Ladyrogue
Honorary Members-
Posts
23 -
Joined
-
Last visited
Reputation
0 Neutral-
Okay, everything is cleaned up. I've left feedback and I was wondering if you missed my question up there... Now, I have one more question relating way back to one of your first posts to me. You said that once a computer had been infected with a backdoor it's considered compromised afterwards, even after cleaning it, as we did here. Do you personally feel that is true? I use this to play WoW on and would dislike to have my account compromised. I don't use this for any online banking, just gaming, and as soon as I realized it was infected I changed passwords, while on a clean computer. Bernice
-
Now, I have one more question relating way back to one of your first posts to me. You said that once a computer had been infected with a backdoor it's considered compromised afterwards, even after cleaning it, as we did here. Do you personally feel that is true? I don't use this for any online banking, just gaming, and as soon as I realized it was infected I changed passwords, while on a clean computer. Bernice
-
Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.10.08 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Bernice :: BERNICE-PC [administrator] Protection: Enabled 8/10/2012 10:51:46 PM mbam-log-2012-08-10 (22-51-46).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 208934 Time elapsed: 28 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
-
RogueKiller V7.6.6 [08/10/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User: Bernice [Admin rights] Mode: Scan -- Date: 08/10/2012 22:48:09 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 2 ¤¤¤ [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD64 01AALS-00E8B SCSI Disk Device +++++ --- User --- [MBR] de56085bf42185de9de7ddf70a5ddde3 [bSP] f7e93078e80b07ffdd0bd575fae681f7 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 610378 Mo User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive1: USB2.0 Flash Disk USB Device +++++ --- User --- [MBR] e64970a9a28ec698d6f98018f36970b7 [bSP] 77941ca9d28c9f93d61142f8e2803fb7 : Standard MBR Code Partition table: 0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 123 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
-
Scan result of Farbar Recovery Scan Tool Version: 09-08-2012 Ran by SYSTEM at 10-08-2012 22:34:35 Running from F:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-22] (Realtek Semiconductor) HKLM\...\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-22] (Realtek Semiconductor Corp.) HKLM-x32\...\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL [x] HKLM-x32\...\Run: [CTHelper] CTHELPER.EXE [x] HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [85160 2009-06-17] (Elaborate Bytes AG) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation) HKU\Bernice\...\Run: [DevconDefaultDB] C:\Windows\system32\readreg /PSCONV={NO} /FAIL=1 [x] HKU\Bernice\...\Run: [googletalk] C:\Users\Bernice\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google) Tcpip\Parameters: [DhcpNameServer] 209.206.136.8 207.230.192.251 Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) ==================== Services (Whitelisted) ====== 2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] () 2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation) 3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.) 2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] () ========================== Drivers (Whitelisted) ============= 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation) 3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] () 3 NVNET; C:\Windows\System32\DRIVERS\nvmf6264.sys [339360 2009-04-30] (NVIDIA Corporation) 3 catchme; \??\C:\ComboFix\catchme.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-08-10 20:09 - 2012-08-10 20:09 - 00000000 ____D C:\FRST 2012-08-10 18:15 - 2012-08-10 18:15 - 00019205 ____A C:\ComboFix.txt 2012-08-10 17:49 - 2012-08-10 18:05 - 00000000 ____D C:\TDSSKiller_Quarantine 2012-08-10 17:45 - 2012-08-10 17:46 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Bernice\Desktop\tdsskiller.exe 2012-08-10 17:41 - 2012-08-10 17:41 - 00001650 ____A C:\Users\Bernice\Desktop\RKreport[2].txt 2012-08-10 16:49 - 2012-08-10 18:15 - 00000000 ____D C:\Qoobox 2012-08-10 16:49 - 2012-08-10 16:59 - 00000000 ____D C:\Windows\erdnt 2012-08-10 16:49 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe 2012-08-10 16:49 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe 2012-08-10 16:49 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2012-08-10 16:49 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2012-08-10 16:49 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2012-08-10 16:49 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe 2012-08-10 16:49 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe 2012-08-10 16:49 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe 2012-08-10 16:43 - 2012-08-10 16:43 - 04728003 ____R (Swearware) C:\Users\Bernice\Desktop\ComboFix.exe 2012-08-10 15:47 - 2012-08-10 15:47 - 01439703 ____A (Farbar) C:\Users\Bernice\Downloads\FRST64.exe 2012-08-10 15:35 - 2012-08-10 15:35 - 00001753 ____A C:\Users\Bernice\Desktop\RKreport[1].txt 2012-08-10 15:34 - 2012-08-10 17:41 - 00000000 ____D C:\Users\Bernice\Desktop\RK_Quarantine 2012-08-10 15:33 - 2012-08-10 15:33 - 01558528 ____A C:\Users\Bernice\Desktop\RogueKiller.exe 2012-08-10 15:29 - 2012-08-10 15:28 - 00607260 ____R (Swearware) C:\Users\Bernice\Desktop\dds.com 2012-08-10 15:28 - 2012-08-10 15:27 - 00607260 ____R (Swearware) C:\Users\Bernice\Desktop\dds.scr 2012-08-10 05:13 - 2012-08-10 05:13 - 00001169 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-08-09 17:25 - 2012-08-09 17:25 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2012-08-07 07:21 - 2012-08-07 07:21 - 00001580 ____A C:\Users\Bernice\Desktop\Peanut butter chicken.txt 2012-08-04 16:02 - 2012-08-04 16:02 - 01124103 ____A C:\Users\Bernice\Downloads\DBM-4.10.14-r7705-Core-and-Cataclysm-Mods.zip 2012-08-02 07:05 - 2012-08-02 07:05 - 02294253 ____A C:\Users\Bernice\Downloads\Grail-035.zip 2012-08-02 07:04 - 2012-08-02 07:04 - 00039092 ____A C:\Users\Bernice\Downloads\Wholly-021.zip 2012-07-28 09:31 - 2012-07-28 09:31 - 00165248 ____A (ArenaNet) C:\Users\Bernice\Downloads\GwSetup.exe 2012-07-24 19:28 - 2012-07-24 19:28 - 48351232 ____A C:\Users\Bernice\Downloads\calibre-0.8.61.msi 2012-07-24 05:52 - 2012-07-24 05:52 - 00000000 ____D C:\Windows\Sun ============ 3 Months Modified Files ======================== 2012-08-10 18:32 - 2010-12-20 15:44 - 01206317 ____A C:\Windows\WindowsUpdate.log 2012-08-10 18:20 - 2012-05-04 13:50 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-08-10 18:15 - 2012-08-10 18:15 - 00019205 ____A C:\ComboFix.txt 2012-08-10 18:14 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini 2012-08-10 17:58 - 2009-07-13 20:45 - 00015024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-08-10 17:58 - 2009-07-13 20:45 - 00015024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-08-10 17:56 - 2009-07-13 21:13 - 00726270 ____A C:\Windows\System32\PerfStringBackup.INI 2012-08-10 17:51 - 2009-07-13 21:08 - 00032652 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-08-10 17:51 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-08-10 17:51 - 2009-07-13 20:51 - 00040649 ____A C:\Windows\setupact.log 2012-08-10 17:46 - 2012-08-10 17:45 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Bernice\Desktop\tdsskiller.exe 2012-08-10 17:41 - 2012-08-10 17:41 - 00001650 ____A C:\Users\Bernice\Desktop\RKreport[2].txt 2012-08-10 16:55 - 2011-02-07 16:24 - 00006556 ____A C:\Windows\PFRO.log 2012-08-10 16:43 - 2012-08-10 16:43 - 04728003 ____R (Swearware) C:\Users\Bernice\Desktop\ComboFix.exe 2012-08-10 15:47 - 2012-08-10 15:47 - 01439703 ____A (Farbar) C:\Users\Bernice\Downloads\FRST64.exe 2012-08-10 15:35 - 2012-08-10 15:35 - 00001753 ____A C:\Users\Bernice\Desktop\RKreport[1].txt 2012-08-10 15:33 - 2012-08-10 15:33 - 01558528 ____A C:\Users\Bernice\Desktop\RogueKiller.exe 2012-08-10 15:28 - 2012-08-10 15:29 - 00607260 ____R (Swearware) C:\Users\Bernice\Desktop\dds.com 2012-08-10 15:27 - 2012-08-10 15:28 - 00607260 ____R (Swearware) C:\Users\Bernice\Desktop\dds.scr 2012-08-10 05:13 - 2012-08-10 05:13 - 00001169 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-08-07 07:21 - 2012-08-07 07:21 - 00001580 ____A C:\Users\Bernice\Desktop\Peanut butter chicken.txt 2012-08-04 16:02 - 2012-08-04 16:02 - 01124103 ____A C:\Users\Bernice\Downloads\DBM-4.10.14-r7705-Core-and-Cataclysm-Mods.zip 2012-08-02 22:20 - 2012-05-04 13:50 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-08-02 22:20 - 2011-05-25 15:25 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-08-02 07:05 - 2012-08-02 07:05 - 02294253 ____A C:\Users\Bernice\Downloads\Grail-035.zip 2012-08-02 07:04 - 2012-08-02 07:04 - 00039092 ____A C:\Users\Bernice\Downloads\Wholly-021.zip 2012-07-28 09:31 - 2012-07-28 09:31 - 00165248 ____A (ArenaNet) C:\Users\Bernice\Downloads\GwSetup.exe 2012-07-24 19:31 - 2012-02-12 18:51 - 00001016 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk 2012-07-24 19:28 - 2012-07-24 19:28 - 48351232 ____A C:\Users\Bernice\Downloads\calibre-0.8.61.msi 2012-07-10 23:18 - 2009-07-13 20:45 - 00289152 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-10 23:00 - 2010-12-20 16:26 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-07-10 20:59 - 2012-07-10 20:57 - 108835088 ____A C:\Users\Bernice\Downloads\PRS-T1_Updater_1.0.04.12210(1).exe 2012-07-05 06:21 - 2010-12-26 19:07 - 00540672 __ASH C:\Users\Bernice\Documents\Thumbs.db 2012-07-05 06:17 - 2012-07-05 06:17 - 00011761 ____A C:\Users\Bernice\Documents\Shea.odt 2012-07-03 09:46 - 2011-02-07 06:55 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-06-24 07:10 - 2012-06-24 07:10 - 47520256 ____A C:\Users\Bernice\Downloads\calibre-0.8.57.msi 2012-06-15 03:20 - 2012-06-15 03:19 - 47544304 ____A C:\Users\Bernice\Downloads\calibre-0.8.56.msi 2012-06-11 19:02 - 2012-07-10 23:02 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-08 21:30 - 2012-07-10 21:45 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-08 20:46 - 2012-07-10 21:45 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-06-07 16:25 - 2012-06-07 16:25 - 01124103 ____A C:\Users\Bernice\Downloads\DBM-4.10.12-r7536-Core-and-Cataclysm-Mods.zip 2012-06-07 06:17 - 2012-06-07 06:17 - 00010075 ____A C:\Users\Bernice\Downloads\BittensSpellFlashLibrary-2.11.1.zip 2012-06-06 19:58 - 2012-06-06 19:58 - 00007862 ____A C:\Users\Bernice\Downloads\BittensSpellFlash_Priest-2.1.0.zip 2012-06-06 19:57 - 2012-06-06 19:57 - 00074891 ____A C:\Users\Bernice\Downloads\SpellFlash-5.162.zip 2012-06-05 21:50 - 2012-07-10 21:45 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-05 21:50 - 2012-07-10 21:45 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-05 21:09 - 2012-07-10 21:45 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-06-05 21:09 - 2012-07-10 21:45 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-06-02 14:19 - 2012-06-21 17:49 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 14:19 - 2012-06-21 17:49 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 14:19 - 2012-06-21 17:49 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 14:19 - 2012-06-21 17:49 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 14:19 - 2012-06-21 17:49 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 14:15 - 2012-06-21 17:49 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 14:15 - 2012-06-21 17:49 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 11:19 - 2012-06-21 17:49 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 11:15 - 2012-06-21 17:49 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-01 21:38 - 2012-07-10 21:45 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-06-01 21:38 - 2012-07-10 21:45 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-01 21:37 - 2012-07-10 21:45 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-06-01 21:27 - 2012-07-10 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-01 21:27 - 2012-07-10 21:45 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-06-01 20:48 - 2012-07-10 21:45 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-06-01 20:48 - 2012-07-10 21:45 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-06-01 20:47 - 2012-07-10 21:45 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-06-01 20:42 - 2012-07-10 21:45 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-05-31 08:25 - 2010-12-20 16:04 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2012-05-20 09:15 - 2012-05-20 09:15 - 04720082 ____A (Skylabs) C:\Users\Bernice\Downloads\OCTGN 3.0.1.6.exe 2012-05-14 19:56 - 2012-06-12 15:17 - 01197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-05-14 19:52 - 2012-06-12 15:17 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-05-14 19:08 - 2012-06-12 15:17 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-05-14 19:06 - 2012-06-12 15:17 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-05-14 08:57 - 2012-05-14 08:57 - 00001249 ____A C:\Users\Public\Desktop\Diablo III.lnk 2012-05-14 08:53 - 2012-05-14 08:53 - 32288896 ____A (Blizzard Entertainment) C:\Users\Bernice\Downloads\Diablo-III-Setup-enUS.exe 2012-05-14 06:24 - 2012-05-14 06:24 - 07336648 ____A (Blizzard Entertainment) C:\Users\Bernice\Downloads\Diablo-III-8370-enUS-Installer-downloader(1).exe ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 14% Total physical RAM: 4094.55 MB Available physical RAM: 3494.01 MB Total Pagefile: 4092.7 MB Available Pagefile: 3484.54 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 2 Drive c: () (Fixed) (Total:596.07 GB) (Free:457.34 GB) NTFS 4 Drive f: (FLASH DRIVE) (Removable) (Total:0.12 GB) (Free:0.12 GB) FAT 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 596 GB 0 B Disk 1 Online 123 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 596 GB 101 MB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y System Rese NTFS Partition 100 MB Healthy ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 596 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 123 MB 16 KB ================================================================================== Disk: 1 Partition 1 Type : 06 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F FLASH DRIVE FAT Removable 123 MB Healthy ================================================================================== Last Boot: 2012-08-06 20:59 ======================= End Of Log ========================== arbar Recovery Scan Tool Version: 09-08-2012 Ran by SYSTEM at 2012-08-10 22:38:43 Running from F:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\erdnt\cache64\services.exe [2012-08-10 16:59] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\FRST\Quarantine\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06 ====== End Of Search ====== I'm getting better at this... goes faster
-
ComboFix 12-08-09.01 - Bernice 08/10/2012 22:10:04.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2861 [GMT -4:00] Running from: c:\users\Bernice\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-07-11 to 2012-08-11 ))))))))))))))))))))))))))))))) . . 2012-08-11 04:09 . 2012-08-11 04:09 -------- d-----w- C:\FRST 2012-08-11 02:14 . 2012-08-11 02:14 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-11 02:14 . 2012-08-11 02:14 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2012-08-10 01:25 . 2012-08-10 01:25 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-08-07 07:16 . 2012-08-07 07:16 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B033D555-B4ED-4EDC-9523-66351C4A87D4}\offreg.dll 2012-08-07 07:15 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B033D555-B4ED-4EDC-9523-66351C4A87D4}\mpengine.dll 2012-07-24 13:52 . 2012-07-24 13:52 -------- d-----w- c:\windows\Sun . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-03 06:20 . 2012-05-04 21:50 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-03 06:20 . 2011-05-25 23:25 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-11 07:00 . 2010-12-21 00:26 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-07-03 17:46 . 2011-02-07 14:55 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-12 03:02 . 2012-07-11 07:02 3147264 ----a-w- c:\windows\system32\win32k.sys 2012-06-09 05:30 . 2012-07-11 05:45 14165504 ----a-w- c:\windows\system32\shell32.dll 2012-06-06 05:50 . 2012-07-11 05:45 2003968 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 05:50 . 2012-07-11 05:45 1880064 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 05:09 . 2012-07-11 05:45 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-06-06 05:09 . 2012-07-11 05:45 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-06-02 22:19 . 2012-06-22 01:49 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-22 01:49 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-22 01:49 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-22 01:49 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-22 01:49 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-22 01:49 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-22 01:49 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 19:19 . 2012-06-22 01:49 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 19:15 . 2012-06-22 01:49 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 05:38 . 2012-07-11 05:45 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 05:38 . 2012-07-11 05:45 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 05:37 . 2012-07-11 05:45 459216 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 05:27 . 2012-07-11 05:45 340992 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 05:27 . 2012-07-11 05:45 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-06-02 04:48 . 2012-07-11 05:45 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-06-02 04:48 . 2012-07-11 05:45 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-06-02 04:47 . 2012-07-11 05:45 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-06-02 04:42 . 2012-07-11 05:45 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2012-05-31 16:25 . 2010-12-21 00:04 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-05-15 03:56 . 2012-06-12 23:17 1197568 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 03:52 . 2012-06-12 23:17 64512 ----a-w- c:\windows\system32\jsproxy.dll 2012-05-15 03:08 . 2012-06-12 23:17 981504 ----a-w- c:\windows\SysWow64\wininet.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-08-11_00.56.29 ))))))))))))))))))))))))))))))))))))))))) . + 2012-07-18 00:27 . 2012-08-11 01:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2012-07-18 00:27 . 2012-08-11 00:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2012-07-18 00:27 . 2012-08-11 00:38 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat + 2012-07-18 00:27 . 2012-08-11 01:37 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat + 2010-12-21 00:10 . 2012-08-11 01:53 27862 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-08-11 01:53 37674 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-12-21 00:01 . 2012-08-11 01:53 10384 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3792743543-1171466682-3431947034-1001_UserData.bin - 2010-12-21 15:42 . 2012-08-10 01:15 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-12-21 15:42 . 2012-08-11 00:59 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-12-21 15:42 . 2012-08-10 01:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-12-21 15:42 . 2012-08-11 00:59 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-08-10 01:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-08-11 00:59 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-12-20 23:52 . 2012-08-11 00:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-12-20 23:52 . 2012-08-11 01:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-12-20 23:52 . 2012-08-11 01:52 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-12-20 23:52 . 2012-08-11 00:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-12-20 23:52 . 2012-08-11 00:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-12-20 23:52 . 2012-08-11 01:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-12-20 23:52 . 2012-08-11 02:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-12-20 23:52 . 2012-08-11 00:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-12-20 23:52 . 2012-08-11 02:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-12-20 23:52 . 2012-08-11 00:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-01-02 21:17 . 2012-08-10 13:21 4152 c:\windows\system32\wdi\ERCQueuedResolutions.dat + 2011-01-02 21:17 . 2012-08-11 01:35 4152 c:\windows\system32\wdi\ERCQueuedResolutions.dat + 2012-08-11 01:51 . 2012-08-11 01:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-08-11 00:56 . 2012-08-11 00:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-08-11 01:51 . 2012-08-11 01:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 04:54 . 2012-08-11 01:37 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-08-11 00:57 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-08-11 01:37 933888 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 02:36 . 2012-08-11 01:56 624162 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-08-11 00:41 624162 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-08-11 01:56 106538 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-08-11 00:41 106538 c:\windows\system32\perfc009.dat - 2009-07-14 05:01 . 2012-08-11 00:55 274392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-08-11 01:51 274392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 04:54 . 2012-08-11 00:57 2637824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-08-11 01:37 2637824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 02:34 . 2012-08-10 01:28 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2009-07-14 02:34 . 2012-08-11 02:04 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2011-03-09 08:16 . 2012-08-11 01:51 39228664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3792743543-1171466682-3431947034-1001-8192.dat - 2011-03-09 08:16 . 2012-08-11 00:55 39228664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3792743543-1171466682-3431947034-1001-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DevconDefaultDB"="c:\windows\system32\readreg" [X] "googletalk"="c:\users\Bernice\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AsioThk32Reg"="CTASIO.DLL" [2010-03-19 47104] "CTHelper"="CTHELPER.EXE" [2010-03-19 19456] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056] R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2010-03-19 158808] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-12-21 79360] R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2010-03-19 706648] R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2010-03-19 141912] R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2010-03-19 141912] R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2010-03-19 681048] R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-21 1255736] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256] S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2010-03-19 158808] S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2010-03-19 706648] S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2010-03-19 681048] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 27524474 *Deregistered* - 27524474 . Contents of the 'Scheduled Tasks' folder . 2012-08-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 06:20] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-23 7833120] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-23 1833504] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 LSP: %SYSTEMROOT%\system32\nvLsp.dll TCP: DhcpNameServer = 209.206.136.8 207.230.192.251 FF - ProfilePath - c:\users\Bernice\AppData\Roaming\Mozilla\Firefox\Profiles\r60pnj1e.default\ FF - prefs.js: browser.startup.homepage - about:blank FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-08-10 22:15:32 ComboFix-quarantined-files.txt 2012-08-11 02:15 ComboFix2.txt 2012-08-11 01:00 . Pre-Run: 491,014,553,600 bytes free Post-Run: 490,952,941,568 bytes free . - - End Of File - - EC280633042C5C0D78E4F0DB9A9CFD2C
-
I don't see an option on here to attach files, so I'm sorry, but gonna paste again, as I have done all along. 22:03:58.0968 2352 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32 22:03:59.0482 2352 ============================================================ 22:03:59.0482 2352 Current date / time: 2012/08/10 22:03:59.0482 22:03:59.0482 2352 SystemInfo: 22:03:59.0482 2352 22:03:59.0482 2352 OS Version: 6.1.7600 ServicePack: 0.0 22:03:59.0482 2352 Product type: Workstation 22:03:59.0482 2352 ComputerName: BERNICE-PC 22:03:59.0482 2352 UserName: Bernice 22:03:59.0482 2352 Windows directory: C:\Windows 22:03:59.0482 2352 System windows directory: C:\Windows 22:03:59.0482 2352 Running under WOW64 22:03:59.0482 2352 Processor architecture: Intel x64 22:03:59.0482 2352 Number of processors: 2 22:03:59.0482 2352 Page size: 0x1000 22:03:59.0482 2352 Boot type: Normal boot 22:03:59.0482 2352 ============================================================ 22:04:00.0262 2352 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x14301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040 22:04:00.0262 2352 Drive \Device\Harddisk1\DR1 - Size: 0x7B60000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 22:04:00.0262 2352 ============================================================ 22:04:00.0262 2352 \Device\Harddisk0\DR0: 22:04:00.0262 2352 MBR partitions: 22:04:00.0262 2352 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 22:04:00.0262 2352 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4A825000 22:04:00.0262 2352 \Device\Harddisk1\DR1: 22:04:00.0262 2352 MBR partitions: 22:04:00.0262 2352 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3DAE0 22:04:00.0262 2352 ============================================================ 22:04:00.0294 2352 C: <-> \Device\Harddisk0\DR0\Partition1 22:04:00.0294 2352 ============================================================ 22:04:00.0294 2352 Initialize success 22:04:00.0294 2352 ============================================================ 22:04:07.0594 2140 ============================================================ 22:04:07.0594 2140 Scan started 22:04:07.0594 2140 Mode: Manual; SigCheck; TDLFS; 22:04:07.0594 2140 ============================================================ 22:04:08.0125 2140 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 22:04:08.0218 2140 1394ohci - ok 22:04:08.0250 2140 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 22:04:08.0265 2140 ACPI - ok 22:04:08.0265 2140 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 22:04:08.0328 2140 AcpiPmi - ok 22:04:08.0390 2140 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 22:04:08.0406 2140 AdobeARMservice - ok 22:04:08.0499 2140 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 22:04:08.0515 2140 AdobeFlashPlayerUpdateSvc - ok 22:04:08.0562 2140 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 22:04:08.0577 2140 adp94xx - ok 22:04:08.0624 2140 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 22:04:08.0624 2140 adpahci - ok 22:04:08.0640 2140 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 22:04:08.0655 2140 adpu320 - ok 22:04:08.0671 2140 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 22:04:08.0780 2140 AeLookupSvc - ok 22:04:08.0827 2140 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys 22:04:08.0874 2140 AFD - ok 22:04:08.0889 2140 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 22:04:08.0905 2140 agp440 - ok 22:04:08.0920 2140 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 22:04:08.0967 2140 ALG - ok 22:04:08.0983 2140 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 22:04:08.0983 2140 aliide - ok 22:04:08.0998 2140 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 22:04:08.0998 2140 amdide - ok 22:04:09.0014 2140 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 22:04:09.0045 2140 AmdK8 - ok 22:04:09.0045 2140 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 22:04:09.0061 2140 AmdPPM - ok 22:04:09.0092 2140 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys 22:04:09.0108 2140 amdsata - ok 22:04:09.0123 2140 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 22:04:09.0139 2140 amdsbs - ok 22:04:09.0154 2140 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys 22:04:09.0154 2140 amdxata - ok 22:04:09.0186 2140 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 22:04:09.0232 2140 AppID - ok 22:04:09.0248 2140 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 22:04:09.0279 2140 AppIDSvc - ok 22:04:09.0295 2140 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll 22:04:09.0310 2140 Appinfo - ok 22:04:09.0342 2140 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 22:04:09.0342 2140 arc - ok 22:04:09.0357 2140 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 22:04:09.0373 2140 arcsas - ok 22:04:09.0373 2140 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 22:04:09.0404 2140 AsyncMac - ok 22:04:09.0420 2140 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 22:04:09.0435 2140 atapi - ok 22:04:09.0466 2140 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 22:04:09.0498 2140 AudioEndpointBuilder - ok 22:04:09.0513 2140 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 22:04:09.0544 2140 AudioSrv - ok 22:04:09.0560 2140 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll 22:04:09.0576 2140 AxInstSV - ok 22:04:09.0622 2140 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 22:04:09.0654 2140 b06bdrv - ok 22:04:09.0685 2140 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 22:04:09.0716 2140 b57nd60a - ok 22:04:09.0747 2140 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 22:04:09.0778 2140 BDESVC - ok 22:04:09.0778 2140 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 22:04:09.0825 2140 Beep - ok 22:04:09.0856 2140 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll 22:04:09.0903 2140 BFE - ok 22:04:09.0919 2140 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 22:04:09.0950 2140 blbdrive - ok 22:04:09.0966 2140 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 22:04:09.0981 2140 bowser - ok 22:04:09.0997 2140 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 22:04:10.0012 2140 BrFiltLo - ok 22:04:10.0012 2140 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 22:04:10.0028 2140 BrFiltUp - ok 22:04:10.0153 2140 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 22:04:10.0184 2140 BridgeMP - ok 22:04:10.0215 2140 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll 22:04:10.0246 2140 Browser - ok 22:04:10.0262 2140 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 22:04:10.0293 2140 Brserid - ok 22:04:10.0309 2140 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 22:04:10.0324 2140 BrSerWdm - ok 22:04:10.0324 2140 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 22:04:10.0340 2140 BrUsbMdm - ok 22:04:10.0340 2140 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 22:04:10.0371 2140 BrUsbSer - ok 22:04:10.0387 2140 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 22:04:10.0402 2140 BTHMODEM - ok 22:04:10.0434 2140 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 22:04:10.0465 2140 bthserv - ok 22:04:10.0465 2140 catchme - ok 22:04:10.0480 2140 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 22:04:10.0512 2140 cdfs - ok 22:04:10.0543 2140 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 22:04:10.0558 2140 cdrom - ok 22:04:10.0574 2140 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 22:04:10.0605 2140 CertPropSvc - ok 22:04:10.0621 2140 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 22:04:10.0636 2140 circlass - ok 22:04:10.0652 2140 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 22:04:10.0668 2140 CLFS - ok 22:04:10.0714 2140 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 22:04:10.0730 2140 clr_optimization_v2.0.50727_32 - ok 22:04:10.0777 2140 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 22:04:10.0792 2140 clr_optimization_v2.0.50727_64 - ok 22:04:10.0839 2140 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 22:04:10.0839 2140 clr_optimization_v4.0.30319_32 - ok 22:04:10.0870 2140 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 22:04:10.0870 2140 clr_optimization_v4.0.30319_64 - ok 22:04:10.0902 2140 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 22:04:10.0917 2140 CmBatt - ok 22:04:10.0933 2140 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 22:04:10.0948 2140 cmdide - ok 22:04:10.0980 2140 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys 22:04:10.0995 2140 CNG - ok 22:04:11.0026 2140 COMMONFX (f38acff40e9edc2b3476edd724cea4a0) C:\Windows\system32\drivers\COMMONFX.SYS 22:04:11.0042 2140 COMMONFX - ok 22:04:11.0042 2140 COMMONFX.SYS (f38acff40e9edc2b3476edd724cea4a0) C:\Windows\System32\drivers\COMMONFX.SYS 22:04:11.0042 2140 COMMONFX.SYS - ok 22:04:11.0058 2140 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 22:04:11.0073 2140 Compbatt - ok 22:04:11.0073 2140 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 22:04:11.0104 2140 CompositeBus - ok 22:04:11.0104 2140 COMSysApp - ok 22:04:11.0136 2140 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys 22:04:11.0136 2140 cpuz135 - ok 22:04:11.0151 2140 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 22:04:11.0167 2140 crcdisk - ok 22:04:11.0198 2140 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe 22:04:11.0214 2140 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning 22:04:11.0214 2140 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1) 22:04:11.0245 2140 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll 22:04:11.0276 2140 CryptSvc - ok 22:04:11.0307 2140 ctac32k (095c566746217cd1482ede40a70d87d2) C:\Windows\system32\drivers\ctac32k.sys 22:04:11.0323 2140 ctac32k - ok 22:04:11.0370 2140 ctaud2k (157e2196fccd002a2edf3b06df7b0c9a) C:\Windows\system32\drivers\ctaud2k.sys 22:04:11.0385 2140 ctaud2k - ok 22:04:11.0416 2140 CTAUDFX (17979ee857e930cbfdf24a12e89d77a1) C:\Windows\system32\drivers\CTAUDFX.SYS 22:04:11.0432 2140 CTAUDFX - ok 22:04:11.0432 2140 CTAUDFX.SYS (17979ee857e930cbfdf24a12e89d77a1) C:\Windows\System32\drivers\CTAUDFX.SYS 22:04:11.0448 2140 CTAUDFX.SYS - ok 22:04:11.0479 2140 CTAudSvcService (5ce3d0e1d1b3832ee052cfc442eee0fa) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe 22:04:11.0494 2140 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning 22:04:11.0494 2140 CTAudSvcService - detected UnsignedFile.Multi.Generic (1) 22:04:11.0510 2140 CTERFXFX (fe3eae37536c02d087e5c5d339663779) C:\Windows\system32\drivers\CTERFXFX.SYS 22:04:11.0526 2140 CTERFXFX - ok 22:04:11.0526 2140 CTERFXFX.SYS (fe3eae37536c02d087e5c5d339663779) C:\Windows\System32\drivers\CTERFXFX.SYS 22:04:11.0541 2140 CTERFXFX.SYS - ok 22:04:11.0541 2140 ctprxy2k (4e4fdab4a7cf5af56e3fa1fe35e8ad3c) C:\Windows\system32\drivers\ctprxy2k.sys 22:04:11.0557 2140 ctprxy2k - ok 22:04:11.0588 2140 CTSBLFX (4a7de2e30b2b9253933a157401ec76d5) C:\Windows\system32\drivers\CTSBLFX.SYS 22:04:11.0604 2140 CTSBLFX - ok 22:04:11.0604 2140 CTSBLFX.SYS (4a7de2e30b2b9253933a157401ec76d5) C:\Windows\System32\drivers\CTSBLFX.SYS 22:04:11.0619 2140 CTSBLFX.SYS - ok 22:04:11.0635 2140 ctsfm2k (065ade032a044d518ab1407d3586b7d5) C:\Windows\system32\drivers\ctsfm2k.sys 22:04:11.0650 2140 ctsfm2k - ok 22:04:11.0697 2140 DAUpdaterSvc (80861969541971176e005d2c09dae851) C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe 22:04:11.0697 2140 DAUpdaterSvc - ok 22:04:11.0744 2140 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 22:04:11.0775 2140 DcomLaunch - ok 22:04:11.0822 2140 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 22:04:11.0853 2140 defragsvc - ok 22:04:11.0869 2140 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys 22:04:11.0916 2140 DfsC - ok 22:04:11.0947 2140 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll 22:04:11.0994 2140 Dhcp - ok 22:04:11.0994 2140 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 22:04:12.0040 2140 discache - ok 22:04:12.0056 2140 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 22:04:12.0072 2140 Disk - ok 22:04:12.0103 2140 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll 22:04:12.0118 2140 Dnscache - ok 22:04:12.0150 2140 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll 22:04:12.0181 2140 dot3svc - ok 22:04:12.0196 2140 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll 22:04:12.0228 2140 DPS - ok 22:04:12.0259 2140 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 22:04:12.0274 2140 drmkaud - ok 22:04:12.0337 2140 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys 22:04:12.0352 2140 DXGKrnl - ok 22:04:12.0368 2140 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 22:04:12.0399 2140 EapHost - ok 22:04:12.0571 2140 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 22:04:12.0633 2140 ebdrv - ok 22:04:12.0711 2140 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe 22:04:12.0742 2140 EFS - ok 22:04:12.0805 2140 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe 22:04:12.0820 2140 ehRecvr - ok 22:04:12.0852 2140 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 22:04:12.0852 2140 ehSched - ok 22:04:12.0898 2140 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys 22:04:12.0914 2140 ElbyCDIO - ok 22:04:12.0945 2140 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 22:04:12.0976 2140 elxstor - ok 22:04:12.0992 2140 emupia (f380ff5d6d80cecc6dbbc15569757613) C:\Windows\system32\drivers\emupia2k.sys 22:04:13.0008 2140 emupia - ok 22:04:13.0008 2140 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 22:04:13.0039 2140 ErrDev - ok 22:04:13.0070 2140 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 22:04:13.0101 2140 EventSystem - ok 22:04:13.0132 2140 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 22:04:13.0148 2140 exfat - ok 22:04:13.0179 2140 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 22:04:13.0210 2140 fastfat - ok 22:04:13.0273 2140 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe 22:04:13.0320 2140 Fax - ok 22:04:13.0335 2140 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 22:04:13.0351 2140 fdc - ok 22:04:13.0366 2140 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 22:04:13.0382 2140 fdPHost - ok 22:04:13.0398 2140 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 22:04:13.0429 2140 FDResPub - ok 22:04:13.0460 2140 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 22:04:13.0460 2140 FileInfo - ok 22:04:13.0476 2140 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 22:04:13.0507 2140 Filetrace - ok 22:04:13.0522 2140 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 22:04:13.0538 2140 flpydisk - ok 22:04:13.0554 2140 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 22:04:13.0569 2140 FltMgr - ok 22:04:13.0632 2140 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll 22:04:13.0678 2140 FontCache - ok 22:04:13.0725 2140 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 22:04:13.0741 2140 FontCache3.0.0.0 - ok 22:04:13.0834 2140 ForceWare Intelligent Application Manager (IAM) (a9ff65ea14e4cabfcc1bb8ece111a249) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe 22:04:13.0850 2140 ForceWare Intelligent Application Manager (IAM) - ok 22:04:13.0897 2140 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 22:04:13.0912 2140 FsDepends - ok 22:04:13.0928 2140 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys 22:04:13.0944 2140 Fs_Rec - ok 22:04:13.0975 2140 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 22:04:13.0990 2140 fvevol - ok 22:04:13.0990 2140 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 22:04:14.0006 2140 gagp30kx - ok 22:04:14.0068 2140 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll 22:04:14.0100 2140 gpsvc - ok 22:04:14.0146 2140 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 22:04:14.0146 2140 gusvc - ok 22:04:14.0224 2140 ha10kx2k (82b68f585110ae8500a6d23623ae1f74) C:\Windows\system32\drivers\ha10kx2k.sys 22:04:14.0256 2140 ha10kx2k - ok 22:04:14.0318 2140 hap16v2k (83f647f9ace9192556f758e528024f68) C:\Windows\system32\drivers\hap16v2k.sys 22:04:14.0334 2140 hap16v2k - ok 22:04:14.0349 2140 hap17v2k (e815d29361de89d24c8dbe3e5a7006c9) C:\Windows\system32\drivers\hap17v2k.sys 22:04:14.0365 2140 hap17v2k - ok 22:04:14.0380 2140 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 22:04:14.0412 2140 hcw85cir - ok 22:04:14.0458 2140 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 22:04:14.0474 2140 HdAudAddService - ok 22:04:14.0505 2140 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 22:04:14.0521 2140 HDAudBus - ok 22:04:14.0521 2140 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 22:04:14.0536 2140 HidBatt - ok 22:04:14.0568 2140 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 22:04:14.0583 2140 HidBth - ok 22:04:14.0599 2140 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 22:04:14.0614 2140 HidIr - ok 22:04:14.0646 2140 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 22:04:14.0677 2140 hidserv - ok 22:04:14.0677 2140 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 22:04:14.0708 2140 HidUsb - ok 22:04:14.0724 2140 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll 22:04:14.0755 2140 hkmsvc - ok 22:04:14.0770 2140 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll 22:04:14.0802 2140 HomeGroupListener - ok 22:04:14.0817 2140 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll 22:04:14.0848 2140 HomeGroupProvider - ok 22:04:14.0864 2140 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 22:04:14.0880 2140 HpSAMD - ok 22:04:14.0958 2140 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 22:04:14.0989 2140 HTTP - ok 22:04:15.0004 2140 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 22:04:15.0004 2140 hwpolicy - ok 22:04:15.0036 2140 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 22:04:15.0051 2140 i8042prt - ok 22:04:15.0082 2140 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys 22:04:15.0098 2140 iaStorV - ok 22:04:15.0192 2140 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 22:04:15.0207 2140 idsvc - ok 22:04:15.0223 2140 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 22:04:15.0223 2140 iirsp - ok 22:04:15.0301 2140 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll 22:04:15.0348 2140 IKEEXT - ok 22:04:15.0441 2140 IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys 22:04:15.0457 2140 IntcAzAudAddService - ok 22:04:15.0519 2140 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 22:04:15.0535 2140 intelide - ok 22:04:15.0550 2140 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 22:04:15.0566 2140 intelppm - ok 22:04:15.0582 2140 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 22:04:15.0613 2140 IPBusEnum - ok 22:04:15.0628 2140 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 22:04:15.0660 2140 IpFilterDriver - ok 22:04:15.0722 2140 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll 22:04:15.0753 2140 iphlpsvc - ok 22:04:15.0769 2140 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 22:04:15.0784 2140 IPMIDRV - ok 22:04:15.0800 2140 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 22:04:15.0831 2140 IPNAT - ok 22:04:15.0862 2140 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 22:04:15.0862 2140 IRENUM - ok 22:04:15.0878 2140 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 22:04:15.0894 2140 isapnp - ok 22:04:15.0925 2140 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 22:04:15.0940 2140 iScsiPrt - ok 22:04:15.0956 2140 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 22:04:15.0956 2140 kbdclass - ok 22:04:15.0987 2140 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 22:04:16.0003 2140 kbdhid - ok 22:04:16.0034 2140 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 22:04:16.0050 2140 KeyIso - ok 22:04:16.0081 2140 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys 22:04:16.0081 2140 KSecDD - ok 22:04:16.0096 2140 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys 22:04:16.0112 2140 KSecPkg - ok 22:04:16.0128 2140 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 22:04:16.0159 2140 ksthunk - ok 22:04:16.0174 2140 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 22:04:16.0221 2140 KtmRm - ok 22:04:16.0252 2140 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll 22:04:16.0268 2140 LanmanServer - ok 22:04:16.0299 2140 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll 22:04:16.0346 2140 LanmanWorkstation - ok 22:04:16.0377 2140 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 22:04:16.0393 2140 lltdio - ok 22:04:16.0424 2140 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 22:04:16.0455 2140 lltdsvc - ok 22:04:16.0455 2140 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 22:04:16.0486 2140 lmhosts - ok 22:04:16.0518 2140 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 22:04:16.0518 2140 LSI_FC - ok 22:04:16.0533 2140 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 22:04:16.0533 2140 LSI_SAS - ok 22:04:16.0549 2140 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 22:04:16.0549 2140 LSI_SAS2 - ok 22:04:16.0564 2140 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 22:04:16.0580 2140 LSI_SCSI - ok 22:04:16.0596 2140 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 22:04:16.0627 2140 luafv - ok 22:04:16.0642 2140 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys 22:04:16.0642 2140 MBAMProtector - ok 22:04:16.0705 2140 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 22:04:16.0720 2140 MBAMService - ok 22:04:16.0752 2140 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe 22:04:16.0767 2140 McComponentHostService - ok 22:04:16.0783 2140 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll 22:04:16.0814 2140 Mcx2Svc - ok 22:04:16.0830 2140 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 22:04:16.0830 2140 megasas - ok 22:04:16.0861 2140 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 22:04:16.0861 2140 MegaSR - ok 22:04:16.0892 2140 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 22:04:16.0923 2140 MMCSS - ok 22:04:16.0939 2140 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 22:04:16.0954 2140 Modem - ok 22:04:16.0986 2140 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 22:04:17.0001 2140 monitor - ok 22:04:17.0017 2140 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 22:04:17.0032 2140 mouclass - ok 22:04:17.0048 2140 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 22:04:17.0064 2140 mouhid - ok 22:04:17.0079 2140 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 22:04:17.0095 2140 mountmgr - ok 22:04:17.0142 2140 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 22:04:17.0142 2140 MozillaMaintenance - ok 22:04:17.0157 2140 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 22:04:17.0173 2140 mpio - ok 22:04:17.0188 2140 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 22:04:17.0204 2140 mpsdrv - ok 22:04:17.0266 2140 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll 22:04:17.0313 2140 MpsSvc - ok 22:04:17.0329 2140 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 22:04:17.0344 2140 MRxDAV - ok 22:04:17.0376 2140 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys 22:04:17.0391 2140 mrxsmb - ok 22:04:17.0422 2140 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys 22:04:17.0438 2140 mrxsmb10 - ok 22:04:17.0454 2140 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys 22:04:17.0485 2140 mrxsmb20 - ok 22:04:17.0500 2140 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 22:04:17.0516 2140 msahci - ok 22:04:17.0532 2140 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 22:04:17.0532 2140 msdsm - ok 22:04:17.0547 2140 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 22:04:17.0578 2140 MSDTC - ok 22:04:17.0594 2140 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 22:04:17.0625 2140 Msfs - ok 22:04:17.0625 2140 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 22:04:17.0672 2140 mshidkmdf - ok 22:04:17.0688 2140 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 22:04:17.0688 2140 msisadrv - ok 22:04:17.0719 2140 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 22:04:17.0734 2140 MSiSCSI - ok 22:04:17.0734 2140 msiserver - ok 22:04:17.0750 2140 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 22:04:17.0781 2140 MSKSSRV - ok 22:04:17.0797 2140 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 22:04:17.0828 2140 MSPCLOCK - ok 22:04:17.0828 2140 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 22:04:17.0859 2140 MSPQM - ok 22:04:17.0890 2140 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 22:04:17.0906 2140 MsRPC - ok 22:04:17.0922 2140 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 22:04:17.0922 2140 mssmbios - ok 22:04:17.0937 2140 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 22:04:17.0984 2140 MSTEE - ok 22:04:17.0984 2140 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 22:04:18.0000 2140 MTConfig - ok 22:04:18.0031 2140 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys 22:04:18.0062 2140 MTsensor - ok 22:04:18.0078 2140 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 22:04:18.0093 2140 Mup - ok 22:04:18.0124 2140 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll 22:04:18.0171 2140 napagent - ok 22:04:18.0202 2140 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 22:04:18.0234 2140 NativeWifiP - ok 22:04:18.0280 2140 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 22:04:18.0312 2140 NDIS - ok 22:04:18.0327 2140 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 22:04:18.0358 2140 NdisCap - ok 22:04:18.0358 2140 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 22:04:18.0390 2140 NdisTapi - ok 22:04:18.0405 2140 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 22:04:18.0421 2140 Ndisuio - ok 22:04:18.0436 2140 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 22:04:18.0468 2140 NdisWan - ok 22:04:18.0468 2140 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 22:04:18.0499 2140 NDProxy - ok 22:04:18.0514 2140 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 22:04:18.0561 2140 NetBIOS - ok 22:04:18.0577 2140 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 22:04:18.0624 2140 NetBT - ok 22:04:18.0639 2140 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 22:04:18.0655 2140 Netlogon - ok 22:04:18.0686 2140 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 22:04:18.0717 2140 Netman - ok 22:04:18.0748 2140 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 22:04:18.0795 2140 netprofm - ok 22:04:18.0842 2140 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 22:04:18.0842 2140 NetTcpPortSharing - ok 22:04:18.0858 2140 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 22:04:18.0858 2140 nfrd960 - ok 22:04:18.0889 2140 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll 22:04:18.0920 2140 NlaSvc - ok 22:04:18.0936 2140 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 22:04:18.0967 2140 Npfs - ok 22:04:18.0967 2140 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 22:04:18.0998 2140 nsi - ok 22:04:19.0014 2140 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 22:04:19.0029 2140 nsiproxy - ok 22:04:19.0092 2140 nSvcIp (c04f5def37e55f6a34428b050f44d3d6) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe 22:04:19.0107 2140 nSvcIp - ok 22:04:19.0185 2140 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys 22:04:19.0232 2140 Ntfs - ok 22:04:19.0310 2140 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 22:04:19.0341 2140 Null - ok 22:04:19.0388 2140 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys 22:04:19.0419 2140 NVENETFD - ok 22:04:19.0981 2140 nvlddmkm (bbe872a814b00798c2d568d46c42a71b) C:\Windows\system32\DRIVERS\nvlddmkm.sys 22:04:20.0121 2140 nvlddmkm - ok 22:04:20.0199 2140 NVNET (956a1f47826514c1ea0c295fe13c7377) C:\Windows\system32\DRIVERS\nvmf6264.sys 22:04:20.0215 2140 NVNET - ok 22:04:20.0230 2140 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys 22:04:20.0246 2140 nvraid - ok 22:04:20.0262 2140 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys 22:04:20.0277 2140 nvstor - ok 22:04:20.0293 2140 nvstor64 (7c7eef51979658ce15bbc04f96a77d56) C:\Windows\system32\DRIVERS\nvstor64.sys 22:04:20.0293 2140 nvstor64 - ok 22:04:20.0371 2140 NVSvc (0393e59488c67f704336f3ff06e2b7bd) C:\Windows\system32\nvvsvc.exe 22:04:20.0386 2140 NVSvc - ok 22:04:20.0402 2140 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 22:04:20.0418 2140 nv_agp - ok 22:04:20.0418 2140 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 22:04:20.0449 2140 ohci1394 - ok 22:04:20.0464 2140 ossrv (85ea378116e2c4385993ba5124536ffc) C:\Windows\system32\drivers\ctoss2k.sys 22:04:20.0464 2140 ossrv - ok 22:04:20.0511 2140 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 22:04:20.0527 2140 p2pimsvc - ok 22:04:20.0558 2140 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 22:04:20.0574 2140 p2psvc - ok 22:04:20.0589 2140 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 22:04:20.0605 2140 Parport - ok 22:04:20.0636 2140 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys 22:04:20.0636 2140 partmgr - ok 22:04:20.0652 2140 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 22:04:20.0683 2140 PcaSvc - ok 22:04:20.0683 2140 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 22:04:20.0698 2140 pci - ok 22:04:20.0714 2140 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 22:04:20.0714 2140 pciide - ok 22:04:20.0745 2140 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 22:04:20.0745 2140 pcmcia - ok 22:04:20.0761 2140 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 22:04:20.0776 2140 pcw - ok 22:04:20.0808 2140 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 22:04:20.0854 2140 PEAUTH - ok 22:04:20.0917 2140 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 22:04:20.0932 2140 PerfHost - ok 22:04:21.0010 2140 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll 22:04:21.0057 2140 pla - ok 22:04:21.0088 2140 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll 22:04:21.0120 2140 PlugPlay - ok 22:04:21.0135 2140 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 22:04:21.0151 2140 PNRPAutoReg - ok 22:04:21.0166 2140 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 22:04:21.0182 2140 PNRPsvc - ok 22:04:21.0229 2140 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll 22:04:21.0260 2140 PolicyAgent - ok 22:04:21.0291 2140 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 22:04:21.0322 2140 Power - ok 22:04:21.0369 2140 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 22:04:21.0400 2140 PptpMiniport - ok 22:04:21.0416 2140 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 22:04:21.0432 2140 Processor - ok 22:04:21.0463 2140 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll 22:04:21.0494 2140 ProfSvc - ok 22:04:21.0525 2140 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 22:04:21.0541 2140 ProtectedStorage - ok 22:04:21.0556 2140 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 22:04:21.0572 2140 Psched - ok 22:04:21.0650 2140 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 22:04:21.0681 2140 ql2300 - ok 22:04:21.0759 2140 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 22:04:21.0759 2140 ql40xx - ok 22:04:21.0790 2140 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 22:04:21.0806 2140 QWAVE - ok 22:04:21.0822 2140 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 22:04:21.0837 2140 QWAVEdrv - ok 22:04:21.0853 2140 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 22:04:21.0868 2140 RasAcd - ok 22:04:21.0900 2140 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 22:04:21.0946 2140 RasAgileVpn - ok 22:04:21.0962 2140 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 22:04:22.0009 2140 RasAuto - ok 22:04:22.0024 2140 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 22:04:22.0056 2140 Rasl2tp - ok 22:04:22.0087 2140 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll 22:04:22.0118 2140 RasMan - ok 22:04:22.0134 2140 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 22:04:22.0165 2140 RasPppoe - ok 22:04:22.0180 2140 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 22:04:22.0212 2140 RasSstp - ok 22:04:22.0243 2140 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 22:04:22.0274 2140 rdbss - ok 22:04:22.0290 2140 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 22:04:22.0305 2140 rdpbus - ok 22:04:22.0321 2140 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 22:04:22.0336 2140 RDPCDD - ok 22:04:22.0352 2140 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 22:04:22.0383 2140 RDPENCDD - ok 22:04:22.0399 2140 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 22:04:22.0430 2140 RDPREFMP - ok 22:04:22.0446 2140 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys 22:04:22.0477 2140 RDPWD - ok 22:04:22.0492 2140 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 22:04:22.0508 2140 rdyboost - ok 22:04:22.0539 2140 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 22:04:22.0570 2140 RemoteAccess - ok 22:04:22.0602 2140 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 22:04:22.0633 2140 RemoteRegistry - ok 22:04:22.0648 2140 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 22:04:22.0680 2140 RpcEptMapper - ok 22:04:22.0695 2140 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 22:04:22.0711 2140 RpcLocator - ok 22:04:22.0742 2140 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 22:04:22.0773 2140 RpcSs - ok 22:04:22.0789 2140 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 22:04:22.0820 2140 rspndr - ok 22:04:22.0851 2140 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 22:04:22.0867 2140 SamSs - ok 22:04:22.0867 2140 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 22:04:22.0882 2140 sbp2port - ok 22:04:22.0898 2140 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 22:04:22.0945 2140 SCardSvr - ok 22:04:22.0960 2140 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 22:04:22.0992 2140 scfilter - ok 22:04:23.0070 2140 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll 22:04:23.0101 2140 Schedule - ok 22:04:23.0116 2140 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 22:04:23.0148 2140 SCPolicySvc - ok 22:04:23.0163 2140 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll 22:04:23.0194 2140 SDRSVC - ok 22:04:23.0226 2140 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 22:04:23.0257 2140 secdrv - ok 22:04:23.0272 2140 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll 22:04:23.0304 2140 seclogon - ok 22:04:23.0319 2140 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 22:04:23.0350 2140 SENS - ok 22:04:23.0366 2140 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 22:04:23.0382 2140 SensrSvc - ok 22:04:23.0397 2140 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 22:04:23.0413 2140 Serenum - ok 22:04:23.0444 2140 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 22:04:23.0460 2140 Serial - ok 22:04:23.0475 2140 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 22:04:23.0475 2140 sermouse - ok 22:04:23.0491 2140 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll 22:04:23.0522 2140 SessionEnv - ok 22:04:23.0538 2140 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 22:04:23.0553 2140 sffdisk - ok 22:04:23.0553 2140 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 22:04:23.0569 2140 sffp_mmc - ok 22:04:23.0584 2140 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys 22:04:23.0584 2140 sffp_sd - ok 22:04:23.0600 2140 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 22:04:23.0616 2140 sfloppy - ok 22:04:23.0662 2140 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 22:04:23.0709 2140 SharedAccess - ok 22:04:23.0740 2140 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll 22:04:23.0772 2140 ShellHWDetection - ok 22:04:23.0787 2140 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 22:04:23.0787 2140 SiSRaid2 - ok 22:04:23.0803 2140 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 22:04:23.0818 2140 SiSRaid4 - ok 22:04:23.0834 2140 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 22:04:23.0850 2140 Smb - ok 22:04:23.0881 2140 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 22:04:23.0896 2140 SNMPTRAP - ok 22:04:23.0912 2140 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 22:04:23.0928 2140 spldr - ok 22:04:23.0959 2140 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe 22:04:24.0006 2140 Spooler - ok 22:04:24.0162 2140 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe 22:04:24.0224 2140 sppsvc - ok 22:04:24.0286 2140 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 22:04:24.0333 2140 sppuinotify - ok 22:04:24.0380 2140 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys 22:04:24.0411 2140 srv - ok 22:04:24.0442 2140 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys 22:04:24.0458 2140 srv2 - ok 22:04:24.0458 2140 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys 22:04:24.0489 2140 srvnet - ok 22:04:24.0520 2140 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 22:04:24.0552 2140 SSDPSRV - ok 22:04:24.0567 2140 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 22:04:24.0598 2140 SstpSvc - ok 22:04:24.0645 2140 Stereo Service (8d01686ae82b466f4cd074f31f2942ca) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 22:04:24.0661 2140 Stereo Service - ok 22:04:24.0661 2140 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 22:04:24.0676 2140 stexstor - ok 22:04:24.0723 2140 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll 22:04:24.0754 2140 stisvc - ok 22:04:24.0754 2140 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 22:04:24.0770 2140 swenum - ok 22:04:24.0801 2140 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 22:04:24.0848 2140 swprv - ok 22:04:24.0926 2140 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll 22:04:24.0973 2140 SysMain - ok 22:04:25.0035 2140 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll 22:04:25.0051 2140 TabletInputService - ok 22:04:25.0066 2140 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll 22:04:25.0098 2140 TapiSrv - ok 22:04:25.0113 2140 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 22:04:25.0144 2140 TBS - ok 22:04:25.0269 2140 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys 22:04:25.0300 2140 Tcpip - ok 22:04:25.0410 2140 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys 22:04:25.0441 2140 TCPIP6 - ok 22:04:25.0488 2140 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 22:04:25.0503 2140 tcpipreg - ok 22:04:25.0534 2140 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 22:04:25.0534 2140 TDPIPE - ok 22:04:25.0550 2140 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys 22:04:25.0581 2140 TDTCP - ok 22:04:25.0581 2140 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 22:04:25.0628 2140 tdx - ok 22:04:25.0628 2140 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 22:04:25.0644 2140 TermDD - ok 22:04:25.0690 2140 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll 22:04:25.0737 2140 TermService - ok 22:04:25.0753 2140 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 22:04:25.0784 2140 Themes - ok 22:04:25.0800 2140 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 22:04:25.0831 2140 THREADORDER - ok 22:04:25.0846 2140 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 22:04:25.0862 2140 TrkWks - ok 22:04:25.0893 2140 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe 22:04:25.0909 2140 TrustedInstaller - ok 22:04:25.0909 2140 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 22:04:25.0956 2140 tssecsrv - ok 22:04:25.0987 2140 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 22:04:26.0018 2140 tunnel - ok 22:04:26.0034 2140 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 22:04:26.0049 2140 uagp35 - ok 22:04:26.0080 2140 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 22:04:26.0112 2140 udfs - ok 22:04:26.0127 2140 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 22:04:26.0143 2140 UI0Detect - ok 22:04:26.0158 2140 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 22:04:26.0158 2140 uliagpkx - ok 22:04:26.0190 2140 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 22:04:26.0205 2140 umbus - ok 22:04:26.0205 2140 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 22:04:26.0221 2140 UmPass - ok 22:04:26.0236 2140 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 22:04:26.0283 2140 upnphost - ok 22:04:26.0314 2140 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\drivers\usbccgp.sys 22:04:26.0346 2140 usbccgp - ok 22:04:26.0361 2140 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 22:04:26.0377 2140 usbcir - ok 22:04:26.0392 2140 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys 22:04:26.0408 2140 usbehci - ok 22:04:26.0439 2140 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys 22:04:26.0439 2140 usbhub - ok 22:04:26.0470 2140 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys 22:04:26.0486 2140 usbohci - ok 22:04:26.0486 2140 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 22:04:26.0502 2140 usbprint - ok 22:04:26.0517 2140 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS 22:04:26.0548 2140 USBSTOR - ok 22:04:26.0564 2140 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys 22:04:26.0580 2140 usbuhci - ok 22:04:26.0580 2140 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 22:04:26.0611 2140 UxSms - ok 22:04:26.0642 2140 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 22:04:26.0658 2140 VaultSvc - ok 22:04:26.0689 2140 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys 22:04:26.0704 2140 VClone - ok 22:04:26.0704 2140 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 22:04:26.0720 2140 vdrvroot - ok 22:04:26.0767 2140 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe 22:04:26.0798 2140 vds - ok 22:04:26.0814 2140 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 22:04:26.0829 2140 vga - ok 22:04:26.0829 2140 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 22:04:26.0860 2140 VgaSave - ok 22:04:26.0876 2140 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 22:04:26.0892 2140 vhdmp - ok 22:04:26.0907 2140 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 22:04:26.0907 2140 viaide - ok 22:04:26.0923 2140 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 22:04:26.0938 2140 volmgr - ok 22:04:26.0954 2140 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 22:04:26.0970 2140 volmgrx - ok 22:04:27.0001 2140 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 22:04:27.0016 2140 volsnap - ok 22:04:27.0032 2140 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 22:04:27.0048 2140 vsmraid - ok 22:04:27.0110 2140 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe 22:04:27.0157 2140 VSS - ok 22:04:27.0250 2140 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 22:04:27.0266 2140 vwifibus - ok 22:04:27.0297 2140 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 22:04:27.0328 2140 W32Time - ok 22:04:27.0328 2140 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 22:04:27.0344 2140 WacomPen - ok 22:04:27.0360 2140 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 22:04:27.0391 2140 WANARP - ok 22:04:27.0391 2140 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 22:04:27.0422 2140 Wanarpv6 - ok 22:04:27.0500 2140 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 22:04:27.0531 2140 WatAdminSvc - ok 22:04:27.0609 2140 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe 22:04:27.0656 2140 wbengine - ok 22:04:27.0703 2140 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 22:04:27.0718 2140 WbioSrvc - ok 22:04:27.0750 2140 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll 22:04:27.0781 2140 wcncsvc - ok 22:04:27.0781 2140 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 22:04:27.0796 2140 WcsPlugInService - ok 22:04:27.0828 2140 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 22:04:27.0843 2140 Wd - ok 22:04:27.0874 2140 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 22:04:27.0906 2140 Wdf01000 - ok 22:04:27.0937 2140 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 22:04:27.0952 2140 WdiServiceHost - ok 22:04:27.0952 2140 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 22:04:27.0968 2140 WdiSystemHost - ok 22:04:27.0999 2140 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll 22:04:28.0015 2140 WebClient - ok 22:04:28.0046 2140 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 22:04:28.0077 2140 Wecsvc - ok 22:04:28.0077 2140 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 22:04:28.0124 2140 wercplsupport - ok 22:04:28.0140 2140 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 22:04:28.0171 2140 WerSvc - ok 22:04:28.0186 2140 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 22:04:28.0202 2140 WfpLwf - ok 22:04:28.0218 2140 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 22:04:28.0218 2140 WIMMount - ok 22:04:28.0233 2140 WinDefend - ok 22:04:28.0233 2140 WinHttpAutoProxySvc - ok 22:04:28.0296 2140 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 22:04:28.0311 2140 Winmgmt - ok 22:04:28.0420 2140 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll 22:04:28.0483 2140 WinRM - ok 22:04:28.0592 2140 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 22:04:28.0639 2140 Wlansvc - ok 22:04:28.0654 2140 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 22:04:28.0654 2140 WmiAcpi - ok 22:04:28.0686 2140 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 22:04:28.0701 2140 wmiApSrv - ok 22:04:28.0717 2140 WMPNetworkSvc - ok 22:04:28.0732 2140 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 22:04:28.0748 2140 WPCSvc - ok 22:04:28.0748 2140 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll 22:04:28.0764 2140 WPDBusEnum - ok 22:04:28.0779 2140 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 22:04:28.0810 2140 ws2ifsl - ok 22:04:28.0826 2140 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll 22:04:28.0873 2140 wscsvc - ok 22:04:28.0873 2140 WSearch - ok 22:04:29.0013 2140 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 22:04:29.0060 2140 wuauserv - ok 22:04:29.0138 2140 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 22:04:29.0154 2140 WudfPf - ok 22:04:29.0185 2140 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 22:04:29.0216 2140 WUDFRd - ok 22:04:29.0232 2140 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll 22:04:29.0263 2140 wudfsvc - ok 22:04:29.0278 2140 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 22:04:29.0294 2140 WwanSvc - ok 22:04:29.0325 2140 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 22:04:29.0528 2140 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 22:04:29.0528 2140 \Device\Harddisk0\DR0 - detected TDSS File System (1) 22:04:29.0528 2140 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1 22:04:31.0338 2140 \Device\Harddisk1\DR1 - ok 22:04:31.0338 2140 Boot (0x1200) (e528edaff4cf373d91acd231b0efee17) \Device\Harddisk0\DR0\Partition0 22:04:31.0338 2140 \Device\Harddisk0\DR0\Partition0 - ok 22:04:31.0338 2140 Boot (0x1200) (a07ea1c78792c2271933de3d95aa78e1) \Device\Harddisk0\DR0\Partition1 22:04:31.0338 2140 \Device\Harddisk0\DR0\Partition1 - ok 22:04:31.0353 2140 Boot (0x1200) (15f9c330526e34cbeabcddef13a60174) \Device\Harddisk1\DR1\Partition0 22:04:31.0353 2140 \Device\Harddisk1\DR1\Partition0 - ok 22:04:31.0353 2140 ============================================================ 22:04:31.0353 2140 Scan finished 22:04:31.0353 2140 ============================================================ 22:04:31.0353 1404 Detected object count: 3 22:04:31.0353 1404 Actual detected object count: 3 22:05:00.0073 1404 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 22:05:00.0073 1404 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:05:00.0073 1404 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user 22:05:00.0073 1404 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:05:00.0120 1404 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine 22:05:00.0120 1404 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine 22:05:00.0120 1404 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 22:05:00.0135 1404 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 22:05:00.0135 1404 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 22:05:00.0151 1404 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 22:05:00.0151 1404 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine 22:05:00.0151 1404 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 22:05:00.0151 1404 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine 22:05:00.0151 1404 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 22:05:00.0151 1404 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 22:05:00.0151 1404 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine 22:05:00.0151 1404 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine 22:05:00.0151 1404 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine 22:05:00.0166 1404 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 22:05:00.0166 1404 \Device\Harddisk0\DR0\TDLFS - deleted 22:05:00.0166 1404 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
-
21:47:32.0416 0268 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32 21:47:32.0900 0268 ============================================================ 21:47:32.0900 0268 Current date / time: 2012/08/10 21:47:32.0900 21:47:32.0900 0268 SystemInfo: 21:47:32.0900 0268 21:47:32.0900 0268 OS Version: 6.1.7600 ServicePack: 0.0 21:47:32.0900 0268 Product type: Workstation 21:47:32.0900 0268 ComputerName: BERNICE-PC 21:47:32.0900 0268 UserName: Bernice 21:47:32.0900 0268 Windows directory: C:\Windows 21:47:32.0900 0268 System windows directory: C:\Windows 21:47:32.0900 0268 Running under WOW64 21:47:32.0900 0268 Processor architecture: Intel x64 21:47:32.0900 0268 Number of processors: 2 21:47:32.0900 0268 Page size: 0x1000 21:47:32.0900 0268 Boot type: Normal boot 21:47:32.0900 0268 ============================================================ 21:47:33.0571 0268 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x14301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040 21:47:33.0571 0268 Drive \Device\Harddisk1\DR1 - Size: 0x7B60000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 21:47:33.0571 0268 ============================================================ 21:47:33.0571 0268 \Device\Harddisk0\DR0: 21:47:33.0571 0268 MBR partitions: 21:47:33.0571 0268 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 21:47:33.0571 0268 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4A825000 21:47:33.0571 0268 \Device\Harddisk1\DR1: 21:47:33.0571 0268 MBR partitions: 21:47:33.0571 0268 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3DAE0 21:47:33.0571 0268 ============================================================ 21:47:33.0586 0268 C: <-> \Device\Harddisk0\DR0\Partition1 21:47:33.0586 0268 ============================================================ 21:47:33.0586 0268 Initialize success 21:47:33.0586 0268 ============================================================ 21:47:55.0598 3348 ============================================================ 21:47:55.0598 3348 Scan started 21:47:55.0598 3348 Mode: Manual; TDLFS; 21:47:55.0598 3348 ============================================================ 21:47:56.0113 3348 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 21:47:56.0113 3348 1394ohci - ok 21:47:56.0144 3348 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 21:47:56.0144 3348 ACPI - ok 21:47:56.0159 3348 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 21:47:56.0159 3348 AcpiPmi - ok 21:47:56.0222 3348 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 21:47:56.0222 3348 AdobeARMservice - ok 21:47:56.0331 3348 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 21:47:56.0331 3348 AdobeFlashPlayerUpdateSvc - ok 21:47:56.0378 3348 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 21:47:56.0378 3348 adp94xx - ok 21:47:56.0409 3348 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 21:47:56.0409 3348 adpahci - ok 21:47:56.0425 3348 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 21:47:56.0425 3348 adpu320 - ok 21:47:56.0456 3348 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 21:47:56.0456 3348 AeLookupSvc - ok 21:47:56.0503 3348 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys 21:47:56.0518 3348 AFD - ok 21:47:56.0534 3348 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 21:47:56.0534 3348 agp440 - ok 21:47:56.0534 3348 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 21:47:56.0549 3348 ALG - ok 21:47:56.0549 3348 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 21:47:56.0549 3348 aliide - ok 21:47:56.0565 3348 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 21:47:56.0565 3348 amdide - ok 21:47:56.0581 3348 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 21:47:56.0581 3348 AmdK8 - ok 21:47:56.0581 3348 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 21:47:56.0581 3348 AmdPPM - ok 21:47:56.0596 3348 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys 21:47:56.0596 3348 amdsata - ok 21:47:56.0627 3348 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 21:47:56.0627 3348 amdsbs - ok 21:47:56.0643 3348 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys 21:47:56.0643 3348 amdxata - ok 21:47:56.0659 3348 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 21:47:56.0659 3348 AppID - ok 21:47:56.0705 3348 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 21:47:56.0705 3348 AppIDSvc - ok 21:47:56.0783 3348 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll 21:47:56.0783 3348 Appinfo - ok 21:47:56.0799 3348 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 21:47:56.0799 3348 arc - ok 21:47:56.0815 3348 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 21:47:56.0815 3348 arcsas - ok 21:47:56.0830 3348 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 21:47:56.0830 3348 AsyncMac - ok 21:47:56.0893 3348 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 21:47:56.0893 3348 atapi - ok 21:47:56.0939 3348 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 21:47:56.0939 3348 AudioEndpointBuilder - ok 21:47:56.0939 3348 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 21:47:56.0955 3348 AudioSrv - ok 21:47:56.0986 3348 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll 21:47:56.0986 3348 AxInstSV - ok 21:47:57.0017 3348 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 21:47:57.0017 3348 b06bdrv - ok 21:47:57.0033 3348 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 21:47:57.0033 3348 b57nd60a - ok 21:47:57.0064 3348 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 21:47:57.0064 3348 BDESVC - ok 21:47:57.0080 3348 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 21:47:57.0080 3348 Beep - ok 21:47:57.0127 3348 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll 21:47:57.0127 3348 BFE - ok 21:47:57.0142 3348 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 21:47:57.0142 3348 blbdrive - ok 21:47:57.0173 3348 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 21:47:57.0173 3348 bowser - ok 21:47:57.0173 3348 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 21:47:57.0173 3348 BrFiltLo - ok 21:47:57.0189 3348 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 21:47:57.0189 3348 BrFiltUp - ok 21:47:57.0205 3348 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 21:47:57.0205 3348 BridgeMP - ok 21:47:57.0236 3348 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll 21:47:57.0236 3348 Browser - ok 21:47:57.0251 3348 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 21:47:57.0251 3348 Brserid - ok 21:47:57.0267 3348 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 21:47:57.0267 3348 BrSerWdm - ok 21:47:57.0267 3348 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 21:47:57.0267 3348 BrUsbMdm - ok 21:47:57.0267 3348 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 21:47:57.0267 3348 BrUsbSer - ok 21:47:57.0298 3348 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 21:47:57.0298 3348 BTHMODEM - ok 21:47:57.0314 3348 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 21:47:57.0314 3348 bthserv - ok 21:47:57.0314 3348 catchme - ok 21:47:57.0345 3348 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 21:47:57.0345 3348 cdfs - ok 21:47:57.0376 3348 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 21:47:57.0376 3348 cdrom - ok 21:47:57.0407 3348 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 21:47:57.0407 3348 CertPropSvc - ok 21:47:57.0407 3348 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 21:47:57.0407 3348 circlass - ok 21:47:57.0439 3348 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 21:47:57.0439 3348 CLFS - ok 21:47:57.0485 3348 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:47:57.0485 3348 clr_optimization_v2.0.50727_32 - ok 21:47:57.0532 3348 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 21:47:57.0548 3348 clr_optimization_v2.0.50727_64 - ok 21:47:57.0595 3348 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 21:47:57.0595 3348 clr_optimization_v4.0.30319_32 - ok 21:47:57.0626 3348 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 21:47:57.0626 3348 clr_optimization_v4.0.30319_64 - ok 21:47:57.0641 3348 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 21:47:57.0641 3348 CmBatt - ok 21:47:57.0657 3348 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 21:47:57.0657 3348 cmdide - ok 21:47:57.0688 3348 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys 21:47:57.0688 3348 CNG - ok 21:47:57.0719 3348 COMMONFX (f38acff40e9edc2b3476edd724cea4a0) C:\Windows\system32\drivers\COMMONFX.SYS 21:47:57.0719 3348 COMMONFX - ok 21:47:57.0719 3348 COMMONFX.SYS (f38acff40e9edc2b3476edd724cea4a0) C:\Windows\System32\drivers\COMMONFX.SYS 21:47:57.0719 3348 COMMONFX.SYS - ok 21:47:57.0719 3348 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 21:47:57.0735 3348 Compbatt - ok 21:47:57.0751 3348 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 21:47:57.0751 3348 CompositeBus - ok 21:47:57.0751 3348 COMSysApp - ok 21:47:57.0782 3348 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys 21:47:57.0782 3348 cpuz135 - ok 21:47:57.0797 3348 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 21:47:57.0797 3348 crcdisk - ok 21:47:57.0829 3348 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe 21:47:57.0829 3348 Creative Audio Engine Licensing Service - ok 21:47:57.0860 3348 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll 21:47:57.0860 3348 CryptSvc - ok 21:47:57.0907 3348 ctac32k (095c566746217cd1482ede40a70d87d2) C:\Windows\system32\drivers\ctac32k.sys 21:47:57.0907 3348 ctac32k - ok 21:47:57.0953 3348 ctaud2k (157e2196fccd002a2edf3b06df7b0c9a) C:\Windows\system32\drivers\ctaud2k.sys 21:47:57.0953 3348 ctaud2k - ok 21:47:58.0047 3348 CTAUDFX (17979ee857e930cbfdf24a12e89d77a1) C:\Windows\system32\drivers\CTAUDFX.SYS 21:47:58.0047 3348 CTAUDFX - ok 21:47:58.0047 3348 CTAUDFX.SYS (17979ee857e930cbfdf24a12e89d77a1) C:\Windows\System32\drivers\CTAUDFX.SYS 21:47:58.0063 3348 CTAUDFX.SYS - ok 21:47:58.0109 3348 CTAudSvcService (5ce3d0e1d1b3832ee052cfc442eee0fa) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe 21:47:58.0109 3348 CTAudSvcService - ok 21:47:58.0125 3348 CTERFXFX (fe3eae37536c02d087e5c5d339663779) C:\Windows\system32\drivers\CTERFXFX.SYS 21:47:58.0125 3348 CTERFXFX - ok 21:47:58.0125 3348 CTERFXFX.SYS (fe3eae37536c02d087e5c5d339663779) C:\Windows\System32\drivers\CTERFXFX.SYS 21:47:58.0125 3348 CTERFXFX.SYS - ok 21:47:58.0141 3348 ctprxy2k (4e4fdab4a7cf5af56e3fa1fe35e8ad3c) C:\Windows\system32\drivers\ctprxy2k.sys 21:47:58.0141 3348 ctprxy2k - ok 21:47:58.0172 3348 CTSBLFX (4a7de2e30b2b9253933a157401ec76d5) C:\Windows\system32\drivers\CTSBLFX.SYS 21:47:58.0172 3348 CTSBLFX - ok 21:47:58.0172 3348 CTSBLFX.SYS (4a7de2e30b2b9253933a157401ec76d5) C:\Windows\System32\drivers\CTSBLFX.SYS 21:47:58.0187 3348 CTSBLFX.SYS - ok 21:47:58.0203 3348 ctsfm2k (065ade032a044d518ab1407d3586b7d5) C:\Windows\system32\drivers\ctsfm2k.sys 21:47:58.0203 3348 ctsfm2k - ok 21:47:58.0250 3348 DAUpdaterSvc (80861969541971176e005d2c09dae851) C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe 21:47:58.0250 3348 DAUpdaterSvc - ok 21:47:58.0297 3348 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 21:47:58.0297 3348 DcomLaunch - ok 21:47:58.0328 3348 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 21:47:58.0328 3348 defragsvc - ok 21:47:58.0359 3348 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys 21:47:58.0359 3348 DfsC - ok 21:47:58.0390 3348 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll 21:47:58.0390 3348 Dhcp - ok 21:47:58.0406 3348 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 21:47:58.0406 3348 discache - ok 21:47:58.0421 3348 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 21:47:58.0421 3348 Disk - ok 21:47:58.0453 3348 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll 21:47:58.0453 3348 Dnscache - ok 21:47:58.0484 3348 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll 21:47:58.0484 3348 dot3svc - ok 21:47:58.0499 3348 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll 21:47:58.0499 3348 DPS - ok 21:47:58.0531 3348 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 21:47:58.0531 3348 drmkaud - ok 21:47:58.0593 3348 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys 21:47:58.0609 3348 DXGKrnl - ok 21:47:58.0624 3348 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 21:47:58.0624 3348 EapHost - ok 21:47:58.0765 3348 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 21:47:58.0780 3348 ebdrv - ok 21:47:58.0889 3348 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe 21:47:58.0889 3348 EFS - ok 21:47:58.0952 3348 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe 21:47:58.0952 3348 ehRecvr - ok 21:47:58.0967 3348 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 21:47:58.0967 3348 ehSched - ok 21:47:59.0030 3348 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys 21:47:59.0030 3348 ElbyCDIO - ok 21:47:59.0061 3348 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 21:47:59.0061 3348 elxstor - ok 21:47:59.0092 3348 emupia (f380ff5d6d80cecc6dbbc15569757613) C:\Windows\system32\drivers\emupia2k.sys 21:47:59.0092 3348 emupia - ok 21:47:59.0108 3348 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 21:47:59.0108 3348 ErrDev - ok 21:47:59.0139 3348 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 21:47:59.0139 3348 EventSystem - ok 21:47:59.0155 3348 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 21:47:59.0155 3348 exfat - ok 21:47:59.0186 3348 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 21:47:59.0186 3348 fastfat - ok 21:47:59.0233 3348 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe 21:47:59.0248 3348 Fax - ok 21:47:59.0264 3348 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 21:47:59.0264 3348 fdc - ok 21:47:59.0279 3348 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 21:47:59.0279 3348 fdPHost - ok 21:47:59.0295 3348 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 21:47:59.0295 3348 FDResPub - ok 21:47:59.0311 3348 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 21:47:59.0311 3348 FileInfo - ok 21:47:59.0326 3348 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 21:47:59.0326 3348 Filetrace - ok 21:47:59.0326 3348 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 21:47:59.0326 3348 flpydisk - ok 21:47:59.0357 3348 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 21:47:59.0357 3348 FltMgr - ok 21:47:59.0420 3348 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll 21:47:59.0451 3348 FontCache - ok 21:47:59.0513 3348 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 21:47:59.0513 3348 FontCache3.0.0.0 - ok 21:47:59.0607 3348 ForceWare Intelligent Application Manager (IAM) (a9ff65ea14e4cabfcc1bb8ece111a249) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe 21:47:59.0607 3348 ForceWare Intelligent Application Manager (IAM) - ok 21:47:59.0654 3348 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 21:47:59.0654 3348 FsDepends - ok 21:47:59.0716 3348 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys 21:47:59.0732 3348 Fs_Rec - ok 21:47:59.0763 3348 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 21:47:59.0763 3348 fvevol - ok 21:47:59.0779 3348 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 21:47:59.0779 3348 gagp30kx - ok 21:47:59.0825 3348 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll 21:47:59.0841 3348 gpsvc - ok 21:47:59.0888 3348 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 21:47:59.0888 3348 gusvc - ok 21:47:59.0966 3348 ha10kx2k (82b68f585110ae8500a6d23623ae1f74) C:\Windows\system32\drivers\ha10kx2k.sys 21:47:59.0966 3348 ha10kx2k - ok 21:48:00.0044 3348 hap16v2k (83f647f9ace9192556f758e528024f68) C:\Windows\system32\drivers\hap16v2k.sys 21:48:00.0044 3348 hap16v2k - ok 21:48:00.0075 3348 hap17v2k (e815d29361de89d24c8dbe3e5a7006c9) C:\Windows\system32\drivers\hap17v2k.sys 21:48:00.0075 3348 hap17v2k - ok 21:48:00.0091 3348 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 21:48:00.0091 3348 hcw85cir - ok 21:48:00.0122 3348 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 21:48:00.0122 3348 HdAudAddService - ok 21:48:00.0153 3348 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 21:48:00.0153 3348 HDAudBus - ok 21:48:00.0153 3348 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 21:48:00.0153 3348 HidBatt - ok 21:48:00.0169 3348 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 21:48:00.0169 3348 HidBth - ok 21:48:00.0184 3348 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 21:48:00.0184 3348 HidIr - ok 21:48:00.0184 3348 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 21:48:00.0184 3348 hidserv - ok 21:48:00.0215 3348 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 21:48:00.0215 3348 HidUsb - ok 21:48:00.0215 3348 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll 21:48:00.0215 3348 hkmsvc - ok 21:48:00.0231 3348 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll 21:48:00.0247 3348 HomeGroupListener - ok 21:48:00.0262 3348 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll 21:48:00.0262 3348 HomeGroupProvider - ok 21:48:00.0293 3348 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 21:48:00.0293 3348 HpSAMD - ok 21:48:00.0356 3348 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 21:48:00.0356 3348 HTTP - ok 21:48:00.0371 3348 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 21:48:00.0371 3348 hwpolicy - ok 21:48:00.0387 3348 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 21:48:00.0387 3348 i8042prt - ok 21:48:00.0434 3348 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys 21:48:00.0434 3348 iaStorV - ok 21:48:00.0512 3348 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 21:48:00.0512 3348 idsvc - ok 21:48:00.0527 3348 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 21:48:00.0527 3348 iirsp - ok 21:48:00.0574 3348 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll 21:48:00.0590 3348 IKEEXT - ok 21:48:00.0683 3348 IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys 21:48:00.0699 3348 IntcAzAudAddService - ok 21:48:00.0761 3348 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 21:48:00.0761 3348 intelide - ok 21:48:00.0793 3348 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 21:48:00.0793 3348 intelppm - ok 21:48:00.0793 3348 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 21:48:00.0808 3348 IPBusEnum - ok 21:48:00.0824 3348 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 21:48:00.0824 3348 IpFilterDriver - ok 21:48:00.0871 3348 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll 21:48:00.0871 3348 iphlpsvc - ok 21:48:00.0886 3348 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 21:48:00.0886 3348 IPMIDRV - ok 21:48:00.0902 3348 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 21:48:00.0902 3348 IPNAT - ok 21:48:00.0917 3348 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 21:48:00.0917 3348 IRENUM - ok 21:48:00.0949 3348 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 21:48:00.0949 3348 isapnp - ok 21:48:00.0964 3348 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 21:48:00.0964 3348 iScsiPrt - ok 21:48:00.0980 3348 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 21:48:00.0995 3348 kbdclass - ok 21:48:00.0995 3348 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 21:48:00.0995 3348 kbdhid - ok 21:48:01.0027 3348 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 21:48:01.0027 3348 KeyIso - ok 21:48:01.0058 3348 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys 21:48:01.0073 3348 KSecDD - ok 21:48:01.0073 3348 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys 21:48:01.0073 3348 KSecPkg - ok 21:48:01.0089 3348 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 21:48:01.0089 3348 ksthunk - ok 21:48:01.0120 3348 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 21:48:01.0136 3348 KtmRm - ok 21:48:01.0229 3348 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll 21:48:01.0245 3348 LanmanServer - ok 21:48:01.0292 3348 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll 21:48:01.0292 3348 LanmanWorkstation - ok 21:48:01.0307 3348 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 21:48:01.0307 3348 lltdio - ok 21:48:01.0323 3348 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 21:48:01.0323 3348 lltdsvc - ok 21:48:01.0339 3348 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 21:48:01.0339 3348 lmhosts - ok 21:48:01.0370 3348 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 21:48:01.0370 3348 LSI_FC - ok 21:48:01.0385 3348 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 21:48:01.0385 3348 LSI_SAS - ok 21:48:01.0385 3348 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 21:48:01.0385 3348 LSI_SAS2 - ok 21:48:01.0401 3348 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 21:48:01.0401 3348 LSI_SCSI - ok 21:48:01.0417 3348 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 21:48:01.0417 3348 luafv - ok 21:48:01.0432 3348 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys 21:48:01.0432 3348 MBAMProtector - ok 21:48:01.0495 3348 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 21:48:01.0495 3348 MBAMService - ok 21:48:01.0557 3348 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe 21:48:01.0557 3348 McComponentHostService - ok 21:48:01.0588 3348 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll 21:48:01.0588 3348 Mcx2Svc - ok 21:48:01.0588 3348 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 21:48:01.0588 3348 megasas - ok 21:48:01.0619 3348 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 21:48:01.0619 3348 MegaSR - ok 21:48:01.0635 3348 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 21:48:01.0635 3348 MMCSS - ok 21:48:01.0651 3348 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 21:48:01.0651 3348 Modem - ok 21:48:01.0666 3348 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 21:48:01.0666 3348 monitor - ok 21:48:01.0666 3348 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 21:48:01.0666 3348 mouclass - ok 21:48:01.0682 3348 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 21:48:01.0682 3348 mouhid - ok 21:48:01.0697 3348 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 21:48:01.0697 3348 mountmgr - ok 21:48:01.0760 3348 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 21:48:01.0760 3348 MozillaMaintenance - ok 21:48:01.0822 3348 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 21:48:01.0822 3348 mpio - ok 21:48:01.0838 3348 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 21:48:01.0838 3348 mpsdrv - ok 21:48:01.0900 3348 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll 21:48:01.0900 3348 MpsSvc - ok 21:48:01.0916 3348 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 21:48:01.0916 3348 MRxDAV - ok 21:48:01.0947 3348 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys 21:48:01.0947 3348 mrxsmb - ok 21:48:01.0978 3348 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys 21:48:01.0978 3348 mrxsmb10 - ok 21:48:01.0994 3348 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys 21:48:01.0994 3348 mrxsmb20 - ok 21:48:02.0009 3348 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 21:48:02.0009 3348 msahci - ok 21:48:02.0025 3348 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 21:48:02.0025 3348 msdsm - ok 21:48:02.0041 3348 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 21:48:02.0041 3348 MSDTC - ok 21:48:02.0056 3348 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 21:48:02.0056 3348 Msfs - ok 21:48:02.0056 3348 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 21:48:02.0056 3348 mshidkmdf - ok 21:48:02.0072 3348 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 21:48:02.0072 3348 msisadrv - ok 21:48:02.0103 3348 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 21:48:02.0103 3348 MSiSCSI - ok 21:48:02.0103 3348 msiserver - ok 21:48:02.0119 3348 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 21:48:02.0119 3348 MSKSSRV - ok 21:48:02.0134 3348 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 21:48:02.0134 3348 MSPCLOCK - ok 21:48:02.0134 3348 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 21:48:02.0134 3348 MSPQM - ok 21:48:02.0165 3348 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 21:48:02.0165 3348 MsRPC - ok 21:48:02.0181 3348 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 21:48:02.0181 3348 mssmbios - ok 21:48:02.0197 3348 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 21:48:02.0197 3348 MSTEE - ok 21:48:02.0197 3348 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 21:48:02.0197 3348 MTConfig - ok 21:48:02.0228 3348 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys 21:48:02.0228 3348 MTsensor - ok 21:48:02.0259 3348 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 21:48:02.0259 3348 Mup - ok 21:48:02.0275 3348 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll 21:48:02.0290 3348 napagent - ok 21:48:02.0306 3348 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 21:48:02.0321 3348 NativeWifiP - ok 21:48:02.0384 3348 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 21:48:02.0384 3348 NDIS - ok 21:48:02.0399 3348 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 21:48:02.0399 3348 NdisCap - ok 21:48:02.0399 3348 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 21:48:02.0399 3348 NdisTapi - ok 21:48:02.0415 3348 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 21:48:02.0415 3348 Ndisuio - ok 21:48:02.0462 3348 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 21:48:02.0462 3348 NdisWan - ok 21:48:02.0477 3348 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 21:48:02.0477 3348 NDProxy - ok 21:48:02.0493 3348 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 21:48:02.0493 3348 NetBIOS - ok 21:48:02.0509 3348 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 21:48:02.0509 3348 NetBT - ok 21:48:02.0540 3348 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 21:48:02.0540 3348 Netlogon - ok 21:48:02.0587 3348 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 21:48:02.0587 3348 Netman - ok 21:48:02.0618 3348 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 21:48:02.0618 3348 netprofm - ok 21:48:02.0680 3348 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 21:48:02.0680 3348 NetTcpPortSharing - ok 21:48:02.0696 3348 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 21:48:02.0696 3348 nfrd960 - ok 21:48:02.0711 3348 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll 21:48:02.0711 3348 NlaSvc - ok 21:48:02.0727 3348 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 21:48:02.0727 3348 Npfs - ok 21:48:02.0727 3348 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 21:48:02.0727 3348 nsi - ok 21:48:02.0743 3348 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 21:48:02.0743 3348 nsiproxy - ok 21:48:02.0805 3348 nSvcIp (c04f5def37e55f6a34428b050f44d3d6) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe 21:48:02.0821 3348 nSvcIp - ok 21:48:02.0899 3348 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys 21:48:02.0914 3348 Ntfs - ok 21:48:02.0992 3348 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 21:48:02.0992 3348 Null - ok 21:48:03.0039 3348 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys 21:48:03.0039 3348 NVENETFD - ok 21:48:03.0601 3348 nvlddmkm (bbe872a814b00798c2d568d46c42a71b) C:\Windows\system32\DRIVERS\nvlddmkm.sys 21:48:03.0647 3348 nvlddmkm - ok 21:48:03.0710 3348 NVNET (956a1f47826514c1ea0c295fe13c7377) C:\Windows\system32\DRIVERS\nvmf6264.sys 21:48:03.0710 3348 NVNET - ok 21:48:03.0741 3348 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys 21:48:03.0741 3348 nvraid - ok 21:48:03.0757 3348 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys 21:48:03.0772 3348 nvstor - ok 21:48:03.0788 3348 nvstor64 (7c7eef51979658ce15bbc04f96a77d56) C:\Windows\system32\DRIVERS\nvstor64.sys 21:48:03.0788 3348 nvstor64 - ok 21:48:03.0850 3348 NVSvc (0393e59488c67f704336f3ff06e2b7bd) C:\Windows\system32\nvvsvc.exe 21:48:03.0850 3348 NVSvc - ok 21:48:03.0881 3348 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 21:48:03.0881 3348 nv_agp - ok 21:48:03.0897 3348 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 21:48:03.0897 3348 ohci1394 - ok 21:48:03.0913 3348 ossrv (85ea378116e2c4385993ba5124536ffc) C:\Windows\system32\drivers\ctoss2k.sys 21:48:03.0913 3348 ossrv - ok 21:48:03.0944 3348 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 21:48:03.0959 3348 p2pimsvc - ok 21:48:03.0991 3348 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 21:48:03.0991 3348 p2psvc - ok 21:48:04.0006 3348 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 21:48:04.0006 3348 Parport - ok 21:48:04.0037 3348 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys 21:48:04.0037 3348 partmgr - ok 21:48:04.0053 3348 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 21:48:04.0069 3348 PcaSvc - ok 21:48:04.0069 3348 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 21:48:04.0069 3348 pci - ok 21:48:04.0084 3348 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 21:48:04.0084 3348 pciide - ok 21:48:04.0115 3348 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 21:48:04.0115 3348 pcmcia - ok 21:48:04.0131 3348 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 21:48:04.0131 3348 pcw - ok 21:48:04.0162 3348 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 21:48:04.0178 3348 PEAUTH - ok 21:48:04.0225 3348 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 21:48:04.0225 3348 PerfHost - ok 21:48:04.0303 3348 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll 21:48:04.0318 3348 pla - ok 21:48:04.0349 3348 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll 21:48:04.0349 3348 PlugPlay - ok 21:48:04.0365 3348 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 21:48:04.0365 3348 PNRPAutoReg - ok 21:48:04.0381 3348 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 21:48:04.0381 3348 PNRPsvc - ok 21:48:04.0427 3348 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll 21:48:04.0427 3348 PolicyAgent - ok 21:48:04.0459 3348 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 21:48:04.0459 3348 Power - ok 21:48:04.0505 3348 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 21:48:04.0505 3348 PptpMiniport - ok 21:48:04.0505 3348 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 21:48:04.0505 3348 Processor - ok 21:48:04.0537 3348 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll 21:48:04.0552 3348 ProfSvc - ok 21:48:04.0568 3348 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 21:48:04.0568 3348 ProtectedStorage - ok 21:48:04.0583 3348 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 21:48:04.0583 3348 Psched - ok 21:48:04.0661 3348 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 21:48:04.0661 3348 ql2300 - ok 21:48:04.0739 3348 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 21:48:04.0739 3348 ql40xx - ok 21:48:04.0755 3348 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 21:48:04.0755 3348 QWAVE - ok 21:48:04.0771 3348 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 21:48:04.0771 3348 QWAVEdrv - ok 21:48:04.0786 3348 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 21:48:04.0786 3348 RasAcd - ok 21:48:04.0802 3348 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 21:48:04.0802 3348 RasAgileVpn - ok 21:48:04.0817 3348 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 21:48:04.0817 3348 RasAuto - ok 21:48:04.0833 3348 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 21:48:04.0833 3348 Rasl2tp - ok 21:48:04.0864 3348 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll 21:48:04.0864 3348 RasMan - ok 21:48:04.0880 3348 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 21:48:04.0880 3348 RasPppoe - ok 21:48:04.0895 3348 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 21:48:04.0895 3348 RasSstp - ok 21:48:04.0911 3348 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 21:48:04.0911 3348 rdbss - ok 21:48:04.0927 3348 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 21:48:04.0927 3348 rdpbus - ok 21:48:04.0942 3348 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 21:48:04.0942 3348 RDPCDD - ok 21:48:04.0958 3348 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 21:48:04.0958 3348 RDPENCDD - ok 21:48:04.0973 3348 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 21:48:04.0973 3348 RDPREFMP - ok 21:48:04.0989 3348 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys 21:48:04.0989 3348 RDPWD - ok 21:48:05.0020 3348 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 21:48:05.0020 3348 rdyboost - ok 21:48:05.0051 3348 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 21:48:05.0051 3348 RemoteAccess - ok 21:48:05.0067 3348 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 21:48:05.0067 3348 RemoteRegistry - ok 21:48:05.0083 3348 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 21:48:05.0083 3348 RpcEptMapper - ok 21:48:05.0098 3348 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 21:48:05.0098 3348 RpcLocator - ok 21:48:05.0161 3348 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 21:48:05.0161 3348 RpcSs - ok 21:48:05.0176 3348 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 21:48:05.0176 3348 rspndr - ok 21:48:05.0207 3348 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 21:48:05.0207 3348 SamSs - ok 21:48:05.0207 3348 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 21:48:05.0223 3348 sbp2port - ok 21:48:05.0239 3348 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 21:48:05.0239 3348 SCardSvr - ok 21:48:05.0254 3348 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 21:48:05.0254 3348 scfilter - ok 21:48:05.0317 3348 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll 21:48:05.0332 3348 Schedule - ok 21:48:05.0363 3348 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 21:48:05.0363 3348 SCPolicySvc - ok 21:48:05.0379 3348 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll 21:48:05.0379 3348 SDRSVC - ok 21:48:05.0410 3348 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 21:48:05.0410 3348 secdrv - ok 21:48:05.0426 3348 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll 21:48:05.0426 3348 seclogon - ok 21:48:05.0426 3348 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 21:48:05.0441 3348 SENS - ok 21:48:05.0441 3348 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 21:48:05.0441 3348 SensrSvc - ok 21:48:05.0473 3348 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 21:48:05.0473 3348 Serenum - ok 21:48:05.0504 3348 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 21:48:05.0504 3348 Serial - ok 21:48:05.0504 3348 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 21:48:05.0504 3348 sermouse - ok 21:48:05.0535 3348 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll 21:48:05.0535 3348 SessionEnv - ok 21:48:05.0535 3348 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 21:48:05.0535 3348 sffdisk - ok 21:48:05.0551 3348 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 21:48:05.0551 3348 sffp_mmc - ok 21:48:05.0566 3348 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys 21:48:05.0566 3348 sffp_sd - ok 21:48:05.0566 3348 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 21:48:05.0566 3348 sfloppy - ok 21:48:05.0613 3348 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 21:48:05.0613 3348 SharedAccess - ok 21:48:05.0644 3348 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll 21:48:05.0644 3348 ShellHWDetection - ok 21:48:05.0660 3348 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 21:48:05.0660 3348 SiSRaid2 - ok 21:48:05.0675 3348 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 21:48:05.0675 3348 SiSRaid4 - ok 21:48:05.0691 3348 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 21:48:05.0691 3348 Smb - ok 21:48:05.0738 3348 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 21:48:05.0738 3348 SNMPTRAP - ok 21:48:05.0753 3348 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 21:48:05.0753 3348 spldr - ok 21:48:05.0785 3348 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe 21:48:05.0800 3348 Spooler - ok 21:48:05.0972 3348 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe 21:48:06.0003 3348 sppsvc - ok 21:48:06.0065 3348 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 21:48:06.0065 3348 sppuinotify - ok 21:48:06.0112 3348 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys 21:48:06.0128 3348 srv - ok 21:48:06.0143 3348 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys 21:48:06.0143 3348 srv2 - ok 21:48:06.0159 3348 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys 21:48:06.0159 3348 srvnet - ok 21:48:06.0206 3348 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 21:48:06.0206 3348 SSDPSRV - ok 21:48:06.0221 3348 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 21:48:06.0221 3348 SstpSvc - ok 21:48:06.0284 3348 Stereo Service (8d01686ae82b466f4cd074f31f2942ca) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 21:48:06.0284 3348 Stereo Service - ok 21:48:06.0299 3348 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 21:48:06.0299 3348 stexstor - ok 21:48:06.0331 3348 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll 21:48:06.0346 3348 stisvc - ok 21:48:06.0362 3348 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 21:48:06.0362 3348 swenum - ok 21:48:06.0393 3348 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 21:48:06.0409 3348 swprv - ok 21:48:06.0487 3348 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll 21:48:06.0518 3348 SysMain - ok 21:48:06.0565 3348 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll 21:48:06.0580 3348 TabletInputService - ok 21:48:06.0596 3348 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll 21:48:06.0611 3348 TapiSrv - ok 21:48:06.0611 3348 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 21:48:06.0627 3348 TBS - ok 21:48:06.0736 3348 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys 21:48:06.0752 3348 Tcpip - ok 21:48:07.0001 3348 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys 21:48:07.0017 3348 TCPIP6 - ok 21:48:07.0048 3348 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 21:48:07.0048 3348 tcpipreg - ok 21:48:07.0064 3348 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 21:48:07.0064 3348 TDPIPE - ok 21:48:07.0095 3348 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys 21:48:07.0095 3348 TDTCP - ok 21:48:07.0111 3348 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 21:48:07.0111 3348 tdx - ok 21:48:07.0111 3348 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 21:48:07.0111 3348 TermDD - ok 21:48:07.0173 3348 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll 21:48:07.0189 3348 TermService - ok 21:48:07.0189 3348 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 21:48:07.0189 3348 Themes - ok 21:48:07.0220 3348 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 21:48:07.0220 3348 THREADORDER - ok 21:48:07.0220 3348 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 21:48:07.0235 3348 TrkWks - ok 21:48:07.0251 3348 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe 21:48:07.0251 3348 TrustedInstaller - ok 21:48:07.0267 3348 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 21:48:07.0267 3348 tssecsrv - ok 21:48:07.0298 3348 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 21:48:07.0298 3348 tunnel - ok 21:48:07.0313 3348 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 21:48:07.0313 3348 uagp35 - ok 21:48:07.0345 3348 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 21:48:07.0345 3348 udfs - ok 21:48:07.0360 3348 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 21:48:07.0360 3348 UI0Detect - ok 21:48:07.0376 3348 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 21:48:07.0376 3348 uliagpkx - ok 21:48:07.0391 3348 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 21:48:07.0391 3348 umbus - ok 21:48:07.0407 3348 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 21:48:07.0407 3348 UmPass - ok 21:48:07.0438 3348 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 21:48:07.0438 3348 upnphost - ok 21:48:07.0469 3348 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\drivers\usbccgp.sys 21:48:07.0469 3348 usbccgp - ok 21:48:07.0469 3348 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 21:48:07.0469 3348 usbcir - ok 21:48:07.0501 3348 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys 21:48:07.0501 3348 usbehci - ok 21:48:07.0532 3348 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys 21:48:07.0532 3348 usbhub - ok 21:48:07.0532 3348 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys 21:48:07.0532 3348 usbohci - ok 21:48:07.0547 3348 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 21:48:07.0547 3348 usbprint - ok 21:48:07.0563 3348 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS 21:48:07.0563 3348 USBSTOR - ok 21:48:07.0579 3348 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys 21:48:07.0579 3348 usbuhci - ok 21:48:07.0579 3348 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 21:48:07.0579 3348 UxSms - ok 21:48:07.0610 3348 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 21:48:07.0610 3348 VaultSvc - ok 21:48:07.0641 3348 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys 21:48:07.0641 3348 VClone - ok 21:48:07.0641 3348 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 21:48:07.0641 3348 vdrvroot - ok 21:48:07.0672 3348 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe 21:48:07.0688 3348 vds - ok 21:48:07.0719 3348 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 21:48:07.0719 3348 vga - ok 21:48:07.0719 3348 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 21:48:07.0719 3348 VgaSave - ok 21:48:07.0750 3348 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 21:48:07.0750 3348 vhdmp - ok 21:48:07.0766 3348 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 21:48:07.0766 3348 viaide - ok 21:48:07.0766 3348 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 21:48:07.0781 3348 volmgr - ok 21:48:07.0797 3348 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 21:48:07.0797 3348 volmgrx - ok 21:48:07.0828 3348 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 21:48:07.0828 3348 volsnap - ok 21:48:07.0844 3348 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 21:48:07.0844 3348 vsmraid - ok 21:48:07.0922 3348 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe 21:48:07.0937 3348 VSS - ok 21:48:08.0015 3348 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 21:48:08.0015 3348 vwifibus - ok 21:48:08.0047 3348 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 21:48:08.0062 3348 W32Time - ok 21:48:08.0062 3348 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 21:48:08.0062 3348 WacomPen - ok 21:48:08.0093 3348 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 21:48:08.0093 3348 WANARP - ok 21:48:08.0093 3348 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 21:48:08.0093 3348 Wanarpv6 - ok 21:48:08.0187 3348 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 21:48:08.0203 3348 WatAdminSvc - ok 21:48:08.0281 3348 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe 21:48:08.0296 3348 wbengine - ok 21:48:08.0343 3348 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 21:48:08.0343 3348 WbioSrvc - ok 21:48:08.0374 3348 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll 21:48:08.0390 3348 wcncsvc - ok 21:48:08.0390 3348 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 21:48:08.0390 3348 WcsPlugInService - ok 21:48:08.0405 3348 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 21:48:08.0405 3348 Wd - ok 21:48:08.0452 3348 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 21:48:08.0452 3348 Wdf01000 - ok 21:48:08.0452 3348 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 21:48:08.0468 3348 WdiServiceHost - ok 21:48:08.0468 3348 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 21:48:08.0468 3348 WdiSystemHost - ok 21:48:08.0499 3348 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll 21:48:08.0499 3348 WebClient - ok 21:48:08.0515 3348 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 21:48:08.0515 3348 Wecsvc - ok 21:48:08.0530 3348 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 21:48:08.0546 3348 wercplsupport - ok 21:48:08.0546 3348 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 21:48:08.0546 3348 WerSvc - ok 21:48:08.0561 3348 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 21:48:08.0561 3348 WfpLwf - ok 21:48:08.0577 3348 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 21:48:08.0577 3348 WIMMount - ok 21:48:08.0593 3348 WinDefend - ok 21:48:08.0593 3348 WinHttpAutoProxySvc - ok 21:48:08.0639 3348 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 21:48:08.0639 3348 Winmgmt - ok 21:48:08.0749 3348 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll 21:48:08.0780 3348 WinRM - ok 21:48:08.0920 3348 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 21:48:08.0936 3348 Wlansvc - ok 21:48:08.0936 3348 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 21:48:08.0936 3348 WmiAcpi - ok 21:48:08.0967 3348 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 21:48:08.0967 3348 wmiApSrv - ok 21:48:08.0983 3348 WMPNetworkSvc - ok 21:48:08.0998 3348 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 21:48:08.0998 3348 WPCSvc - ok 21:48:08.0998 3348 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll 21:48:09.0014 3348 WPDBusEnum - ok 21:48:09.0014 3348 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 21:48:09.0014 3348 ws2ifsl - ok 21:48:09.0045 3348 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll 21:48:09.0045 3348 wscsvc - ok 21:48:09.0045 3348 WSearch - ok 21:48:09.0185 3348 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 21:48:09.0217 3348 wuauserv - ok 21:48:09.0279 3348 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 21:48:09.0279 3348 WudfPf - ok 21:48:09.0310 3348 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 21:48:09.0310 3348 WUDFRd - ok 21:48:09.0326 3348 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll 21:48:09.0326 3348 wudfsvc - ok 21:48:09.0357 3348 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 21:48:09.0357 3348 WwanSvc - ok 21:48:09.0357 3348 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 21:48:09.0388 3348 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected 21:48:09.0388 3348 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0) 21:48:09.0404 3348 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 21:48:09.0404 3348 \Device\Harddisk0\DR0 - detected TDSS File System (1) 21:48:09.0419 3348 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1 21:48:11.0213 3348 \Device\Harddisk1\DR1 - ok 21:48:11.0213 3348 Boot (0x1200) (e528edaff4cf373d91acd231b0efee17) \Device\Harddisk0\DR0\Partition0 21:48:11.0213 3348 \Device\Harddisk0\DR0\Partition0 - ok 21:48:11.0229 3348 Boot (0x1200) (a07ea1c78792c2271933de3d95aa78e1) \Device\Harddisk0\DR0\Partition1 21:48:11.0229 3348 \Device\Harddisk0\DR0\Partition1 - ok 21:48:11.0229 3348 Boot (0x1200) (15f9c330526e34cbeabcddef13a60174) \Device\Harddisk1\DR1\Partition0 21:48:11.0229 3348 \Device\Harddisk1\DR1\Partition0 - ok 21:48:11.0229 3348 ============================================================ 21:48:11.0229 3348 Scan finished 21:48:11.0229 3348 ============================================================ 21:48:11.0245 3268 Detected object count: 2 21:48:11.0245 3268 Actual detected object count: 2 21:49:49.0348 3268 \Device\Harddisk0\DR0\# - copied to quarantine 21:49:49.0348 3268 \Device\Harddisk0\DR0 - copied to quarantine 21:49:49.0379 3268 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine 21:49:49.0379 3268 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine 21:49:49.0379 3268 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 21:49:49.0379 3268 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 21:49:49.0394 3268 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 21:49:49.0394 3268 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 21:49:49.0394 3268 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine 21:49:49.0394 3268 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 21:49:49.0394 3268 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine 21:49:49.0394 3268 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 21:49:49.0410 3268 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 21:49:49.0410 3268 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine 21:49:49.0410 3268 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine 21:49:49.0410 3268 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine 21:49:49.0410 3268 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 21:49:49.0441 3268 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot 21:49:49.0441 3268 \Device\Harddisk0\DR0 - ok 21:49:55.0026 3268 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 21:49:55.0026 3268 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 21:49:55.0026 3268 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 21:50:57.0988 5068 Deinitialize success
-
RogueKiller V7.6.6 [08/10/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User: Bernice [Admin rights] Mode: Scan -- Date: 08/10/2012 19:35:09 ¤¤¤ Bad processes: 1 ¤¤¤ [sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 2 ¤¤¤ [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : c:\windows\installer\{1f47eb10-4447-ed96-c74a-469d77c68f8d}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\windows\installer\{1f47eb10-4447-ed96-c74a-469d77c68f8d}\U --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND [susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> FOUND ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD64 01AALS-00E8B SCSI Disk Device +++++ --- User --- [MBR] de56085bf42185de9de7ddf70a5ddde3 [bSP] f7e93078e80b07ffdd0bd575fae681f7 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 610378 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1].txt >> RKreport[1].txt