13.0994 1864 MTConfig - ok
15:27:14.0057 1864 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows

\system32\Drivers\mup.sys
15:27:14.0057 1864 Mup - ok
15:27:14.0088 1864 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows

\system32\qagentRT.dll
15:27:14.0135 1864 napagent - ok
15:27:14.0166 1864 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows

\system32\DRIVERS\nwifi.sys
15:27:14.0228 1864 NativeWifiP - ok
15:27:14.0306 1864 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows

\system32\drivers\ndis.sys
15:27:14.0306 1864 NDIS - ok
15:27:14.0353 1864 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows

\system32\DRIVERS\ndiscap.sys
15:27:14.0353 1864 NdisCap - ok
15:27:14.0384 1864 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows

\system32\DRIVERS\ndistapi.sys
15:27:14.0384 1864 NdisTapi - ok
15:27:14.0400 1864 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows

\system32\DRIVERS\ndisuio.sys
15:27:14.0400 1864 Ndisuio - ok
15:27:14.0416 1864 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows

\system32\DRIVERS\ndiswan.sys
15:27:14.0431 1864 NdisWan - ok
15:27:14.0447 1864 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows

\system32\drivers\NDProxy.sys
15:27:14.0447 1864 NDProxy - ok
15:27:14.0494 1864 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows

\system32\HPZinw12.dll
15:27:14.0494 1864 Net Driver HPZ12 - ok
15:27:14.0525 1864 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows

\system32\DRIVERS\netbios.sys
15:27:14.0525 1864 NetBIOS - ok
15:27:14.0540 1864 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows

\system32\DRIVERS\netbt.sys
15:27:14.0556 1864 NetBT - ok
15:27:14.0603 1864 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows

\system32\lsass.exe
15:27:14.0603 1864 Netlogon - ok
15:27:14.0665 1864 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows

\System32\netman.dll
15:27:14.0696 1864 Netman - ok
15:27:14.0759 1864 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows

\System32\netprofm.dll
15:27:14.0790 1864 netprofm - ok
15:27:14.0852 1864 nettalkd (d996f89605700f3bcb2a718c794e5d17) C:\Windows

\system32\DRIVERS\nettalkd.sys
15:27:14.0852 1864 nettalkd - ok
15:27:14.0930 1864 NetTalkUsrLaunchService - ok
15:27:14.0930 1864 NetTalkUsrService - ok
15:27:15.0024 1864 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows

\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:27:15.0024 1864 NetTcpPortSharing - ok
15:27:15.0274 1864 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows

\system32\DRIVERS\netw5v32.sys
15:27:15.0383 1864 netw5v32 - ok
15:27:15.0554 1864 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows

\system32\drivers\nfrd960.sys
15:27:15.0554 1864 nfrd960 - ok
15:27:15.0601 1864 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows

\System32\nlasvc.dll
15:27:15.0632 1864 NlaSvc - ok
15:27:15.0695 1864 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows

\system32\drivers\Npfs.sys
15:27:15.0695 1864 Npfs - ok
15:27:15.0695 1864 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows

\system32\nsisvc.dll
15:27:15.0710 1864 nsi - ok
15:27:15.0710 1864 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows

\system32\drivers\nsiproxy.sys
15:27:15.0710 1864 nsiproxy - ok
15:27:15.0820 1864 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows

\system32\drivers\Ntfs.sys
15:27:15.0882 1864 Ntfs - ok
15:27:16.0069 1864 Null (f9756a98d69098dca8945d62858a812c) C:\Windows

\system32\drivers\Null.sys
15:27:16.0069 1864 Null - ok
15:27:16.0100 1864 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows

\system32\drivers\nvraid.sys
15:27:16.0116 1864 nvraid - ok
15:27:16.0163 1864 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows

\system32\drivers\nvstor.sys
15:27:16.0163 1864 nvstor - ok
15:27:16.0178 1864 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows

\system32\drivers\nv_agp.sys
15:27:16.0178 1864 nv_agp - ok
15:27:16.0288 1864 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files

\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:27:16.0319 1864 odserv - ok
15:27:16.0366 1864 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows

\system32\drivers\ohci1394.sys
15:27:16.0366 1864 ohci1394 - ok
15:27:16.0412 1864 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files

\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:27:16.0428 1864 ose - ok
15:27:16.0756 1864 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files

\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:27:16.0896 1864 osppsvc - ok
15:27:17.0052 1864 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows

\system32\pnrpsvc.dll
15:27:17.0083 1864 p2pimsvc - ok
15:27:17.0130 1864 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows

\system32\p2psvc.dll
15:27:17.0146 1864 p2psvc - ok
15:27:17.0224 1864 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows

\system32\drivers\parport.sys
15:27:17.0239 1864 Parport - ok
15:27:17.0270 1864 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows

\system32\drivers\partmgr.sys
15:27:17.0270 1864 partmgr - ok
15:27:17.0286 1864 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows

\system32\drivers\parvdm.sys
15:27:17.0286 1864 Parvdm - ok
15:27:17.0302 1864 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows

\System32\pcasvc.dll
15:27:17.0302 1864 PcaSvc - ok
15:27:17.0348 1864 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows

\system32\drivers\pci.sys
15:27:17.0348 1864 pci - ok
15:27:17.0364 1864 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows

\system32\drivers\pciide.sys
15:27:17.0364 1864 pciide - ok
15:27:17.0380 1864 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows

\system32\DRIVERS\pcmcia.sys
15:27:17.0395 1864 pcmcia - ok
15:27:17.0442 1864 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows

\system32\drivers\pcw.sys
15:27:17.0442 1864 pcw - ok
15:27:17.0489 1864 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows

\system32\drivers\peauth.sys
15:27:17.0489 1864 PEAUTH - ok
15:27:17.0614 1864 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows

\system32\peerdistsvc.dll
15:27:17.0645 1864 PeerDistSvc - ok
15:27:17.0754 1864 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows

\system32\pla.dll
15:27:17.0785 1864 pla - ok
15:27:17.0926 1864 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows

\system32\umpnpmgr.dll
15:27:17.0941 1864 PlugPlay - ok
15:27:17.0972 1864 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows

\system32\HPZipm12.dll
15:27:17.0988 1864 Pml Driver HPZ12 - ok
15:27:18.0004 1864 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows

\system32\pnrpauto.dll
15:27:18.0004 1864 PNRPAutoReg - ok
15:27:18.0019 1864 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows

\system32\pnrpsvc.dll
15:27:18.0035 1864 PNRPsvc - ok
15:27:18.0113 1864 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows

\system32\DRIVERS\point32.sys
15:27:18.0113 1864 Point32 - ok
15:27:18.0160 1864 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows

\System32\ipsecsvc.dll
15:27:18.0175 1864 PolicyAgent - ok
15:27:18.0206 1864 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows

\system32\umpo.dll
15:27:18.0206 1864 Power - ok
15:27:18.0253 1864 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows

\system32\DRIVERS\raspptp.sys
15:27:18.0253 1864 PptpMiniport - ok
15:27:18.0331 1864 prepdrvr (3909be53ad8e2bfcac9d9148e4b2b270) C:\Windows

\system32\CCM\prepdrv.sys
15:27:18.0331 1864 prepdrvr - ok
15:27:18.0362 1864 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows

\system32\drivers\processr.sys
15:27:18.0362 1864 Processor - ok
15:27:18.0425 1864 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows

\system32\profsvc.dll
15:27:18.0440 1864 ProfSvc - ok
15:27:18.0472 1864 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows

\system32\lsass.exe
15:27:18.0487 1864 ProtectedStorage - ok
15:27:18.0503 1864 psadd (651d3abc1d82d61b6cfb40cb947b3db3) C:\Windows

\system32\DRIVERS\psadd.sys
15:27:18.0503 1864 psadd - ok
15:27:18.0518 1864 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows

\system32\DRIVERS\pacer.sys
15:27:18.0518 1864 Psched - ok
15:27:18.0550 1864 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows

\system32\Drivers\PxHelp20.sys
15:27:18.0550 1864 PxHelp20 - ok
15:27:18.0659 1864 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows

\system32\drivers\ql2300.sys
15:27:18.0706 1864 ql2300 - ok
15:27:18.0877 1864 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows

\system32\drivers\ql40xx.sys
15:27:18.0877 1864 ql40xx - ok
15:27:18.0955 1864 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows

\system32\qwave.dll
15:27:18.0971 1864 QWAVE - ok
15:27:19.0002 1864 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows

\system32\drivers\qwavedrv.sys
15:27:19.0002 1864 QWAVEdrv - ok
15:27:19.0174 1864 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\ProgramData

\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_34302.sys
15:27:19.0189 1864 RapportCerberus_34302 - ok
15:27:19.0330 1864 RapportEI (ab79b1f18421fd72c2980a2c511e41b3) C:\Program Files

\Trusteer\Rapport\bin\RapportEI.sys
15:27:19.0330 1864 RapportEI - ok
15:27:19.0392 1864 RapportIaso (35199ec35edc7dcba71fda711dfb05c0) c:\programdata

\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys
15:27:19.0408 1864 RapportIaso - ok
15:27:19.0423 1864 RapportKELL (d62d8cf270824d5a542b654a7980ae3c) C:\Windows

\system32\Drivers\RapportKELL.sys
15:27:19.0423 1864 RapportKELL - ok
15:27:19.0532 1864 RapportMgmtService (d41b2804aafaba0ea8fd7e71ae33c30c) C:\Program Files

\Trusteer\Rapport\bin\RapportMgmtService.exe
15:27:19.0579 1864 RapportMgmtService - ok
15:27:19.0673 1864 RapportPG (102efe077c8502b68f08eb8f126dcc65) C:\Program Files

\Trusteer\Rapport\bin\RapportPG.sys
15:27:19.0688 1864 RapportPG - ok
15:27:19.0844 1864 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows

\system32\DRIVERS\rasacd.sys
15:27:19.0844 1864 RasAcd - ok
15:27:19.0891 1864 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows

\system32\DRIVERS\AgileVpn.sys
15:27:19.0891 1864 RasAgileVpn - ok
15:27:19.0922 1864 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows

\System32\rasauto.dll
15:27:19.0922 1864 RasAuto - ok
15:27:19.0938 1864 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows

\system32\DRIVERS\rasl2tp.sys
15:27:19.0938 1864 Rasl2tp - ok
15:27:19.0985 1864 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows

\System32\rasmans.dll
15:27:20.0000 1864 RasMan - ok
15:27:20.0016 1864 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows

\system32\DRIVERS\raspppoe.sys
15:27:20.0016 1864 RasPppoe - ok
15:27:20.0032 1864 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows

\system32\DRIVERS\rassstp.sys
15:27:20.0032 1864 RasSstp - ok
15:27:20.0063 1864 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows

\system32\DRIVERS\rdbss.sys
15:27:20.0063 1864 rdbss - ok
15:27:20.0094 1864 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows

\system32\DRIVERS\rdpbus.sys
15:27:20.0094 1864 rdpbus - ok
15:27:20.0110 1864 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows

\system32\DRIVERS\RDPCDD.sys
15:27:20.0110 1864 RDPCDD - ok
15:27:20.0125 1864 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows

\system32\drivers\rdpdr.sys
15:27:20.0125 1864 RDPDR - ok
15:27:20.0141 1864 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows

\system32\drivers\rdpencdd.sys
15:27:20.0141 1864 RDPENCDD - ok
15:27:20.0156 1864 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows

\system32\drivers\rdprefmp.sys
15:27:20.0156 1864 RDPREFMP - ok
15:27:20.0219 1864 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows

\system32\drivers\rdpvideominiport.sys
15:27:20.0219 1864 RdpVideoMiniport - ok
15:27:20.0281 1864 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows

\system32\drivers\RDPWD.sys
15:27:20.0297 1864 RDPWD - ok
15:27:20.0328 1864 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows

\system32\drivers\rdyboost.sys
15:27:20.0344 1864 rdyboost - ok
15:27:20.0375 1864 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows

\System32\mprdim.dll
15:27:20.0390 1864 RemoteAccess - ok
15:27:20.0453 1864 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows

\system32\regsvc.dll
15:27:20.0453 1864 RemoteRegistry - ok
15:27:20.0500 1864 RimUsb (4f4a4c09cc5be58a76cac1c337e004e6) C:\Windows

\system32\Drivers\RimUsb.sys
15:27:20.0500 1864 RimUsb - ok
15:27:20.0546 1864 RimVSerPort (3a5633ad615e2b15291bd0b1b97ccd8a) C:\Windows

\system32\DRIVERS\RimSerial.sys
15:27:20.0546 1864 RimVSerPort - ok
15:27:20.0609 1864 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows

\system32\Drivers\RootMdm.sys
15:27:20.0609 1864 ROOTMODEM - ok
15:27:20.0640 1864 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows

\System32\RpcEpMap.dll
15:27:20.0640 1864 RpcEptMapper - ok
15:27:20.0671 1864 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows

\system32\locator.exe
15:27:20.0671 1864 RpcLocator - ok
15:27:20.0718 1864 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows

\system32\rpcss.dll
15:27:20.0718 1864 RpcSs - ok
15:27:20.0765 1864 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows

\system32\DRIVERS\rspndr.sys
15:27:20.0765 1864 rspndr - ok
15:27:20.0827 1864 RTL8167 (c5a68c5ec01fd6f03396dd154b48db56) C:\Windows

\system32\DRIVERS\Rt86win7.sys
15:27:20.0843 1864 RTL8167 - ok
15:27:20.0936 1864 rtl8192se (8e2cb65b05b102f2adeebe4c76bf11b6) C:\Windows

\system32\DRIVERS\rtl8192se.sys
15:27:20.0968 1864 rtl8192se - ok
15:27:21.0014 1864 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows

\system32\drivers\vms3cap.sys
15:27:21.0014 1864 s3cap - ok
15:27:21.0030 1864 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows

\system32\lsass.exe
15:27:21.0030 1864 SamSs - ok
15:27:21.0155 1864 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files

\SUPERAntiSpyware\SASDIFSV.SYS
15:27:21.0155 1864 SASDIFSV - ok
15:27:21.0170 1864 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files

\SUPERAntiSpyware\SASKUTIL.SYS
15:27:21.0186 1864 SASKUTIL - ok
15:27:21.0217 1864 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows

\system32\drivers\sbp2port.sys
15:27:21.0217 1864 sbp2port - ok
15:27:21.0280 1864 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows

\System32\SCardSvr.dll
15:27:21.0295 1864 SCardSvr - ok
15:27:21.0326 1864 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows

\system32\DRIVERS\scfilter.sys
15:27:21.0326 1864 scfilter - ok
15:27:21.0373 1864 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows

\system32\schedsvc.dll
15:27:21.0389 1864 Schedule - ok
15:27:21.0451 1864 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows

\System32\certprop.dll
15:27:21.0451 1864 SCPolicySvc - ok
15:27:21.0482 1864 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows

\system32\DRIVERS\sdbus.sys
15:27:21.0482 1864 sdbus - ok
15:27:21.0498 1864 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows

\System32\SDRSVC.dll
15:27:21.0498 1864 SDRSVC - ok
15:27:21.0514 1864 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows

\system32\drivers\secdrv.sys
15:27:21.0514 1864 secdrv - ok
15:27:21.0529 1864 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows

\system32\seclogon.dll
15:27:21.0529 1864 seclogon - ok
15:27:21.0560 1864 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows

\System32\sens.dll
15:27:21.0560 1864 SENS - ok
15:27:21.0576 1864 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows

\system32\sensrsvc.dll
15:27:21.0576 1864 SensrSvc - ok
15:27:21.0607 1864 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows

\system32\drivers\serenum.sys
15:27:21.0607 1864 Serenum - ok
15:27:21.0623 1864 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows

\system32\drivers\serial.sys
15:27:21.0623 1864 Serial - ok
15:27:21.0638 1864 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows

\system32\drivers\sermouse.sys
15:27:21.0638 1864 sermouse - ok
15:27:21.0685 1864 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows

\system32\sessenv.dll
15:27:21.0685 1864 SessionEnv - ok
15:27:21.0701 1864 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows

\system32\DRIVERS\sffdisk.sys
15:27:21.0701 1864 sffdisk - ok
15:27:21.0716 1864 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows

\system32\drivers\sffp_mmc.sys
15:27:21.0716 1864 sffp_mmc - ok
15:27:21.0716 1864 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows

\system32\DRIVERS\sffp_sd.sys
15:27:21.0732 1864 sffp_sd - ok
15:27:21.0732 1864 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows

\system32\drivers\sfloppy.sys
15:27:21.0732 1864 sfloppy - ok
15:27:21.0810 1864 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows

\System32\shsvcs.dll
15:27:21.0826 1864 ShellHWDetection - ok
15:27:21.0841 1864 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows

\system32\drivers\sisagp.sys
15:27:21.0841 1864 sisagp - ok
15:27:21.0872 1864 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows

\system32\drivers\SiSRaid2.sys
15:27:21.0872 1864 SiSRaid2 - ok
15:27:21.0888 1864 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows

\system32\drivers\sisraid4.sys
15:27:21.0888 1864 SiSRaid4 - ok
15:27:21.0904 1864 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows

\system32\DRIVERS\smb.sys
15:27:21.0904 1864 Smb - ok
15:27:21.0935 1864 smstsmgr - ok
15:27:21.0966 1864 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows

\System32\snmptrap.exe
15:27:21.0966 1864 SNMPTRAP - ok
15:27:21.0982 1864 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows

\system32\drivers\spldr.sys
15:27:21.0982 1864 spldr - ok
15:27:22.0028 1864 Spooler (866a43013535dc8587c258e43579c764) C:\Windows

\System32\spoolsv.exe
15:27:22.0028 1864 Spooler - ok
15:27:22.0247 1864 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows

\system32\sppsvc.exe
15:27:22.0294 1864 sppsvc - ok
15:27:22.0434 1864 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows

\system32\sppuinotify.dll
15:27:22.0434 1864 sppuinotify - ok
15:27:22.0512 1864 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows

\system32\DRIVERS\srv.sys
15:27:22.0543 1864 srv - ok
15:27:22.0590 1864 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows

\system32\DRIVERS\srv2.sys
15:27:22.0637 1864 srv2 - ok
15:27:22.0668 1864 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows

\system32\DRIVERS\VSTAZL3.SYS
15:27:22.0684 1864 SrvHsfHDA - ok
15:27:22.0777 1864 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows

\system32\DRIVERS\VSTDPV3.SYS
15:27:22.0808 1864 SrvHsfV92 - ok
15:27:22.0886 1864 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows

\system32\DRIVERS\VSTCNXT3.SYS
15:27:22.0933 1864 SrvHsfWinac - ok
15:27:22.0996 1864 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows

\system32\DRIVERS\srvnet.sys
15:27:22.0996 1864 srvnet - ok
15:27:23.0042 1864 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows

\System32\ssdpsrv.dll
15:27:23.0058 1864 SSDPSRV - ok
15:27:23.0105 1864 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows

\system32\sstpsvc.dll
15:27:23.0105 1864 SstpSvc - ok
15:27:23.0152 1864 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows

\system32\drivers\stexstor.sys
15:27:23.0152 1864 stexstor - ok
15:27:23.0198 1864 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows

\System32\wiaservc.dll
15:27:23.0230 1864 StiSvc - ok
15:27:23.0323 1864 stllssvr (e476c66713c842f58e61a95826ed1d57) C:\Program Files

\Common Files\SureThing Shared\stllssvr.exe
15:27:23.0323 1864 stllssvr - ok
15:27:23.0354 1864 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows

\system32\drivers\vmstorfl.sys
15:27:23.0354 1864 storflt - ok
15:27:23.0370 1864 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows

\system32\storsvc.dll
15:27:23.0370 1864 StorSvc - ok
15:27:23.0386 1864 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows

\system32\drivers\storvsc.sys
15:27:23.0386 1864 storvsc - ok
15:27:23.0432 1864 SUService (5e8261eddfd7c1851b78e27705cd7f59) C:\Program Files

\Lenovo\System Update\SUService.exe
15:27:23.0432 1864 SUService - ok
15:27:23.0448 1864 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows

\system32\DRIVERS\swenum.sys
15:27:23.0448 1864 swenum - ok
15:27:23.0495 1864 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows

\System32\swprv.dll
15:27:23.0495 1864 swprv - ok
15:27:23.0510 1864 Synth3dVsc (f2ad8960812fd111e20e84659ef19d43) C:\Windows

\system32\drivers\Synth3dVsc.sys
15:27:23.0526 1864 Synth3dVsc - ok
15:27:23.0620 1864 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows

\system32\sysmain.dll
15:27:23.0635 1864 SysMain - ok
15:27:23.0651 1864 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows

\System32\TabSvc.dll
15:27:23.0666 1864 TabletInputService - ok
15:27:23.0682 1864 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows

\System32\tapisrv.dll
15:27:23.0698 1864 TapiSrv - ok
15:27:23.0713 1864 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows

\System32\tbssvc.dll
15:27:23.0729 1864 TBS - ok
15:27:23.0869 1864 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows

\system32\drivers\tcpip.sys
15:27:23.0901 1864 Tcpip - ok
15:27:24.0072 1864 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows

\system32\DRIVERS\tcpip.sys
15:27:24.0088 1864 TCPIP6 - ok
15:27:24.0197 1864 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows

\system32\drivers\tcpipreg.sys
15:27:24.0213 1864 tcpipreg - ok
15:27:24.0228 1864 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows

\system32\drivers\tdpipe.sys
15:27:24.0228 1864 TDPIPE - ok
15:27:24.0259 1864 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows

\system32\drivers\tdtcp.sys
15:27:24.0259 1864 TDTCP - ok
15:27:24.0291 1864 tdx (b459575348c20e8121d6039da063c704) C:\Windows

\system32\DRIVERS\tdx.sys
15:27:24.0291 1864 tdx - ok
15:27:24.0322 1864 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows

\system32\DRIVERS\termdd.sys
15:27:24.0322 1864 TermDD - ok
15:27:24.0337 1864 terminpt (052306fd76793d5d5ab5d9891fd1adbb) C:\Windows

\system32\drivers\terminpt.sys
15:27:24.0337 1864 terminpt - ok
15:27:24.0415 1864 TermService (382c804c92811be57829d8e550a900e2) C:\Windows

\System32\termsrv.dll
15:27:24.0415 1864 TermService - ok
15:27:24.0431 1864 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows

\system32\themeservice.dll
15:27:24.0431 1864 Themes - ok
15:27:24.0478 1864 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows

\system32\mmcss.dll
15:27:24.0478 1864 THREADORDER - ok
15:27:24.0478 1864 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows

\system32\drivers\tpm.sys
15:27:24.0478 1864 TPM - ok
15:27:24.0509 1864 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows

\System32\trkwks.dll
15:27:24.0509 1864 TrkWks - ok
15:27:24.0587 1864 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing

\TrustedInstaller.exe
15:27:24.0603 1864 TrustedInstaller - ok
15:27:24.0634 1864 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows

\system32\DRIVERS\tssecsrv.sys
15:27:24.0634 1864 tssecsrv - ok
15:27:24.0649 1864 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows

\system32\drivers\tsusbflt.sys
15:27:24.0649 1864 TsUsbFlt - ok
15:27:24.0665 1864 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows

\system32\drivers\TsUsbGD.sys
15:27:24.0665 1864 TsUsbGD - ok
15:27:24.0681 1864 tsusbhub (045acb987c650d8186c6b4a692223860) C:\Windows

\system32\drivers\tsusbhub.sys
15:27:24.0681 1864 tsusbhub - ok
15:27:24.0712 1864 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows

\system32\DRIVERS\tunnel.sys
15:27:24.0712 1864 tunnel - ok
15:27:24.0727 1864 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows

\system32\drivers\uagp35.sys
15:27:24.0727 1864 uagp35 - ok
15:27:24.0759 1864 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows

\system32\DRIVERS\udfs.sys
15:27:24.0759 1864 udfs - ok
15:27:24.0821 1864 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows

\system32\UI0Detect.exe
15:27:24.0821 1864 UI0Detect - ok
15:27:24.0852 1864 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows

\system32\drivers\uliagpkx.sys
15:27:24.0852 1864 uliagpkx - ok
15:27:24.0868 1864 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows

\system32\DRIVERS\umbus.sys
15:27:24.0868 1864 umbus - ok
15:27:24.0899 1864 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows

\system32\drivers\umpass.sys
15:27:24.0899 1864 UmPass - ok
15:27:24.0915 1864 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows

\System32\umrdp.dll
15:27:24.0930 1864 UmRdpService - ok
15:27:25.0164 1864 UNS (7466809e6da561d60c2f1ce8ede3c73f) C:\Program Files

\Intel\Intel® Management Engine Components\UNS\UNS.exe
15:27:25.0211 1864 UNS - ok
15:27:25.0367 1864 upnphost (833fbb672460efce8011d262175fad33) C:\Windows

\System32\upnphost.dll
15:27:25.0414 1864 upnphost - ok
15:27:25.0476 1864 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows

\system32\Drivers\usbaapl.sys
15:27:25.0476 1864 USBAAPL - ok
15:27:25.0523 1864 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows

\system32\DRIVERS\usbccgp.sys
15:27:25.0523 1864 usbccgp - ok
15:27:25.0570 1864 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows

\system32\drivers\usbcir.sys
15:27:25.0570 1864 usbcir - ok
15:27:25.0617 1864 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows

\system32\DRIVERS\usbehci.sys
15:27:25.0617 1864 usbehci - ok
15:27:25.0663 1864 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows

\system32\DRIVERS\usbhub.sys
15:27:25.0679 1864 usbhub - ok
15:27:25.0710 1864 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows

\system32\drivers\usbohci.sys
15:27:25.0710 1864 usbohci - ok
15:27:25.0741 1864 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows

\system32\DRIVERS\usbprint.sys
15:27:25.0741 1864 usbprint - ok
15:27:25.0788 1864 usbrndis6 (20158f032eea4fc501118f1992fdf57d) C:\Windows

\system32\DRIVERS\usb80236.sys
15:27:25.0788 1864 usbrndis6 - ok
15:27:25.0819 1864 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows

\system32\DRIVERS\usbscan.sys
15:27:25.0819 1864 usbscan - ok
15:27:25.0851 1864 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows

\system32\DRIVERS\USBSTOR.SYS
15:27:25.0851 1864 USBSTOR - ok
15:27:25.0913 1864 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows

\system32\DRIVERS\usbuhci.sys
15:27:25.0913 1864 usbuhci - ok
15:27:25.0960 1864 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows

\system32\DRIVERS\usb8023x.sys
15:27:25.0960 1864 usb_rndisx - ok
15:27:25.0991 1864 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows

\System32\uxsms.dll
15:27:25.0991 1864 UxSms - ok
15:27:26.0022 1864 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows

\system32\lsass.exe
15:27:26.0022 1864 VaultSvc - ok
15:27:26.0053 1864 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows

\system32\drivers\vdrvroot.sys
15:27:26.0053 1864 vdrvroot - ok
15:27:26.0085 1864 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows

\System32\vds.exe
15:27:26.0116 1864 vds - ok
15:27:26.0147 1864 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows

\system32\DRIVERS\vgapnp.sys
15:27:26.0147 1864 vga - ok
15:27:26.0163 1864 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows

\System32\drivers\vga.sys
15:27:26.0163 1864 VgaSave - ok
15:27:26.0178 1864 VGPU - ok
15:27:26.0209 1864 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows

\system32\drivers\vhdmp.sys
15:27:26.0209 1864 vhdmp - ok
15:27:26.0241 1864 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows

\system32\drivers\viaagp.sys
15:27:26.0241 1864 viaagp - ok
15:27:26.0256 1864 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows

\system32\drivers\viac7.sys
15:27:26.0256 1864 ViaC7 - ok
15:27:26.0256 1864 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows

\system32\drivers\viaide.sys
15:27:26.0256 1864 viaide - ok
15:27:26.0303 1864 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows

\system32\drivers\vmbus.sys
15:27:26.0319 1864 vmbus - ok
15:27:26.0350 1864 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows

\system32\drivers\VMBusHID.sys
15:27:26.0350 1864 VMBusHID - ok
15:27:26.0412 1864 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows

\system32\drivers\volmgr.sys
15:27:26.0412 1864 volmgr - ok
15:27:26.0475 1864 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows

\system32\drivers\volmgrx.sys
15:27:26.0506 1864 volmgrx - ok
15:27:26.0553 1864 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows

\system32\drivers\volsnap.sys
15:27:26.0568 1864 volsnap - ok
15:27:26.0615 1864 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows

\system32\drivers\vsmraid.sys
15:27:26.0615 1864 vsmraid - ok
15:27:26.0740 1864 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows

\system32\vssvc.exe
15:27:26.0771 1864 VSS - ok
15:27:26.0802 1864 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows

\system32\DRIVERS\vwifibus.sys
15:27:26.0802 1864 vwifibus - ok
15:27:26.0849 1864 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows

\system32\DRIVERS\vwififlt.sys
15:27:26.0849 1864 vwififlt - ok
15:27:26.0896 1864 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows

\system32\w32time.dll
15:27:26.0943 1864 W32Time - ok
15:27:26.0974 1864 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows

\system32\drivers\wacompen.sys
15:27:26.0974 1864 WacomPen - ok
15:27:27.0005 1864 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows

\system32\DRIVERS\wanarp.sys
15:27:27.0005 1864 WANARP - ok
15:27:27.0005 1864 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows

\system32\DRIVERS\wanarp.sys
15:27:27.0005 1864 Wanarpv6 - ok
15:27:27.0130 1864 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows

\system32\Wat\WatAdminSvc.exe
15:27:27.0161 1864 WatAdminSvc - ok
15:27:27.0379 1864 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows

\system32\wbengine.exe
15:27:27.0442 1864 wbengine - ok
15:27:27.0473 1864 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows

\System32\wbiosrvc.dll
15:27:27.0489 1864 WbioSrvc - ok
15:27:27.0520 1864 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows

\System32\wcncsvc.dll
15:27:27.0567 1864 wcncsvc - ok
15:27:27.0613 1864 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows

\System32\WcsPlugInService.dll
15:27:27.0613 1864 WcsPlugInService - ok
15:27:27.0691 1864 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows

\system32\drivers\wd.sys
15:27:27.0691 1864 Wd - ok
15:27:27.0738 1864 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows

\system32\drivers\Wdf01000.sys
15:27:27.0754 1864 Wdf01000 - ok
15:27:27.0785 1864 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows

\system32\wdi.dll
15:27:27.0801 1864 WdiServiceHost - ok
15:27:27.0801 1864 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows

\system32\wdi.dll
15:27:27.0801 1864 WdiSystemHost - ok
15:27:27.0847 1864 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows

\System32\webclnt.dll
15:27:27.0879 1864 WebClient - ok
15:27:27.0910 1864 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows

\system32\wecsvc.dll
15:27:27.0941 1864 Wecsvc - ok
15:27:27.0957 1864 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows

\System32\wercplsupport.dll
15:27:27.0972 1864 wercplsupport - ok
15:27:28.0003 1864 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows

\System32\WerSvc.dll
15:27:28.0003 1864 WerSvc - ok
15:27:28.0019 1864 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows

\system32\DRIVERS\wfplwf.sys
15:27:28.0019 1864 WfpLwf - ok
15:27:28.0050 1864 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows

\system32\drivers\wimmount.sys
15:27:28.0066 1864 WIMMount - ok
15:27:28.0066 1864 WinHttpAutoProxySvc - ok
15:27:28.0144 1864 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows

\system32\wbem\WMIsvc.dll
15:27:28.0159 1864 Winmgmt - ok
15:27:28.0269 1864 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows

\system32\WsmSvc.dll
15:27:28.0331 1864 WinRM - ok
15:27:28.0440 1864 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows

\system32\DRIVERS\WinUsb.sys
15:27:28.0440 1864 WinUsb - ok
15:27:28.0518 1864 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows

\System32\wlansvc.dll
15:27:28.0534 1864 Wlansvc - ok
15:27:28.0596 1864 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows

\system32\DRIVERS\wmiacpi.sys
15:27:28.0596 1864 WmiAcpi - ok
15:27:28.0674 1864 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows

\system32\wbem\WmiApSrv.exe
15:27:28.0690 1864 wmiApSrv - ok
15:27:28.0861 1864 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files

\Windows Media Player\wmpnetwk.exe
15:27:28.0893 1864 WMPNetworkSvc - ok
15:27:29.0017 1864 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows

\System32\wpcsvc.dll
15:27:29.0017 1864 WPCSvc - ok
15:27:29.0033 1864 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows

\system32\wpdbusenum.dll
15:27:29.0049 1864 WPDBusEnum - ok
15:27:29.0127 1864 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows

\system32\drivers\ws2ifsl.sys
15:27:29.0127 1864 ws2ifsl - ok
15:27:29.0127 1864 WSearch - ok
15:27:29.0283 1864 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows

\system32\wuaueng.dll
15:27:29.0345 1864 wuauserv - ok
15:27:29.0517 1864 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows

\system32\drivers\WudfPf.sys
15:27:29.0517 1864 WudfPf - ok
15:27:29.0579 1864 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows

\system32\DRIVERS\WUDFRd.sys
15:27:29.0579 1864 WUDFRd - ok
15:27:29.0626 1864 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows

\System32\WUDFSvc.dll
15:27:29.0626 1864 wudfsvc - ok
15:27:29.0641 1864 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows

\System32\wwansvc.dll
15:27:29.0673 1864 WwanSvc - ok
15:27:29.0719 1864 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:27:30.0047 1864 \Device\Harddisk0\DR0 - ok
15:27:30.0047 1864 Boot (0x1200) (d3526bbe9b3b0af54472e090eb3648a9) \Device

\Harddisk0\DR0\Partition0
15:27:30.0047 1864 \Device\Harddisk0\DR0\Partition0 - ok
15:27:30.0047 1864 ============================================================
15:27:30.0047 1864 Scan finished
15:27:30.0047 1864 ============================================================
15:27:30.0063 1732 Detected object count: 0
15:27:30.0063 1732 Actual detected object count: 0
15:27:57.0519 1388 ============================================================
15:27:57.0519 1388 Scan started
15:27:57.0519 1388 Mode: Manual; SigCheck; TDLFS;
15:27:57.0519 1388 ============================================================
15:27:59.0406 1388 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files

\SUPERAntiSpyware\SASCORE.EXE
15:27:59.0453 1388 !SASCORE - ok
15:27:59.0500 1388 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows

\system32\DRIVERS\1394ohci.sys
15:27:59.0562 1388 1394ohci - ok
15:27:59.0593 1388 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows

\system32\drivers\ACPI.sys
15:27:59.0609 1388 ACPI - ok
15:27:59.0625 1388 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows

\system32\drivers\acpipmi.sys
15:27:59.0703 1388 AcpiPmi - ok
15:27:59.0796 1388 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files

\Common Files\Adobe\ARM\1.0\armsvc.exe
15:27:59.0796 1388 AdobeARMservice - ok
15:27:59.0874 1388 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows

\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:27:59.0890 1388 AdobeFlashPlayerUpdateSvc - ok
15:27:59.0921 1388 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows

\system32\drivers\adp94xx.sys
15:27:59.0937 1388 adp94xx - ok
15:27:59.0968 1388 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows

\system32\drivers\adpahci.sys
15:27:59.0983 1388 adpahci - ok
15:28:00.0015 1388 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows

\system32\drivers\adpu320.sys
15:28:00.0015 1388 adpu320 - ok
15:28:00.0061 1388 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows

\System32\aelupsvc.dll
15:28:00.0108 1388 AeLookupSvc - ok
15:28:00.0155 1388 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows

\system32\drivers\afd.sys
15:28:00.0217 1388 AFD - ok
15:28:00.0233 1388 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows

\system32\drivers\agp440.sys
15:28:00.0249 1388 agp440 - ok
15:28:00.0264 1388 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows

\system32\drivers\djsvs.sys
15:28:00.0280 1388 aic78xx - ok
15:28:00.0311 1388 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows

\System32\alg.exe
15:28:00.0342 1388 ALG - ok
15:28:00.0358 1388 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows

\system32\drivers\aliide.sys
15:28:00.0373 1388 aliide - ok
15:28:00.0405 1388 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows

\system32\drivers\amdagp.sys
15:28:00.0405 1388 amdagp - ok
15:28:00.0436 1388 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows

\system32\drivers\amdide.sys
15:28:00.0451 1388 amdide - ok
15:28:00.0467 1388 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows

\system32\drivers\amdk8.sys
15:28:00.0498 1388 AmdK8 - ok
15:28:00.0514 1388 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows

\system32\drivers\amdppm.sys
15:28:00.0545 1388 AmdPPM - ok
15:28:00.0576 1388 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows

\system32\drivers\amdsata.sys
15:28:00.0592 1388 amdsata - ok
15:28:00.0639 1388 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows

\system32\drivers\amdsbs.sys
15:28:00.0654 1388 amdsbs - ok
15:28:00.0685 1388 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows

\system32\drivers\amdxata.sys
15:28:00.0701 1388 amdxata - ok
15:28:00.0748 1388 ApfiltrService (9910a9c7d307a9e156d951248601c33e) C:\Windows

\system32\DRIVERS\Apfiltr.sys
15:28:00.0763 1388 ApfiltrService - ok
15:28:00.0779 1388 AppID (aea177f783e20150ace5383ee368da19) C:\Windows

\system32\drivers\appid.sys
15:28:00.0888 1388 AppID - ok
15:28:00.0919 1388 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows

\System32\appidsvc.dll
15:28:00.0951 1388 AppIDSvc - ok
15:28:00.0982 1388 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows

\System32\appinfo.dll
15:28:01.0013 1388 Appinfo - ok
15:28:01.0138 1388 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files

\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:28:01.0153 1388 Apple Mobile Device - ok
15:28:01.0185 1388 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows

\System32\appmgmts.dll
15:28:01.0216 1388 AppMgmt - ok
15:28:01.0247 1388 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows

\system32\drivers\arc.sys
15:28:01.0263 1388 arc - ok
15:28:01.0278 1388 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows

\system32\drivers\arcsas.sys
15:28:01.0294 1388 arcsas - ok
15:28:01.0309 1388 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows

\system32\DRIVERS\asyncmac.sys
15:28:01.0434 1388 AsyncMac - ok
15:28:01.0434 1388 atapi (338c86357871c167a96ab976519bf59e) C:\Windows

\system32\drivers\atapi.sys
15:28:01.0450 1388 atapi - ok
15:28:01.0512 1388 ATSwpWDF (befe54e9bc648a3c79c917a63b6ee7da) C:\Windows

\system32\Drivers\ATSwpWDF.sys
15:28:01.0528 1388 ATSwpWDF - ok
15:28:01.0590 1388 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows

\System32\Audiosrv.dll
15:28:01.0621 1388 AudioEndpointBuilder - ok
15:28:01.0621 1388 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows

\System32\Audiosrv.dll
15:28:01.0653 1388 Audiosrv - ok
15:28:01.0668 1388 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows

\System32\AxInstSV.dll
15:28:01.0731 1388 AxInstSV - ok
15:28:01.0777 1388 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows

\system32\drivers\bxvbdx.sys
15:28:01.0809 1388 b06bdrv - ok
15:28:01.0824 1388 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows

\system32\DRIVERS\b57nd60x.sys
15:28:01.0840 1388 b57nd60x - ok
15:28:01.0871 1388 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows

\System32\bdesvc.dll
15:28:01.0918 1388 BDESVC - ok
15:28:01.0918 1388 Beep (505506526a9d467307b3c393dedaf858) C:\Windows

\system32\drivers\Beep.sys
15:28:01.0965 1388 Beep - ok
15:28:02.0027 1388 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows

\System32\qmgr.dll
15:28:02.0058 1388 BITS - ok
15:28:02.0074 1388 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows

\system32\DRIVERS\blbdrive.sys
15:28:02.0089 1388 blbdrive - ok
15:28:02.0199 1388 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files

\Bonjour\mDNSResponder.exe
15:28:02.0214 1388 Bonjour Service - ok
15:28:02.0245 1388 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows

\system32\DRIVERS\bowser.sys
15:28:02.0277 1388 bowser - ok
15:28:02.0292 1388 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows

\system32\drivers\BrFiltLo.sys
15:28:02.0339 1388 BrFiltLo - ok
15:28:02.0355 1388 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows

\system32\drivers\BrFiltUp.sys
15:28:02.0386 1388 BrFiltUp - ok
15:28:02.0417 1388 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows

\System32\browser.dll
15:28:02.0464 1388 Browser - ok
15:28:02.0495 1388 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows

\System32\Drivers\Brserid.sys
15:28:02.0526 1388 Brserid - ok
15:28:02.0542 1388 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows

\System32\Drivers\BrSerWdm.sys
15:28:02.0573 1388 BrSerWdm - ok
15:28:02.0573 1388 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows

\System32\Drivers\BrUsbMdm.sys
15:28:02.0604 1388 BrUsbMdm - ok
15:28:02.0620 1388 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows

\System32\Drivers\BrUsbSer.sys
15:28:02.0635 1388 BrUsbSer - ok
15:28:02.0667 1388 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows

\system32\drivers\bthmodem.sys
15:28:02.0682 1388 BTHMODEM - ok
15:28:02.0713 1388 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows

\system32\bthserv.dll
15:28:02.0760 1388 bthserv - ok
15:28:02.0838 1388 CcmExec (92e1c6aa2baa06e255a52b64dd057b31) C:\Windows

\system32\CCM\CcmExec.exe
15:28:02.0869 1388 CcmExec - ok
15:28:02.0916 1388 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows

\system32\DRIVERS\cdfs.sys
15:28:02.0947 1388 cdfs - ok
15:28:02.0963 1388 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows

\system32\DRIVERS\cdrom.sys
15:28:02.0994 1388 cdrom - ok
15:28:03.0025 1388 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows

\System32\certprop.dll
15:28:03.0072 1388 CertPropSvc - ok
15:28:03.0088 1388 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows

\system32\drivers\circlass.sys
15:28:03.0103 1388 circlass - ok
15:28:03.0135 1388 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows

\system32\CLFS.sys
15:28:03.0150 1388 CLFS - ok
15:28:03.0228 1388 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:

\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:28:03.0244 1388 clr_optimization_v2.0.50727_32 - ok
15:28:03.0291 1388 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:

\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:28:03.0306 1388 clr_optimization_v4.0.30319_32 - ok
15:28:03.0337 1388 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows

\system32\DRIVERS\CmBatt.sys
15:28:03.0353 1388 CmBatt - ok
15:28:03.0369 1388 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows

\system32\drivers\cmdide.sys
15:28:03.0384 1388 cmdide - ok
15:28:03.0431 1388 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows

\system32\Drivers\cng.sys
15:28:03.0447 1388 CNG - ok
15:28:03.0462 1388 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows

\system32\drivers\compbatt.sys
15:28:03.0478 1388 Compbatt - ok
15:28:03.0493 1388 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows

\system32\DRIVERS\CompositeBus.sys
15:28:03.0509 1388 CompositeBus - ok
15:28:03.0525 1388 COMSysApp - ok
15:28:03.0540 1388 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows

\system32\drivers\crcdisk.sys
15:28:03.0556 1388 crcdisk - ok
15:28:03.0587 1388 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows

\system32\cryptsvc.dll
15:28:03.0634 1388 CryptSvc - ok
15:28:03.0665 1388 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows

\system32\drivers\csc.sys
15:28:03.0696 1388 CSC - ok
15:28:03.0759 1388 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows

\System32\cscsvc.dll
15:28:03.0790 1388 CscService - ok
15:28:03.0805 1388 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows

\system32\DRIVERS\CVirtA.sys
15:28:03.0837 1388 CVirtA - ok
15:28:03.0993 1388 CVPND (08d8fa119f2ad6ac0377fb667523482e) C:\Program Files\Cisco

Systems\VPN Client\cvpnd.exe
15:28:04.0039 1388 CVPND - ok
15:28:04.0195 1388 CVPNDRVA (1c2999966f0f36aa44eaecbee70cf770) C:\Windows

\system32\Drivers\CVPNDRVA.sys
15:28:04.0227 1388 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
15:28:04.0227 1388 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
15:28:04.0258 1388 dc3d (90f8539fa0de4aafe4fdbe7f95d6a512) C:\Windows

\system32\DRIVERS\dc3d.sys
15:28:04.0273 1388 dc3d - ok
15:28:04.0320 1388 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows

\system32\rpcss.dll
15:28:04.0367 1388 DcomLaunch - ok
15:28:04.0398 1388 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows

\System32\defragsvc.dll
15:28:04.0461 1388 defragsvc - ok
15:28:04.0476 1388 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows

\system32\Drivers\dfsc.sys
15:28:04.0492 1388 DfsC - ok
15:28:04.0523 1388 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows

\system32\dhcpcore.dll
15:28:04.0554 1388 Dhcp - ok
15:28:04.0585 1388 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows

\system32\drivers\discache.sys
15:28:04.0617 1388 discache - ok
15:28:04.0648 1388 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows

\system32\drivers\disk.sys
15:28:04.0663 1388 Disk - ok
15:28:04.0679 1388 dmvsc (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows

\system32\drivers\dmvsc.sys
15:28:04.0726 1388 dmvsc - ok
15:28:04.0757 1388 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\Windows

\system32\DRIVERS\dne2000.sys
15:28:04.0757 1388 DNE - ok
15:28:04.0804 1388 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows

\System32\dnsrslvr.dll
15:28:04.0835 1388 Dnscache - ok
15:28:04.0882 1388 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows

\System32\dot3svc.dll
15:28:04.0913 1388 dot3svc - ok
15:28:04.0960 1388 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows

\system32\DRIVERS\Dot4.sys
15:28:04.0975 1388 Dot4 - ok
15:28:05.0022 1388 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows

\system32\DRIVERS\Dot4Prt.sys
15:28:05.0038 1388 Dot4Print - ok
15:28:05.0085 1388 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows

\system32\DRIVERS\dot4usb.sys
15:28:05.0116 1388 dot4usb - ok
15:28:05.0131 1388 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows

\system32\dps.dll
15:28:05.0178 1388 DPS - ok
15:28:05.0225 1388 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows

\system32\drivers\drmkaud.sys
15:28:05.0256 1388 drmkaud - ok
15:28:05.0631 1388 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows

\System32\drivers\dxgkrnl.sys
15:28:05.0662 1388 DXGKrnl - ok
15:28:05.0771 1388 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows

\System32\eapsvc.dll
15:28:05.0833 1388 EapHost - ok
15:28:07.0612 1388 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows

\system32\drivers\evbdx.sys
15:28:07.0674 1388 ebdrv - ok
15:28:07.0783 1388 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows

\System32\lsass.exe
15:28:07.0830 1388 EFS - ok
15:28:07.0908 1388 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome

\ehRecvr.exe
15:28:07.0939 1388 ehRecvr - ok
15:28:07.0955 1388 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome

\ehsched.exe
15:28:08.0002 1388 ehSched - ok
15:28:08.0064 1388 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows

\system32\drivers\elxstor.sys
15:28:08.0080 1388 elxstor - ok
15:28:08.0095 1388 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows

\system32\drivers\errdev.sys
15:28:08.0127 1388 ErrDev - ok
15:28:08.0173 1388 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows

\system32\es.dll
15:28:08.0220 1388 EventSystem - ok
15:28:08.0298 1388 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows

\system32\drivers\exfat.sys
15:28:08.0314 1388 exfat - ok
15:28:08.0345 1388 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows

\system32\drivers\fastfat.sys
15:28:08.0392 1388 fastfat - ok
15:28:08.0423 1388 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows

\system32\fxssvc.exe
15:28:08.0470 1388 Fax - ok
15:28:08.0485 1388 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows

\system32\drivers\fdc.sys
15:28:08.0517 1388 fdc - ok
15:28:08.0532 1388 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows

\system32\fdPHost.dll
15:28:08.0579 1388 fdPHost - ok
15:28:08.0595 1388 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows

\system32\fdrespub.dll
15:28:08.0626 1388 FDResPub - ok
15:28:08.0688 1388 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows

\system32\drivers\fileinfo.sys
15:28:08.0704 1388 FileInfo - ok
15:28:08.0719 1388 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows

\system32\drivers\filetrace.sys
15:28:08.0751 1388 Filetrace - ok
15:28:08.0751 1388 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows

\system32\drivers\flpydisk.sys
15:28:08.0782 1388 flpydisk - ok
15:28:08.0813 1388 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows

\system32\drivers\fltmgr.sys
15:28:08.0813 1388 FltMgr - ok
15:28:08.0875 1388 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows

\system32\FntCache.dll
15:28:08.0922 1388 FontCache - ok
15:28:09.0000 1388 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows

\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:28:09.0016 1388 FontCache3.0.0.0 - ok
15:28:09.0031 1388 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows

\system32\drivers\FsDepends.sys
15:28:09.0047 1388 FsDepends - ok
15:28:09.0094 1388 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows

\system32\drivers\Fs_Rec.sys
15:28:09.0109 1388 Fs_Rec - ok
15:28:09.0125 1388 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows

\system32\DRIVERS\fvevol.sys
15:28:09.0156 1388 fvevol - ok
15:28:09.0172 1388 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows

\system32\drivers\gagp30kx.sys
15:28:09.0187 1388 gagp30kx - ok
15:28:09.0219 1388 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows

\system32\DRIVERS\GEARAspiWDM.sys
15:28:09.0234 1388 GEARAspiWDM - ok
15:28:09.0297 1388 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows

\System32\gpsvc.dll
15:28:09.0328 1388 gpsvc - ok
15:28:09.0359 1388 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows

\system32\drivers\hcw85cir.sys
15:28:09.0421 1388 hcw85cir - ok
15:28:09.0437 1388 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows

\system32\drivers\HdAudio.sys
15:28:09.0468 1388 HdAudAddService - ok
15:28:09.0484 1388 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows

\system32\DRIVERS\HDAudBus.sys
15:28:09.0515 1388 HDAudBus - ok
15:28:09.0546 1388 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows

\system32\drivers\HECI.sys
15:28:09.0562 1388 HECI - ok
15:28:09.0577 1388 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows

\system32\drivers\HidBatt.sys
15:28:09.0593 1388 HidBatt - ok
15:28:09.0624 1388 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows

\system32\drivers\hidbth.sys
15:28:09.0655 1388 HidBth - ok
15:28:09.0671 1388 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows

\system32\drivers\hidir.sys
15:28:09.0702 1388 HidIr - ok
15:28:09.0733 1388 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows

\system32\hidserv.dll
15:28:09.0780 1388 hidserv - ok
15:28:09.0811 1388 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows

\system32\DRIVERS\hidusb.sys
15:28:09.0827 1388 HidUsb - ok
15:28:09.0874 1388 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows

\system32\kmsvc.dll
15:28:09.0905 1388 hkmsvc - ok
15:28:09.0936 1388 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows

\system32\ListSvc.dll
15:28:09.0967 1388 HomeGroupListener - ok
15:28:10.0014 1388 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows

\system32\provsvc.dll
15:28:10.0061 1388 HomeGroupProvider - ok
15:28:10.0170 1388 hpqcxs08 (08457d8f8149757c70cea59c71ec5d27) C:\Program Files\HP

\Digital Imaging\bin\hpqcxs08.dll
15:28:10.0186 1388 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
15:28:10.0186 1388 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
15:28:10.0217 1388 hpqddsvc (75cc8c5146a3fb76221a7606628778d5) C:\Program Files\HP

\Digital Imaging\bin\hpqddsvc.dll
15:28:10.0248 1388 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
15:28:10.0248 1388 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
15:28:10.0264 1388 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows

\system32\drivers\HpSAMD.sys
15:28:10.0279 1388 HpSAMD - ok
15:28:10.0326 1388 HPSLPSVC (83db5dd8be71cba5447fbd7a48fdbeda) C:\Program Files\HP

\Digital Imaging\bin\HPSLPSVC32.DLL
15:28:10.0357 1388 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
15:28:10.0357 1388 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
15:28:10.0404 1388 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows

\system32\drivers\HTTP.sys
15:28:10.0435 1388 HTTP - ok
15:28:10.0467 1388 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows

\system32\drivers\hwpolicy.sys
15:28:10.0467 1388 hwpolicy - ok
15:28:10.0498 1388 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows

\system32\DRIVERS\i8042prt.sys
15:28:10.0529 1388 i8042prt - ok
15:28:10.0576 1388 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows

\system32\drivers\iaStorV.sys
15:28:10.0591 1388 iaStorV - ok
15:28:10.0607 1388 IBMPMDRV (2d46bfa8fbcdc2998b827154724bd173) C:\Windows

\system32\drivers\ibmpmdrv.sys
15:28:10.0623 1388 IBMPMDRV - ok
15:28:10.0638 1388 IBMPMSVC (5265df48f072689dac6b9b169f443578) C:\Windows

\system32\ibmpmsvc.exe
15:28:10.0654 1388 IBMPMSVC - ok
15:28:10.0763 1388 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows

\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:28:10.0779 1388 idsvc - ok
15:28:11.0293 1388 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows

\system32\DRIVERS\igdkmd32.sys
15:28:11.0481 1388 igfx - ok
15:28:11.0652 1388 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows

\system32\drivers\iirsp.sys
15:28:11.0668 1388 iirsp - ok
15:28:11.0730 1388 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows

\System32\ikeext.dll
15:28:11.0777 1388 IKEEXT - ok
15:28:11.0917 1388 IntcAzAudAddService (0edfd6e6c959900aa58b7f7c609f9e3c) C:\Windows

\system32\drivers\RTKVHDA.sys
15:28:11.0964 1388 IntcAzAudAddService - ok
15:28:12.0136 1388 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows

\system32\drivers\intelide.sys
15:28:12.0136 1388 intelide - ok
15:28:12.0151 1388 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows

\system32\DRIVERS\intelppm.sys
15:28:12.0183 1388 intelppm - ok
15:28:12.0214 1388 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows

\system32\ipbusenum.dll
15:28:12.0261 1388 IPBusEnum - ok
15:28:12.0307 1388 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows

\system32\DRIVERS\ipfltdrv.sys
15:28:12.0339 1388 IpFilterDriver - ok
15:28:12.0370 1388 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows

\system32\drivers\IPMIDrv.sys
15:28:12.0401 1388 IPMIDRV - ok
15:28:12.0510 1388 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows

\system32\drivers\ipnat.sys
15:28:12.0541 1388 IPNAT - ok
15:28:12.0666 1388 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod

\bin\iPodService.exe
15:28:12.0682 1388 iPod Service - ok
15:28:12.0713 1388 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows

\system32\drivers\irenum.sys
15:28:12.0775 1388 IRENUM - ok
15:28:12.0822 1388 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows

\system32\drivers\isapnp.sys
15:28:12.0822 1388 isapnp - ok
15:28:12.0853 1388 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows

\system32\drivers\msiscsi.sys
15:28:12.0869 1388 iScsiPrt - ok
15:28:12.0916 1388 JMCR (8bbe388234c79e51ebb091edbfa77ea7) C:\Windows

\system32\DRIVERS\jmcr.sys
15:28:12.0916 1388 JMCR - ok
15:28:12.0931 1388 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows

\system32\DRIVERS\kbdclass.sys
15:28:12.0947 1388 kbdclass - ok
15:28:12.0963 1388 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows

\system32\DRIVERS\kbdhid.sys
15:28:12.0978 1388 kbdhid - ok
15:28:13.0025 1388 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows

\system32\lsass.exe
15:28:13.0041 1388 KeyIso - ok
15:28:13.0072 1388 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows

\system32\Drivers\ksecdd.sys
15:28:13.0087 1388 KSecDD - ok
15:28:13.0119 1388 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows

\system32\Drivers\ksecpkg.sys
15:28:13.0134 1388 KSecPkg - ok
15:28:13.0181 1388 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows

\system32\msdtckrm.dll
15:28:13.0228 1388 KtmRm - ok
15:28:13.0415 1388 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows

\system32\srvsvc.dll
15:28:13.0462 1388 LanmanServer - ok
15:28:13.0509 1388 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows

\System32\wkssvc.dll
15:28:13.0524 1388 LanmanWorkstation - ok
15:28:13.0571 1388 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows

\system32\DRIVERS\lltdio.sys
15:28:13.0633 1388 lltdio - ok
15:28:13.0665 1388 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows

\System32\lltdsvc.dll
15:28:13.0696 1388 lltdsvc - ok
15:28:13.0727 1388 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows

\System32\lmhsvc.dll
15:28:13.0758 1388 lmhosts - ok
15:28:13.0883 1388 LMS (dbc1136a62bd4decc3632df650284c2e) C:\Program Files

\Intel\Intel® Management Engine Components\LMS\LMS.exe
15:28:13.0883 1388 LMS - ok
15:28:13.0914 1388 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows

\system32\drivers\lsi_fc.sys
15:28:13.0930 1388 LSI_FC - ok
15:28:13.0945 1388 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows

\system32\drivers\lsi_sas.sys
15:28:13.0945 1388 LSI_SAS - ok
15:28:13.0961 1388 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows

\system32\drivers\lsi_sas2.sys
15:28:13.0977 1388 LSI_SAS2 - ok
15:28:13.0992 1388 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows

\system32\drivers\lsi_scsi.sys
15:28:14.0008 1388 LSI_SCSI - ok
15:28:14.0023 1388 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows

\system32\drivers\luafv.sys
15:28:14.0070 1388 luafv - ok
15:28:14.0101 1388 McAfeeFramework (062d80f13d762f7bc2f38430d60f5048) C:\Program Files

\McAfee\Common Framework\FrameworkService.exe
15:28:14.0117 1388 McAfeeFramework - ok
15:28:14.0164 1388 McShield (50182e471b44c7a0f63b46e2def08b0f) C:\Program Files

\Common Files\McAfee\SystemCore\\mcshield.exe
15:28:14.0164 1388 McShield - ok
15:28:14.0211 1388 McTaskManager (b15bb3aef59158b4e1dda5328c842713) C:\Program Files

\McAfee\VirusScan Enterprise\VsTskMgr.exe
15:28:14.0226 1388 McTaskManager - ok
15:28:14.0242 1388 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows

\system32\Mcx2Svc.dll
15:28:14.0257 1388 Mcx2Svc - ok
15:28:14.0476 1388 MediaMall Server (fac9c67658c54dfae3731364d522dacf) C:\Program Files

\MediaMall\MediaMallServer.exe
15:28:14.0523 1388 MediaMall Server - ok
15:28:15.0209 1388 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows

\system32\drivers\megasas.sys
15:28:15.0225 1388 megasas - ok
15:28:15.0256 1388 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows

\system32\drivers\MegaSR.sys
15:28:15.0271 1388 MegaSR - ok
15:28:15.0287 1388 mfeapfk (c0d975d64c1af8057f2d75b1297a6979) C:\Windows

\system32\drivers\mfeapfk.sys
15:28:15.0287 1388 mfeapfk - ok
15:28:15.0318 1388 mfeavfk (c169326049a8a03d5f905b34f5a65f8c) C:\Windows

\system32\drivers\mfeavfk.sys
15:28:15.0318 1388 mfeavfk - ok
15:28:15.0349 1388 mfebopk (50b0253b2484a306a20d8695c5ae5858) C:\Windows

\system32\drivers\mfebopk.sys
15:28:15.0349 1388 mfebopk - ok
15:28:15.0381 1388 mfehidk (188b40866db2ab8ef262febc65291687) C:\Windows

\system32\drivers\mfehidk.sys
15:28:15.0396 1388 mfehidk - ok
15:28:15.0427 1388 mferkdet (c1b30af2e18e69bf8ceb39b33f32d3c1) C:\Windows

\system32\drivers\mferkdet.sys
15:28:15.0427 1388 mferkdet - ok
15:28:15.0459 1388 mfevtp (49c8e20d178be981ff28523a942a570f) C:\Windows

\system32\mfevtps.exe
15:28:15.0474 1388 mfevtp - ok
15:28:15.0490 1388 mfewfpk (451b49f0e10d6058ced5b56852d82c8b) C:\Windows

\system32\drivers\mfewfpk.sys
15:28:15.0505 1388 mfewfpk - ok
15:28:15.0661 1388 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb)

C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
15:28:15.0677 1388 Microsoft Office Groove Audit Service - ok
15:28:15.0693 1388 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows

\system32\mmcss.dll
15:28:15.0739 1388 MMCSS - ok
15:28:15.0739 1388 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows

\system32\drivers\modem.sys
15:28:15.0786 1388 Modem - ok
15:28:15.0802 1388 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows

\system32\DRIVERS\monitor.sys
15:28:15.0833 1388 monitor - ok
15:28:15.0849 1388 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows

\system32\DRIVERS\mouclass.sys
15:28:15.0864 1388 mouclass - ok
15:28:15.0895 1388 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows

\system32\DRIVERS\mouhid.sys
15:28:15.0927 1388 mouhid - ok
15:28:15.0942 1388 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows

\system32\drivers\mountmgr.sys
15:28:15.0958 1388 mountmgr - ok
15:28:16.0005 1388 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files

\Mozilla Maintenance Service\maintenanceservice.exe
15:28:16.0020 1388 MozillaMaintenance - ok
15:28:16.0036 1388 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows

\system32\drivers\mpio.sys
15:28:16.0036 1388 mpio - ok
15:28:16.0067 1388 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows

\system32\drivers\mpsdrv.sys
15:28:16.0098 1388 mpsdrv - ok
15:28:16.0129 1388 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows

\system32\drivers\mrxdav.sys
15:28:16.0161 1388 MRxDAV - ok
15:28:16.0192 1388 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows

\system32\DRIVERS\mrxsmb.sys
15:28:16.0223 1388 mrxsmb - ok
15:28:16.0270 1388 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows

\system32\DRIVERS\mrxsmb10.sys
15:28:16.0285 1388 mrxsmb10 - ok
15:28:16.0317 1388 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows

\system32\DRIVERS\mrxsmb20.sys
15:28:16.0348 1388 mrxsmb20 - ok
15:28:16.0379 1388 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows

\system32\drivers\msahci.sys
15:28:16.0395 1388 msahci - ok
15:28:16.0441 1388 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows

\system32\drivers\msdsm.sys
15:28:16.0457 1388 msdsm - ok
15:28:16.0488 1388 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows

\System32\msdtc.exe
15:28:16.0519 1388 MSDTC - ok
15:28:16.0551 1388 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows

\system32\drivers\Msfs.sys
15:28:16.0582 1388 Msfs - ok
15:28:16.0597 1388 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows

\System32\drivers\mshidkmdf.sys
15:28:16.0629 1388 mshidkmdf - ok
15:28:16.0644 1388 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows

\system32\drivers\msisadrv.sys
15:28:16.0660 1388 msisadrv - ok
15:28:16.0707 1388 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows

\system32\iscsiexe.dll
15:28:16.0738 1388 MSiSCSI - ok
15:28:16.0738 1388 msiserver - ok
15:28:16.0769 1388 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows

\system32\drivers\MSKSSRV.sys
15:28:16.0800 1388 MSKSSRV - ok
15:28:16.0816 1388 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows

\system32\drivers\MSPCLOCK.sys
15:28:16.0863 1388 MSPCLOCK - ok
15:28:16.0878 1388 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows

\system32\drivers\MSPQM.sys
15:28:16.0909 1388 MSPQM - ok
15:28:16.0925 1388 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows

\system32\drivers\MsRPC.sys
15:28:16.0941 1388 MsRPC - ok
15:28:16.0972 1388 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows

\system32\DRIVERS\mssmbios.sys
15:28:16.0972 1388 mssmbios - ok
15:28:16.0987 1388 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows

\system32\drivers\MSTEE.sys
15:28:17.0019 1388 MSTEE - ok
15:28:17.0112 1388 msvad_simple (00c7b2306f1ca5389a1ac6d1df9c2e25) C:\Windows

\system32\drivers\povrtdev.sys
15:28:17.0112 1388 msvad_simple - ok
15:28:17.0128 1388 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows

\system32\drivers\MTConfig.sys
15:28:17.0143 1388 MTConfig - ok
15:28:17.0159 1388 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows

\system32\Drivers\mup.sys
15:28:17.0175 1388 Mup - ok
15:28:17.0221 1388 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows

\system32\qagentRT.dll
15:28:17.0268 1388 napagent - ok
15:28:17.0299 1388 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows

\system32\DRIVERS\nwifi.sys
15:28:17.0331 1388 NativeWifiP - ok
15:28:17.0377 1388 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows

\system32\drivers\ndis.sys
15:28:17.0409 1388 NDIS - ok
15:28:17.0424 1388 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows

\system32\DRIVERS\ndiscap.sys
15:28:17.0455 1388 NdisCap - ok
15:28:17.0487 1388 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows

\system32\DRIVERS\ndistapi.sys
15:28:17.0533 1388 NdisTapi - ok
15:28:17.0549 1388 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows

\system32\DRIVERS\ndisuio.sys
15:28:17.0596 1388 Ndisuio - ok
15:28:17.0689 1388 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows

\system32\DRIVERS\ndiswan.sys
15:28:17.0721 1388 NdisWan - ok
15:28:17.0814 1388 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows

\system32\drivers\NDProxy.sys
15:28:17.0861 1388 NDProxy - ok
15:28:17.0986 1388 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows

\system32\HPZinw12.dll
15:28:18.0001 1388 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:28:18.0001 1388 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:28:18.0079 1388 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows

\system32\DRIVERS\netbios.sys
15:28:18.0142 1388 NetBIOS - ok
15:28:18.0313 1388 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows

\system32\DRIVERS\netbt.sys
15:28:18.0360 1388 NetBT - ok
15:28:18.0391 1388 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows

\system32\lsass.exe
15:28:18.0407 1388 Netlogon - ok
15:28:18.0501 1388 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows

\System32\netman.dll
15:28:18.0532 1388 Netman - ok
15:28:18.0625 1388 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows

\System32\netprofm.dll
15:28:18.0672 1388 netprofm - ok
15:28:18.0735 1388 nettalkd (d996f89605700f3bcb2a718c794e5d17) C:\Windows

\system32\DRIVERS\nettalkd.sys
15:28:18.0750 1388 nettalkd - ok
15:28:18.0813 1388 NetTalkUsrLaunchService - ok
15:28:18.0828 1388 NetTalkUsrService - ok
15:28:18.0953 1388 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows

\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:28:18.0953 1388 NetTcpPortSharing - ok
15:28:19.0187 1388 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows

\system32\DRIVERS\netw5v32.sys
15:28:19.0249 1388 netw5v32 - ok
15:28:19.0421 1388 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows

\system32\drivers\nfrd960.sys
15:28:19.0437 1388 nfrd960 - ok
15:28:19.0483 1388 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows

\System32\nlasvc.dll
15:28:19.0530 1388 NlaSvc - ok
15:28:19.0546 1388 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows

\system32\drivers\Npfs.sys
15:28:19.0577 1388 Npfs - ok
15:28:19.0593 1388 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows

\system32\nsisvc.dll
15:28:19.0624 1388 nsi - ok
15:28:19.0639 1388 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows

\system32\drivers\nsiproxy.sys
15:28:19.0671 1388 nsiproxy - ok
15:28:19.0795 1388 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows

\system32\drivers\Ntfs.sys
15:28:19.0827 1388 Ntfs - ok
15:28:19.0967 1388 Null (f9756a98d69098dca8945d62858a812c) C:\Windows

\system32\drivers\Null.sys
15:28:20.0014 1388 Null - ok
15:28:20.0045 1388 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows

\system32\drivers\nvraid.sys
15:28:20.0061 1388 nvraid - ok
15:28:20.0232 1388 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows

\system32\drivers\nvstor.sys
15:28:20.0248 1388 nvstor - ok
15:28:20.0326 1388 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows

\system32\drivers\nv_agp.sys
15:28:20.0341 1388 nv_agp - ok
15:28:20.0451 1388 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files

\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:28:20.0466 1388 odserv - ok
15:28:20.0482 1388 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows

\system32\drivers\ohci1394.sys
15:28:20.0497 1388 ohci1394 - ok
15:28:20.0529 1388 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files

\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:28:20.0544 1388 ose - ok
15:28:20.0856 1388 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files

\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:28:20.0934 1388 osppsvc - ok
15:28:21.0059 1388 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows

\system32\pnrpsvc.dll
15:28:21.0121 1388 p2pimsvc - ok
15:28:21.0153 1388 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows

\system32\p2psvc.dll
15:28:21.0184 1388 p2psvc - ok
15:28:21.0231 1388 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows

\system32\drivers\parport.sys
15:28:21.0231 1388 Parport - ok
15:28:21.0277 1388 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows

\system32\drivers\partmgr.sys
15:28:21.0293 1388 partmgr - ok
15:28:21.0293 1388 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows

\system32\drivers\parvdm.sys
15:28:21.0324 1388 Parvdm - ok
15:28:21.0340 1388 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows

\System32\pcasvc.dll
15:28:21.0355 1388 PcaSvc - ok
15:28:21.0387 1388 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows

\system32\drivers\pci.sys
15:28:21.0402 1388 pci - ok
15:28:21.0418 1388 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows

\system32\drivers\pciide.sys
15:28:21.0418 1388 pciide - ok
15:28:21.0449 1388 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows

\system32\DRIVERS\pcmcia.sys
15:28:21.0465 1388 pcmcia - ok
15:28:21.0480 1388 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows

\system32\drivers\pcw.sys
15:28:21.0496 1388 pcw - ok
15:28:21.0543 1388 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows

\system32\drivers\peauth.sys
15:28:21.0574 1388 PEAUTH - ok
15:28:21.0667 1388 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows

\system32\peerdistsvc.dll
15:28:21.0714 1388 PeerDistSvc - ok
15:28:21.0823 1388 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows

\system32\pla.dll
15:28:21.0870 1388 pla - ok
15:28:21.0995 1388 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows

\system32\umpnpmgr.dll
15:28:22.0057 1388 PlugPlay - ok
15:28:22.0104 1388 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows

\system32\HPZipm12.dll
15:28:22.0120 1388 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:28:22.0120 1388 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:28:22.0135 1388 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows

\system32\pnrpauto.dll
15:28:22.0167 1388 PNRPAutoReg - ok
15:28:22.0198 1388 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows

\system32\pnrpsvc.dll
15:28:22.0213 1388 PNRPsvc - ok
15:28:22.0291 1388 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows

\system32\DRIVERS\point32.sys
15:28:22.0291 1388 Point32 - ok
15:28:22.0338 1388 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows

\System32\ipsecsvc.dll
15:28:22.0369 1388 PolicyAgent - ok
15:28:22.0416 1388 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows

\system32\umpo.dll
15:28:22.0479 1388 Power - ok
15:28:22.0510 1388 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows

\system32\DRIVERS\raspptp.sys
15:28:22.0541 1388 PptpMiniport - ok
15:28:22.0635 1388 prepdrvr (3909be53ad8e2bfcac9d9148e4b2b270) C:\Windows

\system32\CCM\prepdrv.sys
15:28:22.0635 1388 prepdrvr - ok
15:28:22.0650 1388 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows

\system32\drivers\processr.sys
15:28:22.0681 1388 Processor - ok
15:28:22.0728 1388 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows

\system32\profsvc.dll
15:28:22.0775 1388 ProfSvc - ok
15:28:22.0822 1388 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows

\system32\lsass.exe
15:28:22.0837 1388 ProtectedStorage - ok
15:28:22.0853 1388 psadd (651d3abc1d82d61b6cfb40cb947b3db3) C:\Windows

\system32\DRIVERS\psadd.sys
15:28:22.0884 1388 psadd - ok
15:28:22.0915 1388 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows

\system32\DRIVERS\pacer.sys
15:28:22.0947 1388 Psched - ok
15:28:22.0978 1388 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows

\system32\Drivers\PxHelp20.sys
15:28:22.0978 1388 PxHelp20 - ok
15:28:23.0087 1388 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows

\system32\drivers\ql2300.sys
15:28:23.0118 1388 ql2300 - ok
15:28:23.0274 1388 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows

\system32\drivers\ql40xx.sys
15:28:23.0290 1388 ql40xx - ok
15:28:23.0337 1388 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows

\system32\qwave.dll
15:28:23.0383 1388 QWAVE - ok
15:28:23.0415 1388 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows

\system32\drivers\qwavedrv.sys
15:28:23.0430 1388 QWAVEdrv - ok
15:28:23.0586 1388 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\ProgramData

\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_34302.sys
15:28:23.0602 1388 RapportCerberus_34302 - ok
15:28:23.0758 1388 RapportEI (ab79b1f18421fd72c2980a2c511e41b3) C:\Program Files

\Trusteer\Rapport\bin\RapportEI.sys
15:28:23.0758 1388 RapportEI - ok
15:28:23.0820 1388 RapportIaso (35199ec35edc7dcba71fda711dfb05c0) c:\programdata

\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys
15:28:23.0836 1388 RapportIaso - ok
15:28:23.0851 1388 RapportKELL (d62d8cf270824d5a542b654a7980ae3c) C:\Windows

\system32\Drivers\RapportKELL.sys
15:28:23.0851 1388 RapportKELL - ok
15:28:23.0976 1388 RapportMgmtService (d41b2804aafaba0ea8fd7e71ae33c30c) C:\Program Files

\Trusteer\Rapport\bin\RapportMgmtService.exe
15:28:23.0992 1388 RapportMgmtService - ok
15:28:24.0039 1388 RapportPG (102efe077c8502b68f08eb8f126dcc65) C:\Program Files

\Trusteer\Rapport\bin\RapportPG.sys
15:28:24.0070 1388 RapportPG - ok
15:28:24.0210 1388 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows

\system32\DRIVERS\rasacd.sys
15:28:24.0241 1388 RasAcd - ok
15:28:24.0273 1388 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows

\system32\DRIVERS\AgileVpn.sys
15:28:24.0288 1388 RasAgileVpn - ok
15:28:24.0335 1388 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows

\System32\rasauto.dll
15:28:24.0351 1388 RasAuto - ok
15:28:24.0475 1388 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows

\system32\DRIVERS\rasl2tp.sys
15:28:24.0538 1388 Rasl2tp - ok
15:28:24.0569 1388 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows

\System32\rasmans.dll
15:28:24.0600 1388 RasMan - ok
15:28:24.0631 1388 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows

\system32\DRIVERS\raspppoe.sys
15:28:24.0647 1388 RasPppoe - ok
15:28:24.0663 1388 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows

\system32\DRIVERS\rassstp.sys
15:28:24.0709 1388 RasSstp - ok
15:28:24.0725 1388 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows

\system32\DRIVERS\rdbss.sys
15:28:24.0772 1388 rdbss - ok
15:28:24.0787 1388 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows

\system32\DRIVERS\rdpbus.sys
15:28:24.0803 1388 rdpbus - ok
15:28:24.0819 1388 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows

\system32\DRIVERS\RDPCDD.sys
15:28:24.0850 1388 RDPCDD - ok
15:28:24.0881 1388 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows

\system32\drivers\rdpdr.sys
15:28:24.0912 1388 RDPDR - ok
15:28:24.0943 1388 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows

\system32\drivers\rdpencdd.sys
15:28:24.0975 1388 RDPENCDD - ok
15:28:24.0990 1388 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows

\system32\drivers\rdprefmp.sys
15:28:25.0021 1388 RDPREFMP - ok
15:28:25.0068 1388 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows

\system32\drivers\rdpvideominiport.sys
15:28:25.0115 1388 RdpVideoMiniport - ok
15:28:25.0162 1388 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows

\system32\drivers\RDPWD.sys
15:28:25.0209 1388 RDPWD - ok
15:28:25.0224 1388 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows

\system32\drivers\rdyboost.sys
15:28:25.0240 1388 rdyboost - ok
15:28:25.0271 1388 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows

\System32\mprdim.dll
15:28:25.0302 1388 RemoteAccess - ok
15:28:25.0411 1388 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows

\system32\regsvc.dll
15:28:25.0443 1388 RemoteRegistry - ok
15:28:25.0630 1388 RimUsb (4f4a4c09cc5be58a76cac1c337e004e6) C:\Windows

\system32\Drivers\RimUsb.sys
15:28:25.0677 1388 RimUsb - ok
15:28:25.0723 1388 RimVSerPort (3a5633ad615e2b15291bd0b1b97ccd8a) C:\Windows

\system32\DRIVERS\RimSerial.sys
15:28:25.0755 1388 RimVSerPort - ok
15:28:25.0770 1388 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows

\system32\Drivers\RootMdm.sys
15:28:25.0817 1388 ROOTMODEM - ok
15:28:25.0833 1388 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows

\System32\RpcEpMap.dll
15:28:25.0864 1388 RpcEptMapper - ok
15:28:25.0895 1388 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows

\system32\locator.exe
15:28:25.0926 1388 RpcLocator - ok
15:28:25.0957 1388 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows

\system32\rpcss.dll
15:28:25.0989 1388 RpcSs - ok
15:28:26.0004 1388 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows

\system32\DRIVERS\rspndr.sys
15:28:26.0035 1388 rspndr - ok
15:28:26.0082 1388 RTL8167 (c5a68c5ec01fd6f03396dd154b48db56) C:\Windows

\system32\DRIVERS\Rt86win7.sys
15:28:26.0098 1388 RTL8167 - ok
15:28:26.0176 1388 rtl8192se (8e2cb65b05b102f2adeebe4c76bf11b6) C:\Windows

\system32\DRIVERS\rtl8192se.sys
15:28:26.0207 1388 rtl8192se - ok
15:28:26.0207 1388 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows

\system32\drivers\vms3cap.sys
15:28:26.0238 1388 s3cap - ok
15:28:26.0285 1388 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows

\system32\lsass.exe
15:28:26.0285 1388 SamSs - ok
15:28:26.0566 1388 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files

\SUPERAntiSpyware\SASDIFSV.SYS
15:28:26.0581 1388 SASDIFSV - ok
15:28:26.0691 1388 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files

\SUPERAntiSpyware\SASKUTIL.SYS
15:28:26.0706 1388 SASKUTIL - ok
15:28:26.0722 1388 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows

\system32\drivers\sbp2port.sys
15:28:26.0737 1388 sbp2port - ok
15:28:26.0769 1388 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows

\System32\SCardSvr.dll
15:28:26.0800 1388 SCardSvr - ok
15:28:26.0815 1388 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows

\system32\DRIVERS\scfilter.sys
15:28:26.0847 1388 scfilter - ok
15:28:26.0893 1388 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows

\system32\schedsvc.dll
15:28:26.0940 1388 Schedule - ok
15:28:26.0971 1388 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows

\System32\certprop.dll
15:28:26.0987 1388 SCPolicySvc - ok
15:28:27.0018 1388 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows

\system32\DRIVERS\sdbus.sys
15:28:27.0018 1388 sdbus - ok
15:28:27.0034 1388 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows

\System32\SDRSVC.dll
15:28:27.0081 1388 SDRSVC - ok
15:28:27.0096 1388 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows

\system32\drivers\secdrv.sys
15:28:27.0127 1388 secdrv - ok
15:28:27.0159 1388 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows

\system32\seclogon.dll
15:28:27.0190 1388 seclogon - ok
15:28:27.0221 1388 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows

\System32\sens.dll
15:28:27.0252 1388 SENS - ok
15:28:27.0268 1388 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows

\system32\sensrsvc.dll
15:28:27.0299 1388 SensrSvc - ok
15:28:27.0315 1388 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows

\system32\drivers\serenum.sys
15:28:27.0330 1388 Serenum - ok
15:28:27.0346 1388 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows

\system32\drivers\serial.sys
15:28:27.0377 1388 Serial - ok
15:28:27.0377 1388 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows

\system32\drivers\sermouse.sys
15:28:27.0393 1388 sermouse - ok
15:28:27.0408 1388 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows

\system32\sessenv.dll
15:28:27.0455 1388 SessionEnv - ok
15:28:27.0471 1388 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows

\system32\DRIVERS\sffdisk.sys
15:28:27.0502 1388 sffdisk - ok
15:28:27.0533 1388 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows

\system32\drivers\sffp_mmc.sys
15:28:27.0549 1388 sffp_mmc - ok
15:28:27.0549 1388 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows

\system32\DRIVERS\sffp_sd.sys
15:28:27.0564 1388 sffp_sd - ok
15:28:27.0580 1388 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows

\system32\drivers\sfloppy.sys
15:28:27.0611 1388 sfloppy - ok
15:28:27.0736 1388 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows

\System32\shsvcs.dll
15:28:27.0798 1388 ShellHWDetection - ok
15:28:27.0845 1388 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows

\system32\drivers\sisagp.sys
15:28:27.0861 1388 sisagp - ok
15:28:27.0876 1388 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows

\system32\drivers\SiSRaid2.sys
15:28:27.0892 1388 SiSRaid2 - ok
15:28:27.0892 1388 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows

\system32\drivers\sisraid4.sys
15:28:27.0907 1388 SiSRaid4 - ok
15:28:27.0923 1388 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows

\system32\DRIVERS\smb.sys
15:28:27.0939 1388 Smb - ok
15:28:27.0970 1388 smstsmgr - ok
15:28:28.0017 1388 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows

\System32\snmptrap.exe
15:28:28.0032 1388 SNMPTRAP - ok
15:28:28.0048 1388 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows

\system32\drivers\spldr.sys
15:28:28.0063 1388 spldr - ok
15:28:28.0095 1388 Spooler (866a43013535dc8587c258e43579c764) C:\Windows

\System32\spoolsv.exe
15:28:28.0126 1388 Spooler - ok
15:28:28.0360 1388 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows

\system32\sppsvc.exe
15:28:28.0453 1388 sppsvc - ok
15:28:28.0797 1388 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows

\system32\sppuinotify.dll
15:28:28.0828 1388 sppuinotify - ok
15:28:28.0906 1388 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows

\system32\DRIVERS\srv.sys
15:28:28.0953 1388 srv - ok
15:28:28.0984 1388 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows

\system32\DRIVERS\srv2.sys
15:28:28.0984 1388 srv2 - ok
15:28:29.0031 1388 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows

\system32\DRIVERS\VSTAZL3.SYS
15:28:29.0046 1388 SrvHsfHDA - ok
15:28:29.0124 1388 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows

\system32\DRIVERS\VSTDPV3.SYS
15:28:29.0155 1388 SrvHsfV92 - ok
15:28:29.0499 1388 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows

\system32\DRIVERS\VSTCNXT3.SYS
15:28:29.0514 1388 SrvHsfWinac - ok
15:28:29.0592 1388 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows

\system32\DRIVERS\srvnet.sys
15:28:29.0608 1388 srvnet - ok
15:28:29.0764 1388 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows

\System32\ssdpsrv.dll
15:28:29.0795 1388 SSDPSRV - ok
15:28:29.0873 1388 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows

\system32\sstpsvc.dll
15:28:29.0920 1388 SstpSvc - ok
15:28:29.0951 1388 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows

\system32\drivers\stexstor.sys
15:28:29.0967 1388 stexstor - ok
15:28:30.0138 1388 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows

\System32\wiaservc.dll
15:28:30.0185 1388 StiSvc - ok
15:28:30.0325 1388 stllssvr (e476c66713c842f58e61a95826ed1d57) C:\Program Files

\Common Files\SureThing Shared\stllssvr.exe
15:28:30.0341 1388 stllssvr - ok
15:28:30.0513 1388 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows

\system32\drivers\vmstorfl.sys
15:28:30.0528 1388 storflt - ok
15:28:30.0637 1388 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows

\system32\storsvc.dll
15:28:30.0669 1388 StorSvc - ok
15:28:30.0778 1388 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows

\system32\drivers\storvsc.sys
15:28:30.0793 1388 storvsc - ok
15:28:30.0903 1388 SUService (5e8261eddfd7c1851b78e27705cd7f59) C:\Program Files

\Lenovo\System Update\SUService.exe
15:28:30.0918 1388 SUService ( UnsignedFile.Multi.Generic ) - warning
15:28:30.0918 1388 SUService - detected UnsignedFile.Multi.Generic (1)
15:28:30.0934 1388 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows

\system32\DRIVERS\swenum.sys
15:28:30.0949 1388 swenum - ok
15:28:30.0996 1388 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows

\System32\swprv.dll
15:28:31.0012 1388 swprv - ok
15:28:31.0043 1388 Synth3dVsc (f2ad8960812fd111e20e84659ef19d43) C:\Windows

\system32\drivers\Synth3dVsc.sys
15:28:31.0059 1388 Synth3dVsc - ok
15:28:31.0137 1388 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows

\system32\sysmain.dll
15:28:31.0168 1388 SysMain - ok
15:28:31.0183 1388 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows

\System32\TabSvc.dll
15:28:31.0215 1388 TabletInputService - ok
15:28:31.0230 1388 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows

\System32\tapisrv.dll
15:28:31.0277 1388 TapiSrv - ok
15:28:31.0293 1388 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows

\System32\tbssvc.dll
15:28:31.0324 1388 TBS - ok
15:28:31.0449 1388 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows

\system32\drivers\tcpip.sys
15:28:31.0480 1388 Tcpip - ok
15:28:31.0651 1388 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows

\system32\DRIVERS\tcpip.sys
15:28:31.0683 1388 TCPIP6 - ok
15:28:31.0761 1388 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows

\system32\drivers\tcpipreg.sys
15:28:31.0792 1388 tcpipreg - ok
15:28:31.0823 1388 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows

\system32\drivers\tdpipe.sys
15:28:31.0839 1388 TDPIPE - ok
15:28:31.0870 1388 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows

\system32\drivers\tdtcp.sys
15:28:31.0885 1388 TDTCP - ok
15:28:31.0901 1388 tdx (b459575348c20e8121d6039da063c704) C:\Windows

\system32\DRIVERS\tdx.sys
15:28:31.0932 1388 tdx - ok
15:28:31.0948 1388 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows

\system32\DRIVERS\termdd.sys
15:28:31.0963 1388 TermDD - ok
15:28:31.0995 1388 terminpt (052306fd76793d5d5ab5d9891fd1adbb) C:\Windows

\system32\drivers\terminpt.sys
15:28:32.0026 1388 terminpt - ok
15:28:32.0088 1388 TermService (382c804c92811be57829d8e550a900e2) C:\Windows

\System32\termsrv.dll
15:28:32.0135 1388 TermService - ok
15:28:32.0151 1388 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows

\system32\themeservice.dll
15:28:32.0166 1388 Themes - ok
15:28:32.0213 1388 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows

\system32\mmcss.dll
15:28:32.0229 1388 THREADORDER - ok
15:28:32.0244 1388 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows

\system32\drivers\tpm.sys
15:28:32.0244 1388 TPM - ok
15:28:32.0260 1388 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows

\System32\trkwks.dll
15:28:32.0307 1388 TrkWks - ok
15:28:32.0353 1388 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing

\TrustedInstaller.exe
15:28:32.0447 1388 TrustedInstaller - ok
15:28:32.0525 1388 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows

\system32\DRIVERS\tssecsrv.sys
15:28:32.0587 1388 tssecsrv - ok
15:28:32.0619 1388 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows

\system32\drivers\tsusbflt.sys
15:28:32.0634 1388 TsUsbFlt - ok
15:28:32.0634 1388 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows

\system32\drivers\TsUsbGD.sys
15:28:32.0665 1388 TsUsbGD - ok
15:28:32.0681 1388 tsusbhub (045acb987c650d8186c6b4a692223860) C:\Windows

\system32\drivers\tsusbhub.sys
15:28:32.0697 1388 tsusbhub - ok
15:28:32.0712 1388 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows

\system32\DRIVERS\tunnel.sys
15:28:32.0759 1388 tunnel - ok
15:28:32.0759 1388 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows

\system32\drivers\uagp35.sys
15:28:32.0775 1388 uagp35 - ok
15:28:32.0806 1388 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows

\system32\DRIVERS\udfs.sys
15:28:32.0853 1388 udfs - ok
15:28:32.0884 1388 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows

\system32\UI0Detect.exe
15:28:32.0915 1388 UI0Detect - ok
15:28:32.0915 1388 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows

\system32\drivers\uliagpkx.sys
15:28:32.0931 1388 uliagpkx - ok
15:28:33.0009 1388 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows

\system32\DRIVERS\umbus.sys
15:28:33.0024 1388 umbus - ok
15:28:33.0055 1388 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows

\system32\drivers\umpass.sys
15:28:33.0071 1388 UmPass - ok
15:28:33.0102 1388 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows

\System32\umrdp.dll
15:28:33.0118 1388 UmRdpService - ok
15:28:33.0336 1388 UNS (7466809e6da561d60c2f1ce8ede3c73f) C:\Program Files

\Intel\Intel® Management Engine Components\UNS\UNS.exe
15:28:33.0367 1388 UNS - ok
15:28:33.0492 1388 upnphost (833fbb672460efce8011d262175fad33) C:\Windows

\System32\upnphost.dll
15:28:33.0539 1388 upnphost - ok
15:28:33.0601 1388 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows

\system32\Drivers\usbaapl.sys
15:28:33.0648 1388 USBAAPL - ok
15:28:33.0679 1388 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows

\system32\DRIVERS\usbccgp.sys
15:28:33.0695 1388 usbccgp - ok
15:28:33.0757 1388 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows

\system32\drivers\usbcir.sys
15:28:33.0773 1388 usbcir - ok
15:28:33.0804 1388 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows

\system32\DRIVERS\usbehci.sys
15:28:33.0820 1388 usbehci - ok
15:28:33.0851 1388 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows

\system32\DRIVERS\usbhub.sys
15:28:33.0867 1388 usbhub - ok
15:28:33.0882 1388 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows

\system32\drivers\usbohci.sys
15:28:33.0898 1388 usbohci - ok
15:28:33.0913 1388 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows

\system32\DRIVERS\usbprint.sys
15:28:33.0929 1388 usbprint - ok
15:28:33.0960 1388 usbrndis6 (20158f032eea4fc501118f1992fdf57d) C:\Windows

\system32\DRIVERS\usb80236.sys
15:28:33.0976 1388 usbrndis6 - ok
15:28:34.0007 1388 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows

\system32\DRIVERS\usbscan.sys
15:28:34.0038 1388 usbscan - ok
15:28:34.0069 1388 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows

\system32\DRIVERS\USBSTOR.SYS
15:28:34.0101 1388 USBSTOR - ok
15:28:34.0116 1388 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows

\system32\DRIVERS\usbuhci.sys
15:28:34.0132 1388 usbuhci - ok
15:28:34.0163 1388 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows

\system32\DRIVERS\usb8023x.sys
15:28:34.0194 1388 usb_rndisx - ok
15:28:34.0225 1388 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows

\System32\uxsms.dll
15:28:34.0257 1388 UxSms - ok
15:28:34.0303 1388 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows

\system32\lsass.exe
15:28:34.0319 1388 VaultSvc - ok
15:28:34.0350 1388 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows

\system32\drivers\vdrvroot.sys
15:28:34.0366 1388 vdrvroot - ok
15:28:34.0397 1388 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows

\System32\vds.exe
15:28:34.0428 1388 vds - ok
15:28:34.0459 1388 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows

\system32\DRIVERS\vgapnp.sys
15:28:34.0475 1388 vga - ok
15:28:34.0491 1388 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows

\System32\drivers\vga.sys
15:28:34.0506 1388 VgaSave - ok
15:28:34.0522 1388 VGPU - ok
15:28:34.0537 1388 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows

\system32\drivers\vhdmp.sys
15:28:34.0553 1388 vhdmp - ok
15:28:34.0584 1388 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows

\system32\drivers\viaagp.sys
15:28:34.0584 1388 viaagp - ok
15:28:34.0600 1388 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows

\system32\drivers\viac7.sys
15:28:34.0631 1388 ViaC7 - ok
15:28:34.0631 1388 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows

\system32\drivers\viaide.sys
15:28:34.0647 1388 viaide - ok
15:28:34.0662 1388 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows

\system32\drivers\vmbus.sys
15:28:34.0678 1388 vmbus - ok
15:28:34.0693 1388 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows

\system32\drivers\VMBusHID.sys
15:28:34.0709 1388 VMBusHID - ok
15:28:34.0740 1388 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows

\system32\drivers\volmgr.sys
15:28:34.0756 1388 volmgr - ok
15:28:34.0771 1388 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows

\system32\drivers\volmgrx.sys
15:28:34.0787 1388 volmgrx - ok
15:28:34.0818 1388 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows

\system32\drivers\volsnap.sys
15:28:34.0834 1388 volsnap - ok
15:28:34.0865 1388 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows

\system32\drivers\vsmraid.sys
15:28:34.0881 1388 vsmraid - ok
15:28:34.0974 1388 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows

\system32\vssvc.exe
15:28:35.0021 1388 VSS - ok
15:28:35.0037 1388 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows

\system32\DRIVERS\vwifibus.sys
15:28:35.0052 1388 vwifibus - ok
15:28:35.0083 1388 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows

\system32\DRIVERS\vwififlt.sys
15:28:35.0099 1388 vwififlt - ok
15:28:35.0130 1388 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows

\system32\w32time.dll
15:28:35.0161 1388 W32Time - ok
15:28:35.0161 1388 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows

\system32\drivers\wacompen.sys
15:28:35.0193 1388 WacomPen - ok
15:28:35.0208 1388 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows

\system32\DRIVERS\wanarp.sys
15:28:35.0239 1388 WANARP - ok
15:28:35.0239 1388 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows

\system32\DRIVERS\wanarp.sys
15:28:35.0271 1388 Wanarpv6 - ok
15:28:35.0395 1388 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows

\system32\Wat\WatAdminSvc.exe
15:28:35.0427 1388 WatAdminSvc - ok
15:28:35.0598 1388 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows

\system32\wbengine.exe
15:28:35.0645 1388 wbengine - ok
15:28:35.0661 1388 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows

\System32\wbiosrvc.dll
15:28:35.0692 1388 WbioSrvc - ok
15:28:35.0707 1388 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows

\System32\wcncsvc.dll
15:28:35.0739 1388 wcncsvc - ok
15:28:35.0739 1388 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows

\System32\WcsPlugInService.dll
15:28:35.0785 1388 WcsPlugInService - ok
15:28:35.0848 1388 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows

\system32\drivers\wd.sys
15:28:35.0863 1388 Wd - ok
15:28:35.0895 1388 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows

\system32\drivers\Wdf01000.sys
15:28:35.0926 1388 Wdf01000 - ok
15:28:35.0941 1388 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows

\system32\wdi.dll
15:28:36.0129 1388 WdiServiceHost - ok
15:28:36.0129 1388 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows

\system32\wdi.dll
15:28:36.0144 1388 WdiSystemHost - ok
15:28:36.0175 1388 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows

\System32\webclnt.dll
15:28:36.0207 1388 WebClient - ok
15:28:36.0222 1388 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows

\system32\wecsvc.dll
15:28:36.0253 1388 Wecsvc - ok
15:28:36.0269 1388 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows

\System32\wercplsupport.dll
15:28:36.0316 1388 wercplsupport - ok
15:28:36.0331 1388 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows

\System32\WerSvc.dll
15:28:36.0363 1388 WerSvc - ok
15:28:36.0378 1388 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows

\system32\DRIVERS\wfplwf.sys
15:28:36.0409 1388 WfpLwf - ok
15:28:36.0456 1388 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows

\system32\drivers\wimmount.sys
15:28:36.0472 1388 WIMMount - ok
15:28:36.0472 1388 WinHttpAutoProxySvc - ok
15:28:36.0565 1388 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows

\system32\wbem\WMIsvc.dll
15:28:36.0597 1388 Winmgmt - ok
15:28:36.0690 1388 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows

\system32\WsmSvc.dll
15:28:36.0721 1388 WinRM - ok
15:28:36.0815 1388 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows

\system32\DRIVERS\WinUsb.sys
15:28:36.0831 1388 WinUsb - ok
15:28:36.0909 1388 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows

\System32\wlansvc.dll
15:28:36.0940 1388 Wlansvc - ok
15:28:36.0987 1388 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows

\system32\DRIVERS\wmiacpi.sys
15:28:37.0002 1388 WmiAcpi - ok
15:28:37.0080 1388 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows

\system32\wbem\WmiApSrv.exe
15:28:37.0111 1388 wmiApSrv - ok
15:28:37.0267 1388 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files

\Windows Media Player\wmpnetwk.exe
15:28:37.0299 1388 WMPNetworkSvc - ok
15:28:37.0423 1388 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows

\System32\wpcsvc.dll
15:28:37.0439 1388 WPCSvc - ok
15:28:37.0470 1388 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows

\system32\wpdbusenum.dll
15:28:37.0501 1388 WPDBusEnum - ok
15:28:37.0564 1388 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows

\system32\drivers\ws2ifsl.sys
15:28:37.0611 1388 ws2ifsl - ok
15:28:37.0611 1388 WSearch - ok
15:28:37.0767 1388 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows

\system32\wuaueng.dll
15:28:37.0798 1388 wuauserv - ok
15:28:37.0938 1388 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows

\system32\drivers\WudfPf.sys
15:28:37.0985 1388 WudfPf - ok
15:28:38.0001 1388 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows

\system32\DRIVERS\WUDFRd.sys
15:28:38.0032 1388 WUDFRd - ok
15:28:38.0063 1388 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows

\System32\WUDFSvc.dll
15:28:38.0094 1388 wudfsvc - ok
15:28:38.0125 1388 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows

\System32\wwansvc.dll
15:28:38.0157 1388 WwanSvc - ok
15:28:38.0188 1388 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:28:38.0484 1388 \Device\Harddisk0\DR0 - ok
15:28:38.0484 1388 Boot (0x1200) (d3526bbe9b3b0af54472e090eb3648a9) \Device

\Harddisk0\DR0\Partition0
15:28:38.0484 1388 \Device\Harddisk0\DR0\Partition0 - ok
15:28:38.0484 1388 ============================================================
15:28:38.0484 1388 Scan finished
15:28:38.0484 1388 ============================================================
15:28:38.0500 1804 Detected object count: 7
15:28:38.0500 1804 Actual detected object count: 7


Avast Log Results
-----------------
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-13 15:30:45
-----------------------------
15:30:45.188 OS Version: Windows 6.1.7601 Service Pack 1
15:30:45.188 Number of processors: 2 586 0x1706
15:30:45.188 ComputerName: CTSNJY12495 UserName: ctsuser
15:31:04.922 Initialize success
15:32:24.607 AVAST engine defs: 12071300
15:34:21.778 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:34:21.778 Disk 0 Vendor: WDC_WD2500BEVT-75ZCT2 11.01A11 Size: 238475MB BusType: 3
15:34:21.841 Disk 0 MBR read successfully
15:34:21.856 Disk 0 MBR scan
15:34:21.856 Disk 0 Windows 7 default MBR code
15:34:21.872 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238473 MB offset 2048
15:34:21.872 Disk 0 scanning sectors +488394752
15:34:21.966 Disk 0 scanning C:\Windows\system32\drivers
15:34:30.842 Service scanning
15:34:52.105 Modules scanning
15:34:57.440 Disk 0 trace - called modules:
15:34:57.456 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll pciide.sys

PCIIDEX.SYS atapi.sys
15:34:57.456 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ad7438]
15:34:57.471 3 CLASSPNP.SYS[8c0ac59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0

[0x859ae908]
15:34:58.532 AVAST engine scan C:\Windows
15:35:00.264 AVAST engine scan C:\Windows\system32
15:36:31.446 File: C:\Windows\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
15:37:14.954 AVAST engine scan C:\Windows\system32\drivers
15:37:26.405 AVAST engine scan C:\Users\ctsuser
15:38:47.244 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
15:38:47.244 The log file has been saved successfully to "C:\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-13 15:30:45
-----------------------------
15:30:45.188 OS Version: Windows 6.1.7601 Service Pack 1
15:30:45.188 Number of processors: 2 586 0x1706
15:30:45.188 ComputerName: CTSNJY12495 UserName: ctsuser
15:31:04.922 Initialize success
15:32:24.607 AVAST engine defs: 12071300
15:34:21.778 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:34:21.778 Disk 0 Vendor: WDC_WD2500BEVT-75ZCT2 11.01A11 Size: 238475MB BusType: 3
15:34:21.841 Disk 0 MBR read successfully
15:34:21.856 Disk 0 MBR scan
15:34:21.856 Disk 0 Windows 7 default MBR code
15:34:21.872 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238473 MB offset 2048
15:34:21.872 Disk 0 scanning sectors +488394752
15:34:21.966 Disk 0 scanning C:\Windows\system32\drivers
15:34:30.842 Service scanning
15:34:52.105 Modules scanning
15:34:57.440 Disk 0 trace - called modules:
15:34:57.456 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll pciide.sys

PCIIDEX.SYS atapi.sys
15:34:57.456 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ad7438]
15:34:57.471 3 CLASSPNP.SYS[8c0ac59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0

[0x859ae908]
15:34:58.532 AVAST engine scan C:\Windows
15:35:00.264 AVAST engine scan C:\Windows\system32
15:36:31.446 File: C:\Windows\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
15:37:14.954 AVAST engine scan C:\Windows\system32\drivers
15:37:26.405 AVAST engine scan C:\Users\ctsuser
15:38:47.244 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
15:38:47.244 The log file has been saved successfully to "C:\aswMBR.txt"
15:48:31.006 AVAST engine scan C:\ProgramData
15:51:05.711 Scan finished successfully
15:51:15.493 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
15:51:15.508 The log file has been saved successfully to "C:\aswMBR.txt"


ESET Online Scanner Results
---------------------------
C:\Windows\Installer\{90e06ce0-0cb1-ff03-89af-e60001b92df8}\U\80000000.@ a variant of

Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{90e06ce0-0cb1-ff03-89af-e60001b92df8}\U\80000032.@ a variant of

Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Windows\System32\services.exe Win32/Sirefef.FC trojan unable to clean
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet

Files\Content.IE5\AIF0Z0BI\lion-cub-falling-asleep[1].txt HTML/ScrInject.B.Gen virus

deleted (after the next restart) - quarantined
Operating memory multiple threats

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:47 AM

Posted 13 July 2012 - 05:55 PM

Download

http://jpshortstuff.247fixes.com/SystemLook.exe'>System look

Launch it and copy this script and paste in the BOX

:filefind
services.exe
:folderfind
{90e06ce0-0cb1-ff03-89af-e60001b92df8}

Click on LOOK,post the generated log

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Edited by narenxp, 13 July 2012 - 05:55 PM.


#5 Ashok_Chandra

Ashok_Chandra
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 14 July 2012 - 03:10 PM

SystemLook

SystemLook 30.07.11 by jpshortstuff
Log created at 11:48 on 14/07/2012 by ctsuser
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 259072 bytes [23:11 13/07/2009] [01:14

14/07/2009] A302BBFF2A7278C0E239EE5D471D86A9
C:\Windows\winsxs\x86_microsoft-windows-s..s-

servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe --a----

259072 bytes [23:11 13/07/2009] [01:14 14/07/2009] 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

========== folderfind ==========

Searching for "{90e06ce0-0cb1-ff03-89af-e60001b92df8}"
C:\Users\ctsuser\AppData\Local\{90e06ce0-0cb1-ff03-89af-e60001b92df8} d--hs-- [08:07

11/01/2012]
C:\Windows\Installer\{90e06ce0-0cb1-ff03-89af-e60001b92df8} d--hs-- [08:07 11/01/2012]

-= EOF =-

Scan Result using Malwarebytes
I ran MBAM scan about 8 times, the trojan/virus was not removed even after several tries. If I am scanning in safe mode, MBAM shows me 4 trojans as been identified and cured, however when I scan in regular mode, MBAM shows only 1 trojan as identifed. In any scenario while MBAM shows as cured, the trojans/virus still remains.

MiniToolBox

I received a pop-up three times which mentioned the same subject/message as "nslookup.exe - Ordinal Not Found" - "The ordinal 1108 could not be located in the dynamic link library WSOCK32.dll".

MiniToolBox by Farbar Version: 25-06-2012
Ran by ctsuser (administrator) on 14-07-2012 at 15:58:44
Microsoft Windows 7 Enterprise Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® WiFi Link 5300 AGN = Wireless Network Connection (Connected)
Cisco Systems VPN Adapter = Local Area Connection 2 (Hardware not present)
Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Media disconnected)
The following helper DLL cannot be loaded: WSHELPER.DLL.


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled taskoffload=disabled
set interface interface="Local Area Connection 2" forwarding=disabled advertise=disabled mtu=1300

metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled

otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled

ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled

currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : CTSNJY12495
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : local.tld

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : local.tld
Description . . . . . . . . . . . : Intel® WiFi Link 5300 AGN
Physical Address. . . . . . . . . : 00-21-6A-21-2F-F4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::177:928c:2dc7:d4a%18(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.15.162(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, July 14, 2012 3:54:28 PM
Lease Expires . . . . . . . . . . : Saturday, July 14, 2012 4:54:27 PM
Default Gateway . . . . . . . . . : 192.168.15.1
DHCP Server . . . . . . . . . . . : 192.168.15.1
DHCPv6 IAID . . . . . . . . . . . : 419438954
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-1C-31-83-00-23-AE-16-BF-E2
DNS Servers . . . . . . . . . . . : 192.168.15.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
Physical Address. . . . . . . . . : 00-23-AE-16-BF-E2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.local.tld:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 18:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{ABE5B9A2-4C7E-44A9-9CB7-52146FB95DDC}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Pinging google.com [74.125.226.192] with 32 bytes of data:
Reply from 74.125.226.192: bytes=32 time=84ms TTL=53
Reply from 74.125.226.192: bytes=32 time=68ms TTL=53

Ping statistics for 74.125.226.192:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 68ms, Maximum = 84ms, Average = 76ms

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=79ms TTL=50
Reply from 98.139.183.24: bytes=32 time=97ms TTL=50

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 79ms, Maximum = 97ms, Average = 88ms

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
18...00 21 6a 21 2f f4 ......Intel® WiFi Link 5300 AGN
15...00 23 ae 16 bf e2 ......Broadcom NetXtreme 57xx Gigabit Controller
1...........................Software Loopback Interface 1
28...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.15.1 192.168.15.162 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.15.0 255.255.255.0 On-link 192.168.15.162 281
192.168.15.162 255.255.255.255 On-link 192.168.15.162 281
192.168.15.255 255.255.255.255 On-link 192.168.15.162 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.15.162 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.15.162 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
18 281 fe80::/64 On-link
18 281 fe80::177:928c:2dc7:d4a/128
On-link
1 306 ff00::/8 On-link
18 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()
Catalog9 25 mswsock.dll [File Not found] ()
Catalog9 26 mswsock.dll [File Not found] ()
Catalog9 27 mswsock.dll [File Not found] ()
Catalog9 28 mswsock.dll [File Not found] ()
Catalog9 29 mswsock.dll [File Not found] ()
Catalog9 30 mswsock.dll [File Not found] ()
Catalog9 31 mswsock.dll [File Not found] ()
Catalog9 32 mswsock.dll [File Not found] ()
Catalog9 33 mswsock.dll [File Not found] ()
Catalog9 34 mswsock.dll [File Not found] ()
Catalog9 35 mswsock.dll [File Not found] ()
Catalog9 36 mswsock.dll [File Not found] ()
Catalog9 37 mswsock.dll [File Not found] ()
Catalog9 38 mswsock.dll [File Not found] ()
Catalog9 39 mswsock.dll [File Not found] ()
Catalog9 40 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/14/2012 03:57:07 PM) (Source: McLogEvent) (User: NT AUTHORITY)NT AUTHORITY
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 2872 (0xb38)

Thread address : 0x76FD7094

Thread message :

Build VSCORE.14.3.0.464 / 5400.1158
Object being scanned = \Device\HarddiskVolume1\Windows\Installer\{90e06ce0-0cb1-ff03-89af-

e60001b92df8}\U\00000004.@
by C:\Windows\system32\services.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (07/14/2012 03:06:01 PM) (Source: McLogEvent) (User: NT AUTHORITY)NT AUTHORITY
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 2324 (0x914)

Thread address : 0x772A7094

Thread message :

Build VSCORE.14.3.0.464 / 5400.1158
Object being scanned = \Device\HarddiskVolume1\Windows\Installer\{90e06ce0-0cb1-ff03-89af-

e60001b92df8}\U\00000004.@
by C:\Windows\system32\services.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (07/13/2012 00:00:07 PM) (Source: Application Error) (User: )
Description: Faulting application name: MCUPDATE.EXE, version: 8.8.0.777, time stamp: 0x4d2e0500
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60
Exception code: 0xc0000005
Fault offset: 0x00064a91
Faulting process id: 0x1624
Faulting application start time: 0xMCUPDATE.EXE0
Faulting application path: MCUPDATE.EXE1
Faulting module path: MCUPDATE.EXE2
Report Id: MCUPDATE.EXE3


System errors:
=============
Error: (07/14/2012 03:57:17 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource

Publication service which failed to start because of the following error:
%%-2147024891

Error: (07/14/2012 03:57:17 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following

error:
%%-2147024891

Error: (07/14/2012 03:57:12 PM) (Source: Service Control Manager) (User: )
Description: The McAfee McShield service terminated unexpectedly. It has done this 1 time(s).

The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (07/14/2012 03:54:36 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service

might not be installed.

Error: (07/14/2012 03:54:31 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE.

This service might not be installed.

Error: (07/14/2012 03:54:27 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/14/2012 03:37:30 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host

service which failed to start because of the following error:
%%1068

Error: (07/14/2012 03:37:29 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (07/14/2012 03:37:29 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (07/14/2012 03:37:25 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}


Microsoft Office Sessions:
=========================
Error: (03/16/2012 08:50:19 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 139202 seconds with

11040 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer (Version: 7.1.8)
6400_Help (Version: 1.00.0000)
Adobe AIR (Version: 3.3.0.3670)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.265)
Adobe Flash Player 11 Plugin (Version: 11.3.300.265)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
AT&T Connect Participant
AuthenTec TrueSuite (Version: 2.0.0.57)
BlackBerry Desktop Software 6.1 (Version: 6.1.0.36)
Bonjour (Version: 3.0.0.10)
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 130.0.000.000)
BPDSoftware_Ini (Version: 1.00.0000)
Browser Hijack Retaliator 4.5.0 Build 471
BufferChm (Version: 130.0.331.000)
CCleaner (Version: 3.20)
Centra Client
Chatter Desktop (Version: 2.1.1)
Cisco Systems VPN Client 5.0.00.0340 (Version: 5.0.0)
Cisco WebEx Meetings
Configuration Manager Client (Version: 4.00.6221.1000)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Touchpad (Version: 7.1207.101.108)
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.465.000)
DocProc (Version: 13.0.0.0)
ESET Online Scanner v3
Fax (Version: 130.0.418.000)
GoToMeeting 5.1.0.880 (Version: 5.1.0.880)
GPBaseService2 (Version: 130.0.371.000)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP OfficeJet J6400 (Version: 13.0)
HP Product Detection (Version: 11.14.0001)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.003.001.001)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
iCloud (Version: 1.1.0.40)
Intel® Management Engine Components (Version: 6.0.0.1179)
iTunes (Version: 10.6.1.7)
J6400 (Version: 130.0.000.000)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
JMicron Flash Media Controller Driver (Version: 1.0.55.0)
Juniper Networks Cache Cleaner 6.5.0 (Version: 6.5.0.16339)
Juniper Networks Host Checker (Version: 7.1.0.19525)
Juniper Networks, Inc. Setup Client (Version: 7.1.4.13103)
Juniper Terminal Services Client (Version: 7.1.0.19525)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
MarketResearch (Version: 130.0.374.000)
McAfee Agent (Version: 4.5.0.1810)
McAfee VirusScan Enterprise (Version: 8.8.00000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Conferencing Add-in for Microsoft Office Outlook (Version: 8.0.6362.0)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Communicator 2007 (Version: 2.0.6362.36)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Meeting 2007 (Version: 8.0.6362.0)
Microsoft Office Live Meeting 2007 (Version: 8.0.6362.202)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Project MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Project Professional 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Visio Professional 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Primary Interoperability Assemblies 2005 (Version: 8.0.50727.42)
Microsoft Project 2010 Service Pack 1 (SP1)
Microsoft Project Professional 2010 (Version: 14.0.6029.1000)
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 13.0.1 (x86 en-US) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 13.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
netTALK (Version: 1.34)
netTALK DUO WiFi Management Tool (Version: 1.0.3)
Network (Version: 130.0.579.000)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
Octoshape Streaming Services
Pdf995
PlayOn (Version: 3.5.4)
ProductContext (Version: 130.0.000.000)
QuickTime (Version: 7.71.80.42)
Rapport (Version: 3.5.1201.78)
Realtek Ethernet Controller Driver For Windows Vista and Later (Version: 1.00.0010)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE 10.3 (Version: 10.3)
Roxio Creator DE 10.3 (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio Update Manager (Version: 6.0.0)
Scan (Version: 13.0.0.0)
Shop for HP Supplies (Version: 13.0)
SmartWebPrinting (Version: 130.0.457.000)
SolutionCenter (Version: 130.0.373.000)
Status (Version: 130.0.469.000)
SUPERAntiSpyware (Version: 5.5.1012)
System Update (Version: 4.00.0046)
ThinkPad Power Management Driver (Version: 1.61.00.11)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.422.000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
WebReg (Version: 130.0.132.017)
WIMGAPI (Version: 1.0.0.0)
WinSCP 4.3.7 (Version: 4.3.7)
WinZip 14.0 (Version: 14.0.8688)

========================= Memory info: ===================================

Percentage of memory in use: 31%
Total physical RAM: 3539.17 MB
Available physical RAM: 2437.89 MB
Total Pagefile: 7076.62 MB
Available Pagefile: 5683.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1939.53 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:232.88 GB) (Free:165.11 GB) NTFS

========================= Users: ========================================

User accounts for \\CTSNJY12495

ctsuser ctsuser1 Guest
nss_admin


**** End of log ****

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:47 AM

Posted 14 July 2012 - 03:35 PM

Press Windows+R key and type

notepad and click ok

copy this script and paste in notepad
@echo off
cd c:\windows\system32
takeown /a /f services.exe
cacls services.exe /g administrators:f
ren services.exe services.exe.old
COPY /Y C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\WINDOWS\system32
DEL %0

Click on FILE>> save as

filename:sevices.bat
Save as type:All types

Now right click on the services.bat file and select run as administrator and run it,click Y and press ENTER

Open your C drive

On top,click on Organize-folder and search options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files


Click ok,now go to

C:\Users\ctsuser\AppData\Local\{90e06ce0-0cb1-ff03-89af-e60001b92df8}
C:\Windows\Installer\{90e06ce0-0cb1-ff03-89af-e60001b92df8}

delete both the folders

Run system look again and post the new log

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Edited by narenxp, 14 July 2012 - 03:35 PM.


#7 Ashok_Chandra

Ashok_Chandra
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 14 July 2012 - 05:14 PM

SystemLook (log taken 2nd time after deleting the folder {90e06ce0-0cb1-ff03-89af-e60001b92df8})

SystemLook 30.07.11 by jpshortstuff
Log created at 18:08 on 14/07/2012 by ctsuser
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\winsxs\x86_microsoft-windows-s..s-

servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe --a----

259072 bytes [23:11 13/07/2009] [01:14 14/07/2009] 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

========== folderfind ==========

Searching for "{90e06ce0-0cb1-ff03-89af-e60001b92df8}"
C:\Windows\Installer\{90e06ce0-0cb1-ff03-89af-e60001b92df8} d--hs-- [08:07 11/01/2012]

-= EOF =-


FSS Scan Report

Farbar Service Scanner Version: 08-07-2012
Ran by ctsuser (administrator) on 14-07-2012 at 18:11:52
Running from "C:\Users\ctsuser\Desktop"
Microsoft Windows 7 Enterprise Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does

not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not

exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does

not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not

exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not

exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not

exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does

not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not

exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does

not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does

not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does

not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does

not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:47 AM

Posted 14 July 2012 - 06:32 PM

Searching for "{90e06ce0-0cb1-ff03-89af-e60001b92df8}"
C:\Windows\Installer\{90e06ce0-0cb1-ff03-89af-e60001b92df8} d--hs-- [08:07 11/01/2012]

Restart the PC and delete this folder

C:\Windows\Installer\{90e06ce0-0cb1-ff03-89af-e60001b92df8}

Run system look again ,post the new log

Edited by narenxp, 14 July 2012 - 06:33 PM.


#9 Ashok_Chandra

Ashok_Chandra
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 14 July 2012 - 08:12 PM

System Look (Re-Run Snapshot)

SystemLook 30.07.11 by jpshortstuff
Log created at 21:02 on 14/07/2012 by ctsuser
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 259072 bytes [23:11 13/07/2009] [01:14 14/07/2009] 5F1B6A9C35D3D5CA72D6D6FDEF9747D6
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe --a---- 259072 bytes [23:11 13/07/2009] [01:14 14/07/2009] 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

========== folderfind ==========

Searching for "{90e06ce0-0cb1-ff03-89af-e60001b92df8}"
No folders found.

-= EOF =-

#10 Ashok_Chandra

Ashok_Chandra
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 14 July 2012 - 09:25 PM

I ran MBAM and performed full scan; but it still shows the virus/trojans like earlier. No change even after the folder has been deleted.

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:47 AM

Posted 14 July 2012 - 09:40 PM

Post the MBAM log

Create a restore point before trying this

Download

MpsSvc
BFE
wscsvc
defender


Launch them ,click YES when you get UAC prompt

restart the PC and post the new FSS log

Edited by narenxp, 14 July 2012 - 09:40 PM.


#12 Ashok_Chandra

Ashok_Chandra
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 14 July 2012 - 10:15 PM

MBAM Log

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.14.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
ctsuser :: CTSNJY12495 [administrator]

7/14/2012 9:37:19 PM
mbam-log-2012-07-14 (23-00-50).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 343254
Time elapsed: 1 hour(s), 22 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> No action taken.

Registry Values Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Users\ctsuser\AppData\Local\{90e06ce0-0cb1-ff03-89af-e60001b92df8}\n. -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> No action taken.
C:\Users\ctsuser\Desktop\One Desktop\My Computer Stuff\Software\RegistryConvoy_Setup.exe (Rogue.RegTidy) -> No action taken.

(end)

FSS Log
Farbar Service Scanner Version: 08-07-2012
Ran by ctsuser (administrator) on 14-07-2012 at 23:12:19
Running from "C:\Users\ctsuser\Desktop\Bleeping Computer Software"
Microsoft Windows 7 Enterprise Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:47 AM

Posted 14 July 2012 - 10:19 PM

MBAM log shows No action taken.

Remove all the infections,scan again until you get a clean log

Post the clean log

#14 Ashok_Chandra

Ashok_Chandra
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 14 July 2012 - 10:27 PM

MBAM (Clean Log)

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.14.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
ctsuser :: CTSNJY12495 [administrator]

7/14/2012 9:37:19 PM
mbam-log-2012-07-14 (21-37-19).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 343254
Time elapsed: 1 hour(s), 22 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Users\ctsuser\AppData\Local\{90e06ce0-0cb1-ff03-89af-e60001b92df8}\n. -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> Quarantined and deleted successfully.
C:\Users\ctsuser\Desktop\One Desktop\My Computer Stuff\Software\RegistryConvoy_Setup.exe (Rogue.RegTidy) -> Quarantined and deleted successfully.

(end)
--------------------------------------------
While the log shows as cleaned, but when I restart and re-run MBAM, the trojans still show up and this is a never ending cycle as observed.

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:47 AM

Posted 14 July 2012 - 10:30 PM

Restart the PC

Press Windows+R key and type

C:\Windows\assembly\GAC

Click ok

Let me know if find desktop.ini




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users