helpmeplease1
-
Posts
13 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by helpmeplease1
-
-
ESET SCAN REPORT
------------------------------------------
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GO5Y9JPZ\kittyflix_com[1].htm HTML/ScrInject.B.Gen virus
C:\TDSSKiller_Quarantine\08.07.2012_22.07.46\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\08.07.2012_22.07.46\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\08.07.2012_22.07.46\mbr0000\tdlfs0000\tsk0009.dta a variant of Win32/Olmarik.AYI trojan
-
I need a little more time.
Thanks
-
(1) log from MBAM - see bleow
(2) Report from Hijackthis - see below
(3) do not seem to have any issues
(4) no issues as in the past
================================
LOG FROM MBAM
----------------------------------------------------
Malwarebytes Anti-Malware 1.62.0.1300
Database version: v2012.07.12.11
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ebhandari :: EBHANDARI-GNNB [administrator]
7/12/2012 3:19:53 PM
mbam-log-2012-07-12 (15-19-53).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 299779
Time elapsed: 3 minute(s), 54 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
==========================================
Report from Hijackthis
--------------------------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:27:01 PM, on 7/12/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Microsoft Lync\communicator.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClientUI.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Microsoft Lync\UcMapi.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft Office\Office14\NAMECONTROLSERVER.EXE
C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre6\bin\java.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\ebhandari\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://graceland/Pages/Home.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Gracenote, Inc.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Lync add-on BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111228165507.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://oracleweb.webex.com/client/WBXclient-T27L10NSP31-13320/webex/ieatgpc1.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gracenote.gracenote.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gracenote.gracenote.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.grace
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = gracenote.gracenote.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.grace
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.gracenote.com,gracenote.grace
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BES Client (BESClient) - Unknown owner - C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Track-It! Workstation Manager (TIRmtSvc) - Numara Software, Inc. - C:\WINDOWS\TIREMOTE\TIRemoteService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 15443 bytes
-
TDSSKiller detected no threat.
Btw after rebooting I have not received the "Host Process for Windows Tasks has stopped working" message
===============================
TDSSKILLER REPORT
--------------------------------------------------
10:41:11.0833 3796 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
10:41:12.0379 3796 ============================================================
10:41:12.0379 3796 Current date / time: 2012/07/11 10:41:12.0379
10:41:12.0379 3796 SystemInfo:
10:41:12.0379 3796
10:41:12.0379 3796 OS Version: 6.1.7601 ServicePack: 1.0
10:41:12.0379 3796 Product type: Workstation
10:41:12.0379 3796 ComputerName: EBHANDARI-GNNB
10:41:12.0379 3796 UserName: ebhandari
10:41:12.0379 3796 Windows directory: C:\Windows
10:41:12.0379 3796 System windows directory: C:\Windows
10:41:12.0379 3796 Running under WOW64
10:41:12.0379 3796 Processor architecture: Intel x64
10:41:12.0379 3796 Number of processors: 4
10:41:12.0379 3796 Page size: 0x1000
10:41:12.0379 3796 Boot type: Normal boot
10:41:12.0379 3796 ============================================================
10:41:12.0878 3796 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:41:12.0878 3796 ============================================================
10:41:12.0878 3796 \Device\Harddisk0\DR0:
10:41:12.0878 3796 MBR partitions:
10:41:12.0878 3796 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:41:12.0878 3796 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353030
10:41:12.0878 3796 ============================================================
10:41:12.0910 3796 C: <-> \Device\Harddisk0\DR0\Partition1
10:41:12.0910 3796 ============================================================
10:41:12.0910 3796 Initialize success
10:41:12.0910 3796 ============================================================
10:41:15.0187 4244 ============================================================
10:41:15.0187 4244 Scan started
10:41:15.0187 4244 Mode: Manual;
10:41:15.0187 4244 ============================================================
10:41:16.0201 4244 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:41:16.0201 4244 1394ohci - ok
10:41:16.0529 4244 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
10:41:16.0591 4244 ACDaemon - ok
10:41:16.0997 4244 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:41:16.0997 4244 ACPI - ok
10:41:17.0106 4244 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:41:17.0106 4244 AcpiPmi - ok
10:41:17.0496 4244 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:41:17.0496 4244 AdobeFlashPlayerUpdateSvc - ok
10:41:17.0746 4244 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:41:17.0746 4244 adp94xx - ok
10:41:17.0948 4244 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:41:17.0948 4244 adpahci - ok
10:41:18.0073 4244 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:41:18.0073 4244 adpu320 - ok
10:41:18.0198 4244 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:41:18.0198 4244 AeLookupSvc - ok
10:41:18.0526 4244 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:41:18.0526 4244 AFD - ok
10:41:18.0557 4244 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:41:18.0557 4244 agp440 - ok
10:41:18.0588 4244 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:41:18.0588 4244 ALG - ok
10:41:18.0650 4244 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:41:18.0650 4244 aliide - ok
10:41:18.0666 4244 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:41:18.0666 4244 amdide - ok
10:41:18.0682 4244 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:41:18.0682 4244 AmdK8 - ok
10:41:18.0728 4244 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:41:18.0728 4244 AmdPPM - ok
10:41:18.0775 4244 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:41:18.0775 4244 amdsata - ok
10:41:18.0838 4244 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:41:18.0838 4244 amdsbs - ok
10:41:18.0931 4244 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:41:18.0931 4244 amdxata - ok
10:41:19.0150 4244 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:41:19.0150 4244 AppID - ok
10:41:19.0274 4244 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:41:19.0290 4244 AppIDSvc - ok
10:41:19.0415 4244 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:41:19.0415 4244 Appinfo - ok
10:41:19.0758 4244 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:41:19.0758 4244 Apple Mobile Device - ok
10:41:20.0070 4244 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
10:41:20.0070 4244 AppMgmt - ok
10:41:20.0117 4244 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:41:20.0117 4244 arc - ok
10:41:20.0148 4244 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:41:20.0148 4244 arcsas - ok
10:41:20.0367 4244 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:41:20.0491 4244 aspnet_state - ok
10:41:20.0585 4244 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:41:20.0585 4244 AsyncMac - ok
10:41:20.0694 4244 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:41:20.0694 4244 atapi - ok
10:41:21.0053 4244 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:41:21.0162 4244 AudioEndpointBuilder - ok
10:41:21.0162 4244 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:41:21.0162 4244 AudioSrv - ok
10:41:21.0225 4244 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:41:21.0256 4244 AxInstSV - ok
10:41:21.0490 4244 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:41:21.0490 4244 b06bdrv - ok
10:41:21.0708 4244 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:41:21.0708 4244 b57nd60a - ok
10:41:21.0864 4244 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:41:21.0880 4244 BDESVC - ok
10:41:21.0911 4244 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:41:21.0911 4244 Beep - ok
10:41:23.0097 4244 BESClient (cbdc51c584fd4a6bbd06727d82a11428) C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe
10:41:23.0221 4244 BESClient - ok
10:41:24.0064 4244 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
10:41:24.0204 4244 BFE - ok
10:41:25.0171 4244 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
10:41:25.0187 4244 BITS - ok
10:41:25.0281 4244 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:41:25.0281 4244 blbdrive - ok
10:41:25.0437 4244 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
10:41:25.0437 4244 Bonjour Service - ok
10:41:25.0468 4244 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:41:25.0468 4244 bowser - ok
10:41:25.0499 4244 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:41:25.0499 4244 BrFiltLo - ok
10:41:25.0515 4244 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:41:25.0530 4244 BrFiltUp - ok
10:41:25.0561 4244 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
10:41:25.0561 4244 BridgeMP - ok
10:41:25.0764 4244 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:41:25.0827 4244 Browser - ok
10:41:26.0263 4244 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:41:26.0263 4244 Brserid - ok
10:41:26.0388 4244 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:41:26.0388 4244 BrSerWdm - ok
10:41:26.0451 4244 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:41:26.0451 4244 BrUsbMdm - ok
10:41:26.0482 4244 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:41:26.0482 4244 BrUsbSer - ok
10:41:26.0638 4244 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
10:41:26.0638 4244 BthEnum - ok
10:41:26.0809 4244 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:41:26.0809 4244 BTHMODEM - ok
10:41:26.0887 4244 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
10:41:26.0887 4244 BthPan - ok
10:41:27.0293 4244 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
10:41:27.0309 4244 BTHPORT - ok
10:41:27.0449 4244 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:41:27.0465 4244 bthserv - ok
10:41:27.0574 4244 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
10:41:27.0574 4244 BTHUSB - ok
10:41:27.0870 4244 btwampfl (59e3510784548c6939c1b3b985c232e3) C:\Windows\system32\drivers\btwampfl.sys
10:41:27.0886 4244 btwampfl - ok
10:41:28.0042 4244 btwaudio (1872074ed0a3fb22e3f1e3197b984bfa) C:\Windows\system32\drivers\btwaudio.sys
10:41:28.0042 4244 btwaudio - ok
10:41:28.0135 4244 btwavdt (691cf076c33ab1c3a5b2fd5450300733) C:\Windows\system32\DRIVERS\btwavdt.sys
10:41:28.0135 4244 btwavdt - ok
10:41:28.0588 4244 btwdins (8ba6e93a182126781952a7895ec1e4b2) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
10:41:28.0603 4244 btwdins - ok
10:41:28.0650 4244 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
10:41:28.0650 4244 btwl2cap - ok
10:41:28.0666 4244 btwrchid (c9273b20dec8ce38dbce5d29de63c907) C:\Windows\system32\DRIVERS\btwrchid.sys
10:41:28.0666 4244 btwrchid - ok
10:41:28.0697 4244 catchme - ok
10:41:28.0713 4244 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:41:28.0713 4244 cdfs - ok
10:41:28.0744 4244 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
10:41:28.0744 4244 cdrom - ok
10:41:28.0791 4244 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:41:28.0822 4244 CertPropSvc - ok
10:41:28.0853 4244 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:41:28.0853 4244 circlass - ok
10:41:29.0165 4244 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:41:29.0165 4244 CLFS - ok
10:41:29.0430 4244 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:41:29.0446 4244 clr_optimization_v2.0.50727_32 - ok
10:41:29.0555 4244 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:41:29.0555 4244 clr_optimization_v2.0.50727_64 - ok
10:41:29.0805 4244 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:41:30.0148 4244 clr_optimization_v4.0.30319_32 - ok
10:41:30.0257 4244 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:41:30.0273 4244 clr_optimization_v4.0.30319_64 - ok
10:41:30.0304 4244 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:41:30.0304 4244 CmBatt - ok
10:41:30.0320 4244 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:41:30.0320 4244 cmdide - ok
10:41:30.0366 4244 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
10:41:30.0366 4244 CNG - ok
10:41:30.0429 4244 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:41:30.0429 4244 Compbatt - ok
10:41:30.0491 4244 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:41:30.0491 4244 CompositeBus - ok
10:41:30.0507 4244 COMSysApp - ok
10:41:30.0507 4244 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:41:30.0507 4244 crcdisk - ok
10:41:30.0554 4244 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
10:41:30.0585 4244 CryptSvc - ok
10:41:30.0632 4244 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
10:41:30.0632 4244 CSC - ok
10:41:30.0788 4244 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
10:41:30.0803 4244 CscService - ok
10:41:30.0850 4244 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
10:41:30.0850 4244 CVirtA - ok
10:41:31.0146 4244 CVPND (66257cb4e4fb69887cddc71663741435) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
10:41:31.0162 4244 CVPND - ok
10:41:31.0443 4244 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
10:41:31.0443 4244 CVPNDRVA - ok
10:41:31.0505 4244 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:41:31.0505 4244 DcomLaunch - ok
10:41:31.0661 4244 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:41:31.0677 4244 defragsvc - ok
10:41:31.0708 4244 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:41:31.0708 4244 DfsC - ok
10:41:31.0786 4244 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:41:31.0802 4244 Dhcp - ok
10:41:31.0895 4244 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:41:31.0895 4244 discache - ok
10:41:31.0973 4244 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:41:31.0973 4244 Disk - ok
10:41:32.0036 4244 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
10:41:32.0036 4244 DNE - ok
10:41:32.0082 4244 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:41:32.0114 4244 Dnscache - ok
10:41:32.0238 4244 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:41:32.0285 4244 dot3svc - ok
10:41:32.0316 4244 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:41:32.0316 4244 DPS - ok
10:41:32.0363 4244 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:41:32.0363 4244 drmkaud - ok
10:41:32.0566 4244 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:41:32.0582 4244 DXGKrnl - ok
10:41:32.0628 4244 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:41:32.0628 4244 EapHost - ok
10:41:33.0424 4244 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:41:33.0440 4244 ebdrv - ok
10:41:33.0611 4244 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
10:41:33.0611 4244 EFS - ok
10:41:33.0814 4244 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:41:33.0861 4244 ehRecvr - ok
10:41:33.0892 4244 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:41:33.0892 4244 ehSched - ok
10:41:34.0064 4244 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:41:34.0064 4244 elxstor - ok
10:41:34.0110 4244 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:41:34.0110 4244 ErrDev - ok
10:41:34.0251 4244 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:41:34.0266 4244 EventSystem - ok
10:41:34.0407 4244 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:41:34.0407 4244 exfat - ok
10:41:34.0438 4244 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:41:34.0438 4244 fastfat - ok
10:41:34.0734 4244 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:41:34.0734 4244 Fax - ok
10:41:34.0781 4244 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:41:34.0781 4244 fdc - ok
10:41:34.0859 4244 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:41:34.0875 4244 fdPHost - ok
10:41:34.0937 4244 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:41:34.0937 4244 FDResPub - ok
10:41:34.0984 4244 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:41:34.0984 4244 FileInfo - ok
10:41:35.0062 4244 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:41:35.0062 4244 Filetrace - ok
10:41:35.0093 4244 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:41:35.0093 4244 flpydisk - ok
10:41:35.0265 4244 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:41:35.0265 4244 FltMgr - ok
10:41:35.0514 4244 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
10:41:35.0530 4244 FontCache - ok
10:41:35.0592 4244 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:41:35.0608 4244 FontCache3.0.0.0 - ok
10:41:35.0639 4244 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:41:35.0639 4244 FsDepends - ok
10:41:35.0670 4244 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
10:41:35.0670 4244 Fs_Rec - ok
10:41:35.0811 4244 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:41:35.0811 4244 fvevol - ok
10:41:35.0858 4244 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:41:35.0858 4244 gagp30kx - ok
10:41:35.0889 4244 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:41:35.0889 4244 GEARAspiWDM - ok
10:41:36.0107 4244 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:41:36.0138 4244 gpsvc - ok
10:41:36.0372 4244 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:41:36.0372 4244 gupdate - ok
10:41:36.0404 4244 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:41:36.0404 4244 gupdatem - ok
10:41:36.0435 4244 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
10:41:36.0435 4244 gusvc - ok
10:41:36.0466 4244 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:41:36.0466 4244 hcw85cir - ok
10:41:36.0513 4244 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:41:36.0513 4244 HdAudAddService - ok
10:41:36.0638 4244 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:41:36.0638 4244 HDAudBus - ok
10:41:36.0669 4244 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
10:41:36.0669 4244 HECIx64 - ok
10:41:36.0684 4244 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:41:36.0684 4244 HidBatt - ok
10:41:36.0716 4244 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:41:36.0716 4244 HidBth - ok
10:41:36.0731 4244 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:41:36.0731 4244 HidIr - ok
10:41:36.0747 4244 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
10:41:36.0747 4244 hidserv - ok
10:41:36.0778 4244 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:41:36.0778 4244 HidUsb - ok
10:41:36.0825 4244 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:41:36.0840 4244 hkmsvc - ok
10:41:36.0996 4244 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:41:37.0028 4244 HomeGroupListener - ok
10:41:37.0137 4244 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:41:37.0137 4244 HomeGroupProvider - ok
10:41:37.0199 4244 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:41:37.0199 4244 HpSAMD - ok
10:41:37.0262 4244 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:41:37.0262 4244 HTTP - ok
10:41:37.0277 4244 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:41:37.0277 4244 hwpolicy - ok
10:41:37.0308 4244 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:41:37.0324 4244 i8042prt - ok
10:41:37.0355 4244 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
10:41:37.0371 4244 iaStor - ok
10:41:37.0511 4244 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
10:41:37.0511 4244 IAStorDataMgrSvc - ok
10:41:37.0589 4244 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:41:37.0605 4244 iaStorV - ok
10:41:37.0698 4244 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:41:37.0745 4244 idsvc - ok
10:41:37.0839 4244 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:41:37.0839 4244 iirsp - ok
10:41:37.0901 4244 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:41:37.0964 4244 IKEEXT - ok
10:41:37.0995 4244 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
10:41:37.0995 4244 Impcd - ok
10:41:38.0416 4244 IntcAzAudAddService (26407a11d7e222afb7ce32700abbd9d1) C:\Windows\system32\drivers\RTKVHD64.sys
10:41:38.0432 4244 IntcAzAudAddService - ok
10:41:38.0666 4244 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:41:38.0666 4244 intelide - ok
10:41:38.0728 4244 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:41:38.0728 4244 intelppm - ok
10:41:38.0900 4244 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
10:41:38.0900 4244 IntuitUpdateServiceV4 - ok
10:41:38.0962 4244 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:41:38.0962 4244 IPBusEnum - ok
10:41:39.0009 4244 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:41:39.0024 4244 IpFilterDriver - ok
10:41:39.0258 4244 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:41:39.0274 4244 iphlpsvc - ok
10:41:39.0321 4244 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:41:39.0321 4244 IPMIDRV - ok
10:41:39.0508 4244 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:41:39.0508 4244 IPNAT - ok
10:41:39.0789 4244 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
10:41:39.0789 4244 iPod Service - ok
10:41:39.0836 4244 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:41:39.0836 4244 IRENUM - ok
10:41:39.0882 4244 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:41:39.0882 4244 isapnp - ok
10:41:39.0992 4244 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:41:39.0992 4244 iScsiPrt - ok
10:41:40.0054 4244 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:41:40.0054 4244 kbdclass - ok
10:41:40.0085 4244 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
10:41:40.0085 4244 kbdhid - ok
10:41:40.0101 4244 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:41:40.0101 4244 KeyIso - ok
10:41:40.0194 4244 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
10:41:40.0194 4244 KSecDD - ok
10:41:40.0273 4244 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
10:41:40.0273 4244 KSecPkg - ok
10:41:40.0319 4244 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:41:40.0319 4244 ksthunk - ok
10:41:40.0366 4244 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:41:40.0382 4244 KtmRm - ok
10:41:40.0553 4244 L1C (033b4aed2c5519072c0d81e00804d003) C:\Windows\system32\DRIVERS\L1C62x64.sys
10:41:40.0553 4244 L1C - ok
10:41:40.0631 4244 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
10:41:40.0678 4244 LanmanServer - ok
10:41:40.0709 4244 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:41:40.0741 4244 LanmanWorkstation - ok
10:41:40.0772 4244 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:41:40.0772 4244 lltdio - ok
10:41:40.0850 4244 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:41:40.0865 4244 lltdsvc - ok
10:41:40.0943 4244 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:41:40.0943 4244 lmhosts - ok
10:41:41.0084 4244 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:41:41.0084 4244 LSI_FC - ok
10:41:41.0209 4244 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:41:41.0209 4244 LSI_SAS - ok
10:41:41.0271 4244 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:41:41.0271 4244 LSI_SAS2 - ok
10:41:41.0302 4244 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:41:41.0302 4244 LSI_SCSI - ok
10:41:41.0333 4244 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:41:41.0333 4244 luafv - ok
10:41:41.0552 4244 McAfeeFramework (3ef9511390f9106dd8cf0747baeb335c) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
10:41:41.0552 4244 McAfeeFramework - ok
10:41:41.0661 4244 McShield (00315dc847778d65728197b63803b523) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
10:41:41.0661 4244 McShield - ok
10:41:41.0755 4244 McTaskManager (b15bb3aef59158b4e1dda5328c842713) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
10:41:41.0755 4244 McTaskManager - ok
10:41:41.0848 4244 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:41:41.0911 4244 Mcx2Svc - ok
10:41:41.0942 4244 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:41:41.0957 4244 megasas - ok
10:41:41.0989 4244 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:41:41.0989 4244 MegaSR - ok
10:41:42.0129 4244 mfeapfk (0d121a46e0148a3bc941fa3bb0269329) C:\Windows\system32\drivers\mfeapfk.sys
10:41:42.0129 4244 mfeapfk - ok
10:41:42.0191 4244 mfeavfk (93f251905c028809ffb49f95a63fcbc9) C:\Windows\system32\drivers\mfeavfk.sys
10:41:42.0191 4244 mfeavfk - ok
10:41:42.0207 4244 mfeavfk01 - ok
10:41:42.0269 4244 mfehidk (a282a937127ea7b15eb85559e59ae576) C:\Windows\system32\drivers\mfehidk.sys
10:41:42.0269 4244 mfehidk - ok
10:41:42.0285 4244 mferkdet (04d7e0e2a48730a1c535837f105e6352) C:\Windows\system32\drivers\mferkdet.sys
10:41:42.0285 4244 mferkdet - ok
10:41:42.0425 4244 mfevtp (45f1580c7c9f49a68b72ef2ccefef3a3) C:\Windows\system32\mfevtps.exe
10:41:42.0425 4244 mfevtp - ok
10:41:42.0503 4244 mfewfpk (325dd1031cfd71bd4d8afdb1faaf3bea) C:\Windows\system32\drivers\mfewfpk.sys
10:41:42.0503 4244 mfewfpk - ok
10:41:42.0613 4244 Microsoft SharePoint Workspace Audit Service - ok
10:41:42.0628 4244 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:41:42.0628 4244 MMCSS - ok
10:41:42.0675 4244 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:41:42.0675 4244 Modem - ok
10:41:42.0722 4244 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:41:42.0722 4244 monitor - ok
10:41:42.0753 4244 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:41:42.0753 4244 mouclass - ok
10:41:42.0784 4244 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:41:42.0784 4244 mouhid - ok
10:41:42.0815 4244 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:41:42.0815 4244 mountmgr - ok
10:41:42.0862 4244 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:41:42.0862 4244 mpio - ok
10:41:42.0956 4244 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:41:42.0956 4244 mpsdrv - ok
10:41:43.0065 4244 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
10:41:43.0112 4244 MpsSvc - ok
10:41:43.0143 4244 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:41:43.0143 4244 MRxDAV - ok
10:41:43.0159 4244 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:41:43.0159 4244 mrxsmb - ok
10:41:43.0190 4244 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:41:43.0205 4244 mrxsmb10 - ok
10:41:43.0268 4244 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:41:43.0268 4244 mrxsmb20 - ok
10:41:43.0315 4244 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:41:43.0315 4244 msahci - ok
10:41:43.0424 4244 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:41:43.0424 4244 msdsm - ok
10:41:43.0471 4244 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:41:43.0471 4244 MSDTC - ok
10:41:43.0502 4244 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:41:43.0502 4244 Msfs - ok
10:41:43.0517 4244 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:41:43.0517 4244 mshidkmdf - ok
10:41:43.0533 4244 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:41:43.0533 4244 msisadrv - ok
10:41:43.0673 4244 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:41:43.0673 4244 MSiSCSI - ok
10:41:43.0673 4244 msiserver - ok
10:41:43.0736 4244 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:41:43.0736 4244 MSKSSRV - ok
10:41:43.0736 4244 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:41:43.0736 4244 MSPCLOCK - ok
10:41:43.0736 4244 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:41:43.0736 4244 MSPQM - ok
10:41:43.0783 4244 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:41:43.0783 4244 MsRPC - ok
10:41:43.0814 4244 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:41:43.0829 4244 mssmbios - ok
10:41:43.0829 4244 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:41:43.0829 4244 MSTEE - ok
10:41:43.0892 4244 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:41:43.0892 4244 MTConfig - ok
10:41:43.0954 4244 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:41:43.0954 4244 Mup - ok
10:41:44.0001 4244 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:41:44.0001 4244 napagent - ok
10:41:44.0079 4244 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:41:44.0079 4244 NativeWifiP - ok
10:41:44.0282 4244 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:41:44.0297 4244 NDIS - ok
10:41:44.0329 4244 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:41:44.0329 4244 NdisCap - ok
10:41:44.0344 4244 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:41:44.0344 4244 NdisTapi - ok
10:41:44.0375 4244 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:41:44.0375 4244 Ndisuio - ok
10:41:44.0407 4244 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:41:44.0407 4244 NdisWan - ok
10:41:44.0500 4244 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:41:44.0500 4244 NDProxy - ok
10:41:44.0516 4244 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:41:44.0516 4244 NetBIOS - ok
10:41:44.0547 4244 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:41:44.0547 4244 NetBT - ok
10:41:44.0594 4244 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:41:44.0594 4244 Netlogon - ok
10:41:44.0672 4244 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:41:44.0687 4244 Netman - ok
10:41:44.0797 4244 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:41:44.0890 4244 NetMsmqActivator - ok
10:41:44.0921 4244 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:41:44.0921 4244 NetPipeActivator - ok
10:41:44.0968 4244 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:41:44.0968 4244 netprofm - ok
10:41:44.0984 4244 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:41:44.0984 4244 NetTcpActivator - ok
10:41:44.0999 4244 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:41:44.0999 4244 NetTcpPortSharing - ok
10:41:45.0998 4244 NETw5s64 (18555f48844c2861d9dce8f2b7223ae5) C:\Windows\system32\DRIVERS\NETw5s64.sys
10:41:46.0107 4244 NETw5s64 - ok
10:41:46.0279 4244 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:41:46.0279 4244 nfrd960 - ok
10:41:46.0419 4244 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:41:46.0419 4244 NlaSvc - ok
10:41:46.0481 4244 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:41:46.0481 4244 Npfs - ok
10:41:46.0513 4244 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:41:46.0528 4244 nsi - ok
10:41:46.0575 4244 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:41:46.0575 4244 nsiproxy - ok
10:41:46.0856 4244 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:41:46.0871 4244 Ntfs - ok
10:41:47.0074 4244 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:41:47.0074 4244 Null - ok
10:41:47.0121 4244 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
10:41:47.0121 4244 NVHDA - ok
10:41:49.0071 4244 nvlddmkm (69ff3b6f43817da715824ca79742dec5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:41:49.0133 4244 nvlddmkm - ok
10:41:49.0352 4244 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:41:49.0367 4244 nvraid - ok
10:41:49.0445 4244 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:41:49.0445 4244 nvstor - ok
10:41:49.0617 4244 nvsvc (799ac71b5dabda9955f7043a083ec611) C:\Windows\system32\nvvsvc.exe
10:41:49.0648 4244 nvsvc - ok
10:41:50.0288 4244 nvUpdatusService (a2422cba523e9b297d02dd140bc672f0) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
10:41:50.0288 4244 nvUpdatusService - ok
10:41:50.0553 4244 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:41:50.0553 4244 nv_agp - ok
10:41:50.0647 4244 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:41:50.0647 4244 ohci1394 - ok
10:41:50.0725 4244 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:41:50.0787 4244 ose - ok
10:41:51.0271 4244 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:41:51.0333 4244 osppsvc - ok
10:41:51.0567 4244 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:41:51.0567 4244 p2pimsvc - ok
10:41:51.0723 4244 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:41:51.0739 4244 p2psvc - ok
10:41:51.0770 4244 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:41:51.0770 4244 Parport - ok
10:41:51.0801 4244 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
10:41:51.0801 4244 partmgr - ok
10:41:51.0817 4244 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:41:51.0817 4244 PcaSvc - ok
10:41:51.0848 4244 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:41:51.0848 4244 pci - ok
10:41:51.0848 4244 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:41:51.0848 4244 pciide - ok
10:41:51.0895 4244 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:41:51.0895 4244 pcmcia - ok
10:41:51.0942 4244 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:41:51.0942 4244 pcw - ok
10:41:52.0035 4244 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:41:52.0051 4244 PEAUTH - ok
10:41:52.0144 4244 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
10:41:52.0144 4244 PeerDistSvc - ok
10:41:52.0332 4244 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:41:52.0332 4244 PerfHost - ok
10:41:52.0550 4244 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:41:52.0597 4244 pla - ok
10:41:52.0644 4244 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
10:41:52.0644 4244 PlugPlay - ok
10:41:52.0722 4244 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:41:52.0722 4244 PNRPAutoReg - ok
10:41:52.0753 4244 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:41:52.0768 4244 PNRPsvc - ok
10:41:52.0846 4244 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:41:52.0893 4244 PolicyAgent - ok
10:41:52.0924 4244 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:41:52.0924 4244 Power - ok
10:41:53.0065 4244 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:41:53.0065 4244 PptpMiniport - ok
10:41:53.0096 4244 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:41:53.0096 4244 Processor - ok
10:41:53.0127 4244 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
10:41:53.0143 4244 ProfSvc - ok
10:41:53.0158 4244 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:41:53.0174 4244 ProtectedStorage - ok
10:41:53.0190 4244 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:41:53.0190 4244 Psched - ok
10:41:53.0392 4244 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:41:53.0408 4244 ql2300 - ok
10:41:53.0626 4244 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:41:53.0642 4244 ql40xx - ok
10:41:53.0673 4244 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:41:53.0673 4244 QWAVE - ok
10:41:53.0720 4244 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:41:53.0720 4244 QWAVEdrv - ok
10:41:53.0736 4244 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:41:53.0736 4244 RasAcd - ok
10:41:53.0782 4244 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:41:53.0782 4244 RasAgileVpn - ok
10:41:53.0892 4244 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:41:53.0907 4244 RasAuto - ok
10:41:53.0938 4244 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:41:53.0938 4244 Rasl2tp - ok
10:41:53.0985 4244 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:41:53.0985 4244 RasMan - ok
10:41:54.0016 4244 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:41:54.0016 4244 RasPppoe - ok
10:41:54.0032 4244 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:41:54.0032 4244 RasSstp - ok
10:41:54.0063 4244 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:41:54.0079 4244 rdbss - ok
10:41:54.0141 4244 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:41:54.0141 4244 rdpbus - ok
10:41:54.0204 4244 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:41:54.0204 4244 RDPCDD - ok
10:41:54.0250 4244 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
10:41:54.0250 4244 RDPDR - ok
10:41:54.0282 4244 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:41:54.0282 4244 RDPENCDD - ok
10:41:54.0297 4244 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:41:54.0313 4244 RDPREFMP - ok
10:41:54.0406 4244 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
10:41:54.0406 4244 RdpVideoMiniport - ok
10:41:54.0516 4244 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
10:41:54.0516 4244 RDPWD - ok
10:41:54.0562 4244 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:41:54.0562 4244 rdyboost - ok
10:41:54.0609 4244 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:41:54.0625 4244 RemoteAccess - ok
10:41:54.0765 4244 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:41:54.0765 4244 RemoteRegistry - ok
10:41:54.0843 4244 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
10:41:54.0843 4244 RFCOMM - ok
10:41:54.0906 4244 rimspci (fa6abc06b629da29634d31f1fe0347bd) C:\Windows\system32\DRIVERS\rimssne64.sys
10:41:54.0906 4244 rimspci - ok
10:41:54.0921 4244 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
10:41:54.0921 4244 RimUsb - ok
10:41:55.0030 4244 risdsnpe (8f8539a7f5c117d4407b2985995671f2) C:\Windows\system32\DRIVERS\risdsne64.sys
10:41:55.0030 4244 risdsnpe - ok
10:41:55.0077 4244 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:41:55.0093 4244 RpcEptMapper - ok
10:41:55.0108 4244 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:41:55.0108 4244 RpcLocator - ok
10:41:55.0155 4244 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:41:55.0155 4244 RpcSs - ok
10:41:55.0186 4244 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:41:55.0186 4244 rspndr - ok
10:41:55.0218 4244 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
10:41:55.0218 4244 s3cap - ok
10:41:55.0249 4244 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:41:55.0249 4244 SamSs - ok
10:41:55.0389 4244 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:41:55.0389 4244 sbp2port - ok
10:41:55.0436 4244 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:41:55.0436 4244 SCardSvr - ok
10:41:55.0467 4244 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:41:55.0467 4244 scfilter - ok
10:41:55.0639 4244 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:41:55.0686 4244 Schedule - ok
10:41:55.0779 4244 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:41:55.0779 4244 SCPolicySvc - ok
10:41:55.0888 4244 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
10:41:55.0888 4244 sdbus - ok
10:41:55.0920 4244 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:41:55.0935 4244 SDRSVC - ok
10:41:55.0966 4244 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:41:55.0966 4244 secdrv - ok
10:41:55.0982 4244 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:41:56.0013 4244 seclogon - ok
10:41:56.0076 4244 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
10:41:56.0076 4244 SENS - ok
10:41:56.0138 4244 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:41:56.0154 4244 SensrSvc - ok
10:41:56.0154 4244 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:41:56.0154 4244 Serenum - ok
10:41:56.0185 4244 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:41:56.0185 4244 Serial - ok
10:41:56.0216 4244 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:41:56.0216 4244 sermouse - ok
10:41:56.0247 4244 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:41:56.0278 4244 SessionEnv - ok
10:41:56.0310 4244 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\DRIVERS\SFEP.sys
10:41:56.0310 4244 SFEP - ok
10:41:56.0356 4244 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:41:56.0356 4244 sffdisk - ok
10:41:56.0434 4244 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:41:56.0434 4244 sffp_mmc - ok
10:41:56.0450 4244 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:41:56.0466 4244 sffp_sd - ok
10:41:56.0512 4244 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:41:56.0512 4244 sfloppy - ok
10:41:56.0700 4244 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:41:56.0731 4244 SharedAccess - ok
10:41:56.0871 4244 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:41:56.0871 4244 ShellHWDetection - ok
10:41:56.0902 4244 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:41:56.0902 4244 SiSRaid2 - ok
10:41:56.0918 4244 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:41:56.0918 4244 SiSRaid4 - ok
10:41:56.0949 4244 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:41:56.0949 4244 Smb - ok
10:41:56.0996 4244 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:41:56.0996 4244 SNMPTRAP - ok
10:41:57.0027 4244 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:41:57.0027 4244 spldr - ok
10:41:57.0152 4244 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:41:57.0168 4244 Spooler - ok
10:41:57.0464 4244 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:41:57.0464 4244 sppsvc - ok
10:41:57.0729 4244 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:41:57.0729 4244 sppuinotify - ok
10:41:57.0870 4244 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:41:57.0870 4244 srv - ok
10:41:57.0963 4244 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:41:57.0963 4244 srv2 - ok
10:41:58.0010 4244 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:41:58.0010 4244 srvnet - ok
10:41:58.0057 4244 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:41:58.0057 4244 SSDPSRV - ok
10:41:58.0072 4244 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:41:58.0072 4244 SstpSvc - ok
10:41:58.0150 4244 Stereo Service (80d035bcaa65a0644ea169d6ca6bcb98) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
10:41:58.0150 4244 Stereo Service - ok
10:41:58.0166 4244 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:41:58.0166 4244 stexstor - ok
10:41:58.0338 4244 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:41:58.0369 4244 stisvc - ok
10:41:58.0384 4244 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
10:41:58.0384 4244 storflt - ok
10:41:58.0416 4244 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
10:41:58.0416 4244 StorSvc - ok
10:41:58.0431 4244 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
10:41:58.0431 4244 storvsc - ok
10:41:58.0447 4244 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:41:58.0447 4244 swenum - ok
10:41:58.0540 4244 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:41:58.0572 4244 swprv - ok
10:41:58.0603 4244 Synth3dVsc - ok
10:41:58.0650 4244 SynTP (20f8f4c2ed3f492da318d98e72f77209) C:\Windows\system32\DRIVERS\SynTP.sys
10:41:58.0650 4244 SynTP - ok
10:41:58.0930 4244 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:41:58.0946 4244 SysMain - ok
10:41:59.0055 4244 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:41:59.0086 4244 TabletInputService - ok
10:41:59.0227 4244 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:41:59.0227 4244 TapiSrv - ok
10:41:59.0258 4244 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:41:59.0258 4244 TBS - ok
10:41:59.0523 4244 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
10:41:59.0539 4244 Tcpip - ok
10:41:59.0866 4244 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
10:41:59.0866 4244 TCPIP6 - ok
10:42:00.0100 4244 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:42:00.0100 4244 tcpipreg - ok
10:42:00.0132 4244 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:42:00.0132 4244 TDPIPE - ok
10:42:00.0147 4244 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
10:42:00.0147 4244 TDTCP - ok
10:42:00.0178 4244 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:42:00.0178 4244 tdx - ok
10:42:00.0272 4244 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:42:00.0272 4244 TermDD - ok
10:42:00.0350 4244 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:42:00.0381 4244 TermService - ok
10:42:00.0412 4244 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:42:00.0412 4244 Themes - ok
10:42:00.0428 4244 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:42:00.0428 4244 THREADORDER - ok
10:42:00.0568 4244 TIRmtSvc (8b522b91be7ce217efc1fa6c70c4465a) C:\WINDOWS\TIREMOTE\TIRemoteService.exe
10:42:00.0568 4244 TIRmtSvc - ok
10:42:00.0646 4244 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:42:00.0646 4244 TrkWks - ok
10:42:00.0693 4244 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:42:00.0693 4244 TrustedInstaller - ok
10:42:00.0724 4244 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:42:00.0724 4244 tssecsrv - ok
10:42:00.0740 4244 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:42:00.0740 4244 TsUsbFlt - ok
10:42:00.0740 4244 tsusbhub - ok
10:42:00.0880 4244 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:42:00.0880 4244 tunnel - ok
10:42:00.0912 4244 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:42:00.0912 4244 uagp35 - ok
10:42:00.0943 4244 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:42:00.0943 4244 udfs - ok
10:42:00.0974 4244 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:42:00.0974 4244 UI0Detect - ok
10:42:01.0005 4244 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:42:01.0005 4244 uliagpkx - ok
10:42:01.0036 4244 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
10:42:01.0036 4244 umbus - ok
10:42:01.0052 4244 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:42:01.0052 4244 UmPass - ok
10:42:01.0193 4244 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
10:42:01.0208 4244 UmRdpService - ok
10:42:01.0239 4244 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:42:01.0239 4244 upnphost - ok
10:42:01.0286 4244 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
10:42:01.0286 4244 USBAAPL64 - ok
10:42:01.0317 4244 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:42:01.0317 4244 usbccgp - ok
10:42:01.0489 4244 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:42:01.0489 4244 usbcir - ok
10:42:01.0520 4244 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
10:42:01.0536 4244 usbehci - ok
10:42:01.0598 4244 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:42:01.0598 4244 usbhub - ok
10:42:01.0614 4244 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
10:42:01.0614 4244 usbohci - ok
10:42:01.0645 4244 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:42:01.0645 4244 usbprint - ok
10:42:01.0676 4244 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:42:01.0692 4244 usbscan - ok
10:42:01.0707 4244 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:42:01.0707 4244 USBSTOR - ok
10:42:01.0754 4244 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:42:01.0754 4244 usbuhci - ok
10:42:01.0785 4244 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
10:42:01.0801 4244 usbvideo - ok
10:42:01.0817 4244 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:42:01.0832 4244 UxSms - ok
10:42:02.0051 4244 VAIO Event Service (a60605fc66552b421ee1f3d4ebb9a4e0) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
10:42:02.0051 4244 VAIO Event Service - ok
10:42:02.0129 4244 VAIO Power Management (d469be2723f79cf4b384680b1fdc577d) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
10:42:02.0129 4244 VAIO Power Management - ok
10:42:02.0144 4244 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:42:02.0144 4244 VaultSvc - ok
10:42:02.0253 4244 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:42:02.0253 4244 vdrvroot - ok
10:42:02.0316 4244 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:42:02.0363 4244 vds - ok
10:42:02.0409 4244 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:42:02.0409 4244 vga - ok
10:42:02.0425 4244 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:42:02.0425 4244 VgaSave - ok
10:42:02.0425 4244 VGPU - ok
10:42:02.0503 4244 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:42:02.0503 4244 vhdmp - ok
10:42:02.0534 4244 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:42:02.0534 4244 viaide - ok
10:42:02.0565 4244 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
10:42:02.0565 4244 vmbus - ok
10:42:02.0565 4244 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
10:42:02.0565 4244 VMBusHID - ok
10:42:02.0581 4244 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:42:02.0581 4244 volmgr - ok
10:42:02.0628 4244 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:42:02.0628 4244 volmgrx - ok
10:42:02.0659 4244 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:42:02.0659 4244 volsnap - ok
10:42:02.0706 4244 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:42:02.0706 4244 vsmraid - ok
10:42:03.0236 4244 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:42:03.0330 4244 VSS - ok
10:42:03.0533 4244 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:42:03.0533 4244 vwifibus - ok
10:42:03.0548 4244 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:42:03.0548 4244 vwififlt - ok
10:42:03.0564 4244 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
10:42:03.0564 4244 vwifimp - ok
10:42:03.0907 4244 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:42:03.0938 4244 W32Time - ok
10:42:04.0001 4244 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:42:04.0001 4244 WacomPen - ok
10:42:04.0141 4244 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:42:04.0141 4244 WANARP - ok
10:42:04.0157 4244 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:42:04.0157 4244 Wanarpv6 - ok
10:42:04.0266 4244 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
10:42:04.0437 4244 WatAdminSvc - ok
10:42:04.0562 4244 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:42:04.0640 4244 wbengine - ok
10:42:05.0405 4244 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:42:05.0451 4244 WbioSrvc - ok
10:42:05.0904 4244 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:42:05.0919 4244 wcncsvc - ok
10:42:05.0966 4244 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:42:05.0982 4244 WcsPlugInService - ok
10:42:06.0200 4244 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:42:06.0200 4244 Wd - ok
10:42:06.0902 4244 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:42:06.0918 4244 Wdf01000 - ok
10:42:07.0074 4244 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:42:07.0121 4244 WdiServiceHost - ok
10:42:07.0121 4244 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:42:07.0121 4244 WdiSystemHost - ok
10:42:07.0417 4244 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:42:07.0417 4244 WebClient - ok
10:42:07.0807 4244 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:42:07.0823 4244 Wecsvc - ok
10:42:07.0963 4244 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:42:07.0963 4244 wercplsupport - ok
10:42:08.0088 4244 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:42:08.0103 4244 WerSvc - ok
10:42:08.0431 4244 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:42:08.0431 4244 WfpLwf - ok
10:42:08.0525 4244 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:42:08.0525 4244 WIMMount - ok
10:42:08.0634 4244 WinDefend - ok
10:42:08.0665 4244 WinHttpAutoProxySvc - ok
10:42:08.0837 4244 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:42:08.0852 4244 Winmgmt - ok
10:42:10.0553 4244 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:42:10.0709 4244 WinRM - ok
10:42:11.0785 4244 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
10:42:11.0785 4244 WinUsb - ok
10:42:12.0503 4244 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:42:12.0628 4244 Wlansvc - ok
10:42:12.0752 4244 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:42:12.0752 4244 WmiAcpi - ok
10:42:13.0096 4244 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:42:13.0111 4244 wmiApSrv - ok
10:42:13.0205 4244 WMPNetworkSvc - ok
10:42:13.0345 4244 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:42:13.0345 4244 WPCSvc - ok
10:42:13.0564 4244 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:42:13.0595 4244 WPDBusEnum - ok
10:42:13.0688 4244 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:42:13.0688 4244 ws2ifsl - ok
10:42:13.0891 4244 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
10:42:13.0891 4244 wscsvc - ok
10:42:13.0891 4244 WSearch - ok
10:42:16.0122 4244 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
10:42:16.0122 4244 wuauserv - ok
10:42:17.0261 4244 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:42:17.0261 4244 WudfPf - ok
10:42:17.0292 4244 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:42:17.0292 4244 WUDFRd - ok
10:42:17.0323 4244 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:42:17.0370 4244 wudfsvc - ok
10:42:17.0822 4244 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:42:17.0838 4244 WwanSvc - ok
10:42:18.0010 4244 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:42:20.0147 4244 \Device\Harddisk0\DR0 - ok
10:42:20.0194 4244 Boot (0x1200) (4580e43ecdae801d8652a68ac2c6795d) \Device\Harddisk0\DR0\Partition0
10:42:20.0225 4244 \Device\Harddisk0\DR0\Partition0 - ok
10:42:20.0256 4244 Boot (0x1200) (c6124f9b61ca809682374e09392d1537) \Device\Harddisk0\DR0\Partition1
10:42:20.0272 4244 \Device\Harddisk0\DR0\Partition1 - ok
10:42:20.0272 4244 ============================================================
10:42:20.0272 4244 Scan finished
10:42:20.0272 4244 ============================================================
10:42:20.0287 0636 Detected object count: 0
10:42:20.0287 0636 Actual detected object count: 0
-
I received the same warning another 2 times.
-
Also, I have received this morning the following message:
"Host Process for Windows Tasks has stopped working"
i have received it twice in the last hour.
-
Adobe Acrobat X Standard - English, Français, Deutsch
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Apple Application Support
Apple Software Update
ArcSoft WebCam Companion 3
BitTorrent
Cisco WebEx Meetings
Conversation Translator
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
GL Wand
Google Toolbar for Internet Explorer
Google Update Helper
Intel® Control Center
Intel® Rapid Storage Technology
Intel® Turbo Boost Technology Driver
Japanese Fonts Support For Adobe Reader X
Java Auto Updater
Java 6 Update 30
Malwarebytes Anti-Malware version 1.61.0.1400
McAfee Agent
McAfee VirusScan Enterprise
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Mozilla Firefox 11.0 (x86 en-US)
Numara Track-It! 10.5 Agent
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Realtek High Definition Audio Driver
RSA SecurID Software Token
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Tivoli Endpoint Manager Client
Tivoli Endpoint Manager Server API
TurboTax 2011
TurboTax 2011 wcaiper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VAIO Control Center
Vid-Saver
WinZip 14.5
-
Please see below:
(1) Report from Combofix
(2)/(3) Seems like my machine is working fine. No issues re-booting and hard drive seems to be churning less
What's next?
=========================================
COMBOFIX REPORT
-----------------------------------------------------------------
ComboFix 12-07-06.02 - ebhandari 07/09/2012 14:12:48.2.4 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.8055.5627 [GMT -7:00]
Running from: c:\users\ebhandari\Desktop\ComboFix.exe
Command switches used :: c:\users\ebhandari\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-09 to 2012-07-09 )))))))))))))))))))))))))))))))
.
.
2012-07-09 21:24 . 2012-07-09 21:24 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-09 21:24 . 2012-07-09 21:24 -------- d-----w- c:\users\smitchell\AppData\Local\temp
2012-07-09 21:24 . 2012-07-09 21:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-09 21:24 . 2012-07-09 21:24 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-07-09 21:24 . 2012-07-09 21:24 -------- d-----w- c:\users\admin\AppData\Local\temp
2012-07-09 05:09 . 2012-07-09 05:09 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-06 16:41 . 2012-07-06 16:41 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-06 16:28 . 2012-07-06 16:28 -------- d-----w- c:\windows\Sun
2012-07-03 12:26 . 2012-07-05 09:25 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{59F9BB98-0F78-485D-B249-70D14C8200DF}\offreg.dll
2012-07-03 12:25 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{59F9BB98-0F78-485D-B249-70D14C8200DF}\mpengine.dll
2012-06-29 00:26 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-29 00:26 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-29 00:26 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-29 00:26 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-29 00:26 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-29 00:26 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-29 00:26 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-29 00:25 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-29 00:25 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-26 06:02 . 2012-06-26 06:02 -------- d-----w- c:\users\ebhandari\AppData\Local\Vid-Saver
2012-06-26 06:02 . 2012-06-26 06:02 -------- d-----w- c:\program files (x86)\Vid-Saver
2012-06-26 06:02 . 2012-06-26 06:02 -------- d-----w- c:\program files (x86)\BitTorrent
2012-06-26 06:01 . 2012-07-02 16:24 -------- d-----w- c:\users\ebhandari\AppData\Roaming\BitTorrent
2012-06-21 15:47 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 15:47 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 15:47 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 15:47 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 15:47 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 15:47 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 15:47 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 15:46 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 15:46 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 15:40 . 2012-06-21 15:40 -------- d-----w- c:\programdata\BigFix
2012-06-19 19:57 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-19 19:57 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-19 19:57 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-19 19:54 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-19 19:46 . 2012-04-28 05:32 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-19 19:46 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-19 19:40 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-19 19:40 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-19 19:40 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-19 19:39 . 2012-03-29 23:07 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-19 19:39 . 2011-06-07 17:35 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-19 17:39 . 2012-03-29 19:40 94208 ----a-w- c:\windows\TIRHService.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-06_20.13.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-02 15:56 . 2012-07-09 04:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
- 2012-07-02 15:56 . 2012-07-06 18:05 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
- 2012-07-02 15:54 . 2012-07-06 20:12 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-07-02 15:54 . 2012-07-09 04:53 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2011-06-07 00:08 . 2012-07-09 05:14 42482 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-09 05:29 33150 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-07 20:11 . 2012-07-09 05:34 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-07 20:11 . 2012-07-06 20:12 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-07 20:11 . 2012-07-09 05:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-07 20:11 . 2012-07-06 20:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-06 20:12 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-09 05:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-03 17:57 . 2012-07-09 05:29 8270 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-527237240-764733703-1801674531-20392_UserData.bin
+ 2011-05-19 16:26 . 2012-07-09 05:10 1837 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-05-19 16:26 . 2012-07-06 20:10 1837 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2012-07-09 05:10 . 2012-07-09 05:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-06 20:11 . 2012-07-06 20:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-06 20:11 . 2012-07-06 20:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-09 05:10 . 2012-07-09 05:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-23 18:17 . 2012-07-09 04:53 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-02-23 18:17 . 2012-07-06 20:12 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-07-09 04:53 458752 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-06 20:12 458752 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-07 16:48 . 2012-07-09 16:27 268676 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-07-14 02:36 . 2012-07-09 05:32 762202 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-07-09 05:10 390644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-06 20:10 390644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:36 . 2012-07-09 05:32 2493400 c:\windows\system32\perfh009.dat
- 2011-12-07 19:41 . 2012-07-06 20:10 1590088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-12-07 19:41 . 2012-07-09 05:10 1590088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-02-20 19:21 . 2012-07-09 05:10 7806980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-527237240-764733703-1801674531-20392-8192.dat
- 2012-02-20 19:21 . 2012-07-06 20:11 7806980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-527237240-764733703-1801674531-20392-8192.dat
- 2012-07-02 16:24 . 2012-07-06 20:10 3730040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-07-02 16:24 . 2012-07-09 05:10 3730040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2009-07-14 04:54 . 2012-07-09 04:53 10502144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-06 20:12 10502144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-06 20:12 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-09 04:53 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-19 17:03 . 2012-07-03 05:13 19915560 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-527237240-764733703-1801674531-20392-4096.dat
+ 2012-03-19 17:03 . 2012-07-09 05:10 19915560 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-527237240-764733703-1801674531-20392-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-03 39408]
"ares"="c:\program files (x86)\Ares\Ares.exe" [bU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-06-01 673136]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-12 215360]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2012-05-16 12098648]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2011-11-15 333376]
.
c:\users\ebhandari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-8 1128224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)
"MaxGPOScriptWait"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-19 257224]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-12-29 97960]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-07 1255736]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-12-29 281544]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-12-29 156248]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-04 2255464]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys [2010-08-05 94208]
S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsne64.sys [2010-08-05 78848]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-04 379496]
S2 TIRmtSvc;Track-It! Workstation Manager;c:\windows\TIREMOTE\TIRemoteService.exe [2011-10-31 210944]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-22 575856]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-08-05 342056]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-08-05 39464]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-18 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-08-12 158976]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-05-31 7689216]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-05-10 174184]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 11392]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:39]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 06:43]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 06:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2010-04-27 22:48 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2010-04-27 22:48 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-03 11842152]
"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2010-04-27 84744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://graceland/Pages/Home.aspx
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 172.24.1.155 10.8.142.103 10.3.8.28
FF - ProfilePath -
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}"=hex:51,66,7a,6c,4c,1d,38,12,ce,98,c3,
35,c7,5c,a0,09,c1,9c,6a,63,e2,38,41,ce
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:1a,f4,07,a5,d7,58,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-09 14:27:35
ComboFix-quarantined-files.txt 2012-07-09 21:27
ComboFix2.txt 2012-07-06 20:22
.
Pre-Run: 379,129,917,440 bytes free
Post-Run: 379,263,778,816 bytes free
.
- - End Of File - - BC8F7DF6C795CC8E97264708946FE188
-
Please see below aseMBR report.
I would like to add this experience has been very good so far. Your quick response time is great and much appreciated.
===============================================
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-09 11:59:00
-----------------------------
11:59:00.158 OS Version: Windows x64 6.1.7601 Service Pack 1
11:59:00.173 Number of processors: 4 586 0x2505
11:59:00.173 ComputerName: EBHANDARI-GNNB UserName: ebhandari
11:59:02.201 Initialize success
11:59:07.443 AVAST engine defs: 12070801
12:02:47.264 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:02:47.264 Disk 0 Vendor: Hitachi_ PC4O Size: 476940MB BusType: 3
12:02:47.280 Disk 0 MBR read successfully
12:02:47.280 Disk 0 MBR scan
12:02:47.295 Disk 0 Windows 7 default MBR code
12:02:47.311 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:02:47.327 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
12:02:47.389 Disk 0 scanning C:\Windows\system32\drivers
12:03:08.530 Service scanning
12:03:45.551 Modules scanning
12:03:45.551 Disk 0 trace - called modules:
12:03:45.583 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
12:03:45.583 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d90060]
12:03:46.097 3 CLASSPNP.SYS[fffff88001aa643f] -> nt!IofCallDriver -> [0xfffffa8007a40690]
12:03:46.097 5 ACPI.sys[fffff88000ed77a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007a46050]
12:03:47.595 AVAST engine scan C:\Windows
12:03:58.173 AVAST engine scan C:\Windows\system32
12:10:08.757 AVAST engine scan C:\Windows\system32\drivers
12:10:27.057 AVAST engine scan C:\Users\ebhandari
12:18:11.659 AVAST engine scan C:\ProgramData
12:20:00.710 Scan finished successfully
12:23:47.211 Disk 0 MBR has been saved successfully to "C:\Users\ebhandari\Desktop\New folder\MBR.dat"
12:23:47.211 The log file has been saved successfully to "C:\Users\ebhandari\Desktop\New folder\aswMBR.txt"
-
Hi,
Below is the report from TDSSKILLER.
When I ran aswMBR - it ran for about 5-10 minutes then automatically re-booted my machine. Should I rerun?
=========================
TDSSKILLER REPORT
---------------------------------------------------
22:07:46.0501 6952 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
22:07:46.0939 6952 ============================================================
22:07:46.0939 6952 Current date / time: 2012/07/08 22:07:46.0939
22:07:46.0939 6952 SystemInfo:
22:07:46.0939 6952
22:07:46.0939 6952 OS Version: 6.1.7601 ServicePack: 1.0
22:07:46.0939 6952 Product type: Workstation
22:07:46.0939 6952 ComputerName: EBHANDARI-GNNB
22:07:46.0939 6952 UserName: ebhandari
22:07:46.0939 6952 Windows directory: C:\Windows
22:07:46.0939 6952 System windows directory: C:\Windows
22:07:46.0939 6952 Running under WOW64
22:07:46.0939 6952 Processor architecture: Intel x64
22:07:46.0939 6952 Number of processors: 4
22:07:46.0939 6952 Page size: 0x1000
22:07:46.0939 6952 Boot type: Normal boot
22:07:46.0939 6952 ============================================================
22:07:47.0626 6952 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:07:47.0630 6952 ============================================================
22:07:47.0630 6952 \Device\Harddisk0\DR0:
22:07:47.0630 6952 MBR partitions:
22:07:47.0630 6952 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:07:47.0630 6952 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353030
22:07:47.0630 6952 ============================================================
22:07:47.0658 6952 C: <-> \Device\Harddisk0\DR0\Partition1
22:07:47.0658 6952 ============================================================
22:07:47.0658 6952 Initialize success
22:07:47.0658 6952 ============================================================
22:07:50.0945 5448 ============================================================
22:07:50.0945 5448 Scan started
22:07:50.0945 5448 Mode: Manual;
22:07:50.0945 5448 ============================================================
22:07:53.0869 5448 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:07:53.0870 5448 1394ohci - ok
22:07:53.0962 5448 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
22:07:54.0032 5448 ACDaemon - ok
22:07:54.0153 5448 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:07:54.0155 5448 ACPI - ok
22:07:54.0237 5448 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:07:54.0238 5448 AcpiPmi - ok
22:07:54.0473 5448 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:07:54.0475 5448 AdobeFlashPlayerUpdateSvc - ok
22:07:54.0551 5448 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:07:54.0553 5448 adp94xx - ok
22:07:54.0609 5448 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:07:54.0611 5448 adpahci - ok
22:07:54.0669 5448 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:07:54.0671 5448 adpu320 - ok
22:07:54.0719 5448 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:07:54.0720 5448 AeLookupSvc - ok
22:07:54.0763 5448 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:07:54.0765 5448 AFD - ok
22:07:54.0795 5448 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:07:54.0796 5448 agp440 - ok
22:07:54.0811 5448 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:07:54.0815 5448 ALG - ok
22:07:54.0841 5448 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:07:54.0841 5448 aliide - ok
22:07:54.0845 5448 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:07:54.0845 5448 amdide - ok
22:07:54.0873 5448 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:07:54.0873 5448 AmdK8 - ok
22:07:54.0888 5448 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:07:54.0889 5448 AmdPPM - ok
22:07:54.0925 5448 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:07:54.0926 5448 amdsata - ok
22:07:54.0965 5448 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:07:54.0966 5448 amdsbs - ok
22:07:54.0979 5448 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:07:54.0980 5448 amdxata - ok
22:07:55.0060 5448 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:07:55.0061 5448 AppID - ok
22:07:55.0112 5448 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:07:55.0116 5448 AppIDSvc - ok
22:07:55.0251 5448 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
22:07:55.0251 5448 Appinfo - ok
22:07:55.0388 5448 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:07:55.0389 5448 Apple Mobile Device - ok
22:07:55.0449 5448 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
22:07:55.0454 5448 AppMgmt - ok
22:07:55.0488 5448 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:07:55.0489 5448 arc - ok
22:07:55.0504 5448 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:07:55.0505 5448 arcsas - ok
22:07:55.0699 5448 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:07:55.0757 5448 aspnet_state - ok
22:07:55.0802 5448 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:07:55.0802 5448 AsyncMac - ok
22:07:55.0823 5448 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:07:55.0824 5448 atapi - ok
22:07:55.0876 5448 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:07:55.0908 5448 AudioEndpointBuilder - ok
22:07:55.0913 5448 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:07:55.0917 5448 AudioSrv - ok
22:07:55.0969 5448 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
22:07:55.0997 5448 AxInstSV - ok
22:07:56.0301 5448 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:07:56.0304 5448 b06bdrv - ok
22:07:56.0400 5448 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:07:56.0401 5448 b57nd60a - ok
22:07:56.0476 5448 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:07:56.0480 5448 BDESVC - ok
22:07:56.0490 5448 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:07:56.0490 5448 Beep - ok
22:07:57.0117 5448 BESClient (cbdc51c584fd4a6bbd06727d82a11428) C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe
22:07:57.0137 5448 BESClient - ok
22:07:57.0480 5448 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
22:07:57.0518 5448 BFE - ok
22:07:57.0567 5448 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
22:07:57.0644 5448 BITS - ok
22:07:57.0690 5448 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:07:57.0691 5448 blbdrive - ok
22:07:57.0766 5448 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:07:57.0768 5448 Bonjour Service - ok
22:07:57.0797 5448 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:07:57.0798 5448 bowser - ok
22:07:57.0807 5448 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:07:57.0808 5448 BrFiltLo - ok
22:07:57.0818 5448 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:07:57.0818 5448 BrFiltUp - ok
22:07:57.0840 5448 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
22:07:57.0841 5448 BridgeMP - ok
22:07:57.0869 5448 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:07:57.0907 5448 Browser - ok
22:07:57.0955 5448 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:07:57.0957 5448 Brserid - ok
22:07:57.0990 5448 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:07:57.0991 5448 BrSerWdm - ok
22:07:58.0005 5448 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:07:58.0006 5448 BrUsbMdm - ok
22:07:58.0009 5448 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:07:58.0010 5448 BrUsbSer - ok
22:07:58.0067 5448 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
22:07:58.0068 5448 BthEnum - ok
22:07:58.0096 5448 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:07:58.0097 5448 BTHMODEM - ok
22:07:58.0184 5448 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
22:07:58.0185 5448 BthPan - ok
22:07:58.0307 5448 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
22:07:58.0309 5448 BTHPORT - ok
22:07:58.0426 5448 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:07:58.0429 5448 bthserv - ok
22:07:58.0460 5448 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
22:07:58.0461 5448 BTHUSB - ok
22:07:58.0567 5448 btwampfl (59e3510784548c6939c1b3b985c232e3) C:\Windows\system32\drivers\btwampfl.sys
22:07:58.0569 5448 btwampfl - ok
22:07:58.0671 5448 btwaudio (1872074ed0a3fb22e3f1e3197b984bfa) C:\Windows\system32\drivers\btwaudio.sys
22:07:58.0672 5448 btwaudio - ok
22:07:58.0697 5448 btwavdt (691cf076c33ab1c3a5b2fd5450300733) C:\Windows\system32\DRIVERS\btwavdt.sys
22:07:58.0698 5448 btwavdt - ok
22:07:58.0832 5448 btwdins (8ba6e93a182126781952a7895ec1e4b2) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
22:07:58.0837 5448 btwdins - ok
22:07:58.0865 5448 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
22:07:58.0865 5448 btwl2cap - ok
22:07:58.0879 5448 btwrchid (c9273b20dec8ce38dbce5d29de63c907) C:\Windows\system32\DRIVERS\btwrchid.sys
22:07:58.0879 5448 btwrchid - ok
22:07:58.0925 5448 catchme - ok
22:07:58.0952 5448 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:07:58.0953 5448 cdfs - ok
22:07:58.0985 5448 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
22:07:58.0986 5448 cdrom - ok
22:07:59.0023 5448 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:07:59.0069 5448 CertPropSvc - ok
22:07:59.0103 5448 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:07:59.0103 5448 circlass - ok
22:07:59.0138 5448 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:07:59.0139 5448 CLFS - ok
22:07:59.0360 5448 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:07:59.0364 5448 clr_optimization_v2.0.50727_32 - ok
22:07:59.0462 5448 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:07:59.0466 5448 clr_optimization_v2.0.50727_64 - ok
22:07:59.0543 5448 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:07:59.0544 5448 clr_optimization_v4.0.30319_32 - ok
22:07:59.0626 5448 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:07:59.0627 5448 clr_optimization_v4.0.30319_64 - ok
22:07:59.0670 5448 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:07:59.0671 5448 CmBatt - ok
22:07:59.0696 5448 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:07:59.0697 5448 cmdide - ok
22:07:59.0735 5448 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
22:07:59.0737 5448 CNG - ok
22:07:59.0761 5448 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:07:59.0762 5448 Compbatt - ok
22:07:59.0806 5448 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:07:59.0807 5448 CompositeBus - ok
22:07:59.0818 5448 COMSysApp - ok
22:07:59.0828 5448 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:07:59.0828 5448 crcdisk - ok
22:07:59.0886 5448 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
22:07:59.0921 5448 CryptSvc - ok
22:08:00.0066 5448 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
22:08:00.0078 5448 CSC - ok
22:08:00.0223 5448 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
22:08:00.0226 5448 CscService - ok
22:08:00.0274 5448 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
22:08:00.0275 5448 CVirtA - ok
22:08:00.0482 5448 CVPND (66257cb4e4fb69887cddc71663741435) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
22:08:00.0488 5448 CVPND - ok
22:08:00.0637 5448 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
22:08:00.0639 5448 CVPNDRVA - ok
22:08:00.0690 5448 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:08:00.0693 5448 DcomLaunch - ok
22:08:00.0749 5448 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:08:00.0757 5448 defragsvc - ok
22:08:00.0792 5448 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:08:00.0793 5448 DfsC - ok
22:08:00.0852 5448 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
22:08:00.0911 5448 Dhcp - ok
22:08:00.0951 5448 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:08:00.0952 5448 discache - ok
22:08:01.0005 5448 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:08:01.0006 5448 Disk - ok
22:08:01.0093 5448 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
22:08:01.0094 5448 DNE - ok
22:08:01.0194 5448 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
22:08:01.0228 5448 Dnscache - ok
22:08:01.0258 5448 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
22:08:01.0295 5448 dot3svc - ok
22:08:01.0326 5448 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:08:01.0328 5448 DPS - ok
22:08:01.0355 5448 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:08:01.0356 5448 drmkaud - ok
22:08:01.0410 5448 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:08:01.0415 5448 DXGKrnl - ok
22:08:01.0444 5448 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:08:01.0447 5448 EapHost - ok
22:08:01.0585 5448 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:08:01.0599 5448 ebdrv - ok
22:08:01.0687 5448 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
22:08:01.0688 5448 EFS - ok
22:08:01.0756 5448 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:08:01.0808 5448 ehRecvr - ok
22:08:01.0836 5448 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:08:01.0840 5448 ehSched - ok
22:08:01.0899 5448 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:08:01.0902 5448 elxstor - ok
22:08:01.0919 5448 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:08:01.0920 5448 ErrDev - ok
22:08:01.0994 5448 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:08:01.0997 5448 EventSystem - ok
22:08:02.0018 5448 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:08:02.0019 5448 exfat - ok
22:08:02.0104 5448 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:08:02.0105 5448 fastfat - ok
22:08:02.0190 5448 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:08:02.0193 5448 Fax - ok
22:08:02.0208 5448 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:08:02.0209 5448 fdc - ok
22:08:02.0227 5448 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:08:02.0228 5448 fdPHost - ok
22:08:02.0243 5448 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:08:02.0244 5448 FDResPub - ok
22:08:02.0253 5448 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:08:02.0253 5448 FileInfo - ok
22:08:02.0271 5448 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:08:02.0272 5448 Filetrace - ok
22:08:02.0300 5448 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:08:02.0301 5448 flpydisk - ok
22:08:02.0331 5448 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:08:02.0333 5448 FltMgr - ok
22:08:02.0445 5448 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
22:08:02.0451 5448 FontCache - ok
22:08:02.0498 5448 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:08:02.0499 5448 FontCache3.0.0.0 - ok
22:08:02.0521 5448 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:08:02.0522 5448 FsDepends - ok
22:08:02.0556 5448 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
22:08:02.0557 5448 Fs_Rec - ok
22:08:02.0594 5448 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:08:02.0595 5448 fvevol - ok
22:08:02.0667 5448 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:08:02.0668 5448 gagp30kx - ok
22:08:02.0758 5448 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:08:02.0758 5448 GEARAspiWDM - ok
22:08:02.0947 5448 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:08:02.0976 5448 gpsvc - ok
22:08:03.0076 5448 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:08:03.0077 5448 gupdate - ok
22:08:03.0090 5448 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:08:03.0091 5448 gupdatem - ok
22:08:03.0115 5448 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:08:03.0116 5448 gusvc - ok
22:08:03.0140 5448 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:08:03.0141 5448 hcw85cir - ok
22:08:03.0180 5448 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:08:03.0182 5448 HdAudAddService - ok
22:08:03.0208 5448 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:08:03.0209 5448 HDAudBus - ok
22:08:03.0270 5448 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
22:08:03.0271 5448 HECIx64 - ok
22:08:03.0297 5448 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:08:03.0297 5448 HidBatt - ok
22:08:03.0356 5448 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:08:03.0357 5448 HidBth - ok
22:08:03.0372 5448 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:08:03.0373 5448 HidIr - ok
22:08:03.0393 5448 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
22:08:03.0397 5448 hidserv - ok
22:08:03.0436 5448 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:08:03.0437 5448 HidUsb - ok
22:08:03.0475 5448 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:08:03.0500 5448 hkmsvc - ok
22:08:03.0586 5448 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:08:03.0611 5448 HomeGroupListener - ok
22:08:03.0661 5448 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:08:03.0661 5448 HomeGroupProvider - ok
22:08:03.0704 5448 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:08:03.0704 5448 HpSAMD - ok
22:08:03.0829 5448 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:08:03.0833 5448 HTTP - ok
22:08:03.0897 5448 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:08:03.0898 5448 hwpolicy - ok
22:08:03.0938 5448 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:08:03.0939 5448 i8042prt - ok
22:08:03.0995 5448 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
22:08:03.0998 5448 iaStor - ok
22:08:04.0074 5448 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
22:08:04.0075 5448 IAStorDataMgrSvc - ok
22:08:04.0111 5448 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:08:04.0113 5448 iaStorV - ok
22:08:04.0239 5448 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:08:04.0300 5448 idsvc - ok
22:08:04.0335 5448 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:08:04.0336 5448 iirsp - ok
22:08:04.0412 5448 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:08:04.0450 5448 IKEEXT - ok
22:08:04.0511 5448 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
22:08:04.0512 5448 Impcd - ok
22:08:04.0688 5448 IntcAzAudAddService (26407a11d7e222afb7ce32700abbd9d1) C:\Windows\system32\drivers\RTKVHD64.sys
22:08:04.0700 5448 IntcAzAudAddService - ok
22:08:04.0789 5448 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:08:04.0790 5448 intelide - ok
22:08:04.0828 5448 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:08:04.0828 5448 intelppm - ok
22:08:04.0914 5448 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
22:08:04.0915 5448 IntuitUpdateServiceV4 - ok
22:08:04.0938 5448 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:08:04.0943 5448 IPBusEnum - ok
22:08:04.0963 5448 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:08:04.0964 5448 IpFilterDriver - ok
22:08:05.0019 5448 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
22:08:05.0022 5448 iphlpsvc - ok
22:08:05.0059 5448 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:08:05.0060 5448 IPMIDRV - ok
22:08:05.0092 5448 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:08:05.0093 5448 IPNAT - ok
22:08:05.0190 5448 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
22:08:05.0194 5448 iPod Service - ok
22:08:05.0221 5448 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:08:05.0222 5448 IRENUM - ok
22:08:05.0235 5448 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:08:05.0236 5448 isapnp - ok
22:08:05.0259 5448 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:08:05.0261 5448 iScsiPrt - ok
22:08:05.0288 5448 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:08:05.0288 5448 kbdclass - ok
22:08:05.0318 5448 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
22:08:05.0319 5448 kbdhid - ok
22:08:05.0354 5448 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:08:05.0355 5448 KeyIso - ok
22:08:05.0369 5448 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:08:05.0369 5448 KSecDD - ok
22:08:05.0439 5448 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:08:05.0440 5448 KSecPkg - ok
22:08:05.0457 5448 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:08:05.0457 5448 ksthunk - ok
22:08:05.0527 5448 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:08:05.0546 5448 KtmRm - ok
22:08:05.0610 5448 L1C (033b4aed2c5519072c0d81e00804d003) C:\Windows\system32\DRIVERS\L1C62x64.sys
22:08:05.0611 5448 L1C - ok
22:08:05.0665 5448 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
22:08:05.0709 5448 LanmanServer - ok
22:08:05.0747 5448 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:08:05.0780 5448 LanmanWorkstation - ok
22:08:05.0809 5448 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:08:05.0810 5448 lltdio - ok
22:08:05.0850 5448 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:08:05.0857 5448 lltdsvc - ok
22:08:05.0872 5448 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:08:05.0877 5448 lmhosts - ok
22:08:05.0905 5448 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:08:05.0906 5448 LSI_FC - ok
22:08:05.0940 5448 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:08:05.0940 5448 LSI_SAS - ok
22:08:05.0966 5448 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:08:05.0967 5448 LSI_SAS2 - ok
22:08:05.0998 5448 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:08:05.0999 5448 LSI_SCSI - ok
22:08:06.0035 5448 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:08:06.0036 5448 luafv - ok
22:08:06.0132 5448 McAfeeFramework (3ef9511390f9106dd8cf0747baeb335c) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
22:08:06.0133 5448 McAfeeFramework - ok
22:08:06.0211 5448 McShield (00315dc847778d65728197b63803b523) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
22:08:06.0212 5448 McShield - ok
22:08:06.0318 5448 McTaskManager (b15bb3aef59158b4e1dda5328c842713) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
22:08:06.0320 5448 McTaskManager - ok
22:08:06.0385 5448 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:08:06.0441 5448 Mcx2Svc - ok
22:08:06.0464 5448 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:08:06.0465 5448 megasas - ok
22:08:06.0501 5448 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:08:06.0503 5448 MegaSR - ok
22:08:06.0555 5448 mfeapfk (0d121a46e0148a3bc941fa3bb0269329) C:\Windows\system32\drivers\mfeapfk.sys
22:08:06.0556 5448 mfeapfk - ok
22:08:06.0605 5448 mfeavfk (93f251905c028809ffb49f95a63fcbc9) C:\Windows\system32\drivers\mfeavfk.sys
22:08:06.0607 5448 mfeavfk - ok
22:08:06.0635 5448 mfeavfk01 - ok
22:08:06.0733 5448 mfehidk (a282a937127ea7b15eb85559e59ae576) C:\Windows\system32\drivers\mfehidk.sys
22:08:06.0736 5448 mfehidk - ok
22:08:06.0768 5448 mferkdet (04d7e0e2a48730a1c535837f105e6352) C:\Windows\system32\drivers\mferkdet.sys
22:08:06.0768 5448 mferkdet - ok
22:08:06.0836 5448 mfevtp (45f1580c7c9f49a68b72ef2ccefef3a3) C:\Windows\system32\mfevtps.exe
22:08:06.0838 5448 mfevtp - ok
22:08:06.0880 5448 mfewfpk (325dd1031cfd71bd4d8afdb1faaf3bea) C:\Windows\system32\drivers\mfewfpk.sys
22:08:06.0881 5448 mfewfpk - ok
22:08:06.0952 5448 Microsoft SharePoint Workspace Audit Service - ok
22:08:06.0986 5448 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:08:06.0987 5448 MMCSS - ok
22:08:07.0045 5448 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:08:07.0046 5448 Modem - ok
22:08:07.0068 5448 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:08:07.0068 5448 monitor - ok
22:08:07.0093 5448 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:08:07.0093 5448 mouclass - ok
22:08:07.0135 5448 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:08:07.0136 5448 mouhid - ok
22:08:07.0163 5448 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:08:07.0164 5448 mountmgr - ok
22:08:07.0208 5448 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:08:07.0209 5448 mpio - ok
22:08:07.0238 5448 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:08:07.0239 5448 mpsdrv - ok
22:08:07.0335 5448 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
22:08:07.0372 5448 MpsSvc - ok
22:08:07.0386 5448 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:08:07.0388 5448 MRxDAV - ok
22:08:07.0404 5448 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:08:07.0405 5448 mrxsmb - ok
22:08:07.0459 5448 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:08:07.0461 5448 mrxsmb10 - ok
22:08:07.0477 5448 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:08:07.0478 5448 mrxsmb20 - ok
22:08:07.0497 5448 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:08:07.0497 5448 msahci - ok
22:08:07.0513 5448 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:08:07.0514 5448 msdsm - ok
22:08:07.0535 5448 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:08:07.0541 5448 MSDTC - ok
22:08:07.0563 5448 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:08:07.0564 5448 Msfs - ok
22:08:07.0572 5448 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:08:07.0573 5448 mshidkmdf - ok
22:08:07.0591 5448 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:08:07.0592 5448 msisadrv - ok
22:08:07.0621 5448 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:08:07.0628 5448 MSiSCSI - ok
22:08:07.0630 5448 msiserver - ok
22:08:07.0660 5448 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:08:07.0661 5448 MSKSSRV - ok
22:08:07.0665 5448 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:08:07.0665 5448 MSPCLOCK - ok
22:08:07.0673 5448 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:08:07.0674 5448 MSPQM - ok
22:08:07.0707 5448 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:08:07.0709 5448 MsRPC - ok
22:08:07.0718 5448 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:08:07.0719 5448 mssmbios - ok
22:08:07.0722 5448 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:08:07.0723 5448 MSTEE - ok
22:08:07.0737 5448 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:08:07.0737 5448 MTConfig - ok
22:08:07.0758 5448 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:08:07.0759 5448 Mup - ok
22:08:07.0796 5448 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:08:07.0799 5448 napagent - ok
22:08:07.0936 5448 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:08:07.0939 5448 NativeWifiP - ok
22:08:08.0118 5448 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:08:08.0123 5448 NDIS - ok
22:08:08.0149 5448 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:08:08.0150 5448 NdisCap - ok
22:08:08.0176 5448 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:08:08.0177 5448 NdisTapi - ok
22:08:08.0199 5448 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:08:08.0200 5448 Ndisuio - ok
22:08:08.0230 5448 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:08:08.0231 5448 NdisWan - ok
22:08:08.0261 5448 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:08:08.0262 5448 NDProxy - ok
22:08:08.0286 5448 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:08:08.0287 5448 NetBIOS - ok
22:08:08.0310 5448 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:08:08.0312 5448 NetBT - ok
22:08:08.0346 5448 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:08:08.0347 5448 Netlogon - ok
22:08:08.0401 5448 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:08:08.0407 5448 Netman - ok
22:08:08.0523 5448 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:08:08.0574 5448 NetMsmqActivator - ok
22:08:08.0588 5448 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:08:08.0589 5448 NetPipeActivator - ok
22:08:08.0628 5448 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:08:08.0631 5448 netprofm - ok
22:08:08.0647 5448 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:08:08.0648 5448 NetTcpActivator - ok
22:08:08.0652 5448 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:08:08.0653 5448 NetTcpPortSharing - ok
22:08:09.0312 5448 NETw5s64 (18555f48844c2861d9dce8f2b7223ae5) C:\Windows\system32\DRIVERS\NETw5s64.sys
22:08:09.0413 5448 NETw5s64 - ok
22:08:09.0524 5448 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:08:09.0525 5448 nfrd960 - ok
22:08:09.0613 5448 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:08:09.0615 5448 NlaSvc - ok
22:08:09.0635 5448 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:08:09.0636 5448 Npfs - ok
22:08:09.0658 5448 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:08:09.0662 5448 nsi - ok
22:08:09.0669 5448 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:08:09.0670 5448 nsiproxy - ok
22:08:09.0758 5448 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:08:09.0772 5448 Ntfs - ok
22:08:09.0874 5448 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:08:09.0874 5448 Null - ok
22:08:09.0909 5448 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
22:08:09.0910 5448 NVHDA - ok
22:08:11.0278 5448 nvlddmkm (69ff3b6f43817da715824ca79742dec5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:08:11.0333 5448 nvlddmkm - ok
22:08:11.0466 5448 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:08:11.0467 5448 nvraid - ok
22:08:11.0486 5448 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:08:11.0488 5448 nvstor - ok
22:08:11.0550 5448 nvsvc (799ac71b5dabda9955f7043a083ec611) C:\Windows\system32\nvvsvc.exe
22:08:11.0555 5448 nvsvc - ok
22:08:11.0778 5448 nvUpdatusService (a2422cba523e9b297d02dd140bc672f0) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
22:08:11.0787 5448 nvUpdatusService - ok
22:08:11.0880 5448 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:08:11.0881 5448 nv_agp - ok
22:08:11.0915 5448 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:08:11.0916 5448 ohci1394 - ok
22:08:12.0032 5448 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:08:12.0079 5448 ose - ok
22:08:12.0591 5448 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:08:12.0670 5448 osppsvc - ok
22:08:12.0827 5448 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:08:12.0829 5448 p2pimsvc - ok
22:08:12.0851 5448 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:08:12.0861 5448 p2psvc - ok
22:08:12.0894 5448 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:08:12.0895 5448 Parport - ok
22:08:12.0910 5448 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
22:08:12.0911 5448 partmgr - ok
22:08:12.0925 5448 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:08:12.0932 5448 PcaSvc - ok
22:08:12.0961 5448 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:08:12.0962 5448 pci - ok
22:08:12.0975 5448 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:08:12.0975 5448 pciide - ok
22:08:12.0994 5448 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:08:12.0995 5448 pcmcia - ok
22:08:13.0005 5448 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:08:13.0006 5448 pcw - ok
22:08:13.0043 5448 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:08:13.0046 5448 PEAUTH - ok
22:08:13.0113 5448 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
22:08:13.0120 5448 PeerDistSvc - ok
22:08:13.0194 5448 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:08:13.0196 5448 PerfHost - ok
22:08:13.0513 5448 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:08:13.0574 5448 pla - ok
22:08:13.0617 5448 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:08:13.0659 5448 PlugPlay - ok
22:08:13.0673 5448 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:08:13.0677 5448 PNRPAutoReg - ok
22:08:13.0702 5448 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:08:13.0704 5448 PNRPsvc - ok
22:08:13.0739 5448 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:08:13.0784 5448 PolicyAgent - ok
22:08:13.0815 5448 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:08:13.0816 5448 Power - ok
22:08:13.0868 5448 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:08:13.0869 5448 PptpMiniport - ok
22:08:13.0896 5448 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:08:13.0897 5448 Processor - ok
22:08:13.0936 5448 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
22:08:13.0978 5448 ProfSvc - ok
22:08:14.0004 5448 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:08:14.0006 5448 ProtectedStorage - ok
22:08:14.0021 5448 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:08:14.0022 5448 Psched - ok
22:08:14.0078 5448 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:08:14.0085 5448 ql2300 - ok
22:08:14.0206 5448 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:08:14.0207 5448 ql40xx - ok
22:08:14.0232 5448 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:08:14.0240 5448 QWAVE - ok
22:08:14.0249 5448 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:08:14.0249 5448 QWAVEdrv - ok
22:08:14.0255 5448 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:08:14.0256 5448 RasAcd - ok
22:08:14.0287 5448 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:08:14.0288 5448 RasAgileVpn - ok
22:08:14.0305 5448 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:08:14.0313 5448 RasAuto - ok
22:08:14.0339 5448 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:08:14.0340 5448 Rasl2tp - ok
22:08:14.0366 5448 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:08:14.0408 5448 RasMan - ok
22:08:14.0422 5448 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:08:14.0423 5448 RasPppoe - ok
22:08:14.0436 5448 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:08:14.0437 5448 RasSstp - ok
22:08:14.0457 5448 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:08:14.0459 5448 rdbss - ok
22:08:14.0476 5448 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:08:14.0477 5448 rdpbus - ok
22:08:14.0492 5448 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:08:14.0493 5448 RDPCDD - ok
22:08:14.0532 5448 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
22:08:14.0533 5448 RDPDR - ok
22:08:14.0581 5448 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:08:14.0582 5448 RDPENCDD - ok
22:08:14.0587 5448 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:08:14.0587 5448 RDPREFMP - ok
22:08:14.0637 5448 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
22:08:14.0637 5448 RdpVideoMiniport - ok
22:08:14.0665 5448 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
22:08:14.0666 5448 RDPWD - ok
22:08:14.0694 5448 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:08:14.0695 5448 rdyboost - ok
22:08:14.0730 5448 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:08:14.0735 5448 RemoteAccess - ok
22:08:14.0767 5448 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:08:14.0772 5448 RemoteRegistry - ok
22:08:14.0809 5448 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
22:08:14.0811 5448 RFCOMM - ok
22:08:14.0845 5448 rimspci (fa6abc06b629da29634d31f1fe0347bd) C:\Windows\system32\DRIVERS\rimssne64.sys
22:08:14.0846 5448 rimspci - ok
22:08:14.0877 5448 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
22:08:14.0878 5448 RimUsb - ok
22:08:14.0919 5448 risdsnpe (8f8539a7f5c117d4407b2985995671f2) C:\Windows\system32\DRIVERS\risdsne64.sys
22:08:14.0920 5448 risdsnpe - ok
22:08:14.0937 5448 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:08:14.0945 5448 RpcEptMapper - ok
22:08:15.0032 5448 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:08:15.0047 5448 RpcLocator - ok
22:08:15.0118 5448 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:08:15.0121 5448 RpcSs - ok
22:08:15.0187 5448 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:08:15.0188 5448 rspndr - ok
22:08:15.0207 5448 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
22:08:15.0208 5448 s3cap - ok
22:08:15.0242 5448 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:08:15.0243 5448 SamSs - ok
22:08:15.0262 5448 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:08:15.0263 5448 sbp2port - ok
22:08:15.0291 5448 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:08:15.0298 5448 SCardSvr - ok
22:08:15.0326 5448 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:08:15.0327 5448 scfilter - ok
22:08:15.0410 5448 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:08:15.0445 5448 Schedule - ok
22:08:15.0474 5448 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:08:15.0475 5448 SCPolicySvc - ok
22:08:15.0513 5448 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
22:08:15.0514 5448 sdbus - ok
22:08:15.0593 5448 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:08:15.0623 5448 SDRSVC - ok
22:08:15.0684 5448 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:08:15.0684 5448 secdrv - ok
22:08:15.0695 5448 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:08:15.0731 5448 seclogon - ok
22:08:15.0753 5448 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
22:08:15.0755 5448 SENS - ok
22:08:15.0767 5448 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:08:15.0769 5448 SensrSvc - ok
22:08:15.0773 5448 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:08:15.0774 5448 Serenum - ok
22:08:15.0814 5448 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:08:15.0816 5448 Serial - ok
22:08:15.0837 5448 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:08:15.0837 5448 sermouse - ok
22:08:15.0871 5448 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:08:15.0901 5448 SessionEnv - ok
22:08:15.0994 5448 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\DRIVERS\SFEP.sys
22:08:15.0994 5448 SFEP - ok
22:08:16.0059 5448 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:08:16.0060 5448 sffdisk - ok
22:08:16.0101 5448 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:08:16.0102 5448 sffp_mmc - ok
22:08:16.0119 5448 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:08:16.0120 5448 sffp_sd - ok
22:08:16.0145 5448 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:08:16.0146 5448 sfloppy - ok
22:08:16.0208 5448 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:08:16.0216 5448 SharedAccess - ok
22:08:16.0253 5448 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:08:16.0256 5448 ShellHWDetection - ok
22:08:16.0290 5448 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:08:16.0291 5448 SiSRaid2 - ok
22:08:16.0317 5448 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:08:16.0318 5448 SiSRaid4 - ok
22:08:16.0349 5448 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:08:16.0350 5448 Smb - ok
22:08:16.0411 5448 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:08:16.0416 5448 SNMPTRAP - ok
22:08:16.0453 5448 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:08:16.0453 5448 spldr - ok
22:08:16.0491 5448 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:08:16.0494 5448 Spooler - ok
22:08:16.0954 5448 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:08:16.0968 5448 sppsvc - ok
22:08:17.0070 5448 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:08:17.0075 5448 sppuinotify - ok
22:08:17.0120 5448 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:08:17.0123 5448 srv - ok
22:08:17.0181 5448 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:08:17.0184 5448 srv2 - ok
22:08:17.0214 5448 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:08:17.0215 5448 srvnet - ok
22:08:17.0250 5448 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:08:17.0252 5448 SSDPSRV - ok
22:08:17.0273 5448 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:08:17.0278 5448 SstpSvc - ok
22:08:17.0348 5448 Stereo Service (80d035bcaa65a0644ea169d6ca6bcb98) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:08:17.0350 5448 Stereo Service - ok
22:08:17.0401 5448 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:08:17.0402 5448 stexstor - ok
22:08:17.0470 5448 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:08:17.0505 5448 stisvc - ok
22:08:17.0527 5448 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
22:08:17.0528 5448 storflt - ok
22:08:17.0552 5448 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
22:08:17.0555 5448 StorSvc - ok
22:08:17.0580 5448 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
22:08:17.0581 5448 storvsc - ok
22:08:17.0587 5448 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:08:17.0588 5448 swenum - ok
22:08:17.0626 5448 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:08:17.0639 5448 swprv - ok
22:08:17.0662 5448 Synth3dVsc - ok
22:08:17.0732 5448 SynTP (20f8f4c2ed3f492da318d98e72f77209) C:\Windows\system32\DRIVERS\SynTP.sys
22:08:17.0734 5448 SynTP - ok
22:08:17.0864 5448 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:08:17.0880 5448 SysMain - ok
22:08:18.0145 5448 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:08:18.0178 5448 TabletInputService - ok
22:08:18.0229 5448 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:08:18.0274 5448 TapiSrv - ok
22:08:18.0343 5448 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:08:18.0344 5448 TBS - ok
22:08:18.0620 5448 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
22:08:18.0658 5448 Tcpip - ok
22:08:18.0861 5448 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
22:08:18.0869 5448 TCPIP6 - ok
22:08:18.0934 5448 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:08:18.0935 5448 tcpipreg - ok
22:08:18.0967 5448 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:08:18.0968 5448 TDPIPE - ok
22:08:18.0997 5448 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:08:18.0998 5448 TDTCP - ok
22:08:19.0017 5448 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:08:19.0018 5448 tdx - ok
22:08:19.0067 5448 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:08:19.0068 5448 TermDD - ok
22:08:19.0157 5448 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:08:19.0162 5448 TermService - ok
22:08:19.0219 5448 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:08:19.0224 5448 Themes - ok
22:08:19.0254 5448 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:08:19.0255 5448 THREADORDER - ok
22:08:19.0312 5448 TIRmtSvc (8b522b91be7ce217efc1fa6c70c4465a) C:\WINDOWS\TIREMOTE\TIRemoteService.exe
22:08:19.0314 5448 TIRmtSvc - ok
22:08:19.0336 5448 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:08:19.0341 5448 TrkWks - ok
22:08:19.0396 5448 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:08:19.0397 5448 TrustedInstaller - ok
22:08:19.0463 5448 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:08:19.0464 5448 tssecsrv - ok
22:08:19.0496 5448 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:08:19.0497 5448 TsUsbFlt - ok
22:08:19.0501 5448 tsusbhub - ok
22:08:19.0556 5448 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:08:19.0557 5448 tunnel - ok
22:08:19.0585 5448 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:08:19.0586 5448 uagp35 - ok
22:08:19.0626 5448 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:08:19.0628 5448 udfs - ok
22:08:19.0655 5448 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:08:19.0660 5448 UI0Detect - ok
22:08:19.0680 5448 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:08:19.0680 5448 uliagpkx - ok
22:08:19.0702 5448 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
22:08:19.0702 5448 umbus - ok
22:08:19.0713 5448 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:08:19.0714 5448 UmPass - ok
22:08:19.0744 5448 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
22:08:19.0784 5448 UmRdpService - ok
22:08:19.0808 5448 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:08:19.0813 5448 upnphost - ok
22:08:19.0902 5448 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
22:08:19.0903 5448 USBAAPL64 - ok
22:08:19.0982 5448 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:08:19.0983 5448 usbccgp - ok
22:08:20.0025 5448 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:08:20.0026 5448 usbcir - ok
22:08:20.0049 5448 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
22:08:20.0050 5448 usbehci - ok
22:08:20.0090 5448 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:08:20.0092 5448 usbhub - ok
22:08:20.0114 5448 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
22:08:20.0114 5448 usbohci - ok
22:08:20.0146 5448 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:08:20.0146 5448 usbprint - ok
22:08:20.0208 5448 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:08:20.0208 5448 usbscan - ok
22:08:20.0259 5448 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:08:20.0260 5448 USBSTOR - ok
22:08:20.0326 5448 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:08:20.0326 5448 usbuhci - ok
22:08:20.0421 5448 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
22:08:20.0423 5448 usbvideo - ok
22:08:20.0469 5448 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:08:20.0475 5448 UxSms - ok
22:08:20.0601 5448 VAIO Event Service (a60605fc66552b421ee1f3d4ebb9a4e0) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
22:08:20.0602 5448 VAIO Event Service - ok
22:08:20.0699 5448 VAIO Power Management (d469be2723f79cf4b384680b1fdc577d) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
22:08:20.0702 5448 VAIO Power Management - ok
22:08:20.0723 5448 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:08:20.0724 5448 VaultSvc - ok
22:08:20.0742 5448 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:08:20.0743 5448 vdrvroot - ok
22:08:20.0804 5448 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:08:20.0852 5448 vds - ok
22:08:20.0895 5448 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:08:20.0895 5448 vga - ok
22:08:20.0924 5448 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:08:20.0925 5448 VgaSave - ok
22:08:20.0951 5448 VGPU - ok
22:08:20.0988 5448 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:08:20.0990 5448 vhdmp - ok
22:08:21.0008 5448 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:08:21.0008 5448 viaide - ok
22:08:21.0065 5448 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
22:08:21.0067 5448 vmbus - ok
22:08:21.0122 5448 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
22:08:21.0122 5448 VMBusHID - ok
22:08:21.0187 5448 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:08:21.0188 5448 volmgr - ok
22:08:21.0253 5448 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:08:21.0255 5448 volmgrx - ok
22:08:21.0375 5448 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:08:21.0377 5448 volsnap - ok
22:08:21.0451 5448 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:08:21.0452 5448 vsmraid - ok
22:08:21.0596 5448 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:08:21.0648 5448 VSS - ok
22:08:21.0756 5448 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:08:21.0756 5448 vwifibus - ok
22:08:21.0781 5448 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:08:21.0782 5448 vwififlt - ok
22:08:21.0818 5448 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
22:08:21.0819 5448 vwifimp - ok
22:08:21.0856 5448 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:08:21.0866 5448 W32Time - ok
22:08:21.0899 5448 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:08:21.0900 5448 WacomPen - ok
22:08:22.0009 5448 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:08:22.0010 5448 WANARP - ok
22:08:22.0014 5448 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:08:22.0016 5448 Wanarpv6 - ok
22:08:22.0246 5448 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
22:08:22.0298 5448 WatAdminSvc - ok
22:08:22.0432 5448 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:08:22.0492 5448 wbengine - ok
22:08:22.0625 5448 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:08:22.0627 5448 WbioSrvc - ok
22:08:22.0683 5448 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:08:22.0715 5448 wcncsvc - ok
22:08:22.0732 5448 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:08:22.0735 5448 WcsPlugInService - ok
22:08:22.0790 5448 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:08:22.0791 5448 Wd - ok
22:08:22.0855 5448 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:08:22.0858 5448 Wdf01000 - ok
22:08:22.0879 5448 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:08:22.0886 5448 WdiServiceHost - ok
22:08:22.0889 5448 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:08:22.0891 5448 WdiSystemHost - ok
22:08:22.0960 5448 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:08:23.0017 5448 WebClient - ok
22:08:23.0044 5448 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:08:23.0052 5448 Wecsvc - ok
22:08:23.0089 5448 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:08:23.0093 5448 wercplsupport - ok
22:08:23.0121 5448 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:08:23.0125 5448 WerSvc - ok
22:08:23.0163 5448 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:08:23.0164 5448 WfpLwf - ok
22:08:23.0178 5448 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:08:23.0179 5448 WIMMount - ok
22:08:23.0205 5448 WinDefend - ok
22:08:23.0212 5448 WinHttpAutoProxySvc - ok
22:08:23.0294 5448 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:08:23.0301 5448 Winmgmt - ok
22:08:23.0457 5448 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:08:23.0506 5448 WinRM - ok
22:08:23.0876 5448 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
22:08:23.0877 5448 WinUsb - ok
22:08:24.0016 5448 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:08:24.0026 5448 Wlansvc - ok
22:08:24.0076 5448 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:08:24.0077 5448 WmiAcpi - ok
22:08:24.0136 5448 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:08:24.0142 5448 wmiApSrv - ok
22:08:24.0176 5448 WMPNetworkSvc - ok
22:08:24.0198 5448 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:08:24.0203 5448 WPCSvc - ok
22:08:24.0233 5448 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:08:24.0235 5448 WPDBusEnum - ok
22:08:24.0256 5448 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:08:24.0256 5448 ws2ifsl - ok
22:08:24.0283 5448 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
22:08:24.0285 5448 wscsvc - ok
22:08:24.0288 5448 WSearch - ok
22:08:24.0430 5448 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
22:08:24.0440 5448 wuauserv - ok
22:08:24.0611 5448 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:08:24.0612 5448 WudfPf - ok
22:08:24.0627 5448 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:08:24.0628 5448 WUDFRd - ok
22:08:24.0653 5448 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:08:24.0690 5448 wudfsvc - ok
22:08:24.0717 5448 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:08:24.0726 5448 WwanSvc - ok
22:08:24.0773 5448 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:08:24.0802 5448 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
22:08:24.0803 5448 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
22:08:24.0834 5448 Boot (0x1200) (4580e43ecdae801d8652a68ac2c6795d) \Device\Harddisk0\DR0\Partition0
22:08:24.0836 5448 \Device\Harddisk0\DR0\Partition0 - ok
22:08:24.0849 5448 Boot (0x1200) (c6124f9b61ca809682374e09392d1537) \Device\Harddisk0\DR0\Partition1
22:08:24.0850 5448 \Device\Harddisk0\DR0\Partition1 - ok
22:08:24.0850 5448 ============================================================
22:08:24.0850 5448 Scan finished
22:08:24.0850 5448 ============================================================
22:08:24.0863 4228 Detected object count: 1
22:08:24.0863 4228 Actual detected object count: 1
22:09:06.0569 4228 \Device\Harddisk0\DR0\# - copied to quarantine
22:09:06.0574 4228 \Device\Harddisk0\DR0 - copied to quarantine
22:09:06.0603 4228 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
22:09:06.0740 4228 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
22:09:06.0774 4228 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
22:09:11.0878 4228 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
22:09:12.0064 4228 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
22:09:17.0915 4228 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
22:09:18.0041 4228 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
22:09:18.0141 4228 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
22:09:18.0252 4228 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
22:09:18.0518 4228 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
22:09:18.0648 4228 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
22:09:18.0747 4228 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
22:09:18.0755 4228 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
22:09:18.0761 4228 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
22:09:18.0789 4228 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
22:09:18.0941 4228 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
22:09:18.0971 4228 \Device\Harddisk0\DR0 - ok
22:09:18.0978 4228 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
22:09:58.0111 6888 Deinitialize success
-
Ok here we go 4 items:
==============================================================================
(1) CHECKUP.TXT
---------------------------------
Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
McAfee VirusScan Enterprise
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 30
Java version out of Date!
Mozilla Firefox 11.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
McAfee VirusScan Enterprise mfeann.exe
McAfee VirusScan Enterprise VsTskMgr.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
=============================================================================
(2) LOG FROM COMBOFIX:
-------------------------------------
ComboFix 12-07-06.02 - ebhandari 07/06/2012 13:01:35.1.4 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.8055.6298 [GMT -7:00]
Running from: c:\users\ebhandari\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\windows\Installer\{1427c4e0-5d2d-54ec-86e7-77196502e050}\@
c:\windows\Installer\{1427c4e0-5d2d-54ec-86e7-77196502e050}\L\00000004.@
c:\windows\Installer\{1427c4e0-5d2d-54ec-86e7-77196502e050}\L\1afb2d56
c:\windows\Installer\{1427c4e0-5d2d-54ec-86e7-77196502e050}\L\201d3dde
c:\windows\Installer\{1427c4e0-5d2d-54ec-86e7-77196502e050}\n
c:\windows\Installer\{1427c4e0-5d2d-54ec-86e7-77196502e050}\U\00000004.@
c:\windows\Installer\{1427c4e0-5d2d-54ec-86e7-77196502e050}\U\00000008.@
c:\windows\Installer\{1427c4e0-5d2d-54ec-86e7-77196502e050}\U\000000cb.@
c:\windows\Installer\{1427c4e0-5d2d-54ec-86e7-77196502e050}\U\80000000.@
c:\windows\Installer\{1427c4e0-5d2d-54ec-86e7-77196502e050}\U\80000032.@
c:\windows\Installer\{1427c4e0-5d2d-54ec-86e7-77196502e050}\U\80000064.@
c:\windows\svchost.exe
c:\windows\assembly\GAC_32\Desktop.ini . . . . Failed to delete
c:\windows\assembly\GAC_64\Desktop.ini . . . . Failed to delete
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-06 to 2012-07-06 )))))))))))))))))))))))))))))))
.
.
2012-07-06 20:10 . 2012-07-06 20:10 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-06 20:10 . 2012-07-06 20:10 -------- d-----w- c:\users\smitchell\AppData\Local\temp
2012-07-06 20:10 . 2012-07-06 20:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-06 20:10 . 2012-07-06 20:10 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-07-06 20:10 . 2012-07-06 20:10 -------- d-----w- c:\users\admin\AppData\Local\temp
2012-07-06 16:41 . 2012-07-06 16:41 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-06 16:28 . 2012-07-06 16:28 -------- d-----w- c:\windows\Sun
2012-07-03 12:26 . 2012-07-05 09:25 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{59F9BB98-0F78-485D-B249-70D14C8200DF}\offreg.dll
2012-07-03 12:25 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{59F9BB98-0F78-485D-B249-70D14C8200DF}\mpengine.dll
2012-06-29 00:26 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-29 00:26 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-29 00:26 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-29 00:26 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-29 00:26 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-29 00:26 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-29 00:26 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-29 00:25 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-29 00:25 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-26 06:02 . 2012-06-26 06:02 -------- d-----w- c:\users\ebhandari\AppData\Local\Vid-Saver
2012-06-26 06:02 . 2012-06-26 06:02 -------- d-----w- c:\program files (x86)\Vid-Saver
2012-06-26 06:02 . 2012-06-26 06:02 -------- d-----w- c:\program files (x86)\BitTorrent
2012-06-26 06:01 . 2012-07-02 16:24 -------- d-----w- c:\users\ebhandari\AppData\Roaming\BitTorrent
2012-06-21 15:47 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 15:47 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 15:47 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 15:47 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 15:47 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 15:47 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 15:47 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 15:46 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 15:46 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 15:40 . 2012-06-21 15:40 -------- d-----w- c:\programdata\BigFix
2012-06-19 19:57 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-19 19:57 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-19 19:57 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-19 19:54 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-19 19:46 . 2012-04-28 05:32 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-19 19:46 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-19 19:40 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-19 19:40 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-19 19:40 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-19 19:39 . 2012-03-29 23:07 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-19 19:39 . 2011-06-07 17:35 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-19 17:39 . 2012-03-29 19:40 94208 ----a-w- c:\windows\TIRHService.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-03 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-06-01 673136]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-12 215360]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2012-05-16 12098648]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2011-11-15 333376]
.
c:\users\ebhandari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-8 1128224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)
"MaxGPOScriptWait"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-19 257224]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-12-29 97960]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-07 1255736]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-12-29 281544]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-12-29 156248]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-04 2255464]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys [2010-08-05 94208]
S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsne64.sys [2010-08-05 78848]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-04 379496]
S2 TIRmtSvc;Track-It! Workstation Manager;c:\windows\TIREMOTE\TIRemoteService.exe [2011-10-31 210944]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-22 575856]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-08-05 342056]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-08-05 39464]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-18 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-08-12 158976]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-05-31 7689216]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-05-10 174184]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 11392]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:39]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 06:43]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 06:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2010-04-27 22:48 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2010-04-27 22:48 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-03 11842152]
"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2010-04-27 84744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://graceland/Pages/Home.aspx
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 172.24.1.155 10.8.142.103 10.3.8.39 10.3.8.28
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-ares - c:\program files (x86)\Ares\Ares.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}"=hex:51,66,7a,6c,4c,1d,38,12,ce,98,c3,
35,c7,5c,a0,09,c1,9c,6a,63,e2,38,41,ce
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:1a,f4,07,a5,d7,58,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe
c:\program files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\BigFix Enterprise\BES Client\BESClient.exe
c:\program files (x86)\BigFix Enterprise\BES Client\BESClientUI.exe
.
**************************************************************************
.
Completion time: 2012-07-06 13:22:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-06 20:22
.
Pre-Run: 378,074,447,872 bytes free
Post-Run: 380,502,237,184 bytes free
.
- - End Of File - - C28C4E995862AE5C7EB6DD402CD4301A
==================================================
(3) Problems I have had:
--------------------------------
- my computer was blue screening periodically
- when re-booting it would take 2 or 3 re-boot before getting my computer to a point where I could open programs
- in the 2 or 3 times it would blue screen, or freeze at boot screen
====================================================
(4) How is the computer doing now?
------------------------------------------------
- I have not tried to reboot
- random music/radio is still there
-
DDS.txt LOG
=================
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by ebhandari at 16:29:40 on 2012-07-03
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.8055.4314 [GMT -7:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\TIREMOTE\TIRemoteService.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Protector Suite\upeksvr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Protector Suite\psqltray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Microsoft Lync\communicator.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe
C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClientUI.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\splwow64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Microsoft Lync\UcMapi.exe
C:\Program Files (x86)\GL Wand\OracleBP.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre6\bin\java.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Microsoft Office\Office14\NAMECONTROLSERVER.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\mcconsol.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://graceland/Pages/Home.aspx
uWindow Title = Windows Internet Explorer provided by Gracenote, Inc.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31d09ba0-12f5-4cce-be8a-2923e76605da} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111228165507.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
StartupFolder: C:\Users\EBHAND~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: SynchronousMachineGroupPolicy = 1 (0x1)
mPolicies-system: SynchronousUserGroupPolicy = 1 (0x1)
mPolicies-system: MaxGPOScriptWait = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://oracleweb.webex.com/client/WBXclient-T27L10NSP31-13320/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 172.24.1.155 10.8.142.103 10.3.8.39 10.3.8.28
TCP: Interfaces\{A8CF4239-A7E3-4B62-8017-972A18AE7E0F} : DhcpNameServer = 172.24.1.155 10.8.142.103 10.3.8.39 10.3.8.28
TCP: Interfaces\{EAD167A8-A26A-49B4-BC39-4F21FE88B4B3} : DhcpNameServer = 172.24.1.155 10.8.142.103 10.3.8.39 10.3.8.28
TCP: Interfaces\{EAD167A8-A26A-49B4-BC39-4F21FE88B4B3}\268616E646162796D256874756E6465646 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EAD167A8-A26A-49B4-BC39-4F21FE88B4B3}\268616E646162796F57657563747 : DhcpNameServer = 8.8.8.8 208.67.222.222
TCP: Interfaces\{EAD167A8-A26A-49B4-BC39-4F21FE88B4B3}\96E66756E647F62797 : DhcpNameServer = 8.8.8.8 208.67.222.222
TCP: Interfaces\{EAD167A8-A26A-49B4-BC39-4F21FE88B4B3}\D416272796F64747 : DhcpNameServer = 4.2.2.1
TCP: Interfaces\{EAD167A8-A26A-49B4-BC39-4F21FE88B4B3}\D416272796F6474702C4F6262697 : DhcpNameServer = 4.2.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
LSA: Notification Packages = scecli C:\Program Files\Protector Suite\psqlpwd.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
BHO-X64: Lync add-on BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111228165507.dll
BHO-X64: scriptproxy - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)]
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-6-7 13336]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-11-15 132672]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-12-28 190256]
R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2011-1-12 209760]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-12-28 2255464]
R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimssne64.sys --> C:\Windows\system32\DRIVERS\rimssne64.sys [?]
R2 risdsnpe;risdsnpe;C:\Windows\system32\DRIVERS\risdsne64.sys --> C:\Windows\system32\DRIVERS\risdsne64.sys [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496]
R2 TIRmtSvc;Track-It! Workstation Manager;C:\Windows\TIREMOTE\TIRemoteService.exe [2012-3-29 210944]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2011-6-17 575856]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-2 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 257224]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-2 136176]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-03 12:26:13 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{59F9BB98-0F78-485D-B249-70D14C8200DF}\offreg.dll
2012-07-03 12:25:03 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{59F9BB98-0F78-485D-B249-70D14C8200DF}\mpengine.dll
2012-07-02 21:07:40 20480 ----a-w- C:\Windows\svchost.exe
2012-06-29 00:26:40 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-29 00:26:35 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-29 00:26:34 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-29 00:26:34 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-29 00:26:34 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-29 00:26:33 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-29 00:26:32 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-29 00:25:54 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-29 00:25:53 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-26 06:02:13 -------- d-----w- C:\Users\ebhandari\AppData\Local\Vid-Saver
2012-06-26 06:02:12 -------- d-----w- C:\Program Files (x86)\Vid-Saver
2012-06-26 06:02:08 -------- d-----w- C:\Program Files (x86)\BitTorrent
2012-06-26 06:01:29 -------- d-----w- C:\Users\ebhandari\AppData\Roaming\BitTorrent
2012-06-21 15:47:23 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 15:47:05 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 15:46:27 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 15:46:27 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-21 15:40:50 -------- d-----w- C:\ProgramData\BigFix
2012-06-19 19:57:02 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-19 19:57:01 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-19 19:57:01 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-19 19:54:25 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-19 19:46:17 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-19 19:46:17 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-06-19 19:40:34 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-19 19:40:34 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-19 19:40:33 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
.
==================== Find3M ====================
.
2012-06-19 19:39:18 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-19 19:39:18 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-19 17:39:45 94208 ----a-w- C:\Windows\TIRHService.exe
.
============= FINISH: 16:31:14.93 ===============
ATTACH.TXT
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 12/7/2011 1:27:04 PM
System Uptime: 7/2/2012 10:20:55 PM (18 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel® Core i7 CPU M 640 @ 2.80GHz | N/A | 2800/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 348.133 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Lexmark X422
Device ID: ROOT\IMAGE\0000
Manufacturer: Lexmark
Name: Lexmark X422
PNP Device ID: ROOT\IMAGE\0000
Service: usbscan
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter for 64-bit Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter for 64-bit Windows
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP100: 6/21/2012 8:45:19 AM - Windows Update
RP101: 6/26/2012 4:31:28 AM - Windows Update
RP102: 6/28/2012 5:26:52 PM - Windows Update
RP103: 7/3/2012 5:23:42 AM - Windows Update
.
==== Installed Programs ======================
.
.
Adobe Acrobat X Standard - English, Français, Deutsch
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
ROGUEKILLER REPORT
RogueKiller V7.6.2 [07/02/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: ebhandari [Admin rights]
Mode: Scan -- Date: 07/03/2012 16:51:04
¤¤¤ Bad processes: 1 ¤¤¤
[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 4 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : Root.MBR ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS725050A9A360 +++++
--- User ---
[MBR] d602b712dbc5b1ecd1bfb6e8f7a4dec0
[bSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] 889f1cce0160e1126d14d1766f1f7b41
[bSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows 7 MBR Code
Partition table:
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] 889f1cce0160e1126d14d1766f1f7b41
[bSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows 7 MBR Code
Partition table:
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
Finished : << RKreport[1].txt >>
RKreport[1].txt
svchost.exe with random music/radio
in Resolved Malware Removal Logs
Posted
I will work on this today.
Thanks