Jump to content

helpmeplease1

Members
  • Posts

    13
  • Joined

  • Last visited

Everything posted by helpmeplease1

  1. ESET SCAN REPORT ------------------------------------------ C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GO5Y9JPZ\kittyflix_com[1].htm HTML/ScrInject.B.Gen virus C:\TDSSKiller_Quarantine\08.07.2012_22.07.46\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan C:\TDSSKiller_Quarantine\08.07.2012_22.07.46\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan C:\TDSSKiller_Quarantine\08.07.2012_22.07.46\mbr0000\tdlfs0000\tsk0009.dta a variant of Win32/Olmarik.AYI trojan
  2. (1) log from MBAM - see bleow (2) Report from Hijackthis - see below (3) do not seem to have any issues (4) no issues as in the past ================================ LOG FROM MBAM ---------------------------------------------------- Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.12.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 ebhandari :: EBHANDARI-GNNB [administrator] 7/12/2012 3:19:53 PM mbam-log-2012-07-12 (15-19-53).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 299779 Time elapsed: 3 minute(s), 54 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ========================================== Report from Hijackthis -------------------------------------------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 3:27:01 PM, on 7/12/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16447) Boot mode: Normal Running processes: C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\SysWOW64\RunDll32.exe C:\Program Files (x86)\Microsoft Lync\communicator.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe C:\Program Files (x86)\McAfee\Common Framework\McTray.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClientUI.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\Microsoft Lync\UcMapi.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Microsoft Office\Office14\NAMECONTROLSERVER.EXE C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe C:\Program Files (x86)\Java\jre6\bin\java.exe C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\ebhandari\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://graceland/Pages/Home.aspx R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Gracenote, Inc. R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Lync add-on BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111228165507.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://oracleweb.webex.com/client/WBXclient-T27L10NSP31-13320/webex/ieatgpc1.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gracenote.gracenote.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gracenote.gracenote.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.grace O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = gracenote.gracenote.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.grace O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.grace O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: BES Client (BESClient) - Unknown owner - C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe (file missing) O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: Track-It! Workstation Manager (TIRmtSvc) - Numara Software, Inc. - C:\WINDOWS\TIREMOTE\TIRemoteService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 15443 bytes
  3. TDSSKiller detected no threat. Btw after rebooting I have not received the "Host Process for Windows Tasks has stopped working" message =============================== TDSSKILLER REPORT -------------------------------------------------- 10:41:11.0833 3796 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35 10:41:12.0379 3796 ============================================================ 10:41:12.0379 3796 Current date / time: 2012/07/11 10:41:12.0379 10:41:12.0379 3796 SystemInfo: 10:41:12.0379 3796 10:41:12.0379 3796 OS Version: 6.1.7601 ServicePack: 1.0 10:41:12.0379 3796 Product type: Workstation 10:41:12.0379 3796 ComputerName: EBHANDARI-GNNB 10:41:12.0379 3796 UserName: ebhandari 10:41:12.0379 3796 Windows directory: C:\Windows 10:41:12.0379 3796 System windows directory: C:\Windows 10:41:12.0379 3796 Running under WOW64 10:41:12.0379 3796 Processor architecture: Intel x64 10:41:12.0379 3796 Number of processors: 4 10:41:12.0379 3796 Page size: 0x1000 10:41:12.0379 3796 Boot type: Normal boot 10:41:12.0379 3796 ============================================================ 10:41:12.0878 3796 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 10:41:12.0878 3796 ============================================================ 10:41:12.0878 3796 \Device\Harddisk0\DR0: 10:41:12.0878 3796 MBR partitions: 10:41:12.0878 3796 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 10:41:12.0878 3796 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353030 10:41:12.0878 3796 ============================================================ 10:41:12.0910 3796 C: <-> \Device\Harddisk0\DR0\Partition1 10:41:12.0910 3796 ============================================================ 10:41:12.0910 3796 Initialize success 10:41:12.0910 3796 ============================================================ 10:41:15.0187 4244 ============================================================ 10:41:15.0187 4244 Scan started 10:41:15.0187 4244 Mode: Manual; 10:41:15.0187 4244 ============================================================ 10:41:16.0201 4244 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 10:41:16.0201 4244 1394ohci - ok 10:41:16.0529 4244 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe 10:41:16.0591 4244 ACDaemon - ok 10:41:16.0997 4244 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 10:41:16.0997 4244 ACPI - ok 10:41:17.0106 4244 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 10:41:17.0106 4244 AcpiPmi - ok 10:41:17.0496 4244 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 10:41:17.0496 4244 AdobeFlashPlayerUpdateSvc - ok 10:41:17.0746 4244 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 10:41:17.0746 4244 adp94xx - ok 10:41:17.0948 4244 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 10:41:17.0948 4244 adpahci - ok 10:41:18.0073 4244 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 10:41:18.0073 4244 adpu320 - ok 10:41:18.0198 4244 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 10:41:18.0198 4244 AeLookupSvc - ok 10:41:18.0526 4244 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 10:41:18.0526 4244 AFD - ok 10:41:18.0557 4244 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 10:41:18.0557 4244 agp440 - ok 10:41:18.0588 4244 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 10:41:18.0588 4244 ALG - ok 10:41:18.0650 4244 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 10:41:18.0650 4244 aliide - ok 10:41:18.0666 4244 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 10:41:18.0666 4244 amdide - ok 10:41:18.0682 4244 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 10:41:18.0682 4244 AmdK8 - ok 10:41:18.0728 4244 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 10:41:18.0728 4244 AmdPPM - ok 10:41:18.0775 4244 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 10:41:18.0775 4244 amdsata - ok 10:41:18.0838 4244 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 10:41:18.0838 4244 amdsbs - ok 10:41:18.0931 4244 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 10:41:18.0931 4244 amdxata - ok 10:41:19.0150 4244 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 10:41:19.0150 4244 AppID - ok 10:41:19.0274 4244 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 10:41:19.0290 4244 AppIDSvc - ok 10:41:19.0415 4244 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 10:41:19.0415 4244 Appinfo - ok 10:41:19.0758 4244 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 10:41:19.0758 4244 Apple Mobile Device - ok 10:41:20.0070 4244 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll 10:41:20.0070 4244 AppMgmt - ok 10:41:20.0117 4244 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 10:41:20.0117 4244 arc - ok 10:41:20.0148 4244 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 10:41:20.0148 4244 arcsas - ok 10:41:20.0367 4244 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 10:41:20.0491 4244 aspnet_state - ok 10:41:20.0585 4244 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 10:41:20.0585 4244 AsyncMac - ok 10:41:20.0694 4244 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 10:41:20.0694 4244 atapi - ok 10:41:21.0053 4244 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 10:41:21.0162 4244 AudioEndpointBuilder - ok 10:41:21.0162 4244 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 10:41:21.0162 4244 AudioSrv - ok 10:41:21.0225 4244 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 10:41:21.0256 4244 AxInstSV - ok 10:41:21.0490 4244 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 10:41:21.0490 4244 b06bdrv - ok 10:41:21.0708 4244 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 10:41:21.0708 4244 b57nd60a - ok 10:41:21.0864 4244 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 10:41:21.0880 4244 BDESVC - ok 10:41:21.0911 4244 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 10:41:21.0911 4244 Beep - ok 10:41:23.0097 4244 BESClient (cbdc51c584fd4a6bbd06727d82a11428) C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe 10:41:23.0221 4244 BESClient - ok 10:41:24.0064 4244 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 10:41:24.0204 4244 BFE - ok 10:41:25.0171 4244 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll 10:41:25.0187 4244 BITS - ok 10:41:25.0281 4244 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 10:41:25.0281 4244 blbdrive - ok 10:41:25.0437 4244 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 10:41:25.0437 4244 Bonjour Service - ok 10:41:25.0468 4244 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 10:41:25.0468 4244 bowser - ok 10:41:25.0499 4244 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 10:41:25.0499 4244 BrFiltLo - ok 10:41:25.0515 4244 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 10:41:25.0530 4244 BrFiltUp - ok 10:41:25.0561 4244 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 10:41:25.0561 4244 BridgeMP - ok 10:41:25.0764 4244 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 10:41:25.0827 4244 Browser - ok 10:41:26.0263 4244 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 10:41:26.0263 4244 Brserid - ok 10:41:26.0388 4244 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 10:41:26.0388 4244 BrSerWdm - ok 10:41:26.0451 4244 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 10:41:26.0451 4244 BrUsbMdm - ok 10:41:26.0482 4244 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 10:41:26.0482 4244 BrUsbSer - ok 10:41:26.0638 4244 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys 10:41:26.0638 4244 BthEnum - ok 10:41:26.0809 4244 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 10:41:26.0809 4244 BTHMODEM - ok 10:41:26.0887 4244 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 10:41:26.0887 4244 BthPan - ok 10:41:27.0293 4244 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys 10:41:27.0309 4244 BTHPORT - ok 10:41:27.0449 4244 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 10:41:27.0465 4244 bthserv - ok 10:41:27.0574 4244 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys 10:41:27.0574 4244 BTHUSB - ok 10:41:27.0870 4244 btwampfl (59e3510784548c6939c1b3b985c232e3) C:\Windows\system32\drivers\btwampfl.sys 10:41:27.0886 4244 btwampfl - ok 10:41:28.0042 4244 btwaudio (1872074ed0a3fb22e3f1e3197b984bfa) C:\Windows\system32\drivers\btwaudio.sys 10:41:28.0042 4244 btwaudio - ok 10:41:28.0135 4244 btwavdt (691cf076c33ab1c3a5b2fd5450300733) C:\Windows\system32\DRIVERS\btwavdt.sys 10:41:28.0135 4244 btwavdt - ok 10:41:28.0588 4244 btwdins (8ba6e93a182126781952a7895ec1e4b2) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 10:41:28.0603 4244 btwdins - ok 10:41:28.0650 4244 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys 10:41:28.0650 4244 btwl2cap - ok 10:41:28.0666 4244 btwrchid (c9273b20dec8ce38dbce5d29de63c907) C:\Windows\system32\DRIVERS\btwrchid.sys 10:41:28.0666 4244 btwrchid - ok 10:41:28.0697 4244 catchme - ok 10:41:28.0713 4244 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 10:41:28.0713 4244 cdfs - ok 10:41:28.0744 4244 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 10:41:28.0744 4244 cdrom - ok 10:41:28.0791 4244 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 10:41:28.0822 4244 CertPropSvc - ok 10:41:28.0853 4244 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 10:41:28.0853 4244 circlass - ok 10:41:29.0165 4244 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 10:41:29.0165 4244 CLFS - ok 10:41:29.0430 4244 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 10:41:29.0446 4244 clr_optimization_v2.0.50727_32 - ok 10:41:29.0555 4244 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 10:41:29.0555 4244 clr_optimization_v2.0.50727_64 - ok 10:41:29.0805 4244 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 10:41:30.0148 4244 clr_optimization_v4.0.30319_32 - ok 10:41:30.0257 4244 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 10:41:30.0273 4244 clr_optimization_v4.0.30319_64 - ok 10:41:30.0304 4244 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 10:41:30.0304 4244 CmBatt - ok 10:41:30.0320 4244 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 10:41:30.0320 4244 cmdide - ok 10:41:30.0366 4244 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 10:41:30.0366 4244 CNG - ok 10:41:30.0429 4244 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 10:41:30.0429 4244 Compbatt - ok 10:41:30.0491 4244 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 10:41:30.0491 4244 CompositeBus - ok 10:41:30.0507 4244 COMSysApp - ok 10:41:30.0507 4244 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 10:41:30.0507 4244 crcdisk - ok 10:41:30.0554 4244 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 10:41:30.0585 4244 CryptSvc - ok 10:41:30.0632 4244 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys 10:41:30.0632 4244 CSC - ok 10:41:30.0788 4244 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll 10:41:30.0803 4244 CscService - ok 10:41:30.0850 4244 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys 10:41:30.0850 4244 CVirtA - ok 10:41:31.0146 4244 CVPND (66257cb4e4fb69887cddc71663741435) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe 10:41:31.0162 4244 CVPND - ok 10:41:31.0443 4244 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys 10:41:31.0443 4244 CVPNDRVA - ok 10:41:31.0505 4244 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 10:41:31.0505 4244 DcomLaunch - ok 10:41:31.0661 4244 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 10:41:31.0677 4244 defragsvc - ok 10:41:31.0708 4244 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 10:41:31.0708 4244 DfsC - ok 10:41:31.0786 4244 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 10:41:31.0802 4244 Dhcp - ok 10:41:31.0895 4244 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 10:41:31.0895 4244 discache - ok 10:41:31.0973 4244 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 10:41:31.0973 4244 Disk - ok 10:41:32.0036 4244 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys 10:41:32.0036 4244 DNE - ok 10:41:32.0082 4244 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 10:41:32.0114 4244 Dnscache - ok 10:41:32.0238 4244 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 10:41:32.0285 4244 dot3svc - ok 10:41:32.0316 4244 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 10:41:32.0316 4244 DPS - ok 10:41:32.0363 4244 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 10:41:32.0363 4244 drmkaud - ok 10:41:32.0566 4244 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 10:41:32.0582 4244 DXGKrnl - ok 10:41:32.0628 4244 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 10:41:32.0628 4244 EapHost - ok 10:41:33.0424 4244 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 10:41:33.0440 4244 ebdrv - ok 10:41:33.0611 4244 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 10:41:33.0611 4244 EFS - ok 10:41:33.0814 4244 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 10:41:33.0861 4244 ehRecvr - ok 10:41:33.0892 4244 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 10:41:33.0892 4244 ehSched - ok 10:41:34.0064 4244 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 10:41:34.0064 4244 elxstor - ok 10:41:34.0110 4244 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 10:41:34.0110 4244 ErrDev - ok 10:41:34.0251 4244 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 10:41:34.0266 4244 EventSystem - ok 10:41:34.0407 4244 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 10:41:34.0407 4244 exfat - ok 10:41:34.0438 4244 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 10:41:34.0438 4244 fastfat - ok 10:41:34.0734 4244 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 10:41:34.0734 4244 Fax - ok 10:41:34.0781 4244 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 10:41:34.0781 4244 fdc - ok 10:41:34.0859 4244 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 10:41:34.0875 4244 fdPHost - ok 10:41:34.0937 4244 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 10:41:34.0937 4244 FDResPub - ok 10:41:34.0984 4244 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 10:41:34.0984 4244 FileInfo - ok 10:41:35.0062 4244 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 10:41:35.0062 4244 Filetrace - ok 10:41:35.0093 4244 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 10:41:35.0093 4244 flpydisk - ok 10:41:35.0265 4244 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 10:41:35.0265 4244 FltMgr - ok 10:41:35.0514 4244 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 10:41:35.0530 4244 FontCache - ok 10:41:35.0592 4244 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 10:41:35.0608 4244 FontCache3.0.0.0 - ok 10:41:35.0639 4244 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 10:41:35.0639 4244 FsDepends - ok 10:41:35.0670 4244 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 10:41:35.0670 4244 Fs_Rec - ok 10:41:35.0811 4244 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 10:41:35.0811 4244 fvevol - ok 10:41:35.0858 4244 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 10:41:35.0858 4244 gagp30kx - ok 10:41:35.0889 4244 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 10:41:35.0889 4244 GEARAspiWDM - ok 10:41:36.0107 4244 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 10:41:36.0138 4244 gpsvc - ok 10:41:36.0372 4244 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 10:41:36.0372 4244 gupdate - ok 10:41:36.0404 4244 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 10:41:36.0404 4244 gupdatem - ok 10:41:36.0435 4244 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 10:41:36.0435 4244 gusvc - ok 10:41:36.0466 4244 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 10:41:36.0466 4244 hcw85cir - ok 10:41:36.0513 4244 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 10:41:36.0513 4244 HdAudAddService - ok 10:41:36.0638 4244 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 10:41:36.0638 4244 HDAudBus - ok 10:41:36.0669 4244 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys 10:41:36.0669 4244 HECIx64 - ok 10:41:36.0684 4244 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 10:41:36.0684 4244 HidBatt - ok 10:41:36.0716 4244 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 10:41:36.0716 4244 HidBth - ok 10:41:36.0731 4244 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 10:41:36.0731 4244 HidIr - ok 10:41:36.0747 4244 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 10:41:36.0747 4244 hidserv - ok 10:41:36.0778 4244 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 10:41:36.0778 4244 HidUsb - ok 10:41:36.0825 4244 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 10:41:36.0840 4244 hkmsvc - ok 10:41:36.0996 4244 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 10:41:37.0028 4244 HomeGroupListener - ok 10:41:37.0137 4244 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 10:41:37.0137 4244 HomeGroupProvider - ok 10:41:37.0199 4244 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 10:41:37.0199 4244 HpSAMD - ok 10:41:37.0262 4244 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 10:41:37.0262 4244 HTTP - ok 10:41:37.0277 4244 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 10:41:37.0277 4244 hwpolicy - ok 10:41:37.0308 4244 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 10:41:37.0324 4244 i8042prt - ok 10:41:37.0355 4244 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys 10:41:37.0371 4244 iaStor - ok 10:41:37.0511 4244 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe 10:41:37.0511 4244 IAStorDataMgrSvc - ok 10:41:37.0589 4244 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 10:41:37.0605 4244 iaStorV - ok 10:41:37.0698 4244 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 10:41:37.0745 4244 idsvc - ok 10:41:37.0839 4244 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 10:41:37.0839 4244 iirsp - ok 10:41:37.0901 4244 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 10:41:37.0964 4244 IKEEXT - ok 10:41:37.0995 4244 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys 10:41:37.0995 4244 Impcd - ok 10:41:38.0416 4244 IntcAzAudAddService (26407a11d7e222afb7ce32700abbd9d1) C:\Windows\system32\drivers\RTKVHD64.sys 10:41:38.0432 4244 IntcAzAudAddService - ok 10:41:38.0666 4244 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 10:41:38.0666 4244 intelide - ok 10:41:38.0728 4244 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 10:41:38.0728 4244 intelppm - ok 10:41:38.0900 4244 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe 10:41:38.0900 4244 IntuitUpdateServiceV4 - ok 10:41:38.0962 4244 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 10:41:38.0962 4244 IPBusEnum - ok 10:41:39.0009 4244 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 10:41:39.0024 4244 IpFilterDriver - ok 10:41:39.0258 4244 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 10:41:39.0274 4244 iphlpsvc - ok 10:41:39.0321 4244 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 10:41:39.0321 4244 IPMIDRV - ok 10:41:39.0508 4244 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 10:41:39.0508 4244 IPNAT - ok 10:41:39.0789 4244 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe 10:41:39.0789 4244 iPod Service - ok 10:41:39.0836 4244 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 10:41:39.0836 4244 IRENUM - ok 10:41:39.0882 4244 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 10:41:39.0882 4244 isapnp - ok 10:41:39.0992 4244 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 10:41:39.0992 4244 iScsiPrt - ok 10:41:40.0054 4244 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 10:41:40.0054 4244 kbdclass - ok 10:41:40.0085 4244 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 10:41:40.0085 4244 kbdhid - ok 10:41:40.0101 4244 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 10:41:40.0101 4244 KeyIso - ok 10:41:40.0194 4244 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 10:41:40.0194 4244 KSecDD - ok 10:41:40.0273 4244 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 10:41:40.0273 4244 KSecPkg - ok 10:41:40.0319 4244 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 10:41:40.0319 4244 ksthunk - ok 10:41:40.0366 4244 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 10:41:40.0382 4244 KtmRm - ok 10:41:40.0553 4244 L1C (033b4aed2c5519072c0d81e00804d003) C:\Windows\system32\DRIVERS\L1C62x64.sys 10:41:40.0553 4244 L1C - ok 10:41:40.0631 4244 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll 10:41:40.0678 4244 LanmanServer - ok 10:41:40.0709 4244 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 10:41:40.0741 4244 LanmanWorkstation - ok 10:41:40.0772 4244 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 10:41:40.0772 4244 lltdio - ok 10:41:40.0850 4244 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 10:41:40.0865 4244 lltdsvc - ok 10:41:40.0943 4244 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 10:41:40.0943 4244 lmhosts - ok 10:41:41.0084 4244 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 10:41:41.0084 4244 LSI_FC - ok 10:41:41.0209 4244 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 10:41:41.0209 4244 LSI_SAS - ok 10:41:41.0271 4244 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 10:41:41.0271 4244 LSI_SAS2 - ok 10:41:41.0302 4244 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 10:41:41.0302 4244 LSI_SCSI - ok 10:41:41.0333 4244 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 10:41:41.0333 4244 luafv - ok 10:41:41.0552 4244 McAfeeFramework (3ef9511390f9106dd8cf0747baeb335c) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe 10:41:41.0552 4244 McAfeeFramework - ok 10:41:41.0661 4244 McShield (00315dc847778d65728197b63803b523) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe 10:41:41.0661 4244 McShield - ok 10:41:41.0755 4244 McTaskManager (b15bb3aef59158b4e1dda5328c842713) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe 10:41:41.0755 4244 McTaskManager - ok 10:41:41.0848 4244 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 10:41:41.0911 4244 Mcx2Svc - ok 10:41:41.0942 4244 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 10:41:41.0957 4244 megasas - ok 10:41:41.0989 4244 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 10:41:41.0989 4244 MegaSR - ok 10:41:42.0129 4244 mfeapfk (0d121a46e0148a3bc941fa3bb0269329) C:\Windows\system32\drivers\mfeapfk.sys 10:41:42.0129 4244 mfeapfk - ok 10:41:42.0191 4244 mfeavfk (93f251905c028809ffb49f95a63fcbc9) C:\Windows\system32\drivers\mfeavfk.sys 10:41:42.0191 4244 mfeavfk - ok 10:41:42.0207 4244 mfeavfk01 - ok 10:41:42.0269 4244 mfehidk (a282a937127ea7b15eb85559e59ae576) C:\Windows\system32\drivers\mfehidk.sys 10:41:42.0269 4244 mfehidk - ok 10:41:42.0285 4244 mferkdet (04d7e0e2a48730a1c535837f105e6352) C:\Windows\system32\drivers\mferkdet.sys 10:41:42.0285 4244 mferkdet - ok 10:41:42.0425 4244 mfevtp (45f1580c7c9f49a68b72ef2ccefef3a3) C:\Windows\system32\mfevtps.exe 10:41:42.0425 4244 mfevtp - ok 10:41:42.0503 4244 mfewfpk (325dd1031cfd71bd4d8afdb1faaf3bea) C:\Windows\system32\drivers\mfewfpk.sys 10:41:42.0503 4244 mfewfpk - ok 10:41:42.0613 4244 Microsoft SharePoint Workspace Audit Service - ok 10:41:42.0628 4244 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 10:41:42.0628 4244 MMCSS - ok 10:41:42.0675 4244 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 10:41:42.0675 4244 Modem - ok 10:41:42.0722 4244 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 10:41:42.0722 4244 monitor - ok 10:41:42.0753 4244 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 10:41:42.0753 4244 mouclass - ok 10:41:42.0784 4244 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 10:41:42.0784 4244 mouhid - ok 10:41:42.0815 4244 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 10:41:42.0815 4244 mountmgr - ok 10:41:42.0862 4244 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 10:41:42.0862 4244 mpio - ok 10:41:42.0956 4244 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 10:41:42.0956 4244 mpsdrv - ok 10:41:43.0065 4244 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 10:41:43.0112 4244 MpsSvc - ok 10:41:43.0143 4244 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 10:41:43.0143 4244 MRxDAV - ok 10:41:43.0159 4244 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 10:41:43.0159 4244 mrxsmb - ok 10:41:43.0190 4244 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 10:41:43.0205 4244 mrxsmb10 - ok 10:41:43.0268 4244 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 10:41:43.0268 4244 mrxsmb20 - ok 10:41:43.0315 4244 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 10:41:43.0315 4244 msahci - ok 10:41:43.0424 4244 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 10:41:43.0424 4244 msdsm - ok 10:41:43.0471 4244 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 10:41:43.0471 4244 MSDTC - ok 10:41:43.0502 4244 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 10:41:43.0502 4244 Msfs - ok 10:41:43.0517 4244 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 10:41:43.0517 4244 mshidkmdf - ok 10:41:43.0533 4244 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 10:41:43.0533 4244 msisadrv - ok 10:41:43.0673 4244 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 10:41:43.0673 4244 MSiSCSI - ok 10:41:43.0673 4244 msiserver - ok 10:41:43.0736 4244 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 10:41:43.0736 4244 MSKSSRV - ok 10:41:43.0736 4244 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 10:41:43.0736 4244 MSPCLOCK - ok 10:41:43.0736 4244 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 10:41:43.0736 4244 MSPQM - ok 10:41:43.0783 4244 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 10:41:43.0783 4244 MsRPC - ok 10:41:43.0814 4244 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 10:41:43.0829 4244 mssmbios - ok 10:41:43.0829 4244 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 10:41:43.0829 4244 MSTEE - ok 10:41:43.0892 4244 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 10:41:43.0892 4244 MTConfig - ok 10:41:43.0954 4244 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 10:41:43.0954 4244 Mup - ok 10:41:44.0001 4244 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 10:41:44.0001 4244 napagent - ok 10:41:44.0079 4244 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 10:41:44.0079 4244 NativeWifiP - ok 10:41:44.0282 4244 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 10:41:44.0297 4244 NDIS - ok 10:41:44.0329 4244 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 10:41:44.0329 4244 NdisCap - ok 10:41:44.0344 4244 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 10:41:44.0344 4244 NdisTapi - ok 10:41:44.0375 4244 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 10:41:44.0375 4244 Ndisuio - ok 10:41:44.0407 4244 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 10:41:44.0407 4244 NdisWan - ok 10:41:44.0500 4244 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 10:41:44.0500 4244 NDProxy - ok 10:41:44.0516 4244 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 10:41:44.0516 4244 NetBIOS - ok 10:41:44.0547 4244 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 10:41:44.0547 4244 NetBT - ok 10:41:44.0594 4244 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 10:41:44.0594 4244 Netlogon - ok 10:41:44.0672 4244 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 10:41:44.0687 4244 Netman - ok 10:41:44.0797 4244 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 10:41:44.0890 4244 NetMsmqActivator - ok 10:41:44.0921 4244 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 10:41:44.0921 4244 NetPipeActivator - ok 10:41:44.0968 4244 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 10:41:44.0968 4244 netprofm - ok 10:41:44.0984 4244 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 10:41:44.0984 4244 NetTcpActivator - ok 10:41:44.0999 4244 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 10:41:44.0999 4244 NetTcpPortSharing - ok 10:41:45.0998 4244 NETw5s64 (18555f48844c2861d9dce8f2b7223ae5) C:\Windows\system32\DRIVERS\NETw5s64.sys 10:41:46.0107 4244 NETw5s64 - ok 10:41:46.0279 4244 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 10:41:46.0279 4244 nfrd960 - ok 10:41:46.0419 4244 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 10:41:46.0419 4244 NlaSvc - ok 10:41:46.0481 4244 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 10:41:46.0481 4244 Npfs - ok 10:41:46.0513 4244 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 10:41:46.0528 4244 nsi - ok 10:41:46.0575 4244 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 10:41:46.0575 4244 nsiproxy - ok 10:41:46.0856 4244 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 10:41:46.0871 4244 Ntfs - ok 10:41:47.0074 4244 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 10:41:47.0074 4244 Null - ok 10:41:47.0121 4244 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys 10:41:47.0121 4244 NVHDA - ok 10:41:49.0071 4244 nvlddmkm (69ff3b6f43817da715824ca79742dec5) C:\Windows\system32\DRIVERS\nvlddmkm.sys 10:41:49.0133 4244 nvlddmkm - ok 10:41:49.0352 4244 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 10:41:49.0367 4244 nvraid - ok 10:41:49.0445 4244 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 10:41:49.0445 4244 nvstor - ok 10:41:49.0617 4244 nvsvc (799ac71b5dabda9955f7043a083ec611) C:\Windows\system32\nvvsvc.exe 10:41:49.0648 4244 nvsvc - ok 10:41:50.0288 4244 nvUpdatusService (a2422cba523e9b297d02dd140bc672f0) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 10:41:50.0288 4244 nvUpdatusService - ok 10:41:50.0553 4244 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 10:41:50.0553 4244 nv_agp - ok 10:41:50.0647 4244 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 10:41:50.0647 4244 ohci1394 - ok 10:41:50.0725 4244 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 10:41:50.0787 4244 ose - ok 10:41:51.0271 4244 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 10:41:51.0333 4244 osppsvc - ok 10:41:51.0567 4244 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 10:41:51.0567 4244 p2pimsvc - ok 10:41:51.0723 4244 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 10:41:51.0739 4244 p2psvc - ok 10:41:51.0770 4244 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 10:41:51.0770 4244 Parport - ok 10:41:51.0801 4244 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 10:41:51.0801 4244 partmgr - ok 10:41:51.0817 4244 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 10:41:51.0817 4244 PcaSvc - ok 10:41:51.0848 4244 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 10:41:51.0848 4244 pci - ok 10:41:51.0848 4244 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 10:41:51.0848 4244 pciide - ok 10:41:51.0895 4244 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 10:41:51.0895 4244 pcmcia - ok 10:41:51.0942 4244 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 10:41:51.0942 4244 pcw - ok 10:41:52.0035 4244 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 10:41:52.0051 4244 PEAUTH - ok 10:41:52.0144 4244 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll 10:41:52.0144 4244 PeerDistSvc - ok 10:41:52.0332 4244 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 10:41:52.0332 4244 PerfHost - ok 10:41:52.0550 4244 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 10:41:52.0597 4244 pla - ok 10:41:52.0644 4244 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 10:41:52.0644 4244 PlugPlay - ok 10:41:52.0722 4244 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 10:41:52.0722 4244 PNRPAutoReg - ok 10:41:52.0753 4244 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 10:41:52.0768 4244 PNRPsvc - ok 10:41:52.0846 4244 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 10:41:52.0893 4244 PolicyAgent - ok 10:41:52.0924 4244 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 10:41:52.0924 4244 Power - ok 10:41:53.0065 4244 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 10:41:53.0065 4244 PptpMiniport - ok 10:41:53.0096 4244 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 10:41:53.0096 4244 Processor - ok 10:41:53.0127 4244 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll 10:41:53.0143 4244 ProfSvc - ok 10:41:53.0158 4244 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 10:41:53.0174 4244 ProtectedStorage - ok 10:41:53.0190 4244 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 10:41:53.0190 4244 Psched - ok 10:41:53.0392 4244 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 10:41:53.0408 4244 ql2300 - ok 10:41:53.0626 4244 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 10:41:53.0642 4244 ql40xx - ok 10:41:53.0673 4244 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 10:41:53.0673 4244 QWAVE - ok 10:41:53.0720 4244 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 10:41:53.0720 4244 QWAVEdrv - ok 10:41:53.0736 4244 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 10:41:53.0736 4244 RasAcd - ok 10:41:53.0782 4244 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 10:41:53.0782 4244 RasAgileVpn - ok 10:41:53.0892 4244 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 10:41:53.0907 4244 RasAuto - ok 10:41:53.0938 4244 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 10:41:53.0938 4244 Rasl2tp - ok 10:41:53.0985 4244 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 10:41:53.0985 4244 RasMan - ok 10:41:54.0016 4244 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 10:41:54.0016 4244 RasPppoe - ok 10:41:54.0032 4244 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 10:41:54.0032 4244 RasSstp - ok 10:41:54.0063 4244 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 10:41:54.0079 4244 rdbss - ok 10:41:54.0141 4244 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 10:41:54.0141 4244 rdpbus - ok 10:41:54.0204 4244 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 10:41:54.0204 4244 RDPCDD - ok 10:41:54.0250 4244 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys 10:41:54.0250 4244 RDPDR - ok 10:41:54.0282 4244 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 10:41:54.0282 4244 RDPENCDD - ok 10:41:54.0297 4244 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 10:41:54.0313 4244 RDPREFMP - ok 10:41:54.0406 4244 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys 10:41:54.0406 4244 RdpVideoMiniport - ok 10:41:54.0516 4244 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 10:41:54.0516 4244 RDPWD - ok 10:41:54.0562 4244 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 10:41:54.0562 4244 rdyboost - ok 10:41:54.0609 4244 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 10:41:54.0625 4244 RemoteAccess - ok 10:41:54.0765 4244 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 10:41:54.0765 4244 RemoteRegistry - ok 10:41:54.0843 4244 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 10:41:54.0843 4244 RFCOMM - ok 10:41:54.0906 4244 rimspci (fa6abc06b629da29634d31f1fe0347bd) C:\Windows\system32\DRIVERS\rimssne64.sys 10:41:54.0906 4244 rimspci - ok 10:41:54.0921 4244 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys 10:41:54.0921 4244 RimUsb - ok 10:41:55.0030 4244 risdsnpe (8f8539a7f5c117d4407b2985995671f2) C:\Windows\system32\DRIVERS\risdsne64.sys 10:41:55.0030 4244 risdsnpe - ok 10:41:55.0077 4244 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 10:41:55.0093 4244 RpcEptMapper - ok 10:41:55.0108 4244 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 10:41:55.0108 4244 RpcLocator - ok 10:41:55.0155 4244 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 10:41:55.0155 4244 RpcSs - ok 10:41:55.0186 4244 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 10:41:55.0186 4244 rspndr - ok 10:41:55.0218 4244 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys 10:41:55.0218 4244 s3cap - ok 10:41:55.0249 4244 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 10:41:55.0249 4244 SamSs - ok 10:41:55.0389 4244 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 10:41:55.0389 4244 sbp2port - ok 10:41:55.0436 4244 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 10:41:55.0436 4244 SCardSvr - ok 10:41:55.0467 4244 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 10:41:55.0467 4244 scfilter - ok 10:41:55.0639 4244 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 10:41:55.0686 4244 Schedule - ok 10:41:55.0779 4244 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 10:41:55.0779 4244 SCPolicySvc - ok 10:41:55.0888 4244 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys 10:41:55.0888 4244 sdbus - ok 10:41:55.0920 4244 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 10:41:55.0935 4244 SDRSVC - ok 10:41:55.0966 4244 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 10:41:55.0966 4244 secdrv - ok 10:41:55.0982 4244 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 10:41:56.0013 4244 seclogon - ok 10:41:56.0076 4244 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 10:41:56.0076 4244 SENS - ok 10:41:56.0138 4244 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 10:41:56.0154 4244 SensrSvc - ok 10:41:56.0154 4244 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 10:41:56.0154 4244 Serenum - ok 10:41:56.0185 4244 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 10:41:56.0185 4244 Serial - ok 10:41:56.0216 4244 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 10:41:56.0216 4244 sermouse - ok 10:41:56.0247 4244 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 10:41:56.0278 4244 SessionEnv - ok 10:41:56.0310 4244 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\DRIVERS\SFEP.sys 10:41:56.0310 4244 SFEP - ok 10:41:56.0356 4244 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 10:41:56.0356 4244 sffdisk - ok 10:41:56.0434 4244 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 10:41:56.0434 4244 sffp_mmc - ok 10:41:56.0450 4244 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 10:41:56.0466 4244 sffp_sd - ok 10:41:56.0512 4244 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 10:41:56.0512 4244 sfloppy - ok 10:41:56.0700 4244 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 10:41:56.0731 4244 SharedAccess - ok 10:41:56.0871 4244 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 10:41:56.0871 4244 ShellHWDetection - ok 10:41:56.0902 4244 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 10:41:56.0902 4244 SiSRaid2 - ok 10:41:56.0918 4244 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 10:41:56.0918 4244 SiSRaid4 - ok 10:41:56.0949 4244 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 10:41:56.0949 4244 Smb - ok 10:41:56.0996 4244 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 10:41:56.0996 4244 SNMPTRAP - ok 10:41:57.0027 4244 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 10:41:57.0027 4244 spldr - ok 10:41:57.0152 4244 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 10:41:57.0168 4244 Spooler - ok 10:41:57.0464 4244 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 10:41:57.0464 4244 sppsvc - ok 10:41:57.0729 4244 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 10:41:57.0729 4244 sppuinotify - ok 10:41:57.0870 4244 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 10:41:57.0870 4244 srv - ok 10:41:57.0963 4244 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 10:41:57.0963 4244 srv2 - ok 10:41:58.0010 4244 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 10:41:58.0010 4244 srvnet - ok 10:41:58.0057 4244 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 10:41:58.0057 4244 SSDPSRV - ok 10:41:58.0072 4244 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 10:41:58.0072 4244 SstpSvc - ok 10:41:58.0150 4244 Stereo Service (80d035bcaa65a0644ea169d6ca6bcb98) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 10:41:58.0150 4244 Stereo Service - ok 10:41:58.0166 4244 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 10:41:58.0166 4244 stexstor - ok 10:41:58.0338 4244 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 10:41:58.0369 4244 stisvc - ok 10:41:58.0384 4244 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys 10:41:58.0384 4244 storflt - ok 10:41:58.0416 4244 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll 10:41:58.0416 4244 StorSvc - ok 10:41:58.0431 4244 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys 10:41:58.0431 4244 storvsc - ok 10:41:58.0447 4244 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 10:41:58.0447 4244 swenum - ok 10:41:58.0540 4244 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 10:41:58.0572 4244 swprv - ok 10:41:58.0603 4244 Synth3dVsc - ok 10:41:58.0650 4244 SynTP (20f8f4c2ed3f492da318d98e72f77209) C:\Windows\system32\DRIVERS\SynTP.sys 10:41:58.0650 4244 SynTP - ok 10:41:58.0930 4244 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 10:41:58.0946 4244 SysMain - ok 10:41:59.0055 4244 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 10:41:59.0086 4244 TabletInputService - ok 10:41:59.0227 4244 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 10:41:59.0227 4244 TapiSrv - ok 10:41:59.0258 4244 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 10:41:59.0258 4244 TBS - ok 10:41:59.0523 4244 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 10:41:59.0539 4244 Tcpip - ok 10:41:59.0866 4244 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 10:41:59.0866 4244 TCPIP6 - ok 10:42:00.0100 4244 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 10:42:00.0100 4244 tcpipreg - ok 10:42:00.0132 4244 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 10:42:00.0132 4244 TDPIPE - ok 10:42:00.0147 4244 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 10:42:00.0147 4244 TDTCP - ok 10:42:00.0178 4244 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 10:42:00.0178 4244 tdx - ok 10:42:00.0272 4244 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 10:42:00.0272 4244 TermDD - ok 10:42:00.0350 4244 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 10:42:00.0381 4244 TermService - ok 10:42:00.0412 4244 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 10:42:00.0412 4244 Themes - ok 10:42:00.0428 4244 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 10:42:00.0428 4244 THREADORDER - ok 10:42:00.0568 4244 TIRmtSvc (8b522b91be7ce217efc1fa6c70c4465a) C:\WINDOWS\TIREMOTE\TIRemoteService.exe 10:42:00.0568 4244 TIRmtSvc - ok 10:42:00.0646 4244 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 10:42:00.0646 4244 TrkWks - ok 10:42:00.0693 4244 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 10:42:00.0693 4244 TrustedInstaller - ok 10:42:00.0724 4244 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 10:42:00.0724 4244 tssecsrv - ok 10:42:00.0740 4244 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 10:42:00.0740 4244 TsUsbFlt - ok 10:42:00.0740 4244 tsusbhub - ok 10:42:00.0880 4244 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 10:42:00.0880 4244 tunnel - ok 10:42:00.0912 4244 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 10:42:00.0912 4244 uagp35 - ok 10:42:00.0943 4244 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 10:42:00.0943 4244 udfs - ok 10:42:00.0974 4244 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 10:42:00.0974 4244 UI0Detect - ok 10:42:01.0005 4244 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 10:42:01.0005 4244 uliagpkx - ok 10:42:01.0036 4244 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 10:42:01.0036 4244 umbus - ok 10:42:01.0052 4244 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 10:42:01.0052 4244 UmPass - ok 10:42:01.0193 4244 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll 10:42:01.0208 4244 UmRdpService - ok 10:42:01.0239 4244 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 10:42:01.0239 4244 upnphost - ok 10:42:01.0286 4244 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys 10:42:01.0286 4244 USBAAPL64 - ok 10:42:01.0317 4244 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 10:42:01.0317 4244 usbccgp - ok 10:42:01.0489 4244 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 10:42:01.0489 4244 usbcir - ok 10:42:01.0520 4244 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 10:42:01.0536 4244 usbehci - ok 10:42:01.0598 4244 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 10:42:01.0598 4244 usbhub - ok 10:42:01.0614 4244 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 10:42:01.0614 4244 usbohci - ok 10:42:01.0645 4244 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 10:42:01.0645 4244 usbprint - ok 10:42:01.0676 4244 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 10:42:01.0692 4244 usbscan - ok 10:42:01.0707 4244 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 10:42:01.0707 4244 USBSTOR - ok 10:42:01.0754 4244 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 10:42:01.0754 4244 usbuhci - ok 10:42:01.0785 4244 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 10:42:01.0801 4244 usbvideo - ok 10:42:01.0817 4244 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 10:42:01.0832 4244 UxSms - ok 10:42:02.0051 4244 VAIO Event Service (a60605fc66552b421ee1f3d4ebb9a4e0) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe 10:42:02.0051 4244 VAIO Event Service - ok 10:42:02.0129 4244 VAIO Power Management (d469be2723f79cf4b384680b1fdc577d) C:\Program Files\Sony\VAIO Power Management\SPMService.exe 10:42:02.0129 4244 VAIO Power Management - ok 10:42:02.0144 4244 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 10:42:02.0144 4244 VaultSvc - ok 10:42:02.0253 4244 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 10:42:02.0253 4244 vdrvroot - ok 10:42:02.0316 4244 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 10:42:02.0363 4244 vds - ok 10:42:02.0409 4244 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 10:42:02.0409 4244 vga - ok 10:42:02.0425 4244 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 10:42:02.0425 4244 VgaSave - ok 10:42:02.0425 4244 VGPU - ok 10:42:02.0503 4244 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 10:42:02.0503 4244 vhdmp - ok 10:42:02.0534 4244 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 10:42:02.0534 4244 viaide - ok 10:42:02.0565 4244 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys 10:42:02.0565 4244 vmbus - ok 10:42:02.0565 4244 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys 10:42:02.0565 4244 VMBusHID - ok 10:42:02.0581 4244 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 10:42:02.0581 4244 volmgr - ok 10:42:02.0628 4244 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 10:42:02.0628 4244 volmgrx - ok 10:42:02.0659 4244 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 10:42:02.0659 4244 volsnap - ok 10:42:02.0706 4244 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 10:42:02.0706 4244 vsmraid - ok 10:42:03.0236 4244 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 10:42:03.0330 4244 VSS - ok 10:42:03.0533 4244 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 10:42:03.0533 4244 vwifibus - ok 10:42:03.0548 4244 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 10:42:03.0548 4244 vwififlt - ok 10:42:03.0564 4244 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 10:42:03.0564 4244 vwifimp - ok 10:42:03.0907 4244 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 10:42:03.0938 4244 W32Time - ok 10:42:04.0001 4244 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 10:42:04.0001 4244 WacomPen - ok 10:42:04.0141 4244 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 10:42:04.0141 4244 WANARP - ok 10:42:04.0157 4244 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 10:42:04.0157 4244 Wanarpv6 - ok 10:42:04.0266 4244 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 10:42:04.0437 4244 WatAdminSvc - ok 10:42:04.0562 4244 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 10:42:04.0640 4244 wbengine - ok 10:42:05.0405 4244 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 10:42:05.0451 4244 WbioSrvc - ok 10:42:05.0904 4244 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 10:42:05.0919 4244 wcncsvc - ok 10:42:05.0966 4244 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 10:42:05.0982 4244 WcsPlugInService - ok 10:42:06.0200 4244 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 10:42:06.0200 4244 Wd - ok 10:42:06.0902 4244 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 10:42:06.0918 4244 Wdf01000 - ok 10:42:07.0074 4244 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 10:42:07.0121 4244 WdiServiceHost - ok 10:42:07.0121 4244 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 10:42:07.0121 4244 WdiSystemHost - ok 10:42:07.0417 4244 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 10:42:07.0417 4244 WebClient - ok 10:42:07.0807 4244 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 10:42:07.0823 4244 Wecsvc - ok 10:42:07.0963 4244 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 10:42:07.0963 4244 wercplsupport - ok 10:42:08.0088 4244 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 10:42:08.0103 4244 WerSvc - ok 10:42:08.0431 4244 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 10:42:08.0431 4244 WfpLwf - ok 10:42:08.0525 4244 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 10:42:08.0525 4244 WIMMount - ok 10:42:08.0634 4244 WinDefend - ok 10:42:08.0665 4244 WinHttpAutoProxySvc - ok 10:42:08.0837 4244 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 10:42:08.0852 4244 Winmgmt - ok 10:42:10.0553 4244 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 10:42:10.0709 4244 WinRM - ok 10:42:11.0785 4244 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys 10:42:11.0785 4244 WinUsb - ok 10:42:12.0503 4244 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 10:42:12.0628 4244 Wlansvc - ok 10:42:12.0752 4244 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 10:42:12.0752 4244 WmiAcpi - ok 10:42:13.0096 4244 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 10:42:13.0111 4244 wmiApSrv - ok 10:42:13.0205 4244 WMPNetworkSvc - ok 10:42:13.0345 4244 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 10:42:13.0345 4244 WPCSvc - ok 10:42:13.0564 4244 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 10:42:13.0595 4244 WPDBusEnum - ok 10:42:13.0688 4244 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 10:42:13.0688 4244 ws2ifsl - ok 10:42:13.0891 4244 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll 10:42:13.0891 4244 wscsvc - ok 10:42:13.0891 4244 WSearch - ok 10:42:16.0122 4244 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 10:42:16.0122 4244 wuauserv - ok 10:42:17.0261 4244 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 10:42:17.0261 4244 WudfPf - ok 10:42:17.0292 4244 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 10:42:17.0292 4244 WUDFRd - ok 10:42:17.0323 4244 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 10:42:17.0370 4244 wudfsvc - ok 10:42:17.0822 4244 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 10:42:17.0838 4244 WwanSvc - ok 10:42:18.0010 4244 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 10:42:20.0147 4244 \Device\Harddisk0\DR0 - ok 10:42:20.0194 4244 Boot (0x1200) (4580e43ecdae801d8652a68ac2c6795d) \Device\Harddisk0\DR0\Partition0 10:42:20.0225 4244 \Device\Harddisk0\DR0\Partition0 - ok 10:42:20.0256 4244 Boot (0x1200) (c6124f9b61ca809682374e09392d1537) \Device\Harddisk0\DR0\Partition1 10:42:20.0272 4244 \Device\Harddisk0\DR0\Partition1 - ok 10:42:20.0272 4244 ============================================================ 10:42:20.0272 4244 Scan finished 10:42:20.0272 4244 ============================================================ 10:42:20.0287 0636 Detected object count: 0 10:42:20.0287 0636 Actual detected object count: 0
  4. Also, I have received this morning the following message: "Host Process for Windows Tasks has stopped working" i have received it twice in the last hour.
  5. Adobe Acrobat X Standard - English, Français, Deutsch Adobe Digital Editions Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Apple Application Support Apple Software Update ArcSoft WebCam Companion 3 BitTorrent Cisco WebEx Meetings Conversation Translator Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition GL Wand Google Toolbar for Internet Explorer Google Update Helper Intel® Control Center Intel® Rapid Storage Technology Intel® Turbo Boost Technology Driver Japanese Fonts Support For Adobe Reader X Java Auto Updater Java 6 Update 30 Malwarebytes Anti-Malware version 1.61.0.1400 McAfee Agent McAfee VirusScan Enterprise Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Live Meeting 2007 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Mozilla Firefox 11.0 (x86 en-US) Numara Track-It! 10.5 Agent NVIDIA PhysX NVIDIA Stereoscopic 3D Driver Realtek High Definition Audio Driver RSA SecurID Software Token Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition Tivoli Endpoint Manager Client Tivoli Endpoint Manager Server API TurboTax 2011 TurboTax 2011 wcaiper TurboTax 2011 WinPerFedFormset TurboTax 2011 WinPerReleaseEngine TurboTax 2011 WinPerTaxSupport TurboTax 2011 wrapper Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition VAIO Control Center Vid-Saver WinZip 14.5
  6. Please see below: (1) Report from Combofix (2)/(3) Seems like my machine is working fine. No issues re-booting and hard drive seems to be churning less What's next? ========================================= COMBOFIX REPORT ----------------------------------------------------------------- ComboFix 12-07-06.02 - ebhandari 07/09/2012 14:12:48.2.4 - x64 Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.8055.5627 [GMT -7:00] Running from: c:\users\ebhandari\Desktop\ComboFix.exe Command switches used :: c:\users\ebhandari\Desktop\CFScript.txt AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\svchost.exe . . ((((((((((((((((((((((((( Files Created from 2012-06-09 to 2012-07-09 ))))))))))))))))))))))))))))))) . . 2012-07-09 21:24 . 2012-07-09 21:24 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-07-09 21:24 . 2012-07-09 21:24 -------- d-----w- c:\users\smitchell\AppData\Local\temp 2012-07-09 21:24 . 2012-07-09 21:24 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-09 21:24 . 2012-07-09 21:24 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2012-07-09 21:24 . 2012-07-09 21:24 -------- d-----w- c:\users\admin\AppData\Local\temp 2012-07-09 05:09 . 2012-07-09 05:09 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-06 16:41 . 2012-07-06 16:41 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-07-06 16:28 . 2012-07-06 16:28 -------- d-----w- c:\windows\Sun 2012-07-03 12:26 . 2012-07-05 09:25 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{59F9BB98-0F78-485D-B249-70D14C8200DF}\offreg.dll 2012-07-03 12:25 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{59F9BB98-0F78-485D-B249-70D14C8200DF}\mpengine.dll 2012-06-29 00:26 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-06-29 00:26 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-06-29 00:26 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-29 00:26 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-29 00:26 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-06-29 00:26 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-06-29 00:26 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-06-29 00:25 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll 2012-06-29 00:25 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-06-26 06:02 . 2012-06-26 06:02 -------- d-----w- c:\users\ebhandari\AppData\Local\Vid-Saver 2012-06-26 06:02 . 2012-06-26 06:02 -------- d-----w- c:\program files (x86)\Vid-Saver 2012-06-26 06:02 . 2012-06-26 06:02 -------- d-----w- c:\program files (x86)\BitTorrent 2012-06-26 06:01 . 2012-07-02 16:24 -------- d-----w- c:\users\ebhandari\AppData\Roaming\BitTorrent 2012-06-21 15:47 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 15:47 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 15:47 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 15:47 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 15:47 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-21 15:47 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 15:47 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 15:46 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 15:46 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-21 15:40 . 2012-06-21 15:40 -------- d-----w- c:\programdata\BigFix 2012-06-19 19:57 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-06-19 19:57 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-06-19 19:57 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-06-19 19:54 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys 2012-06-19 19:46 . 2012-04-28 05:32 1112064 ----a-w- c:\windows\system32\rdpcorets.dll 2012-06-19 19:46 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-19 19:40 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-19 19:40 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-19 19:40 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-19 19:39 . 2012-03-29 23:07 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-19 19:39 . 2011-06-07 17:35 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-19 17:39 . 2012-03-29 19:40 94208 ----a-w- c:\windows\TIRHService.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-07-06_20.13.34 ))))))))))))))))))))))))))))))))))))))))) . + 2012-07-02 15:56 . 2012-07-09 04:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat - 2012-07-02 15:56 . 2012-07-06 18:05 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat - 2012-07-02 15:54 . 2012-07-06 20:12 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat + 2012-07-02 15:54 . 2012-07-09 04:53 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat + 2011-06-07 00:08 . 2012-07-09 05:14 42482 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-07-09 05:29 33150 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-12-07 20:11 . 2012-07-09 05:34 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-12-07 20:11 . 2012-07-06 20:12 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-12-07 20:11 . 2012-07-09 05:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-12-07 20:11 . 2012-07-06 20:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-07-06 20:12 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-07-09 05:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-01-03 17:57 . 2012-07-09 05:29 8270 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-527237240-764733703-1801674531-20392_UserData.bin + 2011-05-19 16:26 . 2012-07-09 05:10 1837 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat - 2011-05-19 16:26 . 2012-07-06 20:10 1837 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat + 2012-07-09 05:10 . 2012-07-09 05:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-07-06 20:11 . 2012-07-06 20:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-07-06 20:11 . 2012-07-06 20:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-07-09 05:10 . 2012-07-09 05:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-02-23 18:17 . 2012-07-09 04:53 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2012-02-23 18:17 . 2012-07-06 20:12 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-07-14 04:54 . 2012-07-09 04:53 458752 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-07-06 20:12 458752 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-06-07 16:48 . 2012-07-09 16:27 268676 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin + 2009-07-14 02:36 . 2012-07-09 05:32 762202 c:\windows\system32\perfc009.dat + 2009-07-14 05:01 . 2012-07-09 05:10 390644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-07-06 20:10 390644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 02:36 . 2012-07-09 05:32 2493400 c:\windows\system32\perfh009.dat - 2011-12-07 19:41 . 2012-07-06 20:10 1590088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-12-07 19:41 . 2012-07-09 05:10 1590088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2012-02-20 19:21 . 2012-07-09 05:10 7806980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-527237240-764733703-1801674531-20392-8192.dat - 2012-02-20 19:21 . 2012-07-06 20:11 7806980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-527237240-764733703-1801674531-20392-8192.dat - 2012-07-02 16:24 . 2012-07-06 20:10 3730040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat + 2012-07-02 16:24 . 2012-07-09 05:10 3730040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat + 2009-07-14 04:54 . 2012-07-09 04:53 10502144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-07-06 20:12 10502144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-07-06 20:12 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-07-09 04:53 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-03-19 17:03 . 2012-07-03 05:13 19915560 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-527237240-764733703-1801674531-20392-4096.dat + 2012-03-19 17:03 . 2012-07-09 05:10 19915560 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-527237240-764733703-1801674531-20392-4096.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-03 39408] "ares"="c:\program files (x86)\Ares\Ares.exe" [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696] "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-06-01 673136] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-12 215360] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2012-05-16 12098648] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736] "McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2011-11-15 333376] . c:\users\ebhandari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-8 1128224] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "SynchronousMachineGroupPolicy"= 1 (0x1) "SynchronousUserGroupPolicy"= 1 (0x1) "MaxGPOScriptWait"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 136176] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-19 257224] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 136176] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-12-29 97960] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-07 1255736] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-12-29 281544] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336] S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-12-29 156248] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-04 2255464] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys [2010-08-05 94208] S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsne64.sys [2010-08-05 78848] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-04 379496] S2 TIRmtSvc;Track-It! Workstation Manager;c:\windows\TIREMOTE\TIRemoteService.exe [2011-10-31 210944] S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-22 575856] S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-08-05 342056] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-08-05 39464] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-18 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-08-12 158976] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-05-31 7689216] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-05-10 174184] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 11392] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . --- Other Services/Drivers In Memory --- . *Deregistered* - aswMBR *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2012-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:39] . 2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 06:43] . 2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 06:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2010-04-27 22:48 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2010-04-27 22:48 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-03 11842152] "PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2010-04-27 84744] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://graceland/Pages/Home.aspx mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 172.24.1.155 10.8.142.103 10.3.8.28 FF - ProfilePath - . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90, 43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87 "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b, 27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}"=hex:51,66,7a,6c,4c,1d,38,12,ce,98,c3, 35,c7,5c,a0,09,c1,9c,6a,63,e2,38,41,ce "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1, 79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25 "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b, ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3 "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f, aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04 "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0, b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84, f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63 "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:1a,f4,07,a5,d7,58,cd,01 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-07-09 14:27:35 ComboFix-quarantined-files.txt 2012-07-09 21:27 ComboFix2.txt 2012-07-06 20:22 . Pre-Run: 379,129,917,440 bytes free Post-Run: 379,263,778,816 bytes free . - - End Of File - - BC8F7DF6C795CC8E97264708946FE188
  7. Please see below aseMBR report. I would like to add this experience has been very good so far. Your quick response time is great and much appreciated. =============================================== aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-07-09 11:59:00 ----------------------------- 11:59:00.158 OS Version: Windows x64 6.1.7601 Service Pack 1 11:59:00.173 Number of processors: 4 586 0x2505 11:59:00.173 ComputerName: EBHANDARI-GNNB UserName: ebhandari 11:59:02.201 Initialize success 11:59:07.443 AVAST engine defs: 12070801 12:02:47.264 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 12:02:47.264 Disk 0 Vendor: Hitachi_ PC4O Size: 476940MB BusType: 3 12:02:47.280 Disk 0 MBR read successfully 12:02:47.280 Disk 0 MBR scan 12:02:47.295 Disk 0 Windows 7 default MBR code 12:02:47.311 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 12:02:47.327 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848 12:02:47.389 Disk 0 scanning C:\Windows\system32\drivers 12:03:08.530 Service scanning 12:03:45.551 Modules scanning 12:03:45.551 Disk 0 trace - called modules: 12:03:45.583 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 12:03:45.583 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d90060] 12:03:46.097 3 CLASSPNP.SYS[fffff88001aa643f] -> nt!IofCallDriver -> [0xfffffa8007a40690] 12:03:46.097 5 ACPI.sys[fffff88000ed77a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007a46050] 12:03:47.595 AVAST engine scan C:\Windows 12:03:58.173 AVAST engine scan C:\Windows\system32 12:10:08.757 AVAST engine scan C:\Windows\system32\drivers 12:10:27.057 AVAST engine scan C:\Users\ebhandari 12:18:11.659 AVAST engine scan C:\ProgramData 12:20:00.710 Scan finished successfully 12:23:47.211 Disk 0 MBR has been saved successfully to "C:\Users\ebhandari\Desktop\New folder\MBR.dat" 12:23:47.211 The log file has been saved successfully to "C:\Users\ebhandari\Desktop\New folder\aswMBR.txt"
  8. Hi, Below is the report from TDSSKILLER. When I ran aswMBR - it ran for about 5-10 minutes then automatically re-booted my machine. Should I rerun? ========================= TDSSKILLER REPORT --------------------------------------------------- 22:07:46.0501 6952 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08 22:07:46.0939 6952 ============================================================ 22:07:46.0939 6952 Current date / time: 2012/07/08 22:07:46.0939 22:07:46.0939 6952 SystemInfo: 22:07:46.0939 6952 22:07:46.0939 6952 OS Version: 6.1.7601 ServicePack: 1.0 22:07:46.0939 6952 Product type: Workstation 22:07:46.0939 6952 ComputerName: EBHANDARI-GNNB 22:07:46.0939 6952 UserName: ebhandari 22:07:46.0939 6952 Windows directory: C:\Windows 22:07:46.0939 6952 System windows directory: C:\Windows 22:07:46.0939 6952 Running under WOW64 22:07:46.0939 6952 Processor architecture: Intel x64 22:07:46.0939 6952 Number of processors: 4 22:07:46.0939 6952 Page size: 0x1000 22:07:46.0939 6952 Boot type: Normal boot 22:07:46.0939 6952 ============================================================ 22:07:47.0626 6952 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 22:07:47.0630 6952 ============================================================ 22:07:47.0630 6952 \Device\Harddisk0\DR0: 22:07:47.0630 6952 MBR partitions: 22:07:47.0630 6952 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 22:07:47.0630 6952 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353030 22:07:47.0630 6952 ============================================================ 22:07:47.0658 6952 C: <-> \Device\Harddisk0\DR0\Partition1 22:07:47.0658 6952 ============================================================ 22:07:47.0658 6952 Initialize success 22:07:47.0658 6952 ============================================================ 22:07:50.0945 5448 ============================================================ 22:07:50.0945 5448 Scan started 22:07:50.0945 5448 Mode: Manual; 22:07:50.0945 5448 ============================================================ 22:07:53.0869 5448 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 22:07:53.0870 5448 1394ohci - ok 22:07:53.0962 5448 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe 22:07:54.0032 5448 ACDaemon - ok 22:07:54.0153 5448 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 22:07:54.0155 5448 ACPI - ok 22:07:54.0237 5448 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 22:07:54.0238 5448 AcpiPmi - ok 22:07:54.0473 5448 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 22:07:54.0475 5448 AdobeFlashPlayerUpdateSvc - ok 22:07:54.0551 5448 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 22:07:54.0553 5448 adp94xx - ok 22:07:54.0609 5448 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 22:07:54.0611 5448 adpahci - ok 22:07:54.0669 5448 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 22:07:54.0671 5448 adpu320 - ok 22:07:54.0719 5448 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 22:07:54.0720 5448 AeLookupSvc - ok 22:07:54.0763 5448 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 22:07:54.0765 5448 AFD - ok 22:07:54.0795 5448 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 22:07:54.0796 5448 agp440 - ok 22:07:54.0811 5448 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 22:07:54.0815 5448 ALG - ok 22:07:54.0841 5448 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 22:07:54.0841 5448 aliide - ok 22:07:54.0845 5448 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 22:07:54.0845 5448 amdide - ok 22:07:54.0873 5448 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 22:07:54.0873 5448 AmdK8 - ok 22:07:54.0888 5448 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 22:07:54.0889 5448 AmdPPM - ok 22:07:54.0925 5448 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 22:07:54.0926 5448 amdsata - ok 22:07:54.0965 5448 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 22:07:54.0966 5448 amdsbs - ok 22:07:54.0979 5448 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 22:07:54.0980 5448 amdxata - ok 22:07:55.0060 5448 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 22:07:55.0061 5448 AppID - ok 22:07:55.0112 5448 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 22:07:55.0116 5448 AppIDSvc - ok 22:07:55.0251 5448 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 22:07:55.0251 5448 Appinfo - ok 22:07:55.0388 5448 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 22:07:55.0389 5448 Apple Mobile Device - ok 22:07:55.0449 5448 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll 22:07:55.0454 5448 AppMgmt - ok 22:07:55.0488 5448 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 22:07:55.0489 5448 arc - ok 22:07:55.0504 5448 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 22:07:55.0505 5448 arcsas - ok 22:07:55.0699 5448 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 22:07:55.0757 5448 aspnet_state - ok 22:07:55.0802 5448 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 22:07:55.0802 5448 AsyncMac - ok 22:07:55.0823 5448 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 22:07:55.0824 5448 atapi - ok 22:07:55.0876 5448 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 22:07:55.0908 5448 AudioEndpointBuilder - ok 22:07:55.0913 5448 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 22:07:55.0917 5448 AudioSrv - ok 22:07:55.0969 5448 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 22:07:55.0997 5448 AxInstSV - ok 22:07:56.0301 5448 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 22:07:56.0304 5448 b06bdrv - ok 22:07:56.0400 5448 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 22:07:56.0401 5448 b57nd60a - ok 22:07:56.0476 5448 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 22:07:56.0480 5448 BDESVC - ok 22:07:56.0490 5448 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 22:07:56.0490 5448 Beep - ok 22:07:57.0117 5448 BESClient (cbdc51c584fd4a6bbd06727d82a11428) C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe 22:07:57.0137 5448 BESClient - ok 22:07:57.0480 5448 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 22:07:57.0518 5448 BFE - ok 22:07:57.0567 5448 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll 22:07:57.0644 5448 BITS - ok 22:07:57.0690 5448 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 22:07:57.0691 5448 blbdrive - ok 22:07:57.0766 5448 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 22:07:57.0768 5448 Bonjour Service - ok 22:07:57.0797 5448 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 22:07:57.0798 5448 bowser - ok 22:07:57.0807 5448 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 22:07:57.0808 5448 BrFiltLo - ok 22:07:57.0818 5448 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 22:07:57.0818 5448 BrFiltUp - ok 22:07:57.0840 5448 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 22:07:57.0841 5448 BridgeMP - ok 22:07:57.0869 5448 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 22:07:57.0907 5448 Browser - ok 22:07:57.0955 5448 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 22:07:57.0957 5448 Brserid - ok 22:07:57.0990 5448 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 22:07:57.0991 5448 BrSerWdm - ok 22:07:58.0005 5448 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 22:07:58.0006 5448 BrUsbMdm - ok 22:07:58.0009 5448 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 22:07:58.0010 5448 BrUsbSer - ok 22:07:58.0067 5448 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys 22:07:58.0068 5448 BthEnum - ok 22:07:58.0096 5448 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 22:07:58.0097 5448 BTHMODEM - ok 22:07:58.0184 5448 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 22:07:58.0185 5448 BthPan - ok 22:07:58.0307 5448 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys 22:07:58.0309 5448 BTHPORT - ok 22:07:58.0426 5448 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 22:07:58.0429 5448 bthserv - ok 22:07:58.0460 5448 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys 22:07:58.0461 5448 BTHUSB - ok 22:07:58.0567 5448 btwampfl (59e3510784548c6939c1b3b985c232e3) C:\Windows\system32\drivers\btwampfl.sys 22:07:58.0569 5448 btwampfl - ok 22:07:58.0671 5448 btwaudio (1872074ed0a3fb22e3f1e3197b984bfa) C:\Windows\system32\drivers\btwaudio.sys 22:07:58.0672 5448 btwaudio - ok 22:07:58.0697 5448 btwavdt (691cf076c33ab1c3a5b2fd5450300733) C:\Windows\system32\DRIVERS\btwavdt.sys 22:07:58.0698 5448 btwavdt - ok 22:07:58.0832 5448 btwdins (8ba6e93a182126781952a7895ec1e4b2) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 22:07:58.0837 5448 btwdins - ok 22:07:58.0865 5448 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys 22:07:58.0865 5448 btwl2cap - ok 22:07:58.0879 5448 btwrchid (c9273b20dec8ce38dbce5d29de63c907) C:\Windows\system32\DRIVERS\btwrchid.sys 22:07:58.0879 5448 btwrchid - ok 22:07:58.0925 5448 catchme - ok 22:07:58.0952 5448 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 22:07:58.0953 5448 cdfs - ok 22:07:58.0985 5448 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 22:07:58.0986 5448 cdrom - ok 22:07:59.0023 5448 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 22:07:59.0069 5448 CertPropSvc - ok 22:07:59.0103 5448 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 22:07:59.0103 5448 circlass - ok 22:07:59.0138 5448 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 22:07:59.0139 5448 CLFS - ok 22:07:59.0360 5448 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 22:07:59.0364 5448 clr_optimization_v2.0.50727_32 - ok 22:07:59.0462 5448 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 22:07:59.0466 5448 clr_optimization_v2.0.50727_64 - ok 22:07:59.0543 5448 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 22:07:59.0544 5448 clr_optimization_v4.0.30319_32 - ok 22:07:59.0626 5448 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 22:07:59.0627 5448 clr_optimization_v4.0.30319_64 - ok 22:07:59.0670 5448 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 22:07:59.0671 5448 CmBatt - ok 22:07:59.0696 5448 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 22:07:59.0697 5448 cmdide - ok 22:07:59.0735 5448 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 22:07:59.0737 5448 CNG - ok 22:07:59.0761 5448 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 22:07:59.0762 5448 Compbatt - ok 22:07:59.0806 5448 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 22:07:59.0807 5448 CompositeBus - ok 22:07:59.0818 5448 COMSysApp - ok 22:07:59.0828 5448 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 22:07:59.0828 5448 crcdisk - ok 22:07:59.0886 5448 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 22:07:59.0921 5448 CryptSvc - ok 22:08:00.0066 5448 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys 22:08:00.0078 5448 CSC - ok 22:08:00.0223 5448 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll 22:08:00.0226 5448 CscService - ok 22:08:00.0274 5448 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys 22:08:00.0275 5448 CVirtA - ok 22:08:00.0482 5448 CVPND (66257cb4e4fb69887cddc71663741435) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe 22:08:00.0488 5448 CVPND - ok 22:08:00.0637 5448 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys 22:08:00.0639 5448 CVPNDRVA - ok 22:08:00.0690 5448 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 22:08:00.0693 5448 DcomLaunch - ok 22:08:00.0749 5448 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 22:08:00.0757 5448 defragsvc - ok 22:08:00.0792 5448 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 22:08:00.0793 5448 DfsC - ok 22:08:00.0852 5448 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 22:08:00.0911 5448 Dhcp - ok 22:08:00.0951 5448 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 22:08:00.0952 5448 discache - ok 22:08:01.0005 5448 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 22:08:01.0006 5448 Disk - ok 22:08:01.0093 5448 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys 22:08:01.0094 5448 DNE - ok 22:08:01.0194 5448 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 22:08:01.0228 5448 Dnscache - ok 22:08:01.0258 5448 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 22:08:01.0295 5448 dot3svc - ok 22:08:01.0326 5448 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 22:08:01.0328 5448 DPS - ok 22:08:01.0355 5448 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 22:08:01.0356 5448 drmkaud - ok 22:08:01.0410 5448 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 22:08:01.0415 5448 DXGKrnl - ok 22:08:01.0444 5448 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 22:08:01.0447 5448 EapHost - ok 22:08:01.0585 5448 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 22:08:01.0599 5448 ebdrv - ok 22:08:01.0687 5448 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 22:08:01.0688 5448 EFS - ok 22:08:01.0756 5448 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 22:08:01.0808 5448 ehRecvr - ok 22:08:01.0836 5448 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 22:08:01.0840 5448 ehSched - ok 22:08:01.0899 5448 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 22:08:01.0902 5448 elxstor - ok 22:08:01.0919 5448 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 22:08:01.0920 5448 ErrDev - ok 22:08:01.0994 5448 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 22:08:01.0997 5448 EventSystem - ok 22:08:02.0018 5448 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 22:08:02.0019 5448 exfat - ok 22:08:02.0104 5448 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 22:08:02.0105 5448 fastfat - ok 22:08:02.0190 5448 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 22:08:02.0193 5448 Fax - ok 22:08:02.0208 5448 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 22:08:02.0209 5448 fdc - ok 22:08:02.0227 5448 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 22:08:02.0228 5448 fdPHost - ok 22:08:02.0243 5448 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 22:08:02.0244 5448 FDResPub - ok 22:08:02.0253 5448 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 22:08:02.0253 5448 FileInfo - ok 22:08:02.0271 5448 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 22:08:02.0272 5448 Filetrace - ok 22:08:02.0300 5448 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 22:08:02.0301 5448 flpydisk - ok 22:08:02.0331 5448 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 22:08:02.0333 5448 FltMgr - ok 22:08:02.0445 5448 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 22:08:02.0451 5448 FontCache - ok 22:08:02.0498 5448 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 22:08:02.0499 5448 FontCache3.0.0.0 - ok 22:08:02.0521 5448 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 22:08:02.0522 5448 FsDepends - ok 22:08:02.0556 5448 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 22:08:02.0557 5448 Fs_Rec - ok 22:08:02.0594 5448 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 22:08:02.0595 5448 fvevol - ok 22:08:02.0667 5448 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 22:08:02.0668 5448 gagp30kx - ok 22:08:02.0758 5448 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 22:08:02.0758 5448 GEARAspiWDM - ok 22:08:02.0947 5448 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 22:08:02.0976 5448 gpsvc - ok 22:08:03.0076 5448 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 22:08:03.0077 5448 gupdate - ok 22:08:03.0090 5448 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 22:08:03.0091 5448 gupdatem - ok 22:08:03.0115 5448 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 22:08:03.0116 5448 gusvc - ok 22:08:03.0140 5448 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 22:08:03.0141 5448 hcw85cir - ok 22:08:03.0180 5448 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 22:08:03.0182 5448 HdAudAddService - ok 22:08:03.0208 5448 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 22:08:03.0209 5448 HDAudBus - ok 22:08:03.0270 5448 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys 22:08:03.0271 5448 HECIx64 - ok 22:08:03.0297 5448 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 22:08:03.0297 5448 HidBatt - ok 22:08:03.0356 5448 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 22:08:03.0357 5448 HidBth - ok 22:08:03.0372 5448 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 22:08:03.0373 5448 HidIr - ok 22:08:03.0393 5448 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 22:08:03.0397 5448 hidserv - ok 22:08:03.0436 5448 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 22:08:03.0437 5448 HidUsb - ok 22:08:03.0475 5448 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 22:08:03.0500 5448 hkmsvc - ok 22:08:03.0586 5448 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 22:08:03.0611 5448 HomeGroupListener - ok 22:08:03.0661 5448 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 22:08:03.0661 5448 HomeGroupProvider - ok 22:08:03.0704 5448 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 22:08:03.0704 5448 HpSAMD - ok 22:08:03.0829 5448 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 22:08:03.0833 5448 HTTP - ok 22:08:03.0897 5448 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 22:08:03.0898 5448 hwpolicy - ok 22:08:03.0938 5448 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 22:08:03.0939 5448 i8042prt - ok 22:08:03.0995 5448 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys 22:08:03.0998 5448 iaStor - ok 22:08:04.0074 5448 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe 22:08:04.0075 5448 IAStorDataMgrSvc - ok 22:08:04.0111 5448 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 22:08:04.0113 5448 iaStorV - ok 22:08:04.0239 5448 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 22:08:04.0300 5448 idsvc - ok 22:08:04.0335 5448 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 22:08:04.0336 5448 iirsp - ok 22:08:04.0412 5448 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 22:08:04.0450 5448 IKEEXT - ok 22:08:04.0511 5448 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys 22:08:04.0512 5448 Impcd - ok 22:08:04.0688 5448 IntcAzAudAddService (26407a11d7e222afb7ce32700abbd9d1) C:\Windows\system32\drivers\RTKVHD64.sys 22:08:04.0700 5448 IntcAzAudAddService - ok 22:08:04.0789 5448 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 22:08:04.0790 5448 intelide - ok 22:08:04.0828 5448 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 22:08:04.0828 5448 intelppm - ok 22:08:04.0914 5448 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe 22:08:04.0915 5448 IntuitUpdateServiceV4 - ok 22:08:04.0938 5448 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 22:08:04.0943 5448 IPBusEnum - ok 22:08:04.0963 5448 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 22:08:04.0964 5448 IpFilterDriver - ok 22:08:05.0019 5448 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 22:08:05.0022 5448 iphlpsvc - ok 22:08:05.0059 5448 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 22:08:05.0060 5448 IPMIDRV - ok 22:08:05.0092 5448 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 22:08:05.0093 5448 IPNAT - ok 22:08:05.0190 5448 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe 22:08:05.0194 5448 iPod Service - ok 22:08:05.0221 5448 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 22:08:05.0222 5448 IRENUM - ok 22:08:05.0235 5448 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 22:08:05.0236 5448 isapnp - ok 22:08:05.0259 5448 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 22:08:05.0261 5448 iScsiPrt - ok 22:08:05.0288 5448 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 22:08:05.0288 5448 kbdclass - ok 22:08:05.0318 5448 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 22:08:05.0319 5448 kbdhid - ok 22:08:05.0354 5448 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 22:08:05.0355 5448 KeyIso - ok 22:08:05.0369 5448 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 22:08:05.0369 5448 KSecDD - ok 22:08:05.0439 5448 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 22:08:05.0440 5448 KSecPkg - ok 22:08:05.0457 5448 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 22:08:05.0457 5448 ksthunk - ok 22:08:05.0527 5448 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 22:08:05.0546 5448 KtmRm - ok 22:08:05.0610 5448 L1C (033b4aed2c5519072c0d81e00804d003) C:\Windows\system32\DRIVERS\L1C62x64.sys 22:08:05.0611 5448 L1C - ok 22:08:05.0665 5448 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll 22:08:05.0709 5448 LanmanServer - ok 22:08:05.0747 5448 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 22:08:05.0780 5448 LanmanWorkstation - ok 22:08:05.0809 5448 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 22:08:05.0810 5448 lltdio - ok 22:08:05.0850 5448 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 22:08:05.0857 5448 lltdsvc - ok 22:08:05.0872 5448 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 22:08:05.0877 5448 lmhosts - ok 22:08:05.0905 5448 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 22:08:05.0906 5448 LSI_FC - ok 22:08:05.0940 5448 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 22:08:05.0940 5448 LSI_SAS - ok 22:08:05.0966 5448 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 22:08:05.0967 5448 LSI_SAS2 - ok 22:08:05.0998 5448 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 22:08:05.0999 5448 LSI_SCSI - ok 22:08:06.0035 5448 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 22:08:06.0036 5448 luafv - ok 22:08:06.0132 5448 McAfeeFramework (3ef9511390f9106dd8cf0747baeb335c) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe 22:08:06.0133 5448 McAfeeFramework - ok 22:08:06.0211 5448 McShield (00315dc847778d65728197b63803b523) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe 22:08:06.0212 5448 McShield - ok 22:08:06.0318 5448 McTaskManager (b15bb3aef59158b4e1dda5328c842713) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe 22:08:06.0320 5448 McTaskManager - ok 22:08:06.0385 5448 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 22:08:06.0441 5448 Mcx2Svc - ok 22:08:06.0464 5448 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 22:08:06.0465 5448 megasas - ok 22:08:06.0501 5448 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 22:08:06.0503 5448 MegaSR - ok 22:08:06.0555 5448 mfeapfk (0d121a46e0148a3bc941fa3bb0269329) C:\Windows\system32\drivers\mfeapfk.sys 22:08:06.0556 5448 mfeapfk - ok 22:08:06.0605 5448 mfeavfk (93f251905c028809ffb49f95a63fcbc9) C:\Windows\system32\drivers\mfeavfk.sys 22:08:06.0607 5448 mfeavfk - ok 22:08:06.0635 5448 mfeavfk01 - ok 22:08:06.0733 5448 mfehidk (a282a937127ea7b15eb85559e59ae576) C:\Windows\system32\drivers\mfehidk.sys 22:08:06.0736 5448 mfehidk - ok 22:08:06.0768 5448 mferkdet (04d7e0e2a48730a1c535837f105e6352) C:\Windows\system32\drivers\mferkdet.sys 22:08:06.0768 5448 mferkdet - ok 22:08:06.0836 5448 mfevtp (45f1580c7c9f49a68b72ef2ccefef3a3) C:\Windows\system32\mfevtps.exe 22:08:06.0838 5448 mfevtp - ok 22:08:06.0880 5448 mfewfpk (325dd1031cfd71bd4d8afdb1faaf3bea) C:\Windows\system32\drivers\mfewfpk.sys 22:08:06.0881 5448 mfewfpk - ok 22:08:06.0952 5448 Microsoft SharePoint Workspace Audit Service - ok 22:08:06.0986 5448 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 22:08:06.0987 5448 MMCSS - ok 22:08:07.0045 5448 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 22:08:07.0046 5448 Modem - ok 22:08:07.0068 5448 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 22:08:07.0068 5448 monitor - ok 22:08:07.0093 5448 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 22:08:07.0093 5448 mouclass - ok 22:08:07.0135 5448 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 22:08:07.0136 5448 mouhid - ok 22:08:07.0163 5448 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 22:08:07.0164 5448 mountmgr - ok 22:08:07.0208 5448 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 22:08:07.0209 5448 mpio - ok 22:08:07.0238 5448 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 22:08:07.0239 5448 mpsdrv - ok 22:08:07.0335 5448 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 22:08:07.0372 5448 MpsSvc - ok 22:08:07.0386 5448 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 22:08:07.0388 5448 MRxDAV - ok 22:08:07.0404 5448 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 22:08:07.0405 5448 mrxsmb - ok 22:08:07.0459 5448 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 22:08:07.0461 5448 mrxsmb10 - ok 22:08:07.0477 5448 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 22:08:07.0478 5448 mrxsmb20 - ok 22:08:07.0497 5448 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 22:08:07.0497 5448 msahci - ok 22:08:07.0513 5448 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 22:08:07.0514 5448 msdsm - ok 22:08:07.0535 5448 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 22:08:07.0541 5448 MSDTC - ok 22:08:07.0563 5448 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 22:08:07.0564 5448 Msfs - ok 22:08:07.0572 5448 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 22:08:07.0573 5448 mshidkmdf - ok 22:08:07.0591 5448 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 22:08:07.0592 5448 msisadrv - ok 22:08:07.0621 5448 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 22:08:07.0628 5448 MSiSCSI - ok 22:08:07.0630 5448 msiserver - ok 22:08:07.0660 5448 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 22:08:07.0661 5448 MSKSSRV - ok 22:08:07.0665 5448 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 22:08:07.0665 5448 MSPCLOCK - ok 22:08:07.0673 5448 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 22:08:07.0674 5448 MSPQM - ok 22:08:07.0707 5448 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 22:08:07.0709 5448 MsRPC - ok 22:08:07.0718 5448 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 22:08:07.0719 5448 mssmbios - ok 22:08:07.0722 5448 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 22:08:07.0723 5448 MSTEE - ok 22:08:07.0737 5448 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 22:08:07.0737 5448 MTConfig - ok 22:08:07.0758 5448 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 22:08:07.0759 5448 Mup - ok 22:08:07.0796 5448 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 22:08:07.0799 5448 napagent - ok 22:08:07.0936 5448 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 22:08:07.0939 5448 NativeWifiP - ok 22:08:08.0118 5448 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 22:08:08.0123 5448 NDIS - ok 22:08:08.0149 5448 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 22:08:08.0150 5448 NdisCap - ok 22:08:08.0176 5448 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 22:08:08.0177 5448 NdisTapi - ok 22:08:08.0199 5448 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 22:08:08.0200 5448 Ndisuio - ok 22:08:08.0230 5448 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 22:08:08.0231 5448 NdisWan - ok 22:08:08.0261 5448 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 22:08:08.0262 5448 NDProxy - ok 22:08:08.0286 5448 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 22:08:08.0287 5448 NetBIOS - ok 22:08:08.0310 5448 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 22:08:08.0312 5448 NetBT - ok 22:08:08.0346 5448 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 22:08:08.0347 5448 Netlogon - ok 22:08:08.0401 5448 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 22:08:08.0407 5448 Netman - ok 22:08:08.0523 5448 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 22:08:08.0574 5448 NetMsmqActivator - ok 22:08:08.0588 5448 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 22:08:08.0589 5448 NetPipeActivator - ok 22:08:08.0628 5448 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 22:08:08.0631 5448 netprofm - ok 22:08:08.0647 5448 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 22:08:08.0648 5448 NetTcpActivator - ok 22:08:08.0652 5448 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 22:08:08.0653 5448 NetTcpPortSharing - ok 22:08:09.0312 5448 NETw5s64 (18555f48844c2861d9dce8f2b7223ae5) C:\Windows\system32\DRIVERS\NETw5s64.sys 22:08:09.0413 5448 NETw5s64 - ok 22:08:09.0524 5448 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 22:08:09.0525 5448 nfrd960 - ok 22:08:09.0613 5448 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 22:08:09.0615 5448 NlaSvc - ok 22:08:09.0635 5448 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 22:08:09.0636 5448 Npfs - ok 22:08:09.0658 5448 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 22:08:09.0662 5448 nsi - ok 22:08:09.0669 5448 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 22:08:09.0670 5448 nsiproxy - ok 22:08:09.0758 5448 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 22:08:09.0772 5448 Ntfs - ok 22:08:09.0874 5448 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 22:08:09.0874 5448 Null - ok 22:08:09.0909 5448 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys 22:08:09.0910 5448 NVHDA - ok 22:08:11.0278 5448 nvlddmkm (69ff3b6f43817da715824ca79742dec5) C:\Windows\system32\DRIVERS\nvlddmkm.sys 22:08:11.0333 5448 nvlddmkm - ok 22:08:11.0466 5448 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 22:08:11.0467 5448 nvraid - ok 22:08:11.0486 5448 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 22:08:11.0488 5448 nvstor - ok 22:08:11.0550 5448 nvsvc (799ac71b5dabda9955f7043a083ec611) C:\Windows\system32\nvvsvc.exe 22:08:11.0555 5448 nvsvc - ok 22:08:11.0778 5448 nvUpdatusService (a2422cba523e9b297d02dd140bc672f0) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 22:08:11.0787 5448 nvUpdatusService - ok 22:08:11.0880 5448 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 22:08:11.0881 5448 nv_agp - ok 22:08:11.0915 5448 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 22:08:11.0916 5448 ohci1394 - ok 22:08:12.0032 5448 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 22:08:12.0079 5448 ose - ok 22:08:12.0591 5448 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 22:08:12.0670 5448 osppsvc - ok 22:08:12.0827 5448 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 22:08:12.0829 5448 p2pimsvc - ok 22:08:12.0851 5448 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 22:08:12.0861 5448 p2psvc - ok 22:08:12.0894 5448 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 22:08:12.0895 5448 Parport - ok 22:08:12.0910 5448 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 22:08:12.0911 5448 partmgr - ok 22:08:12.0925 5448 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 22:08:12.0932 5448 PcaSvc - ok 22:08:12.0961 5448 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 22:08:12.0962 5448 pci - ok 22:08:12.0975 5448 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 22:08:12.0975 5448 pciide - ok 22:08:12.0994 5448 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 22:08:12.0995 5448 pcmcia - ok 22:08:13.0005 5448 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 22:08:13.0006 5448 pcw - ok 22:08:13.0043 5448 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 22:08:13.0046 5448 PEAUTH - ok 22:08:13.0113 5448 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll 22:08:13.0120 5448 PeerDistSvc - ok 22:08:13.0194 5448 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 22:08:13.0196 5448 PerfHost - ok 22:08:13.0513 5448 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 22:08:13.0574 5448 pla - ok 22:08:13.0617 5448 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 22:08:13.0659 5448 PlugPlay - ok 22:08:13.0673 5448 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 22:08:13.0677 5448 PNRPAutoReg - ok 22:08:13.0702 5448 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 22:08:13.0704 5448 PNRPsvc - ok 22:08:13.0739 5448 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 22:08:13.0784 5448 PolicyAgent - ok 22:08:13.0815 5448 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 22:08:13.0816 5448 Power - ok 22:08:13.0868 5448 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 22:08:13.0869 5448 PptpMiniport - ok 22:08:13.0896 5448 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 22:08:13.0897 5448 Processor - ok 22:08:13.0936 5448 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll 22:08:13.0978 5448 ProfSvc - ok 22:08:14.0004 5448 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 22:08:14.0006 5448 ProtectedStorage - ok 22:08:14.0021 5448 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 22:08:14.0022 5448 Psched - ok 22:08:14.0078 5448 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 22:08:14.0085 5448 ql2300 - ok 22:08:14.0206 5448 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 22:08:14.0207 5448 ql40xx - ok 22:08:14.0232 5448 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 22:08:14.0240 5448 QWAVE - ok 22:08:14.0249 5448 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 22:08:14.0249 5448 QWAVEdrv - ok 22:08:14.0255 5448 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 22:08:14.0256 5448 RasAcd - ok 22:08:14.0287 5448 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 22:08:14.0288 5448 RasAgileVpn - ok 22:08:14.0305 5448 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 22:08:14.0313 5448 RasAuto - ok 22:08:14.0339 5448 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 22:08:14.0340 5448 Rasl2tp - ok 22:08:14.0366 5448 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 22:08:14.0408 5448 RasMan - ok 22:08:14.0422 5448 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 22:08:14.0423 5448 RasPppoe - ok 22:08:14.0436 5448 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 22:08:14.0437 5448 RasSstp - ok 22:08:14.0457 5448 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 22:08:14.0459 5448 rdbss - ok 22:08:14.0476 5448 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 22:08:14.0477 5448 rdpbus - ok 22:08:14.0492 5448 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 22:08:14.0493 5448 RDPCDD - ok 22:08:14.0532 5448 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys 22:08:14.0533 5448 RDPDR - ok 22:08:14.0581 5448 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 22:08:14.0582 5448 RDPENCDD - ok 22:08:14.0587 5448 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 22:08:14.0587 5448 RDPREFMP - ok 22:08:14.0637 5448 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys 22:08:14.0637 5448 RdpVideoMiniport - ok 22:08:14.0665 5448 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 22:08:14.0666 5448 RDPWD - ok 22:08:14.0694 5448 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 22:08:14.0695 5448 rdyboost - ok 22:08:14.0730 5448 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 22:08:14.0735 5448 RemoteAccess - ok 22:08:14.0767 5448 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 22:08:14.0772 5448 RemoteRegistry - ok 22:08:14.0809 5448 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 22:08:14.0811 5448 RFCOMM - ok 22:08:14.0845 5448 rimspci (fa6abc06b629da29634d31f1fe0347bd) C:\Windows\system32\DRIVERS\rimssne64.sys 22:08:14.0846 5448 rimspci - ok 22:08:14.0877 5448 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys 22:08:14.0878 5448 RimUsb - ok 22:08:14.0919 5448 risdsnpe (8f8539a7f5c117d4407b2985995671f2) C:\Windows\system32\DRIVERS\risdsne64.sys 22:08:14.0920 5448 risdsnpe - ok 22:08:14.0937 5448 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 22:08:14.0945 5448 RpcEptMapper - ok 22:08:15.0032 5448 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 22:08:15.0047 5448 RpcLocator - ok 22:08:15.0118 5448 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 22:08:15.0121 5448 RpcSs - ok 22:08:15.0187 5448 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 22:08:15.0188 5448 rspndr - ok 22:08:15.0207 5448 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys 22:08:15.0208 5448 s3cap - ok 22:08:15.0242 5448 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 22:08:15.0243 5448 SamSs - ok 22:08:15.0262 5448 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 22:08:15.0263 5448 sbp2port - ok 22:08:15.0291 5448 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 22:08:15.0298 5448 SCardSvr - ok 22:08:15.0326 5448 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 22:08:15.0327 5448 scfilter - ok 22:08:15.0410 5448 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 22:08:15.0445 5448 Schedule - ok 22:08:15.0474 5448 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 22:08:15.0475 5448 SCPolicySvc - ok 22:08:15.0513 5448 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys 22:08:15.0514 5448 sdbus - ok 22:08:15.0593 5448 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 22:08:15.0623 5448 SDRSVC - ok 22:08:15.0684 5448 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 22:08:15.0684 5448 secdrv - ok 22:08:15.0695 5448 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 22:08:15.0731 5448 seclogon - ok 22:08:15.0753 5448 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 22:08:15.0755 5448 SENS - ok 22:08:15.0767 5448 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 22:08:15.0769 5448 SensrSvc - ok 22:08:15.0773 5448 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 22:08:15.0774 5448 Serenum - ok 22:08:15.0814 5448 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 22:08:15.0816 5448 Serial - ok 22:08:15.0837 5448 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 22:08:15.0837 5448 sermouse - ok 22:08:15.0871 5448 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 22:08:15.0901 5448 SessionEnv - ok 22:08:15.0994 5448 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\DRIVERS\SFEP.sys 22:08:15.0994 5448 SFEP - ok 22:08:16.0059 5448 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 22:08:16.0060 5448 sffdisk - ok 22:08:16.0101 5448 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 22:08:16.0102 5448 sffp_mmc - ok 22:08:16.0119 5448 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 22:08:16.0120 5448 sffp_sd - ok 22:08:16.0145 5448 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 22:08:16.0146 5448 sfloppy - ok 22:08:16.0208 5448 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 22:08:16.0216 5448 SharedAccess - ok 22:08:16.0253 5448 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 22:08:16.0256 5448 ShellHWDetection - ok 22:08:16.0290 5448 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 22:08:16.0291 5448 SiSRaid2 - ok 22:08:16.0317 5448 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 22:08:16.0318 5448 SiSRaid4 - ok 22:08:16.0349 5448 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 22:08:16.0350 5448 Smb - ok 22:08:16.0411 5448 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 22:08:16.0416 5448 SNMPTRAP - ok 22:08:16.0453 5448 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 22:08:16.0453 5448 spldr - ok 22:08:16.0491 5448 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 22:08:16.0494 5448 Spooler - ok 22:08:16.0954 5448 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 22:08:16.0968 5448 sppsvc - ok 22:08:17.0070 5448 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 22:08:17.0075 5448 sppuinotify - ok 22:08:17.0120 5448 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 22:08:17.0123 5448 srv - ok 22:08:17.0181 5448 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 22:08:17.0184 5448 srv2 - ok 22:08:17.0214 5448 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 22:08:17.0215 5448 srvnet - ok 22:08:17.0250 5448 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 22:08:17.0252 5448 SSDPSRV - ok 22:08:17.0273 5448 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 22:08:17.0278 5448 SstpSvc - ok 22:08:17.0348 5448 Stereo Service (80d035bcaa65a0644ea169d6ca6bcb98) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 22:08:17.0350 5448 Stereo Service - ok 22:08:17.0401 5448 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 22:08:17.0402 5448 stexstor - ok 22:08:17.0470 5448 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 22:08:17.0505 5448 stisvc - ok 22:08:17.0527 5448 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys 22:08:17.0528 5448 storflt - ok 22:08:17.0552 5448 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll 22:08:17.0555 5448 StorSvc - ok 22:08:17.0580 5448 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys 22:08:17.0581 5448 storvsc - ok 22:08:17.0587 5448 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 22:08:17.0588 5448 swenum - ok 22:08:17.0626 5448 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 22:08:17.0639 5448 swprv - ok 22:08:17.0662 5448 Synth3dVsc - ok 22:08:17.0732 5448 SynTP (20f8f4c2ed3f492da318d98e72f77209) C:\Windows\system32\DRIVERS\SynTP.sys 22:08:17.0734 5448 SynTP - ok 22:08:17.0864 5448 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 22:08:17.0880 5448 SysMain - ok 22:08:18.0145 5448 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 22:08:18.0178 5448 TabletInputService - ok 22:08:18.0229 5448 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 22:08:18.0274 5448 TapiSrv - ok 22:08:18.0343 5448 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 22:08:18.0344 5448 TBS - ok 22:08:18.0620 5448 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 22:08:18.0658 5448 Tcpip - ok 22:08:18.0861 5448 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 22:08:18.0869 5448 TCPIP6 - ok 22:08:18.0934 5448 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 22:08:18.0935 5448 tcpipreg - ok 22:08:18.0967 5448 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 22:08:18.0968 5448 TDPIPE - ok 22:08:18.0997 5448 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 22:08:18.0998 5448 TDTCP - ok 22:08:19.0017 5448 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 22:08:19.0018 5448 tdx - ok 22:08:19.0067 5448 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 22:08:19.0068 5448 TermDD - ok 22:08:19.0157 5448 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 22:08:19.0162 5448 TermService - ok 22:08:19.0219 5448 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 22:08:19.0224 5448 Themes - ok 22:08:19.0254 5448 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 22:08:19.0255 5448 THREADORDER - ok 22:08:19.0312 5448 TIRmtSvc (8b522b91be7ce217efc1fa6c70c4465a) C:\WINDOWS\TIREMOTE\TIRemoteService.exe 22:08:19.0314 5448 TIRmtSvc - ok 22:08:19.0336 5448 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 22:08:19.0341 5448 TrkWks - ok 22:08:19.0396 5448 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 22:08:19.0397 5448 TrustedInstaller - ok 22:08:19.0463 5448 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 22:08:19.0464 5448 tssecsrv - ok 22:08:19.0496 5448 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 22:08:19.0497 5448 TsUsbFlt - ok 22:08:19.0501 5448 tsusbhub - ok 22:08:19.0556 5448 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 22:08:19.0557 5448 tunnel - ok 22:08:19.0585 5448 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 22:08:19.0586 5448 uagp35 - ok 22:08:19.0626 5448 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 22:08:19.0628 5448 udfs - ok 22:08:19.0655 5448 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 22:08:19.0660 5448 UI0Detect - ok 22:08:19.0680 5448 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 22:08:19.0680 5448 uliagpkx - ok 22:08:19.0702 5448 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 22:08:19.0702 5448 umbus - ok 22:08:19.0713 5448 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 22:08:19.0714 5448 UmPass - ok 22:08:19.0744 5448 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll 22:08:19.0784 5448 UmRdpService - ok 22:08:19.0808 5448 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 22:08:19.0813 5448 upnphost - ok 22:08:19.0902 5448 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys 22:08:19.0903 5448 USBAAPL64 - ok 22:08:19.0982 5448 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 22:08:19.0983 5448 usbccgp - ok 22:08:20.0025 5448 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 22:08:20.0026 5448 usbcir - ok 22:08:20.0049 5448 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 22:08:20.0050 5448 usbehci - ok 22:08:20.0090 5448 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 22:08:20.0092 5448 usbhub - ok 22:08:20.0114 5448 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 22:08:20.0114 5448 usbohci - ok 22:08:20.0146 5448 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 22:08:20.0146 5448 usbprint - ok 22:08:20.0208 5448 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 22:08:20.0208 5448 usbscan - ok 22:08:20.0259 5448 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 22:08:20.0260 5448 USBSTOR - ok 22:08:20.0326 5448 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 22:08:20.0326 5448 usbuhci - ok 22:08:20.0421 5448 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 22:08:20.0423 5448 usbvideo - ok 22:08:20.0469 5448 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 22:08:20.0475 5448 UxSms - ok 22:08:20.0601 5448 VAIO Event Service (a60605fc66552b421ee1f3d4ebb9a4e0) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe 22:08:20.0602 5448 VAIO Event Service - ok 22:08:20.0699 5448 VAIO Power Management (d469be2723f79cf4b384680b1fdc577d) C:\Program Files\Sony\VAIO Power Management\SPMService.exe 22:08:20.0702 5448 VAIO Power Management - ok 22:08:20.0723 5448 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 22:08:20.0724 5448 VaultSvc - ok 22:08:20.0742 5448 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 22:08:20.0743 5448 vdrvroot - ok 22:08:20.0804 5448 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 22:08:20.0852 5448 vds - ok 22:08:20.0895 5448 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 22:08:20.0895 5448 vga - ok 22:08:20.0924 5448 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 22:08:20.0925 5448 VgaSave - ok 22:08:20.0951 5448 VGPU - ok 22:08:20.0988 5448 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 22:08:20.0990 5448 vhdmp - ok 22:08:21.0008 5448 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 22:08:21.0008 5448 viaide - ok 22:08:21.0065 5448 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys 22:08:21.0067 5448 vmbus - ok 22:08:21.0122 5448 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys 22:08:21.0122 5448 VMBusHID - ok 22:08:21.0187 5448 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 22:08:21.0188 5448 volmgr - ok 22:08:21.0253 5448 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 22:08:21.0255 5448 volmgrx - ok 22:08:21.0375 5448 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 22:08:21.0377 5448 volsnap - ok 22:08:21.0451 5448 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 22:08:21.0452 5448 vsmraid - ok 22:08:21.0596 5448 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 22:08:21.0648 5448 VSS - ok 22:08:21.0756 5448 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 22:08:21.0756 5448 vwifibus - ok 22:08:21.0781 5448 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 22:08:21.0782 5448 vwififlt - ok 22:08:21.0818 5448 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 22:08:21.0819 5448 vwifimp - ok 22:08:21.0856 5448 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 22:08:21.0866 5448 W32Time - ok 22:08:21.0899 5448 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 22:08:21.0900 5448 WacomPen - ok 22:08:22.0009 5448 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 22:08:22.0010 5448 WANARP - ok 22:08:22.0014 5448 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 22:08:22.0016 5448 Wanarpv6 - ok 22:08:22.0246 5448 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 22:08:22.0298 5448 WatAdminSvc - ok 22:08:22.0432 5448 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 22:08:22.0492 5448 wbengine - ok 22:08:22.0625 5448 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 22:08:22.0627 5448 WbioSrvc - ok 22:08:22.0683 5448 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 22:08:22.0715 5448 wcncsvc - ok 22:08:22.0732 5448 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 22:08:22.0735 5448 WcsPlugInService - ok 22:08:22.0790 5448 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 22:08:22.0791 5448 Wd - ok 22:08:22.0855 5448 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 22:08:22.0858 5448 Wdf01000 - ok 22:08:22.0879 5448 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 22:08:22.0886 5448 WdiServiceHost - ok 22:08:22.0889 5448 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 22:08:22.0891 5448 WdiSystemHost - ok 22:08:22.0960 5448 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 22:08:23.0017 5448 WebClient - ok 22:08:23.0044 5448 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 22:08:23.0052 5448 Wecsvc - ok 22:08:23.0089 5448 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 22:08:23.0093 5448 wercplsupport - ok 22:08:23.0121 5448 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 22:08:23.0125 5448 WerSvc - ok 22:08:23.0163 5448 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 22:08:23.0164 5448 WfpLwf - ok 22:08:23.0178 5448 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 22:08:23.0179 5448 WIMMount - ok 22:08:23.0205 5448 WinDefend - ok 22:08:23.0212 5448 WinHttpAutoProxySvc - ok 22:08:23.0294 5448 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 22:08:23.0301 5448 Winmgmt - ok 22:08:23.0457 5448 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 22:08:23.0506 5448 WinRM - ok 22:08:23.0876 5448 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys 22:08:23.0877 5448 WinUsb - ok 22:08:24.0016 5448 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 22:08:24.0026 5448 Wlansvc - ok 22:08:24.0076 5448 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 22:08:24.0077 5448 WmiAcpi - ok 22:08:24.0136 5448 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 22:08:24.0142 5448 wmiApSrv - ok 22:08:24.0176 5448 WMPNetworkSvc - ok 22:08:24.0198 5448 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 22:08:24.0203 5448 WPCSvc - ok 22:08:24.0233 5448 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 22:08:24.0235 5448 WPDBusEnum - ok 22:08:24.0256 5448 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 22:08:24.0256 5448 ws2ifsl - ok 22:08:24.0283 5448 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll 22:08:24.0285 5448 wscsvc - ok 22:08:24.0288 5448 WSearch - ok 22:08:24.0430 5448 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 22:08:24.0440 5448 wuauserv - ok 22:08:24.0611 5448 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 22:08:24.0612 5448 WudfPf - ok 22:08:24.0627 5448 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 22:08:24.0628 5448 WUDFRd - ok 22:08:24.0653 5448 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 22:08:24.0690 5448 wudfsvc - ok 22:08:24.0717 5448 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 22:08:24.0726 5448 WwanSvc - ok 22:08:24.0773 5448 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 22:08:24.0802 5448 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected 22:08:24.0803 5448 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0) 22:08:24.0834 5448 Boot (0x1200) (4580e43ecdae801d8652a68ac2c6795d) \Device\Harddisk0\DR0\Partition0 22:08:24.0836 5448 \Device\Harddisk0\DR0\Partition0 - ok 22:08:24.0849 5448 Boot (0x1200) (c6124f9b61ca809682374e09392d1537) \Device\Harddisk0\DR0\Partition1 22:08:24.0850 5448 \Device\Harddisk0\DR0\Partition1 - ok 22:08:24.0850 5448 ============================================================ 22:08:24.0850 5448 Scan finished 22:08:24.0850 5448 ============================================================ 22:08:24.0863 4228 Detected object count: 1 22:08:24.0863 4228 Actual detected object count: 1 22:09:06.0569 4228 \Device\Harddisk0\DR0\# - copied to quarantine 22:09:06.0574 4228 \Device\Harddisk0\DR0 - copied to quarantine 22:09:06.0603 4228 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine 22:09:06.0740 4228 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine 22:09:06.0774 4228 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 22:09:11.0878 4228 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 22:09:12.0064 4228 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 22:09:17.0915 4228 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 22:09:18.0041 4228 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine 22:09:18.0141 4228 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 22:09:18.0252 4228 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine 22:09:18.0518 4228 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 22:09:18.0648 4228 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 22:09:18.0747 4228 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine 22:09:18.0755 4228 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine 22:09:18.0761 4228 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine 22:09:18.0789 4228 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 22:09:18.0941 4228 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot 22:09:18.0971 4228 \Device\Harddisk0\DR0 - ok 22:09:18.0978 4228 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 22:09:58.0111 6888 Deinitialize success
  9. Ok here we go 4 items: ============================================================================== (1) CHECKUP.TXT --------------------------------- Results of screen317's Security Check version 0.99.42 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! McAfee VirusScan Enterprise Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.61.0.1400 Java™ 6 Update 30 Java version out of Date! Mozilla Firefox 11.0 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` McAfee VirusScan Enterprise mfeann.exe McAfee VirusScan Enterprise VsTskMgr.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` ============================================================================= (2) LOG FROM COMBOFIX: ------------------------------------- ComboFix 12-07-06.02 - ebhandari 07/06/2012 13:01:35.1.4 - x64 Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.8055.6298 [GMT -7:00] Running from: c:\users\ebhandari\Desktop\ComboFix.exe AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point * Resident AV is active . . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk c:\windows\Installer\{1427c4e0-5d2d-54ec-86e7-77196502e050}\@ c:\windows\Installer\{1427c4e0-5d2d-54ec-86e7-77196502e050}\L\00000004.@ c:\windows\Installer\{1427c4e0-5d2d-54ec-86e7-77196502e050}\L\1afb2d56 c:\windows\Installer\{1427c4e0-5d2d-54ec-86e7-77196502e050}\L\201d3dde c:\windows\Installer\{1427c4e0-5d2d-54ec-86e7-77196502e050}\n c:\windows\Installer\{1427c4e0-5d2d-54ec-86e7-77196502e050}\U\00000004.@ c:\windows\Installer\{1427c4e0-5d2d-54ec-86e7-77196502e050}\U\00000008.@ c:\windows\Installer\{1427c4e0-5d2d-54ec-86e7-77196502e050}\U\000000cb.@ c:\windows\Installer\{1427c4e0-5d2d-54ec-86e7-77196502e050}\U\80000000.@ c:\windows\Installer\{1427c4e0-5d2d-54ec-86e7-77196502e050}\U\80000032.@ c:\windows\Installer\{1427c4e0-5d2d-54ec-86e7-77196502e050}\U\80000064.@ c:\windows\svchost.exe c:\windows\assembly\GAC_32\Desktop.ini . . . . Failed to delete c:\windows\assembly\GAC_64\Desktop.ini . . . . Failed to delete . Infected copy of c:\windows\system32\Services.exe was found and disinfected Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe . . ((((((((((((((((((((((((( Files Created from 2012-06-06 to 2012-07-06 ))))))))))))))))))))))))))))))) . . 2012-07-06 20:10 . 2012-07-06 20:10 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-07-06 20:10 . 2012-07-06 20:10 -------- d-----w- c:\users\smitchell\AppData\Local\temp 2012-07-06 20:10 . 2012-07-06 20:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-06 20:10 . 2012-07-06 20:10 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2012-07-06 20:10 . 2012-07-06 20:10 -------- d-----w- c:\users\admin\AppData\Local\temp 2012-07-06 16:41 . 2012-07-06 16:41 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-07-06 16:28 . 2012-07-06 16:28 -------- d-----w- c:\windows\Sun 2012-07-03 12:26 . 2012-07-05 09:25 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{59F9BB98-0F78-485D-B249-70D14C8200DF}\offreg.dll 2012-07-03 12:25 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{59F9BB98-0F78-485D-B249-70D14C8200DF}\mpengine.dll 2012-06-29 00:26 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-06-29 00:26 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-06-29 00:26 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-29 00:26 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-29 00:26 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-06-29 00:26 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-06-29 00:26 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-06-29 00:25 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll 2012-06-29 00:25 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-06-26 06:02 . 2012-06-26 06:02 -------- d-----w- c:\users\ebhandari\AppData\Local\Vid-Saver 2012-06-26 06:02 . 2012-06-26 06:02 -------- d-----w- c:\program files (x86)\Vid-Saver 2012-06-26 06:02 . 2012-06-26 06:02 -------- d-----w- c:\program files (x86)\BitTorrent 2012-06-26 06:01 . 2012-07-02 16:24 -------- d-----w- c:\users\ebhandari\AppData\Roaming\BitTorrent 2012-06-21 15:47 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 15:47 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 15:47 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 15:47 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 15:47 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-21 15:47 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 15:47 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 15:46 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 15:46 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-21 15:40 . 2012-06-21 15:40 -------- d-----w- c:\programdata\BigFix 2012-06-19 19:57 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-06-19 19:57 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-06-19 19:57 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-06-19 19:54 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys 2012-06-19 19:46 . 2012-04-28 05:32 1112064 ----a-w- c:\windows\system32\rdpcorets.dll 2012-06-19 19:46 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-19 19:40 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-19 19:40 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-19 19:40 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-19 19:39 . 2012-03-29 23:07 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-19 19:39 . 2011-06-07 17:35 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-19 17:39 . 2012-03-29 19:40 94208 ----a-w- c:\windows\TIRHService.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-03 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696] "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-06-01 673136] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-12 215360] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2012-05-16 12098648] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736] "McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2011-11-15 333376] . c:\users\ebhandari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-8 1128224] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "SynchronousMachineGroupPolicy"= 1 (0x1) "SynchronousUserGroupPolicy"= 1 (0x1) "MaxGPOScriptWait"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 136176] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-19 257224] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 136176] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-12-29 97960] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-07 1255736] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-12-29 281544] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336] S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-12-29 156248] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-04 2255464] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys [2010-08-05 94208] S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsne64.sys [2010-08-05 78848] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-04 379496] S2 TIRmtSvc;Track-It! Workstation Manager;c:\windows\TIREMOTE\TIRemoteService.exe [2011-10-31 210944] S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-22 575856] S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-08-05 342056] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-08-05 39464] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-18 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-08-12 158976] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-05-31 7689216] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-05-10 174184] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 11392] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2012-07-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:39] . 2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 06:43] . 2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 06:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2010-04-27 22:48 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2010-04-27 22:48 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-03 11842152] "PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2010-04-27 84744] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://graceland/Pages/Home.aspx mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 172.24.1.155 10.8.142.103 10.3.8.39 10.3.8.28 FF - ProfilePath - . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-ares - c:\program files (x86)\Ares\Ares.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90, 43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87 "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b, 27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}"=hex:51,66,7a,6c,4c,1d,38,12,ce,98,c3, 35,c7,5c,a0,09,c1,9c,6a,63,e2,38,41,ce "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1, 79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25 "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b, ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3 "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f, aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04 "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0, b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84, f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63 "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:1a,f4,07,a5,d7,58,cd,01 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe c:\program files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe c:\program files (x86)\McAfee\VirusScan Enterprise\mfeann.exe c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe c:\windows\SysWOW64\DllHost.exe c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe c:\\.\globalroot\systemroot\svchost.exe c:\program files (x86)\BigFix Enterprise\BES Client\BESClient.exe c:\program files (x86)\BigFix Enterprise\BES Client\BESClientUI.exe . ************************************************************************** . Completion time: 2012-07-06 13:22:22 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-06 20:22 . Pre-Run: 378,074,447,872 bytes free Post-Run: 380,502,237,184 bytes free . - - End Of File - - C28C4E995862AE5C7EB6DD402CD4301A ================================================== (3) Problems I have had: -------------------------------- - my computer was blue screening periodically - when re-booting it would take 2 or 3 re-boot before getting my computer to a point where I could open programs - in the 2 or 3 times it would blue screen, or freeze at boot screen ==================================================== (4) How is the computer doing now? ------------------------------------------------ - I have not tried to reboot - random music/radio is still there
  10. DDS.txt LOG ================= . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30 Run by ebhandari at 16:29:40 on 2012-07-03 Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.8055.4314 [GMT -7:00] . AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k WbioSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Windows\system32\mfevtps.exe C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k regsvc C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\WINDOWS\TIREMOTE\TIRemoteService.exe C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Windows\SysWOW64\DllHost.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Protector Suite\upeksvr.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Protector Suite\psqltray.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Microsoft Lync\communicator.exe C:\Windows\SysWOW64\RunDll32.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe C:\Program Files (x86)\McAfee\Common Framework\McTray.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClientUI.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Cisco Systems\VPN Client\vpngui.exe C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files\Sony\VAIO Power Management\SPMService.exe C:\Windows\splwow64.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Microsoft Lync\UcMapi.exe C:\Program Files (x86)\GL Wand\OracleBP.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe C:\Program Files (x86)\Java\jre6\bin\java.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe -netsvcs C:\Windows\system32\conhost.exe C:\Program Files (x86)\Microsoft Office\Office14\NAMECONTROLSERVER.EXE C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\mcconsol.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://graceland/Pages/Home.aspx uWindow Title = Windows Internet Explorer provided by Gracenote, Inc. uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Lync Browser Helper: {31d09ba0-12f5-4cce-be8a-2923e76605da} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111228165507.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [<NO NAME>] mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey StartupFolder: C:\Users\EBHAND~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) mPolicies-system: SynchronousMachineGroupPolicy = 1 (0x1) mPolicies-system: SynchronousUserGroupPolicy = 1 (0x1) mPolicies-system: MaxGPOScriptWait = 0 (0x0) IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll Trusted Zone: intuit.com\ttlc DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://oracleweb.webex.com/client/WBXclient-T27L10NSP31-13320/webex/ieatgpc1.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 172.24.1.155 10.8.142.103 10.3.8.39 10.3.8.28 TCP: Interfaces\{A8CF4239-A7E3-4B62-8017-972A18AE7E0F} : DhcpNameServer = 172.24.1.155 10.8.142.103 10.3.8.39 10.3.8.28 TCP: Interfaces\{EAD167A8-A26A-49B4-BC39-4F21FE88B4B3} : DhcpNameServer = 172.24.1.155 10.8.142.103 10.3.8.39 10.3.8.28 TCP: Interfaces\{EAD167A8-A26A-49B4-BC39-4F21FE88B4B3}\268616E646162796D256874756E6465646 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{EAD167A8-A26A-49B4-BC39-4F21FE88B4B3}\268616E646162796F57657563747 : DhcpNameServer = 8.8.8.8 208.67.222.222 TCP: Interfaces\{EAD167A8-A26A-49B4-BC39-4F21FE88B4B3}\96E66756E647F62797 : DhcpNameServer = 8.8.8.8 208.67.222.222 TCP: Interfaces\{EAD167A8-A26A-49B4-BC39-4F21FE88B4B3}\D416272796F64747 : DhcpNameServer = 4.2.2.1 TCP: Interfaces\{EAD167A8-A26A-49B4-BC39-4F21FE88B4B3}\D416272796F6474702C4F6262697 : DhcpNameServer = 4.2.2.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL LSA: Notification Packages = scecli C:\Program Files\Protector Suite\psqlpwd.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll BHO-X64: Lync add-on BHO - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111228165507.dll BHO-X64: scriptproxy - No File BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [(Default)] mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?] R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-6-7 13336] R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672] R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-11-15 132672] R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-12-28 190256] R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2011-1-12 209760] R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-12-28 2255464] R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimssne64.sys --> C:\Windows\system32\DRIVERS\rimssne64.sys [?] R2 risdsnpe;risdsnpe;C:\Windows\system32\DRIVERS\risdsne64.sys --> C:\Windows\system32\DRIVERS\risdsne64.sys [?] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496] R2 TIRmtSvc;Track-It! Workstation Manager;C:\Windows\TIREMOTE\TIRemoteService.exe [2012-3-29 210944] R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2011-6-17 575856] R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?] R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-2 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 257224] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-2 136176] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-07-03 12:26:13 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{59F9BB98-0F78-485D-B249-70D14C8200DF}\offreg.dll 2012-07-03 12:25:03 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{59F9BB98-0F78-485D-B249-70D14C8200DF}\mpengine.dll 2012-07-02 21:07:40 20480 ----a-w- C:\Windows\svchost.exe 2012-06-29 00:26:40 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-06-29 00:26:35 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-06-29 00:26:34 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-06-29 00:26:34 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-06-29 00:26:34 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-06-29 00:26:33 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-06-29 00:26:32 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-06-29 00:25:54 3216384 ----a-w- C:\Windows\System32\msi.dll 2012-06-29 00:25:53 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-06-26 06:02:13 -------- d-----w- C:\Users\ebhandari\AppData\Local\Vid-Saver 2012-06-26 06:02:12 -------- d-----w- C:\Program Files (x86)\Vid-Saver 2012-06-26 06:02:08 -------- d-----w- C:\Program Files (x86)\BitTorrent 2012-06-26 06:01:29 -------- d-----w- C:\Users\ebhandari\AppData\Roaming\BitTorrent 2012-06-21 15:47:23 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-21 15:47:05 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-21 15:46:27 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-21 15:46:27 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-21 15:40:50 -------- d-----w- C:\ProgramData\BigFix 2012-06-19 19:57:02 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-06-19 19:57:01 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-06-19 19:57:01 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-06-19 19:54:25 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-06-19 19:46:17 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-06-19 19:46:17 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll 2012-06-19 19:40:34 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-06-19 19:40:34 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-06-19 19:40:33 77312 ----a-w- C:\Windows\System32\rdpwsx.dll . ==================== Find3M ==================== . 2012-06-19 19:39:18 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-19 19:39:18 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-04-19 17:39:45 94208 ----a-w- C:\Windows\TIRHService.exe . ============= FINISH: 16:31:14.93 =============== ATTACH.TXT . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Enterprise Boot Device: \Device\HarddiskVolume1 Install Date: 12/7/2011 1:27:04 PM System Uptime: 7/2/2012 10:20:55 PM (18 hours ago) . Motherboard: Sony Corporation | | VAIO Processor: Intel® Core i7 CPU M 640 @ 2.80GHz | N/A | 2800/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 466 GiB total, 348.133 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Description: Lexmark X422 Device ID: ROOT\IMAGE\0000 Manufacturer: Lexmark Name: Lexmark X422 PNP Device ID: ROOT\IMAGE\0000 Service: usbscan . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Cisco Systems VPN Adapter for 64-bit Windows Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter for 64-bit Windows PNP Device ID: ROOT\NET\0000 Service: CVirtA . ==== System Restore Points =================== . RP100: 6/21/2012 8:45:19 AM - Windows Update RP101: 6/26/2012 4:31:28 AM - Windows Update RP102: 6/28/2012 5:26:52 PM - Windows Update RP103: 7/3/2012 5:23:42 AM - Windows Update . ==== Installed Programs ====================== . . Adobe Acrobat X Standard - English, Français, Deutsch Adobe Digital Editions Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin ROGUEKILLER REPORT RogueKiller V7.6.2 [07/02/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: ebhandari [Admin rights] Mode: Scan -- Date: 07/03/2012 16:51:04 ¤¤¤ Bad processes: 1 ¤¤¤ [sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 4 ¤¤¤ [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS725050A9A360 +++++ --- User --- [MBR] d602b712dbc5b1ecd1bfb6e8f7a4dec0 [bSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo User != LL1 ... KO! --- LL1 --- [MBR] 889f1cce0160e1126d14d1766f1f7b41 [bSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows 7 MBR Code Partition table: 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo User != LL2 ... KO! --- LL2 --- [MBR] 889f1cce0160e1126d14d1766f1f7b41 [bSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows 7 MBR Code Partition table: 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo Finished : << RKreport[1].txt >> RKreport[1].txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.