Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Injector Trojans, dds+attach provided


  • This topic is locked This topic is locked
12 replies to this topic

#1 SN001

SN001

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 23 December 2013 - 03:39 PM

Hi,
 
Thanks for your help!
I have followed the Preparation Guide as mentioned by Boopme (see below URL).
I do not see an Attachment section as shown in the Preparation Guide, and so am pasting attach.txt below.
 
http://www.bleepingcomputer.com/forums/t/518398/potential-malware;-not-able-to-login-to-laptop/
 
 
dds.txt
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86 MINIMAL
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 1.6.0_21
Run by snayak at 14:06:01 on 2013-12-23
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.1.1033.18.3241.2804 [GMT -6:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ================
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uSearch Bar = Preserve
dURLSearchHooks: {B922D405-6D13-4A2B-AE89-08A030DA4402} - <orphaned>
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20131120151641.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [FreeFallProtection] c:\program files\stmicroelectronics\accelerometerp11\FF_Protection.exe
mRun: [IntelPROSet] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\program files\roxio\oem\roxio burn\RoxioBurnLauncher.exe"
mRun: [AeXAgentLogon] c:\program files\altiris\altiris agent\AeXAgentActivate.exe /logon
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [Communicator] "c:\program files\microsoft lync\communicator.exe" /fromrunkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellsy~1.lnk - c:\program files\dell\dell system manager\DCPSysMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 11\Snagit32.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
Trusted Zone: expedia.be
Trusted Zone: expedia.co.uk
Trusted Zone: expedia.com
Trusted Zone: expedia.de
Trusted Zone: expedia.es
Trusted Zone: expedia.fr
Trusted Zone: expedia.it
Trusted Zone: expedia.nl
Trusted Zone: flowstar.net
Trusted Zone: sumtotalsystems.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CEF002D2-5A9F-4656-AA41-85DA2534ACBD} - hxxp://ormdm2.flowserve.com/dwa85W.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://flowserve.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://vpnna.flowserve.com/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{26A60F0B-B233-4429-BFE9-E99B95AE3A6C} : DHCPNameServer = 172.21.10.2 172.26.1.10
TCP: Interfaces\{3ED62EB1-8E39-4877-95EB-04EED1AE741A} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3ED62EB1-8E39-4877-95EB-04EED1AE741A}\64C4F475143435 : DHCPNameServer = 172.21.10.2 172.26.1.10
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: bwfile-9684826 - {2DF0241D-8A6A-4E10-A11B-C2E432CF2A28} - c:\program files\passport_direct\9684826\program\GAPlugProtocol-9684826.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - c:\program files\quest software\toad for oracle\RNetPin.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\snayak\appdata\roaming\mozilla\firefox\profiles\79znsqch.default\
FF - prefs.js: browser.startup.homepage - hxxp://gssricew.flowserve.net:8004/OA_HTML/AppsLocalLogin.jsp
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\npjpi160_21.dll
FF - plugin: c:\program files\java\jre6\bin\npt.dll
FF - plugin: c:\program files\mcafee\siteadvisor enterprise\NPMcFFPlg.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\users\snayak\appdata\local\citrix\plugins\104\npappdetector.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: !HIDDEN! 1970-05-28 22:28; {395C2BBF-B747-D57B-B4FD-5DD52EB9E787}; -
.
============= SERVICES / DRIVERS ===============
.
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-6-1 181968]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2012-5-23 17904]
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2007-2-15 26624]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\accelern.sys [2012-5-23 44144]
R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2012-5-23 41216]
R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7.sys [2012-5-23 62440]
R3 O2SDJRDR;O2SDJRDR;c:\windows\system32\drivers\o2sdjw7.sys [2012-5-23 63848]
S0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-6-1 481320]
S1 WebMail_;WebMail_;c:\windows\system32\WebMail_.sys [2012-6-1 77760]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2012-5-23 81920]
S2 BackWeb Plug-in - 9684826;Passport_Direct;c:\program files\passport_direct\9684826\program\ServiceWrapper-9684826.exe [2013-4-24 24615]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\dell\dell system manager\DCPSysMgrSvc.exe [2011-1-20 388464]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
S2 JuniperAccessService;Juniper Unified Network Service;c:\program files\common files\juniper networks\juns\dsAccessService.exe [2010-8-16 198000]
S2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\lotus\notes\nsd.exe [2009-9-29 3405192]
S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\mcafee\siteadvisor enterprise\McSACore.exe [2013-6-10 160800]
S2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2013-6-25 130080]
S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-6-1 167856]
S2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2011-1-12 209760]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-6-1 160152]
S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\common files\microsoft shared\microsoft online services\MSOIDSVC.EXE [2011-4-28 1577376]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SSPREnrollService;SSPREnrollService;c:\program files\passlogix\v-go sspr client\SSPREnrollService.exe [2010-10-27 128952]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2012-5-23 2594584]
S2 WebMail;WebMail;c:\windows\system32\webmail.exe -s --> c:\windows\system32\WebMail.exe -s [?]
S2 ZcfgSvc7;Intel® PROSet/Wireless ZeroConfig Service;c:\program files\intel\wifi\bin\ZCfgSvc7.exe [2010-12-23 577536]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2012-5-23 349736]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\drivers\btwampfl.sys [2012-5-23 302120]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-5-23 33832]
S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2012-5-23 134144]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2012-5-23 144576]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]
S3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2007-2-7 3712]
S3 IgniteService;IgniteService;c:\program files\ignitecds\IgniteService.exe [2012-6-1 90464]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2012-5-23 132480]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-5-23 269824]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-6-1 218760]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-6-1 63128]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-6-1 87816]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2012-5-23 7434240]
S3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\o2mdfw7.sys [2012-5-23 60904]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2011-4-11 77184]
S3 tcm;tcm;c:\windows\system32\drivers\tcm.sys [2012-5-23 12952]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2011-4-11 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2011-4-11 112640]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2013-12-22 15:38:07 -------- d-----w- c:\users\snayak\appdata\local\YldcPack
2013-12-13 21:03:17 305152 ----a-w- c:\windows\system32\gdi32.dll
.
==================== Find3M  ====================
.
2013-12-11 18:14:11 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 18:14:11 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-12 02:04:18 981504 ----a-w- c:\windows\system32\wininet.dll
2013-10-12 01:15:03 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-05 19:57:25 1168384 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 14:07:01.16 ===============
 
 
attach.txt:
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume2
Install Date: 6/1/2012 1:38:34 PM
System Uptime: 12/23/2013 9:20:26 AM (5 hours ago)
.
Motherboard: Dell Inc. |  | 0KCT5J
Processor: Intel® Core™ i5-2520M CPU @ 2.50GHz | CPU 1 | 2494/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 213.885 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: McAfee Inc. mfehidk
Device ID: ROOT\LEGACY_MFEHIDK\0000
Manufacturer:
Name: McAfee Inc. mfehidk
PNP Device ID: ROOT\LEGACY_MFEHIDK\0000
Service: mfehidk
.
Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description: Dell Wireless 375 Bluetooth Module
Device ID: USB\VID_413C&PID_8187\C01885D913AB
Manufacturer: Broadcom
Name: Dell Wireless 375 Bluetooth Module
PNP Device ID: USB\VID_413C&PID_8187\C01885D913AB
Service: BTHUSB
.
==== System Restore Points ===================
.
RP210: 12/7/2013 12:00:04 AM - Scheduled Checkpoint
RP211: 12/13/2013 3:02:52 PM - Windows Update
RP212: 12/13/2013 3:03:49 PM - Windows Update
RP213: 12/13/2013 3:04:33 PM - Windows Update
RP214: 12/13/2013 3:05:19 PM - Windows Update
RP215: 12/20/2013 4:21:54 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP BiDi Channel Components Installer
7-Zip 9.20
AccelerometerP11
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Altiris Application Metering Agent
Altiris Client Task Agent
Altiris PC Transplant Capture Agent
Altiris Power Management Agent
Altiris Script Task Agent
Altiris Service Control Task Agent
Altiris Software Delivery Agent For Task Server
Altiris Software Delivery Solution Agent
Altiris Task Synchronization Agent
Cisco WebEx Meetings
Citrix Online Launcher
Conexant HDA D330 MDC V.92 Modem
Conversation Translator
CVE-2012-1889
CVE-2012-4969
CVE-2013-3893
CyberLink PowerDVD 9.5
DameWare Mini Remote Control Client Agent Service
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Backup and Recovery Manager
Dell System Manager
Dell Touchpad
Dell Webcam Central
Digital Line Detect
DirectX 9 Runtime
Export Notes v8.0.5.0 SP1
FileZilla Client 3.5.3
Flowserve Excel Add-ins
Flowserve Outlook Add-ins
Flowserve PowerPoint Add-ins
Flowserve Word Add-ins
Flowstar.net Client Files
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 5.7.0.1172
IDT Audio
Intel PROSet Wireless
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless WiFi Software
Java Auto Updater
Java™ 6 Update 21
Juniper Installer Service
Juniper Networks Host Checker
Juniper Networks Network Connect 7.0.0
Juniper Networks Network Connect 7.4.0
Juniper Networks Setup Client Activex Control
Juniper Networks, Inc. Setup Client
Knowledge Xpert for PLSQL V9.0
Lotus Notes 8.5.1
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Agent
McAfee SiteAdvisor Enterprise
McAfee VirusScan Enterprise
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Lync 2010
Microsoft Mouse and Keyboard Center
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Standard 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Standard 2007
Microsoft Office Word MUI (English) 2010
Microsoft Online Services Sign-in Assistant
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Modem Diagnostic Tool
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB973688)
MSXML5: CVE-2012-1889
MySQL Server 5.5
Netwaiting
Notepad++
Oracle Enterprise Single Sign-on Password Reset Client
Passport_Direct
PDFCreator
PhotoShowExpress
Qexplain2full
Quest Software Toad for Oracle Version 9.0.1
Quest SQL Tuning for Oracle
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Security Update for Microsoft Visual Basic for Applications 6.5 (KB2688865)
Security Update for Microsoft Visual Basic for Applications 6.5 (KB974945)
Security Update for Microsoft Word 2010 (KB2760769) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Snagit 11
Sonic CinePlayer Decoder Pack
Stat 5.5.4
TextPad 6
WIDCOMM Bluetooth Software
X7Magic Setup
XML Marker version 2.1
XML Notepad 2007
.
==== Event Viewer Messages From Past Week ========
.
12/23/2013 9:21:47 AM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
12/23/2013 9:21:46 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/23/2013 9:21:46 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/23/2013 9:21:45 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12/23/2013 9:21:45 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/23/2013 9:21:44 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/23/2013 9:21:37 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/23/2013 9:21:21 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD CSC DfsC discache luafv mfehidk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
12/23/2013 9:21:21 AM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
12/23/2013 9:21:21 AM, Error: Service Control Manager [7001]  - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
12/23/2013 9:21:21 AM, Error: Service Control Manager [7001]  - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error:  A device attached to the system is not functioning.
12/23/2013 9:21:21 AM, Error: Service Control Manager [7001]  - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error:  The dependency service or group failed to start.
12/23/2013 9:21:21 AM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
12/23/2013 9:21:21 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
12/23/2013 9:21:19 AM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
12/23/2013 9:21:19 AM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
12/23/2013 9:21:19 AM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
12/23/2013 9:21:19 AM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
12/23/2013 9:21:19 AM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
12/23/2013 9:21:19 AM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
12/23/2013 9:21:19 AM, Error: Service Control Manager [7001]  - The Netlogon service depends on the Workstation service which failed to start because of the following error:  The dependency service or group failed to start.
12/23/2013 9:21:19 AM, Error: Service Control Manager [7001]  - The Intel® PROSet/Wireless ZeroConfig Service service depends on the WLAN AutoConfig service which failed to start because of the following error:  The dependency service or group failed to start.
12/23/2013 9:21:19 AM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
12/23/2013 9:21:19 AM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
12/23/2013 9:18:37 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  luafv
12/23/2013 9:17:35 AM, Error: Microsoft-Windows-GroupPolicy [1055]  - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:  a) Name Resolution failure on the current domain controller.  B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
12/23/2013 9:17:20 AM, Error: NETLOGON [5719]  - This computer was not able to set up a secure session with a domain controller in domain FLOWSERVE due to the following:  There are currently no logon servers available to service the logon request.  This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.   ADDITIONAL INFO  If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
12/22/2013 9:01:13 AM, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 107.
12/22/2013 9:01:13 AM, Error: Schannel [36874]  - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
12/22/2013 8:54:56 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
12/22/2013 8:54:54 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
12/22/2013 6:53:30 PM, Error: Service Control Manager [7023]  - The Power service terminated with the following error:  The service has not been started.
12/22/2013 6:53:29 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache luafv spldr Wanarpv6
12/22/2013 6:53:28 PM, Error: Service Control Manager [7001]  - The Telephony service depends on the Plug and Play service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
12/22/2013 6:53:28 PM, Error: Service Control Manager [7001]  - The Smart Card service depends on the Plug and Play service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
12/22/2013 6:53:28 PM, Error: Service Control Manager [7001]  - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error:  The dependency service or group failed to start.
12/22/2013 6:53:27 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Plug and Play service to connect.
12/22/2013 6:53:27 PM, Error: Service Control Manager [7001]  - The Windows Driver Foundation - User-mode Driver Framework service depends on the Plug and Play service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
12/22/2013 6:53:27 PM, Error: Service Control Manager [7001]  - The Windows Audio service depends on the Windows Audio Endpoint Builder service which failed to start because of the following error:  The dependency service or group failed to start.
12/22/2013 6:53:27 PM, Error: Service Control Manager [7001]  - The Windows Audio Endpoint Builder service depends on the Plug and Play service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
12/22/2013 6:53:27 PM, Error: Service Control Manager [7000]  - The Plug and Play service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
12/22/2013 6:50:11 PM, Error: Microsoft-Windows-GroupPolicy [1129]  - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
12/22/2013 6:48:32 PM, Error: Service Control Manager [7024]  - The Superfetch service terminated with service-specific error The operation completed successfully..
12/22/2013 5:02:36 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\IWMSSvc.dll Error Code: 21
12/22/2013 5:02:21 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000000a (0x044500b9, 0x00000002, 0x00000001, 0x83298d9a). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 122213-26239-01.
12/22/2013 4:51:04 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
12/22/2013 4:49:34 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000007e (0xc0000005, 0x834c98a8, 0x8e391574, 0x8e391150). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 122213-24180-01.
12/22/2013 4:47:15 PM, Error: Service Control Manager [7000]  - The Spooler service failed to start due to the following error:  The system cannot find the file specified.
12/22/2013 3:40:42 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000007e (0xc0000005, 0x832c58a8, 0x8e195574, 0x8e195150). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 122213-23618-01.
12/22/2013 3:35:04 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000007e (0xc0000005, 0x832a3ff6, 0x8e18da4c, 0x8e18d630). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 122213-21980-01.
12/22/2013 3:31:13 PM, Error: Service Control Manager [7001]  - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:  The dependency service or group failed to start.
12/22/2013 3:31:07 PM, Error: Service Control Manager [7023]  - The Server service terminated with the following error:  The service has not been started.
12/22/2013 3:31:06 PM, Error: Service Control Manager [7024]  -
12/22/2013 3:31:06 PM, Error: BROWSER [8017]  - The browser has failed to start because the dependent service LanmanServer had invalid service status 3. Status             Meaning   1              Service Stopped    2              Start Pending    3              Stop Pending    4              Running    5              Continue Pending    6              Pause Pending    7              Paused
12/22/2013 3:30:56 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000007e (0xc0000005, 0x832e3ff6, 0x8e18da4c, 0x8e18d630). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 122213-25599-01.
12/22/2013 12:44:23 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067]  - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .
12/21/2013 11:12:38 AM, Error: Schannel [36887]  - The following fatal alert was received: 10.
12/20/2013 7:42:38 PM, Error: NETLOGON [5719]  - This computer was not able to set up a secure session with a domain controller in domain FLOWSERVE due to the following:  The RPC server is unavailable.  This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.   ADDITIONAL INFO  If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
12/20/2013 11:18:43 AM, Error: bowser [8003]  - The master browser has received a server announcement from the computer 27BC8W1 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3ED62EB1-8E39-4877-95EB-04EED1AE74. The master browser is stopping or an election is being forced.
12/19/2013 9:44:04 AM, Error: bowser [8003]  - The master browser has received a server announcement from the computer 7D129141H that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3ED62EB1-8E39-4877-95EB-04EED1AE. The master browser is stopping or an election is being forced.
12/19/2013 9:10:10 AM, Error: Microsoft-Windows-GroupPolicy [1054]  - The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
12/19/2013 9:10:04 AM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067]  - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The RPC server is unavailable. .
.
==== End Of File ===========================

Edited by Budapest, 23 December 2013 - 03:56 PM.
Moved from AII ~Budapest


BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:38 AM

Posted 24 December 2013 - 01:53 PM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 SN001

SN001
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 24 December 2013 - 10:36 PM

Hi RPMcMurphy,

 

Thanks for your help!

 

As mentioned, FRST.txt is pasted below and Addition.txt is attached. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-12-2013 01
Ran by snayak (administrator) on 4BRXBT1 on 24-12-2013 21:21:06
Running from C:\Users\snayak\Desktop
Microsoft Windows 7 Enterprise  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) ===================

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [488816 2011-01-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [FreeFallProtection] - C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()
HKLM\...\Run: [IntelPROSet] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1210640 2010-12-23] (Intel® Corporation)
HKLM\...\Run: [Dell Webcam Central] - C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462993 2010-03-12] (Creative Technology Ltd)
HKLM\...\Run: [RemoteControl9] - C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM\...\Run: [PDVD9LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)
HKLM\...\Run: [RoxWatchTray] - C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM\...\Run: [Desktop Disc Tool] - C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM\...\Run: [AeXAgentLogon] - C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe [152872 2010-02-26] (Altiris, Inc.)
HKLM\...\Run: [ShStatEXE] - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe [215656 2012-08-14] (McAfee, Inc.)
HKLM\...\Run: [Communicator] - C:\Program Files\Microsoft Lync\communicator.exe [12107944 2013-05-30] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [McAfeeUpdaterUI] - C:\Program Files\McAfee\Common Framework\UdaterUI.exe [337440 2013-06-25] (McAfee, Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-03-08] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20131120151641.dll (McAfee, Inc.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CEF002D2-5A9F-4656-AA41-85DA2534ACBD} http://ormdm2.flowserve.com/dwa85W.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://flowserve.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpnna.flowserve.com/dana-cached/sc/JuniperSetupClient.cab
Handler: bwfile-9684826 - {2DF0241D-8A6A-4E10-A11B-C2E432CF2A28} - C:\Program Files\Passport_Direct\9684826\Program\GAPlugProtocol-9684826.dll (Ignite Technologies)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - C:\Program Files\Quest Software\Toad for Oracle\RNetPin.dll ()
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\snayak\AppData\Roaming\Mozilla\Firefox\Profiles\79znsqch.default
FF Homepage: hxxp://gssricew.flowserve.net:8004/OA_HTML/AppsLocalLogin.jsp
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin - C:\Program Files\Java\jre6\bin\npDeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/SAFFPlugin - C:\Program Files\McAfee\SiteAdvisor Enterprise\NPMcFFPlg.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\snayak\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Extension: VUIFormatLoaderAV Class - C:\Users\snayak\AppData\Roaming\Mozilla\Firefox\Profiles\79znsqch.default\Extensions\{395C2BBF-B747-D57B-B4FD-5DD52EB9E787}
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF HKLM\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files\Common Files\McAfee\SystemCore
FF Extension: IDS_SS_NAME - C:\Program Files\Common Files\McAfee\SystemCore

========================== Services (Whitelisted) =================

S2 AeXNSClient; C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe [1287464 2010-02-26] (Altiris, Inc.)
S2 BackWeb Plug-in - 9684826; C:\Program Files\Passport_Direct\9684826\Program\ServiceWrapper-9684826.exe [24615 2013-04-24] (Ignite Technologies)
S2 dcpsysmgrsvc; C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [388464 2011-01-20] (Dell Inc.)
S2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [688232 2013-07-24] (Juniper Networks)
S2 DWMRCS; C:\windows\system32\DWRCS.exe [242200 2010-08-06] (DameWare Development LLC)
S3 IgniteService; C:\Program Files\IgniteCDS\IgniteService.exe [90464 2012-06-01] (Ignite Technologies)
S2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [198000 2010-08-16] (Juniper Networks)
S2 Lotus Notes Diagnostics; C:\Program Files\Lotus\Notes\notes.ini [10287 2013-08-23] ()
S2 Lotus Notes Single Logon; C:\Program Files\Lotus\Notes\nslsvice.exe [31624 2009-09-29] (IBM Corp)
S2 McAfee SiteAdvisor Enterprise Service; C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe [160800 2013-06-10] (McAfee, Inc.)
S2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [130080 2013-06-25] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [167856 2012-09-25] (McAfee, Inc.)
S2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe [209760 2011-01-12] (McAfee, Inc.)
S2 mfevtp; C:\windows\system32\mfevtps.exe [160152 2012-09-25] (McAfee, Inc.)
S2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1577376 2011-04-28] (Microsoft Corp.)
S2 Multi-user Cleanup Service; C:\Program Files\Lotus\Notes\ntmulti.exe [58760 2009-09-29] (IBM Corp)
S2 MySQL; C:\Program Files\MySQL\MySQL Server 5.5\my.ini [8918 2013-10-18] ()
S2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [72296 2010-02-11] (O2Micro International)
S3 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-11-25] (Sonic Solutions)
S2 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-11-25] (Sonic Solutions)
S2 SSPREnrollService; C:\Program Files\Passlogix\v-GO SSPR Client\SSPREnrollService.exe [128952 2010-10-27] (Oracle)
S2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [274514 2011-01-25] (IDT, Inc.)
S2 WebMail; C:\windows\system32\WebMail.exe [933888 2012-06-01] ()
S2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [577536 2010-12-23] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R3 Acceler; C:\Windows\system32\drivers\accelern.sys [44144 2011-07-22] (ST Microelectronics)
S3 BTWAMPFL; C:\Windows\System32\DRIVERS\btwampfl.sys [302120 2011-04-27] (Broadcom Corporation.)
S3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [27648 2013-07-24] (Juniper Networks)
S3 DwMirror; C:\Windows\System32\DRIVERS\DamewareMini.sys [3712 2007-02-07] (DameWare Development, LLC)
R1 dwvkbd; C:\Windows\System32\DRIVERS\dwvkbd.sys [26624 2007-02-15] (DameWare)
R3 MEI; C:\Windows\system32\drivers\HECI.sys [41216 2011-09-22] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [125600 2012-09-25] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [218760 2012-09-25] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [63128 2012-09-25] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [481320 2012-09-25] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [87816 2012-09-25] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [181968 2012-09-25] (McAfee, Inc.)
S3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7434240 2010-12-21] (Intel Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [25712 2013-01-29] (Microsoft Corporation)
S3 O2MDFRDR; C:\Windows\system32\drivers\O2MDFw7.sys [60904 2011-01-04] (O2Micro )
R3 O2MDRRDR; C:\Windows\system32\drivers\O2MDRw7.sys [62440 2011-01-04] (O2Micro )
R3 O2SDJRDR; C:\Windows\system32\drivers\o2sdjw7.sys [63848 2011-01-04] (O2Micro )
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17904 2011-07-15] (ST Microelectronics)
S3 tcm; C:\Windows\system32\drivers\tcm.sys [12952 2009-04-17] ()
S1 WebMail_; C:\windows\system32\WebMail_.sys [77760 2012-06-01] (Guidance Software Inc.)
S3 catchme; \??\C:\Users\snayak\AppData\Local\Temp\catchme.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
U3 mbr; \??\C:\Users\snayak\AppData\Local\Temp\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-24 21:21 - 2013-12-24 21:21 - 00013169 _____ C:\Users\snayak\Desktop\FRST.txt
2013-12-24 21:20 - 2013-12-24 21:20 - 00000000 ____D C:\FRST
2013-12-24 21:18 - 2013-12-24 21:18 - 01061545 _____ (Farbar) C:\Users\snayak\Desktop\FRST.exe
2013-12-23 14:07 - 2013-12-23 14:07 - 00024524 _____ C:\Users\snayak\Desktop\attach.txt
2013-12-23 14:07 - 2013-12-23 14:07 - 00015762 _____ C:\Users\snayak\Desktop\dds.txt
2013-12-23 14:03 - 2013-12-23 14:03 - 00688992 ____R (Swearware) C:\Users\snayak\Desktop\dds.com
2013-12-22 17:28 - 2013-12-22 17:28 - 00688992 ____R (Swearware) C:\Users\snayak\Desktop\dds.scr
2013-12-22 17:22 - 2013-12-22 17:22 - 00000104 _____ C:\Users\snayak\Desktop\Control Panel - Shortcut.lnk
2013-12-22 17:02 - 2013-12-22 17:02 - 311044538 _____ C:\windows\MEMORY.DMP
2013-12-22 17:02 - 2013-12-22 17:02 - 00131072 _____ C:\windows\Minidump\122213-26239-01.dmp
2013-12-22 16:45 - 2013-12-22 16:45 - 00000770 _____ C:\Users\snayak\Desktop\bad files.txt
2013-12-22 09:38 - 2013-12-22 16:57 - 00000000 ____D C:\Users\snayak\AppData\Local\YldcPack
2013-12-16 16:20 - 2013-12-16 16:20 - 00004096 ____H C:\Users\snayak\AppData\Local\keyfile3.drm
2013-12-13 15:04 - 2013-10-11 20:04 - 01232384 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-12-13 15:04 - 2013-10-11 20:04 - 00981504 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-12-13 15:04 - 2013-10-11 20:04 - 00132096 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-12-13 15:04 - 2013-10-11 20:02 - 06038528 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-12-13 15:04 - 2013-10-11 20:02 - 00627712 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-12-13 15:04 - 2013-10-11 20:02 - 00067584 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-12-13 15:04 - 2013-10-11 20:01 - 11020800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-12-13 15:04 - 2013-10-11 20:01 - 02078208 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-12-13 15:04 - 2013-10-11 20:01 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-12-13 15:04 - 2013-10-11 20:01 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-12-13 15:04 - 2013-10-11 19:15 - 01638912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-12-13 15:04 - 2013-10-05 13:57 - 01168384 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-12-13 15:04 - 2013-07-08 22:46 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2013-12-13 15:04 - 2013-07-08 22:46 - 00103936 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2013-12-13 15:03 - 2013-10-02 19:58 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll

==================== One Month Modified Files and Folders =======

2013-12-24 21:21 - 2013-12-24 21:21 - 00013169 _____ C:\Users\snayak\Desktop\FRST.txt
2013-12-24 21:20 - 2013-12-24 21:20 - 00000000 ____D C:\FRST
2013-12-24 21:18 - 2013-12-24 21:18 - 01061545 _____ (Farbar) C:\Users\snayak\Desktop\FRST.exe
2013-12-23 15:57 - 2012-06-04 21:42 - 00004568 _____ C:\windows\ORG2.INI
2013-12-23 14:07 - 2013-12-23 14:07 - 00024524 _____ C:\Users\snayak\Desktop\attach.txt
2013-12-23 14:07 - 2013-12-23 14:07 - 00015762 _____ C:\Users\snayak\Desktop\dds.txt
2013-12-23 14:03 - 2013-12-23 14:03 - 00688992 ____R (Swearware) C:\Users\snayak\Desktop\dds.com
2013-12-23 11:02 - 2009-07-13 20:37 - 00000000 ____D C:\windows\system32\LogFiles
2013-12-23 09:17 - 2012-10-11 13:39 - 00049668 _____ C:\windows\setupact.log
2013-12-23 09:17 - 2009-07-13 22:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-12-22 18:47 - 2013-07-16 07:46 - 00000882 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-22 17:31 - 2010-11-20 15:01 - 00782838 _____ C:\windows\system32\PerfStringBackup.INI
2013-12-22 17:28 - 2013-12-22 17:28 - 00688992 ____R (Swearware) C:\Users\snayak\Desktop\dds.scr
2013-12-22 17:22 - 2013-12-22 17:22 - 00000104 _____ C:\Users\snayak\Desktop\Control Panel - Shortcut.lnk
2013-12-22 17:19 - 2012-06-04 11:25 - 00000000 ____D C:\Users\snayak\AppData\Roaming\Juniper Networks
2013-12-22 17:02 - 2013-12-22 17:02 - 311044538 _____ C:\windows\MEMORY.DMP
2013-12-22 17:02 - 2013-12-22 17:02 - 00131072 _____ C:\windows\Minidump\122213-26239-01.dmp
2013-12-22 17:02 - 2012-08-25 23:54 - 00000000 ____D C:\windows\Minidump
2013-12-22 17:00 - 2012-06-04 09:59 - 00000000 ____D C:\Users\snayak
2013-12-22 16:58 - 2012-06-01 14:41 - 00000000 ____D C:\Users\flsusaxs
2013-12-22 16:58 - 2012-06-01 12:38 - 00000000 ____D C:\Users\Administrator
2013-12-22 16:58 - 2009-07-13 20:37 - 00000000 ____D C:\windows\system32\wfp
2013-12-22 16:57 - 2013-12-22 09:38 - 00000000 ____D C:\Users\snayak\AppData\Local\YldcPack
2013-12-22 16:57 - 2011-04-11 19:34 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-12-22 16:57 - 2011-04-11 19:34 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-12-22 16:57 - 2009-07-13 20:37 - 00000000 ____D C:\windows\registration
2013-12-22 16:57 - 2009-07-13 20:37 - 00000000 ____D C:\windows\AppCompat
2013-12-22 16:45 - 2013-12-22 16:45 - 00000770 _____ C:\Users\snayak\Desktop\bad files.txt
2013-12-22 15:28 - 2012-06-06 11:36 - 00000000 ____D C:\Quarantine
2013-12-22 15:07 - 2012-06-04 15:51 - 00003505 _____ C:\Users\snayak\Desktop\temp_x.txt
2013-12-22 12:48 - 2009-07-13 22:34 - 00023824 _____ C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-22 12:48 - 2009-07-13 22:34 - 00023824 _____ C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-22 09:49 - 2012-06-06 11:37 - 00000000 ____D C:\Users\snayak\AppData\Local\CrashDumps
2013-12-21 12:12 - 2012-06-04 15:51 - 00002539 _____ C:\Users\snayak\Desktop\work.txt
2013-12-20 16:20 - 2013-07-16 07:46 - 00000886 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-20 16:14 - 2012-06-11 21:13 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-12-20 15:43 - 2012-06-04 10:01 - 00000000 ____D C:\Users\snayak\Tracing
2013-12-20 15:43 - 2012-06-04 10:01 - 00000000 ____D C:\Users\snayak\Tracing
2013-12-20 15:39 - 2012-06-01 11:14 - 01774807 _____ C:\windows\WindowsUpdate.log
2013-12-20 15:38 - 2011-08-30 13:43 - 00000000 ____D C:\ProgramData\Sonic
2013-12-20 15:38 - 2011-08-30 13:43 - 00000000 ____D C:\ProgramData\Sonic
2013-12-20 13:53 - 2012-06-01 13:34 - 00000736 _____ C:\windows\system32\config\netlogon.ftl
2013-12-19 16:13 - 2012-06-07 10:53 - 00000600 _____ C:\Users\snayak\AppData\Local\PUTTY.RND
2013-12-19 11:30 - 2012-06-04 10:56 - 00000600 _____ C:\Users\snayak\AppData\Roaming\winscp.rnd
2013-12-18 09:08 - 2013-07-22 14:42 - 00000000 ____D C:\Users\snayak\AppData\Local\Deployment
2013-12-16 16:43 - 2010-11-20 15:48 - 00303554 _____ C:\windows\PFRO.log
2013-12-16 16:20 - 2013-12-16 16:20 - 00004096 ____H C:\Users\snayak\AppData\Local\keyfile3.drm
2013-12-16 15:20 - 2009-07-13 20:37 - 00000000 ____D C:\windows\rescache
2013-12-14 03:04 - 2012-06-01 12:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-14 03:04 - 2012-06-01 12:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 12:14 - 2012-06-11 21:13 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2013-12-11 12:14 - 2012-06-11 21:13 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 09:58 - 2012-06-04 10:00 - 00007770 __RSH C:\Users\snayak\ntuser.pol
2013-12-11 09:58 - 2012-06-04 10:00 - 00007770 __RSH C:\Users\snayak\ntuser.pol
2013-12-08 00:29 - 2012-06-08 14:36 - 00000000 ____D C:\Users\snayak\AppData\Local\LogMeIn Rescue Applet
2013-12-03 14:57 - 2009-07-13 20:37 - 00000000 ____D C:\windows\system32\spool
2013-11-29 19:42 - 2012-07-02 16:41 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-28 14:41 - 2012-06-04 09:54 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-24 23:25 - 2012-06-04 09:59 - 00000000 ____D C:\Users\snayak\AppData\Local\Adobe

Some content of TEMP:
====================
C:\Users\snayak\AppData\Local\temp\dsHostCheckerSetup.exe
C:\Users\snayak\AppData\Local\temp\dwa85res_en.dll
C:\Users\snayak\AppData\Local\temp\G2MCoreInstExtractor.exe
C:\Users\snayak\AppData\Local\temp\JuniperSetupClientInstaller.exe
C:\Users\snayak\AppData\Local\temp\MouseKeyboardCenterx86_1033.exe
C:\Users\snayak\AppData\Local\temp\npappdetector.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-12-20 00:41

==================== End Of Log ============================

 

Attached Files



#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:38 AM

Posted 25 December 2013 - 02:18 AM

Please do this next:

icon11.gif  Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected.  Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.

icon11.gif  Download Combofix from HERE, and save it to your desktop.  

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • TDSSKiller log

  • ComboFix log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 SN001

SN001
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 25 December 2013 - 10:24 AM

RPMcMurphy,

 

The normal reboot (not in safe mode) after TDSSKiller ran was successful.  Before the TDSS run, I had been getting the blue screen on normal reboot.

 

The requested files are copy-pasted below.

Please note that I do not have permissions to turn off McAfee so combofix ran with McAfee enabled.

 

Thanks!

 

 

TDSSKiller.2.8.16.0_25.12.2013_08.30.33_log.txt:

 

08:30:33.0313 1924  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
08:30:33.0328 1924  ============================================================
08:30:33.0328 1924  Current date / time: 2013/12/25 08:30:33.0328
08:30:33.0328 1924  SystemInfo:
08:30:33.0328 1924 
08:30:33.0328 1924  OS Version: 6.1.7601 ServicePack: 1.0
08:30:33.0328 1924  Product type: Workstation
08:30:33.0328 1924  ComputerName: 4BRXBT1
08:30:33.0328 1924  UserName: snayak
08:30:33.0328 1924  Windows directory: C:\windows
08:30:33.0328 1924  System windows directory: C:\windows
08:30:33.0328 1924  Processor architecture: Intel x86
08:30:33.0328 1924  Number of processors: 4
08:30:33.0328 1924  Page size: 0x1000
08:30:33.0328 1924  Boot type: Safe boot
08:30:33.0328 1924  ============================================================
08:30:33.0656 1924  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:30:33.0656 1924  Drive \Device\Harddisk1\DR5 - Size: 0x3B9B00000 (14.90 Gb), SectorSize: 0x200, Cylinders: 0x799, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:30:33.0656 1924  ============================================================
08:30:33.0656 1924  \Device\Harddisk0\DR0:
08:30:33.0656 1924  MBR partitions:
08:30:33.0656 1924  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x96000
08:30:33.0656 1924  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAA000, BlocksNum 0x25384000
08:30:33.0656 1924  \Device\Harddisk1\DR5:
08:30:33.0656 1924  MBR partitions:
08:30:33.0656 1924  \Device\Harddisk1\DR5\Partition1: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x1DCD7E0
08:30:33.0656 1924  ============================================================
08:30:33.0703 1924  C: <-> \Device\Harddisk0\DR0\Partition2
08:30:33.0703 1924  ============================================================
08:30:33.0703 1924  Initialize success
08:30:33.0703 1924  ============================================================
08:32:09.0222 1768  ============================================================
08:32:09.0222 1768  Scan started
08:32:09.0222 1768  Mode: Manual; TDLFS;
08:32:09.0222 1768  ============================================================
08:32:09.0487 1768  ================ Scan system memory ========================
08:32:09.0487 1768  System memory - ok
08:32:09.0487 1768  ================ Scan services =============================
08:32:09.0752 1768  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
08:32:09.0752 1768  1394ohci - ok
08:32:09.0814 1768  [ EDC50031D6AB9180B3B3BD1C547C7D0A ] Acceler         C:\windows\system32\drivers\accelern.sys
08:32:09.0814 1768  Acceler - ok
08:32:09.0846 1768  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\windows\system32\drivers\ACPI.sys
08:32:09.0861 1768  ACPI - ok
08:32:09.0908 1768  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
08:32:09.0908 1768  AcpiPmi - ok
08:32:10.0033 1768  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
08:32:10.0033 1768  AdobeARMservice - ok
08:32:10.0142 1768  [ 1BA1AB4141A92EB34DA99F1249CA2D4D ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:32:10.0142 1768  AdobeFlashPlayerUpdateSvc - ok
08:32:10.0173 1768  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
08:32:10.0173 1768  adp94xx - ok
08:32:10.0204 1768  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\windows\system32\drivers\adpahci.sys
08:32:10.0204 1768  adpahci - ok
08:32:10.0220 1768  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\windows\system32\drivers\adpu320.sys
08:32:10.0220 1768  adpu320 - ok
08:32:10.0251 1768  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
08:32:10.0251 1768  AeLookupSvc - ok
08:32:10.0329 1768  [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters     C:\Program Files\IDT\WDM\aestsrv.exe
08:32:10.0329 1768  AESTFilters - ok
08:32:10.0423 1768  [ 9203AD68320587889DDDDC0DF6648C29 ] AeXNSClient     C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
08:32:10.0454 1768  AeXNSClient - ok
08:32:10.0516 1768  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\windows\system32\drivers\afd.sys
08:32:10.0516 1768  AFD - ok
08:32:10.0579 1768  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\windows\system32\drivers\agp440.sys
08:32:10.0579 1768  agp440 - ok
08:32:10.0626 1768  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\windows\system32\drivers\djsvs.sys
08:32:10.0626 1768  aic78xx - ok
08:32:10.0719 1768  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\windows\System32\alg.exe
08:32:10.0719 1768  ALG - ok
08:32:10.0766 1768  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\windows\system32\drivers\aliide.sys
08:32:10.0766 1768  aliide - ok
08:32:10.0766 1768  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\windows\system32\drivers\amdagp.sys
08:32:10.0766 1768  amdagp - ok
08:32:10.0782 1768  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\windows\system32\drivers\amdide.sys
08:32:10.0782 1768  amdide - ok
08:32:10.0828 1768  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
08:32:10.0828 1768  AmdK8 - ok
08:32:10.0828 1768  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
08:32:10.0828 1768  AmdPPM - ok
08:32:10.0875 1768  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\windows\system32\drivers\amdsata.sys
08:32:10.0875 1768  amdsata - ok
08:32:10.0922 1768  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
08:32:10.0922 1768  amdsbs - ok
08:32:10.0938 1768  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\windows\system32\drivers\amdxata.sys
08:32:10.0938 1768  amdxata - ok
08:32:11.0000 1768  [ 9910A9C7D307A9E156D951248601C33E ] ApfiltrService  C:\windows\system32\DRIVERS\Apfiltr.sys
08:32:11.0000 1768  ApfiltrService - ok
08:32:11.0078 1768  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\windows\system32\drivers\appid.sys
08:32:11.0078 1768  AppID - ok
08:32:11.0125 1768  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\windows\System32\appidsvc.dll
08:32:11.0125 1768  AppIDSvc - ok
08:32:11.0156 1768  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\windows\System32\appinfo.dll
08:32:11.0156 1768  Appinfo - ok
08:32:11.0156 1768  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\windows\System32\appmgmts.dll
08:32:11.0172 1768  AppMgmt - ok
08:32:11.0172 1768  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\windows\system32\drivers\arc.sys
08:32:11.0172 1768  arc - ok
08:32:11.0187 1768  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\windows\system32\drivers\arcsas.sys
08:32:11.0187 1768  arcsas - ok
08:32:11.0296 1768  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
08:32:11.0296 1768  aspnet_state - ok
08:32:11.0343 1768  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
08:32:11.0359 1768  AsyncMac - ok
08:32:11.0421 1768  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\windows\system32\drivers\atapi.sys
08:32:11.0421 1768  atapi - ok
08:32:11.0468 1768  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
08:32:11.0484 1768  AudioEndpointBuilder - ok
08:32:11.0484 1768  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\windows\System32\Audiosrv.dll
08:32:11.0484 1768  Audiosrv - ok
08:32:11.0499 1768  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\windows\System32\AxInstSV.dll
08:32:11.0499 1768  AxInstSV - ok
08:32:11.0562 1768  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\windows\system32\drivers\bxvbdx.sys
08:32:11.0562 1768  b06bdrv - ok
08:32:11.0624 1768  [ 68FB5AF4534AA98B364EA585703D2456 ] b57nd60x        C:\windows\system32\DRIVERS\b57nd60x.sys
08:32:11.0624 1768  b57nd60x - ok
08:32:11.0702 1768  [ F50DC9ACB71E300DE43A440FFE060156 ] BackWeb Plug-in - 9684826 C:\Program Files\Passport_Direct\9684826\Program\ServiceWrapper-9684826.exe
08:32:11.0702 1768  BackWeb Plug-in - 9684826 - ok
08:32:11.0718 1768  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\windows\System32\bdesvc.dll
08:32:11.0718 1768  BDESVC - ok
08:32:11.0764 1768  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\windows\system32\drivers\Beep.sys
08:32:11.0764 1768  Beep - ok
08:32:11.0827 1768  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\windows\System32\bfe.dll
08:32:11.0842 1768  BFE - ok
08:32:11.0874 1768  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\windows\system32\qmgr.dll
08:32:11.0874 1768  BITS - ok
08:32:11.0952 1768  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\windows\system32\drivers\blbdrive.sys
08:32:11.0952 1768  blbdrive - ok
08:32:11.0998 1768  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
08:32:11.0998 1768  bowser - ok
08:32:12.0030 1768  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
08:32:12.0030 1768  BrFiltLo - ok
08:32:12.0030 1768  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
08:32:12.0030 1768  BrFiltUp - ok
08:32:12.0045 1768  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\windows\system32\DRIVERS\bridge.sys
08:32:12.0045 1768  BridgeMP - ok
08:32:12.0092 1768  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\windows\System32\browser.dll
08:32:12.0092 1768  Browser - ok
08:32:12.0108 1768  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\windows\System32\Drivers\Brserid.sys
08:32:12.0108 1768  Brserid - ok
08:32:12.0123 1768  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
08:32:12.0123 1768  BrSerWdm - ok
08:32:12.0139 1768  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
08:32:12.0139 1768  BrUsbMdm - ok
08:32:12.0154 1768  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
08:32:12.0154 1768  BrUsbSer - ok
08:32:12.0232 1768  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\windows\system32\DRIVERS\BthEnum.sys
08:32:12.0232 1768  BthEnum - ok
08:32:12.0264 1768  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
08:32:12.0264 1768  BTHMODEM - ok
08:32:12.0310 1768  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
08:32:12.0310 1768  BthPan - ok
08:32:12.0373 1768  [ C2FBF6D271D9A94D839C416BF186EAD9 ] BTHPORT         C:\windows\system32\Drivers\BTHport.sys
08:32:12.0373 1768  BTHPORT - ok
08:32:12.0420 1768  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\windows\system32\bthserv.dll
08:32:12.0435 1768  bthserv - ok
08:32:12.0482 1768  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\windows\system32\Drivers\BTHUSB.sys
08:32:12.0482 1768  BTHUSB - ok
08:32:12.0576 1768  [ 2A0DE6423D6BE95C96124FC66046176E ] BTWAMPFL        C:\windows\system32\DRIVERS\btwampfl.sys
08:32:12.0576 1768  BTWAMPFL - ok
08:32:12.0654 1768  [ CC0A5E69D19B5C1ECC6CF9BF3ACC3969 ] btwaudio        C:\windows\system32\drivers\btwaudio.sys
08:32:12.0654 1768  btwaudio - ok
08:32:12.0685 1768  [ 9ABEA4DC976E3F47DA2D4B169719CBAA ] btwavdt         C:\windows\system32\drivers\btwavdt.sys
08:32:12.0700 1768  btwavdt - ok
08:32:12.0778 1768  [ 2A6008A9511330B7864B30A8B455AD0A ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
08:32:12.0778 1768  btwdins - ok
08:32:12.0810 1768  [ C2C9AEB3F9525CBA2670D1F2BEB32A0A ] btwl2cap        C:\windows\system32\DRIVERS\btwl2cap.sys
08:32:12.0825 1768  btwl2cap - ok
08:32:12.0841 1768  [ 1E5468447E4D18FBEA5F01267D6495A5 ] btwrchid        C:\windows\system32\drivers\btwrchid.sys
08:32:12.0841 1768  btwrchid - ok
08:32:13.0075 1768  catchme - ok
08:32:13.0200 1768  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
08:32:13.0200 1768  cdfs - ok
08:32:13.0246 1768  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\windows\system32\drivers\cdrom.sys
08:32:13.0246 1768  cdrom - ok
08:32:13.0309 1768  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\windows\System32\certprop.dll
08:32:13.0309 1768  CertPropSvc - ok
08:32:13.0356 1768  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\windows\system32\drivers\circlass.sys
08:32:13.0356 1768  circlass - ok
08:32:13.0387 1768  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\windows\system32\CLFS.sys
08:32:13.0387 1768  CLFS - ok
08:32:13.0496 1768  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:32:13.0496 1768  clr_optimization_v2.0.50727_32 - ok
08:32:13.0574 1768  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:32:13.0574 1768  clr_optimization_v4.0.30319_32 - ok
08:32:13.0590 1768  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\windows\system32\drivers\CmBatt.sys
08:32:13.0590 1768  CmBatt - ok
08:32:13.0605 1768  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\windows\system32\drivers\cmdide.sys
08:32:13.0605 1768  cmdide - ok
08:32:13.0636 1768  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\windows\system32\Drivers\cng.sys
08:32:13.0636 1768  CNG - ok
08:32:13.0699 1768  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\windows\system32\drivers\compbatt.sys
08:32:13.0699 1768  Compbatt - ok
08:32:13.0761 1768  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
08:32:13.0761 1768  CompositeBus - ok
08:32:13.0777 1768  COMSysApp - ok
08:32:13.0792 1768  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
08:32:13.0792 1768  crcdisk - ok
08:32:13.0886 1768  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9 ] CryptSvc        C:\windows\system32\cryptsvc.dll
08:32:13.0886 1768  CryptSvc - ok
08:32:13.0917 1768  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\windows\system32\drivers\csc.sys
08:32:13.0917 1768  CSC - ok
08:32:13.0980 1768  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\windows\System32\cscsvc.dll
08:32:13.0980 1768  CscService - ok
08:32:14.0058 1768  [ 0F538DF1673E5216F3BAACB6911D9D0F ] CtAudDrv        C:\windows\system32\Drivers\CtAudDrv.sys
08:32:14.0058 1768  CtAudDrv - ok
08:32:14.0104 1768  [ AA52C0B88C46D5037809D05DD826C61E ] CtClsFlt        C:\windows\system32\DRIVERS\CtClsFlt.sys
08:32:14.0104 1768  CtClsFlt - ok
08:32:14.0167 1768  [ 57D1DFC27D7B830461CE1EFDDD8A6668 ] dc3d            C:\windows\system32\DRIVERS\dc3d.sys
08:32:14.0167 1768  dc3d - ok
08:32:14.0198 1768  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\windows\system32\rpcss.dll
08:32:14.0214 1768  DcomLaunch - ok
08:32:14.0276 1768  [ 658894A9500B789512E7F16C6F3A707D ] dcpsysmgrsvc    C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
08:32:14.0276 1768  dcpsysmgrsvc - ok
08:32:14.0307 1768  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\windows\System32\defragsvc.dll
08:32:14.0307 1768  defragsvc - ok
08:32:14.0354 1768  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
08:32:14.0354 1768  DfsC - ok
08:32:14.0432 1768  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\windows\system32\dhcpcore.dll
08:32:14.0432 1768  Dhcp - ok
08:32:14.0463 1768  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\windows\system32\drivers\discache.sys
08:32:14.0463 1768  discache - ok
08:32:14.0526 1768  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\windows\system32\drivers\disk.sys
08:32:14.0526 1768  Disk - ok
08:32:14.0541 1768  [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc           C:\windows\system32\drivers\dmvsc.sys
08:32:14.0541 1768  dmvsc - ok
08:32:14.0541 1768  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\windows\System32\dnsrslvr.dll
08:32:14.0557 1768  Dnscache - ok
08:32:14.0572 1768  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\windows\System32\dot3svc.dll
08:32:14.0572 1768  dot3svc - ok
08:32:14.0588 1768  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\windows\system32\dps.dll
08:32:14.0588 1768  DPS - ok
08:32:14.0635 1768  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
08:32:14.0635 1768  drmkaud - ok
08:32:14.0682 1768  [ 3338D8E7346F9E6FF1A65132E91569CD ] dsNcAdpt        C:\windows\system32\DRIVERS\dsNcAdpt.sys
08:32:14.0682 1768  dsNcAdpt - ok
08:32:14.0806 1768  [ B4361E9A6342C1E81A9B8F1AEDBE7A71 ] dsNcService     C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
08:32:14.0806 1768  dsNcService - ok
08:32:14.0884 1768  [ 383182215A2C238E76B86E3B5EDE40EB ] DwMirror        C:\windows\system32\DRIVERS\DamewareMini.sys
08:32:14.0884 1768  DwMirror - ok
08:32:14.0884 1768  DWMRCS - ok
08:32:14.0916 1768  [ 5A402C57F621114C99F813C6AE7BC37A ] dwvkbd          C:\windows\system32\DRIVERS\dwvkbd.sys
08:32:14.0916 1768  dwvkbd - ok
08:32:14.0947 1768  [ 71BC35067CABC02C9453AEAA42B2E43E ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
08:32:14.0962 1768  DXGKrnl - ok
08:32:15.0025 1768  [ CF0A6015F437161698C5B2A0A12CF052 ] e1express       C:\windows\system32\DRIVERS\e1e6032.sys
08:32:15.0025 1768  e1express - ok
08:32:15.0056 1768  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\windows\System32\eapsvc.dll
08:32:15.0056 1768  EapHost - ok
08:32:15.0134 1768  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\windows\system32\drivers\evbdx.sys
08:32:15.0181 1768  ebdrv - ok
08:32:15.0196 1768  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\windows\System32\lsass.exe
08:32:15.0196 1768  EFS - ok
08:32:15.0274 1768  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
08:32:15.0290 1768  ehRecvr - ok
08:32:15.0290 1768  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\windows\ehome\ehsched.exe
08:32:15.0290 1768  ehSched - ok
08:32:15.0321 1768  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\windows\system32\drivers\elxstor.sys
08:32:15.0321 1768  elxstor - ok
08:32:15.0337 1768  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\windows\system32\drivers\errdev.sys
08:32:15.0337 1768  ErrDev - ok
08:32:15.0384 1768  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\windows\system32\es.dll
08:32:15.0399 1768  EventSystem - ok
08:32:15.0477 1768  [ 816025E303A1DAE89E39D3D77CCBA2FB ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
08:32:15.0493 1768  EvtEng - ok
08:32:15.0524 1768  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\windows\system32\drivers\exfat.sys
08:32:15.0524 1768  exfat - ok
08:32:15.0540 1768  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\windows\system32\drivers\fastfat.sys
08:32:15.0555 1768  fastfat - ok
08:32:15.0586 1768  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\windows\system32\fxssvc.exe
08:32:15.0602 1768  Fax - ok
08:32:15.0633 1768  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\windows\system32\drivers\fdc.sys
08:32:15.0633 1768  fdc - ok
08:32:15.0649 1768  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\windows\system32\fdPHost.dll
08:32:15.0649 1768  fdPHost - ok
08:32:15.0664 1768  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\windows\system32\fdrespub.dll
08:32:15.0664 1768  FDResPub - ok
08:32:15.0711 1768  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
08:32:15.0711 1768  FileInfo - ok
08:32:15.0727 1768  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
08:32:15.0727 1768  Filetrace - ok
08:32:15.0742 1768  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
08:32:15.0758 1768  flpydisk - ok
08:32:15.0789 1768  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
08:32:15.0805 1768  FltMgr - ok
08:32:15.0852 1768  [ AE4A64971268FAC8AEA0D0EFCE06BBE8 ] FontCache       C:\windows\system32\FntCache.dll
08:32:15.0852 1768  FontCache - ok
08:32:15.0898 1768  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:32:15.0898 1768  FontCache3.0.0.0 - ok
08:32:15.0930 1768  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
08:32:15.0930 1768  FsDepends - ok
08:32:15.0945 1768  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
08:32:15.0945 1768  Fs_Rec - ok
08:32:15.0992 1768  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
08:32:15.0992 1768  fvevol - ok
08:32:16.0054 1768  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
08:32:16.0054 1768  gagp30kx - ok
08:32:16.0086 1768  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\windows\System32\gpsvc.dll
08:32:16.0086 1768  gpsvc - ok
08:32:16.0195 1768  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
08:32:16.0195 1768  gupdate - ok
08:32:16.0226 1768  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
08:32:16.0226 1768  gupdatem - ok
08:32:16.0257 1768  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
08:32:16.0257 1768  gusvc - ok
08:32:16.0273 1768  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
08:32:16.0273 1768  hcw85cir - ok
08:32:16.0320 1768  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
08:32:16.0320 1768  HdAudAddService - ok
08:32:16.0382 1768  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
08:32:16.0382 1768  HDAudBus - ok
08:32:16.0382 1768  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
08:32:16.0382 1768  HidBatt - ok
08:32:16.0398 1768  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\windows\system32\drivers\hidbth.sys
08:32:16.0398 1768  HidBth - ok
08:32:16.0444 1768  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\windows\system32\drivers\hidir.sys
08:32:16.0444 1768  HidIr - ok
08:32:16.0460 1768  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\windows\System32\hidserv.dll
08:32:16.0460 1768  hidserv - ok
08:32:16.0507 1768  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
08:32:16.0507 1768  HidUsb - ok
08:32:16.0538 1768  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\windows\system32\kmsvc.dll
08:32:16.0538 1768  hkmsvc - ok
08:32:16.0554 1768  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
08:32:16.0554 1768  HomeGroupListener - ok
08:32:16.0585 1768  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
08:32:16.0585 1768  HomeGroupProvider - ok
08:32:16.0632 1768  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
08:32:16.0632 1768  HpSAMD - ok
08:32:16.0678 1768  [ 210388FD8225B02BD83D77628AAE64A9 ] HsfXAudioService C:\windows\system32\XAudio32.dll
08:32:16.0694 1768  HsfXAudioService - ok
08:32:16.0725 1768  [ 227C3BA25012752BB7450235392C719F ] HSF_DPV         C:\windows\system32\DRIVERS\HSX_DPV.sys
08:32:16.0741 1768  HSF_DPV - ok
08:32:16.0741 1768  [ 4DF5C76302DC2F8F3465966C8426A292 ] HSXHWAZL        C:\windows\system32\DRIVERS\HSXHWAZL.sys
08:32:16.0741 1768  HSXHWAZL - ok
08:32:16.0772 1768  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\windows\system32\drivers\HTTP.sys
08:32:16.0772 1768  HTTP - ok
08:32:16.0788 1768  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
08:32:16.0788 1768  hwpolicy - ok
08:32:16.0881 1768  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
08:32:16.0881 1768  i8042prt - ok
08:32:16.0897 1768  [ F4037A3FEDB92DD97C95F320766EA5C9 ] iaStor          C:\windows\system32\drivers\iaStor.sys
08:32:16.0897 1768  iaStor - ok
08:32:16.0912 1768  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
08:32:16.0912 1768  iaStorV - ok
08:32:16.0959 1768  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:32:16.0975 1768  idsvc - ok
08:32:17.0178 1768  [ 721A8D48B2DC8C1C58C61CB948491EA8 ] igfx            C:\windows\system32\DRIVERS\igdkmd32.sys
08:32:17.0334 1768  igfx - ok
08:32:17.0412 1768  [ 2666C59704F8D5A5025B5E59F3BE0243 ] IgniteService   C:\Program Files\IgniteCDS\IgniteService.exe
08:32:17.0412 1768  IgniteService - ok
08:32:17.0458 1768  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\windows\system32\drivers\iirsp.sys
08:32:17.0458 1768  iirsp - ok
08:32:17.0521 1768  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\windows\System32\ikeext.dll
08:32:17.0521 1768  IKEEXT - ok
08:32:17.0583 1768  [ E3C36AC5AE87EC970AE8EA2A93D59AE1 ] Impcd           C:\windows\system32\drivers\Impcd.sys
08:32:17.0583 1768  Impcd - ok
08:32:17.0692 1768  [ 5576AD2F0039D2BCCCA3567FC0BF981C ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
08:32:17.0692 1768  IntcDAud - ok
08:32:17.0692 1768  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\windows\system32\drivers\intelide.sys
08:32:17.0692 1768  intelide - ok
08:32:17.0739 1768  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\windows\system32\drivers\intelppm.sys
08:32:17.0739 1768  intelppm - ok
08:32:17.0755 1768  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\windows\system32\ipbusenum.dll
08:32:17.0755 1768  IPBusEnum - ok
08:32:17.0770 1768  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
08:32:17.0770 1768  IpFilterDriver - ok
08:32:17.0833 1768  [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
08:32:17.0833 1768  iphlpsvc - ok
08:32:17.0833 1768  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
08:32:17.0848 1768  IPMIDRV - ok
08:32:17.0864 1768  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\windows\system32\drivers\ipnat.sys
08:32:17.0864 1768  IPNAT - ok
08:32:17.0895 1768  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\windows\system32\drivers\irenum.sys
08:32:17.0895 1768  IRENUM - ok
08:32:17.0911 1768  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\windows\system32\drivers\isapnp.sys
08:32:17.0911 1768  isapnp - ok
08:32:17.0926 1768  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
08:32:17.0926 1768  iScsiPrt - ok
08:32:17.0989 1768  [ C5318614D33FE697E8ADE7C030CA6F6F ] JuniperAccessService C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
08:32:17.0989 1768  JuniperAccessService - ok
08:32:18.0036 1768  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
08:32:18.0036 1768  kbdclass - ok
08:32:18.0082 1768  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
08:32:18.0082 1768  kbdhid - ok
08:32:18.0114 1768  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\windows\system32\lsass.exe
08:32:18.0114 1768  KeyIso - ok
08:32:18.0145 1768  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
08:32:18.0145 1768  KSecDD - ok
08:32:18.0176 1768  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
08:32:18.0176 1768  KSecPkg - ok
08:32:18.0207 1768  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\windows\system32\msdtckrm.dll
08:32:18.0207 1768  KtmRm - ok
08:32:18.0238 1768  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\windows\System32\srvsvc.dll
08:32:18.0238 1768  LanmanServer - ok
08:32:18.0254 1768  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
08:32:18.0270 1768  LanmanWorkstation - ok
08:32:18.0316 1768  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
08:32:18.0332 1768  lltdio - ok
08:32:18.0348 1768  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\windows\System32\lltdsvc.dll
08:32:18.0348 1768  lltdsvc - ok
08:32:18.0379 1768  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\windows\System32\lmhsvc.dll
08:32:18.0379 1768  lmhosts - ok
08:32:18.0441 1768  [ 103BE142566D66F8AE52C89FE9E92D2B ] LMS             C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
08:32:18.0457 1768  LMS - ok
08:32:18.0550 1768  [ 1BFDCC17FD8B06F92B048C615C17BF9F ] Lotus Notes Diagnostics C:\Program Files\Lotus\Notes\nsd.exe
08:32:18.0628 1768  Lotus Notes Diagnostics - ok
08:32:18.0691 1768  [ 71F607ABE2355FABEA9FB13E057AC050 ] Lotus Notes Single Logon C:\Program Files\Lotus\Notes\nslsvice.exe
08:32:18.0691 1768  Lotus Notes Single Logon - ok
08:32:18.0722 1768  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
08:32:18.0722 1768  LSI_FC - ok
08:32:18.0738 1768  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
08:32:18.0738 1768  LSI_SAS - ok
08:32:18.0753 1768  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
08:32:18.0753 1768  LSI_SAS2 - ok
08:32:18.0753 1768  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
08:32:18.0753 1768  LSI_SCSI - ok
08:32:18.0769 1768  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\windows\system32\drivers\luafv.sys
08:32:18.0769 1768  luafv - ok
08:32:18.0894 1768  [ 5CD34917C8D5943CB8B930916EB30992 ] McAfee SiteAdvisor Enterprise Service C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
08:32:18.0894 1768  McAfee SiteAdvisor Enterprise Service - ok
08:32:18.0972 1768  [ 114061CEBEDB149971B70E3B31B0026A ] McAfeeFramework C:\Program Files\McAfee\Common Framework\FrameworkService.exe
08:32:18.0972 1768  McAfeeFramework - ok
08:32:19.0081 1768  [ 5EE20E5D3E334F88862F0D491C1C1FC1 ] McShield        C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
08:32:19.0081 1768  McShield - ok
08:32:19.0143 1768  [ B15BB3AEF59158B4E1DDA5328C842713 ] McTaskManager   C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
08:32:19.0143 1768  McTaskManager - ok
08:32:19.0159 1768  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
08:32:19.0159 1768  Mcx2Svc - ok
08:32:19.0174 1768  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\windows\system32\DRIVERS\mdmxsdk.sys
08:32:19.0174 1768  mdmxsdk - ok
08:32:19.0206 1768  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\windows\system32\drivers\megasas.sys
08:32:19.0206 1768  megasas - ok
08:32:19.0252 1768  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
08:32:19.0252 1768  MegaSR - ok
08:32:19.0315 1768  [ 34A6E8BABFF9A3F5342976B9EA0E4899 ] MEI             C:\windows\system32\drivers\HECI.sys
08:32:19.0315 1768  MEI - ok
08:32:19.0362 1768  [ 1BB6E8053E826FEE1305DBE4BAA7B2DE ] mfeapfk         C:\windows\system32\drivers\mfeapfk.sys
08:32:19.0362 1768  mfeapfk - ok
08:32:19.0424 1768  [ 6D5C481CE10FAA9E53A5ED174990A8F4 ] mfeavfk         C:\windows\system32\drivers\mfeavfk.sys
08:32:19.0424 1768  mfeavfk - ok
08:32:19.0471 1768  [ 7F33DFB2CF397859B77FA3ACD3637910 ] mfebopk         C:\windows\system32\drivers\mfebopk.sys
08:32:19.0471 1768  mfebopk - ok
08:32:19.0533 1768  [ D127B9E0B26507528D9C5145F59820EA ] mfehidk         C:\windows\system32\drivers\mfehidk.sys
08:32:19.0533 1768  mfehidk - ok
08:32:19.0564 1768  [ 14B5C4051412064F2CDB766D01C50577 ] mferkdet        C:\windows\system32\drivers\mferkdet.sys
08:32:19.0564 1768  mferkdet - ok
08:32:19.0642 1768  [ 055F7C2F8BE4C6EFF8C0D0D9934E27F8 ] mfevtp          C:\windows\system32\mfevtps.exe
08:32:19.0642 1768  mfevtp - ok
08:32:19.0658 1768  [ A861530E89F0A3FA9C733DC22C597670 ] mfewfpk         C:\windows\system32\drivers\mfewfpk.sys
08:32:19.0658 1768  mfewfpk - ok
08:32:19.0752 1768  Microsoft SharePoint Workspace Audit Service - ok
08:32:19.0783 1768  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\windows\system32\mmcss.dll
08:32:19.0783 1768  MMCSS - ok
08:32:19.0814 1768  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\windows\system32\drivers\modem.sys
08:32:19.0814 1768  Modem - ok
08:32:19.0861 1768  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
08:32:19.0861 1768  monitor - ok
08:32:19.0908 1768  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
08:32:19.0908 1768  mouclass - ok
08:32:20.0001 1768  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
08:32:20.0001 1768  mouhid - ok
08:32:20.0017 1768  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
08:32:20.0017 1768  mountmgr - ok
08:32:20.0095 1768  [ 5E0686615A80A6279B2314E13CD23F6E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:32:20.0095 1768  MozillaMaintenance - ok
08:32:20.0142 1768  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\windows\system32\drivers\mpio.sys
08:32:20.0142 1768  mpio - ok
08:32:20.0157 1768  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
08:32:20.0157 1768  mpsdrv - ok
08:32:20.0235 1768  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\windows\system32\mpssvc.dll
08:32:20.0251 1768  MpsSvc - ok
08:32:20.0266 1768  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
08:32:20.0266 1768  MRxDAV - ok
08:32:20.0313 1768  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
08:32:20.0313 1768  mrxsmb - ok
08:32:20.0329 1768  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
08:32:20.0329 1768  mrxsmb10 - ok
08:32:20.0329 1768  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
08:32:20.0329 1768  mrxsmb20 - ok
08:32:20.0344 1768  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\windows\system32\drivers\msahci.sys
08:32:20.0344 1768  msahci - ok
08:32:20.0376 1768  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\windows\system32\drivers\msdsm.sys
08:32:20.0376 1768  msdsm - ok
08:32:20.0391 1768  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\windows\System32\msdtc.exe
08:32:20.0391 1768  MSDTC - ok
08:32:20.0485 1768  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\windows\system32\drivers\Msfs.sys
08:32:20.0485 1768  Msfs - ok
08:32:20.0500 1768  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
08:32:20.0500 1768  mshidkmdf - ok
08:32:20.0500 1768  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
08:32:20.0500 1768  msisadrv - ok
08:32:20.0532 1768  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
08:32:20.0532 1768  MSiSCSI - ok
08:32:20.0547 1768  msiserver - ok
08:32:20.0578 1768  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
08:32:20.0578 1768  MSKSSRV - ok
08:32:20.0672 1768  [ 1F8B16914DACB952959541A961B51940 ] msoidsvc        C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
08:32:20.0688 1768  msoidsvc - ok
08:32:20.0750 1768  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
08:32:20.0750 1768  MSPCLOCK - ok
08:32:20.0766 1768  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
08:32:20.0766 1768  MSPQM - ok
08:32:20.0766 1768  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
08:32:20.0781 1768  MsRPC - ok
08:32:20.0797 1768  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
08:32:20.0797 1768  mssmbios - ok
08:32:20.0812 1768  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
08:32:20.0812 1768  MSTEE - ok
08:32:20.0812 1768  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
08:32:20.0828 1768  MTConfig - ok
08:32:20.0828 1768  [ 218D58976C01C60657818ED0EAC81602 ] Multi-user Cleanup Service C:\Program Files\Lotus\Notes\ntmulti.exe
08:32:20.0828 1768  Multi-user Cleanup Service - ok
08:32:20.0859 1768  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\windows\system32\Drivers\mup.sys
08:32:20.0859 1768  Mup - ok
08:32:20.0922 1768  MySQL - ok
08:32:20.0953 1768  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\windows\system32\qagentRT.dll
08:32:20.0953 1768  napagent - ok
08:32:21.0015 1768  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
08:32:21.0015 1768  NativeWifiP - ok
08:32:21.0062 1768  [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS            C:\windows\system32\drivers\ndis.sys
08:32:21.0078 1768  NDIS - ok
08:32:21.0109 1768  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
08:32:21.0124 1768  NdisCap - ok
08:32:21.0124 1768  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
08:32:21.0124 1768  NdisTapi - ok
08:32:21.0140 1768  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
08:32:21.0140 1768  Ndisuio - ok
08:32:21.0140 1768  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
08:32:21.0140 1768  NdisWan - ok
08:32:21.0156 1768  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
08:32:21.0156 1768  NDProxy - ok
08:32:21.0218 1768  [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\windows\system32\HPZinw12.dll
08:32:21.0218 1768  Net Driver HPZ12 - ok
08:32:21.0265 1768  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
08:32:21.0265 1768  NetBIOS - ok
08:32:21.0265 1768  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
08:32:21.0280 1768  NetBT - ok
08:32:21.0296 1768  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\windows\system32\lsass.exe
08:32:21.0296 1768  Netlogon - ok
08:32:21.0358 1768  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\windows\System32\netman.dll
08:32:21.0358 1768  Netman - ok
08:32:21.0405 1768  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:32:21.0421 1768  NetMsmqActivator - ok
08:32:21.0436 1768  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:32:21.0436 1768  NetPipeActivator - ok
08:32:21.0468 1768  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\windows\System32\netprofm.dll
08:32:21.0468 1768  netprofm - ok
08:32:21.0483 1768  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:32:21.0483 1768  NetTcpActivator - ok
08:32:21.0483 1768  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:32:21.0483 1768  NetTcpPortSharing - ok
08:32:21.0624 1768  [ 814596469BBE40EF99CCFD582A375B83 ] NETwNs32        C:\windows\system32\DRIVERS\NETwNs32.sys
08:32:21.0733 1768  NETwNs32 - ok
08:32:21.0764 1768  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
08:32:21.0780 1768  nfrd960 - ok
08:32:21.0811 1768  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\windows\System32\nlasvc.dll
08:32:21.0811 1768  NlaSvc - ok
08:32:21.0826 1768  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\windows\system32\drivers\Npfs.sys
08:32:21.0842 1768  Npfs - ok
08:32:21.0889 1768  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\windows\system32\nsisvc.dll
08:32:21.0889 1768  nsi - ok
08:32:21.0920 1768  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
08:32:21.0920 1768  nsiproxy - ok
08:32:21.0967 1768  [ 81189C3D7763838E55C397759D49007A ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
08:32:21.0998 1768  Ntfs - ok
08:32:22.0076 1768  [ A82BB9014BEF0E4986C3DA610B3A25FE ] NuidFltr        C:\windows\system32\DRIVERS\NuidFltr.sys
08:32:22.0076 1768  NuidFltr - ok
08:32:22.0076 1768  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\windows\system32\drivers\Null.sys
08:32:22.0076 1768  Null - ok
08:32:22.0138 1768  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\windows\system32\drivers\nvraid.sys
08:32:22.0138 1768  nvraid - ok
08:32:22.0154 1768  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\windows\system32\drivers\nvstor.sys
08:32:22.0154 1768  nvstor - ok
08:32:22.0170 1768  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
08:32:22.0170 1768  nv_agp - ok
08:32:22.0216 1768  [ 4E37455DB16AEC75862B1D0BC35B589E ] O2FLASH         C:\windows\system32\DRIVERS\o2flash.exe
08:32:22.0216 1768  O2FLASH - ok
08:32:22.0232 1768  [ 5F63917FCC257ED11E828230BE594194 ] O2MDFRDR        C:\windows\system32\drivers\O2MDFw7.sys
08:32:22.0232 1768  O2MDFRDR - ok
08:32:22.0248 1768  [ FDC901900D9B1B671B3388C3023BD2EA ] O2MDRRDR        C:\windows\system32\drivers\O2MDRw7.sys
08:32:22.0248 1768  O2MDRRDR - ok
08:32:22.0263 1768  [ E9D663F929862C1CE266F74AC7259C6D ] O2SDJRDR        C:\windows\system32\drivers\o2sdjw7.sys
08:32:22.0263 1768  O2SDJRDR - ok
08:32:22.0341 1768  [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:32:22.0341 1768  odserv - ok
08:32:22.0357 1768  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
08:32:22.0357 1768  ohci1394 - ok
08:32:22.0404 1768  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:32:22.0404 1768  ose - ok
08:32:22.0497 1768  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:32:22.0560 1768  osppsvc - ok
08:32:22.0638 1768  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
08:32:22.0638 1768  p2pimsvc - ok
08:32:22.0700 1768  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\windows\system32\p2psvc.dll
08:32:22.0700 1768  p2psvc - ok
08:32:22.0747 1768  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\windows\system32\drivers\parport.sys
08:32:22.0747 1768  Parport - ok
08:32:22.0762 1768  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\windows\system32\drivers\partmgr.sys
08:32:22.0762 1768  partmgr - ok
08:32:22.0794 1768  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\windows\system32\drivers\parvdm.sys
08:32:22.0794 1768  Parvdm - ok
08:32:22.0809 1768  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\windows\System32\pcasvc.dll
08:32:22.0809 1768  PcaSvc - ok
08:32:22.0825 1768  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\windows\system32\drivers\pci.sys
08:32:22.0825 1768  pci - ok
08:32:22.0840 1768  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\windows\system32\drivers\pciide.sys
08:32:22.0840 1768  pciide - ok
08:32:22.0872 1768  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
08:32:22.0872 1768  pcmcia - ok
08:32:22.0903 1768  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\windows\system32\drivers\pcw.sys
08:32:22.0903 1768  pcw - ok
08:32:22.0965 1768  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\windows\system32\drivers\peauth.sys
08:32:22.0965 1768  PEAUTH - ok
08:32:22.0996 1768  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\windows\system32\peerdistsvc.dll
08:32:23.0012 1768  PeerDistSvc - ok
08:32:23.0074 1768  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\windows\system32\pla.dll
08:32:23.0090 1768  pla - ok
08:32:23.0137 1768  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\windows\system32\umpnpmgr.dll
08:32:23.0152 1768  PlugPlay - ok
08:32:23.0199 1768  [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\windows\system32\HPZipm12.dll
08:32:23.0215 1768  Pml Driver HPZ12 - ok
08:32:23.0230 1768  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
08:32:23.0230 1768  PNRPAutoReg - ok
08:32:23.0246 1768  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
08:32:23.0246 1768  PNRPsvc - ok
08:32:23.0308 1768  [ 226BAACBFA1BA1A4937935DBC23CB1CD ] Point32         C:\windows\system32\DRIVERS\point32.sys
08:32:23.0308 1768  Point32 - ok
08:32:23.0355 1768  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
08:32:23.0355 1768  PolicyAgent - ok
08:32:23.0355 1768  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\windows\system32\umpo.dll
08:32:23.0371 1768  Power - ok
08:32:23.0386 1768  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
08:32:23.0386 1768  PptpMiniport - ok
08:32:23.0402 1768  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\windows\system32\drivers\processr.sys
08:32:23.0402 1768  Processor - ok
08:32:23.0418 1768  [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc         C:\windows\system32\profsvc.dll
08:32:23.0433 1768  ProfSvc - ok
08:32:23.0449 1768  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
08:32:23.0449 1768  ProtectedStorage - ok
08:32:23.0496 1768  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\windows\system32\DRIVERS\pacer.sys
08:32:23.0496 1768  Psched - ok
08:32:23.0574 1768  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\windows\system32\Drivers\PxHelp20.sys
08:32:23.0574 1768  PxHelp20 - ok
08:32:23.0605 1768  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\windows\system32\drivers\ql2300.sys
08:32:23.0620 1768  ql2300 - ok
08:32:23.0652 1768  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
08:32:23.0652 1768  ql40xx - ok
08:32:23.0667 1768  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\windows\system32\qwave.dll
08:32:23.0683 1768  QWAVE - ok
08:32:23.0714 1768  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
08:32:23.0714 1768  QWAVEdrv - ok
08:32:23.0745 1768  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
08:32:23.0745 1768  RasAcd - ok
08:32:23.0761 1768  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
08:32:23.0761 1768  RasAgileVpn - ok
08:32:23.0776 1768  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\windows\System32\rasauto.dll
08:32:23.0792 1768  RasAuto - ok
08:32:23.0792 1768  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
08:32:23.0792 1768  Rasl2tp - ok
08:32:23.0839 1768  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\windows\System32\rasmans.dll
08:32:23.0854 1768  RasMan - ok
08:32:23.0854 1768  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
08:32:23.0854 1768  RasPppoe - ok
08:32:23.0870 1768  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
08:32:23.0870 1768  RasSstp - ok
08:32:23.0901 1768  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
08:32:23.0901 1768  rdbss - ok
08:32:23.0932 1768  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
08:32:23.0932 1768  rdpbus - ok
08:32:23.0948 1768  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
08:32:23.0948 1768  RDPCDD - ok
08:32:23.0964 1768  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\windows\system32\drivers\rdpdr.sys
08:32:23.0964 1768  RDPDR - ok
08:32:24.0010 1768  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
08:32:24.0010 1768  RDPENCDD - ok
08:32:24.0042 1768  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
08:32:24.0042 1768  RDPREFMP - ok
08:32:24.0073 1768  [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
08:32:24.0073 1768  RdpVideoMiniport - ok
08:32:24.0104 1768  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
08:32:24.0104 1768  RDPWD - ok
08:32:24.0151 1768  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
08:32:24.0151 1768  rdyboost - ok
08:32:24.0213 1768  [ B064FC671688A9A1C5F46AE06E87F70D ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
08:32:24.0213 1768  RegSrvc - ok
08:32:24.0244 1768  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\windows\System32\mprdim.dll
08:32:24.0244 1768  RemoteAccess - ok
08:32:24.0276 1768  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\windows\system32\regsvc.dll
08:32:24.0276 1768  RemoteRegistry - ok
08:32:24.0338 1768  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
08:32:24.0338 1768  RFCOMM - ok
08:32:24.0463 1768  [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
08:32:24.0494 1768  RoxMediaDB12OEM - ok
08:32:24.0510 1768  [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12      C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
08:32:24.0510 1768  RoxWatch12 - ok
08:32:24.0541 1768  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
08:32:24.0541 1768  RpcEptMapper - ok
08:32:24.0556 1768  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\windows\system32\locator.exe
08:32:24.0556 1768  RpcLocator - ok
08:32:24.0588 1768  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\windows\system32\rpcss.dll
08:32:24.0588 1768  RpcSs - ok
08:32:24.0619 1768  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
08:32:24.0619 1768  rspndr - ok
08:32:24.0650 1768  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\windows\system32\drivers\vms3cap.sys
08:32:24.0650 1768  s3cap - ok
08:32:24.0666 1768  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\windows\system32\lsass.exe
08:32:24.0666 1768  SamSs - ok
08:32:24.0697 1768  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
08:32:24.0697 1768  sbp2port - ok
08:32:24.0712 1768  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\windows\System32\SCardSvr.dll
08:32:24.0728 1768  SCardSvr - ok
08:32:24.0728 1768  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
08:32:24.0744 1768  scfilter - ok
08:32:24.0790 1768  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\windows\system32\schedsvc.dll
08:32:24.0790 1768  Schedule - ok
08:32:24.0822 1768  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\windows\System32\certprop.dll
08:32:24.0822 1768  SCPolicySvc - ok
08:32:24.0837 1768  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\windows\System32\SDRSVC.dll
08:32:24.0837 1768  SDRSVC - ok
08:32:24.0884 1768  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\windows\system32\drivers\secdrv.sys
08:32:24.0884 1768  secdrv - ok
08:32:24.0900 1768  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\windows\system32\seclogon.dll
08:32:24.0900 1768  seclogon - ok
08:32:24.0946 1768  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\windows\system32\sens.dll
08:32:24.0946 1768  SENS - ok
08:32:24.0978 1768  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\windows\system32\sensrsvc.dll
08:32:24.0978 1768  SensrSvc - ok
08:32:25.0009 1768  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
08:32:25.0009 1768  Serenum - ok
08:32:25.0024 1768  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\windows\system32\DRIVERS\serial.sys
08:32:25.0040 1768  Serial - ok
08:32:25.0056 1768  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\windows\system32\drivers\sermouse.sys
08:32:25.0056 1768  sermouse - ok
08:32:25.0102 1768  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\windows\system32\sessenv.dll
08:32:25.0102 1768  SessionEnv - ok
08:32:25.0118 1768  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
08:32:25.0118 1768  sffdisk - ok
08:32:25.0134 1768  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
08:32:25.0134 1768  sffp_mmc - ok
08:32:25.0134 1768  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
08:32:25.0134 1768  sffp_sd - ok
08:32:25.0149 1768  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
08:32:25.0149 1768  sfloppy - ok
08:32:25.0227 1768  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\windows\System32\ipnathlp.dll
08:32:25.0227 1768  SharedAccess - ok
08:32:25.0243 1768  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
08:32:25.0243 1768  ShellHWDetection - ok
08:32:25.0258 1768  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\windows\system32\drivers\sisagp.sys
08:32:25.0258 1768  sisagp - ok
08:32:25.0321 1768  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
08:32:25.0336 1768  SiSRaid2 - ok
08:32:25.0352 1768  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
08:32:25.0352 1768  SiSRaid4 - ok
08:32:25.0383 1768  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\windows\system32\DRIVERS\smb.sys
08:32:25.0383 1768  Smb - ok
08:32:25.0414 1768  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
08:32:25.0430 1768  SNMPTRAP - ok
08:32:25.0446 1768  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\windows\system32\drivers\spldr.sys
08:32:25.0461 1768  spldr - ok
08:32:25.0492 1768  [ 866A43013535DC8587C258E43579C764 ] Spooler         C:\windows\System32\spoolsv.exe
08:32:25.0492 1768  Spooler - ok
08:32:25.0555 1768  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\windows\system32\sppsvc.exe
08:32:25.0602 1768  sppsvc - ok
08:32:25.0648 1768  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\windows\system32\sppuinotify.dll
08:32:25.0648 1768  sppuinotify - ok
08:32:25.0664 1768  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\windows\system32\DRIVERS\srv.sys
08:32:25.0664 1768  srv - ok
08:32:25.0695 1768  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\windows\system32\DRIVERS\srv2.sys
08:32:25.0695 1768  srv2 - ok
08:32:25.0711 1768  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
08:32:25.0711 1768  srvnet - ok
08:32:25.0726 1768  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
08:32:25.0726 1768  SSDPSRV - ok
08:32:25.0789 1768  [ 32DBFFBC1401D24C093FD3DB2BC69EE7 ] SSPREnrollService C:\Program Files\Passlogix\v-GO SSPR Client\SSPREnrollService.exe
08:32:25.0804 1768  SSPREnrollService - ok
08:32:25.0820 1768  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\windows\system32\sstpsvc.dll
08:32:25.0820 1768  SstpSvc - ok
08:32:25.0867 1768  [ A97FCA92BE4E62BC589371058CBC769E ] STacSV          C:\Program Files\IDT\WDM\STacSV.exe
08:32:25.0867 1768  STacSV - ok
08:32:25.0882 1768  [ D8FC8D47FBFCB3852E40F5D5058ABC6A ] stdcfltn        C:\windows\system32\DRIVERS\stdcfltn.sys
08:32:25.0898 1768  stdcfltn - ok
08:32:25.0945 1768  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\windows\system32\drivers\stexstor.sys
08:32:25.0945 1768  stexstor - ok
08:32:25.0992 1768  [ D5D73B49D53FCC47E2828D6805DFA0F6 ] STHDA           C:\windows\system32\DRIVERS\stwrt.sys
08:32:25.0992 1768  STHDA - ok
08:32:26.0023 1768  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\windows\System32\wiaservc.dll
08:32:26.0023 1768  StiSvc - ok
08:32:26.0070 1768  [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
08:32:26.0070 1768  stllssvr - ok
08:32:26.0085 1768  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\windows\system32\drivers\vmstorfl.sys
08:32:26.0085 1768  storflt - ok
08:32:26.0116 1768  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\windows\system32\storsvc.dll
08:32:26.0116 1768  StorSvc - ok
08:32:26.0163 1768  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\windows\system32\drivers\storvsc.sys
08:32:26.0163 1768  storvsc - ok
08:32:26.0179 1768  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\windows\system32\drivers\swenum.sys
08:32:26.0179 1768  swenum - ok
08:32:26.0210 1768  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\windows\System32\swprv.dll
08:32:26.0210 1768  swprv - ok
08:32:26.0226 1768  [ F2AD8960812FD111E20E84659EF19D43 ] Synth3dVsc      C:\windows\system32\drivers\Synth3dVsc.sys
08:32:26.0226 1768  Synth3dVsc - ok
08:32:26.0257 1768  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\windows\system32\sysmain.dll
08:32:26.0288 1768  SysMain - ok
08:32:26.0288 1768  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
08:32:26.0288 1768  TabletInputService - ok
08:32:26.0304 1768  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\windows\System32\tapisrv.dll
08:32:26.0304 1768  TapiSrv - ok
08:32:26.0319 1768  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\windows\System32\tbssvc.dll
08:32:26.0319 1768  TBS - ok
08:32:26.0335 1768  [ 5150FB0F8DFE5353B15FD7D017112A4E ] tcm             C:\windows\system32\drivers\tcm.sys
08:32:26.0335 1768  tcm - ok
08:32:26.0397 1768  [ 4E8B9BE71B807B3BAEDB7F4243F85E3C ] Tcpip           C:\windows\system32\drivers\tcpip.sys
08:32:26.0428 1768  Tcpip - ok
08:32:26.0475 1768  [ 4E8B9BE71B807B3BAEDB7F4243F85E3C ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
08:32:26.0475 1768  TCPIP6 - ok
08:32:26.0538 1768  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
08:32:26.0538 1768  tcpipreg - ok
08:32:26.0553 1768  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
08:32:26.0553 1768  TDPIPE - ok
08:32:26.0584 1768  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
08:32:26.0584 1768  TDTCP - ok
08:32:26.0600 1768  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
08:32:26.0600 1768  tdx - ok
08:32:26.0616 1768  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\windows\system32\drivers\termdd.sys
08:32:26.0616 1768  TermDD - ok
08:32:26.0631 1768  [ 052306FD76793D5D5AB5D9891FD1ADBB ] terminpt        C:\windows\system32\drivers\terminpt.sys
08:32:26.0631 1768  terminpt - ok
08:32:26.0662 1768  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\windows\System32\termsrv.dll
08:32:26.0678 1768  TermService - ok
08:32:26.0678 1768  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\windows\system32\themeservice.dll
08:32:26.0694 1768  Themes - ok
08:32:26.0709 1768  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\windows\system32\mmcss.dll
08:32:26.0709 1768  THREADORDER - ok
08:32:26.0725 1768  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\windows\System32\trkwks.dll
08:32:26.0725 1768  TrkWks - ok
08:32:26.0772 1768  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
08:32:26.0772 1768  TrustedInstaller - ok
08:32:26.0803 1768  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
08:32:26.0803 1768  tssecsrv - ok
08:32:26.0818 1768  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
08:32:26.0818 1768  TsUsbFlt - ok
08:32:26.0850 1768  [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
08:32:26.0850 1768  TsUsbGD - ok
08:32:26.0865 1768  [ 045ACB987C650D8186C6B4A692223860 ] tsusbhub        C:\windows\system32\drivers\tsusbhub.sys
08:32:26.0865 1768  tsusbhub - ok
08:32:26.0912 1768  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
08:32:26.0912 1768  tunnel - ok
08:32:26.0943 1768  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\windows\system32\drivers\uagp35.sys
08:32:26.0943 1768  uagp35 - ok
08:32:26.0959 1768  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\windows\system32\DRIVERS\udfs.sys
08:32:26.0959 1768  udfs - ok
08:32:26.0990 1768  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\windows\system32\UI0Detect.exe
08:32:26.0990 1768  UI0Detect - ok
08:32:27.0037 1768  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
08:32:27.0037 1768  uliagpkx - ok
08:32:27.0084 1768  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\windows\system32\DRIVERS\umbus.sys
08:32:27.0084 1768  umbus - ok
08:32:27.0130 1768  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\windows\system32\drivers\umpass.sys
08:32:27.0130 1768  UmPass - ok
08:32:27.0146 1768  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\windows\System32\umrdp.dll
08:32:27.0162 1768  UmRdpService - ok
08:32:27.0271 1768  [ 6B778A47EB9CE430708AC42980BB712C ] UNS             C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
08:32:27.0318 1768  UNS - ok
08:32:27.0333 1768  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\windows\System32\upnphost.dll
08:32:27.0333 1768  upnphost - ok
08:32:27.0364 1768  [ 7E72E7D7E0757D59481D530FD2B0BFAE ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
08:32:27.0364 1768  usbccgp - ok
08:32:27.0427 1768  [ 2352AB5F9F8F097BF9D41D5A4718A041 ] usbcir          C:\windows\system32\drivers\usbcir.sys
08:32:27.0427 1768  usbcir - ok
08:32:27.0427 1768  [ CFBCE999C057D78979A181C9C60F208E ] usbehci         C:\windows\system32\drivers\usbehci.sys
08:32:27.0427 1768  usbehci - ok
08:32:27.0474 1768  [ 9D22AAD9AC6A07C691A1113E5F860868 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
08:32:27.0489 1768  usbhub - ok
08:32:27.0505 1768  [ DCDF9855145A14DFCA0AB32308871961 ] usbohci         C:\windows\system32\drivers\usbohci.sys
08:32:27.0505 1768  usbohci - ok
08:32:27.0536 1768  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\windows\system32\drivers\usbprint.sys
08:32:27.0536 1768  usbprint - ok
08:32:27.0583 1768  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
08:32:27.0583 1768  USBSTOR - ok
08:32:27.0598 1768  [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
08:32:27.0598 1768  usbuhci - ok
08:32:27.0661 1768  [ DE014425522610BEDCA3821BB8C0F1D5 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
08:32:27.0661 1768  usbvideo - ok
08:32:27.0661 1768  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\windows\System32\uxsms.dll
08:32:27.0676 1768  UxSms - ok
08:32:27.0676 1768  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\windows\system32\lsass.exe
08:32:27.0676 1768  VaultSvc - ok
08:32:27.0723 1768  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
08:32:27.0723 1768  vdrvroot - ok
08:32:27.0739 1768  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\windows\System32\vds.exe
08:32:27.0739 1768  vds - ok
08:32:27.0754 1768  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
08:32:27.0754 1768  vga - ok
08:32:27.0786 1768  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\windows\System32\drivers\vga.sys
08:32:27.0786 1768  VgaSave - ok
08:32:27.0801 1768  VGPU - ok
08:32:27.0817 1768  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
08:32:27.0817 1768  vhdmp - ok
08:32:27.0864 1768  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\windows\system32\drivers\viaagp.sys
08:32:27.0864 1768  viaagp - ok
08:32:27.0879 1768  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\windows\system32\drivers\viac7.sys
08:32:27.0879 1768  ViaC7 - ok
08:32:27.0895 1768  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\windows\system32\drivers\viaide.sys
08:32:27.0895 1768  viaide - ok
08:32:27.0910 1768  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\windows\system32\drivers\vmbus.sys
08:32:27.0910 1768  vmbus - ok
08:32:27.0926 1768  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\windows\system32\drivers\VMBusHID.sys
08:32:27.0926 1768  VMBusHID - ok
08:32:27.0942 1768  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\windows\system32\drivers\volmgr.sys
08:32:27.0942 1768  volmgr - ok
08:32:27.0957 1768  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
08:32:27.0957 1768  volmgrx - ok
08:32:27.0973 1768  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\windows\system32\drivers\volsnap.sys
08:32:27.0973 1768  volsnap - ok
08:32:28.0051 1768  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
08:32:28.0051 1768  vsmraid - ok
08:32:28.0082 1768  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\windows\system32\vssvc.exe
08:32:28.0113 1768  VSS - ok
08:32:28.0144 1768  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
08:32:28.0144 1768  vwifibus - ok
08:32:28.0160 1768  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
08:32:28.0160 1768  vwififlt - ok
08:32:28.0191 1768  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\windows\system32\w32time.dll
08:32:28.0191 1768  W32Time - ok
08:32:28.0207 1768  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\windows\system32\drivers\wacompen.sys
08:32:28.0207 1768  WacomPen - ok
08:32:28.0254 1768  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
08:32:28.0254 1768  WANARP - ok
08:32:28.0254 1768  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
08:32:28.0254 1768  Wanarpv6 - ok
08:32:28.0285 1768  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\windows\system32\wbengine.exe
08:32:28.0316 1768  wbengine - ok
08:32:28.0332 1768  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
08:32:28.0332 1768  WbioSrvc - ok
08:32:28.0347 1768  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\windows\System32\wcncsvc.dll
08:32:28.0363 1768  wcncsvc - ok
08:32:28.0378 1768  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
08:32:28.0378 1768  WcsPlugInService - ok
08:32:28.0394 1768  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\windows\system32\drivers\wd.sys
08:32:28.0394 1768  Wd - ok
08:32:28.0441 1768  [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM         C:\windows\system32\DRIVERS\wdcsam.sys
08:32:28.0441 1768  WDC_SAM - ok
08:32:28.0488 1768  [ 25944D2CC49E0A6C581D02A74B7D6645 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
08:32:28.0488 1768  Wdf01000 - ok
08:32:28.0503 1768  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\windows\system32\wdi.dll
08:32:28.0503 1768  WdiServiceHost - ok
08:32:28.0503 1768  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\windows\system32\wdi.dll
08:32:28.0503 1768  WdiSystemHost - ok
08:32:28.0519 1768  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\windows\System32\webclnt.dll
08:32:28.0534 1768  WebClient - ok
08:32:28.0550 1768  WebMail - ok
08:32:28.0581 1768  [ 5A1C0CFDC7C68BF6E13E58ABD60C1E98 ] WebMail_        C:\windows\system32\WebMail_.sys
08:32:28.0581 1768  WebMail_ - ok
08:32:28.0597 1768  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\windows\system32\wecsvc.dll
08:32:28.0597 1768  Wecsvc - ok
08:32:28.0628 1768  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\windows\System32\wercplsupport.dll
08:32:28.0628 1768  wercplsupport - ok
08:32:28.0690 1768  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\windows\System32\WerSvc.dll
08:32:28.0690 1768  WerSvc - ok
08:32:28.0737 1768  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
08:32:28.0737 1768  WfpLwf - ok
08:32:28.0768 1768  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\windows\system32\drivers\wimmount.sys
08:32:28.0768 1768  WIMMount - ok
08:32:28.0800 1768  [ 8B976D4CA270110111DF4F313DA0E6E8 ] winachsf        C:\windows\system32\DRIVERS\HSX_CNXT.sys
08:32:28.0815 1768  winachsf - ok
08:32:28.0862 1768  [ 082CF481F659FAE0DE51AD060881EB47 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
08:32:28.0878 1768  WinDefend - ok
08:32:28.0878 1768  WinHttpAutoProxySvc - ok
08:32:28.0909 1768  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
08:32:28.0909 1768  Winmgmt - ok
08:32:28.0940 1768  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\windows\system32\WsmSvc.dll
08:32:28.0971 1768  WinRM - ok
08:32:29.0002 1768  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\windows\system32\DRIVERS\WinUSB.sys
08:32:29.0002 1768  WinUsb - ok
08:32:29.0018 1768  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\windows\System32\wlansvc.dll
08:32:29.0034 1768  Wlansvc - ok
08:32:29.0096 1768  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
08:32:29.0096 1768  WmiAcpi - ok
08:32:29.0112 1768  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
08:32:29.0112 1768  wmiApSrv - ok
08:32:29.0158 1768  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
08:32:29.0174 1768  WMPNetworkSvc - ok
08:32:29.0205 1768  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\windows\System32\wpcsvc.dll
08:32:29.0205 1768  WPCSvc - ok
08:32:29.0221 1768  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
08:32:29.0221 1768  WPDBusEnum - ok
08:32:29.0252 1768  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
08:32:29.0252 1768  ws2ifsl - ok
08:32:29.0252 1768  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\windows\system32\wscsvc.dll
08:32:29.0268 1768  wscsvc - ok
08:32:29.0268 1768  WSearch - ok
08:32:29.0299 1768  [ 3026418A50C5B4761BEFA632CEDB7406 ] wuauserv        C:\windows\system32\wuaueng.dll
08:32:29.0330 1768  wuauserv - ok
08:32:29.0361 1768  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
08:32:29.0361 1768  WudfPf - ok
08:32:29.0377 1768  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
08:32:29.0377 1768  WUDFRd - ok
08:32:29.0392 1768  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
08:32:29.0392 1768  wudfsvc - ok
08:32:29.0408 1768  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\windows\System32\wwansvc.dll
08:32:29.0424 1768  WwanSvc - ok
08:32:29.0439 1768  [ 894F963BE999BA9DB5AAC3AED55B115D ] XAudio          C:\windows\system32\DRIVERS\XAudio32.sys
08:32:29.0439 1768  XAudio - ok
08:32:29.0486 1768  [ 4F5D56FF81B8C0294E22DCC62136F253 ] ZcfgSvc7        C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
08:32:29.0486 1768  ZcfgSvc7 - ok
08:32:29.0517 1768  ================ Scan global ===============================
08:32:29.0548 1768  [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
08:32:29.0580 1768  [ 51BB04243DF6196C06E125898127E397 ] C:\windows\system32\winsrv.dll
08:32:29.0626 1768  [ 51BB04243DF6196C06E125898127E397 ] C:\windows\system32\winsrv.dll
08:32:29.0658 1768  [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
08:32:29.0689 1768  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
08:32:29.0689 1768  [Global] - ok
08:32:29.0689 1768  ================ Scan MBR ==================================
08:32:29.0704 1768  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
08:32:29.0704 1768  Suspicious mbr (Forged): \Device\Harddisk0\DR0
08:32:29.0751 1768  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
08:32:29.0751 1768  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
08:32:29.0829 1768  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
08:32:29.0829 1768  \Device\Harddisk0\DR0 - detected TDSS File System (1)
08:32:29.0829 1768  ================ Scan VBR ==================================
08:32:29.0829 1768  [ 59BF55052728478FB0305887F0EC817C ] \Device\Harddisk0\DR0\Partition1
08:32:29.0829 1768  \Device\Harddisk0\DR0\Partition1 - ok
08:32:29.0860 1768  [ 2B48A20B9E67398236FF9C18F0045952 ] \Device\Harddisk0\DR0\Partition2
08:32:29.0860 1768  \Device\Harddisk0\DR0\Partition2 - ok
08:32:29.0876 1768  ============================================================
08:32:29.0876 1768  Scan finished
08:32:29.0876 1768  ============================================================
08:32:29.0876 0376  Detected object count: 2
08:32:29.0876 0376  Actual detected object count: 2
08:33:38.0251 0376  \Device\Harddisk0\DR0\# - copied to quarantine
08:33:38.0266 0376  \Device\Harddisk0\DR0 - copied to quarantine
08:33:38.0298 0376  \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
08:33:38.0298 0376  \Device\Harddisk0\DR0\TDLFS\cmd32.dll - copied to quarantine
08:33:38.0313 0376  \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
08:33:38.0313 0376  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
08:33:38.0329 0376  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
08:33:38.0344 0376  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
08:33:38.0344 0376  \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
08:33:38.0344 0376  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
08:33:38.0344 0376  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
08:33:38.0344 0376  \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
08:33:38.0344 0376  \Device\Harddisk0\DR0\TDLFS\ns - copied to quarantine
08:33:38.0391 0376  \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
08:33:38.0391 0376  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
08:33:38.0407 0376  \Device\Harddisk0\DR0 - ok
08:33:38.0407 0376  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
08:33:38.0407 0376  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
08:33:38.0407 0376  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
08:34:06.0534 0664  Deinitialize success

 

 

TDSSKiller.2.8.16.0_25.12.2013_08.37.50_log.txt:

 

08:37:50.0417 4468  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
08:38:26.0020 4468  ============================================================
08:38:26.0020 4468  Current date / time: 2013/12/25 08:38:26.0020
08:38:26.0020 4468  SystemInfo:
08:38:26.0020 4468 
08:38:26.0020 4468  OS Version: 6.1.7601 ServicePack: 1.0
08:38:26.0020 4468  Product type: Workstation
08:38:26.0020 4468  ComputerName: 4BRXBT1
08:38:26.0020 4468  UserName: snayak
08:38:26.0020 4468  Windows directory: C:\windows
08:38:26.0020 4468  System windows directory: C:\windows
08:38:26.0020 4468  Processor architecture: Intel x86
08:38:26.0020 4468  Number of processors: 4
08:38:26.0020 4468  Page size: 0x1000
08:38:26.0020 4468  Boot type: Normal boot
08:38:26.0020 4468  ============================================================
08:38:27.0923 4468  BG loaded
08:38:30.0669 4468  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:38:30.0669 4468  ============================================================
08:38:30.0669 4468  \Device\Harddisk0\DR0:
08:38:30.0669 4468  MBR partitions:
08:38:30.0669 4468  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x96000
08:38:30.0669 4468  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAA000, BlocksNum 0x25384000
08:38:30.0669 4468  ============================================================
08:38:30.0871 4468  C: <-> \Device\Harddisk0\DR0\Partition2
08:38:30.0871 4468  ============================================================
08:38:30.0871 4468  Initialize success
08:38:30.0871 4468  ============================================================
08:38:36.0038 3960  Deinitialize success

 

 

ComboFix.txt:

 

ComboFix 13-12-24.02 - snayak 12/25/2013   8:59.4.4 - x86 MINIMAL
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.1.1033.18.3241.2211 [GMT -6:00]
Running from: c:\users\snayak\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\snayak\AppData\Local\assembly\tmp
c:\windows\psapi.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-25 to 2013-12-25  )))))))))))))))))))))))))))))))
.
.
2013-12-25 15:07 . 2013-12-25 15:07 -------- d-----w- c:\users\snayak\AppData\Local\temp
2013-12-25 15:07 . 2013-12-25 15:07 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-12-25 15:07 . 2013-12-25 15:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-25 15:07 . 2013-12-25 15:07 -------- d-----w- c:\users\flsusaxs\AppData\Local\temp
2013-12-25 15:07 . 2013-12-25 15:07 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-12-25 14:33 . 2013-12-25 14:33 -------- d-----w- C:\TDSSKiller_Quarantine
2013-12-25 03:20 . 2013-12-25 03:20 -------- d-----w- C:\FRST
2013-12-22 15:38 . 2013-12-22 22:57 -------- d-----w- c:\users\snayak\AppData\Local\YldcPack
2013-12-13 21:03 . 2013-10-03 01:58 305152 ----a-w- c:\windows\system32\gdi32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 18:14 . 2012-06-12 03:13 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 18:14 . 2012-06-12 03:13 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2013-03-09 720064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-05 488816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 176408]
"FreeFallProtection"="c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704]
"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-23 1210640]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"AeXAgentLogon"="c:\program files\Altiris\Altiris Agent\AeXAgentActivate.exe" [2010-02-26 152872]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2012-08-15 215656]
"Communicator"="c:\program files\Microsoft Lync\communicator.exe" [2013-05-30 12107944]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2013-06-25 337440]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-2-7 840992]
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1459056]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2012-5-23 50688]
Snagit 11.lnk - c:\program files\TechSmith\Snagit 11\Snagit32.exe [2012-5-16 9063352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ    kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp
.
R1 WebMail_;WebMail_;c:\windows\system32\WebMail_.sys [2012-06-01 77760]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-03 81920]
R2 BackWeb Plug-in - 9684826;Passport_Direct;c:\program files\Passport_Direct\9684826\Program\ServiceWrapper-9684826.exe [2013-04-24 24615]
R2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-01-20 388464]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2010-08-16 198000]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\Lotus\Notes\nsd.exe [2010-09-30 3405192]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe [2013-06-10 160800]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-09-25 160152]
R2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2011-04-28 1577376]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SSPREnrollService;SSPREnrollService;c:\program files\Passlogix\v-GO SSPR Client\SSPREnrollService.exe [2010-10-28 128952]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-01-19 2594584]
R2 WebMail;WebMail;c:\windows\system32\WebMail.exe [2012-06-01 933888]
R2 ZcfgSvc7;Intel® PROSet/Wireless ZeroConfig Service;c:\program files\Intel\WiFi\bin\ZCfgSvc7.exe [2010-12-23 577536]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-04-27 302120]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-04-27 33832]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 144576]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2013-01-22 64640]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 DwMirror;DwMirror;c:\windows\system32\DRIVERS\DamewareMini.sys [2007-02-07 3712]
R3 IgniteService;IgniteService;c:\program files\IgniteCDS\IgniteService.exe [2012-06-02 90464]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 132480]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 269824]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-09-25 87816]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-12-21 7434240]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7.sys [2011-01-04 60904]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]
R3 tcm;tcm;c:\windows\system32\drivers\tcm.sys [2009-04-17 12952]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-09-25 181968]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2011-07-16 17904]
S1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\DRIVERS\dwvkbd.sys [2007-02-15 26624]
S3 Acceler;Accelerometer Service;c:\windows\system32\drivers\accelern.sys [2011-07-22 44144]
S3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2011-09-22 41216]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7.sys [2011-01-04 62440]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\drivers\o2sdjw7.sys [2011-01-04 63848]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ    HsfXAudioService
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 16:19 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 18:14]
.
2013-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-16 13:46]
.
2013-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-16 13:46]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
Trusted Zone: cloudapp.net\ConversationTranslator
Trusted Zone: expedia.be
Trusted Zone: expedia.co.uk
Trusted Zone: expedia.com
Trusted Zone: expedia.de
Trusted Zone: expedia.es
Trusted Zone: expedia.fr
Trusted Zone: expedia.it
Trusted Zone: expedia.nl
Trusted Zone: flowstar.net
Trusted Zone: sumtotalsystems.com
TCP: DhcpNameServer = 192.168.1.1
Handler: bwfile-9684826 - {2DF0241D-8A6A-4E10-A11B-C2E432CF2A28} - c:\program files\Passport_Direct\9684826\Program\GAPlugProtocol-9684826.dll
DPF: {CEF002D2-5A9F-4656-AA41-85DA2534ACBD} - hxxp://ormdm2.flowserve.com/dwa85W.cab
FF - ProfilePath - c:\users\snayak\AppData\Roaming\Mozilla\Firefox\Profiles\79znsqch.default\
FF - prefs.js: browser.startup.homepage - hxxp://gssricew.flowserve.net:8004/OA_HTML/AppsLocalLogin.jsp
FF - ExtSQL: !HIDDEN! 1970-05-28 22:28; {395C2BBF-B747-D57B-B4FD-5DD52EB9E787}; -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-34786273.sys
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-25  09:09:07
ComboFix-quarantined-files.txt  2013-12-25 15:09
ComboFix2.txt  2012-06-09 13:20
.
Pre-Run: 229,387,313,152 bytes free
Post-Run: 230,710,837,248 bytes free
.
- - End Of File - - FB51B508FD178561D92B11AF72C5AECD
5C616939100B85E558DA92B899A0FC36


 



#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:38 AM

Posted 25 December 2013 - 01:39 PM

Please do this next:

icon11.gif  Execute TDSSKiller.exe again by doubleclicking on it.

  • When the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • This time let it delete or remove the \Device\Harddisk0\DR0 ( TDSS File System ) detection
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.

icon11.gif  You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information, C:FRST\Quarantine or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:
  • TDSSKiller log
  • MBAM log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 SN001

SN001
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 25 December 2013 - 10:50 PM

Hi RPMcMurphy,

 

Did the items as you wanted.  Please review logs below:

 

TDSSKiller.2.8.16.0_25.12.2013_16.23.52_log.txt:

 

16:23:52.0770 1836  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:23:52.0770 1836  ============================================================
16:23:52.0770 1836  Current date / time: 2013/12/25 16:23:52.0770
16:23:52.0770 1836  SystemInfo:
16:23:52.0770 1836 
16:23:52.0770 1836  OS Version: 6.1.7601 ServicePack: 1.0
16:23:52.0770 1836  Product type: Workstation
16:23:52.0770 1836  ComputerName: 4BRXBT1
16:23:52.0770 1836  UserName: snayak
16:23:52.0770 1836  Windows directory: C:\windows
16:23:52.0770 1836  System windows directory: C:\windows
16:23:52.0770 1836  Processor architecture: Intel x86
16:23:52.0770 1836  Number of processors: 4
16:23:52.0770 1836  Page size: 0x1000
16:23:52.0770 1836  Boot type: Safe boot
16:23:52.0770 1836  ============================================================
16:23:53.0129 1836  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:23:53.0129 1836  ============================================================
16:23:53.0129 1836  \Device\Harddisk0\DR0:
16:23:53.0129 1836  MBR partitions:
16:23:53.0129 1836  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x96000
16:23:53.0129 1836  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAA000, BlocksNum 0x25384000
16:23:53.0129 1836  ============================================================
16:23:53.0160 1836  C: <-> \Device\Harddisk0\DR0\Partition2
16:23:53.0160 1836  ============================================================
16:23:53.0160 1836  Initialize success
16:23:53.0160 1836  ============================================================
16:24:19.0603 0480  ============================================================
16:24:19.0603 0480  Scan started
16:24:19.0603 0480  Mode: Manual; TDLFS;
16:24:19.0603 0480  ============================================================
16:24:19.0837 0480  ================ Scan system memory ========================
16:24:19.0837 0480  System memory - ok
16:24:19.0837 0480  ================ Scan services =============================
16:24:20.0008 0480  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
16:24:20.0008 0480  1394ohci - ok
16:24:20.0071 0480  [ EDC50031D6AB9180B3B3BD1C547C7D0A ] Acceler         C:\windows\system32\drivers\accelern.sys
16:24:20.0086 0480  Acceler - ok
16:24:20.0102 0480  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\windows\system32\drivers\ACPI.sys
16:24:20.0102 0480  ACPI - ok
16:24:20.0149 0480  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
16:24:20.0149 0480  AcpiPmi - ok
16:24:20.0305 0480  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:24:20.0305 0480  AdobeARMservice - ok
16:24:20.0398 0480  [ 1BA1AB4141A92EB34DA99F1249CA2D4D ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:24:20.0398 0480  AdobeFlashPlayerUpdateSvc - ok
16:24:20.0461 0480  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
16:24:20.0461 0480  adp94xx - ok
16:24:20.0492 0480  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\windows\system32\drivers\adpahci.sys
16:24:20.0492 0480  adpahci - ok
16:24:20.0507 0480  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\windows\system32\drivers\adpu320.sys
16:24:20.0507 0480  adpu320 - ok
16:24:20.0539 0480  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
16:24:20.0539 0480  AeLookupSvc - ok
16:24:20.0601 0480  [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters     C:\Program Files\IDT\WDM\aestsrv.exe
16:24:20.0601 0480  AESTFilters - ok
16:24:20.0710 0480  [ 9203AD68320587889DDDDC0DF6648C29 ] AeXNSClient     C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
16:24:20.0710 0480  AeXNSClient - ok
16:24:20.0773 0480  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\windows\system32\drivers\afd.sys
16:24:20.0773 0480  AFD - ok
16:24:20.0819 0480  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\windows\system32\drivers\agp440.sys
16:24:20.0819 0480  agp440 - ok
16:24:20.0882 0480  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\windows\system32\drivers\djsvs.sys
16:24:20.0882 0480  aic78xx - ok
16:24:20.0944 0480  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\windows\System32\alg.exe
16:24:20.0944 0480  ALG - ok
16:24:20.0991 0480  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\windows\system32\drivers\aliide.sys
16:24:20.0991 0480  aliide - ok
16:24:21.0007 0480  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\windows\system32\drivers\amdagp.sys
16:24:21.0007 0480  amdagp - ok
16:24:21.0022 0480  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\windows\system32\drivers\amdide.sys
16:24:21.0022 0480  amdide - ok
16:24:21.0069 0480  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
16:24:21.0069 0480  AmdK8 - ok
16:24:21.0085 0480  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
16:24:21.0085 0480  AmdPPM - ok
16:24:21.0100 0480  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\windows\system32\drivers\amdsata.sys
16:24:21.0100 0480  amdsata - ok
16:24:21.0131 0480  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
16:24:21.0131 0480  amdsbs - ok
16:24:21.0163 0480  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\windows\system32\drivers\amdxata.sys
16:24:21.0163 0480  amdxata - ok
16:24:21.0225 0480  [ 9910A9C7D307A9E156D951248601C33E ] ApfiltrService  C:\windows\system32\DRIVERS\Apfiltr.sys
16:24:21.0225 0480  ApfiltrService - ok
16:24:21.0287 0480  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\windows\system32\drivers\appid.sys
16:24:21.0287 0480  AppID - ok
16:24:21.0350 0480  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\windows\System32\appidsvc.dll
16:24:21.0350 0480  AppIDSvc - ok
16:24:21.0365 0480  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\windows\System32\appinfo.dll
16:24:21.0365 0480  Appinfo - ok
16:24:21.0381 0480  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\windows\System32\appmgmts.dll
16:24:21.0381 0480  AppMgmt - ok
16:24:21.0428 0480  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\windows\system32\drivers\arc.sys
16:24:21.0428 0480  arc - ok
16:24:21.0443 0480  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\windows\system32\drivers\arcsas.sys
16:24:21.0443 0480  arcsas - ok
16:24:21.0599 0480  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:24:21.0599 0480  aspnet_state - ok
16:24:21.0646 0480  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
16:24:21.0646 0480  AsyncMac - ok
16:24:21.0724 0480  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\windows\system32\drivers\atapi.sys
16:24:21.0724 0480  atapi - ok
16:24:21.0771 0480  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
16:24:21.0787 0480  AudioEndpointBuilder - ok
16:24:21.0787 0480  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\windows\System32\Audiosrv.dll
16:24:21.0787 0480  Audiosrv - ok
16:24:21.0802 0480  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\windows\System32\AxInstSV.dll
16:24:21.0802 0480  AxInstSV - ok
16:24:21.0865 0480  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\windows\system32\drivers\bxvbdx.sys
16:24:21.0865 0480  b06bdrv - ok
16:24:21.0880 0480  [ 68FB5AF4534AA98B364EA585703D2456 ] b57nd60x        C:\windows\system32\DRIVERS\b57nd60x.sys
16:24:21.0880 0480  b57nd60x - ok
16:24:21.0958 0480  [ F50DC9ACB71E300DE43A440FFE060156 ] BackWeb Plug-in - 9684826 C:\Program Files\Passport_Direct\9684826\Program\ServiceWrapper-9684826.exe
16:24:21.0958 0480  BackWeb Plug-in - 9684826 - ok
16:24:22.0036 0480  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\windows\System32\bdesvc.dll
16:24:22.0036 0480  BDESVC - ok
16:24:22.0067 0480  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\windows\system32\drivers\Beep.sys
16:24:22.0067 0480  Beep - ok
16:24:22.0145 0480  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\windows\System32\bfe.dll
16:24:22.0145 0480  BFE - ok
16:24:22.0177 0480  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\windows\system32\qmgr.dll
16:24:22.0177 0480  BITS - ok
16:24:22.0208 0480  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\windows\system32\drivers\blbdrive.sys
16:24:22.0208 0480  blbdrive - ok
16:24:22.0208 0480  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
16:24:22.0208 0480  bowser - ok
16:24:22.0223 0480  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
16:24:22.0223 0480  BrFiltLo - ok
16:24:22.0239 0480  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
16:24:22.0239 0480  BrFiltUp - ok
16:24:22.0301 0480  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\windows\system32\DRIVERS\bridge.sys
16:24:22.0301 0480  BridgeMP - ok
16:24:22.0333 0480  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\windows\System32\browser.dll
16:24:22.0333 0480  Browser - ok
16:24:22.0379 0480  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\windows\System32\Drivers\Brserid.sys
16:24:22.0379 0480  Brserid - ok
16:24:22.0395 0480  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
16:24:22.0395 0480  BrSerWdm - ok
16:24:22.0411 0480  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
16:24:22.0411 0480  BrUsbMdm - ok
16:24:22.0426 0480  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
16:24:22.0426 0480  BrUsbSer - ok
16:24:22.0473 0480  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\windows\system32\DRIVERS\BthEnum.sys
16:24:22.0473 0480  BthEnum - ok
16:24:22.0489 0480  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
16:24:22.0489 0480  BTHMODEM - ok
16:24:22.0535 0480  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
16:24:22.0535 0480  BthPan - ok
16:24:22.0598 0480  [ C2FBF6D271D9A94D839C416BF186EAD9 ] BTHPORT         C:\windows\system32\Drivers\BTHport.sys
16:24:22.0598 0480  BTHPORT - ok
16:24:22.0660 0480  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\windows\system32\bthserv.dll
16:24:22.0660 0480  bthserv - ok
16:24:22.0691 0480  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\windows\system32\Drivers\BTHUSB.sys
16:24:22.0707 0480  BTHUSB - ok
16:24:22.0769 0480  [ 2A0DE6423D6BE95C96124FC66046176E ] BTWAMPFL        C:\windows\system32\DRIVERS\btwampfl.sys
16:24:22.0769 0480  BTWAMPFL - ok
16:24:22.0832 0480  [ CC0A5E69D19B5C1ECC6CF9BF3ACC3969 ] btwaudio        C:\windows\system32\drivers\btwaudio.sys
16:24:22.0832 0480  btwaudio - ok
16:24:22.0879 0480  [ 9ABEA4DC976E3F47DA2D4B169719CBAA ] btwavdt         C:\windows\system32\drivers\btwavdt.sys
16:24:22.0879 0480  btwavdt - ok
16:24:22.0941 0480  [ 2A6008A9511330B7864B30A8B455AD0A ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
16:24:22.0941 0480  btwdins - ok
16:24:22.0972 0480  [ C2C9AEB3F9525CBA2670D1F2BEB32A0A ] btwl2cap        C:\windows\system32\DRIVERS\btwl2cap.sys
16:24:22.0972 0480  btwl2cap - ok
16:24:22.0988 0480  [ 1E5468447E4D18FBEA5F01267D6495A5 ] btwrchid        C:\windows\system32\drivers\btwrchid.sys
16:24:22.0988 0480  btwrchid - ok
16:24:23.0175 0480  catchme - ok
16:24:23.0222 0480  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
16:24:23.0222 0480  cdfs - ok
16:24:23.0269 0480  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\windows\system32\drivers\cdrom.sys
16:24:23.0269 0480  cdrom - ok
16:24:23.0331 0480  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\windows\System32\certprop.dll
16:24:23.0331 0480  CertPropSvc - ok
16:24:23.0378 0480  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\windows\system32\drivers\circlass.sys
16:24:23.0378 0480  circlass - ok
16:24:23.0393 0480  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\windows\system32\CLFS.sys
16:24:23.0393 0480  CLFS - ok
16:24:23.0471 0480  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:24:23.0471 0480  clr_optimization_v2.0.50727_32 - ok
16:24:23.0534 0480  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:24:23.0534 0480  clr_optimization_v4.0.30319_32 - ok
16:24:23.0549 0480  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\windows\system32\drivers\CmBatt.sys
16:24:23.0549 0480  CmBatt - ok
16:24:23.0565 0480  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\windows\system32\drivers\cmdide.sys
16:24:23.0565 0480  cmdide - ok
16:24:23.0596 0480  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\windows\system32\Drivers\cng.sys
16:24:23.0596 0480  CNG - ok
16:24:23.0643 0480  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\windows\system32\drivers\compbatt.sys
16:24:23.0643 0480  Compbatt - ok
16:24:23.0674 0480  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
16:24:23.0674 0480  CompositeBus - ok
16:24:23.0690 0480  COMSysApp - ok
16:24:23.0705 0480  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
16:24:23.0705 0480  crcdisk - ok
16:24:23.0768 0480  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9 ] CryptSvc        C:\windows\system32\cryptsvc.dll
16:24:23.0768 0480  CryptSvc - ok
16:24:23.0799 0480  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\windows\system32\drivers\csc.sys
16:24:23.0799 0480  CSC - ok
16:24:23.0815 0480  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\windows\System32\cscsvc.dll
16:24:23.0830 0480  CscService - ok
16:24:23.0893 0480  [ 0F538DF1673E5216F3BAACB6911D9D0F ] CtAudDrv        C:\windows\system32\Drivers\CtAudDrv.sys
16:24:23.0893 0480  CtAudDrv - ok
16:24:23.0955 0480  [ AA52C0B88C46D5037809D05DD826C61E ] CtClsFlt        C:\windows\system32\DRIVERS\CtClsFlt.sys
16:24:23.0955 0480  CtClsFlt - ok
16:24:24.0017 0480  [ 57D1DFC27D7B830461CE1EFDDD8A6668 ] dc3d            C:\windows\system32\DRIVERS\dc3d.sys
16:24:24.0017 0480  dc3d - ok
16:24:24.0049 0480  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\windows\system32\rpcss.dll
16:24:24.0049 0480  DcomLaunch - ok
16:24:24.0080 0480  [ 658894A9500B789512E7F16C6F3A707D ] dcpsysmgrsvc    C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
16:24:24.0080 0480  dcpsysmgrsvc - ok
16:24:24.0111 0480  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\windows\System32\defragsvc.dll
16:24:24.0111 0480  defragsvc - ok
16:24:24.0158 0480  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
16:24:24.0158 0480  DfsC - ok
16:24:24.0220 0480  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\windows\system32\dhcpcore.dll
16:24:24.0220 0480  Dhcp - ok
16:24:24.0251 0480  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\windows\system32\drivers\discache.sys
16:24:24.0251 0480  discache - ok
16:24:24.0298 0480  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\windows\system32\drivers\disk.sys
16:24:24.0314 0480  Disk - ok
16:24:24.0314 0480  [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc           C:\windows\system32\drivers\dmvsc.sys
16:24:24.0314 0480  dmvsc - ok
16:24:24.0329 0480  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\windows\System32\dnsrslvr.dll
16:24:24.0329 0480  Dnscache - ok
16:24:24.0361 0480  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\windows\System32\dot3svc.dll
16:24:24.0361 0480  dot3svc - ok
16:24:24.0407 0480  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\windows\system32\dps.dll
16:24:24.0407 0480  DPS - ok
16:24:24.0454 0480  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
16:24:24.0454 0480  drmkaud - ok
16:24:24.0501 0480  [ 3338D8E7346F9E6FF1A65132E91569CD ] dsNcAdpt        C:\windows\system32\DRIVERS\dsNcAdpt.sys
16:24:24.0501 0480  dsNcAdpt - ok
16:24:24.0610 0480  [ B4361E9A6342C1E81A9B8F1AEDBE7A71 ] dsNcService     C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
16:24:24.0626 0480  dsNcService - ok
16:24:24.0688 0480  [ 383182215A2C238E76B86E3B5EDE40EB ] DwMirror        C:\windows\system32\DRIVERS\DamewareMini.sys
16:24:24.0688 0480  DwMirror - ok
16:24:24.0688 0480  DWMRCS - ok
16:24:24.0719 0480  [ 5A402C57F621114C99F813C6AE7BC37A ] dwvkbd          C:\windows\system32\DRIVERS\dwvkbd.sys
16:24:24.0719 0480  dwvkbd - ok
16:24:24.0766 0480  [ 71BC35067CABC02C9453AEAA42B2E43E ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
16:24:24.0766 0480  DXGKrnl - ok
16:24:24.0829 0480  [ CF0A6015F437161698C5B2A0A12CF052 ] e1express       C:\windows\system32\DRIVERS\e1e6032.sys
16:24:24.0829 0480  e1express - ok
16:24:24.0875 0480  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\windows\System32\eapsvc.dll
16:24:24.0875 0480  EapHost - ok
16:24:24.0985 0480  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\windows\system32\drivers\evbdx.sys
16:24:25.0000 0480  ebdrv - ok
16:24:25.0016 0480  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\windows\System32\lsass.exe
16:24:25.0016 0480  EFS - ok
16:24:25.0078 0480  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
16:24:25.0078 0480  ehRecvr - ok
16:24:25.0094 0480  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\windows\ehome\ehsched.exe
16:24:25.0094 0480  ehSched - ok
16:24:25.0125 0480  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\windows\system32\drivers\elxstor.sys
16:24:25.0125 0480  elxstor - ok
16:24:25.0156 0480  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\windows\system32\drivers\errdev.sys
16:24:25.0156 0480  ErrDev - ok
16:24:25.0219 0480  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\windows\system32\es.dll
16:24:25.0219 0480  EventSystem - ok
16:24:25.0328 0480  [ 816025E303A1DAE89E39D3D77CCBA2FB ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
16:24:25.0328 0480  EvtEng - ok
16:24:25.0359 0480  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\windows\system32\drivers\exfat.sys
16:24:25.0359 0480  exfat - ok
16:24:25.0375 0480  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\windows\system32\drivers\fastfat.sys
16:24:25.0375 0480  fastfat - ok
16:24:25.0421 0480  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\windows\system32\fxssvc.exe
16:24:25.0421 0480  Fax - ok
16:24:25.0453 0480  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\windows\system32\drivers\fdc.sys
16:24:25.0453 0480  fdc - ok
16:24:25.0468 0480  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\windows\system32\fdPHost.dll
16:24:25.0468 0480  fdPHost - ok
16:24:25.0484 0480  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\windows\system32\fdrespub.dll
16:24:25.0484 0480  FDResPub - ok
16:24:25.0499 0480  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
16:24:25.0499 0480  FileInfo - ok
16:24:25.0515 0480  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
16:24:25.0515 0480  Filetrace - ok
16:24:25.0531 0480  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
16:24:25.0531 0480  flpydisk - ok
16:24:25.0577 0480  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
16:24:25.0577 0480  FltMgr - ok
16:24:25.0624 0480  [ AE4A64971268FAC8AEA0D0EFCE06BBE8 ] FontCache       C:\windows\system32\FntCache.dll
16:24:25.0624 0480  FontCache - ok
16:24:25.0671 0480  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:24:25.0671 0480  FontCache3.0.0.0 - ok
16:24:25.0687 0480  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
16:24:25.0687 0480  FsDepends - ok
16:24:25.0702 0480  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
16:24:25.0702 0480  Fs_Rec - ok
16:24:25.0765 0480  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
16:24:25.0765 0480  fvevol - ok
16:24:25.0811 0480  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
16:24:25.0811 0480  gagp30kx - ok
16:24:25.0843 0480  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\windows\System32\gpsvc.dll
16:24:25.0843 0480  gpsvc - ok
16:24:25.0952 0480  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
16:24:25.0952 0480  gupdate - ok
16:24:25.0983 0480  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
16:24:25.0983 0480  gupdatem - ok
16:24:26.0014 0480  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:24:26.0014 0480  gusvc - ok
16:24:26.0045 0480  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
16:24:26.0045 0480  hcw85cir - ok
16:24:26.0077 0480  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
16:24:26.0077 0480  HdAudAddService - ok
16:24:26.0123 0480  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
16:24:26.0123 0480  HDAudBus - ok
16:24:26.0139 0480  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
16:24:26.0139 0480  HidBatt - ok
16:24:26.0155 0480  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\windows\system32\drivers\hidbth.sys
16:24:26.0155 0480  HidBth - ok
16:24:26.0201 0480  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\windows\system32\drivers\hidir.sys
16:24:26.0201 0480  HidIr - ok
16:24:26.0217 0480  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\windows\System32\hidserv.dll
16:24:26.0217 0480  hidserv - ok
16:24:26.0279 0480  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
16:24:26.0279 0480  HidUsb - ok
16:24:26.0311 0480  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\windows\system32\kmsvc.dll
16:24:26.0311 0480  hkmsvc - ok
16:24:26.0326 0480  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
16:24:26.0326 0480  HomeGroupListener - ok
16:24:26.0357 0480  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
16:24:26.0357 0480  HomeGroupProvider - ok
16:24:26.0373 0480  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
16:24:26.0373 0480  HpSAMD - ok
16:24:26.0420 0480  [ 210388FD8225B02BD83D77628AAE64A9 ] HsfXAudioService C:\windows\system32\XAudio32.dll
16:24:26.0435 0480  HsfXAudioService - ok
16:24:26.0467 0480  [ 227C3BA25012752BB7450235392C719F ] HSF_DPV         C:\windows\system32\DRIVERS\HSX_DPV.sys
16:24:26.0482 0480  HSF_DPV - ok
16:24:26.0482 0480  [ 4DF5C76302DC2F8F3465966C8426A292 ] HSXHWAZL        C:\windows\system32\DRIVERS\HSXHWAZL.sys
16:24:26.0482 0480  HSXHWAZL - ok
16:24:26.0513 0480  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\windows\system32\drivers\HTTP.sys
16:24:26.0513 0480  HTTP - ok
16:24:26.0529 0480  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
16:24:26.0529 0480  hwpolicy - ok
16:24:26.0576 0480  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
16:24:26.0576 0480  i8042prt - ok
16:24:26.0623 0480  [ F4037A3FEDB92DD97C95F320766EA5C9 ] iaStor          C:\windows\system32\drivers\iaStor.sys
16:24:26.0623 0480  iaStor - ok
16:24:26.0669 0480  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
16:24:26.0669 0480  iaStorV - ok
16:24:26.0716 0480  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:24:26.0732 0480  idsvc - ok
16:24:26.0888 0480  [ 721A8D48B2DC8C1C58C61CB948491EA8 ] igfx            C:\windows\system32\DRIVERS\igdkmd32.sys
16:24:26.0935 0480  igfx - ok
16:24:27.0028 0480  [ 2666C59704F8D5A5025B5E59F3BE0243 ] IgniteService   C:\Program Files\IgniteCDS\IgniteService.exe
16:24:27.0028 0480  IgniteService - ok
16:24:27.0044 0480  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\windows\system32\drivers\iirsp.sys
16:24:27.0044 0480  iirsp - ok
16:24:27.0106 0480  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\windows\System32\ikeext.dll
16:24:27.0106 0480  IKEEXT - ok
16:24:27.0137 0480  [ E3C36AC5AE87EC970AE8EA2A93D59AE1 ] Impcd           C:\windows\system32\drivers\Impcd.sys
16:24:27.0137 0480  Impcd - ok
16:24:27.0184 0480  [ 5576AD2F0039D2BCCCA3567FC0BF981C ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
16:24:27.0184 0480  IntcDAud - ok
16:24:27.0200 0480  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\windows\system32\drivers\intelide.sys
16:24:27.0200 0480  intelide - ok
16:24:27.0247 0480  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\windows\system32\drivers\intelppm.sys
16:24:27.0247 0480  intelppm - ok
16:24:27.0262 0480  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\windows\system32\ipbusenum.dll
16:24:27.0262 0480  IPBusEnum - ok
16:24:27.0278 0480  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
16:24:27.0278 0480  IpFilterDriver - ok
16:24:27.0340 0480  [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
16:24:27.0340 0480  iphlpsvc - ok
16:24:27.0356 0480  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
16:24:27.0356 0480  IPMIDRV - ok
16:24:27.0356 0480  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\windows\system32\drivers\ipnat.sys
16:24:27.0356 0480  IPNAT - ok
16:24:27.0387 0480  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\windows\system32\drivers\irenum.sys
16:24:27.0387 0480  IRENUM - ok
16:24:27.0418 0480  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\windows\system32\drivers\isapnp.sys
16:24:27.0418 0480  isapnp - ok
16:24:27.0418 0480  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
16:24:27.0418 0480  iScsiPrt - ok
16:24:27.0465 0480  [ C5318614D33FE697E8ADE7C030CA6F6F ] JuniperAccessService C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
16:24:27.0465 0480  JuniperAccessService - ok
16:24:27.0527 0480  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
16:24:27.0527 0480  kbdclass - ok
16:24:27.0574 0480  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
16:24:27.0574 0480  kbdhid - ok
16:24:27.0574 0480  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\windows\system32\lsass.exe
16:24:27.0574 0480  KeyIso - ok
16:24:27.0621 0480  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
16:24:27.0621 0480  KSecDD - ok
16:24:27.0652 0480  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
16:24:27.0652 0480  KSecPkg - ok
16:24:27.0683 0480  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\windows\system32\msdtckrm.dll
16:24:27.0699 0480  KtmRm - ok
16:24:27.0715 0480  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\windows\System32\srvsvc.dll
16:24:27.0715 0480  LanmanServer - ok
16:24:27.0746 0480  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
16:24:27.0746 0480  LanmanWorkstation - ok
16:24:27.0793 0480  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
16:24:27.0793 0480  lltdio - ok
16:24:27.0824 0480  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\windows\System32\lltdsvc.dll
16:24:27.0824 0480  lltdsvc - ok
16:24:27.0839 0480  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\windows\System32\lmhsvc.dll
16:24:27.0839 0480  lmhosts - ok
16:24:27.0902 0480  [ 103BE142566D66F8AE52C89FE9E92D2B ] LMS             C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
16:24:27.0902 0480  LMS - ok
16:24:28.0027 0480  [ 1BFDCC17FD8B06F92B048C615C17BF9F ] Lotus Notes Diagnostics C:\Program Files\Lotus\Notes\nsd.exe
16:24:28.0042 0480  Lotus Notes Diagnostics - ok
16:24:28.0105 0480  [ 71F607ABE2355FABEA9FB13E057AC050 ] Lotus Notes Single Logon C:\Program Files\Lotus\Notes\nslsvice.exe
16:24:28.0105 0480  Lotus Notes Single Logon - ok
16:24:28.0151 0480  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
16:24:28.0151 0480  LSI_FC - ok
16:24:28.0167 0480  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
16:24:28.0167 0480  LSI_SAS - ok
16:24:28.0183 0480  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
16:24:28.0183 0480  LSI_SAS2 - ok
16:24:28.0183 0480  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
16:24:28.0183 0480  LSI_SCSI - ok
16:24:28.0183 0480  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\windows\system32\drivers\luafv.sys
16:24:28.0183 0480  luafv - ok
16:24:28.0292 0480  [ 5CD34917C8D5943CB8B930916EB30992 ] McAfee SiteAdvisor Enterprise Service C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
16:24:28.0307 0480  McAfee SiteAdvisor Enterprise Service - ok
16:24:28.0385 0480  [ 114061CEBEDB149971B70E3B31B0026A ] McAfeeFramework C:\Program Files\McAfee\Common Framework\FrameworkService.exe
16:24:28.0385 0480  McAfeeFramework - ok
16:24:28.0463 0480  [ 5EE20E5D3E334F88862F0D491C1C1FC1 ] McShield        C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
16:24:28.0463 0480  McShield - ok
16:24:28.0510 0480  [ B15BB3AEF59158B4E1DDA5328C842713 ] McTaskManager   C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
16:24:28.0526 0480  McTaskManager - ok
16:24:28.0541 0480  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
16:24:28.0541 0480  Mcx2Svc - ok
16:24:28.0557 0480  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\windows\system32\DRIVERS\mdmxsdk.sys
16:24:28.0557 0480  mdmxsdk - ok
16:24:28.0573 0480  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\windows\system32\drivers\megasas.sys
16:24:28.0573 0480  megasas - ok
16:24:28.0619 0480  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
16:24:28.0619 0480  MegaSR - ok
16:24:28.0651 0480  [ 34A6E8BABFF9A3F5342976B9EA0E4899 ] MEI             C:\windows\system32\drivers\HECI.sys
16:24:28.0666 0480  MEI - ok
16:24:28.0713 0480  [ 1BB6E8053E826FEE1305DBE4BAA7B2DE ] mfeapfk         C:\windows\system32\drivers\mfeapfk.sys
16:24:28.0713 0480  mfeapfk - ok
16:24:28.0744 0480  [ 6D5C481CE10FAA9E53A5ED174990A8F4 ] mfeavfk         C:\windows\system32\drivers\mfeavfk.sys
16:24:28.0744 0480  mfeavfk - ok
16:24:28.0760 0480  [ 7F33DFB2CF397859B77FA3ACD3637910 ] mfebopk         C:\windows\system32\drivers\mfebopk.sys
16:24:28.0760 0480  mfebopk - ok
16:24:28.0807 0480  [ D127B9E0B26507528D9C5145F59820EA ] mfehidk         C:\windows\system32\drivers\mfehidk.sys
16:24:28.0807 0480  mfehidk - ok
16:24:28.0822 0480  [ 14B5C4051412064F2CDB766D01C50577 ] mferkdet        C:\windows\system32\drivers\mferkdet.sys
16:24:28.0822 0480  mferkdet - ok
16:24:28.0853 0480  [ 055F7C2F8BE4C6EFF8C0D0D9934E27F8 ] mfevtp          C:\windows\system32\mfevtps.exe
16:24:28.0853 0480  mfevtp - ok
16:24:28.0869 0480  [ A861530E89F0A3FA9C733DC22C597670 ] mfewfpk         C:\windows\system32\drivers\mfewfpk.sys
16:24:28.0869 0480  mfewfpk - ok
16:24:28.0947 0480  Microsoft SharePoint Workspace Audit Service - ok
16:24:28.0978 0480  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\windows\system32\mmcss.dll
16:24:28.0978 0480  MMCSS - ok
16:24:29.0009 0480  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\windows\system32\drivers\modem.sys
16:24:29.0009 0480  Modem - ok
16:24:29.0056 0480  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
16:24:29.0056 0480  monitor - ok
16:24:29.0103 0480  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
16:24:29.0103 0480  mouclass - ok
16:24:29.0181 0480  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
16:24:29.0181 0480  mouhid - ok
16:24:29.0197 0480  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
16:24:29.0197 0480  mountmgr - ok
16:24:29.0275 0480  [ 5E0686615A80A6279B2314E13CD23F6E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:24:29.0275 0480  MozillaMaintenance - ok
16:24:29.0306 0480  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\windows\system32\drivers\mpio.sys
16:24:29.0306 0480  mpio - ok
16:24:29.0353 0480  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
16:24:29.0353 0480  mpsdrv - ok
16:24:29.0399 0480  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\windows\system32\mpssvc.dll
16:24:29.0399 0480  MpsSvc - ok
16:24:29.0415 0480  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
16:24:29.0415 0480  MRxDAV - ok
16:24:29.0462 0480  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
16:24:29.0462 0480  mrxsmb - ok
16:24:29.0477 0480  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
16:24:29.0477 0480  mrxsmb10 - ok
16:24:29.0493 0480  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
16:24:29.0493 0480  mrxsmb20 - ok
16:24:29.0509 0480  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\windows\system32\drivers\msahci.sys
16:24:29.0509 0480  msahci - ok
16:24:29.0540 0480  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\windows\system32\drivers\msdsm.sys
16:24:29.0540 0480  msdsm - ok
16:24:29.0555 0480  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\windows\System32\msdtc.exe
16:24:29.0555 0480  MSDTC - ok
16:24:29.0602 0480  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\windows\system32\drivers\Msfs.sys
16:24:29.0602 0480  Msfs - ok
16:24:29.0618 0480  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
16:24:29.0618 0480  mshidkmdf - ok
16:24:29.0618 0480  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
16:24:29.0618 0480  msisadrv - ok
16:24:29.0665 0480  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
16:24:29.0665 0480  MSiSCSI - ok
16:24:29.0665 0480  msiserver - ok
16:24:29.0711 0480  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
16:24:29.0711 0480  MSKSSRV - ok
16:24:29.0836 0480  [ 1F8B16914DACB952959541A961B51940 ] msoidsvc        C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
16:24:29.0836 0480  msoidsvc - ok
16:24:29.0883 0480  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
16:24:29.0883 0480  MSPCLOCK - ok
16:24:29.0899 0480  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
16:24:29.0899 0480  MSPQM - ok
16:24:29.0914 0480  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
16:24:29.0914 0480  MsRPC - ok
16:24:29.0930 0480  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
16:24:29.0930 0480  mssmbios - ok
16:24:29.0945 0480  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
16:24:29.0945 0480  MSTEE - ok
16:24:29.0945 0480  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
16:24:29.0945 0480  MTConfig - ok
16:24:29.0961 0480  [ 218D58976C01C60657818ED0EAC81602 ] Multi-user Cleanup Service C:\Program Files\Lotus\Notes\ntmulti.exe
16:24:29.0961 0480  Multi-user Cleanup Service - ok
16:24:29.0977 0480  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\windows\system32\Drivers\mup.sys
16:24:29.0977 0480  Mup - ok
16:24:30.0039 0480  MySQL - ok
16:24:30.0070 0480  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\windows\system32\qagentRT.dll
16:24:30.0070 0480  napagent - ok
16:24:30.0117 0480  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
16:24:30.0117 0480  NativeWifiP - ok
16:24:30.0195 0480  [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS            C:\windows\system32\drivers\ndis.sys
16:24:30.0195 0480  NDIS - ok
16:24:30.0242 0480  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
16:24:30.0242 0480  NdisCap - ok
16:24:30.0242 0480  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
16:24:30.0242 0480  NdisTapi - ok
16:24:30.0304 0480  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
16:24:30.0304 0480  Ndisuio - ok
16:24:30.0304 0480  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
16:24:30.0304 0480  NdisWan - ok
16:24:30.0320 0480  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
16:24:30.0320 0480  NDProxy - ok
16:24:30.0367 0480  [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\windows\system32\HPZinw12.dll
16:24:30.0367 0480  Net Driver HPZ12 - ok
16:24:30.0382 0480  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
16:24:30.0382 0480  NetBIOS - ok
16:24:30.0398 0480  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
16:24:30.0398 0480  NetBT - ok
16:24:30.0413 0480  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\windows\system32\lsass.exe
16:24:30.0413 0480  Netlogon - ok
16:24:30.0460 0480  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\windows\System32\netman.dll
16:24:30.0460 0480  Netman - ok
16:24:30.0507 0480  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:24:30.0523 0480  NetMsmqActivator - ok
16:24:30.0538 0480  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:24:30.0538 0480  NetPipeActivator - ok
16:24:30.0569 0480  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\windows\System32\netprofm.dll
16:24:30.0585 0480  netprofm - ok
16:24:30.0601 0480  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:24:30.0601 0480  NetTcpActivator - ok
16:24:30.0601 0480  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:24:30.0601 0480  NetTcpPortSharing - ok
16:24:30.0741 0480  [ 814596469BBE40EF99CCFD582A375B83 ] NETwNs32        C:\windows\system32\DRIVERS\NETwNs32.sys
16:24:30.0788 0480  NETwNs32 - ok
16:24:30.0819 0480  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
16:24:30.0819 0480  nfrd960 - ok
16:24:30.0835 0480  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\windows\System32\nlasvc.dll
16:24:30.0835 0480  NlaSvc - ok
16:24:30.0866 0480  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\windows\system32\drivers\Npfs.sys
16:24:30.0866 0480  Npfs - ok
16:24:30.0928 0480  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\windows\system32\nsisvc.dll
16:24:30.0928 0480  nsi - ok
16:24:30.0928 0480  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
16:24:30.0928 0480  nsiproxy - ok
16:24:30.0975 0480  [ 81189C3D7763838E55C397759D49007A ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
16:24:30.0975 0480  Ntfs - ok
16:24:31.0053 0480  [ A82BB9014BEF0E4986C3DA610B3A25FE ] NuidFltr        C:\windows\system32\DRIVERS\NuidFltr.sys
16:24:31.0053 0480  NuidFltr - ok
16:24:31.0053 0480  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\windows\system32\drivers\Null.sys
16:24:31.0053 0480  Null - ok
16:24:31.0115 0480  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\windows\system32\drivers\nvraid.sys
16:24:31.0115 0480  nvraid - ok
16:24:31.0131 0480  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\windows\system32\drivers\nvstor.sys
16:24:31.0131 0480  nvstor - ok
16:24:31.0147 0480  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
16:24:31.0147 0480  nv_agp - ok
16:24:31.0193 0480  [ 4E37455DB16AEC75862B1D0BC35B589E ] O2FLASH         C:\windows\system32\DRIVERS\o2flash.exe
16:24:31.0193 0480  O2FLASH - ok
16:24:31.0240 0480  [ 5F63917FCC257ED11E828230BE594194 ] O2MDFRDR        C:\windows\system32\drivers\O2MDFw7.sys
16:24:31.0240 0480  O2MDFRDR - ok
16:24:31.0256 0480  [ FDC901900D9B1B671B3388C3023BD2EA ] O2MDRRDR        C:\windows\system32\drivers\O2MDRw7.sys
16:24:31.0256 0480  O2MDRRDR - ok
16:24:31.0256 0480  [ E9D663F929862C1CE266F74AC7259C6D ] O2SDJRDR        C:\windows\system32\drivers\o2sdjw7.sys
16:24:31.0256 0480  O2SDJRDR - ok
16:24:31.0334 0480  [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:24:31.0334 0480  odserv - ok
16:24:31.0349 0480  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
16:24:31.0349 0480  ohci1394 - ok
16:24:31.0396 0480  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:24:31.0396 0480  ose - ok
16:24:31.0490 0480  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:24:31.0521 0480  osppsvc - ok
16:24:31.0552 0480  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
16:24:31.0568 0480  p2pimsvc - ok
16:24:31.0615 0480  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\windows\system32\p2psvc.dll
16:24:31.0630 0480  p2psvc - ok
16:24:31.0677 0480  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\windows\system32\drivers\parport.sys
16:24:31.0677 0480  Parport - ok
16:24:31.0693 0480  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\windows\system32\drivers\partmgr.sys
16:24:31.0693 0480  partmgr - ok
16:24:31.0708 0480  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\windows\system32\drivers\parvdm.sys
16:24:31.0708 0480  Parvdm - ok
16:24:31.0724 0480  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\windows\System32\pcasvc.dll
16:24:31.0739 0480  PcaSvc - ok
16:24:31.0771 0480  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\windows\system32\drivers\pci.sys
16:24:31.0771 0480  pci - ok
16:24:31.0786 0480  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\windows\system32\drivers\pciide.sys
16:24:31.0786 0480  pciide - ok
16:24:31.0802 0480  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
16:24:31.0817 0480  pcmcia - ok
16:24:31.0833 0480  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\windows\system32\drivers\pcw.sys
16:24:31.0833 0480  pcw - ok
16:24:31.0895 0480  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\windows\system32\drivers\peauth.sys
16:24:31.0895 0480  PEAUTH - ok
16:24:31.0927 0480  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\windows\system32\peerdistsvc.dll
16:24:31.0927 0480  PeerDistSvc - ok
16:24:31.0989 0480  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\windows\system32\pla.dll
16:24:31.0989 0480  pla - ok
16:24:32.0051 0480  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\windows\system32\umpnpmgr.dll
16:24:32.0051 0480  PlugPlay - ok
16:24:32.0114 0480  [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\windows\system32\HPZipm12.dll
16:24:32.0114 0480  Pml Driver HPZ12 - ok
16:24:32.0129 0480  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
16:24:32.0129 0480  PNRPAutoReg - ok
16:24:32.0145 0480  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
16:24:32.0161 0480  PNRPsvc - ok
16:24:32.0207 0480  [ 226BAACBFA1BA1A4937935DBC23CB1CD ] Point32         C:\windows\system32\DRIVERS\point32.sys
16:24:32.0207 0480  Point32 - ok
16:24:32.0270 0480  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
16:24:32.0270 0480  PolicyAgent - ok
16:24:32.0285 0480  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\windows\system32\umpo.dll
16:24:32.0285 0480  Power - ok
16:24:32.0317 0480  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
16:24:32.0317 0480  PptpMiniport - ok
16:24:32.0332 0480  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\windows\system32\drivers\processr.sys
16:24:32.0332 0480  Processor - ok
16:24:32.0348 0480  [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc         C:\windows\system32\profsvc.dll
16:24:32.0348 0480  ProfSvc - ok
16:24:32.0363 0480  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
16:24:32.0363 0480  ProtectedStorage - ok
16:24:32.0426 0480  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\windows\system32\DRIVERS\pacer.sys
16:24:32.0426 0480  Psched - ok
16:24:32.0473 0480  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\windows\system32\Drivers\PxHelp20.sys
16:24:32.0473 0480  PxHelp20 - ok
16:24:32.0488 0480  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\windows\system32\drivers\ql2300.sys
16:24:32.0504 0480  ql2300 - ok
16:24:32.0519 0480  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
16:24:32.0519 0480  ql40xx - ok
16:24:32.0566 0480  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\windows\system32\qwave.dll
16:24:32.0566 0480  QWAVE - ok
16:24:32.0582 0480  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
16:24:32.0582 0480  QWAVEdrv - ok
16:24:32.0613 0480  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
16:24:32.0613 0480  RasAcd - ok
16:24:32.0629 0480  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
16:24:32.0629 0480  RasAgileVpn - ok
16:24:32.0660 0480  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\windows\System32\rasauto.dll
16:24:32.0660 0480  RasAuto - ok
16:24:32.0660 0480  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
16:24:32.0675 0480  Rasl2tp - ok
16:24:32.0675 0480  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\windows\System32\rasmans.dll
16:24:32.0675 0480  RasMan - ok
16:24:32.0691 0480  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
16:24:32.0691 0480  RasPppoe - ok
16:24:32.0707 0480  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
16:24:32.0707 0480  RasSstp - ok
16:24:32.0722 0480  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
16:24:32.0722 0480  rdbss - ok
16:24:32.0753 0480  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
16:24:32.0753 0480  rdpbus - ok
16:24:32.0785 0480  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
16:24:32.0785 0480  RDPCDD - ok
16:24:32.0785 0480  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\windows\system32\drivers\rdpdr.sys
16:24:32.0785 0480  RDPDR - ok
16:24:32.0831 0480  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
16:24:32.0831 0480  RDPENCDD - ok
16:24:32.0847 0480  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
16:24:32.0847 0480  RDPREFMP - ok
16:24:32.0878 0480  [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
16:24:32.0878 0480  RdpVideoMiniport - ok
16:24:32.0925 0480  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
16:24:32.0925 0480  RDPWD - ok
16:24:32.0972 0480  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
16:24:32.0972 0480  rdyboost - ok
16:24:33.0019 0480  [ B064FC671688A9A1C5F46AE06E87F70D ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
16:24:33.0019 0480  RegSrvc - ok
16:24:33.0050 0480  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\windows\System32\mprdim.dll
16:24:33.0050 0480  RemoteAccess - ok
16:24:33.0065 0480  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\windows\system32\regsvc.dll
16:24:33.0081 0480  RemoteRegistry - ok
16:24:33.0143 0480  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
16:24:33.0143 0480  RFCOMM - ok
16:24:33.0268 0480  [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
16:24:33.0268 0480  RoxMediaDB12OEM - ok
16:24:33.0284 0480  [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12      C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
16:24:33.0284 0480  RoxWatch12 - ok
16:24:33.0315 0480  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
16:24:33.0315 0480  RpcEptMapper - ok
16:24:33.0346 0480  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\windows\system32\locator.exe
16:24:33.0346 0480  RpcLocator - ok
16:24:33.0377 0480  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\windows\system32\rpcss.dll
16:24:33.0393 0480  RpcSs - ok
16:24:33.0455 0480  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
16:24:33.0455 0480  rspndr - ok
16:24:33.0487 0480  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\windows\system32\drivers\vms3cap.sys
16:24:33.0487 0480  s3cap - ok
16:24:33.0502 0480  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\windows\system32\lsass.exe
16:24:33.0502 0480  SamSs - ok
16:24:33.0549 0480  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
16:24:33.0549 0480  sbp2port - ok
16:24:33.0565 0480  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\windows\System32\SCardSvr.dll
16:24:33.0565 0480  SCardSvr - ok
16:24:33.0580 0480  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
16:24:33.0580 0480  scfilter - ok
16:24:33.0643 0480  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\windows\system32\schedsvc.dll
16:24:33.0658 0480  Schedule - ok
16:24:33.0674 0480  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\windows\System32\certprop.dll
16:24:33.0674 0480  SCPolicySvc - ok
16:24:33.0689 0480  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\windows\System32\SDRSVC.dll
16:24:33.0689 0480  SDRSVC - ok
16:24:33.0736 0480  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\windows\system32\drivers\secdrv.sys
16:24:33.0736 0480  secdrv - ok
16:24:33.0736 0480  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\windows\system32\seclogon.dll
16:24:33.0736 0480  seclogon - ok
16:24:33.0752 0480  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\windows\system32\sens.dll
16:24:33.0752 0480  SENS - ok
16:24:33.0767 0480  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\windows\system32\sensrsvc.dll
16:24:33.0767 0480  SensrSvc - ok
16:24:33.0799 0480  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
16:24:33.0799 0480  Serenum - ok
16:24:33.0814 0480  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\windows\system32\DRIVERS\serial.sys
16:24:33.0814 0480  Serial - ok
16:24:33.0845 0480  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\windows\system32\drivers\sermouse.sys
16:24:33.0845 0480  sermouse - ok
16:24:33.0861 0480  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\windows\system32\sessenv.dll
16:24:33.0861 0480  SessionEnv - ok
16:24:33.0877 0480  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
16:24:33.0877 0480  sffdisk - ok
16:24:33.0877 0480  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
16:24:33.0877 0480  sffp_mmc - ok
16:24:33.0908 0480  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
16:24:33.0908 0480  sffp_sd - ok
16:24:33.0923 0480  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
16:24:33.0923 0480  sfloppy - ok
16:24:33.0970 0480  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\windows\System32\ipnathlp.dll
16:24:33.0970 0480  SharedAccess - ok
16:24:33.0986 0480  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
16:24:33.0986 0480  ShellHWDetection - ok
16:24:34.0001 0480  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\windows\system32\drivers\sisagp.sys
16:24:34.0001 0480  sisagp - ok
16:24:34.0064 0480  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
16:24:34.0064 0480  SiSRaid2 - ok
16:24:34.0079 0480  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
16:24:34.0079 0480  SiSRaid4 - ok
16:24:34.0111 0480  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\windows\system32\DRIVERS\smb.sys
16:24:34.0111 0480  Smb - ok
16:24:34.0157 0480  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
16:24:34.0157 0480  SNMPTRAP - ok
16:24:34.0173 0480  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\windows\system32\drivers\spldr.sys
16:24:34.0173 0480  spldr - ok
16:24:34.0235 0480  [ 866A43013535DC8587C258E43579C764 ] Spooler         C:\windows\System32\spoolsv.exe
16:24:34.0235 0480  Spooler - ok
16:24:34.0298 0480  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\windows\system32\sppsvc.exe
16:24:34.0313 0480  sppsvc - ok
16:24:34.0329 0480  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\windows\system32\sppuinotify.dll
16:24:34.0329 0480  sppuinotify - ok
16:24:34.0360 0480  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\windows\system32\DRIVERS\srv.sys
16:24:34.0360 0480  srv - ok
16:24:34.0360 0480  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\windows\system32\DRIVERS\srv2.sys
16:24:34.0360 0480  srv2 - ok
16:24:34.0376 0480  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
16:24:34.0376 0480  srvnet - ok
16:24:34.0407 0480  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
16:24:34.0407 0480  SSDPSRV - ok
16:24:34.0469 0480  [ 32DBFFBC1401D24C093FD3DB2BC69EE7 ] SSPREnrollService C:\Program Files\Passlogix\v-GO SSPR Client\SSPREnrollService.exe
16:24:34.0469 0480  SSPREnrollService - ok
16:24:34.0485 0480  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\windows\system32\sstpsvc.dll
16:24:34.0501 0480  SstpSvc - ok
16:24:34.0547 0480  [ A97FCA92BE4E62BC589371058CBC769E ] STacSV          C:\Program Files\IDT\WDM\STacSV.exe
16:24:34.0547 0480  STacSV - ok
16:24:34.0563 0480  [ D8FC8D47FBFCB3852E40F5D5058ABC6A ] stdcfltn        C:\windows\system32\DRIVERS\stdcfltn.sys
16:24:34.0563 0480  stdcfltn - ok
16:24:34.0610 0480  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\windows\system32\drivers\stexstor.sys
16:24:34.0610 0480  stexstor - ok
16:24:34.0657 0480  [ D5D73B49D53FCC47E2828D6805DFA0F6 ] STHDA           C:\windows\system32\DRIVERS\stwrt.sys
16:24:34.0657 0480  STHDA - ok
16:24:34.0688 0480  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\windows\System32\wiaservc.dll
16:24:34.0688 0480  StiSvc - ok
16:24:34.0735 0480  [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
16:24:34.0735 0480  stllssvr - ok
16:24:34.0750 0480  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\windows\system32\drivers\vmstorfl.sys
16:24:34.0750 0480  storflt - ok
16:24:34.0766 0480  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\windows\system32\storsvc.dll
16:24:34.0781 0480  StorSvc - ok
16:24:34.0813 0480  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\windows\system32\drivers\storvsc.sys
16:24:34.0813 0480  storvsc - ok
16:24:34.0828 0480  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\windows\system32\drivers\swenum.sys
16:24:34.0828 0480  swenum - ok
16:24:34.0859 0480  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\windows\System32\swprv.dll
16:24:34.0859 0480  swprv - ok
16:24:34.0875 0480  [ F2AD8960812FD111E20E84659EF19D43 ] Synth3dVsc      C:\windows\system32\drivers\Synth3dVsc.sys
16:24:34.0875 0480  Synth3dVsc - ok
16:24:34.0906 0480  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\windows\system32\sysmain.dll
16:24:34.0922 0480  SysMain - ok
16:24:34.0922 0480  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
16:24:34.0922 0480  TabletInputService - ok
16:24:34.0937 0480  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\windows\System32\tapisrv.dll
16:24:34.0953 0480  TapiSrv - ok
16:24:34.0969 0480  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\windows\System32\tbssvc.dll
16:24:34.0969 0480  TBS - ok
16:24:34.0984 0480  [ 5150FB0F8DFE5353B15FD7D017112A4E ] tcm             C:\windows\system32\drivers\tcm.sys
16:24:34.0984 0480  tcm - ok
16:24:35.0031 0480  [ 4E8B9BE71B807B3BAEDB7F4243F85E3C ] Tcpip           C:\windows\system32\drivers\tcpip.sys
16:24:35.0031 0480  Tcpip - ok
16:24:35.0093 0480  [ 4E8B9BE71B807B3BAEDB7F4243F85E3C ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
16:24:35.0109 0480  TCPIP6 - ok
16:24:35.0125 0480  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
16:24:35.0125 0480  tcpipreg - ok
16:24:35.0140 0480  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
16:24:35.0140 0480  TDPIPE - ok
16:24:35.0171 0480  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
16:24:35.0171 0480  TDTCP - ok
16:24:35.0187 0480  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
16:24:35.0187 0480  tdx - ok
16:24:35.0187 0480  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\windows\system32\drivers\termdd.sys
16:24:35.0187 0480  TermDD - ok
16:24:35.0203 0480  [ 052306FD76793D5D5AB5D9891FD1ADBB ] terminpt        C:\windows\system32\drivers\terminpt.sys
16:24:35.0203 0480  terminpt - ok
16:24:35.0234 0480  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\windows\System32\termsrv.dll
16:24:35.0234 0480  TermService - ok
16:24:35.0249 0480  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\windows\system32\themeservice.dll
16:24:35.0249 0480  Themes - ok
16:24:35.0265 0480  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\windows\system32\mmcss.dll
16:24:35.0265 0480  THREADORDER - ok
16:24:35.0281 0480  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\windows\System32\trkwks.dll
16:24:35.0281 0480  TrkWks - ok
16:24:35.0327 0480  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
16:24:35.0327 0480  TrustedInstaller - ok
16:24:35.0359 0480  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
16:24:35.0359 0480  tssecsrv - ok
16:24:35.0374 0480  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
16:24:35.0374 0480  TsUsbFlt - ok
16:24:35.0405 0480  [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
16:24:35.0405 0480  TsUsbGD - ok
16:24:35.0405 0480  [ 045ACB987C650D8186C6B4A692223860 ] tsusbhub        C:\windows\system32\drivers\tsusbhub.sys
16:24:35.0405 0480  tsusbhub - ok
16:24:35.0468 0480  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
16:24:35.0468 0480  tunnel - ok
16:24:35.0483 0480  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\windows\system32\drivers\uagp35.sys
16:24:35.0483 0480  uagp35 - ok
16:24:35.0499 0480  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\windows\system32\DRIVERS\udfs.sys
16:24:35.0499 0480  udfs - ok
16:24:35.0515 0480  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\windows\system32\UI0Detect.exe
16:24:35.0515 0480  UI0Detect - ok
16:24:35.0561 0480  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
16:24:35.0561 0480  uliagpkx - ok
16:24:35.0608 0480  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\windows\system32\DRIVERS\umbus.sys
16:24:35.0608 0480  umbus - ok
16:24:35.0639 0480  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\windows\system32\drivers\umpass.sys
16:24:35.0639 0480  UmPass - ok
16:24:35.0671 0480  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\windows\System32\umrdp.dll
16:24:35.0671 0480  UmRdpService - ok
16:24:35.0780 0480  [ 6B778A47EB9CE430708AC42980BB712C ] UNS             C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
16:24:35.0795 0480  UNS - ok
16:24:35.0811 0480  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\windows\System32\upnphost.dll
16:24:35.0811 0480  upnphost - ok
16:24:35.0827 0480  [ 7E72E7D7E0757D59481D530FD2B0BFAE ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
16:24:35.0827 0480  usbccgp - ok
16:24:35.0858 0480  [ 2352AB5F9F8F097BF9D41D5A4718A041 ] usbcir          C:\windows\system32\drivers\usbcir.sys
16:24:35.0858 0480  usbcir - ok
16:24:35.0873 0480  [ CFBCE999C057D78979A181C9C60F208E ] usbehci         C:\windows\system32\drivers\usbehci.sys
16:24:35.0873 0480  usbehci - ok
16:24:35.0920 0480  [ 9D22AAD9AC6A07C691A1113E5F860868 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
16:24:35.0920 0480  usbhub - ok
16:24:35.0951 0480  [ DCDF9855145A14DFCA0AB32308871961 ] usbohci         C:\windows\system32\drivers\usbohci.sys
16:24:35.0951 0480  usbohci - ok
16:24:35.0983 0480  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\windows\system32\drivers\usbprint.sys
16:24:35.0983 0480  usbprint - ok
16:24:35.0998 0480  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
16:24:35.0998 0480  USBSTOR - ok
16:24:36.0014 0480  [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
16:24:36.0014 0480  usbuhci - ok
16:24:36.0076 0480  [ DE014425522610BEDCA3821BB8C0F1D5 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
16:24:36.0076 0480  usbvideo - ok
16:24:36.0107 0480  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\windows\System32\uxsms.dll
16:24:36.0107 0480  UxSms - ok
16:24:36.0123 0480  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\windows\system32\lsass.exe
16:24:36.0123 0480  VaultSvc - ok
16:24:36.0170 0480  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
16:24:36.0170 0480  vdrvroot - ok
16:24:36.0170 0480  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\windows\System32\vds.exe
16:24:36.0185 0480  vds - ok
16:24:36.0201 0480  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
16:24:36.0201 0480  vga - ok
16:24:36.0232 0480  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\windows\System32\drivers\vga.sys
16:24:36.0232 0480  VgaSave - ok
16:24:36.0248 0480  VGPU - ok
16:24:36.0279 0480  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
16:24:36.0279 0480  vhdmp - ok
16:24:36.0310 0480  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\windows\system32\drivers\viaagp.sys
16:24:36.0310 0480  viaagp - ok
16:24:36.0341 0480  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\windows\system32\drivers\viac7.sys
16:24:36.0341 0480  ViaC7 - ok
16:24:36.0357 0480  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\windows\system32\drivers\viaide.sys
16:24:36.0357 0480  viaide - ok
16:24:36.0357 0480  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\windows\system32\drivers\vmbus.sys
16:24:36.0357 0480  vmbus - ok
16:24:36.0373 0480  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\windows\system32\drivers\VMBusHID.sys
16:24:36.0373 0480  VMBusHID - ok
16:24:36.0388 0480  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\windows\system32\drivers\volmgr.sys
16:24:36.0388 0480  volmgr - ok
16:24:36.0404 0480  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
16:24:36.0419 0480  volmgrx - ok
16:24:36.0419 0480  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\windows\system32\drivers\volsnap.sys
16:24:36.0419 0480  volsnap - ok
16:24:36.0482 0480  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
16:24:36.0482 0480  vsmraid - ok
16:24:36.0529 0480  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\windows\system32\vssvc.exe
16:24:36.0529 0480  VSS - ok
16:24:36.0544 0480  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
16:24:36.0544 0480  vwifibus - ok
16:24:36.0560 0480  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
16:24:36.0560 0480  vwififlt - ok
16:24:36.0591 0480  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\windows\system32\w32time.dll
16:24:36.0591 0480  W32Time - ok
16:24:36.0607 0480  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\windows\system32\drivers\wacompen.sys
16:24:36.0607 0480  WacomPen - ok
16:24:36.0653 0480  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
16:24:36.0653 0480  WANARP - ok
16:24:36.0653 0480  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
16:24:36.0653 0480  Wanarpv6 - ok
16:24:36.0685 0480  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\windows\system32\wbengine.exe
16:24:36.0685 0480  wbengine - ok
16:24:36.0700 0480  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
16:24:36.0700 0480  WbioSrvc - ok
16:24:36.0716 0480  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\windows\System32\wcncsvc.dll
16:24:36.0731 0480  wcncsvc - ok
16:24:36.0747 0480  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
16:24:36.0747 0480  WcsPlugInService - ok
16:24:36.0763 0480  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\windows\system32\drivers\wd.sys
16:24:36.0763 0480  Wd - ok
16:24:36.0809 0480  [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM         C:\windows\system32\DRIVERS\wdcsam.sys
16:24:36.0809 0480  WDC_SAM - ok
16:24:36.0841 0480  [ 25944D2CC49E0A6C581D02A74B7D6645 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
16:24:36.0856 0480  Wdf01000 - ok
16:24:36.0872 0480  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\windows\system32\wdi.dll
16:24:36.0872 0480  WdiServiceHost - ok
16:24:36.0872 0480  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\windows\system32\wdi.dll
16:24:36.0872 0480  WdiSystemHost - ok
16:24:36.0887 0480  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\windows\System32\webclnt.dll
16:24:36.0887 0480  WebClient - ok
16:24:36.0903 0480  WebMail - ok
16:24:36.0919 0480  [ 5A1C0CFDC7C68BF6E13E58ABD60C1E98 ] WebMail_        C:\windows\system32\WebMail_.sys
16:24:36.0919 0480  WebMail_ - ok
16:24:36.0934 0480  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\windows\system32\wecsvc.dll
16:24:36.0934 0480  Wecsvc - ok
16:24:36.0950 0480  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\windows\System32\wercplsupport.dll
16:24:36.0950 0480  wercplsupport - ok
16:24:36.0997 0480  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\windows\System32\WerSvc.dll
16:24:36.0997 0480  WerSvc - ok
16:24:37.0043 0480  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
16:24:37.0043 0480  WfpLwf - ok
16:24:37.0059 0480  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\windows\system32\drivers\wimmount.sys
16:24:37.0075 0480  WIMMount - ok
16:24:37.0137 0480  [ 8B976D4CA270110111DF4F313DA0E6E8 ] winachsf        C:\windows\system32\DRIVERS\HSX_CNXT.sys
16:24:37.0137 0480  winachsf - ok
16:24:37.0215 0480  [ 082CF481F659FAE0DE51AD060881EB47 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
16:24:37.0215 0480  WinDefend - ok
16:24:37.0215 0480  WinHttpAutoProxySvc - ok
16:24:37.0262 0480  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
16:24:37.0262 0480  Winmgmt - ok
16:24:37.0293 0480  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\windows\system32\WsmSvc.dll
16:24:37.0309 0480  WinRM - ok
16:24:37.0324 0480  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\windows\system32\DRIVERS\WinUSB.sys
16:24:37.0324 0480  WinUsb - ok
16:24:37.0355 0480  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\windows\System32\wlansvc.dll
16:24:37.0355 0480  Wlansvc - ok
16:24:37.0418 0480  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
16:24:37.0418 0480  WmiAcpi - ok
16:24:37.0433 0480  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
16:24:37.0433 0480  wmiApSrv - ok
16:24:37.0480 0480  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
16:24:37.0496 0480  WMPNetworkSvc - ok
16:24:37.0496 0480  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\windows\System32\wpcsvc.dll
16:24:37.0496 0480  WPCSvc - ok
16:24:37.0527 0480  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
16:24:37.0527 0480  WPDBusEnum - ok
16:24:37.0558 0480  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
16:24:37.0558 0480  ws2ifsl - ok
16:24:37.0558 0480  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\windows\system32\wscsvc.dll
16:24:37.0558 0480  wscsvc - ok
16:24:37.0558 0480  WSearch - ok
16:24:37.0621 0480  [ 3026418A50C5B4761BEFA632CEDB7406 ] wuauserv        C:\windows\system32\wuaueng.dll
16:24:37.0621 0480  wuauserv - ok
16:24:37.0636 0480  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
16:24:37.0636 0480  WudfPf - ok
16:24:37.0667 0480  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
16:24:37.0667 0480  WUDFRd - ok
16:24:37.0699 0480  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
16:24:37.0699 0480  wudfsvc - ok
16:24:37.0730 0480  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\windows\System32\wwansvc.dll
16:24:37.0730 0480  WwanSvc - ok
16:24:37.0745 0480  [ 894F963BE999BA9DB5AAC3AED55B115D ] XAudio          C:\windows\system32\DRIVERS\XAudio32.sys
16:24:37.0745 0480  XAudio - ok
16:24:37.0777 0480  [ 4F5D56FF81B8C0294E22DCC62136F253 ] ZcfgSvc7        C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
16:24:37.0777 0480  ZcfgSvc7 - ok
16:24:37.0808 0480  ================ Scan global ===============================
16:24:37.0839 0480  [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
16:24:37.0870 0480  [ 51BB04243DF6196C06E125898127E397 ] C:\windows\system32\winsrv.dll
16:24:37.0870 0480  [ 51BB04243DF6196C06E125898127E397 ] C:\windows\system32\winsrv.dll
16:24:37.0901 0480  [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
16:24:37.0917 0480  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
16:24:37.0917 0480  [Global] - ok
16:24:37.0917 0480  ================ Scan MBR ==================================
16:24:37.0933 0480  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
16:24:38.0213 0480  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
16:24:38.0213 0480  \Device\Harddisk0\DR0 - detected TDSS File System (1)
16:24:38.0213 0480  ================ Scan VBR ==================================
16:24:38.0229 0480  [ 59BF55052728478FB0305887F0EC817C ] \Device\Harddisk0\DR0\Partition1
16:24:38.0229 0480  \Device\Harddisk0\DR0\Partition1 - ok
16:24:38.0245 0480  [ 2B48A20B9E67398236FF9C18F0045952 ] \Device\Harddisk0\DR0\Partition2
16:24:38.0260 0480  \Device\Harddisk0\DR0\Partition2 - ok
16:24:38.0260 0480  ============================================================
16:24:38.0260 0480  Scan finished
16:24:38.0260 0480  ============================================================
16:24:38.0276 1572  Detected object count: 1
16:24:38.0276 1572  Actual detected object count: 1
16:25:48.0133 1572  \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
16:25:48.0148 1572  \Device\Harddisk0\DR0\TDLFS\cmd32.dll - copied to quarantine
16:25:48.0148 1572  \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
16:25:48.0164 1572  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
16:25:48.0179 1572  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
16:25:48.0179 1572  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
16:25:48.0179 1572  \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
16:25:48.0179 1572  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
16:25:48.0195 1572  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
16:25:48.0195 1572  \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
16:25:48.0195 1572  \Device\Harddisk0\DR0\TDLFS\ns - copied to quarantine
16:25:48.0569 1572  \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
16:25:48.0569 1572  \Device\Harddisk0\DR0\TDLFS - deleted
16:25:48.0569 1572  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
16:26:02.0734 0544  Deinitialize success

 

TDSSKiller.2.8.16.0_25.12.2013_16.26.13_log.txt:

 

16:26:13.0093 1956  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:26:13.0093 1956  ============================================================
16:26:13.0093 1956  Current date / time: 2013/12/25 16:26:13.0093
16:26:13.0093 1956  SystemInfo:
16:26:13.0093 1956 
16:26:13.0093 1956  OS Version: 6.1.7601 ServicePack: 1.0
16:26:13.0093 1956  Product type: Workstation
16:26:13.0093 1956  ComputerName: 4BRXBT1
16:26:13.0093 1956  UserName: snayak
16:26:13.0093 1956  Windows directory: C:\windows
16:26:13.0093 1956  System windows directory: C:\windows
16:26:13.0093 1956  Processor architecture: Intel x86
16:26:13.0093 1956  Number of processors: 4
16:26:13.0093 1956  Page size: 0x1000
16:26:13.0093 1956  Boot type: Safe boot
16:26:13.0093 1956  ============================================================
16:26:13.0436 1956  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:26:13.0436 1956  ============================================================
16:26:13.0436 1956  \Device\Harddisk0\DR0:
16:26:13.0436 1956  MBR partitions:
16:26:13.0436 1956  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x96000
16:26:13.0436 1956  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAA000, BlocksNum 0x25384000
16:26:13.0436 1956  ============================================================
16:26:13.0467 1956  C: <-> \Device\Harddisk0\DR0\Partition2
16:26:13.0467 1956  ============================================================
16:26:13.0467 1956  Initialize success
16:26:13.0467 1956  ============================================================
16:26:23.0014 1652  Deinitialize success

 

mbam-log-2013-12-25 (16-30-59).txt:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.25.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
snayak :: 4BRXBT1 [administrator]

12/25/2013 4:30:59 PM
mbam-log-2013-12-25 (16-30-59).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 535720
Time elapsed: 1 hour(s), 42 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Mozilla\Firefox\extensions|{336D0C35-8A85-403a-B9D2-65C292C39087} (PUP.Optional.Incredibar) -> Data: C:\Program Files\Web Assistant\Firefox -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


 



#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:38 AM

Posted 25 December 2013 - 11:33 PM

How is your computer running now?  Please do this next:
 
icon11.gif  Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.  Please go to www.java.com and press the "Free Java Download" button near the center of the page.  Follow the prompts to install the latest version. Once it completes a web page should open that will verify that you have the latest version.  Below that is a box with a link to remove older, insecure versions.  Click that and follow the prompts.
 
icon11.gif  Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  •  
    Please include the following in your next post:
    • How is the computer running now?
  • ESET log

  • Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #9 SN001

    SN001
    • Topic Starter

    • Members
    • 8 posts
    • OFFLINE
    •  
    • Local time:01:38 AM

    Posted 26 December 2013 - 07:59 PM

    Hi RPMcMurphy,

     

    Some of my company's products are not certified to work with the latest Java version.  So I will not be able to update to the latest.  We are aware of the risks.

     

    I did run ESET exactly as you specified.  It took long to finish, therefore the delay.  Its exported text output is pasted below:

     

    C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar-4_4_0_setup.exe Win32/Toolbar.Widgi application
    C:\TDSSKiller_Quarantine\25.12.2013_08.30.33\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.BG trojan
    C:\TDSSKiller_Quarantine\25.12.2013_16.23.52\tdlfs0000\tsk0002.dta Win64/Olmarik.BG trojan
     

    The computer appears to be working fine.  I did a few things that I normally do and all of it seems to work fine.

     

    Thanks for your assistance!

     

    I have a couple of questions:

    1) What is to be done with the files pointed out by ESET?

    2) There are a few directories still existing, which got created during the malware removal process.  They are -

    C:\Quarantine

    C:\TDSSKiller_Quarantine

    C:\Qoobox

    C:\FRST

    Can these directories be deleted?  Are they harmful if kept the way they are?

     

    Thanks again!



    #10 RPMcMurphy

    RPMcMurphy

      Bleeping *^#@%~


    • Malware Response Team
    • 3,970 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:03:38 AM

    Posted 26 December 2013 - 08:24 PM

    There is nothing concerning in that ESET log.  It detected PDF Creator because of the toolbar it comes packaged with. If you find the program useful feel free to keep it, otherwise simply uninstall it like you would any other application.  The other two detections are in the TDSSKiller quarantine and will be removed by this last set of instructions.  Those other directories you questioned should also be removed by these steps, (if not you may manually delete them):

    icon11.gif  Uninstall ComboFix

    • Press the Windows key + R on your keyboard or click Start -> Run.  Copy and past the following text into the run box that opens and press OK:
      Combofix /Uninstall

    Combofix_uninstall_image.jpg

    icon11.gif  Delete the following tools along with any other logs you saved from our work:
    • DDS
    • FRST (You may also delete the c:\FRST folder)
    • TDSSKiller

    icon11.gif  Download OTC to your desktop and run it
    • Click Yes to begin the cleanup process and remove these components, including this application.
    • You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.
    • Manually delete any remaining logs or tools from our fixes

    icon11.gif  Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
    • Restart any anti-malware programs that we disabled while we were cleaning your machine.
    • Keep your antivirus application and MBAM current and updated.  Scan with them at least weekly.
    • Please read this post for some helpful information.

    Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!


    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #11 SN001

    SN001
    • Topic Starter

    • Members
    • 8 posts
    • OFFLINE
    •  
    • Local time:01:38 AM

    Posted 27 December 2013 - 09:55 AM

    Hi RPMcMurphy,

     

    I reviewed your post and performed the tasks as mentioned.

    Thanks for the information and all the help.

    Please close this thread.



    #12 RPMcMurphy

    RPMcMurphy

      Bleeping *^#@%~


    • Malware Response Team
    • 3,970 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:03:38 AM

    Posted 27 December 2013 - 11:34 AM

    You're welcome, SN001.  Take care!


    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #13 RPMcMurphy

    RPMcMurphy

      Bleeping *^#@%~


    • Malware Response Team
    • 3,970 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:03:38 AM

    Posted 28 December 2013 - 11:13 AM

    It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users