Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pls Help! Fear trojan/malware-hundreds of .zip files in local>temp folder


  • This topic is locked This topic is locked
15 replies to this topic

#1 sarvalito

sarvalito

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 13 May 2013 - 08:27 PM

Hi,

 

I noticed a few weeks ago that my laptop's hard drive space got sucked in half. with a small SSD, it was clear something was wrong. I noticed in my appdata/local/temp there are dozens of .zip files being made each day named "Temp1-(followed by a personal file folder name)" through "Temp99-xx"  everyday that I turn on my computer and it  goes online it seems to generate a new series of these folder copies. 

 

In addition I also see folders created titled "Temp#_blinkyappRsrc_en-US[1].zip" and "Temp#_obsidianappRsrc_en-US[1].zip"

 

A during the last few weeks I did get the BS error with some sort of kernel error message that I unfortunately do not have a picture of. It was when Dell was trying to troubleshoot my computer and downloaded some drivers. I am not sure if it was a valid error or not, but I thought I would just mention it. 

 

Opening task manager I see a dozen instances of chrome.exe running and I also see csrss.exe using 2,836K of memory. 

 

Lastly, I did get that trojan email referencing a AA flight #xxxxx but I am pretty sure I wasn't stupid enough to download the attachment. 

 

This is a Dell xps 14z. running Windows 7 with Avast! and having run Malwarebytes Anti-Malware quick and full-no 

malware was found. Something just isn't adding up. I would greatly appreciate any assistance.

 

Thanks!

 

Sav

 

Also - AVAST detected a Win32:Trojan (john.exe) in some of those temp files but has moved them to sandbox.


Edited by sarvalito, 13 May 2013 - 08:38 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:36 PM

Posted 13 May 2013 - 08:49 PM

Hello and welcome..

lets run these and see how it is after.

 

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

 

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

 

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

 

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

 

>>>>>

Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)
 
Do not change the default options on scan results.

 

 

Please download AdwCleaner by Xplode onto your desktop.
•Close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Delete.
•Confirm each time with Ok.
•You will be prompted to restart your computer. A text file will open after the restart.
•Please post the contents of that logfile with your next reply.
•You can find the logfile at C:\AdwCleaner[S1].txt as well.

>>>>

Now I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

NOTE:Sometimes if ESET finds no infections it will not create a log.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 sarvalito

sarvalito
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 13 May 2013 - 09:51 PM

Hi,

 

Thank you for your assistance! Here are the first few logs...i will paste the ESET scan info as soon as it has completed.

 

Result.txt

 

MiniToolBox by Farbar  Version:21-04-2013

 

Ran by Sarvi (administrator) on 13-05-2013 at 19:00:38
Running from "C:\Users\Sarvi\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Intel® Centrino® Advanced-N 6230 = Wireless Network Connection (Connected)
Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Sarvi-14z
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 00-DB-DF-2C-E5-76
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel® Centrino® Advanced-N 6230
   Physical Address. . . . . . . . . : 00-DB-DF-2C-E5-75
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::9404:8c29:8dba:291%16(Preferred) 
   IPv4 Address. . . . . . . . . . . : 100.100.100.143(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, May 13, 2013 2:09:29 PM
   Lease Expires . . . . . . . . . . : Tuesday, May 14, 2013 2:09:28 PM
   Default Gateway . . . . . . . . . : 100.100.100.100
   DHCP Server . . . . . . . . . . . : 100.100.100.100
   DHCPv6 IAID . . . . . . . . . . . : 445141806
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-19-EE-D7-5C-26-0A-87-10-01
   DNS Servers . . . . . . . . . . . : 100.100.100.100
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 00-DB-DF-2C-E5-79
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
   Physical Address. . . . . . . . . : 5C-26-0A-87-10-01
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{26C51BE4-7759-4EE1-8D38-611E15D522FF}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter 6TO4 Adapter:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2002:6464:648f::6464:648f(Preferred) 
   Default Gateway . . . . . . . . . : 
   DNS Servers . . . . . . . . . . . : 100.100.100.100
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.{F36976B0-131F-4BFD-B451-54AAF0C809E6}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{2637CA0C-FE08-4FE0-8337-45B0B8B50197}:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Default Gateway . . . . . . . . . : 
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.{A46DE162-D039-4D16-B58D-229FD4DA6608}:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Default Gateway . . . . . . . . . : 
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:437:3b23:9f06:3441(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::437:3b23:9f06:3441%15(Preferred) 
   Default Gateway . . . . . . . . . : 
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  100.100.100.100
 
Name:    google.com
Addresses:  2001:4860:4001:802::100e
 74.125.224.103
 74.125.224.96
 74.125.224.101
 74.125.224.99
 74.125.224.104
 74.125.224.100
 74.125.224.105
 74.125.224.98
 74.125.224.97
 74.125.224.110
 74.125.224.102
 
 
Pinging google.com [74.125.224.105] with 32 bytes of data:
Reply from 74.125.224.105: bytes=32 time=35ms TTL=57
Reply from 74.125.224.105: bytes=32 time=35ms TTL=57
 
Ping statistics for 74.125.224.105:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 35ms, Maximum = 35ms, Average = 35ms
Server:  UnKnown
Address:  100.100.100.100
 
Name:    yahoo.com
Addresses:  98.139.183.24
 98.138.253.109
 206.190.36.45
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=431ms TTL=50
Reply from 98.139.183.24: bytes=32 time=732ms TTL=49
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 431ms, Maximum = 732ms, Average = 581ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128
Reply from 127.0.0.1: bytes=32 time=5ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 2ms, Maximum = 5ms, Average = 3ms
===========================================================================
Interface List
 17...00 db df 2c e5 76 ......Microsoft Virtual WiFi Miniport Adapter
 16...00 db df 2c e5 75 ......Intel® Centrino® Advanced-N 6230
 13...00 db df 2c e5 79 ......Bluetooth Device (Personal Area Network)
 11...5c 26 0a 87 10 01 ......Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
  1...........................Software Loopback Interface 1
 39...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 40...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
 15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0  100.100.100.100  100.100.100.143     25
    100.100.100.0    255.255.255.0         On-link   100.100.100.143    281
  100.100.100.143  255.255.255.255         On-link   100.100.100.143    281
  100.100.100.255  255.255.255.255         On-link   100.100.100.143    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link   100.100.100.143    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link   100.100.100.143    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 15     58 2001::/32                On-link
 15    306 2001:0:9d38:953c:437:3b23:9f06:3441/128
                                    On-link
 12   1025 2002::/16                On-link
 12    281 2002:6464:648f::6464:648f/128
                                    On-link
 16    281 fe80::/64                On-link
 15    306 fe80::/64                On-link
 15    306 fe80::437:3b23:9f06:3441/128
                                    On-link
 16    281 fe80::9404:8c29:8dba:291/128
                                    On-link
  1    306 ff00::/8                 On-link
 15    306 ff00::/8                 On-link
 16    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/12/2013 11:49:13 PM) (Source: Microsoft-Windows-RestartManager) (User: Sarvi-14z)
Description: Application or service 'Google Chrome' could not be shut down.
 
Error: (05/11/2013 03:18:43 AM) (Source: CVHSVC) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
 
Error: (05/11/2013 03:18:11 AM) (Source: CVHSVC) (User: )
Description: Information only.
Too many failures while downloading ranges: 2
 
Error: (05/11/2013 03:16:20 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/10/2013 05:05:42 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
 
Error: (05/10/2013 05:03:27 PM) (Source: CVHSVC) (User: )
Description: Information only.
Too many failures while downloading ranges: 2
 
Error: (05/10/2013 04:57:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/10/2013 11:17:33 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc0000374
Fault offset: 0x00000000000c40f2
Faulting process id: 0xfc8
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (05/08/2013 02:47:29 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
 
Error: (05/08/2013 02:46:43 PM) (Source: CVHSVC) (User: )
Description: Information only.
Too many failures while downloading ranges: 2
 
 
System errors:
=============
Error: (05/13/2013 01:30:31 PM) (Source: DCOM) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
 
Error: (05/11/2013 03:18:32 AM) (Source: Service Control Manager) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/10/2013 05:00:01 PM) (Source: Service Control Manager) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/10/2013 00:32:50 AM) (Source: DCOM) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 
Error: (05/08/2013 02:46:03 PM) (Source: Service Control Manager) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/08/2013 02:43:51 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 2:43:03 PM on ?5/?8/?2013 was unexpected.
 
Error: (05/08/2013 01:14:09 PM) (Source: Service Control Manager) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/07/2013 08:04:53 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume E: were aborted because the shadow copy storage failed to grow.
 
Error: (05/07/2013 07:35:59 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error: (05/07/2013 07:35:58 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2013-04-24 13:06:01.996
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-24 13:06:01.994
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-24 13:06:01.991
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-24 13:06:01.987
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-22 00:08:38.646
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-22 00:08:38.643
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-22 00:08:38.640
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-22 00:08:38.638
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-21 15:32:44.870
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-21 15:32:44.868
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
AccelerometerP11 (Version: 2.00.10.23)
Accidental Damage Services Agreement (Version: 2.0.0)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.2.443)
Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.0.0)
Adobe After Effects CS4 (Version: 9)
Adobe After Effects CS4 Presets (Version: 9)
Adobe After Effects CS4 Template Projects & Footage (Version: 9)
Adobe After Effects CS4 Third Party Content (Version: 9)
Adobe AIR (Version: 2.6.0.19120)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Anchor Service x64 CS4 (Version: 2.0)
Adobe Asset Services CS4 (Version: 4)
Adobe Bridge CS4 (Version: 3)
Adobe CMaps CS4 (Version: 2.0)
Adobe CMaps x64 CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (Version: 2.0)
Adobe Color EU Extra Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Recommended Settings CS4 (Version: 2.0)
Adobe Color Video Profiles AE CS4 (Version: 2.0)
Adobe Color Video Profiles CS CS4 (Version: 2.0)
Adobe Creative Suite 4 Design Premium (Version: 4.0)
Adobe CSI CS4 (Version: 1)
Adobe CSI CS4 x64 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe Device Central CS4 (Version: 2)
Adobe Director 11 (Version: 11)
Adobe Dreamweaver CS4 (Version: 10.0)
Adobe Drive CS4 (Version: 1)
Adobe Drive CS4 x64 (Version: 1)
Adobe Dynamiclink Support (Version: 1)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Extension Manager CS4 (Version: 2.0)
Adobe Fireworks CS4 (Version: 10.0)
Adobe Flash CS4 (Version: 10.0)
Adobe Flash CS4 Extension - Flash Lite STI en (Version: 3.0)
Adobe Flash CS4 STI-en (Version: 10.0)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Fonts All (Version: 2.0)
Adobe Fonts All x64 (Version: 2.0)
Adobe Illustrator CS4 (Version: 14.0)
Adobe InDesign CS4 (Version: 6.0)
Adobe InDesign CS4 Application Feature Set Files (Roman) (Version: 6.0)
Adobe InDesign CS4 Common Base Files (Version: 6.0)
Adobe InDesign CS4 Icon Handler (Version: 6.0)
Adobe InDesign CS4 Icon Handler x64 (Version: 6.0)
Adobe Linguistics CS4 (Version: 4.0.0)
Adobe Linguistics CS4 x64 (Version: 4.0.0)
Adobe Media Encoder CS4 (Version: 1.0)
Adobe Media Encoder CS4 Additional Exporter (Version: 1.0)
Adobe Media Encoder CS4 Exporter (Version: 1.0)
Adobe Media Encoder CS4 Importer (Version: 1.0)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.1)
Adobe MotionPicture Color Files CS4 (Version: 2.0)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe PDF Library Files x64 CS4 (Version: 9.0)
Adobe Photoshop CS4 (64 Bit) (Version: 11.0)
Adobe Photoshop CS4 (Version: 11.0)
Adobe Photoshop CS4 Support (Version: 11.0)
Adobe Reader X (10.1.6) (Version: 10.1.6)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe SGM CS4 (Version: 3.0)
Adobe SING CS4 (Version: 2.0)
Adobe Type Support CS4 (Version: 9.0)
Adobe Type Support x64 CS4 (Version: 9.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe Version Cue CS4 Server (Version: 4.0)
Adobe WinSoft Linguistics Plugin (Version: 1.1)
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetCMYK (Version: 2.0)
AdobeColorCommonSetRGB (Version: 2.0)
Advanced Audio FX Engine (Version: 1.12.05)
Amazon MP3 Downloader 1.0.17 (Version: 1.0.17)
Apple Application Support (Version: 2.3)
Apple Software Update (Version: 2.1.3.127)
avast! Internet Security (Version: 8.0.1483.0)
Banctec Service Agreement (Version: 2.0.0)
Blio (Version: 2.3.7140)
CCleaner (Version: 3.16)
Complete Care Business Service Agreement (Version: 2.0.0)
Connect (Version: 1.0.0.1)
Consumer In-Home Service Agreement (Version: 2.0.0)
D3DX10 (Version: 15.4.2368.0902)
Dell DataSafe Local Backup - Support Software (Version: 9.4.61)
Dell DataSafe Local Backup (Version: 9.4.61)
Dell DataSafe Online (Version: 2.1.19634)
Dell Digital Delivery (Version: 2.2.2000.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Home Systems Service Agreement (Version: 2.0.0)
Dell MusicStage (Version: 1.5.201.0)
Dell PhotoStage (Version: 1.5.0.65)
Dell Stage (Version: 1.5.201.0)
Dell Support Center (Version: 3.2.6032.125)
Dell VideoStage  (Version: 1.2.0.1712)
Dell Webcam Central (Version: 2.01.17)
DirectX 9 Runtime (Version: 1.00.0000)
Google Chrome (Version: 26.0.1410.64)
Google Drive (Version: 1.9.4536.8202)
Google Talk Plugin (Version: 3.19.1.13088)
Google Update Helper (Version: 1.3.21.145)
High-Definition Video Playback (Version: 11.1.11500.4.273)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2361)
Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.6.1.0536)
Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 1.2.1.0608)
Intel® PROSet/Wireless WiFi Software Driver (Version: 15.06.1000.0167)
Intel® Rapid Storage Technology (Version: 10.1.2.1004)
Intel® Turbo Boost Technology Monitor 2.0 (Version: 2.1.23.0)
Intel® PROSet/Wireless Software (Version: 15.6.1)
Intel® PROSet/Wireless WiFi Software (Version: 15.06.1000.0142)
iTunes (Version: 10.6.1.7)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Junk Mail filter update (Version: 15.4.3502.0922)
kuler (Version: 2.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MyDefrag v4.3.1 (Version: 4.0.0.0)
Nero 10 Movie ThemePack Basic (Version: 10.6.10000.1.0)
Nero Control Center 10 (Version: 10.6.13000.0.11)
Nero ControlCenter 10 Help (CHM) (Version: 10.2.10800)
Nero Core Components 10 (Version: 2.0.20000.9.12)
Nero Update (Version: 11.0.11500.28.0)
NVIDIA Display Control Panel (Version: 6.14.12.6952)
NVIDIA PhysX (Version: 9.10.0513)
PDF Settings CS4 (Version: 9.0)
Photoshop Camera Raw (Version: 5.0)
Photoshop Camera Raw_x64 (Version: 5.0)
PhotoShowExpress (Version: 2.0.063)
Pixel Bender Toolkit (Version: 1.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
Premium Service Agreement (Version: 2.0.0)
QualxServ Service Agreement (Version: 2.0.0)
Quickset64 (Version: 10.13.010)
QuickTime (Version: 7.73.80.64)
RBVirtualFolder64Inst (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.6392)
Roxio Activation Module (Version: 1.0)
Roxio BackOnTrack (Version: 1.3.3)
Roxio Burn (Version: 1.8)
Roxio Creator Starter (Version: 1.0.439)
Roxio Creator Starter (Version: 12.1.77.0)
Roxio Creator Starter (Version: 5.0.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
Shared C Run-time for x64 (Version: 10.0.0)
Skype™ 5.10 (Version: 5.10.116)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
Spotify (Version: 0.9.0.128.g3134f863)
Suite Shared Configuration CS4 (Version: 1.0)
Synaptics Pointing Device Driver (Version: 16.1.6.0)
SyncUP (Version: 1.12.11200.10.102)
SyncUP (Version: 10.2.15400)
System Requirements Lab for Intel (64-bit) (Version: 4.5.13.0)
TrustedID (Version: 5.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Zinio Reader 4 (Version: 4.2.4164)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 60%
Total physical RAM: 8137.56 MB
Available physical RAM: 3176.17 MB
Total Pagefile: 16273.3 MB
Available Pagefile: 10926.92 MB
Total Virtual: 4095.88 MB
Available Virtual: 3972.03 MB
 
========================= Partitions: =====================================
 
1 Drive c: (OS) (Fixed) (Total:217.18 GB) (Free:34.27 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\SARVI-14Z
 
Administrator            Guest                    Sarvi                    
 
 
**** End of log ****
 
 
TDSSKiller.2.8.16.0_13.05.2013_19.02.09_log.txt

 

 
19:02:09.0979 6700  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:02:10.0520 6700  ============================================================
19:02:10.0520 6700  Current date / time: 2013/05/13 19:02:10.0520
19:02:10.0520 6700  SystemInfo:
19:02:10.0520 6700  
19:02:10.0520 6700  OS Version: 6.1.7601 ServicePack: 1.0
19:02:10.0520 6700  Product type: Workstation
19:02:10.0521 6700  ComputerName: SARVI-14Z
19:02:10.0521 6700  UserName: Sarvi
19:02:10.0521 6700  Windows directory: C:\Windows
19:02:10.0521 6700  System windows directory: C:\Windows
19:02:10.0521 6700  Running under WOW64
19:02:10.0521 6700  Processor architecture: Intel x64
19:02:10.0521 6700  Number of processors: 4
19:02:10.0521 6700  Page size: 0x1000
19:02:10.0521 6700  Boot type: Normal boot
19:02:10.0521 6700  ============================================================
19:02:10.0751 6700  Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:02:10.0754 6700  ============================================================
19:02:10.0754 6700  \Device\Harddisk0\DR0:
19:02:10.0755 6700  MBR partitions:
19:02:10.0755 6700  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1A80000
19:02:10.0755 6700  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A94000, BlocksNum 0x1B25C000
19:02:10.0755 6700  ============================================================
19:02:10.0757 6700  C: <-> \Device\Harddisk0\DR0\Partition2
19:02:10.0757 6700  ============================================================
19:02:10.0757 6700  Initialize success
19:02:10.0757 6700  ============================================================
19:02:33.0966 7404  ============================================================
19:02:33.0966 7404  Scan started
19:02:33.0966 7404  Mode: Manual; TDLFS; 
19:02:33.0966 7404  ============================================================
19:02:34.0289 7404  ================ Scan system memory ========================
19:02:34.0289 7404  System memory - ok
19:02:34.0297 7404  ================ Scan services =============================
19:02:34.0357 7404  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:02:34.0362 7404  1394ohci - ok
19:02:34.0369 7404  [ E0065CBF1A25C015C218457D2CD522B9 ] Acceler         C:\Windows\system32\DRIVERS\Accelern.sys
19:02:34.0370 7404  Acceler - ok
19:02:34.0381 7404  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:02:34.0388 7404  ACPI - ok
19:02:34.0410 7404  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:02:34.0412 7404  AcpiPmi - ok
19:02:34.0419 7404  [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs            C:\Windows\system32\drivers\adfs.sys
19:02:34.0423 7404  adfs - ok
19:02:34.0437 7404  [ 57A3B9A69F14414ACE12AFD6BA701773 ] Adobe Version Cue CS4 C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
19:02:34.0443 7404  Adobe Version Cue CS4 - ok
19:02:34.0450 7404  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:02:34.0452 7404  AdobeARMservice - ok
19:02:34.0480 7404  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:02:34.0484 7404  AdobeFlashPlayerUpdateSvc - ok
19:02:34.0505 7404  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:02:34.0512 7404  adp94xx - ok
19:02:34.0532 7404  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:02:34.0537 7404  adpahci - ok
19:02:34.0547 7404  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:02:34.0550 7404  adpu320 - ok
19:02:34.0575 7404  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:02:34.0577 7404  AeLookupSvc - ok
19:02:34.0593 7404  [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
19:02:34.0594 7404  AERTFilters - ok
19:02:34.0613 7404  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
19:02:34.0619 7404  AFD - ok
19:02:34.0629 7404  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:02:34.0631 7404  agp440 - ok
19:02:34.0634 7404  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
19:02:34.0636 7404  ALG - ok
19:02:34.0638 7404  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:02:34.0640 7404  aliide - ok
19:02:34.0643 7404  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:02:34.0644 7404  amdide - ok
19:02:34.0647 7404  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
19:02:34.0649 7404  AmdK8 - ok
19:02:34.0652 7404  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
19:02:34.0654 7404  AmdPPM - ok
19:02:34.0657 7404  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:02:34.0659 7404  amdsata - ok
19:02:34.0664 7404  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
19:02:34.0667 7404  amdsbs - ok
19:02:34.0670 7404  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:02:34.0672 7404  amdxata - ok
19:02:34.0676 7404  [ D86564B66FB10C73C13F40F7D8E40FE6 ] AMPPAL          C:\Windows\system32\DRIVERS\AMPPAL.sys
19:02:34.0677 7404  AMPPAL - ok
19:02:34.0682 7404  [ D86564B66FB10C73C13F40F7D8E40FE6 ] AMPPALP         C:\Windows\system32\DRIVERS\amppal.sys
19:02:34.0683 7404  AMPPALP - ok
19:02:34.0697 7404  [ 9BE647AB104153BD0053EB4A48F50B31 ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
19:02:34.0701 7404  AMPPALR3 - ok
19:02:34.0716 7404  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
19:02:34.0718 7404  AppID - ok
19:02:34.0730 7404  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:02:34.0731 7404  AppIDSvc - ok
19:02:34.0746 7404  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
19:02:34.0748 7404  Appinfo - ok
19:02:34.0751 7404  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
19:02:34.0753 7404  arc - ok
19:02:34.0776 7404  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:02:34.0778 7404  arcsas - ok
19:02:34.0789 7404  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:02:34.0791 7404  aspnet_state - ok
19:02:34.0799 7404  [ B217378ED9A964E15346A67FEF609A17 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
19:02:34.0800 7404  aswFsBlk - ok
19:02:34.0805 7404  [ E0106296D9BAF77F94BDC46A6300310C ] aswFW           C:\Windows\system32\drivers\aswFW.sys
19:02:34.0807 7404  aswFW - ok
19:02:34.0810 7404  [ 36949EB7E71C5779C5163AF6AFB2A161 ] aswKbd          C:\Windows\system32\drivers\aswKbd.sys
19:02:34.0811 7404  aswKbd - ok
19:02:34.0829 7404  [ E92635BB235B03ED03B17CBB59F77FA4 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
19:02:34.0830 7404  aswMonFlt - ok
19:02:34.0843 7404  [ 518B8D447A1975AB46DA093A2E743256 ] aswNdis         C:\Windows\system32\DRIVERS\aswNdis.sys
19:02:34.0844 7404  aswNdis - ok
19:02:34.0871 7404  [ 37D73565082D0CBFE62EA436EF4AE998 ] aswNdis2        C:\Windows\system32\drivers\aswNdis2.sys
19:02:34.0875 7404  aswNdis2 - ok
19:02:34.0888 7404  [ 8F90459AFB7FD4557D935CE639EF6110 ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
19:02:34.0890 7404  aswRdr - ok
19:02:34.0893 7404  [ DE6759B8D8E62BF0FFF2B05F05AFCEE6 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
19:02:34.0895 7404  aswRvrt - ok
19:02:34.0917 7404  [ AB8B4D3136D18A20777036E0F0CFC5E1 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
19:02:34.0926 7404  aswSnx - ok
19:02:34.0938 7404  [ 97D4D725BD32C965119E6C8E252F8C64 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
19:02:34.0942 7404  aswSP - ok
19:02:34.0954 7404  [ D62C10D1829C65115111C160EA956260 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
19:02:34.0955 7404  aswTdi - ok
19:02:34.0963 7404  [ 7E44C2684A6CA779B9D07CB4BD3F649D ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
19:02:34.0966 7404  aswVmm - ok
19:02:34.0969 7404  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:02:34.0971 7404  AsyncMac - ok
19:02:34.0974 7404  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
19:02:34.0975 7404  atapi - ok
19:02:34.0985 7404  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:02:34.0991 7404  AudioEndpointBuilder - ok
19:02:35.0000 7404  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:02:35.0003 7404  AudioSrv - ok
19:02:35.0008 7404  [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:02:35.0009 7404  avast! Antivirus - ok
19:02:35.0014 7404  [ DA387EDDBA421A7A8132E256343C2799 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
19:02:35.0016 7404  avast! Firewall - ok
19:02:35.0022 7404  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:02:35.0024 7404  AxInstSV - ok
19:02:35.0032 7404  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
19:02:35.0037 7404  b06bdrv - ok
19:02:35.0060 7404  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:02:35.0064 7404  b57nd60a - ok
19:02:35.0081 7404  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:02:35.0083 7404  BDESVC - ok
19:02:35.0086 7404  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:02:35.0088 7404  Beep - ok
19:02:35.0098 7404  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
19:02:35.0105 7404  BFE - ok
19:02:35.0116 7404  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
19:02:35.0125 7404  BITS - ok
19:02:35.0129 7404  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:02:35.0130 7404  blbdrive - ok
19:02:35.0143 7404  [ 0F46D2845BD7DDACA52340ECC2B65DA3 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
19:02:35.0147 7404  Bluetooth Device Monitor - ok
19:02:35.0161 7404  [ 3341DE556EC28252D603277609EEF8BF ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
19:02:35.0167 7404  Bluetooth Media Service - ok
19:02:35.0179 7404  [ 5D5C3EC9BE1107DEDF0FEB55B7F3BD77 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
19:02:35.0184 7404  Bluetooth OBEX Service - ok
19:02:35.0195 7404  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:02:35.0196 7404  bowser - ok
19:02:35.0199 7404  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
19:02:35.0200 7404  BrFiltLo - ok
19:02:35.0204 7404  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
19:02:35.0205 7404  BrFiltUp - ok
19:02:35.0209 7404  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
19:02:35.0212 7404  Browser - ok
19:02:35.0217 7404  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:02:35.0221 7404  Brserid - ok
19:02:35.0224 7404  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:02:35.0226 7404  BrSerWdm - ok
19:02:35.0229 7404  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:02:35.0230 7404  BrUsbMdm - ok
19:02:35.0233 7404  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:02:35.0234 7404  BrUsbSer - ok
19:02:35.0237 7404  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
19:02:35.0239 7404  BthEnum - ok
19:02:35.0242 7404  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:02:35.0244 7404  BTHMODEM - ok
19:02:35.0247 7404  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
19:02:35.0249 7404  BthPan - ok
19:02:35.0268 7404  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
19:02:35.0273 7404  BTHPORT - ok
19:02:35.0284 7404  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
19:02:35.0285 7404  bthserv - ok
19:02:35.0289 7404  [ D30286FF3C7B6318C024D2BC2955C1BF ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
19:02:35.0290 7404  BTHSSecurityMgr - ok
19:02:35.0294 7404  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
19:02:35.0295 7404  BTHUSB - ok
19:02:35.0298 7404  [ AB0A33001FE7EBB209D9D52CED11BE1A ] btmaux          C:\Windows\system32\DRIVERS\btmaux.sys
19:02:35.0299 7404  btmaux - ok
19:02:35.0305 7404  [ 5BA4C6F82A5CA3307C0579D9F7B36E28 ] btmhsf          C:\Windows\system32\DRIVERS\btmhsf.sys
19:02:35.0306 7404  btmhsf - ok
19:02:35.0310 7404  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:02:35.0311 7404  cdfs - ok
19:02:35.0325 7404  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:02:35.0327 7404  cdrom - ok
19:02:35.0340 7404  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
19:02:35.0342 7404  CertPropSvc - ok
19:02:35.0355 7404  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
19:02:35.0356 7404  circlass - ok
19:02:35.0374 7404  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:02:35.0379 7404  CLFS - ok
19:02:35.0389 7404  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:02:35.0390 7404  clr_optimization_v2.0.50727_32 - ok
19:02:35.0405 7404  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:02:35.0407 7404  clr_optimization_v2.0.50727_64 - ok
19:02:35.0431 7404  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:02:35.0434 7404  clr_optimization_v4.0.30319_32 - ok
19:02:35.0438 7404  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:02:35.0441 7404  clr_optimization_v4.0.30319_64 - ok
19:02:35.0453 7404  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:02:35.0454 7404  CmBatt - ok
19:02:35.0457 7404  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:02:35.0458 7404  cmdide - ok
19:02:35.0476 7404  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
19:02:35.0481 7404  CNG - ok
19:02:35.0484 7404  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:02:35.0486 7404  Compbatt - ok
19:02:35.0489 7404  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
19:02:35.0490 7404  CompositeBus - ok
19:02:35.0493 7404  COMSysApp - ok
19:02:35.0496 7404  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
19:02:35.0498 7404  crcdisk - ok
19:02:35.0515 7404  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:02:35.0518 7404  CryptSvc - ok
19:02:35.0541 7404  [ DF214BFF646880D0EB31BDC86136B29B ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
19:02:35.0543 7404  CtClsFlt - ok
19:02:35.0566 7404  [ 61A86809B62769643892BC0812B204AA ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:02:35.0574 7404  cvhsvc - ok
19:02:35.0593 7404  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:02:35.0600 7404  DcomLaunch - ok
19:02:35.0620 7404  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
19:02:35.0624 7404  defragsvc - ok
19:02:35.0640 7404  [ 18B5C959CBE24D4D4C2381EFB87611DE ] DellDigitalDelivery C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
19:02:35.0641 7404  DellDigitalDelivery - ok
19:02:35.0653 7404  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:02:35.0655 7404  DfsC - ok
19:02:35.0671 7404  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:02:35.0675 7404  Dhcp - ok
19:02:35.0686 7404  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:02:35.0687 7404  discache - ok
19:02:35.0709 7404  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
19:02:35.0710 7404  Disk - ok
19:02:35.0717 7404  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:02:35.0720 7404  Dnscache - ok
19:02:35.0747 7404  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:02:35.0750 7404  dot3svc - ok
19:02:35.0761 7404  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
19:02:35.0764 7404  DPS - ok
19:02:35.0776 7404  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:02:35.0777 7404  drmkaud - ok
19:02:35.0797 7404  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:02:35.0806 7404  DXGKrnl - ok
19:02:35.0809 7404  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
19:02:35.0811 7404  EapHost - ok
19:02:35.0851 7404  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
19:02:35.0877 7404  ebdrv - ok
19:02:35.0881 7404  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
19:02:35.0883 7404  EFS - ok
19:02:35.0894 7404  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:02:35.0900 7404  ehRecvr - ok
19:02:35.0904 7404  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
19:02:35.0906 7404  ehSched - ok
19:02:35.0922 7404  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
19:02:35.0928 7404  elxstor - ok
19:02:35.0934 7404  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:02:35.0935 7404  ErrDev - ok
19:02:35.0953 7404  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
19:02:35.0959 7404  EventSystem - ok
19:02:35.0983 7404  [ 00B132F23AA25DEF2060D490B0AB70EF ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
19:02:35.0986 7404  EvtEng - ok
19:02:35.0992 7404  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
19:02:35.0995 7404  exfat - ok
19:02:36.0000 7404  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:02:36.0003 7404  fastfat - ok
19:02:36.0020 7404  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
19:02:36.0028 7404  Fax - ok
19:02:36.0039 7404  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
19:02:36.0040 7404  fdc - ok
19:02:36.0043 7404  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:02:36.0045 7404  fdPHost - ok
19:02:36.0048 7404  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:02:36.0050 7404  FDResPub - ok
19:02:36.0063 7404  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:02:36.0065 7404  FileInfo - ok
19:02:36.0068 7404  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:02:36.0069 7404  Filetrace - ok
19:02:36.0079 7404  [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:02:36.0082 7404  FLEXnet Licensing Service - ok
19:02:36.0094 7404  [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
19:02:36.0099 7404  FLEXnet Licensing Service 64 - ok
19:02:36.0103 7404  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
19:02:36.0104 7404  flpydisk - ok
19:02:36.0110 7404  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:02:36.0113 7404  FltMgr - ok
19:02:36.0143 7404  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
19:02:36.0154 7404  FontCache - ok
19:02:36.0158 7404  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:02:36.0160 7404  FontCache3.0.0.0 - ok
19:02:36.0163 7404  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:02:36.0165 7404  FsDepends - ok
19:02:36.0168 7404  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:02:36.0169 7404  Fs_Rec - ok
19:02:36.0178 7404  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:02:36.0181 7404  fvevol - ok
19:02:36.0187 7404  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:02:36.0189 7404  gagp30kx - ok
19:02:36.0194 7404  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:02:36.0195 7404  GEARAspiWDM - ok
19:02:36.0206 7404  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
19:02:36.0214 7404  gpsvc - ok
19:02:36.0220 7404  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:02:36.0222 7404  gupdate - ok
19:02:36.0225 7404  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:02:36.0226 7404  gupdatem - ok
19:02:36.0230 7404  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:02:36.0231 7404  hcw85cir - ok
19:02:36.0248 7404  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:02:36.0252 7404  HdAudAddService - ok
19:02:36.0270 7404  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:02:36.0272 7404  HDAudBus - ok
19:02:36.0275 7404  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
19:02:36.0277 7404  HidBatt - ok
19:02:36.0280 7404  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:02:36.0282 7404  HidBth - ok
19:02:36.0292 7404  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
19:02:36.0293 7404  HidIr - ok
19:02:36.0304 7404  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
19:02:36.0306 7404  hidserv - ok
19:02:36.0316 7404  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
19:02:36.0318 7404  HidUsb - ok
19:02:36.0325 7404  [ 852681A14AFEE00C0C3179429A08C868 ] HipShieldK      C:\Windows\system32\drivers\HipShieldK.sys
19:02:36.0326 7404  HipShieldK - ok
19:02:36.0335 7404  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:02:36.0338 7404  hkmsvc - ok
19:02:36.0344 7404  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:02:36.0348 7404  HomeGroupListener - ok
19:02:36.0372 7404  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:02:36.0377 7404  HomeGroupProvider - ok
19:02:36.0388 7404  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:02:36.0390 7404  HpSAMD - ok
19:02:36.0398 7404  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:02:36.0406 7404  HTTP - ok
19:02:36.0409 7404  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:02:36.0410 7404  hwpolicy - ok
19:02:36.0414 7404  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:02:36.0416 7404  i8042prt - ok
19:02:36.0424 7404  [ D469B77687E12FE43E344806740B624D ] iaStor          C:\Windows\system32\drivers\iaStor.sys
19:02:36.0426 7404  iaStor - ok
19:02:36.0430 7404  [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
19:02:36.0431 7404  IAStorDataMgrSvc - ok
19:02:36.0438 7404  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:02:36.0443 7404  iaStorV - ok
19:02:36.0450 7404  [ 806422F30DF9CE8307457485779C77B7 ] iBtFltCoex      C:\Windows\system32\DRIVERS\iBtFltCoex.sys
19:02:36.0450 7404  iBtFltCoex - ok
19:02:36.0474 7404  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:02:36.0483 7404  idsvc - ok
19:02:36.0623 7404  [ 174BCAC474DE13B2650E444CF124828E ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
19:02:36.0668 7404  igfx - ok
19:02:36.0689 7404  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:02:36.0690 7404  iirsp - ok
19:02:36.0703 7404  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
19:02:36.0712 7404  IKEEXT - ok
19:02:36.0725 7404  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\Windows\system32\drivers\Impcd.sys
19:02:36.0726 7404  Impcd - ok
19:02:36.0762 7404  [ 718A4008EE5DA174400396B27509EF82 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:02:36.0774 7404  IntcAzAudAddService - ok
19:02:36.0783 7404  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
19:02:36.0784 7404  IntcDAud - ok
19:02:36.0787 7404  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
19:02:36.0789 7404  intelide - ok
19:02:36.0792 7404  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:02:36.0794 7404  intelppm - ok
19:02:36.0797 7404  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:02:36.0800 7404  IPBusEnum - ok
19:02:36.0803 7404  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:02:36.0805 7404  IpFilterDriver - ok
19:02:36.0813 7404  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:02:36.0820 7404  iphlpsvc - ok
19:02:36.0824 7404  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:02:36.0825 7404  IPMIDRV - ok
19:02:36.0828 7404  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:02:36.0831 7404  IPNAT - ok
19:02:36.0841 7404  [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:02:36.0850 7404  iPod Service - ok
19:02:36.0853 7404  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:02:36.0854 7404  IRENUM - ok
19:02:36.0857 7404  irstrtsv - ok
19:02:36.0860 7404  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:02:36.0862 7404  isapnp - ok
19:02:36.0868 7404  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:02:36.0871 7404  iScsiPrt - ok
19:02:36.0884 7404  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:02:36.0886 7404  kbdclass - ok
19:02:36.0901 7404  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
19:02:36.0902 7404  kbdhid - ok
19:02:36.0905 7404  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
19:02:36.0906 7404  KeyIso - ok
19:02:36.0922 7404  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:02:36.0924 7404  KSecDD - ok
19:02:36.0928 7404  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:02:36.0931 7404  KSecPkg - ok
19:02:36.0934 7404  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:02:36.0936 7404  ksthunk - ok
19:02:36.0945 7404  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:02:36.0950 7404  KtmRm - ok
19:02:36.0953 7404  [ 173666119D217E3739205C169E2BF0E5 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
19:02:36.0954 7404  L1C - ok
19:02:36.0959 7404  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:02:36.0964 7404  LanmanServer - ok
19:02:36.0969 7404  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:02:36.0972 7404  LanmanWorkstation - ok
19:02:36.0976 7404  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:02:36.0978 7404  lltdio - ok
19:02:36.0984 7404  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:02:36.0989 7404  lltdsvc - ok
19:02:36.0992 7404  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:02:36.0994 7404  lmhosts - ok
19:02:37.0011 7404  [ 1584DEEAE5AA0E3FB045F3D0EAC585EA ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
19:02:37.0015 7404  LMS - ok
19:02:37.0026 7404  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:02:37.0028 7404  LSI_FC - ok
19:02:37.0041 7404  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:02:37.0043 7404  LSI_SAS - ok
19:02:37.0046 7404  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
19:02:37.0048 7404  LSI_SAS2 - ok
19:02:37.0060 7404  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:02:37.0062 7404  LSI_SCSI - ok
19:02:37.0066 7404  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
19:02:37.0068 7404  luafv - ok
19:02:37.0074 7404  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
19:02:37.0075 7404  MBAMProtector - ok
19:02:37.0083 7404  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:02:37.0085 7404  MBAMScheduler - ok
19:02:37.0095 7404  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:02:37.0098 7404  MBAMService - ok
19:02:37.0100 7404  McAWFwk - ok
19:02:37.0104 7404  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:02:37.0107 7404  Mcx2Svc - ok
19:02:37.0119 7404  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
19:02:37.0121 7404  megasas - ok
19:02:37.0126 7404  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
19:02:37.0129 7404  MegaSR - ok
19:02:37.0148 7404  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
19:02:37.0149 7404  MEIx64 - ok
19:02:37.0168 7404  [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
19:02:37.0170 7404  Microsoft Office Groove Audit Service - ok
19:02:37.0186 7404  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
19:02:37.0189 7404  MMCSS - ok
19:02:37.0204 7404  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
19:02:37.0205 7404  Modem - ok
19:02:37.0208 7404  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:02:37.0209 7404  monitor - ok
19:02:37.0212 7404  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:02:37.0214 7404  mouclass - ok
19:02:37.0217 7404  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\drivers\mouhid.sys
19:02:37.0219 7404  mouhid - ok
19:02:37.0233 7404  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:02:37.0235 7404  mountmgr - ok
19:02:37.0239 7404  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:02:37.0242 7404  mpio - ok
19:02:37.0245 7404  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:02:37.0246 7404  mpsdrv - ok
19:02:37.0257 7404  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:02:37.0266 7404  MpsSvc - ok
19:02:37.0270 7404  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:02:37.0273 7404  MRxDAV - ok
19:02:37.0277 7404  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:02:37.0280 7404  mrxsmb - ok
19:02:37.0286 7404  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:02:37.0290 7404  mrxsmb10 - ok
19:02:37.0294 7404  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:02:37.0296 7404  mrxsmb20 - ok
19:02:37.0299 7404  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:02:37.0300 7404  msahci - ok
19:02:37.0305 7404  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:02:37.0307 7404  msdsm - ok
19:02:37.0312 7404  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
19:02:37.0316 7404  MSDTC - ok
19:02:37.0320 7404  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:02:37.0322 7404  Msfs - ok
19:02:37.0337 7404  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:02:37.0338 7404  mshidkmdf - ok
19:02:37.0351 7404  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:02:37.0353 7404  msisadrv - ok
19:02:37.0357 7404  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:02:37.0361 7404  MSiSCSI - ok
19:02:37.0383 7404  msiserver - ok
19:02:37.0397 7404  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:02:37.0398 7404  MSKSSRV - ok
19:02:37.0401 7404  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:02:37.0402 7404  MSPCLOCK - ok
19:02:37.0415 7404  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:02:37.0416 7404  MSPQM - ok
19:02:37.0433 7404  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:02:37.0438 7404  MsRPC - ok
19:02:37.0447 7404  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:02:37.0449 7404  mssmbios - ok
19:02:37.0452 7404  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:02:37.0453 7404  MSTEE - ok
19:02:37.0465 7404  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
19:02:37.0466 7404  MTConfig - ok
19:02:37.0470 7404  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:02:37.0471 7404  Mup - ok
19:02:37.0499 7404  [ 74E1E62819D33F176821ADC9AFF8A3E7 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
19:02:37.0500 7404  MyWiFiDHCPDNS - ok
19:02:37.0508 7404  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
19:02:37.0514 7404  napagent - ok
19:02:37.0521 7404  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:02:37.0525 7404  NativeWifiP - ok
19:02:37.0536 7404  [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
19:02:37.0540 7404  NAUpdate - ok
19:02:37.0552 7404  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:02:37.0561 7404  NDIS - ok
19:02:37.0577 7404  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:02:37.0578 7404  NdisCap - ok
19:02:37.0586 7404  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:02:37.0587 7404  NdisTapi - ok
19:02:37.0590 7404  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:02:37.0593 7404  Ndisuio - ok
19:02:37.0617 7404  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:02:37.0620 7404  NdisWan - ok
19:02:37.0631 7404  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:02:37.0633 7404  NDProxy - ok
19:02:37.0636 7404  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:02:37.0637 7404  NetBIOS - ok
19:02:37.0657 7404  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:02:37.0661 7404  NetBT - ok
19:02:37.0672 7404  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
19:02:37.0674 7404  Netlogon - ok
19:02:37.0682 7404  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:02:37.0688 7404  Netman - ok
19:02:37.0696 7404  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:02:37.0698 7404  NetMsmqActivator - ok
19:02:37.0711 7404  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:02:37.0712 7404  NetPipeActivator - ok
19:02:37.0729 7404  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:02:37.0735 7404  netprofm - ok
19:02:37.0741 7404  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:02:37.0742 7404  NetTcpActivator - ok
19:02:37.0745 7404  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:02:37.0746 7404  NetTcpPortSharing - ok
19:02:37.0834 7404  [ 9FD1BE1881446D954FF77244AE58FBCB ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
19:02:37.0867 7404  NETwNs64 - ok
19:02:37.0873 7404  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:02:37.0874 7404  nfrd960 - ok
19:02:37.0899 7404  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:02:37.0904 7404  NlaSvc - ok
19:02:37.0936 7404  [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU            C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
19:02:37.0947 7404  NOBU - ok
19:02:37.0959 7404  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:02:37.0960 7404  Npfs - ok
19:02:37.0963 7404  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
19:02:37.0966 7404  nsi - ok
19:02:37.0990 7404  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:02:37.0991 7404  nsiproxy - ok
19:02:38.0021 7404  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:02:38.0028 7404  Ntfs - ok
19:02:38.0031 7404  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:02:38.0032 7404  Null - ok
19:02:38.0166 7404  [ 129DA741DD7A91CC876896261F7F63B5 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:02:38.0221 7404  nvlddmkm - ok
19:02:38.0235 7404  [ 5B4F10D9F2184D43C3FB14B58E267AAC ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
19:02:38.0236 7404  nvpciflt - ok
19:02:38.0240 7404  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:02:38.0242 7404  nvraid - ok
19:02:38.0247 7404  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:02:38.0250 7404  nvstor - ok
19:02:38.0262 7404  [ 75408791DAF9913A2B18C5C514F26950 ] NVSvc           C:\Windows\system32\nvvsvc.exe
19:02:38.0267 7404  NVSvc - ok
19:02:38.0271 7404  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:02:38.0273 7404  nv_agp - ok
19:02:38.0280 7404  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:02:38.0285 7404  odserv - ok
19:02:38.0288 7404  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:02:38.0290 7404  ohci1394 - ok
19:02:38.0294 7404  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:02:38.0296 7404  ose - ok
19:02:38.0341 7404  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:02:38.0401 7404  osppsvc - ok
19:02:38.0410 7404  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:02:38.0415 7404  p2pimsvc - ok
19:02:38.0430 7404  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:02:38.0437 7404  p2psvc - ok
19:02:38.0445 7404  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
19:02:38.0447 7404  Parport - ok
19:02:38.0460 7404  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:02:38.0462 7404  partmgr - ok
19:02:38.0476 7404  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:02:38.0481 7404  PcaSvc - ok
19:02:38.0494 7404  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
19:02:38.0498 7404  pci - ok
19:02:38.0500 7404  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
19:02:38.0502 7404  pciide - ok
19:02:38.0517 7404  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:02:38.0520 7404  pcmcia - ok
19:02:38.0523 7404  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:02:38.0525 7404  pcw - ok
19:02:38.0543 7404  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:02:38.0550 7404  PEAUTH - ok
19:02:38.0585 7404  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:02:38.0587 7404  PerfHost - ok
19:02:38.0607 7404  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
19:02:38.0622 7404  pla - ok
19:02:38.0634 7404  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:02:38.0640 7404  PlugPlay - ok
19:02:38.0652 7404  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:02:38.0655 7404  PNRPAutoReg - ok
19:02:38.0664 7404  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:02:38.0667 7404  PNRPsvc - ok
19:02:38.0695 7404  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:02:38.0701 7404  PolicyAgent - ok
19:02:38.0712 7404  [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power           C:\Windows\system32\umpo.dll
19:02:38.0716 7404  Power - ok
19:02:38.0727 7404  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:02:38.0729 7404  PptpMiniport - ok
19:02:38.0732 7404  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
19:02:38.0734 7404  Processor - ok
19:02:38.0751 7404  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:02:38.0755 7404  ProfSvc - ok
19:02:38.0761 7404  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:02:38.0763 7404  ProtectedStorage - ok
19:02:38.0767 7404  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:02:38.0769 7404  Psched - ok
19:02:38.0773 7404  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
19:02:38.0773 7404  PxHlpa64 - ok
19:02:38.0791 7404  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:02:38.0803 7404  ql2300 - ok
19:02:38.0807 7404  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:02:38.0809 7404  ql40xx - ok
19:02:38.0816 7404  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
19:02:38.0820 7404  QWAVE - ok
19:02:38.0824 7404  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:02:38.0825 7404  QWAVEdrv - ok
19:02:38.0828 7404  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:02:38.0830 7404  RasAcd - ok
19:02:38.0835 7404  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:02:38.0836 7404  RasAgileVpn - ok
19:02:38.0840 7404  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
19:02:38.0844 7404  RasAuto - ok
19:02:38.0848 7404  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:02:38.0850 7404  Rasl2tp - ok
19:02:38.0856 7404  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
19:02:38.0862 7404  RasMan - ok
19:02:38.0865 7404  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:02:38.0867 7404  RasPppoe - ok
19:02:38.0873 7404  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:02:38.0875 7404  RasSstp - ok
19:02:38.0881 7404  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:02:38.0884 7404  rdbss - ok
19:02:38.0887 7404  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
19:02:38.0889 7404  rdpbus - ok
19:02:38.0891 7404  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:02:38.0892 7404  RDPCDD - ok
19:02:38.0897 7404  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:02:38.0898 7404  RDPENCDD - ok
19:02:38.0904 7404  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:02:38.0906 7404  RDPREFMP - ok
19:02:38.0910 7404  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:02:38.0913 7404  RDPWD - ok
19:02:38.0918 7404  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:02:38.0921 7404  rdyboost - ok
19:02:38.0929 7404  [ 5A118234A2251D6CFB8A11DFE7AC4B4A ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
19:02:38.0930 7404  RegSrvc - ok
19:02:38.0942 7404  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:02:38.0945 7404  RemoteAccess - ok
19:02:38.0950 7404  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:02:38.0954 7404  RemoteRegistry - ok
19:02:38.0976 7404  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
19:02:38.0979 7404  RFCOMM - ok
19:02:39.0001 7404  [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
19:02:39.0006 7404  RoxMediaDB12OEM - ok
19:02:39.0011 7404  [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12      C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
19:02:39.0013 7404  RoxWatch12 - ok
19:02:39.0036 7404  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:02:39.0039 7404  RpcEptMapper - ok
19:02:39.0042 7404  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:02:39.0044 7404  RpcLocator - ok
19:02:39.0070 7404  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
19:02:39.0074 7404  RpcSs - ok
19:02:39.0083 7404  [ 9D21618E7A3B2C75CF1A2ECBBE723730 ] RSPCIESTOR      C:\Windows\system32\DRIVERS\RtsPStor.sys
19:02:39.0085 7404  RSPCIESTOR - ok
19:02:39.0088 7404  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:02:39.0090 7404  rspndr - ok
19:02:39.0101 7404  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
19:02:39.0103 7404  SamSs - ok
19:02:39.0106 7404  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:02:39.0108 7404  sbp2port - ok
19:02:39.0122 7404  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:02:39.0127 7404  SCardSvr - ok
19:02:39.0130 7404  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:02:39.0132 7404  scfilter - ok
19:02:39.0144 7404  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
19:02:39.0155 7404  Schedule - ok
19:02:39.0161 7404  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:02:39.0162 7404  SCPolicySvc - ok
19:02:39.0168 7404  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:02:39.0172 7404  SDRSVC - ok
19:02:39.0176 7404  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:02:39.0177 7404  secdrv - ok
19:02:39.0195 7404  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
19:02:39.0198 7404  seclogon - ok
19:02:39.0222 7404  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
19:02:39.0225 7404  SENS - ok
19:02:39.0229 7404  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:02:39.0232 7404  SensrSvc - ok
19:02:39.0254 7404  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
19:02:39.0255 7404  Serenum - ok
19:02:39.0269 7404  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
19:02:39.0271 7404  Serial - ok
19:02:39.0274 7404  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:02:39.0276 7404  sermouse - ok
19:02:39.0317 7404  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:02:39.0320 7404  SessionEnv - ok
19:02:39.0323 7404  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:02:39.0324 7404  sffdisk - ok
19:02:39.0346 7404  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:02:39.0348 7404  sffp_mmc - ok
19:02:39.0361 7404  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:02:39.0362 7404  sffp_sd - ok
19:02:39.0365 7404  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
19:02:39.0367 7404  sfloppy - ok
19:02:39.0387 7404  [ D5183ED285D2795491DC15BDDCBEE5AD ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
19:02:39.0395 7404  Sftfs - ok
19:02:39.0409 7404  [ BFDB58616FF5EA540A5F58301D50641E ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:02:39.0414 7404  sftlist - ok
19:02:39.0419 7404  [ 00F118B68C50D2206DD51634F9142B83 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:02:39.0423 7404  Sftplay - ok
19:02:39.0426 7404  [ 76A827DF5640BFE16A0CDBB4108ADECA ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:02:39.0428 7404  Sftredir - ok
19:02:39.0448 7404  [ 29DDEA72C5BDF61D62F4D438DC0E497C ] SftService      C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
19:02:39.0455 7404  SftService - ok
19:02:39.0458 7404  [ 1B4C9701645086BAB8CAFFFCE30ED284 ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
19:02:39.0460 7404  Sftvol - ok
19:02:39.0464 7404  [ B94C3C4DCA2093243C76CA218EDE2A97 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:02:39.0467 7404  sftvsa - ok
19:02:39.0473 7404  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:02:39.0479 7404  SharedAccess - ok
19:02:39.0492 7404  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:02:39.0498 7404  ShellHWDetection - ok
19:02:39.0505 7404  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
19:02:39.0506 7404  SiSRaid2 - ok
19:02:39.0516 7404  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:02:39.0518 7404  SiSRaid4 - ok
19:02:39.0529 7404  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
19:02:39.0531 7404  SkypeUpdate - ok
19:02:39.0542 7404  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:02:39.0544 7404  Smb - ok
19:02:39.0550 7404  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:02:39.0553 7404  SNMPTRAP - ok
19:02:39.0565 7404  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:02:39.0567 7404  spldr - ok
19:02:39.0575 7404  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
19:02:39.0582 7404  Spooler - ok
19:02:39.0626 7404  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
19:02:39.0655 7404  sppsvc - ok
19:02:39.0661 7404  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:02:39.0664 7404  sppuinotify - ok
19:02:39.0678 7404  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:02:39.0683 7404  srv - ok
19:02:39.0693 7404  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:02:39.0698 7404  srv2 - ok
19:02:39.0707 7404  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:02:39.0710 7404  srvnet - ok
19:02:39.0724 7404  [ ED161B91FDF7EAA39469D72D463D5F4E ] sscdbus         C:\Windows\system32\DRIVERS\sscdbus.sys
19:02:39.0725 7404  sscdbus - ok
19:02:39.0739 7404  [ 4CB09E77593DBD8D7AF33B37375CA715 ] sscdmdfl        C:\Windows\system32\DRIVERS\sscdmdfl.sys
19:02:39.0740 7404  sscdmdfl - ok
19:02:39.0744 7404  [ C7B4CF53497A6E5363F3439427663882 ] sscdmdm         C:\Windows\system32\DRIVERS\sscdmdm.sys
19:02:39.0746 7404  sscdmdm - ok
19:02:39.0757 7404  [ 05FFA552F578E27AB2D41B6828DB477F ] sscdserd        C:\Windows\system32\DRIVERS\sscdserd.sys
19:02:39.0758 7404  sscdserd - ok
19:02:39.0772 7404  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:02:39.0777 7404  SSDPSRV - ok
19:02:39.0786 7404  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:02:39.0790 7404  SstpSvc - ok
19:02:39.0804 7404  [ 92E7F6666633D2DD91D527503DAA7BE0 ] stdcfltn        C:\Windows\system32\DRIVERS\stdcfltn.sys
19:02:39.0804 7404  stdcfltn - ok
19:02:39.0808 7404  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
19:02:39.0810 7404  stexstor - ok
19:02:39.0828 7404  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
19:02:39.0836 7404  stisvc - ok
19:02:39.0839 7404  [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr        C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
19:02:39.0840 7404  stllssvr - ok
19:02:39.0856 7404  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:02:39.0857 7404  swenum - ok
19:02:39.0865 7404  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
19:02:39.0872 7404  swprv - ok
19:02:39.0880 7404  [ 2CB51113566210C2E7A4AC865FEC1AEC ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
19:02:39.0882 7404  SynTP - ok
19:02:39.0904 7404  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
19:02:39.0920 7404  SysMain - ok
19:02:39.0927 7404  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:02:39.0931 7404  TabletInputService - ok
19:02:39.0944 7404  [ F33FDC72298DF4BF9813A55D21F4EB31 ] taphss          C:\Windows\system32\DRIVERS\taphss.sys
19:02:39.0945 7404  taphss - ok
19:02:39.0961 7404  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:02:39.0967 7404  TapiSrv - ok
19:02:39.0971 7404  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
19:02:39.0974 7404  TBS - ok
19:02:39.0993 7404  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:02:40.0010 7404  Tcpip - ok
19:02:40.0030 7404  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:02:40.0038 7404  TCPIP6 - ok
19:02:40.0043 7404  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:02:40.0045 7404  tcpipreg - ok
19:02:40.0065 7404  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:02:40.0067 7404  TDPIPE - ok
19:02:40.0070 7404  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:02:40.0071 7404  TDTCP - ok
19:02:40.0085 7404  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:02:40.0087 7404  tdx - ok
19:02:40.0090 7404  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:02:40.0092 7404  TermDD - ok
19:02:40.0111 7404  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
19:02:40.0119 7404  TermService - ok
19:02:40.0122 7404  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:02:40.0126 7404  Themes - ok
19:02:40.0129 7404  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
19:02:40.0131 7404  THREADORDER - ok
19:02:40.0136 7404  [ 68FE3D89829E27D4FD5EEA7BD2C41985 ] tihub3          C:\Windows\system32\DRIVERS\tihub3.sys
19:02:40.0137 7404  tihub3 - ok
19:02:40.0144 7404  [ 0102C9633CE1F18A6AC021F28B734DB5 ] tixhci          C:\Windows\system32\DRIVERS\tixhci.sys
19:02:40.0146 7404  tixhci - ok
19:02:40.0151 7404  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:02:40.0155 7404  TrkWks - ok
19:02:40.0160 7404  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:02:40.0163 7404  TrustedInstaller - ok
19:02:40.0192 7404  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:02:40.0194 7404  tssecsrv - ok
19:02:40.0204 7404  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:02:40.0206 7404  TsUsbFlt - ok
19:02:40.0209 7404  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
19:02:40.0211 7404  TsUsbGD - ok
19:02:40.0221 7404  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:02:40.0223 7404  tunnel - ok
19:02:40.0226 7404  [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
19:02:40.0227 7404  TurboB - ok
19:02:40.0233 7404  [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
19:02:40.0234 7404  TurboBoost - ok
19:02:40.0246 7404  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:02:40.0248 7404  uagp35 - ok
19:02:40.0254 7404  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:02:40.0259 7404  udfs - ok
19:02:40.0271 7404  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:02:40.0274 7404  UI0Detect - ok
19:02:40.0296 7404  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:02:40.0298 7404  uliagpkx - ok
19:02:40.0301 7404  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:02:40.0303 7404  umbus - ok
19:02:40.0305 7404  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
19:02:40.0307 7404  UmPass - ok
19:02:40.0353 7404  [ FC43877B4625F6EB773C98233EB625C5 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
19:02:40.0374 7404  UNS - ok
19:02:40.0381 7404  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:02:40.0388 7404  upnphost - ok
19:02:40.0395 7404  [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:02:40.0397 7404  usbccgp - ok
19:02:40.0411 7404  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:02:40.0413 7404  usbcir - ok
19:02:40.0416 7404  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:02:40.0418 7404  usbehci - ok
19:02:40.0435 7404  [ 8B892002D7B79312821169A14317AB86 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:02:40.0439 7404  usbhub - ok
19:02:40.0442 7404  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:02:40.0444 7404  usbohci - ok
19:02:40.0447 7404  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
19:02:40.0449 7404  usbprint - ok
19:02:40.0452 7404  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:02:40.0454 7404  USBSTOR - ok
19:02:40.0458 7404  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:02:40.0459 7404  usbuhci - ok
19:02:40.0464 7404  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
19:02:40.0467 7404  usbvideo - ok
19:02:40.0471 7404  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
19:02:40.0474 7404  UxSms - ok
19:02:40.0477 7404  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
19:02:40.0479 7404  VaultSvc - ok
19:02:40.0482 7404  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:02:40.0484 7404  vdrvroot - ok
19:02:40.0492 7404  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
19:02:40.0499 7404  vds - ok
19:02:40.0505 7404  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:02:40.0506 7404  vga - ok
19:02:40.0509 7404  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:02:40.0510 7404  VgaSave - ok
19:02:40.0525 7404  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:02:40.0529 7404  vhdmp - ok
19:02:40.0532 7404  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:02:40.0533 7404  viaide - ok
19:02:40.0537 7404  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:02:40.0539 7404  volmgr - ok
19:02:40.0544 7404  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:02:40.0549 7404  volmgrx - ok
19:02:40.0555 7404  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:02:40.0558 7404  volsnap - ok
19:02:40.0563 7404  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:02:40.0566 7404  vsmraid - ok
19:02:40.0583 7404  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
19:02:40.0599 7404  VSS - ok
19:02:40.0613 7404  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:02:40.0615 7404  vwifibus - ok
19:02:40.0627 7404  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:02:40.0629 7404  vwififlt - ok
19:02:40.0633 7404  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
19:02:40.0634 7404  vwifimp - ok
19:02:40.0650 7404  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
19:02:40.0656 7404  W32Time - ok
19:02:40.0672 7404  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:02:40.0673 7404  WacomPen - ok
19:02:40.0677 7404  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:02:40.0679 7404  WANARP - ok
19:02:40.0691 7404  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:02:40.0692 7404  Wanarpv6 - ok
19:02:40.0707 7404  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
19:02:40.0718 7404  WatAdminSvc - ok
19:02:40.0734 7404  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
19:02:40.0748 7404  wbengine - ok
19:02:40.0753 7404  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:02:40.0758 7404  WbioSrvc - ok
19:02:40.0765 7404  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:02:40.0771 7404  wcncsvc - ok
19:02:40.0784 7404  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:02:40.0788 7404  WcsPlugInService - ok
19:02:40.0801 7404  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
19:02:40.0802 7404  Wd - ok
19:02:40.0815 7404  [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
19:02:40.0816 7404  WDC_SAM - ok
19:02:40.0826 7404  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:02:40.0833 7404  Wdf01000 - ok
19:02:40.0837 7404  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:02:40.0841 7404  WdiServiceHost - ok
19:02:40.0852 7404  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:02:40.0855 7404  WdiSystemHost - ok
19:02:40.0861 7404  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
19:02:40.0866 7404  WebClient - ok
19:02:40.0872 7404  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:02:40.0877 7404  Wecsvc - ok
19:02:40.0881 7404  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:02:40.0884 7404  wercplsupport - ok
19:02:40.0888 7404  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:02:40.0892 7404  WerSvc - ok
19:02:40.0895 7404  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:02:40.0896 7404  WfpLwf - ok
19:02:40.0901 7404  [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
19:02:40.0904 7404  WimFltr - ok
19:02:40.0907 7404  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:02:40.0908 7404  WIMMount - ok
19:02:40.0910 7404  WinDefend - ok
19:02:40.0915 7404  WinHttpAutoProxySvc - ok
19:02:40.0926 7404  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:02:40.0929 7404  Winmgmt - ok
19:02:40.0956 7404  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
19:02:40.0975 7404  WinRM - ok
19:02:40.0983 7404  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:02:40.0985 7404  WinUsb - ok
19:02:40.0995 7404  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:02:41.0005 7404  Wlansvc - ok
19:02:41.0008 7404  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:02:41.0009 7404  wlcrasvc - ok
19:02:41.0042 7404  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:02:41.0060 7404  wlidsvc - ok
19:02:41.0064 7404  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
19:02:41.0066 7404  WmiAcpi - ok
19:02:41.0072 7404  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:02:41.0076 7404  wmiApSrv - ok
19:02:41.0078 7404  WMPNetworkSvc - ok
19:02:41.0082 7404  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:02:41.0085 7404  WPCSvc - ok
19:02:41.0089 7404  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:02:41.0093 7404  WPDBusEnum - ok
19:02:41.0096 7404  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:02:41.0098 7404  ws2ifsl - ok
19:02:41.0102 7404  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
19:02:41.0106 7404  wscsvc - ok
19:02:41.0108 7404  WSearch - ok
19:02:41.0134 7404  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:02:41.0157 7404  wuauserv - ok
19:02:41.0165 7404  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:02:41.0167 7404  WudfPf - ok
19:02:41.0187 7404  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:02:41.0190 7404  WUDFRd - ok
19:02:41.0194 7404  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:02:41.0198 7404  wudfsvc - ok
19:02:41.0204 7404  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:02:41.0210 7404  WwanSvc - ok
19:02:41.0245 7404  [ A923222A8437E6C419AFC1A3BE32FF47 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
19:02:41.0259 7404  ZeroConfigService - ok
19:02:41.0281 7404  ================ Scan global ===============================
19:02:41.0283 7404  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:02:41.0289 7404  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:02:41.0304 7404  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:02:41.0309 7404  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:02:41.0316 7404  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:02:41.0321 7404  [Global] - ok
19:02:41.0322 7404  ================ Scan MBR ==================================
19:02:41.0324 7404  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
19:02:41.0505 7404  \Device\Harddisk0\DR0 - ok
19:02:41.0513 7404  ================ Scan VBR ==================================
19:02:41.0514 7404  [ CA8B96C7D39F95D4E5A31142B0D1BC79 ] \Device\Harddisk0\DR0\Partition1
19:02:41.0516 7404  \Device\Harddisk0\DR0\Partition1 - ok
19:02:41.0518 7404  [ CC375ACD9E716E56925AFE15C6F39994 ] \Device\Harddisk0\DR0\Partition2
19:02:41.0519 7404  \Device\Harddisk0\DR0\Partition2 - ok
19:02:41.0520 7404  ============================================================
19:02:41.0520 7404  Scan finished
19:02:41.0520 7404  ============================================================
19:02:41.0534 2660  Detected object count: 0
19:02:41.0534 2660  Actual detected object count: 0
19:03:24.0134 4124  Deinitialize success
 

 

AdwCleaner[S1].txt

 

 

# AdwCleaner v2.300 - Logfile created 05/13/2013 at 19:07:02
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Sarvi - SARVI-14Z
# Boot Mode : Normal
# Running from : C:\Users\Sarvi\Desktop\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Folder Deleted : C:\Users\Sarvi\AppData\Local\Ilivid Player
 
***** [Registry] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
[OK] Registry is clean.
 
-\\ Google Chrome v26.0.1410.64
 
File : C:\Users\Sarvi\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [927 octets] - [13/05/2013 19:07:02]
 
########## EOF - C:\AdwCleaner[S1].txt - [986 octets] ##########
 

 

Thanks you again.

 

Sav



#4 sarvalito

sarvalito
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 13 May 2013 - 09:57 PM

ESET is about 50% complete and so far as found 11 infected files. 

 

looks like variants of Win32/PSWTool.RouterPassView.B and Win32/PSWTool.BulletsPassView.C and the originally mentioned Win32/HackTool.John. Still scanning...

 

<sigh> 



#5 sarvalito

sarvalito
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 13 May 2013 - 11:08 PM

ESET results:

 

 

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Users\Sarvi\AppData\Local\Temp\Temp1_john-16w.zip\john-16\run\john-mmx.zip Win32/HackTool.John application deleted - quarantined
C:\Users\Sarvi\AppData\Local\Temp\Temp1_john-mmx.zip\john.exe Win32/HackTool.John application cleaned by deleting - quarantined
C:\Users\Sarvi\AppData\Local\Temp\Temp1_passrec.zip\BulletsPassView.exe a variant of Win32/PSWTool.BulletsPassView.C application cleaned by deleting - quarantined
C:\Users\Sarvi\AppData\Local\Temp\Temp1_passrec.zip\RouterPassView.exe a variant of Win32/PSWTool.RouterPassView.B application cleaned by deleting - quarantined
C:\Users\Sarvi\AppData\Local\Temp\Temp2_john-mmx.zip\john.exe Win32/HackTool.John application cleaned by deleting - quarantined
C:\Users\Sarvi\AppData\Local\Temp\Temp2_passrec.zip\BulletsPassView.exe a variant of Win32/PSWTool.BulletsPassView.C application cleaned by deleting - quarantined
C:\Users\Sarvi\AppData\Local\Temp\Temp2_passrec.zip\RouterPassView.exe a variant of Win32/PSWTool.RouterPassView.B application cleaned by deleting - quarantined
C:\Users\Sarvi\AppData\Local\Temp\Temp3_john-mmx.zip\john.exe Win32/HackTool.John application cleaned by deleting - quarantined
C:\Users\Sarvi\AppData\Local\Temp\Temp3_passrec.zip\BulletsPassView.exe a variant of Win32/PSWTool.BulletsPassView.C application cleaned by deleting - quarantined
C:\Users\Sarvi\AppData\Local\Temp\Temp3_passrec.zip\RouterPassView.exe a variant of Win32/PSWTool.RouterPassView.B application cleaned by deleting - quarantined
C:\Users\Sarvi\Downloads\TuneUpUtilities2012_en-US-123.exe a variant of Win32/OpenInstall application cleaned by deleting - quarantined
C:\Users\Sarvi\Downloads\TuneUpUtilities2012_en-US.exe a variant of Win32/OpenInstall application cleaned by deleting - quarantined
 

 

I'm assuming I should allow these files to be deleted from the quarantined area or are they necessary to figure out the root cause?  Also, can I go ahead and delete all of the folders that were created in the temp folder? I want to make sure I am able to remove whatever the cause of this was so that it doesn't keep coming back.

 

Again...any direction you can give me to figure out what the main issue here and how best to remove it will be greatly appreciated! =-)

 

cheers,

 

sav



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:36 PM

Posted 14 May 2013 - 11:53 AM

If all is running OK, they can go. You can use TFC on the TEMP folder

Please download TFC (Temp File Cleaner) by Old Timer and save it to your desktop.
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run as Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • TFC will clear out all temp folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
    • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
    Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 sarvalito

sarvalito
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 14 May 2013 - 01:09 PM

If all is running OK, they can go. You can use TFC on the TEMP folder

Please download TFC (Temp File Cleaner) by Old Timer and save it to your desktop.
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run as Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

  • TFC will clear out all temp folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
    • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
    Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.

 

 

Can I use CCleaner for that? 

 

I'll go ahead and delete the files found by ESET.  Is it possible to find out where the trojan/malware came from so that I can make sure to stay clear of it?  I am concerned about it popping back up.

 

I've been having unrelated issues with my MB/sound (where the sound from the speakers L and R come out of only the L integrated onboard speaker. However, if I plug in headphones into the jack then it properly plays L sound from L headphone and R sound from R headphone. Dell keeps trying to get me to download this and that to try and solve the issue and I am worried that they are causing some of my problems. Especially since the last series of updated they made to my drivers somehow made my McAfee not work at all and they disabled it. Which is exactly the same time frame that all the files popped up in my temp folder.



#8 sarvalito

sarvalito
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 14 May 2013 - 01:51 PM

Also I just ran CCleaner and within seconds...i mean seconds the temp files started to recreate again!

 

Please help!



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:36 PM

Posted 14 May 2013 - 02:07 PM

Ugh!! appears there is a protected malware on here. We will need stronger tools and a deeper look.
Please do steps,6,7 and 8 here,,, Preparation Guide


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 sarvalito

sarvalito
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 14 May 2013 - 02:21 PM

Ugh indeed! I knew better than to let the stupid Dell guy take control of my computer. when he disabled mcafee and could no longer get it to work I figured something was wrong. grrrrr.

 

thank you for your help. already at 78 new file folders and zips in the temp folder. i will complete the steps above right now and post. thank you again for all your help!



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:36 PM

Posted 14 May 2013 - 04:15 PM

OK, let me know if that went well and you're very welcome!


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 sarvalito

sarvalito
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 14 May 2013 - 05:08 PM

dds logs being submitted in a new post...


Edited by sarvalito, 14 May 2013 - 05:56 PM.


#13 sarvalito

sarvalito
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 14 May 2013 - 05:31 PM

also, i noticed that there were approx 30 files/folders in appdata/local/temp that I was not able to delete. when i tried it told me i need admin rights. well, i'm the main account and only admin account holder. so i couldn't understand why, under my account (as admin) i am not given security to access those files. so I checked the permissions and i saw "home users" and an "unknown account (S-1-5-21-991755692-466137080-904065143-501)" both having permissions in addition to my account, "guest" and "administrators."  I deleted the unknown account and am doing a search on the user name on my C drive to see if I see it anywhere else. 

 

so far it is showing up in

  • C:\Windows\Tasks as a GoogleUpdateTaskUserS-1-5-21-991755692-446137080-1000UA.job (protected/lock icon)
  •  
  • C:\Windows\Tasks as a GoogleUpdateTaskUserS-1-5-21-991755692-446137080-1000Core.job (protected/lock icon)
  •  
  • \\SARVI-14Z\Users\Guest\AppData\Roaming\Microsoft\Protect\S-1-5-21-991755692-466137080-904065143-501
  •  
  • \\SARVI-14Z\Users\Sarvi\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-991755692-466137080-904065143-1000
  •  
  • C:\ProgramData\Microsoft\PlayReady\Cache (not shared) (protected/lock icon)
  •  
  • C:\Users\Guest\AppData\Roaming\Microsoft\Protect (S-1-5-21-991755692-466137080-904065143-501) (shared)
  •  
  • C:\ProgramData\Microsoft\Application Virtualization Client\SoftGrid Client\AppFS Storage\140066.ENU-90140011-66-409 (GlblVol_sftfs_v1_S-1-5-21-991755692-466137080-904065143-1000.pkg)

  •  

  •  

    C:\ProgramData\Microsoft\Application Virtualization Client\SoftGrid Client\AppFS Storage\140066.ENU-90140011-66-409 (GlblVol_sftfs_v1_S-1-5-21-991755692-466137080-904065143-1000.tmp)

  •  



#14 sarvalito

sarvalito
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 14 May 2013 - 05:45 PM

and in task manager there are multiple instances of the following running processes:

  • WmiPrvSE.exe (2 instances)
  • chrome.exe *32 (18+ instances)
  • nvvsvc.exe (2)
  • svchost.exe (15+)
  • dllhost.exe (varies 3+)
  • csrss.exe (2)


#15 sarvalito

sarvalito
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 14 May 2013 - 06:04 PM

created new topic per instructions... 

http://www.bleepingcomputer.com/forums/t/494585/malware-creating-files-in-appdatalocaltemp-hijacking-admin-rights/






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users