Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected IRP Hook Rootkit will not go away


  • This topic is locked This topic is locked
21 replies to this topic

#1 estomac

estomac

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 17 September 2012 - 05:05 PM

Greetings,

Classic story, a few days ago, the computer boots, then tells me with hard drive has crashed. About 20 dialog boxes line up saying my HD is failing and cannot be reached. I must have pressed the wrong button because since them, My web navigation slowed down and pages are being redirected to commercial sites.

I first ran AVG who told me I had a rootkit: IRP hook,\Driver/iastor IRP_MJ_INTERNAL_DEVICE_CONTROL -) 0xFFFFFA8009799334. Even cleaning it with AVG, it comes back.

TDSSkiller will not run. Most anti-rootkit will either not run or will not find anything I am running Windows 7 64-bits on a MSI laptop GE620DX

DDS and GMER logs following. Please note that GMER would not let me check anything other than the last 3 categories. The rest was grayed out.

I am grateful for ideas and assistance. I have been trying to fix this but have gone to the limit of my competency.

Best Regards

Marc
-------------------------------------------------------

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Laptop at 22:58:10 on 2012-09-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8099.5205 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhost.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\S-Bar\MSIService.exe
C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\rundll32.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe
C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Users\Laptop\Downloads\FileZilla_3.5.3_win32\FileZilla-3.5.3\filezilla.exe
C:\Program Files (x86)\Avanquest\Web Easy Professional 8\WebEasy.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.ca/
mStart Page = hxxp://msi.msn.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [TouchFreeze] C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
StartupFolder: C:\Users\Laptop\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INTEL(~1.LNK - C:\Program Files (x86)\Intel\TurboBoost\SignalIslandUi.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7C26433F-0C57-4D76-AE2D-7081F5A1E4DB} : DhcpNameServer = 172.16.2.5 172.18.82.11 4.2.2.2
TCP: Interfaces\{D8CAC463-6CB3-4CBB-A133-89B247F853E1} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D8CAC463-6CB3-4CBB-A133-89B247F853E1}\96261686E6F536F6E666562756E63696E676 : DhcpNameServer = 172.16.2.5 172.18.82.11 4.2.2.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\system32\DRIVERS\avgidsha.sys --> C:\windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgloga;AVG Logging Driver;C:\windows\system32\DRIVERS\avgloga.sys --> C:\windows\system32\DRIVERS\avgloga.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R0 nvpciflt;nvpciflt;C:\windows\system32\DRIVERS\nvpciflt.sys --> C:\windows\system32\DRIVERS\nvpciflt.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\avgidsdrivera.sys --> C:\windows\system32\DRIVERS\avgidsdrivera.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-4-21 1136640]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-8-20 5751928]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-8-20 184304]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-3-31 923984]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-3-31 1001808]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-4-21 134928]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-12-9 13336]
R2 Micro Star SCM;Micro Star SCM;C:\Program Files (x86)\S-Bar\MSIService.exe [2011-8-13 160768]
R2 MSI Foundation Service;MSI Foundation Service;C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [2010-7-17 12800]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-12-9 2253120]
R2 regi;regi;\??\C:\windows\system32\drivers\regi.sys --> C:\windows\system32\drivers\regi.sys [?]
R2 RosettaStoneDaemon;RosettaStoneDaemon;C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2011-3-31 1646056]
R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\system32\DRIVERS\TurboB.sys --> C:\windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-9 2656280]
R3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;C:\windows\system32\DRIVERS\AMPPAL.sys --> C:\windows\system32\DRIVERS\AMPPAL.sys [?]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-3-31 1321296]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\system32\DRIVERS\btmaux.sys --> C:\windows\system32\DRIVERS\btmaux.sys [?]
R3 btmhsf;btmhsf;C:\windows\system32\DRIVERS\btmhsf.sys --> C:\windows\system32\DRIVERS\btmhsf.sys [?]
R3 busenum;Synology Virtual USB Hub;C:\windows\system32\DRIVERS\busenum.sys --> C:\windows\system32\DRIVERS\busenum.sys [?]
R3 iBtFltCoex;iBtFltCoex;C:\windows\system32\DRIVERS\iBtFltCoex.sys --> C:\windows\system32\DRIVERS\iBtFltCoex.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBfilt;MBfilt;C:\windows\system32\drivers\MBfilt64.sys --> C:\windows\system32\drivers\MBfilt64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\drivers\HECIx64.sys --> C:\windows\system32\drivers\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\drivers\nusb3hub.sys --> C:\windows\system32\drivers\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\drivers\nusb3xhc.sys --> C:\windows\system32\drivers\nusb3xhc.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUVStor.sys --> C:\windows\system32\Drivers\RtsUVStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
S3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;C:\windows\system32\DRIVERS\amppal.sys --> C:\windows\system32\DRIVERS\amppal.sys [?]
S3 ManyCam;ManyCam Virtual Webcam;C:\windows\system32\DRIVERS\mcvidrv_x64.sys --> C:\windows\system32\DRIVERS\mcvidrv_x64.sys [?]
S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\windows\system32\drivers\mcaudrv_x64.sys --> C:\windows\system32\drivers\mcaudrv_x64.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\system32\DRIVERS\wdcsam64.sys --> C:\windows\system32\DRIVERS\wdcsam64.sys [?]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2012-4-1 25832]
S4 UsbClientService;UsbClientService;C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [2011-2-18 245760]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-09-17 15:10:27 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-17 11:29:24 -------- d-----w- C:\username123
2012-09-17 08:05:19 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2012-09-16 12:37:34 -------- d-----w- C:\Users\Laptop\AppData\Roaming\AVG2013
2012-09-16 12:36:44 -------- d-----w- C:\Users\Laptop\AppData\Roaming\TuneUp Software
2012-09-16 12:36:04 -------- d-----w- C:\ProgramData\AVG2013
2012-09-16 12:36:04 -------- d-----w- C:\$AVG
2012-09-16 12:32:59 -------- d-----w- C:\Users\Laptop\AppData\Local\MFAData
2012-09-16 12:32:59 -------- d-----w- C:\Users\Laptop\AppData\Local\Avg2013
2012-09-15 18:10:41 -------- d-----w- C:\ProgramData\Sophos
2012-09-15 18:09:28 -------- d-----w- C:\Program Files (x86)\Sophos
2012-09-15 05:42:59 -------- d-----w- C:\Users\Laptop\AppData\Roaming\Malwarebytes
2012-09-15 05:42:33 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-15 05:30:24 98816 ----a-w- C:\windows\sed.exe
2012-09-15 05:30:24 518144 ----a-w- C:\windows\SWREG.exe
2012-09-15 05:30:24 256000 ----a-w- C:\windows\PEV.exe
2012-09-15 05:30:24 208896 ----a-w- C:\windows\MBR.exe
2012-09-11 21:09:44 950128 ----a-w- C:\windows\System32\drivers\ndis.sys
2012-09-11 21:09:44 41472 ----a-w- C:\windows\System32\drivers\RNDISMP.sys
2012-09-11 21:09:40 574464 ----a-w- C:\windows\System32\d3d10level9.dll
2012-09-11 21:09:40 490496 ----a-w- C:\windows\SysWow64\d3d10level9.dll
2012-09-11 21:09:39 376688 ----a-w- C:\windows\System32\drivers\netio.sys
2012-09-11 21:09:39 288624 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
2012-09-11 21:09:39 1913200 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-09-10 08:48:37 -------- d-----w- C:\Users\Laptop\AppData\Local\{531110B3-1B2F-4AFD-8FCF-5F7FE5C691F4}
2012-09-09 13:06:51 -------- d-----w- C:\Users\Laptop\AppData\Local\{564EDBCA-4754-4D09-A572-4DBAD0BE1A77}
2012-09-05 11:50:04 -------- d-----w- C:\slide
2012-09-05 11:45:50 -------- d-----w- C:\Users\Laptop\AppData\Roaming\KS-SW
2012-09-05 11:44:55 -------- d-----w- C:\ProgramData\{1A6A2529-7519-4B71-B2DE-4CA6C9396B48}
2012-09-03 15:09:24 -------- d-----w- C:\Users\Laptop\AppData\Roaming\Anvsoft
2012-09-03 15:08:49 -------- d-----w- C:\Program Files (x86)\AnvSoft
2012-09-03 12:41:36 -------- d-----w- C:\Program Files (x86)\NCH Software
2012-09-03 12:41:33 -------- d-----w- C:\Users\Laptop\AppData\Roaming\NCH Software
2012-09-03 12:16:55 -------- d-----w- C:\Users\Laptop\AppData\Local\{283B2443-056A-4AEC-9144-5B64EA1FC95F}
.
==================== Find3M ====================
.
2012-08-28 07:11:59 821736 ----a-w- C:\windows\SysWow64\npdeployJava1.dll
2012-08-28 07:11:59 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-08-27 06:09:14 73416 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-27 06:09:14 696520 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-08-13 14:40:52 150880 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys
2012-08-10 02:52:38 199520 ----a-w- C:\windows\System32\drivers\avgtdia.sys
2012-08-10 02:52:34 105312 ----a-w- C:\windows\System32\drivers\avgmfx64.sys
2012-08-10 02:52:16 40288 ----a-w- C:\windows\System32\drivers\avgrkx64.sys
2012-08-09 11:56:42 230240 ----a-w- C:\windows\System32\drivers\avgloga.sys
2012-08-09 11:56:34 60768 ----a-w- C:\windows\System32\drivers\avgidsha.sys
2012-08-09 11:56:20 175968 ----a-w- C:\windows\System32\drivers\avgldx64.sys
2012-07-18 18:15:06 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-07-06 20:07:42 552960 ----a-w- C:\windows\System32\drivers\bthport.sys
2012-07-04 22:13:27 59392 ----a-w- C:\windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\windows\SysWow64\browcli.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-06-06 04:06:50 2174976 ----a-w- C:\Program Files (x86)\Common Files\atimpenc.dll
.
============= FINISH: 23:05:53.08 ===============
-----------------------------------------------------------------------------------------------------------
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-17 23:51:34
Windows 6.1.7601 Service Pack 1
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca971006f08
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca971be7b97
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca971be7b97@806007c1d080 0x42 0x72 0x92 0xC7 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca971006f08 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca971be7b97 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca971be7b97@806007c1d080 0x42 0x72 0x92 0xC7 ...

---- Files - GMER 1.0.15 ----

File C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Cookies\8PZMJMNP.txt 0 bytes

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:50 AM

Posted 17 September 2012 - 10:01 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 estomac

estomac
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 18 September 2012 - 01:31 AM

Dear Gringo,

Greetings from Zurich, Switzerland. Many thanks for your support and assistance with this hair-pulling Rootkit.

1) DeFogger ran as requested (Log follows)
2) ADW ran as requested (Log follows)
3) Rogue Killer ran as requested. (found and quarantined some entries)

After some testing. Redirect still occurs so we have more work to do to kill this beast.

Thank you again.

Estomac

1) -------------------------------Log Defogger------------------------------
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 07:03 on 18/09/2012 (Laptop)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-





2) ---------------------------------Log ADW Cleaner-----------------------------
# AdwCleaner v2.002 - Logfile created 09/18/2012 at 08:20:01
# Updated 16/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Laptop - LAPTOP-MSI
# Boot Mode : Normal
# Running from : C:\Users\Laptop\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

*************************

AdwCleaner[R1].txt - [2462 octets] - [16/09/2012 19:01:40]
AdwCleaner[R2].txt - [2522 octets] - [16/09/2012 19:02:26]
AdwCleaner[S1].txt - [3137 octets] - [16/09/2012 19:02:44]
AdwCleaner[R3].txt - [826 octets] - [18/09/2012 07:03:47]
AdwCleaner[R4].txt - [885 octets] - [18/09/2012 08:19:19]
AdwCleaner[R5].txt - [944 octets] - [18/09/2012 08:19:52]
AdwCleaner[S2].txt - [943 octets] - [18/09/2012 08:20:01]

########## EOF - C:\AdwCleaner[S2].txt - [1002 octets] ##########






3)----------------------------------------------------Log Rogue Killer--------------------------------
RogueKiller V8.0.3 [09/13/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Laptop [Admin rights]
Mode : Scan -- Date : 09/18/2012 07:05:11

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 8ec213f346d5cee4b33c30bc76d82d6a
[BSP] a842ff29e5ccb7744e81f97907a6f513 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12872 Mo
1 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 26363904 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 26568704 | Size: 421455 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 889710592 | Size: 280974 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] c8261e8a8502862956d27124a01c541c
[BSP] c7c4da3a3e13a0f5c8645a9cd6ad252a : MaxSS MBR Code!
Partition table:
1 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 26363904 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 26568704 | Size: 421455 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 889710592 | Size: 280974 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] c8261e8a8502862956d27124a01c541c
[BSP] c7c4da3a3e13a0f5c8645a9cd6ad252a : MaxSS MBR Code!
Partition table:
1 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 26363904 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 26568704 | Size: 421455 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 889710592 | Size: 280974 Mo

Finished : << RKreport[1].txt >>
RKreport[1].txt

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:50 AM

Posted 18 September 2012 - 01:34 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 estomac

estomac
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 18 September 2012 - 02:46 AM

Hello Gringo,

Thanks for the quick reply.

Browsing is still slower than normal but redirects seem to have stopped. I have not yet rebooted the machine.

I ran combofix (which took 1 hour). Please find log attached.

Your assistance is greatly apreciated.

Best Regards

Estomac


ComboFix 12-09-18.02 - Laptop 18/09/2012 8:45.5.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8099.6312 [GMT 2:00]
Running from: c:\users\Laptop\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-18 to 2012-09-18 )))))))))))))))))))))))))))))))
.
.
2012-09-18 07:17 . 2012-09-18 07:17 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-18 07:17 . 2012-09-18 07:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-18 06:14 . 2012-09-18 06:14 -------- d-----w- c:\users\Laptop\AppData\Local\Avg2013
2012-09-17 11:29 . 2012-09-17 12:28 -------- d-----w- C:\username123
2012-09-17 08:05 . 2012-09-17 08:05 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-09-16 12:36 . 2012-09-16 12:36 -------- d-----w- c:\users\Laptop\AppData\Roaming\TuneUp Software
2012-09-16 12:32 . 2012-09-16 12:32 -------- d-----w- c:\users\Laptop\AppData\Local\MFAData
2012-09-15 18:10 . 2012-09-15 18:10 -------- d-----w- c:\programdata\Sophos
2012-09-15 18:09 . 2012-09-17 08:41 -------- d-----w- c:\program files (x86)\Sophos
2012-09-15 13:01 . 2012-08-30 22:43 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-15 05:42 . 2012-09-15 05:42 -------- d-----w- c:\users\Laptop\AppData\Roaming\Malwarebytes
2012-09-15 05:42 . 2012-09-15 05:42 -------- d-----w- c:\programdata\Malwarebytes
2012-09-11 21:09 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-11 21:09 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-11 21:09 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-11 21:09 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-11 21:09 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-11 21:09 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-11 21:09 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-05 11:50 . 2012-09-05 11:50 -------- d-----w- C:\slide
2012-09-05 11:45 . 2012-09-05 11:47 -------- d-----w- c:\users\Laptop\AppData\Roaming\KS-SW
2012-09-05 11:44 . 2012-09-05 11:44 -------- d-----w- c:\programdata\{1A6A2529-7519-4B71-B2DE-4CA6C9396B48}
2012-09-03 15:09 . 2012-09-05 12:15 -------- d-----w- c:\users\Laptop\AppData\Roaming\Anvsoft
2012-09-03 15:08 . 2012-09-05 12:18 -------- d-----w- c:\program files (x86)\AnvSoft
2012-09-03 12:41 . 2012-09-03 12:41 -------- d-----w- c:\programdata\NCH Software
2012-09-03 12:41 . 2012-09-03 13:03 -------- d-----w- c:\program files (x86)\NCH Software
2012-09-03 12:41 . 2012-09-03 12:45 -------- d-----w- c:\users\Laptop\AppData\Roaming\NCH Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 07:11 . 2012-05-04 06:26 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-28 07:11 . 2012-05-04 06:26 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-27 06:09 . 2012-07-30 22:28 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-27 06:09 . 2012-07-30 22:28 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-18 18:15 . 2012-08-16 06:44 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 20:07 . 2012-08-16 20:17 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-04 22:16 . 2012-08-16 06:44 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-16 06:44 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-16 06:44 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-16 06:44 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-06-29 04:55 . 2012-08-16 20:16 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-06-29 04:09 . 2012-08-16 20:16 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-06-29 03:56 . 2012-08-16 20:16 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 03:49 . 2012-08-16 20:16 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-29 03:49 . 2012-08-16 20:16 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 03:48 . 2012-08-16 20:16 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 03:47 . 2012-08-16 20:16 237056 ----a-w- c:\windows\system32\url.dll
2012-06-29 03:45 . 2012-08-16 20:16 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-29 03:44 . 2012-08-16 20:16 816640 ----a-w- c:\windows\system32\jscript.dll
2012-06-29 03:43 . 2012-08-16 20:16 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 03:42 . 2012-08-16 20:16 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-29 03:40 . 2012-08-16 20:16 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-29 03:39 . 2012-08-16 20:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-29 03:35 . 2012-08-16 20:16 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-29 00:16 . 2012-08-16 20:16 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-29 00:09 . 2012-08-16 20:16 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-29 00:08 . 2012-08-16 20:16 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04 . 2012-08-16 20:16 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00 . 2012-08-16 20:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-06 04:06 . 2012-06-06 04:06 2174976 ----a-w- c:\program files (x86)\Common Files\atimpenc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-16_08.13.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-09-18 06:23 71666 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-18 06:23 42684 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-03-29 12:11 . 2012-09-17 19:19 18156 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1355470665-1842977295-2144832153-1001_UserData.bin
+ 2012-03-29 12:12 . 2012-09-18 05:28 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-03-29 12:12 . 2012-09-16 06:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-03-29 12:12 . 2012-09-16 06:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-29 12:12 . 2012-09-18 05:28 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-16 06:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-18 05:28 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:46 . 2012-09-12 15:47 96928 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2012-09-17 11:14 96928 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-12-09 18:23 . 2012-09-18 06:20 2084 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-12-09 18:23 . 2012-09-15 19:51 2084 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-09-16 06:52 . 2012-09-16 06:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-18 06:21 . 2012-09-18 06:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-18 06:21 . 2012-09-18 06:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-16 06:52 . 2012-09-16 06:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-01 04:07 . 2012-09-17 17:05 306532 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-09-16 06:57 660318 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-18 06:25 660318 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-18 06:25 121214 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-09-16 06:57 121214 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-09-18 06:20 483864 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:45 . 2012-09-17 10:28 5038376 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 04:45 . 2012-09-12 06:59 7284024 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-09-17 10:30 7284024 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-12-09 19:03 . 2012-09-18 06:20 5395648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-03-29 12:22 . 2012-09-18 06:20 6138640 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1355470665-1842977295-2144832153-1001-8192.dat
+ 2012-04-07 06:44 . 2012-09-17 10:26 3963296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1355470665-1842977295-2144832153-1001-12288.dat
+ 2012-09-16 12:33 . 2012-09-16 12:33 8540160 c:\windows\Installer\bedc5.msi
+ 2012-09-16 12:34 . 2012-09-16 12:34 2818048 c:\windows\Installer\bedc1.msi
+ 2012-09-16 12:35 . 2012-09-16 12:35 13074432 c:\windows\Installer\bedbd.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TouchFreeze"="c:\program files (x86)\TouchFreeze\TouchFreeze.exe" [2005-04-29 45056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
.
c:\users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-10-8 198656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-04-21 294912]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]
R3 MGHwCtrl;MGHwCtrl;c:\program files\MSI\MSI Software Install\MGHwCtrl.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-01 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R4 UsbClientService;UsbClientService;c:\program files (x86)\Synology\Assistant\UsbClientService.exe [2011-02-18 245760]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-11-28 28992]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-04-21 1136640]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-04-21 134928]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\S-Bar\MSIService.exe [2011-08-13 160768]
S2 MSI Foundation Service;MSI Foundation Service;c:\program files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [2010-07-17 12800]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-28 2253120]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2011-03-31 1646056]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-10-08 19192]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-04-21 294912]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-03-08 51712]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-03-08 274944]
S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys [2011-02-18 56160]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-03-23 59904]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-10-19 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-04-14 87552]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-04-14 207872]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys [2011-03-15 311400]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-04 11780712]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.ca/
mStart Page = hxxp://msi.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-18 09:37:32
ComboFix-quarantined-files.txt 2012-09-18 07:37
ComboFix2.txt 2012-09-17 12:28
ComboFix3.txt 2012-09-16 12:16
ComboFix4.txt 2012-09-16 08:33
.
Pre-Run: 204,422,283,264 bytes free
Post-Run: 204,058,226,688 bytes free
.
- - End Of File - - 1C16376915D8BEFFA8B241B5C7BBA941

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:50 AM

Posted 18 September 2012 - 03:21 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 estomac

estomac
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 18 September 2012 - 03:46 AM

Hello again. Must be getting late in the Americas...

Ran TDSS Killer. It found Rootkit.Boot.SST.a but could not cure it. It asked if I wanted to create a custom boot file and I said no. Log below

aswMBR will not run at all.

Please advise if I did something wrong.

Best

Marc

-------------------------Log TDSS Killer-------------------------------

10:29:44.0081 4016 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
10:29:44.0253 4016 ============================================================
10:29:44.0253 4016 Current date / time: 2012/09/18 10:29:44.0253
10:29:44.0253 4016 SystemInfo:
10:29:44.0253 4016
10:29:44.0253 4016 OS Version: 6.1.7601 ServicePack: 1.0
10:29:44.0253 4016 Product type: Workstation
10:29:44.0253 4016 ComputerName: LAPTOP-MSI
10:29:44.0253 4016 UserName: Laptop
10:29:44.0253 4016 Windows directory: C:\windows
10:29:44.0253 4016 System windows directory: C:\windows
10:29:44.0253 4016 Running under WOW64
10:29:44.0253 4016 Processor architecture: Intel x64
10:29:44.0253 4016 Number of processors: 8
10:29:44.0253 4016 Page size: 0x1000
10:29:44.0253 4016 Boot type: Normal boot
10:29:44.0253 4016 ============================================================
10:29:46.0015 4016 BG loaded
10:29:46.0390 4016 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x000000A0
10:29:46.0390 4016 ============================================================
10:29:46.0390 4016 \Device\Harddisk0\DR0:
10:29:46.0390 4016 MBR partitions:
10:29:46.0390 4016 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1956800, BlocksNum 0x337278A6
10:29:46.0405 4016 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3507F000, BlocksNum 0x224BFEF0
10:29:46.0405 4016 ============================================================
10:29:46.0530 4016 C: <-> \Device\Harddisk0\DR0\Partition1
10:29:46.0577 4016 F: <-> \Device\Harddisk0\DR0\Partition2
10:29:46.0577 4016 ============================================================
10:29:46.0577 4016 Initialize success
10:29:46.0577 4016 ============================================================
10:29:53.0981 4496 ============================================================
10:29:53.0981 4496 Scan started
10:29:53.0981 4496 Mode: Manual;
10:29:53.0981 4496 ============================================================
10:29:56.0587 4496 ================ Scan system memory ========================
10:29:56.0587 4496 System memory - ok
10:29:56.0602 4496 ================ Scan services =============================
10:29:57.0429 4496 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
10:29:57.0445 4496 1394ohci - ok
10:29:57.0491 4496 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
10:29:57.0507 4496 ACPI - ok
10:29:57.0663 4496 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
10:29:57.0772 4496 AcpiPmi - ok
10:29:58.0162 4496 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:29:58.0240 4496 AdobeARMservice - ok
10:29:58.0537 4496 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
10:29:58.0552 4496 adp94xx - ok
10:29:58.0646 4496 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
10:29:58.0661 4496 adpahci - ok
10:29:58.0864 4496 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
10:29:58.0880 4496 adpu320 - ok
10:29:58.0927 4496 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
10:29:58.0927 4496 AeLookupSvc - ok
10:29:59.0036 4496 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
10:29:59.0036 4496 AFD - ok
10:29:59.0098 4496 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
10:29:59.0130 4496 agp440 - ok
10:29:59.0582 4496 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
10:29:59.0598 4496 ALG - ok
10:29:59.0769 4496 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
10:29:59.0785 4496 aliide - ok
10:29:59.0972 4496 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
10:30:00.0003 4496 amdide - ok
10:30:00.0128 4496 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
10:30:00.0144 4496 AmdK8 - ok
10:30:00.0222 4496 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
10:30:00.0237 4496 AmdPPM - ok
10:30:00.0549 4496 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
10:30:00.0565 4496 amdsata - ok
10:30:00.0690 4496 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
10:30:00.0705 4496 amdsbs - ok
10:30:00.0908 4496 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
10:30:00.0908 4496 amdxata - ok
10:30:01.0095 4496 [ 9921E78BC29634235F4BF5809E7E8CDE ] AMPPAL C:\windows\system32\DRIVERS\AMPPAL.sys
10:30:01.0095 4496 AMPPAL - ok
10:30:01.0126 4496 [ 9921E78BC29634235F4BF5809E7E8CDE ] AMPPALP C:\windows\system32\DRIVERS\amppal.sys
10:30:01.0126 4496 AMPPALP - ok
10:30:01.0345 4496 [ 83A0E7BA4AE616D3654E700D9C5FF9DB ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
10:30:01.0345 4496 AMPPALR3 - ok
10:30:01.0407 4496 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
10:30:01.0423 4496 AppID - ok
10:30:01.0485 4496 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
10:30:01.0501 4496 AppIDSvc - ok
10:30:01.0579 4496 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
10:30:01.0579 4496 Appinfo - ok
10:30:01.0844 4496 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:30:01.0922 4496 Apple Mobile Device - ok
10:30:02.0062 4496 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
10:30:02.0062 4496 arc - ok
10:30:02.0140 4496 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
10:30:02.0172 4496 arcsas - ok
10:30:02.0593 4496 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:30:02.0811 4496 aspnet_state - ok
10:30:02.0889 4496 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
10:30:02.0905 4496 AsyncMac - ok
10:30:03.0030 4496 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
10:30:03.0045 4496 atapi - ok
10:30:03.0139 4496 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\windows\system32\DRIVERS\athrx.sys
10:30:03.0201 4496 athr - ok
10:30:03.0373 4496 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
10:30:03.0388 4496 AudioEndpointBuilder - ok
10:30:03.0404 4496 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
10:30:03.0420 4496 AudioSrv - ok
10:30:03.0482 4496 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
10:30:03.0482 4496 AxInstSV - ok
10:30:03.0560 4496 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
10:30:03.0591 4496 b06bdrv - ok
10:30:03.0622 4496 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
10:30:03.0638 4496 b57nd60a - ok
10:30:03.0716 4496 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
10:30:03.0732 4496 BDESVC - ok
10:30:03.0794 4496 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
10:30:03.0794 4496 Beep - ok
10:30:03.0934 4496 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
10:30:03.0950 4496 BFE - ok
10:30:04.0059 4496 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
10:30:04.0106 4496 BITS - ok
10:30:04.0122 4496 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\drivers\blbdrive.sys
10:30:04.0137 4496 blbdrive - ok
10:30:04.0262 4496 [ 55B0C8441DE7D91A819A39D0351154A2 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
10:30:04.0262 4496 Bluetooth Device Monitor - ok
10:30:04.0480 4496 [ 7E262330DF0C4BE4ECE853B59B9CBE4C ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
10:30:04.0496 4496 Bluetooth Media Service - ok
10:30:04.0636 4496 [ 8BF4B9956E13871A88A3810074E2E110 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
10:30:04.0652 4496 Bluetooth OBEX Service - ok
10:30:04.0870 4496 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:30:04.0886 4496 Bonjour Service - ok
10:30:04.0948 4496 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
10:30:04.0964 4496 bowser - ok
10:30:05.0011 4496 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
10:30:05.0058 4496 BrFiltLo - ok
10:30:05.0104 4496 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
10:30:05.0120 4496 BrFiltUp - ok
10:30:05.0245 4496 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
10:30:05.0260 4496 BridgeMP - ok
10:30:05.0354 4496 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
10:30:05.0354 4496 Browser - ok
10:30:05.0385 4496 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
10:30:05.0401 4496 Brserid - ok
10:30:05.0416 4496 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
10:30:05.0416 4496 BrSerWdm - ok
10:30:05.0463 4496 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
10:30:05.0494 4496 BrUsbMdm - ok
10:30:05.0526 4496 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
10:30:05.0526 4496 BrUsbSer - ok
10:30:05.0635 4496 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
10:30:05.0650 4496 BthEnum - ok
10:30:05.0713 4496 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
10:30:05.0713 4496 BTHMODEM - ok
10:30:05.0806 4496 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
10:30:05.0806 4496 BthPan - ok
10:30:05.0869 4496 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
10:30:05.0884 4496 BTHPORT - ok
10:30:05.0947 4496 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
10:30:05.0947 4496 bthserv - ok
10:30:05.0978 4496 [ A5B3E8B2B78C7B3DA56A0DE490E6718C ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
10:30:05.0978 4496 BTHSSecurityMgr - ok
10:30:06.0040 4496 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
10:30:06.0040 4496 BTHUSB - ok
10:30:06.0072 4496 [ 270FBA230E78E25726D065A924589A72 ] btmaux C:\windows\system32\DRIVERS\btmaux.sys
10:30:06.0072 4496 btmaux - ok
10:30:06.0118 4496 [ 0010A54571F525A97EED8C091E96EAA9 ] btmhsf C:\windows\system32\DRIVERS\btmhsf.sys
10:30:06.0118 4496 btmhsf - ok
10:30:06.0165 4496 [ FC278504BFA3AC7E9ED92359D0EE7282 ] busenum C:\windows\system32\DRIVERS\busenum.sys
10:30:06.0165 4496 busenum - ok
10:30:06.0508 4496 catchme - ok
10:30:06.0586 4496 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
10:30:06.0586 4496 cdfs - ok
10:30:06.0649 4496 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
10:30:06.0649 4496 cdrom - ok
10:30:06.0711 4496 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
10:30:06.0727 4496 CertPropSvc - ok
10:30:06.0774 4496 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
10:30:06.0789 4496 circlass - ok
10:30:06.0883 4496 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
10:30:06.0914 4496 CLFS - ok
10:30:06.0992 4496 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:30:07.0008 4496 clr_optimization_v2.0.50727_32 - ok
10:30:07.0086 4496 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:30:07.0086 4496 clr_optimization_v2.0.50727_64 - ok
10:30:07.0210 4496 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:30:07.0429 4496 clr_optimization_v4.0.30319_32 - ok
10:30:07.0460 4496 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:30:07.0554 4496 clr_optimization_v4.0.30319_64 - ok
10:30:07.0585 4496 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\drivers\CmBatt.sys
10:30:07.0585 4496 CmBatt - ok
10:30:07.0632 4496 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
10:30:07.0647 4496 cmdide - ok
10:30:07.0756 4496 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
10:30:07.0788 4496 CNG - ok
10:30:07.0866 4496 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
10:30:07.0881 4496 Compbatt - ok
10:30:07.0928 4496 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
10:30:07.0928 4496 CompositeBus - ok
10:30:07.0944 4496 COMSysApp - ok
10:30:07.0975 4496 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
10:30:07.0990 4496 crcdisk - ok
10:30:08.0068 4496 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll
10:30:08.0068 4496 CryptSvc - ok
10:30:08.0193 4496 [ 80861969541971176E005D2C09DAE851 ] DAUpdaterSvc C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
10:30:08.0209 4496 DAUpdaterSvc - ok
10:30:08.0349 4496 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
10:30:08.0365 4496 DcomLaunch - ok
10:30:08.0458 4496 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
10:30:08.0490 4496 defragsvc - ok
10:30:08.0536 4496 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
10:30:08.0536 4496 DfsC - ok
10:30:08.0661 4496 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
10:30:08.0661 4496 Dhcp - ok
10:30:08.0677 4496 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
10:30:08.0677 4496 discache - ok
10:30:08.0786 4496 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
10:30:08.0802 4496 Disk - ok
10:30:08.0848 4496 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
10:30:08.0848 4496 Dnscache - ok
10:30:08.0926 4496 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
10:30:08.0926 4496 dot3svc - ok
10:30:08.0958 4496 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
10:30:08.0958 4496 DPS - ok
10:30:09.0020 4496 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
10:30:09.0036 4496 drmkaud - ok
10:30:09.0098 4496 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
10:30:09.0114 4496 DXGKrnl - ok
10:30:09.0207 4496 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
10:30:09.0207 4496 EapHost - ok
10:30:09.0457 4496 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
10:30:09.0566 4496 ebdrv - ok
10:30:09.0628 4496 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
10:30:09.0628 4496 EFS - ok
10:30:09.0738 4496 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
10:30:09.0753 4496 ehRecvr - ok
10:30:09.0816 4496 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
10:30:09.0816 4496 ehSched - ok
10:30:09.0909 4496 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
10:30:09.0956 4496 elxstor - ok
10:30:09.0972 4496 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
10:30:09.0987 4496 ErrDev - ok
10:30:10.0081 4496 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
10:30:10.0096 4496 EventSystem - ok
10:30:10.0159 4496 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
10:30:10.0159 4496 exfat - ok
10:30:10.0190 4496 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
10:30:10.0206 4496 fastfat - ok
10:30:10.0284 4496 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
10:30:10.0284 4496 Fax - ok
10:30:10.0362 4496 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
10:30:10.0377 4496 fdc - ok
10:30:10.0471 4496 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
10:30:10.0471 4496 fdPHost - ok
10:30:10.0502 4496 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
10:30:10.0502 4496 FDResPub - ok
10:30:10.0533 4496 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
10:30:10.0549 4496 FileInfo - ok
10:30:10.0580 4496 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
10:30:10.0596 4496 Filetrace - ok
10:30:10.0736 4496 [ 8669BE94F63944E4F899C3950B520241 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:30:10.0830 4496 FLEXnet Licensing Service - ok
10:30:10.0923 4496 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
10:30:10.0939 4496 flpydisk - ok
10:30:11.0032 4496 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
10:30:11.0048 4496 FltMgr - ok
10:30:11.0157 4496 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
10:30:11.0173 4496 FontCache - ok
10:30:11.0235 4496 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:30:11.0235 4496 FontCache3.0.0.0 - ok
10:30:11.0266 4496 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
10:30:11.0266 4496 FsDepends - ok
10:30:11.0329 4496 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
10:30:11.0344 4496 Fs_Rec - ok
10:30:11.0438 4496 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
10:30:11.0454 4496 fvevol - ok
10:30:11.0485 4496 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
10:30:11.0500 4496 gagp30kx - ok
10:30:11.0719 4496 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
10:30:11.0719 4496 GEARAspiWDM - ok
10:30:11.0922 4496 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
10:30:11.0922 4496 gpsvc - ok
10:30:12.0031 4496 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
10:30:12.0046 4496 hcw85cir - ok
10:30:12.0171 4496 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
10:30:12.0187 4496 HdAudAddService - ok
10:30:12.0249 4496 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
10:30:12.0249 4496 HDAudBus - ok
10:30:12.0280 4496 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
10:30:12.0280 4496 HidBatt - ok
10:30:12.0296 4496 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
10:30:12.0312 4496 HidBth - ok
10:30:12.0327 4496 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
10:30:12.0343 4496 HidIr - ok
10:30:12.0390 4496 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
10:30:12.0390 4496 hidserv - ok
10:30:12.0483 4496 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
10:30:12.0483 4496 HidUsb - ok
10:30:12.0546 4496 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
10:30:12.0561 4496 hkmsvc - ok
10:30:12.0592 4496 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
10:30:12.0608 4496 HomeGroupListener - ok
10:30:12.0639 4496 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
10:30:12.0655 4496 HomeGroupProvider - ok
10:30:12.0686 4496 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
10:30:12.0702 4496 HpSAMD - ok
10:30:12.0842 4496 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
10:30:12.0858 4496 HTTP - ok
10:30:12.0889 4496 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
10:30:12.0889 4496 hwpolicy - ok
10:30:12.0967 4496 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
10:30:12.0967 4496 i8042prt - ok
10:30:13.0060 4496 [ D469B77687E12FE43E344806740B624D ] iaStor C:\windows\system32\drivers\iaStor.sys
10:30:13.0060 4496 iaStor - ok
10:30:13.0138 4496 [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
10:30:13.0138 4496 IAStorDataMgrSvc - ok
10:30:13.0248 4496 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
10:30:13.0263 4496 iaStorV - ok
10:30:13.0341 4496 [ DE9E40BAEE2E48FD1E3EB423074C014C ] iBtFltCoex C:\windows\system32\DRIVERS\iBtFltCoex.sys
10:30:13.0341 4496 iBtFltCoex - ok
10:30:13.0482 4496 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:30:13.0544 4496 idsvc - ok
10:30:14.0605 4496 [ 6383899C5F964D71B0F96B81FBE59BB8 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
10:30:14.0667 4496 igfx - ok
10:30:14.0714 4496 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
10:30:14.0730 4496 iirsp - ok
10:30:14.0917 4496 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
10:30:14.0932 4496 IKEEXT - ok
10:30:15.0276 4496 [ C15A21B1E2291952424F361093734F95 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
10:30:15.0291 4496 IntcAzAudAddService - ok
10:30:15.0416 4496 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
10:30:15.0416 4496 IntcDAud - ok
10:30:15.0463 4496 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
10:30:15.0478 4496 intelide - ok
10:30:15.0541 4496 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\drivers\intelppm.sys
10:30:15.0541 4496 intelppm - ok
10:30:15.0603 4496 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
10:30:15.0603 4496 IPBusEnum - ok
10:30:15.0650 4496 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
10:30:15.0681 4496 IpFilterDriver - ok
10:30:15.0759 4496 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
10:30:15.0775 4496 iphlpsvc - ok
10:30:15.0790 4496 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
10:30:15.0806 4496 IPMIDRV - ok
10:30:15.0837 4496 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
10:30:15.0837 4496 IPNAT - ok
10:30:15.0978 4496 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:30:16.0024 4496 iPod Service - ok
10:30:16.0087 4496 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
10:30:16.0087 4496 IRENUM - ok
10:30:16.0165 4496 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
10:30:16.0165 4496 isapnp - ok
10:30:16.0212 4496 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
10:30:16.0227 4496 iScsiPrt - ok
10:30:16.0305 4496 [ F415A88162D23977B5EDAE4F0410E903 ] IviRegMgr C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
10:30:16.0305 4496 IviRegMgr - ok
10:30:16.0352 4496 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
10:30:16.0352 4496 kbdclass - ok
10:30:16.0648 4496 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
10:30:16.0664 4496 kbdhid - ok
10:30:17.0085 4496 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
10:30:17.0085 4496 KeyIso - ok
10:30:17.0132 4496 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
10:30:17.0148 4496 KSecDD - ok
10:30:17.0163 4496 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
10:30:17.0179 4496 KSecPkg - ok
10:30:17.0226 4496 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
10:30:17.0226 4496 ksthunk - ok
10:30:17.0272 4496 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
10:30:17.0304 4496 KtmRm - ok
10:30:17.0350 4496 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
10:30:17.0350 4496 LanmanServer - ok
10:30:17.0475 4496 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
10:30:17.0475 4496 LanmanWorkstation - ok
10:30:17.0553 4496 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
10:30:17.0569 4496 lltdio - ok
10:30:17.0616 4496 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
10:30:17.0631 4496 lltdsvc - ok
10:30:17.0678 4496 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
10:30:17.0678 4496 lmhosts - ok
10:30:17.0850 4496 [ 1584DEEAE5AA0E3FB045F3D0EAC585EA ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
10:30:17.0850 4496 LMS - ok
10:30:17.0912 4496 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
10:30:17.0912 4496 LSI_FC - ok
10:30:17.0974 4496 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
10:30:17.0990 4496 LSI_SAS - ok
10:30:18.0021 4496 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
10:30:18.0037 4496 LSI_SAS2 - ok
10:30:18.0099 4496 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
10:30:18.0115 4496 LSI_SCSI - ok
10:30:18.0146 4496 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
10:30:18.0162 4496 luafv - ok
10:30:18.0318 4496 [ 922CBAC7B992B9614CAB7122F4BF9406 ] ManyCam C:\windows\system32\DRIVERS\mcvidrv_x64.sys
10:30:18.0333 4496 ManyCam - ok
10:30:18.0458 4496 [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt C:\windows\system32\drivers\MBfilt64.sys
10:30:18.0458 4496 MBfilt - ok
10:30:18.0614 4496 [ 34A42DD7CF525D0D2C5232916496E4B8 ] mcaudrv_simple C:\windows\system32\drivers\mcaudrv_x64.sys
10:30:18.0630 4496 mcaudrv_simple - ok
10:30:18.0676 4496 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
10:30:18.0692 4496 Mcx2Svc - ok
10:30:18.0708 4496 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
10:30:18.0708 4496 megasas - ok
10:30:18.0910 4496 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
10:30:18.0926 4496 MegaSR - ok
10:30:19.0035 4496 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\drivers\HECIx64.sys
10:30:19.0035 4496 MEIx64 - ok
10:30:19.0113 4496 MGHwCtrl - ok
10:30:19.0207 4496 [ 71C6748EE8DE938532057EF10B4B7E44 ] Micro Star SCM C:\Program Files (x86)\S-Bar\MSIService.exe
10:30:19.0207 4496 Micro Star SCM - ok
10:30:19.0347 4496 Microsoft SharePoint Workspace Audit Service - ok
10:30:19.0410 4496 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
10:30:19.0410 4496 MMCSS - ok
10:30:19.0456 4496 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
10:30:19.0456 4496 Modem - ok
10:30:19.0519 4496 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
10:30:19.0519 4496 monitor - ok
10:30:19.0597 4496 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
10:30:19.0597 4496 mouclass - ok
10:30:19.0690 4496 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
10:30:19.0690 4496 mouhid - ok
10:30:19.0737 4496 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
10:30:19.0753 4496 mountmgr - ok
10:30:19.0784 4496 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
10:30:19.0800 4496 mpio - ok
10:30:19.0831 4496 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
10:30:19.0831 4496 mpsdrv - ok
10:30:19.0909 4496 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
10:30:19.0909 4496 MpsSvc - ok
10:30:20.0034 4496 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
10:30:20.0049 4496 MRxDAV - ok
10:30:20.0080 4496 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
10:30:20.0080 4496 mrxsmb - ok
10:30:20.0112 4496 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
10:30:20.0112 4496 mrxsmb10 - ok
10:30:20.0190 4496 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
10:30:20.0190 4496 mrxsmb20 - ok
10:30:20.0283 4496 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
10:30:20.0283 4496 msahci - ok
10:30:20.0392 4496 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
10:30:20.0408 4496 msdsm - ok
10:30:20.0470 4496 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
10:30:20.0486 4496 MSDTC - ok
10:30:20.0517 4496 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
10:30:20.0517 4496 Msfs - ok
10:30:20.0548 4496 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
10:30:20.0564 4496 mshidkmdf - ok
10:30:20.0720 4496 [ 87B9DAF6D123EC06C19B41D5295441AD ] MSI Foundation Service C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe
10:30:20.0720 4496 MSI Foundation Service - ok
10:30:20.0736 4496 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
10:30:20.0751 4496 msisadrv - ok
10:30:20.0798 4496 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
10:30:20.0829 4496 MSiSCSI - ok
10:30:20.0829 4496 msiserver - ok
10:30:20.0860 4496 MSI_MSIBIOS_010507 - ok
10:30:20.0907 4496 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
10:30:20.0923 4496 MSKSSRV - ok
10:30:20.0985 4496 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
10:30:21.0029 4496 MSPCLOCK - ok
10:30:21.0076 4496 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
10:30:21.0091 4496 MSPQM - ok
10:30:21.0168 4496 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
10:30:21.0185 4496 MsRPC - ok
10:30:21.0215 4496 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
10:30:21.0215 4496 mssmbios - ok
10:30:21.0268 4496 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
10:30:21.0299 4496 MSTEE - ok
10:30:21.0330 4496 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
10:30:21.0330 4496 MTConfig - ok
10:30:21.0393 4496 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
10:30:21.0408 4496 Mup - ok
10:30:21.0471 4496 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
10:30:21.0486 4496 napagent - ok
10:30:21.0611 4496 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
10:30:21.0611 4496 NativeWifiP - ok
10:30:21.0720 4496 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
10:30:21.0753 4496 NDIS - ok
10:30:21.0807 4496 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
10:30:21.0822 4496 NdisCap - ok
10:30:21.0899 4496 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
10:30:21.0900 4496 NdisTapi - ok
10:30:21.0915 4496 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
10:30:21.0916 4496 Ndisuio - ok
10:30:21.0948 4496 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
10:30:21.0949 4496 NdisWan - ok
10:30:21.0976 4496 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
10:30:21.0977 4496 NDProxy - ok
10:30:22.0017 4496 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
10:30:22.0017 4496 NetBIOS - ok
10:30:22.0048 4496 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
10:30:22.0048 4496 NetBT - ok
10:30:22.0095 4496 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
10:30:22.0095 4496 Netlogon - ok
10:30:22.0189 4496 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
10:30:22.0189 4496 Netman - ok
10:30:22.0267 4496 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:30:22.0360 4496 NetMsmqActivator - ok
10:30:22.0438 4496 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:30:22.0438 4496 NetPipeActivator - ok
10:30:22.0516 4496 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
10:30:22.0532 4496 netprofm - ok
10:30:22.0579 4496 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:30:22.0579 4496 NetTcpActivator - ok
10:30:22.0579 4496 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:30:22.0594 4496 NetTcpPortSharing - ok
10:30:23.0159 4496 [ AC69618DE5BCCE8747C9AB0AAE1003C1 ] NETwNs64 C:\windows\system32\DRIVERS\NETwNs64.sys
10:30:23.0190 4496 NETwNs64 - ok
10:30:23.0283 4496 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
10:30:23.0283 4496 nfrd960 - ok
10:30:23.0439 4496 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
10:30:23.0439 4496 NlaSvc - ok
10:30:23.0471 4496 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
10:30:23.0471 4496 Npfs - ok
10:30:23.0502 4496 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
10:30:23.0502 4496 nsi - ok
10:30:23.0580 4496 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
10:30:23.0580 4496 nsiproxy - ok
10:30:23.0689 4496 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
10:30:23.0762 4496 Ntfs - ok
10:30:23.0836 4496 NTIOLib_1_0_4 - ok
10:30:23.0882 4496 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
10:30:23.0883 4496 Null - ok
10:30:23.0945 4496 [ 01266516E6E88D183A2B58722EEB4443 ] nusb3hub C:\windows\system32\drivers\nusb3hub.sys
10:30:23.0947 4496 nusb3hub - ok
10:30:23.0991 4496 [ 5EC04F55CC5F165F21752712437DF638 ] nusb3xhc C:\windows\system32\drivers\nusb3xhc.sys
10:30:23.0993 4496 nusb3xhc - ok
10:30:24.0611 4496 [ 6B21520DF0FE87DF756EE4EE708F8461 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
10:30:24.0674 4496 nvlddmkm - ok
10:30:24.0798 4496 [ 0EB18A2D6386BE62AFBF6BCFB5E0F0EC ] nvpciflt C:\windows\system32\DRIVERS\nvpciflt.sys
10:30:24.0818 4496 nvpciflt - ok
10:30:24.0986 4496 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
10:30:25.0002 4496 nvraid - ok
10:30:25.0067 4496 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
10:30:25.0083 4496 nvstor - ok
10:30:25.0395 4496 [ 5267B45236CB793DF315BEC491325B75 ] nvsvc C:\windows\system32\nvvsvc.exe
10:30:25.0426 4496 nvsvc - ok
10:30:25.0676 4496 [ BB7CB13633FEB42130C897CDBBDA273F ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
10:30:25.0707 4496 nvUpdatusService - ok
10:30:25.0773 4496 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
10:30:25.0787 4496 nv_agp - ok
10:30:25.0836 4496 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
10:30:25.0843 4496 ohci1394 - ok
10:30:26.0050 4496 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:30:26.0159 4496 ose64 - ok
10:30:26.0627 4496 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:30:26.0736 4496 osppsvc - ok
10:30:26.0814 4496 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
10:30:26.0814 4496 p2pimsvc - ok
10:30:26.0877 4496 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
10:30:26.0892 4496 p2psvc - ok
10:30:26.0924 4496 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
10:30:26.0955 4496 Parport - ok
10:30:27.0002 4496 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
10:30:27.0017 4496 partmgr - ok
10:30:27.0064 4496 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
10:30:27.0064 4496 PcaSvc - ok
10:30:27.0111 4496 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
10:30:27.0142 4496 pci - ok
10:30:27.0173 4496 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
10:30:27.0189 4496 pciide - ok
10:30:27.0236 4496 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
10:30:27.0267 4496 pcmcia - ok
10:30:27.0298 4496 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
10:30:27.0329 4496 pcw - ok
10:30:27.0376 4496 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
10:30:27.0376 4496 PEAUTH - ok
10:30:27.0797 4496 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
10:30:27.0813 4496 PerfHost - ok
10:30:27.0953 4496 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
10:30:28.0031 4496 pla - ok
10:30:28.0125 4496 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
10:30:28.0140 4496 PlugPlay - ok
10:30:28.0187 4496 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
10:30:28.0187 4496 PNRPAutoReg - ok
10:30:28.0218 4496 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
10:30:28.0234 4496 PNRPsvc - ok
10:30:28.0296 4496 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\windows\system32\DRIVERS\point64.sys
10:30:28.0296 4496 Point64 - ok
10:30:28.0406 4496 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
10:30:28.0406 4496 PolicyAgent - ok
10:30:28.0484 4496 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
10:30:28.0484 4496 Power - ok
10:30:28.0562 4496 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
10:30:28.0562 4496 PptpMiniport - ok
10:30:28.0593 4496 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
10:30:28.0593 4496 Processor - ok
10:30:28.0671 4496 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
10:30:28.0686 4496 ProfSvc - ok
10:30:28.0686 4496 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
10:30:28.0686 4496 ProtectedStorage - ok
10:30:28.0796 4496 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
10:30:28.0796 4496 Psched - ok
10:30:28.0855 4496 [ F036CFB275D0C55F4E45FBBF5F98B3C8 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
10:30:28.0858 4496 PSI_SVC_2 - ok
10:30:29.0026 4496 [ BC08F7F3C53CBEE68670ED1314E290FD ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys
10:30:29.0044 4496 PxHlpa64 - ok
10:30:29.0246 4496 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
10:30:29.0324 4496 ql2300 - ok
10:30:29.0387 4496 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
10:30:29.0402 4496 ql40xx - ok
10:30:29.0465 4496 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
10:30:29.0496 4496 QWAVE - ok
10:30:29.0511 4496 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
10:30:29.0527 4496 QWAVEdrv - ok
10:30:29.0558 4496 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
10:30:29.0558 4496 RasAcd - ok
10:30:29.0636 4496 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
10:30:29.0636 4496 RasAgileVpn - ok
10:30:29.0667 4496 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
10:30:29.0683 4496 RasAuto - ok
10:30:29.0730 4496 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
10:30:29.0730 4496 Rasl2tp - ok
10:30:29.0792 4496 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
10:30:29.0792 4496 RasMan - ok
10:30:29.0823 4496 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
10:30:29.0823 4496 RasPppoe - ok
10:30:29.0917 4496 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
10:30:29.0917 4496 RasSstp - ok
10:30:29.0964 4496 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
10:30:29.0979 4496 rdbss - ok
10:30:30.0011 4496 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
10:30:30.0026 4496 rdpbus - ok
10:30:30.0073 4496 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
10:30:30.0073 4496 RDPCDD - ok
10:30:30.0104 4496 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
10:30:30.0104 4496 RDPENCDD - ok
10:30:30.0135 4496 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
10:30:30.0135 4496 RDPREFMP - ok
10:30:30.0182 4496 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
10:30:30.0198 4496 RDPWD - ok
10:30:30.0245 4496 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
10:30:30.0260 4496 rdyboost - ok
10:30:30.0323 4496 [ 4D9AFDDDA0EFE97CDBFD3B5FA48B05F6 ] regi C:\windows\system32\drivers\regi.sys
10:30:30.0323 4496 regi - ok
10:30:30.0416 4496 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
10:30:30.0416 4496 RemoteAccess - ok
10:30:30.0588 4496 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
10:30:30.0588 4496 RemoteRegistry - ok
10:30:30.0650 4496 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
10:30:30.0666 4496 RFCOMM - ok
10:30:30.0759 4496 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\windows\system32\Drivers\RimUsb_AMD64.sys
10:30:30.0759 4496 RimUsb - ok
10:30:30.0791 4496 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\windows\system32\DRIVERS\RimSerial_AMD64.sys
10:30:30.0791 4496 RimVSerPort - ok
10:30:30.0837 4496 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\windows\system32\Drivers\RootMdm.sys
10:30:30.0837 4496 ROOTMODEM - ok
10:30:31.0123 4496 [ E7062DBD907E0C5CEEB5ABDAF07E6B32 ] RosettaStoneDaemon C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
10:30:31.0139 4496 RosettaStoneDaemon - ok
10:30:31.0185 4496 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
10:30:31.0185 4496 RpcEptMapper - ok
10:30:31.0217 4496 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
10:30:31.0248 4496 RpcLocator - ok
10:30:31.0341 4496 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
10:30:31.0341 4496 RpcSs - ok
10:30:31.0388 4496 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
10:30:31.0388 4496 rspndr - ok
10:30:31.0544 4496 [ CE0A1D8A59410E698140821E4E69DA0D ] RSUSBVSTOR C:\windows\System32\Drivers\RtsUVStor.sys
10:30:31.0544 4496 RSUSBVSTOR - ok
10:30:31.0575 4496 [ 16D4E350420BAA7E63E16E3FC033E1F5 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
10:30:31.0591 4496 RTL8167 - ok
10:30:31.0622 4496 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
10:30:31.0622 4496 SamSs - ok
10:30:31.0669 4496 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
10:30:31.0685 4496 sbp2port - ok
10:30:31.0731 4496 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
10:30:31.0747 4496 SCardSvr - ok
10:30:31.0809 4496 [ B2F50286DC82B93C013E3FC57BA1A956 ] SCDEmu C:\windows\system32\drivers\SCDEmu.sys
10:30:31.0825 4496 SCDEmu - ok
10:30:31.0856 4496 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
10:30:31.0856 4496 scfilter - ok
10:30:31.0919 4496 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
10:30:31.0934 4496 Schedule - ok
10:30:31.0965 4496 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
10:30:31.0965 4496 SCPolicySvc - ok
10:30:31.0997 4496 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
10:30:32.0028 4496 SDRSVC - ok
10:30:32.0090 4496 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
10:30:32.0090 4496 secdrv - ok
10:30:32.0121 4496 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
10:30:32.0121 4496 seclogon - ok
10:30:32.0153 4496 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
10:30:32.0153 4496 SENS - ok
10:30:32.0246 4496 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
10:30:32.0246 4496 SensrSvc - ok
10:30:32.0324 4496 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
10:30:32.0340 4496 Serenum - ok
10:30:32.0387 4496 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
10:30:32.0387 4496 Serial - ok
10:30:32.0496 4496 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
10:30:32.0511 4496 sermouse - ok
10:30:32.0558 4496 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
10:30:32.0574 4496 SessionEnv - ok
10:30:32.0589 4496 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
10:30:32.0589 4496 sffdisk - ok
10:30:32.0636 4496 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
10:30:32.0667 4496 sffp_mmc - ok
10:30:32.0683 4496 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
10:30:32.0683 4496 sffp_sd - ok
10:30:32.0761 4496 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
10:30:32.0777 4496 sfloppy - ok
10:30:32.0823 4496 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
10:30:32.0823 4496 SharedAccess - ok
10:30:32.0886 4496 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
10:30:32.0886 4496 ShellHWDetection - ok
10:30:32.0964 4496 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
10:30:32.0995 4496 SiSRaid2 - ok
10:30:33.0026 4496 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
10:30:33.0042 4496 SiSRaid4 - ok
10:30:33.0182 4496 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
10:30:33.0182 4496 SkypeUpdate - ok
10:30:33.0229 4496 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
10:30:33.0245 4496 Smb - ok
10:30:33.0291 4496 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
10:30:33.0307 4496 SNMPTRAP - ok
10:30:33.0338 4496 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
10:30:33.0354 4496 spldr - ok
10:30:33.0401 4496 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
10:30:33.0416 4496 Spooler - ok
10:30:33.0681 4496 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
10:30:33.0713 4496 sppsvc - ok
10:30:33.0728 4496 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
10:30:33.0728 4496 sppuinotify - ok
10:30:33.0775 4496 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
10:30:33.0791 4496 srv - ok
10:30:33.0853 4496 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
10:30:33.0853 4496 srv2 - ok
10:30:33.0929 4496 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
10:30:33.0934 4496 srvnet - ok
10:30:34.0008 4496 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
10:30:34.0014 4496 SSDPSRV - ok
10:30:34.0039 4496 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
10:30:34.0044 4496 SstpSvc - ok
10:30:34.0076 4496 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
10:30:34.0090 4496 stexstor - ok
10:30:34.0158 4496 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
10:30:34.0159 4496 stisvc - ok
10:30:34.0190 4496 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
10:30:34.0190 4496 swenum - ok
10:30:34.0393 4496 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
10:30:34.0409 4496 SwitchBoard - ok
10:30:34.0456 4496 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
10:30:34.0471 4496 swprv - ok
10:30:34.0627 4496 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
10:30:34.0643 4496 SysMain - ok
10:30:34.0674 4496 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
10:30:34.0690 4496 TabletInputService - ok
10:30:34.0705 4496 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
10:30:34.0721 4496 TapiSrv - ok
10:30:34.0752 4496 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
10:30:34.0768 4496 TBS - ok
10:30:34.0952 4496 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
10:30:35.0000 4496 Tcpip - ok
10:30:35.0220 4496 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
10:30:35.0220 4496 TCPIP6 - ok
10:30:35.0251 4496 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
10:30:35.0251 4496 tcpipreg - ok
10:30:35.0267 4496 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
10:30:35.0267 4496 TDPIPE - ok
10:30:35.0314 4496 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
10:30:35.0329 4496 TDTCP - ok
10:30:35.0392 4496 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
10:30:35.0392 4496 tdx - ok
10:30:35.0438 4496 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
10:30:35.0438 4496 TermDD - ok
10:30:35.0548 4496 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
10:30:35.0563 4496 TermService - ok
10:30:35.0594 4496 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
10:30:35.0594 4496 Themes - ok
10:30:35.0610 4496 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
10:30:35.0610 4496 THREADORDER - ok
10:30:35.0672 4496 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
10:30:35.0672 4496 TrkWks - ok
10:30:35.0750 4496 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
10:30:35.0766 4496 TrustedInstaller - ok
10:30:35.0797 4496 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
10:30:35.0797 4496 tssecsrv - ok
10:30:35.0828 4496 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
10:30:35.0844 4496 TsUsbFlt - ok
10:30:35.0891 4496 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
10:30:35.0891 4496 TsUsbGD - ok
10:30:35.0961 4496 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
10:30:35.0962 4496 tunnel - ok
10:30:36.0034 4496 [ 48743B69EA47C020A792D8649F753F44 ] TurboB C:\windows\system32\DRIVERS\TurboB.sys
10:30:36.0034 4496 TurboB - ok
10:30:36.0137 4496 [ 759F59E3EA3802FF23F93DCDB6FE9171 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
10:30:36.0139 4496 TurboBoost - ok
10:30:36.0175 4496 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
10:30:36.0191 4496 uagp35 - ok
10:30:36.0222 4496 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
10:30:36.0222 4496 udfs - ok
10:30:36.0253 4496 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
10:30:36.0269 4496 UI0Detect - ok
10:30:36.0347 4496 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
10:30:36.0378 4496 uliagpkx - ok
10:30:36.0394 4496 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
10:30:36.0394 4496 umbus - ok
10:30:36.0456 4496 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
10:30:36.0456 4496 UmPass - ok
10:30:36.0706 4496 [ FC43877B4625F6EB773C98233EB625C5 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
10:30:36.0721 4496 UNS - ok
10:30:36.0799 4496 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
10:30:36.0799 4496 upnphost - ok
10:30:36.0877 4496 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
10:30:36.0893 4496 USBAAPL64 - ok
10:30:36.0940 4496 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\windows\system32\drivers\usbaudio.sys
10:30:36.0957 4496 usbaudio - ok
10:30:37.0001 4496 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
10:30:37.0003 4496 usbccgp - ok
10:30:37.0063 4496 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
10:30:37.0080 4496 usbcir - ok
10:30:37.0164 4496 [ 6AF12011C88C80920D0543616E107CFF ] UsbClientService C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
10:30:37.0176 4496 UsbClientService - ok
10:30:37.0222 4496 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
10:30:37.0222 4496 usbehci - ok
10:30:37.0285 4496 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\drivers\usbhub.sys
10:30:37.0285 4496 usbhub - ok
10:30:37.0316 4496 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
10:30:37.0316 4496 usbohci - ok
10:30:37.0378 4496 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
10:30:37.0394 4496 usbprint - ok
10:30:37.0410 4496 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
10:30:37.0410 4496 USBSTOR - ok
10:30:37.0441 4496 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
10:30:37.0456 4496 usbuhci - ok
10:30:37.0581 4496 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
10:30:37.0581 4496 usbvideo - ok
10:30:37.0612 4496 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
10:30:37.0628 4496 UxSms - ok
10:30:37.0675 4496 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
10:30:37.0690 4496 VaultSvc - ok
10:30:37.0722 4496 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
10:30:37.0722 4496 vdrvroot - ok
10:30:37.0784 4496 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
10:30:37.0800 4496 vds - ok
10:30:37.0846 4496 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
10:30:37.0862 4496 vga - ok
10:30:37.0893 4496 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
10:30:37.0893 4496 VgaSave - ok
10:30:37.0957 4496 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
10:30:37.0967 4496 vhdmp - ok
10:30:38.0011 4496 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
10:30:38.0013 4496 viaide - ok
10:30:38.0084 4496 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
10:30:38.0098 4496 volmgr - ok
10:30:38.0124 4496 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
10:30:38.0145 4496 volmgrx - ok
10:30:38.0166 4496 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
10:30:38.0171 4496 volsnap - ok
10:30:38.0255 4496 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
10:30:38.0255 4496 vsmraid - ok
10:30:38.0458 4496 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
10:30:38.0520 4496 VSS - ok
10:30:38.0551 4496 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
10:30:38.0551 4496 vwifibus - ok
10:30:38.0614 4496 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
10:30:38.0614 4496 vwififlt - ok
10:30:38.0676 4496 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
10:30:38.0676 4496 vwifimp - ok
10:30:38.0738 4496 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
10:30:38.0770 4496 W32Time - ok
10:30:38.0785 4496 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
10:30:38.0801 4496 WacomPen - ok
10:30:38.0848 4496 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
10:30:38.0863 4496 WANARP - ok
10:30:38.0863 4496 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
10:30:38.0863 4496 Wanarpv6 - ok
10:30:39.0010 4496 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
10:30:39.0044 4496 WatAdminSvc - ok
10:30:39.0162 4496 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
10:30:39.0193 4496 wbengine - ok
10:30:39.0224 4496 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
10:30:39.0240 4496 WbioSrvc - ok
10:30:39.0287 4496 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
10:30:39.0302 4496 wcncsvc - ok
10:30:39.0318 4496 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
10:30:39.0333 4496 WcsPlugInService - ok
10:30:39.0365 4496 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
10:30:39.0380 4496 Wd - ok
10:30:39.0443 4496 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\windows\system32\DRIVERS\wdcsam64.sys
10:30:39.0458 4496 WDC_SAM - ok
10:30:39.0489 4496 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
10:30:39.0521 4496 Wdf01000 - ok
10:30:39.0552 4496 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
10:30:39.0552 4496 WdiServiceHost - ok
10:30:39.0552 4496 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
10:30:39.0567 4496 WdiSystemHost - ok
10:30:39.0599 4496 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
10:30:39.0614 4496 WebClient - ok
10:30:39.0661 4496 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
10:30:39.0677 4496 Wecsvc - ok
10:30:39.0708 4496 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
10:30:39.0723 4496 wercplsupport - ok
10:30:39.0755 4496 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
10:30:39.0786 4496 WerSvc - ok
10:30:39.0801 4496 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
10:30:39.0801 4496 WfpLwf - ok
10:30:39.0848 4496 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
10:30:39.0848 4496 WIMMount - ok
10:30:39.0895 4496 WinDefend - ok
10:30:39.0945 4496 WinHttpAutoProxySvc - ok
10:30:40.0015 4496 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
10:30:40.0016 4496 Winmgmt - ok
10:30:40.0178 4496 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
10:30:40.0224 4496 WinRM - ok
10:30:40.0334 4496 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
10:30:40.0334 4496 WinUsb - ok
10:30:40.0552 4496 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
10:30:40.0568 4496 Wlansvc - ok
10:30:40.0724 4496 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:30:40.0739 4496 wlcrasvc - ok
10:30:40.0995 4496 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:30:41.0012 4496 wlidsvc - ok
10:30:41.0059 4496 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
10:30:41.0060 4496 WmiAcpi - ok
10:30:41.0158 4496 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
10:30:41.0171 4496 wmiApSrv - ok
10:30:41.0225 4496 WMPNetworkSvc - ok
10:30:41.0287 4496 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
10:30:41.0287 4496 WPCSvc - ok
10:30:41.0318 4496 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
10:30:41.0318 4496 WPDBusEnum - ok
10:30:41.0349 4496 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
10:30:41.0349 4496 ws2ifsl - ok
10:30:41.0396 4496 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
10:30:41.0396 4496 wscsvc - ok
10:30:41.0396 4496 WSearch - ok
10:30:41.0724 4496 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
10:30:41.0739 4496 wuauserv - ok
10:30:41.0755 4496 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
10:30:41.0755 4496 WudfPf - ok
10:30:41.0864 4496 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
10:30:41.0880 4496 WUDFRd - ok
10:30:41.0922 4496 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
10:30:41.0925 4496 wudfsvc - ok
10:30:41.0978 4496 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
10:30:42.0000 4496 WwanSvc - ok
10:30:42.0099 4496 ================ Scan global ===============================
10:30:42.0170 4496 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
10:30:42.0226 4496 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
10:30:42.0241 4496 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
10:30:42.0273 4496 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
10:30:42.0319 4496 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
10:30:42.0319 4496 [Global] - ok
10:30:42.0319 4496 ================ Scan MBR ==================================
10:30:42.0351 4496 [ 5DA713DD54ABB41BE7E06ED85ADFFC43 ] \Device\Harddisk0\DR0
10:30:42.0366 4496 Suspicious mbr (Forged): \Device\Harddisk0\DR0
10:30:42.0397 4496 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
10:30:42.0397 4496 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
10:30:42.0397 4496 ================ Scan VBR ==================================
10:30:42.0444 4496 [ 9CB5716F824FDBF56682FE704527C847 ] \Device\Harddisk0\DR0\Partition1
10:30:42.0460 4496 \Device\Harddisk0\DR0\Partition1 - ok
10:30:42.0491 4496 [ B323087056A0C2F88E7669834FA28D39 ] \Device\Harddisk0\DR0\Partition2
10:30:42.0522 4496 \Device\Harddisk0\DR0\Partition2 - ok
10:30:42.0522 4496 ============================================================
10:30:42.0522 4496 Scan finished
10:30:42.0522 4496 ============================================================
10:30:42.0538 4488 Detected object count: 1
10:30:42.0538 4488 Actual detected object count: 1
10:31:27.0877 4488 \Device\Harddisk0\DR0\# - copied to quarantine
10:31:27.0908 4488 \Device\Harddisk0\DR0 - copied to quarantine
10:31:28.0205 4488 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
10:31:28.0205 4488 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
10:31:28.0251 4488 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
10:31:28.0251 4488 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
10:31:28.0251 4488 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
10:31:28.0251 4488 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
10:31:28.0251 4488 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
10:31:28.0267 4488 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
10:31:28.0267 4488 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
10:31:28.0267 4488 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
10:31:28.0267 4488 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
10:31:28.0267 4488 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
10:31:28.0283 4488 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
10:31:28.0283 4488 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
10:31:28.0298 4488 \Device\Harddisk0\DR0\TDLFS\tdi32 - copied to quarantine
10:31:28.0298 4488 \Device\Harddisk0\DR0\TDLFS\tdi64 - copied to quarantine
10:31:28.0298 4488 \Device\Harddisk0\DR0\TDLFS\main1 - copied to quarantine
10:31:28.0298 4488 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
10:31:28.0345 4488 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
10:31:28.0345 4488 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
10:31:28.0392 4488 \Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine
10:31:28.0489 4488 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
10:31:28.0550 4488 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
10:31:28.0630 4488 \Device\Harddisk0\DR0\TDLFS\serf364 - copied to quarantine
10:31:28.0668 4488 \Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine
10:31:28.0704 4488 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
10:31:29.0062 4488 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
10:31:29.0140 4488 \Device\Harddisk0\DR0 - processing error
10:33:57.0846 4488 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure
10:35:30.0278 2308 Deinitialize success

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:50 AM

Posted 18 September 2012 - 07:08 AM

Greetings

Run TDSSKiller again and if it asks if you want to create a new boot file allow it and send me the new report



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 estomac

estomac
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 18 September 2012 - 08:49 AM

Greetings Gringo,

Ran TDSS Killer again with new boot file. after reboot, did not find any rootkit anymore.

Ran aswMBR this time it worked. I did not select fixMBR unless you directed me to. Then aswMBR froze towards the end.

Please find logs below. Does it look like we are progressing ?

Many thanks



--------------------TDSS KIller Log--------------------------------------
15:10:46.0575 2664 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
15:10:46.0918 2664 ============================================================
15:10:46.0918 2664 Current date / time: 2012/09/18 15:10:46.0918
15:10:46.0918 2664 SystemInfo:
15:10:46.0918 2664
15:10:46.0918 2664 OS Version: 6.1.7601 ServicePack: 1.0
15:10:46.0918 2664 Product type: Workstation
15:10:46.0918 2664 ComputerName: LAPTOP-MSI
15:10:46.0918 2664 UserName: Laptop
15:10:46.0918 2664 Windows directory: C:\windows
15:10:46.0918 2664 System windows directory: C:\windows
15:10:46.0918 2664 Running under WOW64
15:10:46.0918 2664 Processor architecture: Intel x64
15:10:46.0918 2664 Number of processors: 8
15:10:46.0918 2664 Page size: 0x1000
15:10:46.0918 2664 Boot type: Normal boot
15:10:46.0918 2664 ============================================================
15:11:04.0983 2664 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:11:05.0263 2664 ============================================================
15:11:05.0263 2664 \Device\Harddisk0\DR0:
15:11:05.0279 2664 MBR partitions:
15:11:05.0279 2664 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1956800, BlocksNum 0x337278A6
15:11:05.0934 2664 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3507F000, BlocksNum 0x224BFEF0
15:11:05.0934 2664 ============================================================
15:11:06.0184 2664 C: <-> \Device\Harddisk0\DR0\Partition1
15:11:12.0003 2664 ============================================================
15:11:12.0003 2664 Initialize success
15:11:12.0003 2664 ============================================================
15:11:19.0239 4368 ============================================================
15:11:19.0239 4368 Scan started
15:11:19.0239 4368 Mode: Manual;
15:11:19.0239 4368 ============================================================
15:11:25.0152 4368 ================ Scan system memory ========================
15:11:25.0152 4368 System memory - ok
15:11:25.0152 4368 ================ Scan services =============================
15:11:26.0337 4368 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
15:11:26.0353 4368 1394ohci - ok
15:11:26.0524 4368 [ F146E2BA475893DD77B2370DC1211FC6 ] 63640361 C:\windows\system32\drivers\90526350.sys
15:11:26.0540 4368 63640361 - ok
15:11:26.0602 4368 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
15:11:26.0618 4368 ACPI - ok
15:11:26.0680 4368 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
15:11:26.0680 4368 AcpiPmi - ok
15:11:26.0930 4368 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:11:26.0946 4368 AdobeARMservice - ok
15:11:27.0070 4368 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
15:11:27.0086 4368 adp94xx - ok
15:11:27.0180 4368 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
15:11:27.0195 4368 adpahci - ok
15:11:27.0273 4368 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
15:11:27.0273 4368 adpu320 - ok
15:11:27.0336 4368 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
15:11:27.0351 4368 AeLookupSvc - ok
15:11:27.0476 4368 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
15:11:27.0476 4368 AFD - ok
15:11:27.0554 4368 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
15:11:27.0554 4368 agp440 - ok
15:11:27.0616 4368 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
15:11:27.0632 4368 ALG - ok
15:11:27.0694 4368 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
15:11:27.0710 4368 aliide - ok
15:11:27.0772 4368 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
15:11:27.0772 4368 amdide - ok
15:11:27.0804 4368 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
15:11:27.0804 4368 AmdK8 - ok
15:11:27.0866 4368 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
15:11:27.0866 4368 AmdPPM - ok
15:11:27.0897 4368 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
15:11:27.0913 4368 amdsata - ok
15:11:27.0960 4368 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
15:11:27.0975 4368 amdsbs - ok
15:11:28.0022 4368 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
15:11:28.0022 4368 amdxata - ok
15:11:28.0116 4368 [ 9921E78BC29634235F4BF5809E7E8CDE ] AMPPAL C:\windows\system32\DRIVERS\AMPPAL.sys
15:11:28.0131 4368 AMPPAL - ok
15:11:28.0147 4368 [ 9921E78BC29634235F4BF5809E7E8CDE ] AMPPALP C:\windows\system32\DRIVERS\amppal.sys
15:11:28.0162 4368 AMPPALP - ok
15:11:28.0412 4368 [ 83A0E7BA4AE616D3654E700D9C5FF9DB ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
15:11:28.0428 4368 AMPPALR3 - ok
15:11:28.0521 4368 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
15:11:28.0521 4368 AppID - ok
15:11:28.0568 4368 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
15:11:28.0584 4368 AppIDSvc - ok
15:11:28.0662 4368 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
15:11:28.0677 4368 Appinfo - ok
15:11:28.0880 4368 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:11:28.0880 4368 Apple Mobile Device - ok
15:11:29.0052 4368 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
15:11:29.0052 4368 arc - ok
15:11:29.0098 4368 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
15:11:29.0098 4368 arcsas - ok
15:11:29.0239 4368 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:11:29.0332 4368 aspnet_state - ok
15:11:29.0364 4368 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
15:11:29.0364 4368 AsyncMac - ok
15:11:29.0426 4368 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
15:11:29.0426 4368 atapi - ok
15:11:29.0582 4368 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\windows\system32\DRIVERS\athrx.sys
15:11:29.0644 4368 athr - ok
15:11:29.0769 4368 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
15:11:29.0785 4368 AudioEndpointBuilder - ok
15:11:29.0816 4368 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
15:11:29.0832 4368 AudioSrv - ok
15:11:29.0894 4368 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
15:11:29.0910 4368 AxInstSV - ok
15:11:29.0988 4368 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
15:11:30.0003 4368 b06bdrv - ok
15:11:30.0034 4368 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
15:11:30.0050 4368 b57nd60a - ok
15:11:30.0128 4368 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
15:11:30.0128 4368 BDESVC - ok
15:11:30.0190 4368 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
15:11:30.0190 4368 Beep - ok
15:11:30.0237 4368 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
15:11:30.0237 4368 BFE - ok
15:11:30.0346 4368 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
15:11:30.0393 4368 BITS - ok
15:11:30.0424 4368 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\drivers\blbdrive.sys
15:11:30.0440 4368 blbdrive - ok
15:11:30.0690 4368 [ 55B0C8441DE7D91A819A39D0351154A2 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
15:11:30.0705 4368 Bluetooth Device Monitor - ok
15:11:30.0783 4368 [ 7E262330DF0C4BE4ECE853B59B9CBE4C ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
15:11:30.0799 4368 Bluetooth Media Service - ok
15:11:30.0861 4368 [ 8BF4B9956E13871A88A3810074E2E110 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
15:11:30.0877 4368 Bluetooth OBEX Service - ok
15:11:30.0970 4368 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:11:30.0986 4368 Bonjour Service - ok
15:11:31.0033 4368 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
15:11:31.0048 4368 bowser - ok
15:11:31.0095 4368 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
15:11:31.0095 4368 BrFiltLo - ok
15:11:31.0126 4368 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
15:11:31.0126 4368 BrFiltUp - ok
15:11:31.0189 4368 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
15:11:31.0189 4368 BridgeMP - ok
15:11:31.0251 4368 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
15:11:31.0267 4368 Browser - ok
15:11:31.0298 4368 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
15:11:31.0314 4368 Brserid - ok
15:11:31.0360 4368 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
15:11:31.0360 4368 BrSerWdm - ok
15:11:31.0407 4368 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
15:11:31.0423 4368 BrUsbMdm - ok
15:11:31.0438 4368 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
15:11:31.0454 4368 BrUsbSer - ok
15:11:31.0672 4368 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
15:11:31.0672 4368 BthEnum - ok
15:11:31.0844 4368 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
15:11:31.0860 4368 BTHMODEM - ok
15:11:31.0938 4368 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
15:11:31.0938 4368 BthPan - ok
15:11:32.0234 4368 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
15:11:32.0234 4368 BTHPORT - ok
15:11:32.0452 4368 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
15:11:32.0468 4368 bthserv - ok
15:11:32.0499 4368 [ A5B3E8B2B78C7B3DA56A0DE490E6718C ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
15:11:32.0499 4368 BTHSSecurityMgr - ok
15:11:32.0593 4368 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
15:11:32.0593 4368 BTHUSB - ok
15:11:32.0671 4368 [ 270FBA230E78E25726D065A924589A72 ] btmaux C:\windows\system32\DRIVERS\btmaux.sys
15:11:32.0686 4368 btmaux - ok
15:11:32.0764 4368 [ 0010A54571F525A97EED8C091E96EAA9 ] btmhsf C:\windows\system32\DRIVERS\btmhsf.sys
15:11:32.0780 4368 btmhsf - ok
15:11:32.0858 4368 [ FC278504BFA3AC7E9ED92359D0EE7282 ] busenum C:\windows\system32\DRIVERS\busenum.sys
15:11:32.0858 4368 busenum - ok
15:11:33.0186 4368 catchme - ok
15:11:33.0232 4368 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
15:11:33.0232 4368 cdfs - ok
15:11:33.0295 4368 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
15:11:33.0295 4368 cdrom - ok
15:11:33.0342 4368 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
15:11:33.0357 4368 CertPropSvc - ok
15:11:33.0404 4368 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
15:11:33.0404 4368 circlass - ok
15:11:33.0513 4368 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
15:11:33.0513 4368 CLFS - ok
15:11:33.0607 4368 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:11:33.0607 4368 clr_optimization_v2.0.50727_32 - ok
15:11:33.0685 4368 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:11:33.0700 4368 clr_optimization_v2.0.50727_64 - ok
15:11:33.0981 4368 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:11:34.0496 4368 clr_optimization_v4.0.30319_32 - ok
15:11:34.0527 4368 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:11:34.0605 4368 clr_optimization_v4.0.30319_64 - ok
15:11:34.0636 4368 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\drivers\CmBatt.sys
15:11:34.0636 4368 CmBatt - ok
15:11:34.0668 4368 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
15:11:34.0683 4368 cmdide - ok
15:11:34.0777 4368 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
15:11:34.0777 4368 CNG - ok
15:11:34.0824 4368 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
15:11:34.0824 4368 Compbatt - ok
15:11:34.0886 4368 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
15:11:34.0886 4368 CompositeBus - ok
15:11:34.0902 4368 COMSysApp - ok
15:11:34.0933 4368 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
15:11:34.0933 4368 crcdisk - ok
15:11:34.0995 4368 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll
15:11:35.0011 4368 CryptSvc - ok
15:11:35.0136 4368 [ 80861969541971176E005D2C09DAE851 ] DAUpdaterSvc C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
15:11:35.0151 4368 DAUpdaterSvc - ok
15:11:35.0229 4368 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
15:11:35.0245 4368 DcomLaunch - ok
15:11:35.0307 4368 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
15:11:35.0338 4368 defragsvc - ok
15:11:35.0401 4368 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
15:11:35.0416 4368 DfsC - ok
15:11:35.0526 4368 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
15:11:35.0526 4368 Dhcp - ok
15:11:35.0541 4368 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
15:11:35.0541 4368 discache - ok
15:11:35.0619 4368 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
15:11:35.0635 4368 Disk - ok
15:11:35.0682 4368 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
15:11:35.0697 4368 Dnscache - ok
15:11:35.0744 4368 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
15:11:35.0760 4368 dot3svc - ok
15:11:35.0806 4368 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
15:11:35.0822 4368 DPS - ok
15:11:35.0869 4368 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
15:11:35.0869 4368 drmkaud - ok
15:11:35.0931 4368 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
15:11:35.0947 4368 DXGKrnl - ok
15:11:35.0994 4368 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
15:11:36.0009 4368 EapHost - ok
15:11:36.0493 4368 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
15:11:36.0586 4368 ebdrv - ok
15:11:36.0633 4368 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
15:11:36.0633 4368 EFS - ok
15:11:37.0226 4368 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
15:11:37.0242 4368 ehRecvr - ok
15:11:37.0257 4368 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
15:11:37.0273 4368 ehSched - ok
15:11:37.0366 4368 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
15:11:37.0398 4368 elxstor - ok
15:11:37.0413 4368 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
15:11:37.0429 4368 ErrDev - ok
15:11:37.0538 4368 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
15:11:37.0554 4368 EventSystem - ok
15:11:37.0600 4368 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
15:11:37.0616 4368 exfat - ok
15:11:37.0632 4368 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
15:11:37.0647 4368 fastfat - ok
15:11:37.0741 4368 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
15:11:37.0756 4368 Fax - ok
15:11:37.0803 4368 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
15:11:37.0819 4368 fdc - ok
15:11:37.0850 4368 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
15:11:37.0866 4368 fdPHost - ok
15:11:37.0881 4368 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
15:11:37.0881 4368 FDResPub - ok
15:11:37.0928 4368 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
15:11:37.0928 4368 FileInfo - ok
15:11:37.0975 4368 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
15:11:37.0975 4368 Filetrace - ok
15:11:38.0271 4368 [ 8669BE94F63944E4F899C3950B520241 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:11:38.0349 4368 FLEXnet Licensing Service - ok
15:11:38.0380 4368 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
15:11:38.0396 4368 flpydisk - ok
15:11:38.0427 4368 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
15:11:38.0443 4368 FltMgr - ok
15:11:38.0536 4368 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
15:11:38.0583 4368 FontCache - ok
15:11:38.0646 4368 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:11:38.0661 4368 FontCache3.0.0.0 - ok
15:11:38.0677 4368 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
15:11:38.0692 4368 FsDepends - ok
15:11:38.0739 4368 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
15:11:38.0739 4368 Fs_Rec - ok
15:11:38.0817 4368 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
15:11:38.0833 4368 fvevol - ok
15:11:38.0880 4368 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
15:11:38.0880 4368 gagp30kx - ok
15:11:38.0942 4368 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
15:11:38.0942 4368 GEARAspiWDM - ok
15:11:39.0051 4368 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
15:11:39.0082 4368 gpsvc - ok
15:11:39.0145 4368 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
15:11:39.0145 4368 hcw85cir - ok
15:11:39.0192 4368 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
15:11:39.0207 4368 HdAudAddService - ok
15:11:39.0254 4368 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
15:11:39.0254 4368 HDAudBus - ok
15:11:39.0301 4368 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
15:11:39.0316 4368 HidBatt - ok
15:11:39.0332 4368 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
15:11:39.0348 4368 HidBth - ok
15:11:39.0394 4368 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
15:11:39.0410 4368 HidIr - ok
15:11:39.0457 4368 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
15:11:39.0457 4368 hidserv - ok
15:11:39.0504 4368 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
15:11:39.0504 4368 HidUsb - ok
15:11:39.0535 4368 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
15:11:39.0550 4368 hkmsvc - ok
15:11:39.0597 4368 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
15:11:39.0628 4368 HomeGroupListener - ok
15:11:39.0660 4368 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
15:11:39.0675 4368 HomeGroupProvider - ok
15:11:39.0691 4368 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
15:11:39.0706 4368 HpSAMD - ok
15:11:39.0800 4368 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
15:11:39.0816 4368 HTTP - ok
15:11:39.0831 4368 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
15:11:39.0831 4368 hwpolicy - ok
15:11:39.0894 4368 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
15:11:39.0909 4368 i8042prt - ok
15:11:39.0956 4368 [ D469B77687E12FE43E344806740B624D ] iaStor C:\windows\system32\drivers\iaStor.sys
15:11:39.0956 4368 iaStor - ok
15:11:40.0034 4368 [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
15:11:40.0034 4368 IAStorDataMgrSvc - ok
15:11:40.0096 4368 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
15:11:40.0112 4368 iaStorV - ok
15:11:40.0159 4368 [ DE9E40BAEE2E48FD1E3EB423074C014C ] iBtFltCoex C:\windows\system32\DRIVERS\iBtFltCoex.sys
15:11:40.0159 4368 iBtFltCoex - ok
15:11:40.0393 4368 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:11:40.0486 4368 idsvc - ok
15:11:41.0329 4368 [ 6383899C5F964D71B0F96B81FBE59BB8 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
15:11:41.0547 4368 igfx - ok
15:11:41.0625 4368 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
15:11:41.0641 4368 iirsp - ok
15:11:41.0750 4368 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
15:11:41.0781 4368 IKEEXT - ok
15:11:41.0968 4368 [ C15A21B1E2291952424F361093734F95 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
15:11:41.0984 4368 IntcAzAudAddService - ok
15:11:42.0078 4368 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
15:11:42.0093 4368 IntcDAud - ok
15:11:42.0156 4368 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
15:11:42.0171 4368 intelide - ok
15:11:42.0218 4368 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\drivers\intelppm.sys
15:11:42.0218 4368 intelppm - ok
15:11:42.0249 4368 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
15:11:42.0265 4368 IPBusEnum - ok
15:11:42.0343 4368 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
15:11:42.0358 4368 IpFilterDriver - ok
15:11:42.0436 4368 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
15:11:42.0452 4368 iphlpsvc - ok
15:11:42.0468 4368 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
15:11:42.0483 4368 IPMIDRV - ok
15:11:42.0514 4368 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
15:11:42.0514 4368 IPNAT - ok
15:11:42.0577 4368 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:11:42.0592 4368 iPod Service - ok
15:11:42.0624 4368 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
15:11:42.0639 4368 IRENUM - ok
15:11:42.0670 4368 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
15:11:42.0686 4368 isapnp - ok
15:11:42.0702 4368 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
15:11:42.0717 4368 iScsiPrt - ok
15:11:42.0748 4368 [ F415A88162D23977B5EDAE4F0410E903 ] IviRegMgr C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
15:11:42.0748 4368 IviRegMgr - ok
15:11:42.0780 4368 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
15:11:42.0780 4368 kbdclass - ok
15:11:42.0826 4368 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
15:11:42.0842 4368 kbdhid - ok
15:11:42.0889 4368 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
15:11:42.0889 4368 KeyIso - ok
15:11:42.0951 4368 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
15:11:42.0967 4368 KSecDD - ok
15:11:42.0982 4368 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
15:11:42.0982 4368 KSecPkg - ok
15:11:43.0045 4368 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
15:11:43.0045 4368 ksthunk - ok
15:11:43.0092 4368 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
15:11:43.0123 4368 KtmRm - ok
15:11:43.0154 4368 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
15:11:43.0170 4368 LanmanServer - ok
15:11:43.0216 4368 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
15:11:43.0232 4368 LanmanWorkstation - ok
15:11:43.0310 4368 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
15:11:43.0326 4368 lltdio - ok
15:11:43.0388 4368 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
15:11:43.0404 4368 lltdsvc - ok
15:11:43.0435 4368 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
15:11:43.0450 4368 lmhosts - ok
15:11:43.0544 4368 [ 1584DEEAE5AA0E3FB045F3D0EAC585EA ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
15:11:43.0560 4368 LMS - ok
15:11:43.0591 4368 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
15:11:43.0606 4368 LSI_FC - ok
15:11:43.0684 4368 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
15:11:43.0684 4368 LSI_SAS - ok
15:11:43.0731 4368 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
15:11:43.0747 4368 LSI_SAS2 - ok
15:11:43.0794 4368 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
15:11:43.0794 4368 LSI_SCSI - ok
15:11:43.0840 4368 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
15:11:43.0856 4368 luafv - ok
15:11:43.0965 4368 [ 922CBAC7B992B9614CAB7122F4BF9406 ] ManyCam C:\windows\system32\DRIVERS\mcvidrv_x64.sys
15:11:43.0965 4368 ManyCam - ok
15:11:44.0043 4368 [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt C:\windows\system32\drivers\MBfilt64.sys
15:11:44.0043 4368 MBfilt - ok
15:11:44.0121 4368 [ 34A42DD7CF525D0D2C5232916496E4B8 ] mcaudrv_simple C:\windows\system32\drivers\mcaudrv_x64.sys
15:11:44.0121 4368 mcaudrv_simple - ok
15:11:44.0152 4368 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
15:11:44.0168 4368 Mcx2Svc - ok
15:11:44.0199 4368 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
15:11:44.0215 4368 megasas - ok
15:11:44.0293 4368 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
15:11:44.0293 4368 MegaSR - ok
15:11:44.0355 4368 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\drivers\HECIx64.sys
15:11:44.0371 4368 MEIx64 - ok
15:11:44.0433 4368 MGHwCtrl - ok
15:11:44.0496 4368 [ 71C6748EE8DE938532057EF10B4B7E44 ] Micro Star SCM C:\Program Files (x86)\S-Bar\MSIService.exe
15:11:44.0511 4368 Micro Star SCM - ok
15:11:44.0620 4368 Microsoft SharePoint Workspace Audit Service - ok
15:11:44.0652 4368 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
15:11:44.0652 4368 MMCSS - ok
15:11:44.0667 4368 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
15:11:44.0683 4368 Modem - ok
15:11:44.0730 4368 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
15:11:44.0730 4368 monitor - ok
15:11:44.0792 4368 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
15:11:44.0792 4368 mouclass - ok
15:11:44.0823 4368 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
15:11:44.0823 4368 mouhid - ok
15:11:44.0870 4368 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
15:11:44.0886 4368 mountmgr - ok
15:11:44.0932 4368 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
15:11:44.0948 4368 mpio - ok
15:11:44.0964 4368 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
15:11:44.0964 4368 mpsdrv - ok
15:11:45.0026 4368 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
15:11:45.0073 4368 MpsSvc - ok
15:11:45.0104 4368 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
15:11:45.0120 4368 MRxDAV - ok
15:11:45.0151 4368 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
15:11:45.0166 4368 mrxsmb - ok
15:11:45.0229 4368 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
15:11:45.0244 4368 mrxsmb10 - ok
15:11:45.0276 4368 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
15:11:45.0291 4368 mrxsmb20 - ok
15:11:45.0307 4368 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
15:11:45.0307 4368 msahci - ok
15:11:45.0322 4368 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
15:11:45.0322 4368 msdsm - ok
15:11:45.0369 4368 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
15:11:45.0385 4368 MSDTC - ok
15:11:45.0400 4368 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
15:11:45.0416 4368 Msfs - ok
15:11:45.0463 4368 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
15:11:45.0463 4368 mshidkmdf - ok
15:11:45.0634 4368 [ 87B9DAF6D123EC06C19B41D5295441AD ] MSI Foundation Service C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe
15:11:45.0634 4368 MSI Foundation Service - ok
15:11:45.0650 4368 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
15:11:45.0650 4368 msisadrv - ok
15:11:45.0728 4368 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
15:11:45.0744 4368 MSiSCSI - ok
15:11:45.0744 4368 msiserver - ok
15:11:45.0775 4368 MSI_MSIBIOS_010507 - ok
15:11:45.0806 4368 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
15:11:45.0822 4368 MSKSSRV - ok
15:11:45.0853 4368 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
15:11:45.0868 4368 MSPCLOCK - ok
15:11:45.0884 4368 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
15:11:45.0900 4368 MSPQM - ok
15:11:45.0946 4368 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
15:11:45.0962 4368 MsRPC - ok
15:11:45.0993 4368 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
15:11:45.0993 4368 mssmbios - ok
15:11:46.0024 4368 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
15:11:46.0040 4368 MSTEE - ok
15:11:46.0056 4368 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
15:11:46.0071 4368 MTConfig - ok
15:11:46.0102 4368 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
15:11:46.0102 4368 Mup - ok
15:11:46.0149 4368 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
15:11:46.0165 4368 napagent - ok
15:11:46.0274 4368 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
15:11:46.0290 4368 NativeWifiP - ok
15:11:46.0414 4368 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
15:11:46.0461 4368 NDIS - ok
15:11:46.0492 4368 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
15:11:46.0508 4368 NdisCap - ok
15:11:46.0555 4368 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
15:11:46.0555 4368 NdisTapi - ok
15:11:46.0570 4368 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
15:11:46.0586 4368 Ndisuio - ok
15:11:46.0602 4368 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
15:11:46.0617 4368 NdisWan - ok
15:11:46.0664 4368 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
15:11:46.0664 4368 NDProxy - ok
15:11:46.0711 4368 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
15:11:46.0711 4368 NetBIOS - ok
15:11:46.0726 4368 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
15:11:46.0742 4368 NetBT - ok
15:11:46.0773 4368 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
15:11:46.0773 4368 Netlogon - ok
15:11:46.0867 4368 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
15:11:46.0882 4368 Netman - ok
15:11:46.0945 4368 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:11:47.0023 4368 NetMsmqActivator - ok
15:11:47.0054 4368 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:11:47.0070 4368 NetPipeActivator - ok
15:11:47.0116 4368 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
15:11:47.0116 4368 netprofm - ok
15:11:47.0163 4368 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:11:47.0163 4368 NetTcpActivator - ok
15:11:47.0163 4368 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:11:47.0179 4368 NetTcpPortSharing - ok
15:11:47.0850 4368 [ AC69618DE5BCCE8747C9AB0AAE1003C1 ] NETwNs64 C:\windows\system32\DRIVERS\NETwNs64.sys
15:11:48.0006 4368 NETwNs64 - ok
15:11:48.0052 4368 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
15:11:48.0068 4368 nfrd960 - ok
15:11:48.0115 4368 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
15:11:48.0130 4368 NlaSvc - ok
15:11:48.0146 4368 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
15:11:48.0146 4368 Npfs - ok
15:11:48.0177 4368 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
15:11:48.0177 4368 nsi - ok
15:11:48.0208 4368 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
15:11:48.0208 4368 nsiproxy - ok
15:11:48.0333 4368 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
15:11:48.0396 4368 Ntfs - ok
15:11:48.0474 4368 NTIOLib_1_0_4 - ok
15:11:48.0505 4368 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
15:11:48.0520 4368 Null - ok
15:11:48.0583 4368 [ 01266516E6E88D183A2B58722EEB4443 ] nusb3hub C:\windows\system32\drivers\nusb3hub.sys
15:11:48.0583 4368 nusb3hub - ok
15:11:48.0614 4368 [ 5EC04F55CC5F165F21752712437DF638 ] nusb3xhc C:\windows\system32\drivers\nusb3xhc.sys
15:11:48.0630 4368 nusb3xhc - ok
15:11:49.0768 4368 [ 6B21520DF0FE87DF756EE4EE708F8461 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
15:11:49.0831 4368 nvlddmkm - ok
15:11:49.0862 4368 [ 0EB18A2D6386BE62AFBF6BCFB5E0F0EC ] nvpciflt C:\windows\system32\DRIVERS\nvpciflt.sys
15:11:49.0862 4368 nvpciflt - ok
15:11:49.0909 4368 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
15:11:49.0924 4368 nvraid - ok
15:11:49.0956 4368 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
15:11:49.0987 4368 nvstor - ok
15:11:50.0143 4368 [ 5267B45236CB793DF315BEC491325B75 ] nvsvc C:\windows\system32\nvvsvc.exe
15:11:50.0174 4368 nvsvc - ok
15:11:50.0548 4368 [ BB7CB13633FEB42130C897CDBBDA273F ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
15:11:50.0611 4368 nvUpdatusService - ok
15:11:50.0642 4368 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
15:11:50.0658 4368 nv_agp - ok
15:11:50.0689 4368 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
15:11:50.0704 4368 ohci1394 - ok
15:11:50.0860 4368 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:11:50.0892 4368 ose64 - ok
15:11:51.0282 4368 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:11:51.0391 4368 osppsvc - ok
15:11:51.0438 4368 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
15:11:51.0469 4368 p2pimsvc - ok
15:11:51.0500 4368 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
15:11:51.0500 4368 p2psvc - ok
15:11:51.0547 4368 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
15:11:51.0562 4368 Parport - ok
15:11:51.0594 4368 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
15:11:51.0594 4368 partmgr - ok
15:11:51.0656 4368 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
15:11:51.0672 4368 PcaSvc - ok
15:11:51.0718 4368 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
15:11:51.0734 4368 pci - ok
15:11:51.0765 4368 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
15:11:51.0781 4368 pciide - ok
15:11:51.0828 4368 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
15:11:51.0859 4368 pcmcia - ok
15:11:51.0890 4368 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
15:11:51.0890 4368 pcw - ok
15:11:51.0952 4368 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
15:11:51.0999 4368 PEAUTH - ok
15:11:52.0374 4368 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
15:11:52.0389 4368 PerfHost - ok
15:11:52.0498 4368 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
15:11:52.0545 4368 pla - ok
15:11:52.0654 4368 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
15:11:52.0670 4368 PlugPlay - ok
15:11:52.0732 4368 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
15:11:52.0732 4368 PNRPAutoReg - ok
15:11:52.0764 4368 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
15:11:52.0764 4368 PNRPsvc - ok
15:11:52.0826 4368 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\windows\system32\DRIVERS\point64.sys
15:11:52.0826 4368 Point64 - ok
15:11:52.0888 4368 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
15:11:52.0920 4368 PolicyAgent - ok
15:11:52.0966 4368 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
15:11:52.0982 4368 Power - ok
15:11:53.0013 4368 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
15:11:53.0029 4368 PptpMiniport - ok
15:11:53.0060 4368 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
15:11:53.0076 4368 Processor - ok
15:11:53.0122 4368 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
15:11:53.0154 4368 ProfSvc - ok
15:11:53.0169 4368 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
15:11:53.0169 4368 ProtectedStorage - ok
15:11:53.0200 4368 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
15:11:53.0216 4368 Psched - ok
15:11:53.0263 4368 [ F036CFB275D0C55F4E45FBBF5F98B3C8 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
15:11:53.0263 4368 PSI_SVC_2 - ok
15:11:53.0388 4368 [ BC08F7F3C53CBEE68670ED1314E290FD ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys
15:11:53.0388 4368 PxHlpa64 - ok
15:11:53.0637 4368 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
15:11:53.0700 4368 ql2300 - ok
15:11:53.0746 4368 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
15:11:53.0762 4368 ql40xx - ok
15:11:53.0809 4368 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
15:11:53.0809 4368 QWAVE - ok
15:11:53.0840 4368 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
15:11:53.0840 4368 QWAVEdrv - ok
15:11:53.0902 4368 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
15:11:53.0902 4368 RasAcd - ok
15:11:53.0965 4368 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
15:11:53.0965 4368 RasAgileVpn - ok
15:11:54.0012 4368 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
15:11:54.0027 4368 RasAuto - ok
15:11:54.0043 4368 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
15:11:54.0058 4368 Rasl2tp - ok
15:11:54.0090 4368 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
15:11:54.0105 4368 RasMan - ok
15:11:54.0136 4368 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
15:11:54.0152 4368 RasPppoe - ok
15:11:54.0199 4368 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
15:11:54.0199 4368 RasSstp - ok
15:11:54.0261 4368 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
15:11:54.0277 4368 rdbss - ok
15:11:54.0324 4368 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
15:11:54.0339 4368 rdpbus - ok
15:11:54.0386 4368 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
15:11:54.0386 4368 RDPCDD - ok
15:11:54.0433 4368 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
15:11:54.0433 4368 RDPENCDD - ok
15:11:54.0464 4368 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
15:11:54.0464 4368 RDPREFMP - ok
15:11:54.0511 4368 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
15:11:54.0526 4368 RDPWD - ok
15:11:54.0589 4368 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
15:11:54.0604 4368 rdyboost - ok
15:11:54.0636 4368 [ 4D9AFDDDA0EFE97CDBFD3B5FA48B05F6 ] regi C:\windows\system32\drivers\regi.sys
15:11:54.0636 4368 regi - ok
15:11:54.0714 4368 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
15:11:54.0729 4368 RemoteAccess - ok
15:11:54.0776 4368 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
15:11:54.0776 4368 RemoteRegistry - ok
15:11:54.0823 4368 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
15:11:54.0838 4368 RFCOMM - ok
15:11:54.0885 4368 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\windows\system32\Drivers\RimUsb_AMD64.sys
15:11:54.0901 4368 RimUsb - ok
15:11:54.0932 4368 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\windows\system32\DRIVERS\RimSerial_AMD64.sys
15:11:54.0932 4368 RimVSerPort - ok
15:11:54.0979 4368 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\windows\system32\Drivers\RootMdm.sys
15:11:55.0010 4368 ROOTMODEM - ok
15:11:55.0275 4368 [ E7062DBD907E0C5CEEB5ABDAF07E6B32 ] RosettaStoneDaemon C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
15:11:55.0322 4368 RosettaStoneDaemon - ok
15:11:55.0353 4368 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
15:11:55.0369 4368 RpcEptMapper - ok
15:11:55.0384 4368 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
15:11:55.0400 4368 RpcLocator - ok
15:11:55.0431 4368 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
15:11:55.0447 4368 RpcSs - ok
15:11:55.0478 4368 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
15:11:55.0494 4368 rspndr - ok
15:11:55.0603 4368 [ CE0A1D8A59410E698140821E4E69DA0D ] RSUSBVSTOR C:\windows\System32\Drivers\RtsUVStor.sys
15:11:55.0603 4368 RSUSBVSTOR - ok
15:11:55.0634 4368 [ 16D4E350420BAA7E63E16E3FC033E1F5 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
15:11:55.0634 4368 RTL8167 - ok
15:11:55.0665 4368 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
15:11:55.0665 4368 SamSs - ok
15:11:55.0712 4368 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
15:11:55.0728 4368 sbp2port - ok
15:11:55.0774 4368 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
15:11:55.0806 4368 SCardSvr - ok
15:11:55.0899 4368 [ B2F50286DC82B93C013E3FC57BA1A956 ] SCDEmu C:\windows\system32\drivers\SCDEmu.sys
15:11:55.0899 4368 SCDEmu - ok
15:11:55.0930 4368 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
15:11:55.0930 4368 scfilter - ok
15:11:56.0164 4368 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
15:11:56.0242 4368 Schedule - ok
15:11:56.0289 4368 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
15:11:56.0289 4368 SCPolicySvc - ok
15:11:56.0352 4368 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
15:11:56.0352 4368 SDRSVC - ok
15:11:56.0414 4368 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
15:11:56.0430 4368 secdrv - ok
15:11:56.0445 4368 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
15:11:56.0461 4368 seclogon - ok
15:11:56.0508 4368 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
15:11:56.0523 4368 SENS - ok
15:11:56.0539 4368 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
15:11:56.0539 4368 SensrSvc - ok
15:11:56.0601 4368 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
15:11:56.0617 4368 Serenum - ok
15:11:56.0632 4368 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
15:11:56.0648 4368 Serial - ok
15:11:56.0710 4368 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
15:11:56.0726 4368 sermouse - ok
15:11:56.0773 4368 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
15:11:56.0773 4368 SessionEnv - ok
15:11:56.0804 4368 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
15:11:56.0820 4368 sffdisk - ok
15:11:56.0866 4368 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
15:11:56.0866 4368 sffp_mmc - ok
15:11:56.0898 4368 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
15:11:56.0913 4368 sffp_sd - ok
15:11:56.0944 4368 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
15:11:56.0944 4368 sfloppy - ok
15:11:57.0022 4368 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
15:11:57.0038 4368 SharedAccess - ok
15:11:57.0085 4368 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
15:11:57.0100 4368 ShellHWDetection - ok
15:11:57.0147 4368 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
15:11:57.0163 4368 SiSRaid2 - ok
15:11:57.0225 4368 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
15:11:57.0225 4368 SiSRaid4 - ok
15:11:57.0412 4368 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:11:57.0428 4368 SkypeUpdate - ok
15:11:57.0459 4368 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
15:11:57.0475 4368 Smb - ok
15:11:57.0537 4368 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
15:11:57.0553 4368 SNMPTRAP - ok
15:11:57.0584 4368 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
15:11:57.0584 4368 spldr - ok
15:11:57.0646 4368 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
15:11:57.0662 4368 Spooler - ok
15:11:57.0958 4368 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
15:11:58.0052 4368 sppsvc - ok
15:11:58.0130 4368 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
15:11:58.0146 4368 sppuinotify - ok
15:11:58.0317 4368 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
15:11:58.0333 4368 srv - ok
15:11:58.0395 4368 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
15:11:58.0411 4368 srv2 - ok
15:11:58.0426 4368 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
15:11:58.0426 4368 srvnet - ok
15:11:58.0489 4368 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
15:11:58.0520 4368 SSDPSRV - ok
15:11:58.0536 4368 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
15:11:58.0551 4368 SstpSvc - ok
15:11:58.0598 4368 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
15:11:58.0598 4368 stexstor - ok
15:11:58.0660 4368 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
15:11:58.0676 4368 stisvc - ok
15:11:58.0723 4368 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
15:11:58.0723 4368 swenum - ok
15:11:58.0770 4368 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
15:11:58.0816 4368 swprv - ok
15:11:58.0926 4368 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
15:11:58.0972 4368 SysMain - ok
15:11:59.0004 4368 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
15:11:59.0019 4368 TabletInputService - ok
15:11:59.0035 4368 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
15:11:59.0050 4368 TapiSrv - ok
15:11:59.0097 4368 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
15:11:59.0113 4368 TBS - ok
15:11:59.0300 4368 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
15:11:59.0347 4368 Tcpip - ok
15:11:59.0550 4368 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
15:11:59.0581 4368 TCPIP6 - ok
15:11:59.0612 4368 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
15:11:59.0628 4368 tcpipreg - ok
15:11:59.0659 4368 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
15:11:59.0659 4368 TDPIPE - ok
15:11:59.0690 4368 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
15:11:59.0690 4368 TDTCP - ok
15:11:59.0721 4368 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
15:11:59.0721 4368 tdx - ok
15:11:59.0752 4368 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
15:11:59.0752 4368 TermDD - ok
15:11:59.0784 4368 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
15:11:59.0799 4368 TermService - ok
15:11:59.0815 4368 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
15:11:59.0815 4368 Themes - ok
15:11:59.0830 4368 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
15:11:59.0846 4368 THREADORDER - ok
15:11:59.0877 4368 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
15:11:59.0893 4368 TrkWks - ok
15:11:59.0971 4368 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
15:11:59.0971 4368 TrustedInstaller - ok
15:12:00.0002 4368 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
15:12:00.0018 4368 tssecsrv - ok
15:12:00.0049 4368 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
15:12:00.0064 4368 TsUsbFlt - ok
15:12:00.0096 4368 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
15:12:00.0111 4368 TsUsbGD - ok
15:12:00.0158 4368 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
15:12:00.0158 4368 tunnel - ok
15:12:00.0189 4368 [ 48743B69EA47C020A792D8649F753F44 ] TurboB C:\windows\system32\DRIVERS\TurboB.sys
15:12:00.0189 4368 TurboB - ok
15:12:00.0272 4368 [ 759F59E3EA3802FF23F93DCDB6FE9171 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
15:12:00.0283 4368 TurboBoost - ok
15:12:00.0329 4368 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
15:12:00.0342 4368 uagp35 - ok
15:12:00.0369 4368 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
15:12:00.0379 4368 udfs - ok
15:12:00.0411 4368 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
15:12:00.0429 4368 UI0Detect - ok
15:12:00.0469 4368 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
15:12:00.0471 4368 uliagpkx - ok
15:12:00.0483 4368 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
15:12:00.0483 4368 umbus - ok
15:12:00.0530 4368 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
15:12:00.0530 4368 UmPass - ok
15:12:00.0795 4368 [ FC43877B4625F6EB773C98233EB625C5 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
15:12:00.0873 4368 UNS - ok
15:12:00.0935 4368 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
15:12:00.0967 4368 upnphost - ok
15:12:01.0057 4368 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
15:12:01.0069 4368 USBAAPL64 - ok
15:12:01.0152 4368 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\windows\system32\drivers\usbaudio.sys
15:12:01.0166 4368 usbaudio - ok
15:12:01.0256 4368 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
15:12:01.0270 4368 usbccgp - ok
15:12:01.0296 4368 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
15:12:01.0298 4368 usbcir - ok
15:12:01.0331 4368 [ 6AF12011C88C80920D0543616E107CFF ] UsbClientService C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
15:12:01.0331 4368 UsbClientService - ok
15:12:01.0362 4368 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
15:12:01.0362 4368 usbehci - ok
15:12:01.0378 4368 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\drivers\usbhub.sys
15:12:01.0378 4368 usbhub - ok
15:12:01.0394 4368 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
15:12:01.0394 4368 usbohci - ok
15:12:01.0425 4368 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
15:12:01.0425 4368 usbprint - ok
15:12:01.0456 4368 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
15:12:01.0456 4368 USBSTOR - ok
15:12:01.0487 4368 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
15:12:01.0487 4368 usbuhci - ok
15:12:01.0534 4368 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
15:12:01.0534 4368 usbvideo - ok
15:12:01.0565 4368 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
15:12:01.0565 4368 UxSms - ok
15:12:01.0596 4368 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
15:12:01.0596 4368 VaultSvc - ok
15:12:01.0612 4368 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
15:12:01.0612 4368 vdrvroot - ok
15:12:01.0690 4368 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
15:12:01.0737 4368 vds - ok
15:12:01.0846 4368 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
15:12:01.0846 4368 vga - ok
15:12:01.0893 4368 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
15:12:01.0908 4368 VgaSave - ok
15:12:01.0986 4368 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
15:12:02.0002 4368 vhdmp - ok
15:12:02.0057 4368 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
15:12:02.0058 4368 viaide - ok
15:12:02.0085 4368 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
15:12:02.0087 4368 volmgr - ok
15:12:02.0114 4368 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
15:12:02.0120 4368 volmgrx - ok
15:12:02.0145 4368 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
15:12:02.0150 4368 volsnap - ok
15:12:02.0182 4368 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
15:12:02.0186 4368 vsmraid - ok
15:12:02.0253 4368 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
15:12:02.0277 4368 VSS - ok
15:12:02.0296 4368 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
15:12:02.0297 4368 vwifibus - ok
15:12:02.0319 4368 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
15:12:02.0319 4368 vwififlt - ok
15:12:02.0366 4368 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
15:12:02.0366 4368 vwifimp - ok
15:12:02.0397 4368 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
15:12:02.0412 4368 W32Time - ok
15:12:02.0428 4368 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
15:12:02.0444 4368 WacomPen - ok
15:12:02.0490 4368 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
15:12:02.0490 4368 WANARP - ok
15:12:02.0490 4368 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
15:12:02.0506 4368 Wanarpv6 - ok
15:12:02.0662 4368 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
15:12:02.0709 4368 WatAdminSvc - ok
15:12:02.0771 4368 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
15:12:02.0849 4368 wbengine - ok
15:12:02.0880 4368 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
15:12:02.0880 4368 WbioSrvc - ok
15:12:02.0927 4368 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
15:12:02.0943 4368 wcncsvc - ok
15:12:02.0974 4368 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
15:12:02.0974 4368 WcsPlugInService - ok
15:12:03.0005 4368 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
15:12:03.0021 4368 Wd - ok
15:12:03.0036 4368 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\windows\system32\DRIVERS\wdcsam64.sys
15:12:03.0036 4368 WDC_SAM - ok
15:12:03.0074 4368 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
15:12:03.0085 4368 Wdf01000 - ok
15:12:03.0111 4368 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
15:12:03.0115 4368 WdiServiceHost - ok
15:12:03.0120 4368 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
15:12:03.0123 4368 WdiSystemHost - ok
15:12:03.0139 4368 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
15:12:03.0146 4368 WebClient - ok
15:12:03.0158 4368 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
15:12:03.0164 4368 Wecsvc - ok
15:12:03.0189 4368 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
15:12:03.0193 4368 wercplsupport - ok
15:12:03.0225 4368 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
15:12:03.0229 4368 WerSvc - ok
15:12:03.0251 4368 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
15:12:03.0252 4368 WfpLwf - ok
15:12:03.0272 4368 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
15:12:03.0273 4368 WIMMount - ok
15:12:03.0296 4368 WinDefend - ok
15:12:03.0307 4368 WinHttpAutoProxySvc - ok
15:12:03.0350 4368 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
15:12:03.0350 4368 Winmgmt - ok
15:12:03.0521 4368 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
15:12:03.0584 4368 WinRM - ok
15:12:03.0646 4368 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
15:12:03.0646 4368 WinUsb - ok
15:12:03.0693 4368 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
15:12:03.0724 4368 Wlansvc - ok
15:12:03.0818 4368 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:12:03.0833 4368 wlcrasvc - ok
15:12:04.0077 4368 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:12:04.0124 4368 wlidsvc - ok
15:12:04.0148 4368 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
15:12:04.0149 4368 WmiAcpi - ok
15:12:04.0169 4368 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
15:12:04.0172 4368 wmiApSrv - ok
15:12:04.0198 4368 WMPNetworkSvc - ok
15:12:04.0233 4368 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
15:12:04.0235 4368 WPCSvc - ok
15:12:04.0265 4368 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
15:12:04.0268 4368 WPDBusEnum - ok
15:12:04.0302 4368 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
15:12:04.0303 4368 ws2ifsl - ok
15:12:04.0333 4368 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
15:12:04.0335 4368 wscsvc - ok
15:12:04.0335 4368 WSearch - ok
15:12:04.0710 4368 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
15:12:04.0788 4368 wuauserv - ok
15:12:04.0819 4368 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
15:12:04.0834 4368 WudfPf - ok
15:12:04.0912 4368 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
15:12:04.0912 4368 WUDFRd - ok
15:12:04.0959 4368 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
15:12:04.0975 4368 wudfsvc - ok
15:12:05.0006 4368 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
15:12:05.0006 4368 WwanSvc - ok
15:12:05.0079 4368 ================ Scan global ===============================
15:12:05.0103 4368 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
15:12:05.0137 4368 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
15:12:05.0152 4368 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
15:12:05.0179 4368 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
15:12:05.0221 4368 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
15:12:05.0241 4368 [Global] - ok
15:12:05.0242 4368 ================ Scan MBR ==================================
15:12:05.0265 4368 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
15:12:06.0252 4368 \Device\Harddisk0\DR0 - ok
15:12:06.0253 4368 ================ Scan VBR ==================================
15:12:06.0278 4368 [ 9CB5716F824FDBF56682FE704527C847 ] \Device\Harddisk0\DR0\Partition1
15:12:06.0280 4368 \Device\Harddisk0\DR0\Partition1 - ok
15:12:06.0307 4368 [ B323087056A0C2F88E7669834FA28D39 ] \Device\Harddisk0\DR0\Partition2
15:12:06.0336 4368 \Device\Harddisk0\DR0\Partition2 - ok
15:12:06.0336 4368 ============================================================
15:12:06.0336 4368 Scan finished
15:12:06.0336 4368 ============================================================
15:12:06.0352 4360 Detected object count: 0
15:12:06.0352 4360 Actual detected object count: 0
15:12:16.0194 4952 ============================================================
15:12:16.0210 4952 Scan started
15:12:16.0210 4952 Mode: Manual;
15:12:16.0210 4952 ============================================================
15:12:16.0542 4952 ================ Scan system memory ========================
15:12:16.0542 4952 System memory - ok
15:12:16.0542 4952 ================ Scan services =============================
15:12:16.0994 4952 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
15:12:16.0994 4952 1394ohci - ok
15:12:17.0057 4952 [ F146E2BA475893DD77B2370DC1211FC6 ] 63640361 C:\windows\system32\drivers\90526350.sys
15:12:17.0057 4952 63640361 - ok
15:12:17.0119 4952 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
15:12:17.0135 4952 ACPI - ok
15:12:17.0166 4952 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
15:12:17.0166 4952 AcpiPmi - ok
15:12:17.0334 4952 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:12:17.0334 4952 AdobeARMservice - ok
15:12:17.0374 4952 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
15:12:17.0376 4952 adp94xx - ok
15:12:17.0414 4952 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
15:12:17.0416 4952 adpahci - ok
15:12:17.0445 4952 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
15:12:17.0446 4952 adpu320 - ok
15:12:17.0486 4952 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
15:12:17.0487 4952 AeLookupSvc - ok
15:12:17.0509 4952 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
15:12:17.0525 4952 AFD - ok
15:12:17.0540 4952 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
15:12:17.0540 4952 agp440 - ok
15:12:17.0556 4952 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
15:12:17.0556 4952 ALG - ok
15:12:17.0603 4952 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
15:12:17.0603 4952 aliide - ok
15:12:17.0618 4952 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
15:12:17.0618 4952 amdide - ok
15:12:17.0634 4952 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
15:12:17.0634 4952 AmdK8 - ok
15:12:17.0665 4952 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
15:12:17.0665 4952 AmdPPM - ok
15:12:17.0681 4952 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
15:12:17.0681 4952 amdsata - ok
15:12:17.0712 4952 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
15:12:17.0712 4952 amdsbs - ok
15:12:17.0727 4952 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
15:12:17.0727 4952 amdxata - ok
15:12:17.0774 4952 [ 9921E78BC29634235F4BF5809E7E8CDE ] AMPPAL C:\windows\system32\DRIVERS\AMPPAL.sys
15:12:17.0774 4952 AMPPAL - ok
15:12:17.0790 4952 [ 9921E78BC29634235F4BF5809E7E8CDE ] AMPPALP C:\windows\system32\DRIVERS\amppal.sys
15:12:17.0790 4952 AMPPALP - ok
15:12:17.0961 4952 [ 83A0E7BA4AE616D3654E700D9C5FF9DB ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
15:12:17.0961 4952 AMPPALR3 - ok
15:12:17.0993 4952 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
15:12:17.0993 4952 AppID - ok
15:12:18.0071 4952 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
15:12:18.0071 4952 AppIDSvc - ok
15:12:18.0086 4952 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
15:12:18.0086 4952 Appinfo - ok
15:12:18.0149 4952 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:12:18.0149 4952 Apple Mobile Device - ok
15:12:18.0180 4952 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
15:12:18.0180 4952 arc - ok
15:12:18.0227 4952 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
15:12:18.0227 4952 arcsas - ok
15:12:18.0373 4952 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:12:18.0374 4952 aspnet_state - ok
15:12:18.0386 4952 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
15:12:18.0387 4952 AsyncMac - ok
15:12:18.0422 4952 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
15:12:18.0422 4952 atapi - ok
15:12:18.0472 4952 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\windows\system32\DRIVERS\athrx.sys
15:12:18.0485 4952 athr - ok
15:12:18.0516 4952 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
15:12:18.0519 4952 AudioEndpointBuilder - ok
15:12:18.0527 4952 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
15:12:18.0527 4952 AudioSrv - ok
15:12:18.0542 4952 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
15:12:18.0542 4952 AxInstSV - ok
15:12:18.0589 4952 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
15:12:18.0605 4952 b06bdrv - ok
15:12:18.0620 4952 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
15:12:18.0620 4952 b57nd60a - ok
15:12:18.0652 4952 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
15:12:18.0652 4952 BDESVC - ok
15:12:18.0683 4952 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
15:12:18.0683 4952 Beep - ok
15:12:18.0714 4952 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
15:12:18.0730 4952 BFE - ok
15:12:18.0792 4952 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
15:12:18.0808 4952 BITS - ok
15:12:18.0839 4952 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\drivers\blbdrive.sys
15:12:18.0839 4952 blbdrive - ok
15:12:18.0917 4952 [ 55B0C8441DE7D91A819A39D0351154A2 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
15:12:18.0932 4952 Bluetooth Device Monitor - ok
15:12:18.0979 4952 [ 7E262330DF0C4BE4ECE853B59B9CBE4C ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
15:12:18.0995 4952 Bluetooth Media Service - ok
15:12:19.0104 4952 [ 8BF4B9956E13871A88A3810074E2E110 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
15:12:19.0120 4952 Bluetooth OBEX Service - ok
15:12:19.0198 4952 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:12:19.0198 4952 Bonjour Service - ok
15:12:19.0244 4952 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
15:12:19.0244 4952 bowser - ok
15:12:19.0295 4952 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
15:12:19.0295 4952 BrFiltLo - ok
15:12:19.0353 4952 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
15:12:19.0354 4952 BrFiltUp - ok
15:12:19.0384 4952 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
15:12:19.0385 4952 BridgeMP - ok
15:12:19.0403 4952 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
15:12:19.0403 4952 Browser - ok
15:12:19.0424 4952 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
15:12:19.0425 4952 Brserid - ok
15:12:19.0442 4952 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
15:12:19.0443 4952 BrSerWdm - ok
15:12:19.0459 4952 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
15:12:19.0459 4952 BrUsbMdm - ok
15:12:19.0467 4952 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
15:12:19.0467 4952 BrUsbSer - ok
15:12:19.0509 4952 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
15:12:19.0510 4952 BthEnum - ok
15:12:19.0527 4952 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
15:12:19.0527 4952 BTHMODEM - ok
15:12:19.0543 4952 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
15:12:19.0543 4952 BthPan - ok
15:12:19.0590 4952 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
15:12:19.0605 4952 BTHPORT - ok
15:12:19.0636 4952 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
15:12:19.0636 4952 bthserv - ok
15:12:19.0652 4952 [ A5B3E8B2B78C7B3DA56A0DE490E6718C ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
15:12:19.0668 4952 BTHSSecurityMgr - ok
15:12:19.0699 4952 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
15:12:19.0699 4952 BTHUSB - ok
15:12:19.0746 4952 [ 270FBA230E78E25726D065A924589A72 ] btmaux C:\windows\system32\DRIVERS\btmaux.sys
15:12:19.0746 4952 btmaux - ok
15:12:19.0777 4952 [ 0010A54571F525A97EED8C091E96EAA9 ] btmhsf C:\windows\system32\DRIVERS\btmhsf.sys
15:12:19.0777 4952 btmhsf - ok
15:12:19.0808 4952 [ FC278504BFA3AC7E9ED92359D0EE7282 ] busenum C:\windows\system32\DRIVERS\busenum.sys
15:12:19.0808 4952 busenum - ok
15:12:19.0995 4952 catchme - ok
15:12:20.0011 4952 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
15:12:20.0011 4952 cdfs - ok
15:12:20.0026 4952 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
15:12:20.0042 4952 cdrom - ok
15:12:20.0058 4952 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
15:12:20.0058 4952 CertPropSvc - ok
15:12:20.0089 4952 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
15:12:20.0089 4952 circlass - ok
15:12:20.0136 4952 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
15:12:20.0136 4952 CLFS - ok
15:12:20.0214 4952 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:12:20.0214 4952 clr_optimization_v2.0.50727_32 - ok
15:12:20.0278 4952 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:12:20.0280 4952 clr_optimization_v2.0.50727_64 - ok
15:12:20.0329 4952 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:12:20.0331 4952 clr_optimization_v4.0.30319_32 - ok
15:12:20.0366 4952 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:12:20.0368 4952 clr_optimization_v4.0.30319_64 - ok
15:12:20.0379 4952 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\drivers\CmBatt.sys
15:12:20.0380 4952 CmBatt - ok
15:12:20.0416 4952 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
15:12:20.0416 4952 cmdide - ok
15:12:20.0488 4952 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
15:12:20.0491 4952 CNG - ok
15:12:20.0502 4952 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
15:12:20.0502 4952 Compbatt - ok
15:12:20.0513 4952 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
15:12:20.0513 4952 CompositeBus - ok
15:12:20.0517 4952 COMSysApp - ok
15:12:20.0545 4952 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
15:12:20.0545 4952 crcdisk - ok
15:12:20.0592 4952 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll
15:12:20.0592 4952 CryptSvc - ok
15:12:20.0654 4952 [ 80861969541971176E005D2C09DAE851 ] DAUpdaterSvc C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
15:12:20.0654 4952 DAUpdaterSvc - ok
15:12:20.0717 4952 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
15:12:20.0717 4952 DcomLaunch - ok
15:12:20.0779 4952 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
15:12:20.0779 4952 defragsvc - ok
15:12:20.0810 4952 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
15:12:20.0810 4952 DfsC - ok
15:12:20.0873 4952 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
15:12:20.0873 4952 Dhcp - ok
15:12:20.0888 4952 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
15:12:20.0904 4952 discache - ok
15:12:20.0935 4952 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
15:12:20.0935 4952 Disk - ok
15:12:20.0966 4952 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
15:12:20.0966 4952 Dnscache - ok
15:12:20.0982 4952 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
15:12:20.0982 4952 dot3svc - ok
15:12:20.0997 4952 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
15:12:20.0997 4952 DPS - ok
15:12:21.0029 4952 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
15:12:21.0029 4952 drmkaud - ok
15:12:21.0075 4952 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
15:12:21.0075 4952 DXGKrnl - ok
15:12:21.0138 4952 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
15:12:21.0138 4952 EapHost - ok
15:12:21.0247 4952 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
15:12:21.0274 4952 ebdrv - ok
15:12:21.0312 4952 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
15:12:21.0313 4952 EFS - ok
15:12:21.0399 4952 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
15:12:21.0409 4952 ehRecvr - ok
15:12:21.0442 4952 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
15:12:21.0443 4952 ehSched - ok
15:12:21.0499 4952 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
15:12:21.0502 4952 elxstor - ok
15:12:21.0520 4952 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
15:12:21.0520 4952 ErrDev - ok
15:12:21.0560 4952 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
15:12:21.0575 4952 EventSystem - ok
15:12:21.0607 4952 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
15:12:21.0622 4952 exfat - ok
15:12:21.0638 4952 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
15:12:21.0638 4952 fastfat - ok
15:12:21.0685 4952 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
15:12:21.0685 4952 Fax - ok
15:12:21.0716 4952 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
15:12:21.0716 4952 fdc - ok
15:12:21.0747 4952 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
15:12:21.0747 4952 fdPHost - ok
15:12:21.0763 4952 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
15:12:21.0763 4952 FDResPub - ok
15:12:21.0763 4952 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
15:12:21.0763 4952 FileInfo - ok
15:12:21.0809 4952 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
15:12:21.0809 4952 Filetrace - ok
15:12:21.0872 4952 [ 8669BE94F63944E4F899C3950B520241 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:12:21.0872 4952 FLEXnet Licensing Service - ok
15:12:21.0887 4952 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
15:12:21.0887 4952 flpydisk - ok
15:12:21.0934 4952 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
15:12:21.0934 4952 FltMgr - ok
15:12:21.0997 4952 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
15:12:22.0012 4952 FontCache - ok
15:12:22.0059 4952 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:12:22.0059 4952 FontCache3.0.0.0 - ok
15:12:22.0075 4952 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
15:12:22.0075 4952 FsDepends - ok
15:12:22.0121 4952 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
15:12:22.0121 4952 Fs_Rec - ok
15:12:22.0153 4952 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
15:12:22.0153 4952 fvevol - ok
15:12:22.0168 4952 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
15:12:22.0168 4952 gagp30kx - ok
15:12:22.0199 4952 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
15:12:22.0199 4952 GEARAspiWDM - ok
15:12:22.0323 4952 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
15:12:22.0336 4952 gpsvc - ok
15:12:22.0370 4952 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
15:12:22.0370 4952 hcw85cir - ok
15:12:22.0393 4952 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
15:12:22.0396 4952 HdAudAddService - ok
15:12:22.0418 4952 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
15:12:22.0419 4952 HDAudBus - ok
15:12:22.0435 4952 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
15:12:22.0436 4952 HidBatt - ok
15:12:22.0459 4952 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
15:12:22.0460 4952 HidBth - ok
15:12:22.0479 4952 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
15:12:22.0479 4952 HidIr - ok
15:12:22.0509 4952 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
15:12:22.0510 4952 hidserv - ok
15:12:22.0520 4952 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
15:12:22.0521 4952 HidUsb - ok
15:12:22.0545 4952 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
15:12:22.0545 4952 hkmsvc - ok
15:12:22.0561 4952 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
15:12:22.0561 4952 HomeGroupListener - ok
15:12:22.0592 4952 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
15:12:22.0592 4952 HomeGroupProvider - ok
15:12:22.0608 4952 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
15:12:22.0608 4952 HpSAMD - ok
15:12:22.0701 4952 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
15:12:22.0717 4952 HTTP - ok
15:12:22.0733 4952 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
15:12:22.0733 4952 hwpolicy - ok
15:12:22.0764 4952 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
15:12:22.0764 4952 i8042prt - ok
15:12:22.0811 4952 [ D469B77687E12FE43E344806740B624D ] iaStor C:\windows\system32\drivers\iaStor.sys
15:12:22.0811 4952 iaStor - ok
15:12:22.0889 4952 [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
15:12:22.0889 4952 IAStorDataMgrSvc - ok
15:12:22.0935 4952 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
15:12:22.0935 4952 iaStorV - ok
15:12:22.0967 4952 [ DE9E40BAEE2E48FD1E3EB423074C014C ] iBtFltCoex C:\windows\system32\DRIVERS\iBtFltCoex.sys
15:12:22.0967 4952 iBtFltCoex - ok
15:12:23.0076 4952 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:12:23.0076 4952 idsvc - ok
15:12:23.0475 4952 [ 6383899C5F964D71B0F96B81FBE59BB8 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
15:12:23.0528 4952 igfx - ok
15:12:23.0561 4952 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
15:12:23.0561 4952 iirsp - ok
15:12:23.0608 4952 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
15:12:23.0624 4952 IKEEXT - ok
15:12:23.0764 4952 [ C15A21B1E2291952424F361093734F95 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
15:12:23.0795 4952 IntcAzAudAddService - ok
15:12:23.0811 4952 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
15:12:23.0811 4952 IntcDAud - ok
15:12:23.0842 4952 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
15:12:23.0842 4952 intelide - ok
15:12:23.0858 4952 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\drivers\intelppm.sys
15:12:23.0858 4952 intelppm - ok
15:12:23.0873 4952 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
15:12:23.0889 4952 IPBusEnum - ok
15:12:23.0904 4952 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
15:12:23.0904 4952 IpFilterDriver - ok
15:12:23.0951 4952 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
15:12:23.0951 4952 iphlpsvc - ok
15:12:23.0967 4952 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
15:12:23.0967 4952 IPMIDRV - ok
15:12:23.0998 4952 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
15:12:23.0998 4952 IPNAT - ok
15:12:24.0092 4952 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:12:24.0107 4952 iPod Service - ok
15:12:24.0138 4952 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
15:12:24.0138 4952 IRENUM - ok
15:12:24.0154 4952 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
15:12:24.0154 4952 isapnp - ok
15:12:24.0216 4952 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
15:12:24.0216 4952 iScsiPrt - ok
15:12:24.0263 4952 [ F415A88162D23977B5EDAE4F0410E903 ] IviRegMgr C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
15:12:24.0263 4952 IviRegMgr - ok
15:12:24.0282 4952 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
15:12:24.0283 4952 kbdclass - ok
15:12:24.0323 4952 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
15:12:24.0323 4952 kbdhid - ok
15:12:24.0346 4952 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
15:12:24.0347 4952 KeyIso - ok
15:12:24.0387 4952 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
15:12:24.0389 4952 KSecDD - ok
15:12:24.0415 4952 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
15:12:24.0418 4952 KSecPkg - ok
15:12:24.0441 4952 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
15:12:24.0441 4952 ksthunk - ok
15:12:24.0493 4952 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
15:12:24.0495 4952 KtmRm - ok
15:12:24.0513 4952 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
15:12:24.0515 4952 LanmanServer - ok
15:12:24.0547 4952 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
15:12:24.0562 4952 LanmanWorkstation - ok
15:12:24.0609 4952 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
15:12:24.0609 4952 lltdio - ok
15:12:24.0703 4952 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
15:12:24.0718 4952 lltdsvc - ok
15:12:24.0750 4952 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
15:12:24.0750 4952 lmhosts - ok
15:12:24.0874 4952 [ 1584DEEAE5AA0E3FB045F3D0EAC585EA ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
15:12:24.0874 4952 LMS - ok
15:12:24.0906 4952 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
15:12:24.0906 4952 LSI_FC - ok
15:12:24.0921 4952 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
15:12:24.0921 4952 LSI_SAS - ok
15:12:24.0952 4952 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
15:12:24.0952 4952 LSI_SAS2 - ok
15:12:24.0984 4952 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
15:12:24.0984 4952 LSI_SCSI - ok
15:12:24.0999 4952 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
15:12:24.0999 4952 luafv - ok
15:12:25.0077 4952 [ 922CBAC7B992B9614CAB7122F4BF9406 ] ManyCam C:\windows\system32\DRIVERS\mcvidrv_x64.sys
15:12:25.0077 4952 ManyCam - ok
15:12:25.0124 4952 [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt C:\windows\system32\drivers\MBfilt64.sys
15:12:25.0124 4952 MBfilt - ok
15:12:25.0171 4952 [ 34A42DD7CF525D0D2C5232916496E4B8 ] mcaudrv_simple C:\windows\system32\drivers\mcaudrv_x64.sys
15:12:25.0171 4952 mcaudrv_simple - ok
15:12:25.0233 4952 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
15:12:25.0233 4952 Mcx2Svc - ok
15:12:25.0249 4952 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
15:12:25.0249 4952 megasas - ok
15:12:25.0332 4952 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
15:12:25.0337 4952 MegaSR - ok
15:12:25.0362 4952 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\drivers\HECIx64.sys
15:12:25.0363 4952 MEIx64 - ok
15:12:25.0394 4952 MGHwCtrl - ok
15:12:25.0467 4952 [ 71C6748EE8DE938532057EF10B4B7E44 ] Micro Star SCM C:\Program Files (x86)\S-Bar\MSIService.exe
15:12:25.0467 4952 Micro Star SCM - ok
15:12:25.0526 4952 Microsoft SharePoint Workspace Audit Service - ok
15:12:25.0557 4952 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
15:12:25.0557 4952 MMCSS - ok
15:12:25.0573 4952 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
15:12:25.0573 4952 Modem - ok
15:12:25.0635 4952 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
15:12:25.0635 4952 monitor - ok
15:12:25.0666 4952 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
15:12:25.0666 4952 mouclass - ok
15:12:25.0682 4952 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
15:12:25.0697 4952 mouhid - ok
15:12:25.0713 4952 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
15:12:25.0713 4952 mountmgr - ok
15:12:25.0744 4952 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
15:12:25.0744 4952 mpio - ok
15:12:25.0760 4952 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
15:12:25.0775 4952 mpsdrv - ok
15:12:25.0822 4952 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
15:12:25.0838 4952 MpsSvc - ok
15:12:25.0869 4952 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
15:12:25.0869 4952 MRxDAV - ok
15:12:25.0885 4952 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
15:12:25.0885 4952 mrxsmb - ok
15:12:25.0916 4952 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
15:12:25.0916 4952 mrxsmb10 - ok
15:12:25.0947 4952 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
15:12:25.0947 4952 mrxsmb20 - ok
15:12:25.0963 4952 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
15:12:25.0963 4952 msahci - ok
15:12:25.0994 4952 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
15:12:25.0994 4952 msdsm - ok
15:12:26.0009 4952 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
15:12:26.0009 4952 MSDTC - ok
15:12:26.0025 4952 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
15:12:26.0025 4952 Msfs - ok
15:12:26.0041 4952 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
15:12:26.0041 4952 mshidkmdf - ok
15:12:26.0087 4952 [ 87B9DAF6D123EC06C19B41D5295441AD ] MSI Foundation Service C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe
15:12:26.0087 4952 MSI Foundation Service - ok
15:12:26.0119 4952 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
15:12:26.0119 4952 msisadrv - ok
15:12:26.0150 4952 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
15:12:26.0150 4952 MSiSCSI - ok
15:12:26.0150 4952 msiserver - ok
15:12:26.0150 4952 MSI_MSIBIOS_010507 - ok
15:12:26.0165 4952 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
15:12:26.0165 4952 MSKSSRV - ok
15:12:26.0197 4952 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
15:12:26.0197 4952 MSPCLOCK - ok
15:12:26.0212 4952 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
15:12:26.0212 4952 MSPQM - ok
15:12:26.0259 4952 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
15:12:26.0259 4952 MsRPC - ok
15:12:26.0275 4952 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
15:12:26.0275 4952 mssmbios - ok
15:12:26.0307 4952 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
15:12:26.0307 4952 MSTEE - ok
15:12:26.0334 4952 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
15:12:26.0334 4952 MTConfig - ok
15:12:26.0365 4952 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
15:12:26.0366 4952 Mup - ok
15:12:26.0405 4952 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
15:12:26.0408 4952 napagent - ok
15:12:26.0419 4952 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
15:12:26.0421 4952 NativeWifiP - ok
15:12:26.0451 4952 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
15:12:26.0456 4952 NDIS - ok
15:12:26.0466 4952 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
15:12:26.0467 4952 NdisCap - ok
15:12:26.0492 4952 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
15:12:26.0492 4952 NdisTapi - ok
15:12:26.0507 4952 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
15:12:26.0508 4952 Ndisuio - ok
15:12:26.0517 4952 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
15:12:26.0518 4952 NdisWan - ok
15:12:26.0524 4952 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
15:12:26.0525 4952 NDProxy - ok
15:12:26.0540 4952 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
15:12:26.0541 4952 NetBIOS - ok
15:12:26.0550 4952 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
15:12:26.0552 4952 NetBT - ok
15:12:26.0564 4952 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
15:12:26.0564 4952 Netlogon - ok
15:12:26.0580 4952 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
15:12:26.0580 4952 Netman - ok
15:12:26.0611 4952 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:12:26.0611 4952 NetMsmqActivator - ok
15:12:26.0611 4952 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:12:26.0611 4952 NetPipeActivator - ok
15:12:26.0627 4952 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
15:12:26.0642 4952 netprofm - ok
15:12:26.0642 4952 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:12:26.0642 4952 NetTcpActivator - ok
15:12:26.0642 4952 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:12:26.0642 4952 NetTcpPortSharing - ok
15:12:26.0939 4952 [ AC69618DE5BCCE8747C9AB0AAE1003C1 ] NETwNs64 C:\windows\system32\DRIVERS\NETwNs64.sys
15:12:26.0970 4952 NETwNs64 - ok
15:12:27.0001 4952 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
15:12:27.0001 4952 nfrd960 - ok
15:12:27.0032 4952 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
15:12:27.0032 4952 NlaSvc - ok
15:12:27.0048 4952 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
15:12:27.0048 4952 Npfs - ok
15:12:27.0079 4952 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
15:12:27.0079 4952 nsi - ok
15:12:27.0110 4952 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
15:12:27.0110 4952 nsiproxy - ok
15:12:27.0157 4952 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
15:12:27.0173 4952 Ntfs - ok
15:12:27.0173 4952 NTIOLib_1_0_4 - ok
15:12:27.0204 4952 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
15:12:27.0204 4952 Null - ok
15:12:27.0219 4952 [ 01266516E6E88D183A2B58722EEB4443 ] nusb3hub C:\windows\system32\drivers\nusb3hub.sys
15:12:27.0219 4952 nusb3hub - ok
15:12:27.0251 4952 [ 5EC04F55CC5F165F21752712437DF638 ] nusb3xhc C:\windows\system32\drivers\nusb3xhc.sys
15:12:27.0251 4952 nusb3xhc - ok
15:12:27.0575 4952 [ 6B21520DF0FE87DF756EE4EE708F8461 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
15:12:27.0622 4952 nvlddmkm - ok
15:12:27.0653 4952 [ 0EB18A2D6386BE62AFBF6BCFB5E0F0EC ] nvpciflt C:\windows\system32\DRIVERS\nvpciflt.sys
15:12:27.0653 4952 nvpciflt - ok
15:12:27.0669 4952 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
15:12:27.0669 4952 nvraid - ok
15:12:27.0685 4952 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
15:12:27.0685 4952 nvstor - ok
15:12:27.0731 4952 [ 5267B45236CB793DF315BEC491325B75 ] nvsvc C:\windows\system32\nvvsvc.exe
15:12:27.0747 4952 nvsvc - ok
15:12:27.0872 4952 [ BB7CB13633FEB42130C897CDBBDA273F ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
15:12:27.0887 4952 nvUpdatusService - ok
15:12:27.0903 4952 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
15:12:27.0903 4952 nv_agp - ok
15:12:27.0934 4952 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
15:12:27.0934 4952 ohci1394 - ok
15:12:27.0981 4952 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:12:27.0981 4952 ose64 - ok
15:12:28.0262 4952 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:12:28.0293 4952 osppsvc - ok
15:12:28.0332 4952 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
15:12:28.0335 4952 p2pimsvc - ok
15:12:28.0350 4952 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
15:12:28.0353 4952 p2psvc - ok
15:12:28.0379 4952 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
15:12:28.0380 4952 Parport - ok
15:12:28.0416 4952 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
15:12:28.0416 4952 partmgr - ok
15:12:28.0442 4952 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
15:12:28.0444 4952 PcaSvc - ok
15:12:28.0479 4952 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
15:12:28.0480 4952 pci - ok
15:12:28.0514 4952 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
15:12:28.0514 4952 pciide - ok
15:12:28.0551 4952 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
15:12:28.0552 4952 pcmcia - ok
15:12:28.0583 4952 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
15:12:28.0583 4952 pcw - ok
15:12:28.0614 4952 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
15:12:28.0629 4952 PEAUTH - ok
15:12:28.0707 4952 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
15:12:28.0707 4952 PerfHost - ok
15:12:28.0801 4952 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
15:12:28.0817 4952 pla - ok
15:12:28.0848 4952 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
15:12:28.0848 4952 PlugPlay - ok
15:12:28.0879 4952 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
15:12:28.0879 4952 PNRPAutoReg - ok
15:12:28.0941 4952 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
15:12:28.0941 4952 PNRPsvc - ok
15:12:28.0988 4952 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\windows\system32\DRIVERS\point64.sys
15:12:28.0988 4952 Point64 - ok
15:12:29.0019 4952 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
15:12:29.0019 4952 PolicyAgent - ok
15:12:29.0066 4952 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
15:12:29.0082 4952 Power - ok
15:12:29.0097 4952 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
15:12:29.0097 4952 PptpMiniport - ok
15:12:29.0113 4952 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
15:12:29.0113 4952 Processor - ok
15:12:29.0160 4952 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
15:12:29.0160 4952 ProfSvc - ok
15:12:29.0191 4952 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
15:12:29.0191 4952 ProtectedStorage - ok
15:12:29.0191 4952 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
15:12:29.0191 4952 Psched - ok
15:12:29.0222 4952 [ F036CFB275D0C55F4E45FBBF5F98B3C8 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
15:12:29.0222 4952 PSI_SVC_2 - ok
15:12:29.0238 4952 [ BC08F7F3C53CBEE68670ED1314E290FD ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys
15:12:29.0238 4952 PxHlpa64 - ok
15:12:29.0285 4952 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
15:12:29.0285 4952 ql2300 - ok
15:12:29.0300 4952 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
15:12:29.0300 4952 ql40xx - ok
15:12:29.0333 4952 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
15:12:29.0335 4952 QWAVE - ok
15:12:29.0354 4952 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
15:12:29.0354 4952 QWAVEdrv - ok
15:12:29.0386 4952 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
15:12:29.0386 4952 RasAcd - ok
15:12:29.0409 4952 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
15:12:29.0409 4952 RasAgileVpn - ok
15:12:29.0439 4952 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
15:12:29.0440 4952 RasAuto - ok
15:12:29.0459 4952 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
15:12:29.0460 4952 Rasl2tp - ok
15:12:29.0478 4952 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
15:12:29.0480 4952 RasMan - ok
15:12:29.0489 4952 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
15:12:29.0489 4952 RasPppoe - ok
15:12:29.0504 4952 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
15:12:29.0505 4952 RasSstp - ok
15:12:29.0531 4952 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
15:12:29.0533 4952 rdbss - ok
15:12:29.0553 4952 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
15:12:29.0554 4952 rdpbus - ok
15:12:29.0568 4952 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
15:12:29.0569 4952 RDPCDD - ok
15:12:29.0574 4952 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
15:12:29.0574 4952 RDPENCDD - ok
15:12:29.0583 4952 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
15:12:29.0583 4952 RDPREFMP - ok
15:12:29.0598 4952 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
15:12:29.0598 4952 RDPWD - ok
15:12:29.0614 4952 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
15:12:29.0630 4952 rdyboost - ok
15:12:29.0661 4952 [ 4D9AFDDDA0EFE97CDBFD3B5FA48B05F6 ] regi C:\windows\system32\drivers\regi.sys
15:12:29.0661 4952 regi - ok
15:12:29.0692 4952 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
15:12:29.0692 4952 RemoteAccess - ok
15:12:29.0723 4952 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
15:12:29.0723 4952 RemoteRegistry - ok
15:12:29.0723 4952 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
15:12:29.0723 4952 RFCOMM - ok
15:12:29.0754 4952 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\windows\system32\Drivers\RimUsb_AMD64.sys
15:12:29.0754 4952 RimUsb - ok
15:12:29.0786 4952 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\windows\system32\DRIVERS\RimSerial_AMD64.sys
15:12:29.0786 4952 RimVSerPort - ok
15:12:29.0801 4952 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\windows\system32\Drivers\RootMdm.sys
15:12:29.0801 4952 ROOTMODEM - ok
15:12:29.0879 4952 [ E7062DBD907E0C5CEEB5ABDAF07E6B32 ] RosettaStoneDaemon C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
15:12:29.0879 4952 RosettaStoneDaemon - ok
15:12:29.0895 4952 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
15:12:29.0895 4952 RpcEptMapper - ok
15:12:29.0910 4952 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
15:12:29.0910 4952 RpcLocator - ok
15:12:29.0988 4952 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
15:12:29.0988 4952 RpcSs - ok
15:12:30.0020 4952 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
15:12:30.0020 4952 rspndr - ok
15:12:30.0098 4952 [ CE0A1D8A59410E698140821E4E69DA0D ] RSUSBVSTOR C:\windows\System32\Drivers\RtsUVStor.sys
15:12:30.0098 4952 RSUSBVSTOR - ok
15:12:30.0144 4952 [ 16D4E350420BAA7E63E16E3FC033E1F5 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
15:12:30.0144 4952 RTL8167 - ok
15:12:30.0176 4952 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
15:12:30.0176 4952 SamSs - ok
15:12:30.0191 4952 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
15:12:30.0207 4952 sbp2port - ok
15:12:30.0222 4952 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
15:12:30.0222 4952 SCardSvr - ok
15:12:30.0269 4952 [ B2F50286DC82B93C013E3FC57BA1A956 ] SCDEmu C:\windows\system32\drivers\SCDEmu.sys
15:12:30.0269 4952 SCDEmu - ok
15:12:30.0285 4952 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
15:12:30.0285 4952 scfilter - ok
15:12:30.0335 4952 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
15:12:30.0341 4952 Schedule - ok
15:12:30.0357 4952 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
15:12:30.0357 4952 SCPolicySvc - ok
15:12:30.0379 4952 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
15:12:30.0381 4952 SDRSVC - ok
15:12:30.0406 4952 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
15:12:30.0406 4952 secdrv - ok
15:12:30.0423 4952 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
15:12:30.0424 4952 seclogon - ok
15:12:30.0433 4952 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
15:12:30.0434 4952 SENS - ok
15:12:30.0460 4952 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
15:12:30.0461 4952 SensrSvc - ok
15:12:30.0478 4952 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
15:12:30.0478 4952 Serenum - ok
15:12:30.0491 4952 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
15:12:30.0491 4952 Serial - ok
15:12:30.0499 4952 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
15:12:30.0500 4952 sermouse - ok
15:12:30.0516 4952 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
15:12:30.0518 4952 SessionEnv - ok
15:12:30.0534 4952 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
15:12:30.0534 4952 sffdisk - ok
15:12:30.0562 4952 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
15:12:30.0563 4952 sffp_mmc - ok
15:12:30.0572 4952 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
15:12:30.0572 4952 sffp_sd - ok
15:12:30.0583 4952 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
15:12:30.0583 4952 sfloppy - ok
15:12:30.0630 4952 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
15:12:30.0630 4952 SharedAccess - ok
15:12:30.0661 4952 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
15:12:30.0661 4952 ShellHWDetection - ok
15:12:30.0677 4952 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
15:12:30.0677 4952 SiSRaid2 - ok
15:12:30.0692 4952 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
15:12:30.0692 4952 SiSRaid4 - ok
15:12:30.0723 4952 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:12:30.0723 4952 SkypeUpdate - ok
15:12:30.0755 4952 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
15:12:30.0755 4952 Smb - ok
15:12:30.0770 4952 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
15:12:30.0770 4952 SNMPTRAP - ok
15:12:30.0770 4952 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
15:12:30.0770 4952 spldr - ok
15:12:30.0801 4952 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
15:12:30.0817 4952 Spooler - ok
15:12:30.0895 4952 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
15:12:30.0911 4952 sppsvc - ok
15:12:30.0926 4952 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
15:12:30.0926 4952 sppuinotify - ok
15:12:30.0942 4952 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
15:12:30.0942 4952 srv - ok
15:12:30.0989 4952 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
15:12:31.0004 4952 srv2 - ok
15:12:31.0020 4952 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
15:12:31.0035 4952 srvnet - ok
15:12:31.0067 4952 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
15:12:31.0082 4952 SSDPSRV - ok
15:12:31.0098 4952 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
15:12:31.0098 4952 SstpSvc - ok
15:12:31.0145 4952 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
15:12:31.0145 4952 stexstor - ok
15:12:31.0207 4952 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
15:12:31.0223 4952 stisvc - ok
15:12:31.0238 4952 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
15:12:31.0238 4952 swenum - ok
15:12:31.0285 4952 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
15:12:31.0301 4952 swprv - ok
15:12:31.0379 4952 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
15:12:31.0379 4952 SysMain - ok
15:12:31.0394 4952 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
15:12:31.0394 4952 TabletInputService - ok
15:12:31.0410 4952 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
15:12:31.0410 4952 TapiSrv - ok
15:12:31.0425 4952 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
15:12:31.0425 4952 TBS - ok
15:12:31.0488 4952 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
15:12:31.0503 4952 Tcpip - ok
15:12:31.0613 4952 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
15:12:31.0628 4952 TCPIP6 - ok
15:12:31.0659 4952 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
15:12:31.0659 4952 tcpipreg - ok
15:12:31.0706 4952 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
15:12:31.0706 4952 TDPIPE - ok
15:12:31.0769 4952 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
15:12:31.0769 4952 TDTCP - ok
15:12:31.0784 4952 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
15:12:31.0784 4952 tdx - ok
15:12:31.0815 4952 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
15:12:31.0815 4952 TermDD - ok
15:12:31.0862 4952 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
15:12:31.0878 4952 TermService - ok
15:12:31.0893 4952 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
15:12:31.0893 4952 Themes - ok
15:12:31.0909 4952 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
15:12:31.0909 4952 THREADORDER - ok
15:12:31.0925 4952 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
15:12:31.0940 4952 TrkWks - ok
15:12:31.0987 4952 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
15:12:32.0003 4952 TrustedInstaller - ok
15:12:32.0018 4952 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
15:12:32.0018 4952 tssecsrv - ok
15:12:32.0034 4952 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
15:12:32.0034 4952 TsUsbFlt - ok
15:12:32.0049 4952 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
15:12:32.0049 4952 TsUsbGD - ok
15:12:32.0065 4952 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
15:12:32.0065 4952 tunnel - ok
15:12:32.0096 4952 [ 48743B69EA47C020A792D8649F753F44 ] TurboB C:\windows\system32\DRIVERS\TurboB.sys
15:12:32.0096 4952 TurboB - ok
15:12:32.0127 4952 [ 759F59E3EA3802FF23F93DCDB6FE9171 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
15:12:32.0127 4952 TurboBoost - ok
15:12:32.0174 4952 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
15:12:32.0174 4952 uagp35 - ok
15:12:32.0205 4952 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
15:12:32.0221 4952 udfs - ok
15:12:32.0252 4952 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
15:12:32.0252 4952 UI0Detect - ok
15:12:32.0283 4952 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
15:12:32.0283 4952 uliagpkx - ok
15:12:32.0315 4952 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
15:12:32.0315 4952 umbus - ok
15:12:32.0344 4952 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
15:12:32.0345 4952 UmPass - ok
15:12:32.0541 4952 [ FC43877B4625F6EB773C98233EB625C5 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
15:12:32.0552 4952 UNS - ok
15:12:32.0633 4952 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
15:12:32.0633 4952 upnphost - ok
15:12:32.0664 4952 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
15:12:32.0664 4952 USBAAPL64 - ok
15:12:32.0695 4952 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\windows\system32\drivers\usbaudio.sys
15:12:32.0695 4952 usbaudio - ok
15:12:32.0742 4952 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
15:12:32.0742 4952 usbccgp - ok
15:12:32.0773 4952 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
15:12:32.0773 4952 usbcir - ok
15:12:32.0820 4952 [ 6AF12011C88C80920D0543616E107CFF ] UsbClientService C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
15:12:32.0820 4952 UsbClientService - ok
15:12:32.0835 4952 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
15:12:32.0835 4952 usbehci - ok
15:12:32.0851 4952 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\drivers\usbhub.sys
15:12:32.0851 4952 usbhub - ok
15:12:32.0867 4952 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
15:12:32.0867 4952 usbohci - ok
15:12:32.0882 4952 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
15:12:32.0882 4952 usbprint - ok
15:12:32.0913 4952 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
15:12:32.0913 4952 USBSTOR - ok
15:12:32.0929 4952 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
15:12:32.0929 4952 usbuhci - ok
15:12:32.0960 4952 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
15:12:32.0960 4952 usbvideo - ok
15:12:32.0976 4952 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
15:12:32.0976 4952 UxSms - ok
15:12:32.0976 4952 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
15:12:32.0991 4952 VaultSvc - ok
15:12:33.0007 4952 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
15:12:33.0007 4952 vdrvroot - ok
15:12:33.0023 4952 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
15:12:33.0038 4952 vds - ok
15:12:33.0054 4952 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
15:12:33.0054 4952 vga - ok
15:12:33.0054 4952 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
15:12:33.0054 4952 VgaSave - ok
15:12:33.0085 4952 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
15:12:33.0085 4952 vhdmp - ok
15:12:33.0101 4952 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
15:12:33.0101 4952 viaide - ok
15:12:33.0132 4952 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
15:12:33.0132 4952 volmgr - ok
15:12:33.0147 4952 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
15:12:33.0163 4952 volmgrx - ok
15:12:33.0194 4952 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
15:12:33.0194 4952 volsnap - ok
15:12:33.0225 4952 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
15:12:33.0225 4952 vsmraid - ok
15:12:33.0288 4952 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
15:12:33.0303 4952 VSS - ok
15:12:33.0319 4952 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
15:12:33.0319 4952 vwifibus - ok
15:12:33.0335 4952 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
15:12:33.0335 4952 vwififlt - ok
15:12:33.0363 4952 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
15:12:33.0363 4952 vwifimp - ok
15:12:33.0384 4952 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
15:12:33.0387 4952 W32Time - ok
15:12:33.0401 4952 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
15:12:33.0401 4952 WacomPen - ok
15:12:33.0452 4952 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
15:12:33.0453 4952 WANARP - ok
15:12:33.0456 4952 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
15:12:33.0456 4952 Wanarpv6 - ok
15:12:33.0520 4952 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
15:12:33.0527 4952 WatAdminSvc - ok
15:12:33.0570 4952 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
15:12:33.0577 4952 wbengine - ok
15:12:33.0607 4952 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
15:12:33.0609 4952 WbioSrvc - ok
15:12:33.0634 4952 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
15:12:33.0634 4952 wcncsvc - ok
15:12:33.0665 4952 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
15:12:33.0665 4952 WcsPlugInService - ok
15:12:33.0727 4952 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
15:12:33.0727 4952 Wd - ok
15:12:33.0837 4952 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\windows\system32\DRIVERS\wdcsam64.sys
15:12:33.0837 4952 WDC_SAM - ok
15:12:34.0008 4952 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
15:12:34.0008 4952 Wdf01000 - ok
15:12:34.0086 4952 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
15:12:34.0086 4952 WdiServiceHost - ok
15:12:34.0102 4952 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
15:12:34.0102 4952 WdiSystemHost - ok
15:12:34.0164 4952 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
15:12:34.0180 4952 WebClient - ok
15:12:34.0242 4952 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
15:12:34.0242 4952 Wecsvc - ok
15:12:34.0258 4952 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
15:12:34.0258 4952 wercplsupport - ok
15:12:34.0289 4952 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
15:12:34.0289 4952 WerSvc - ok
15:12:34.0320 4952 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
15:12:34.0320 4952 WfpLwf - ok
15:12:34.0363 4952 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
15:12:34.0364 4952 WIMMount - ok
15:12:34.0398 4952 WinDefend - ok
15:12:34.0406 4952 WinHttpAutoProxySvc - ok
15:12:34.0518 4952 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
15:12:34.0519 4952 Winmgmt - ok
15:12:34.0601 4952 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
15:12:34.0611 4952 WinRM - ok
15:12:34.0681 4952 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
15:12:34.0681 4952 WinUsb - ok
15:12:34.0977 4952 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
15:12:34.0993 4952 Wlansvc - ok
15:12:35.0071 4952 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:12:35.0071 4952 wlcrasvc - ok
15:12:35.0274 4952 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:12:35.0289 4952 wlidsvc - ok
15:12:35.0305 4952 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
15:12:35.0305 4952 WmiAcpi - ok
15:12:35.0372 4952 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
15:12:35.0374 4952 wmiApSrv - ok
15:12:35.0434 4952 WMPNetworkSvc - ok
15:12:35.0458 4952 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
15:12:35.0459 4952 WPCSvc - ok
15:12:35.0501 4952 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
15:12:35.0503 4952 WPDBusEnum - ok
15:12:35.0516 4952 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
15:12:35.0518 4952 ws2ifsl - ok
15:12:35.0558 4952 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
15:12:35.0561 4952 wscsvc - ok
15:12:35.0563 4952 WSearch - ok
15:12:35.0697 4952 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
15:12:35.0697 4952 wuauserv - ok
15:12:35.0743 4952 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
15:12:35.0743 4952 WudfPf - ok
15:12:35.0775 4952 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
15:12:35.0775 4952 WUDFRd - ok
15:12:35.0790 4952 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
15:12:35.0790 4952 wudfsvc - ok
15:12:35.0821 4952 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
15:12:35.0837 4952 WwanSvc - ok
15:12:35.0837 4952 ================ Scan global ===============================
15:12:35.0868 4952 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
15:12:35.0915 4952 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
15:12:35.0931 4952 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
15:12:35.0946 4952 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
15:12:35.0977 4952 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
15:12:35.0977 4952 [Global] - ok
15:12:35.0977 4952 ================ Scan MBR ==================================
15:12:35.0993 4952 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
15:12:36.0321 4952 \Device\Harddisk0\DR0 - ok
15:12:36.0321 4952 ================ Scan VBR ==================================
15:12:36.0336 4952 [ 9CB5716F824FDBF56682FE704527C847 ] \Device\Harddisk0\DR0\Partition1
15:12:36.0336 4952 \Device\Harddisk0\DR0\Partition1 - ok
15:12:36.0387 4952 [ B323087056A0C2F88E7669834FA28D39 ] \Device\Harddisk0\DR0\Partition2
15:12:36.0390 4952 \Device\Harddisk0\DR0\Partition2 - ok
15:12:36.0391 4952 ============================================================
15:12:36.0391 4952 Scan finished
15:12:36.0391 4952 ============================================================
15:12:36.0405 4944 Detected object count: 0
15:12:36.0405 4944 Actual detected object count: 0
15:12:38.0260 1264 Deinitialize success




--------------------------------------aswMBR Log----------------------------------------------------------------------------
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-18 15:12:44
-----------------------------
15:12:44.709 OS Version: Windows x64 6.1.7601 Service Pack 1
15:12:44.709 Number of processors: 8 586 0x2A07
15:12:44.709 ComputerName: LAPTOP-MSI UserName: Laptop
15:12:46.348 Initialize success
15:13:51.768 AVAST engine defs: 12091400
15:13:58.981 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:13:58.981 Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3
15:13:58.997 Disk 0 MBR read successfully
15:13:59.012 Disk 0 MBR scan
15:13:59.028 Disk 0 Windows XP default MBR code
15:13:59.044 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 100 MB offset 26363904
15:13:59.090 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 421455 MB offset 26568704
15:13:59.106 Disk 0 Partition - 00 0F Extended LBA 280974 MB offset 889710592
15:13:59.168 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 280959 MB offset 889712640
15:13:59.231 Disk 0 scanning C:\windows\system32\drivers
15:14:19.689 Service scanning
15:14:57.184 Modules scanning
15:14:57.200 Disk 0 trace - called modules:
15:14:57.730 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:14:57.746 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e03790]
15:14:57.762 3 CLASSPNP.SYS[fffff880013ce43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007c01050]
15:14:59.181 AVAST engine scan C:\windows
15:15:09.138 AVAST engine scan C:\windows\system32
15:20:03.677 AVAST engine scan C:\windows\system32\drivers
15:20:17.284 AVAST engine scan C:\Users\Laptop
15:26:39.296 AVAST engine scan C:\ProgramData
15:36:53.089 Disk 0 MBR has been saved successfully to "C:\Users\Laptop\Desktop\MBR.dat"
15:36:53.090 The log file has been saved successfully to "C:\Users\Laptop\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:50 AM

Posted 18 September 2012 - 11:39 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 estomac

estomac
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 19 September 2012 - 04:38 AM

Dear Gringo,

Thank you very much for all your help. Redirects have stopped and Explorer is more responsive. I have ran AVG Anti-rootkit and it does not find the IRP hook anymore. Great news.

I ran Combofix as requested. Please let me know if you see anything else that needs fixing.

Again, all my thanks and regards,

Marc

ComboFix 12-09-18.07 - Laptop 19/09/2012 11:02:46.6.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8099.5601 [GMT 2:00]
Running from: c:\users\Laptop\Desktop\ComboFix.exe
Command switches used :: c:\users\Laptop\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-19 to 2012-09-19 )))))))))))))))))))))))))))))))
.
.
2012-09-19 09:07 . 2012-09-19 09:07 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-19 09:07 . 2012-09-19 09:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-19 08:01 . 2012-09-19 08:01 -------- d-----w- c:\users\Laptop\AppData\Roaming\AVG2013
2012-09-19 07:23 . 2012-09-19 07:24 -------- d-----w- c:\programdata\AVG2013
2012-09-19 07:23 . 2012-09-19 07:23 -------- d-----w- C:\$AVG
2012-09-18 11:19 . 2012-09-18 11:20 -------- d-----w- c:\users\Laptop\AppData\Roaming\Research In Motion
2012-09-18 10:04 . 2012-08-27 23:49 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6BAF8631-9153-463C-9213-F3F5A5E67F46}\mpengine.dll
2012-09-18 08:31 . 2012-09-18 13:06 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-18 06:14 . 2012-09-19 08:42 -------- d-----w- c:\users\Laptop\AppData\Local\Avg2013
2012-09-17 11:29 . 2012-09-17 12:28 -------- d-----w- C:\username123
2012-09-17 08:05 . 2012-09-17 08:05 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-09-16 12:36 . 2012-09-16 12:36 -------- d-----w- c:\users\Laptop\AppData\Roaming\TuneUp Software
2012-09-16 12:32 . 2012-09-16 12:32 -------- d-----w- c:\users\Laptop\AppData\Local\MFAData
2012-09-15 18:10 . 2012-09-15 18:10 -------- d-----w- c:\programdata\Sophos
2012-09-15 18:09 . 2012-09-17 08:41 -------- d-----w- c:\program files (x86)\Sophos
2012-09-15 13:01 . 2012-08-30 22:43 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-15 05:42 . 2012-09-15 05:42 -------- d-----w- c:\users\Laptop\AppData\Roaming\Malwarebytes
2012-09-15 05:42 . 2012-09-15 05:42 -------- d-----w- c:\programdata\Malwarebytes
2012-09-11 21:09 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-11 21:09 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-11 21:09 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-11 21:09 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-11 21:09 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-11 21:09 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-11 21:09 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-05 11:50 . 2012-09-05 11:50 -------- d-----w- C:\slide
2012-09-05 11:45 . 2012-09-05 11:47 -------- d-----w- c:\users\Laptop\AppData\Roaming\KS-SW
2012-09-05 11:44 . 2012-09-05 11:44 -------- d-----w- c:\programdata\{1A6A2529-7519-4B71-B2DE-4CA6C9396B48}
2012-09-03 15:09 . 2012-09-05 12:15 -------- d-----w- c:\users\Laptop\AppData\Roaming\Anvsoft
2012-09-03 15:08 . 2012-09-05 12:18 -------- d-----w- c:\program files (x86)\AnvSoft
2012-09-03 12:41 . 2012-09-03 12:41 -------- d-----w- c:\programdata\NCH Software
2012-09-03 12:41 . 2012-09-03 13:03 -------- d-----w- c:\program files (x86)\NCH Software
2012-09-03 12:41 . 2012-09-03 12:45 -------- d-----w- c:\users\Laptop\AppData\Roaming\NCH Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 07:11 . 2012-05-04 06:26 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-28 07:11 . 2012-05-04 06:26 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-27 06:09 . 2012-07-30 22:28 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-27 06:09 . 2012-07-30 22:28 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-13 14:40 . 2012-08-13 14:40 150880 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-08-10 02:52 . 2012-08-10 02:52 199520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-08-10 02:52 . 2012-08-10 02:52 105312 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-08-10 02:52 . 2012-08-10 02:52 40288 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2012-08-09 11:56 . 2012-08-09 11:56 230240 ----a-w- c:\windows\system32\drivers\avgloga.sys
2012-08-09 11:56 . 2012-08-09 11:56 60768 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-08-09 11:56 . 2012-08-09 11:56 175968 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-07-18 18:15 . 2012-08-16 06:44 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 20:07 . 2012-08-16 20:17 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-04 22:16 . 2012-08-16 06:44 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-16 06:44 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-16 06:44 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-16 06:44 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-06-29 04:55 . 2012-08-16 20:16 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-06-29 04:09 . 2012-08-16 20:16 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-06-29 03:56 . 2012-08-16 20:16 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 03:49 . 2012-08-16 20:16 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-29 03:49 . 2012-08-16 20:16 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 03:48 . 2012-08-16 20:16 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 03:47 . 2012-08-16 20:16 237056 ----a-w- c:\windows\system32\url.dll
2012-06-29 03:45 . 2012-08-16 20:16 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-29 03:44 . 2012-08-16 20:16 816640 ----a-w- c:\windows\system32\jscript.dll
2012-06-29 03:43 . 2012-08-16 20:16 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 03:42 . 2012-08-16 20:16 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-29 03:40 . 2012-08-16 20:16 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-29 03:39 . 2012-08-16 20:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-29 03:35 . 2012-08-16 20:16 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-29 00:16 . 2012-08-16 20:16 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-29 00:09 . 2012-08-16 20:16 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-29 00:08 . 2012-08-16 20:16 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04 . 2012-08-16 20:16 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00 . 2012-08-16 20:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-06 04:06 . 2012-06-06 04:06 2174976 ----a-w- c:\program files (x86)\Common Files\atimpenc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-16_08.13.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-09-18 13:42 72530 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-19 04:45 43536 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-03-29 12:11 . 2012-09-19 04:45 19008 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1355470665-1842977295-2144832153-1001_UserData.bin
- 2009-07-14 05:30 . 2012-09-12 05:06 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-09-18 11:20 86016 c:\windows\system32\DriverStore\infpub.dat
- 2007-05-14 14:06 . 2011-07-25 15:44 74752 c:\windows\system32\drivers\RimUsb_AMD64.sys
+ 2011-07-25 15:44 . 2011-07-25 15:44 74752 c:\windows\system32\drivers\RimUsb_AMD64.sys
- 2012-03-29 12:12 . 2012-09-16 06:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-29 12:12 . 2012-09-18 14:14 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-03-29 12:12 . 2012-09-16 06:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-29 12:12 . 2012-09-18 14:14 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-16 06:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-18 14:14 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-09-18 13:15 99040 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-09-18 11:18 . 2012-09-18 11:18 69632 c:\windows\Installer\{97B70991-5002-4241-8B0C-D74B8ADEB2B5}\NewShortcut4_838BDC75346D4F49BD1D5328F986CD86.exe
- 2012-08-29 08:35 . 2012-08-29 08:35 69632 c:\windows\Installer\{97B70991-5002-4241-8B0C-D74B8ADEB2B5}\NewShortcut4_838BDC75346D4F49BD1D5328F986CD86.exe
- 2012-09-16 06:52 . 2012-09-16 06:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-19 04:42 . 2012-09-19 04:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-19 04:42 . 2012-09-19 04:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-16 06:52 . 2012-09-16 06:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-26 20:28 . 2012-03-26 20:28 507904 c:\windows\SysWOW64\btwapi.dll
- 2012-03-01 20:16 . 2012-03-01 20:16 507904 c:\windows\SysWOW64\btwapi.dll
+ 2012-04-01 04:07 . 2012-09-19 08:35 313606 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-09-16 06:57 660318 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-19 04:46 660318 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-09-16 06:57 121214 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-09-19 04:46 121214 c:\windows\system32\perfc009.dat
- 2010-11-21 03:27 . 2012-02-23 08:18 279656 c:\windows\system32\MpSigStub.exe
+ 2010-11-21 03:27 . 2012-05-31 10:25 279656 c:\windows\system32\MpSigStub.exe
+ 2009-07-14 05:30 . 2012-09-18 11:20 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-09-12 05:06 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-09-18 11:18 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-09-12 05:06 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2012-09-19 08:02 . 2012-08-31 17:00 414460 c:\windows\system32\config\systemprofile\AppData\Local\Avg2013\update\backup\sc.dat
+ 2012-09-19 08:02 . 2012-08-31 17:00 177496 c:\windows\system32\config\systemprofile\AppData\Local\Avg2013\update\backup\sb.dat
+ 2011-12-09 19:03 . 2012-09-18 19:38 265464 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2012-09-18 19:38 483864 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-09-18 11:18 . 2012-09-18 11:18 413696 c:\windows\Installer\{97B70991-5002-4241-8B0C-D74B8ADEB2B5}\NewShortcut2_5B2EDCAA303A43629DACC3FFFABD0901.exe
- 2012-08-29 08:35 . 2012-08-29 08:35 413696 c:\windows\Installer\{97B70991-5002-4241-8B0C-D74B8ADEB2B5}\NewShortcut2_5B2EDCAA303A43629DACC3FFFABD0901.exe
- 2012-08-29 08:35 . 2012-08-29 08:35 413696 c:\windows\Installer\{97B70991-5002-4241-8B0C-D74B8ADEB2B5}\NewShortcut1_9F9ABBA94B874F449DBFBD7EB1332F16.exe
+ 2012-09-18 11:18 . 2012-09-18 11:18 413696 c:\windows\Installer\{97B70991-5002-4241-8B0C-D74B8ADEB2B5}\NewShortcut1_9F9ABBA94B874F449DBFBD7EB1332F16.exe
- 2012-08-29 08:35 . 2012-08-29 08:35 413696 c:\windows\Installer\{97B70991-5002-4241-8B0C-D74B8ADEB2B5}\ARPPRODUCTICON.exe
+ 2012-09-18 11:18 . 2012-09-18 11:18 413696 c:\windows\Installer\{97B70991-5002-4241-8B0C-D74B8ADEB2B5}\ARPPRODUCTICON.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 686464 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JP2KLib.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 595344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AXSLE.dll
+ 2009-07-14 04:45 . 2012-09-17 10:28 5038376 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2012-09-18 11:20 7284024 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-09-12 06:59 7284024 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-03-29 12:22 . 2012-09-18 19:38 7832688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1355470665-1842977295-2144832153-1001-8192.dat
+ 2012-04-07 06:44 . 2012-09-18 19:38 3963296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1355470665-1842977295-2144832153-1001-12288.dat
+ 2012-09-19 07:19 . 2012-09-19 07:19 8540160 c:\windows\Installer\939bfa.msi
+ 2012-09-19 07:22 . 2012-09-19 07:22 2818048 c:\windows\Installer\939bf6.msi
+ 2011-06-06 10:55 . 2011-06-06 10:55 5509512 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AGM.dll
+ 2012-09-16 12:35 . 2012-09-16 12:35 13074432 c:\windows\Installer\bedbd.msi
+ 2012-07-11 11:05 . 2012-07-11 11:05 28751872 c:\windows\Installer\92e164.msi
+ 2012-07-28 01:20 . 2012-07-28 01:20 13123584 c:\windows\Installer\6053d.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TouchFreeze"="c:\program files (x86)\TouchFreeze\TouchFreeze.exe" [2005-04-29 45056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-08-29 3039352]
.
c:\users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-10-8 198656]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 245120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2013\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-08-09 60768]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-08-20 5751928]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-04-21 294912]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]
R3 MGHwCtrl;MGHwCtrl;c:\program files\MSI\MSI Software Install\MGHwCtrl.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-01 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R4 UsbClientService;UsbClientService;c:\program files (x86)\Synology\Assistant\UsbClientService.exe [2011-02-18 245760]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-08-09 230240]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-08-10 40288]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-11-28 28992]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-08-13 150880]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-08-09 175968]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-08-10 105312]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-10 199520]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-04-21 1136640]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-08-20 184304]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-04-21 134928]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\S-Bar\MSIService.exe [2011-08-13 160768]
S2 MSI Foundation Service;MSI Foundation Service;c:\program files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [2010-07-17 12800]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-28 2253120]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2011-03-31 1646056]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-10-08 19192]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-04-21 294912]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-03-08 51712]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-03-08 274944]
S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys [2011-02-18 56160]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-03-23 59904]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-10-19 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-04-14 87552]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-04-14 207872]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys [2011-03-15 311400]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AVGLDX64
*NewlyCreated* - AVGMFX64
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-04 11780712]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.ca/
mStart Page = hxxp://msi.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-63640361.sys
SafeBoot-84841556.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-19 11:09:49
ComboFix-quarantined-files.txt 2012-09-19 09:09
ComboFix2.txt 2012-09-17 12:28
ComboFix3.txt 2012-09-16 12:16
ComboFix4.txt 2012-09-16 08:33
.
Pre-Run: 213,725,130,752 bytes free
Post-Run: 214,434,529,280 bytes free
.
- - End Of File - - 85AAEB180369A059B934ED2CE464022C

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:50 AM

Posted 19 September 2012 - 07:08 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 estomac

estomac
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 20 September 2012 - 02:06 AM

Hello Gringo,

Greetings from Zurich

Here is the report:

--------------------------------------------------------------------

Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Battery Calibration
bl
BlackBerry Desktop Software 7.1
calibre
Cinema ProII Setup
Contrôle ActiveX Windows Live Mesh pour connexions ŕ distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Corel WinDVD
D3DX10
DHTML Editing Component
Dragon Age: Origins
eXtreme Books Manager 1.0.2.3 - Full Install!
Forté Agent
Galerie de photos Windows Live
Galería fotográfica de Windows Live
HPS Campaign Jena-Auerstedt
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Junk Mail filter update
MediaMonkey 4.0
Mesh Runtime
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MSI HOUSE
MSI Software Install
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Napoleon - Total War
Napoleon Total War
NVIDIA PhysX
OneNote 2010 Sort Pages
ph
PowerISO
Quicken 2012
QuickPar 0.9
Raccolta foto di Windows Live
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Reader Driver
Renesas Electronics USB 3.0 Host Controller Driver
Revo Uninstaller 1.94
Rosetta Stone Ltd Services
Rosetta Stone TOTALe
S-Bar
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype™ 5.10
Synology Assistant (remove only)
THX TruStudio Pro
TouchFreeze
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VC80CRTRedist - 8.0.50727.6195
Visual Studio 2008 x64 Redistributables
Web Easy Professional
Web Easy Professional 8
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:50 AM

Posted 20 September 2012 - 02:41 AM

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:50 AM

Posted 23 September 2012 - 07:04 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users