Jump to content

kjw

Members
  • Posts

    8
  • Joined

  • Last visited

Everything posted by kjw

  1. C:\Windows\System32\drivers\etc>attrib -h -s -r hosts Access is denied Attempts to unhide the file both via a Administrator cmd.exe and right-click properties, and both say Access is denied. ipconfig... "No operation can be performed on Local Area Connection while it has its media disconnected." (which is correct, it's not plugged into the network, but I ran all the commands anyways) netsh winsock reset all Access is denied. netsh int ip reset resetlog.log Reseting Global, OK! Reseting Interface, OK! Restart the computer to complete this action. (reboot performed) I do not have combofix rerun of malwarebytes shows host entries still present. reading the hosts files only shows two (correct) localhost entries 127.0.0.1 and ::1. I attached the disk to a separate computer, and the hosts file only contains two entries for localhost. The insertion of the fakehosts is not happening via the file. system is still infected
  2. RogueKiller V8.0.3 [09/13/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : kjw [Admin rights] Mode : Remove -- Date : 09/19/2012 17:21:24 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost 64.27.10.42 www.google-analytics.com. 64.27.10.42 ad-emea.doubleclick.net. 64.27.10.42 www.statcounter.com. 108.163.215.51 www.google-analytics.com. 108.163.215.51 ad-emea.doubleclick.net. 108.163.215.51 www.statcounter.com. ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD2500AAKX-753CA0 ATA Device +++++ --- User --- [MBR] 587849e339b0478d5650725534eec6e8 [bSP] 3e5715d48ae66b6307961db5f9804bee : Windows 7 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 12048 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24675840 | Size: 226392 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
  3. I'm not inserting the html. the forums WYSIWYG editor is.
  4. <p>RogueKiller V8.0.3 [09/13/2012] by Tigzy<br /> mail: tigzyRK<at>gmail<dot>com<br /> Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/<br /> Blog: http://tigzyrk.blogspot.com</p> <p>Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version<br /> Started in : Normal mode<br /> User : kjw [Admin rights]<br /> Mode : Remove -- Date : 09/19/2012 17:21:24</p> <p>¤¤¤ Bad processes : 0 ¤¤¤</p> <p>¤¤¤ Registry Entries : 3 ¤¤¤<br /> [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)<br /> [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)<br /> [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)</p> <p>¤¤¤ Particular Files / Folders: ¤¤¤</p> <p>¤¤¤ Driver : [NOT LOADED] ¤¤¤</p> <p>¤¤¤ Infection : ¤¤¤</p> <p>¤¤¤ HOSTS File: ¤¤¤<br /> --> C:\Windows\system32\drivers\etc\hosts</p> <p>127.0.0.1 localhost<br /> ::1 localhost<br /> 64.27.10.42 www.google-analytics.com.<br /> 64.27.10.42 ad-emea.doubleclick.net.<br /> 64.27.10.42 www.statcounter.com.<br /> 108.163.215.51 www.google-analytics.com.<br /> 108.163.215.51 ad-emea.doubleclick.net.<br /> 108.163.215.51 www.statcounter.com.</p> <p><br /> ¤¤¤ MBR Check: ¤¤¤</p> <p>+++++ PhysicalDrive0: WDC WD2500AAKX-753CA0 ATA Device +++++<br /> --- User ---<br /> [MBR] 587849e339b0478d5650725534eec6e8<br /> [bSP] 3e5715d48ae66b6307961db5f9804bee : Windows 7 MBR Code<br /> Partition table:<br /> 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 12048 Mo<br /> 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24675840 | Size: 226392 Mo<br /> User = LL1 ... OK!<br /> User = LL2 ... OK!</p> <p>Finished : << RKreport[3].txt >><br /> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt</p> <br /> <p><br /> C:\Windows\System32\drivers\etc>attrib -h -s -r hosts<br /> Access is denied<br /> <br /> Attempts to unhide the file both via a Administrator cmd.exe and right-click properties, and both say Access is denied.</p> <p> </p> <p> </p> <p>ipconfig... "No operation can be performed on Local Area Connection while it has its media disconnected."</p> <p>(which is correct, it's not plugged into the network, but I ran all the commands anyways)</p> <p> </p> <p>netsh winsock reset all</div><br /> Access is denied.</div><br /> <br /> netsh int ip reset resetlog.log</strong></div><br /> Reseting Global, OK!<br /> Reseting Interface, OK!<br /> Restart the computer to complete this action.<br /> <br /> (reboot initiated)<br /> <br /> I do not have combofix.<br /> <br /> rerun of malwarebytes shows host entries still present. reading the hosts files only shows two (correct) localhost entries 127.0.0.1 and ::1. I attached the disk to a separate computer, and the hosts file only contains two entries for localhost. The insertion of the fakehosts is not happening via the file.</p> <div><br /> <br /> system is still infected</div>
  5. <p> </p> <div>RogueKiller V8.0.3 [09/13/2012] by Tigzy</div> <div>mail: tigzyRK<at>gmail<dot>com</div> <div>Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/</div> <div>Blog: http://tigzyrk.blogspot.com</div> <div> </div> <div>Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version</div> <div>Started in : Normal mode</div> <div>User : kjw [Admin rights]</div> <div>Mode : Remove -- Date : 09/19/2012 17:21:24</div> <div> </div> <div>¤¤¤ Bad processes : 0 ¤¤¤</div> <div> </div> <div>¤¤¤ Registry Entries : 3 ¤¤¤</div> <div>[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)</div> <div>[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)</div> <div>[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)</div> <div> </div> <div>¤¤¤ Particular Files / Folders: ¤¤¤</div> <div> </div> <div>¤¤¤ Driver : [NOT LOADED] ¤¤¤</div> <div> </div> <div>¤¤¤ Infection : ¤¤¤</div> <div> </div> <div>¤¤¤ HOSTS File: ¤¤¤</div> <div>--> C:\Windows\system32\drivers\etc\hosts</div> <div> </div> <div>127.0.0.1 localhost</div> <div>::1 localhost</div> <div>64.27.10.42 www.google-analytics.com.</div> <div>64.27.10.42 ad-emea.doubleclick.net.</div> <div>64.27.10.42 www.statcounter.com.</div> <div>108.163.215.51 www.google-analytics.com.</div> <div>108.163.215.51 ad-emea.doubleclick.net.</div> <div>108.163.215.51 www.statcounter.com.</div> <div> </div> <div> </div> <div>¤¤¤ MBR Check: ¤¤¤</div> <div> </div> <div>+++++ PhysicalDrive0: WDC WD2500AAKX-753CA0 ATA Device +++++</div> <div>--- User ---</div> <div>[MBR] 587849e339b0478d5650725534eec6e8</div> <div>[bSP] 3e5715d48ae66b6307961db5f9804bee : Windows 7 MBR Code</div> <div>Partition table:</div> <div>0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 12048 Mo</div> <div>1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24675840 | Size: 226392 Mo</div> <div>User = LL1 ... OK!</div> <div>User = LL2 ... OK!</div> <div> </div> <div>Finished : << RKreport[2].txt >></div> <div>RKreport[1].txt ; RKreport[2].txt</div> <div> </div> <div> </div> <div>...</div> <div><strong class="bbc" style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; ">C:\Windows\System32\drivers\etc>attrib -h -s -r hosts</strong></div> <div>Access is denied</div> <div> </div> <div>I tried unhiding the file both via a Administrator cmd.exe and right-click properties, and both say Access is denied.</div> <div> </div> <div>ipconfig... "No operation can be performed on Local Area Connection while it has its media disconnected."</div> <div> </div> <div>netsh winsock reset all</div> <div>Access is denied.</div> <div> </div> <div><strong class="bbc" style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; ">netsh int ip reset resetlog.log</strong></div> <div><strong class="bbc" style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; ">Reseting Global, OK!</strong></div> <div><strong class="bbc" style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; ">Reseting Interface, OK!</strong></div> <div><strong class="bbc" style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; ">Restart the computer to complete this action.</strong></div> <div><br /> (reboot initiated)</div> <div> </div> <div>do not have combofix. </div> <div> </div> <div>rerun of malwarebytes shows host entries still present. reading the hosts files only shows two (correct) localhost entries 127.0.0.1 and ::1</div> <div> </div> <div>system is still infected</div>
  6. aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-09-18 19:59:11 ----------------------------- 19:59:11.693 OS Version: Windows x64 6.1.7601 Service Pack 1 19:59:11.693 Number of processors: 2 586 0x170A 19:59:11.694 ComputerName: BENTO UserName: kjw 19:59:12.151 Initialize success 19:59:23.921 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 19:59:23.924 Disk 0 Vendor: WDC_WD2500AAKX-753CA0 15.01H15 Size: 238475MB BusType: 3 19:59:23.941 Disk 0 MBR read successfully 19:59:23.944 Disk 0 MBR scan 19:59:23.948 Disk 0 Windows 7 default MBR code 19:59:23.952 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 12048 MB offset 63 19:59:23.956 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 226392 MB offset 24675840 19:59:23.978 Disk 0 scanning C:\Windows\system32\drivers 19:59:29.392 Service scanning 19:59:39.745 Modules scanning 19:59:39.755 Scan finished successfully 19:59:46.524 Disk 0 MBR has been saved successfully to "C:\Users\kjw\Desktop\MBR.dat" 19:59:46.525 The log file has been saved successfully to "C:\Users\kjw\Desktop\aswMBR.txt" 20:00:25.0568 1344 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24 20:00:25.0911 1344 ============================================================ 20:00:25.0911 1344 Current date / time: 2012/09/18 20:00:25.0911 20:00:25.0911 1344 SystemInfo: 20:00:25.0911 1344 20:00:25.0911 1344 OS Version: 6.1.7601 ServicePack: 1.0 20:00:25.0911 1344 Product type: Workstation 20:00:25.0911 1344 ComputerName: BENTO 20:00:25.0911 1344 UserName: kjw 20:00:25.0911 1344 Windows directory: C:\Windows 20:00:25.0911 1344 System windows directory: C:\Windows 20:00:25.0911 1344 Running under WOW64 20:00:25.0911 1344 Processor architecture: Intel x64 20:00:25.0911 1344 Number of processors: 2 20:00:25.0911 1344 Page size: 0x1000 20:00:25.0911 1344 Boot type: Normal boot 20:00:25.0911 1344 ============================================================ 20:00:26.0862 1344 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 20:00:26.0865 1344 Drive \Device\Harddisk1\DR2 - Size: 0x7A4B600 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 20:00:26.0866 1344 ============================================================ 20:00:26.0866 1344 \Device\Harddisk0\DR0: 20:00:26.0867 1344 MBR partitions: 20:00:26.0867 1344 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17885C1 20:00:26.0867 1344 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1788600, BlocksNum 0x1BA2C47D 20:00:26.0867 1344 \Device\Harddisk1\DR2: 20:00:26.0867 1344 MBR partitions: 20:00:26.0867 1344 \Device\Harddisk1\DR2\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3D23B 20:00:26.0867 1344 ============================================================ 20:00:26.0900 1344 C: <-> \Device\Harddisk0\DR0\Partition2 20:00:26.0908 1344 V: <-> \Device\Harddisk0\DR0\Partition1 20:00:26.0908 1344 ============================================================ 20:00:26.0908 1344 Initialize success 20:00:26.0908 1344 ============================================================ 20:00:33.0842 4604 ============================================================ 20:00:33.0842 4604 Scan started 20:00:33.0842 4604 Mode: Manual; 20:00:33.0842 4604 ============================================================ 20:00:34.0209 4604 ================ Scan system memory ======================== 20:00:34.0209 4604 System memory - ok 20:00:34.0210 4604 ================ Scan services ============================= 20:00:34.0324 4604 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 20:00:34.0331 4604 1394ohci - ok 20:00:34.0360 4604 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 20:00:34.0369 4604 ACPI - ok 20:00:34.0376 4604 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 20:00:34.0379 4604 AcpiPmi - ok 20:00:34.0485 4604 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 20:00:34.0526 4604 AdobeARMservice - ok 20:00:34.0806 4604 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 20:00:34.0845 4604 AdobeFlashPlayerUpdateSvc - ok 20:00:34.0881 4604 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 20:00:34.0992 4604 adp94xx - ok 20:00:35.0017 4604 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 20:00:35.0077 4604 adpahci - ok 20:00:35.0083 4604 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 20:00:35.0087 4604 adpu320 - ok 20:00:35.0107 4604 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 20:00:35.0110 4604 AeLookupSvc - ok 20:00:35.0156 4604 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 20:00:35.0167 4604 AFD - ok 20:00:35.0188 4604 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 20:00:35.0192 4604 agp440 - ok 20:00:35.0214 4604 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 20:00:35.0219 4604 ALG - ok 20:00:35.0226 4604 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 20:00:35.0230 4604 aliide - ok 20:00:35.0237 4604 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 20:00:35.0241 4604 amdide - ok 20:00:35.0249 4604 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 20:00:35.0253 4604 AmdK8 - ok 20:00:35.0261 4604 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 20:00:35.0265 4604 AmdPPM - ok 20:00:35.0274 4604 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys 20:00:35.0279 4604 amdsata - ok 20:00:35.0297 4604 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 20:00:35.0305 4604 amdsbs - ok 20:00:35.0319 4604 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys 20:00:35.0321 4604 amdxata - ok 20:00:35.0334 4604 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 20:00:35.0337 4604 AppID - ok 20:00:35.0353 4604 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 20:00:35.0355 4604 AppIDSvc - ok 20:00:35.0372 4604 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 20:00:35.0374 4604 Appinfo - ok 20:00:35.0428 4604 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 20:00:35.0467 4604 Apple Mobile Device - ok 20:00:35.0533 4604 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 20:00:35.0541 4604 AppMgmt - ok 20:00:35.0549 4604 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 20:00:35.0554 4604 arc - ok 20:00:35.0562 4604 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 20:00:35.0567 4604 arcsas - ok 20:00:35.0643 4604 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 20:00:35.0648 4604 aspnet_state - ok 20:00:35.0662 4604 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 20:00:35.0666 4604 AsyncMac - ok 20:00:35.0672 4604 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 20:00:35.0673 4604 atapi - ok 20:00:35.0715 4604 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 20:00:35.0737 4604 AudioEndpointBuilder - ok 20:00:35.0757 4604 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 20:00:35.0764 4604 AudioSrv - ok 20:00:35.0802 4604 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 20:00:35.0809 4604 AxInstSV - ok 20:00:35.0832 4604 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 20:00:35.0842 4604 b06bdrv - ok 20:00:35.0878 4604 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 20:00:35.0885 4604 b57nd60a - ok 20:00:35.0907 4604 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 20:00:35.0913 4604 BDESVC - ok 20:00:35.0927 4604 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 20:00:35.0931 4604 Beep - ok 20:00:35.0974 4604 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 20:00:35.0993 4604 BFE - ok 20:00:36.0032 4604 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 20:00:36.0043 4604 BITS - ok 20:00:36.0076 4604 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 20:00:36.0079 4604 blbdrive - ok 20:00:36.0100 4604 [ 228086F7ED08E8F1F8622E8F0DED7B6E ] Blfp C:\Windows\system32\DRIVERS\basp.sys 20:00:36.0106 4604 Blfp - ok 20:00:36.0148 4604 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe 20:00:36.0470 4604 Bonjour Service - ok 20:00:36.0493 4604 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 20:00:36.0495 4604 bowser - ok 20:00:36.0562 4604 [ 96AFB6D33247FE90421A5B2E76F4ED59 ] BrcmMgmtAgent C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe 20:00:36.0651 4604 BrcmMgmtAgent - ok 20:00:36.0669 4604 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 20:00:36.0671 4604 BrFiltLo - ok 20:00:36.0676 4604 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 20:00:36.0678 4604 BrFiltUp - ok 20:00:36.0704 4604 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 20:00:36.0707 4604 Browser - ok 20:00:36.0714 4604 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 20:00:36.0718 4604 Brserid - ok 20:00:36.0723 4604 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 20:00:36.0725 4604 BrSerWdm - ok 20:00:36.0730 4604 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 20:00:36.0732 4604 BrUsbMdm - ok 20:00:36.0737 4604 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 20:00:36.0739 4604 BrUsbSer - ok 20:00:36.0752 4604 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 20:00:36.0755 4604 BTHMODEM - ok 20:00:36.0780 4604 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 20:00:36.0784 4604 bthserv - ok 20:00:36.0811 4604 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 20:00:36.0814 4604 cdfs - ok 20:00:36.0839 4604 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 20:00:36.0844 4604 cdrom - ok 20:00:36.0869 4604 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 20:00:36.0875 4604 CertPropSvc - ok 20:00:36.0891 4604 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 20:00:36.0895 4604 circlass - ok 20:00:36.0914 4604 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 20:00:36.0926 4604 CLFS - ok 20:00:36.0966 4604 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:00:36.0990 4604 clr_optimization_v2.0.50727_32 - ok 20:00:37.0022 4604 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 20:00:37.0029 4604 clr_optimization_v2.0.50727_64 - ok 20:00:37.0079 4604 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:00:37.0100 4604 clr_optimization_v4.0.30319_32 - ok 20:00:37.0121 4604 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 20:00:37.0127 4604 clr_optimization_v4.0.30319_64 - ok 20:00:37.0159 4604 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 20:00:37.0162 4604 CmBatt - ok 20:00:37.0166 4604 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 20:00:37.0169 4604 cmdide - ok 20:00:37.0200 4604 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 20:00:37.0213 4604 CNG - ok 20:00:37.0217 4604 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 20:00:37.0221 4604 Compbatt - ok 20:00:37.0246 4604 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 20:00:37.0249 4604 CompositeBus - ok 20:00:37.0261 4604 COMSysApp - ok 20:00:37.0265 4604 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 20:00:37.0268 4604 crcdisk - ok 20:00:37.0312 4604 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll 20:00:37.0319 4604 CryptSvc - ok 20:00:37.0361 4604 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 20:00:37.0373 4604 CSC - ok 20:00:37.0401 4604 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 20:00:37.0415 4604 CscService - ok 20:00:37.0452 4604 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 20:00:37.0455 4604 DcomLaunch - ok 20:00:37.0485 4604 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 20:00:37.0496 4604 defragsvc - ok 20:00:37.0515 4604 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 20:00:37.0520 4604 DfsC - ok 20:00:37.0543 4604 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 20:00:37.0555 4604 Dhcp - ok 20:00:37.0581 4604 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 20:00:37.0585 4604 discache - ok 20:00:37.0619 4604 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 20:00:37.0667 4604 Disk - ok 20:00:37.0744 4604 [ DC44F5FB17D958355B3C9147A3FDCCC6 ] DLPWD C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE 20:00:37.0838 4604 DLPWD - ok 20:00:37.0852 4604 [ 4C23AA9FCC1CAA134C925B359BB6438F ] DLSDB C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE 20:00:37.0896 4604 DLSDB - ok 20:00:37.0917 4604 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys 20:00:37.0920 4604 dmvsc - ok 20:00:37.0944 4604 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 20:00:37.0949 4604 Dnscache - ok 20:00:37.0988 4604 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 20:00:37.0999 4604 dot3svc - ok 20:00:38.0015 4604 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 20:00:38.0022 4604 DPS - ok 20:00:38.0045 4604 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 20:00:38.0049 4604 drmkaud - ok 20:00:38.0090 4604 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 20:00:38.0110 4604 DXGKrnl - ok 20:00:38.0125 4604 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 20:00:38.0132 4604 EapHost - ok 20:00:38.0226 4604 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 20:00:38.0269 4604 ebdrv - ok 20:00:38.0299 4604 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 20:00:38.0302 4604 EFS - ok 20:00:38.0358 4604 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 20:00:38.0378 4604 ehRecvr - ok 20:00:38.0390 4604 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 20:00:38.0397 4604 ehSched - ok 20:00:38.0425 4604 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 20:00:38.0440 4604 elxstor - ok 20:00:38.0447 4604 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 20:00:38.0450 4604 ErrDev - ok 20:00:38.0494 4604 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 20:00:38.0505 4604 EventSystem - ok 20:00:38.0528 4604 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 20:00:38.0535 4604 exfat - ok 20:00:38.0559 4604 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 20:00:38.0566 4604 fastfat - ok 20:00:38.0603 4604 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 20:00:38.0621 4604 Fax - ok 20:00:38.0628 4604 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 20:00:38.0632 4604 fdc - ok 20:00:38.0649 4604 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 20:00:38.0653 4604 fdPHost - ok 20:00:38.0663 4604 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 20:00:38.0668 4604 FDResPub - ok 20:00:38.0683 4604 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 20:00:38.0685 4604 FileInfo - ok 20:00:38.0700 4604 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 20:00:38.0702 4604 Filetrace - ok 20:00:38.0707 4604 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 20:00:38.0709 4604 flpydisk - ok 20:00:38.0735 4604 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 20:00:38.0745 4604 FltMgr - ok 20:00:38.0786 4604 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 20:00:38.0811 4604 FontCache - ok 20:00:38.0846 4604 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 20:00:38.0856 4604 FontCache3.0.0.0 - ok 20:00:38.0907 4604 [ 6F0D5420DF53205C2960E6C1C7FD6BA6 ] FPAVServer C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe 20:00:38.0920 4604 FPAVServer - ok 20:00:38.0959 4604 [ BC5C7C3D4834554491A941781E28495C ] FPAV_RTP C:\Windows\system32\DRIVERS\FPAV_RTP.sys 20:00:38.0975 4604 FPAV_RTP - ok 20:00:39.0000 4604 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 20:00:39.0004 4604 FsDepends - ok 20:00:39.0032 4604 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 20:00:39.0035 4604 Fs_Rec - ok 20:00:39.0056 4604 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 20:00:39.0064 4604 fvevol - ok 20:00:39.0089 4604 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 20:00:39.0093 4604 gagp30kx - ok 20:00:39.0113 4604 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 20:00:39.0116 4604 GEARAspiWDM - ok 20:00:39.0178 4604 [ 80D6EA9C46904608CEA146C4996A824A ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\822\g2aservice.exe 20:00:39.0189 4604 GoToAssist - ok 20:00:39.0229 4604 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 20:00:39.0246 4604 gpsvc - ok 20:00:39.0262 4604 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 20:00:39.0266 4604 hcw85cir - ok 20:00:39.0289 4604 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 20:00:39.0294 4604 HDAudBus - ok 20:00:39.0298 4604 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 20:00:39.0301 4604 HidBatt - ok 20:00:39.0306 4604 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 20:00:39.0311 4604 HidBth - ok 20:00:39.0328 4604 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 20:00:39.0332 4604 HidIr - ok 20:00:39.0350 4604 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 20:00:39.0356 4604 hidserv - ok 20:00:39.0382 4604 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 20:00:39.0386 4604 HidUsb - ok 20:00:39.0406 4604 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 20:00:39.0413 4604 hkmsvc - ok 20:00:39.0432 4604 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 20:00:39.0443 4604 HomeGroupListener - ok 20:00:39.0470 4604 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 20:00:39.0479 4604 HomeGroupProvider - ok 20:00:39.0493 4604 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 20:00:39.0498 4604 HpSAMD - ok 20:00:39.0535 4604 [ 34E9BF9CAEBF49B8AAF1FF45AB5AE577 ] HPSIService C:\Windows\system32\HPSIsvc.exe 20:00:39.0542 4604 HPSIService - ok 20:00:39.0572 4604 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 20:00:39.0588 4604 HTTP - ok 20:00:39.0605 4604 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 20:00:39.0609 4604 hwpolicy - ok 20:00:39.0627 4604 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 20:00:39.0632 4604 i8042prt - ok 20:00:39.0665 4604 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 20:00:39.0677 4604 iaStorV - ok 20:00:39.0723 4604 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 20:00:39.0749 4604 idsvc - ok 20:00:39.0948 4604 [ C02B4A9988A5BE86348C74D6F8CC7E81 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 20:00:40.0033 4604 igfx - ok 20:00:40.0045 4604 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 20:00:40.0048 4604 iirsp - ok 20:00:40.0078 4604 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 20:00:40.0092 4604 IKEEXT - ok 20:00:40.0147 4604 [ 9F61C293284A2435BADB78A4E287AE88 ] IntcAzAudAddService C:\Windows\system32\drivers\RTDVHD64.sys 20:00:40.0187 4604 IntcAzAudAddService - ok 20:00:40.0217 4604 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 20:00:40.0221 4604 intelide - ok 20:00:40.0236 4604 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 20:00:40.0240 4604 intelppm - ok 20:00:40.0264 4604 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 20:00:40.0271 4604 IPBusEnum - ok 20:00:40.0282 4604 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:00:40.0286 4604 IpFilterDriver - ok 20:00:40.0309 4604 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 20:00:40.0325 4604 iphlpsvc - ok 20:00:40.0334 4604 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 20:00:40.0339 4604 IPMIDRV - ok 20:00:40.0348 4604 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 20:00:40.0354 4604 IPNAT - ok 20:00:40.0389 4604 [ A9E53E1A9C4274EEBC00D36AE5ED40DE ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 20:00:40.0475 4604 iPod Service - ok 20:00:40.0497 4604 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 20:00:40.0499 4604 IRENUM - ok 20:00:40.0504 4604 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 20:00:40.0506 4604 isapnp - ok 20:00:40.0539 4604 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 20:00:40.0546 4604 iScsiPrt - ok 20:00:40.0581 4604 [ 81458A917F8CC7A5171759218D64FA3A ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys 20:00:40.0585 4604 k57nd60a - ok 20:00:40.0610 4604 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 20:00:40.0614 4604 kbdclass - ok 20:00:40.0629 4604 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 20:00:40.0633 4604 kbdhid - ok 20:00:40.0649 4604 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 20:00:40.0652 4604 KeyIso - ok 20:00:40.0683 4604 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 20:00:40.0689 4604 KSecDD - ok 20:00:40.0706 4604 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 20:00:40.0712 4604 KSecPkg - ok 20:00:40.0727 4604 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 20:00:40.0730 4604 ksthunk - ok 20:00:40.0759 4604 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 20:00:40.0773 4604 KtmRm - ok 20:00:40.0805 4604 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 20:00:40.0891 4604 LanmanServer - ok 20:00:40.0927 4604 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 20:00:40.0932 4604 LanmanWorkstation - ok 20:00:40.0964 4604 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 20:00:40.0968 4604 lltdio - ok 20:00:40.0997 4604 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 20:00:41.0028 4604 lltdsvc - ok 20:00:41.0043 4604 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 20:00:41.0047 4604 lmhosts - ok 20:00:41.0073 4604 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 20:00:41.0079 4604 LSI_FC - ok 20:00:41.0087 4604 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 20:00:41.0092 4604 LSI_SAS - ok 20:00:41.0100 4604 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 20:00:41.0105 4604 LSI_SAS2 - ok 20:00:41.0114 4604 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 20:00:41.0120 4604 LSI_SCSI - ok 20:00:41.0143 4604 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 20:00:41.0146 4604 luafv - ok 20:00:41.0166 4604 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 20:00:41.0170 4604 Mcx2Svc - ok 20:00:41.0175 4604 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 20:00:41.0178 4604 megasas - ok 20:00:41.0195 4604 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 20:00:41.0420 4604 MegaSR - ok 20:00:41.0438 4604 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 20:00:41.0441 4604 MMCSS - ok 20:00:41.0446 4604 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 20:00:41.0449 4604 Modem - ok 20:00:41.0463 4604 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 20:00:41.0465 4604 monitor - ok 20:00:41.0486 4604 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 20:00:41.0488 4604 mouclass - ok 20:00:41.0525 4604 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 20:00:41.0529 4604 mouhid - ok 20:00:41.0547 4604 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 20:00:41.0551 4604 mountmgr - ok 20:00:41.0560 4604 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 20:00:41.0566 4604 mpio - ok 20:00:41.0581 4604 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 20:00:41.0586 4604 mpsdrv - ok 20:00:41.0610 4604 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 20:00:41.0637 4604 MpsSvc - ok 20:00:41.0658 4604 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 20:00:41.0664 4604 MRxDAV - ok 20:00:41.0690 4604 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 20:00:41.0693 4604 mrxsmb - ok 20:00:41.0725 4604 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:00:41.0729 4604 mrxsmb10 - ok 20:00:41.0746 4604 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:00:41.0752 4604 mrxsmb20 - ok 20:00:41.0768 4604 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 20:00:41.0772 4604 msahci - ok 20:00:41.0781 4604 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 20:00:41.0787 4604 msdsm - ok 20:00:41.0803 4604 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 20:00:41.0812 4604 MSDTC - ok 20:00:41.0836 4604 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 20:00:41.0840 4604 Msfs - ok 20:00:41.0856 4604 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 20:00:41.0860 4604 mshidkmdf - ok 20:00:41.0871 4604 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 20:00:41.0874 4604 msisadrv - ok 20:00:41.0903 4604 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 20:00:41.0912 4604 MSiSCSI - ok 20:00:41.0918 4604 msiserver - ok 20:00:41.0932 4604 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 20:00:41.0936 4604 MSKSSRV - ok 20:00:41.0949 4604 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 20:00:41.0953 4604 MSPCLOCK - ok 20:00:41.0959 4604 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 20:00:41.0963 4604 MSPQM - ok 20:00:41.0985 4604 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 20:00:41.0989 4604 MsRPC - ok 20:00:42.0008 4604 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 20:00:42.0010 4604 mssmbios - ok 20:00:42.0024 4604 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 20:00:42.0026 4604 MSTEE - ok 20:00:42.0030 4604 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 20:00:42.0032 4604 MTConfig - ok 20:00:42.0049 4604 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 20:00:42.0053 4604 Mup - ok 20:00:42.0089 4604 [ 86292363B050C1B55FE77D75AF3EFB71 ] mvusbews C:\Windows\system32\Drivers\mvusbews.sys 20:00:42.0092 4604 mvusbews - ok 20:00:42.0123 4604 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 20:00:42.0137 4604 napagent - ok 20:00:42.0174 4604 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 20:00:42.0183 4604 NativeWifiP - ok 20:00:42.0225 4604 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\Windows\system32\drivers\ndis.sys 20:00:42.0245 4604 NDIS - ok 20:00:42.0258 4604 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 20:00:42.0262 4604 NdisCap - ok 20:00:42.0288 4604 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 20:00:42.0290 4604 NdisTapi - ok 20:00:42.0300 4604 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 20:00:42.0302 4604 Ndisuio - ok 20:00:42.0308 4604 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 20:00:42.0311 4604 NdisWan - ok 20:00:42.0318 4604 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 20:00:42.0320 4604 NDProxy - ok 20:00:42.0331 4604 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 20:00:42.0333 4604 NetBIOS - ok 20:00:42.0352 4604 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 20:00:42.0357 4604 NetBT - ok 20:00:42.0387 4604 [ 5D3E93151CCA238420DB9DB65715A1F5 ] NETGEARUCOMP C:\Windows\system32\DRIVERS\NETGEARUCOMP.sys 20:00:42.0389 4604 NETGEARUCOMP - ok 20:00:42.0425 4604 [ 5167CA339A8A36FEC32B03EC8FDBBF64 ] NETGEARUHOST C:\Windows\system32\DRIVERS\NETGEARUHOST.sys 20:00:42.0429 4604 NETGEARUHOST - ok 20:00:42.0442 4604 [ A6068421D3A33255F9D77DFDE29C8416 ] NETGEARUHUB C:\Windows\system32\DRIVERS\NETGEARUHUB.sys 20:00:42.0446 4604 NETGEARUHUB - ok 20:00:42.0466 4604 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 20:00:42.0468 4604 Netlogon - ok 20:00:42.0502 4604 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 20:00:42.0513 4604 Netman - ok 20:00:42.0552 4604 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:00:42.0565 4604 NetMsmqActivator - ok 20:00:42.0571 4604 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:00:42.0573 4604 NetPipeActivator - ok 20:00:42.0595 4604 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 20:00:42.0608 4604 netprofm - ok 20:00:42.0615 4604 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:00:42.0617 4604 NetTcpActivator - ok 20:00:42.0624 4604 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:00:42.0626 4604 NetTcpPortSharing - ok 20:00:42.0658 4604 [ 73CE12B8BDD747B0063CB0A7EF44CEA7 ] netvsc C:\Windows\system32\DRIVERS\netvsc60.sys 20:00:42.0661 4604 netvsc - ok 20:00:42.0692 4604 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 20:00:42.0695 4604 nfrd960 - ok 20:00:42.0718 4604 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 20:00:42.0729 4604 NlaSvc - ok 20:00:42.0741 4604 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 20:00:42.0745 4604 Npfs - ok 20:00:42.0755 4604 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 20:00:42.0759 4604 nsi - ok 20:00:42.0774 4604 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 20:00:42.0776 4604 nsiproxy - ok 20:00:42.0822 4604 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 20:00:42.0852 4604 Ntfs - ok 20:00:42.0871 4604 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 20:00:42.0874 4604 Null - ok 20:00:43.0107 4604 [ F3CC465A438235D5859A2C2FE8A6335F ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 20:00:43.0248 4604 nvlddmkm - ok 20:00:43.0273 4604 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys 20:00:43.0276 4604 nvraid - ok 20:00:43.0282 4604 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys 20:00:43.0285 4604 nvstor - ok 20:00:43.0301 4604 [ 794DC4FD31462943FE37099CAE7F6A91 ] nvsvc C:\Windows\system32\nvvsvc.exe 20:00:43.0345 4604 nvsvc - ok 20:00:43.0353 4604 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 20:00:43.0356 4604 nv_agp - ok 20:00:43.0414 4604 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 20:00:43.0444 4604 odserv - ok 20:00:43.0451 4604 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 20:00:43.0456 4604 ohci1394 - ok 20:00:43.0502 4604 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:00:43.0798 4604 ose - ok 20:00:43.0820 4604 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 20:00:43.0828 4604 p2pimsvc - ok 20:00:43.0847 4604 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 20:00:43.0857 4604 p2psvc - ok 20:00:43.0869 4604 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 20:00:43.0872 4604 Parport - ok 20:00:43.0896 4604 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 20:00:43.0901 4604 partmgr - ok 20:00:43.0929 4604 [ 363B3F857ABEE85767E01E3044C539CD ] PBADRV C:\Windows\system32\DRIVERS\PBADRV.sys 20:00:43.0933 4604 PBADRV - ok 20:00:43.0952 4604 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 20:00:43.0963 4604 PcaSvc - ok 20:00:43.0974 4604 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 20:00:43.0980 4604 pci - ok 20:00:43.0998 4604 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 20:00:44.0002 4604 pciide - ok 20:00:44.0012 4604 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 20:00:44.0017 4604 pcmcia - ok 20:00:44.0028 4604 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 20:00:44.0031 4604 pcw - ok 20:00:44.0120 4604 [ 93586A9FA78BF86B35C0CD443694CB6B ] PDFProFiltSrvPP C:\Program Files (x86)\Dell Printers\paperport\PaperPort\PDFProFiltSrvPP.exe 20:00:44.0411 4604 PDFProFiltSrvPP - ok 20:00:44.0428 4604 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 20:00:44.0434 4604 PEAUTH - ok 20:00:44.0480 4604 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 20:00:44.0527 4604 PeerDistSvc - ok 20:00:44.0586 4604 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 20:00:44.0601 4604 PerfHost - ok 20:00:44.0651 4604 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 20:00:44.0688 4604 pla - ok 20:00:44.0931 4604 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 20:00:44.0944 4604 PlugPlay - ok 20:00:44.0963 4604 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 20:00:44.0969 4604 PNRPAutoReg - ok 20:00:44.0987 4604 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 20:00:44.0991 4604 PNRPsvc - ok 20:00:45.0023 4604 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 20:00:45.0035 4604 PolicyAgent - ok 20:00:45.0068 4604 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 20:00:45.0075 4604 Power - ok 20:00:45.0101 4604 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 20:00:45.0106 4604 PptpMiniport - ok 20:00:45.0119 4604 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 20:00:45.0123 4604 Processor - ok 20:00:45.0158 4604 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll 20:00:45.0169 4604 ProfSvc - ok 20:00:45.0182 4604 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 20:00:45.0185 4604 ProtectedStorage - ok 20:00:45.0201 4604 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 20:00:45.0207 4604 Psched - ok 20:00:45.0245 4604 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys 20:00:45.0249 4604 PxHlpa64 - ok 20:00:45.0289 4604 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 20:00:45.0322 4604 ql2300 - ok 20:00:45.0330 4604 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 20:00:45.0335 4604 ql40xx - ok 20:00:45.0356 4604 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 20:00:45.0363 4604 QWAVE - ok 20:00:45.0375 4604 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 20:00:45.0377 4604 QWAVEdrv - ok 20:00:45.0382 4604 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 20:00:45.0384 4604 RasAcd - ok 20:00:45.0408 4604 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 20:00:45.0411 4604 RasAgileVpn - ok 20:00:45.0424 4604 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 20:00:45.0430 4604 RasAuto - ok 20:00:45.0449 4604 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 20:00:45.0452 4604 Rasl2tp - ok 20:00:45.0464 4604 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 20:00:45.0478 4604 RasMan - ok 20:00:45.0500 4604 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 20:00:45.0505 4604 RasPppoe - ok 20:00:45.0522 4604 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 20:00:45.0524 4604 RasSstp - ok 20:00:45.0539 4604 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 20:00:45.0544 4604 rdbss - ok 20:00:45.0549 4604 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 20:00:45.0551 4604 rdpbus - ok 20:00:45.0566 4604 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 20:00:45.0568 4604 RDPCDD - ok 20:00:45.0591 4604 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 20:00:45.0593 4604 RDPDR - ok 20:00:45.0616 4604 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 20:00:45.0618 4604 RDPENCDD - ok 20:00:45.0633 4604 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 20:00:45.0636 4604 RDPREFMP - ok 20:00:45.0668 4604 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 20:00:45.0675 4604 RDPWD - ok 20:00:45.0701 4604 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 20:00:45.0778 4604 rdyboost - ok 20:00:45.0807 4604 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 20:00:45.0811 4604 RemoteAccess - ok 20:00:45.0832 4604 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 20:00:45.0838 4604 RemoteRegistry - ok 20:00:45.0921 4604 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe 20:00:45.0992 4604 RoxMediaDB12OEM - ok 20:00:46.0019 4604 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe 20:00:46.0027 4604 RoxWatch12 - ok 20:00:46.0050 4604 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 20:00:46.0054 4604 RpcEptMapper - ok 20:00:46.0076 4604 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 20:00:46.0081 4604 RpcLocator - ok 20:00:46.0103 4604 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 20:00:46.0118 4604 RpcSs - ok 20:00:46.0150 4604 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 20:00:46.0154 4604 rspndr - ok 20:00:46.0175 4604 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 20:00:46.0178 4604 s3cap - ok 20:00:46.0190 4604 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 20:00:46.0193 4604 SamSs - ok 20:00:46.0210 4604 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 20:00:46.0215 4604 sbp2port - ok 20:00:46.0233 4604 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 20:00:46.0244 4604 SCardSvr - ok 20:00:46.0262 4604 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 20:00:46.0266 4604 scfilter - ok 20:00:46.0301 4604 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 20:00:46.0340 4604 Schedule - ok 20:00:46.0368 4604 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 20:00:46.0369 4604 SCPolicySvc - ok 20:00:46.0397 4604 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 20:00:46.0403 4604 SDRSVC - ok 20:00:46.0426 4604 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 20:00:46.0430 4604 secdrv - ok 20:00:46.0449 4604 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 20:00:46.0456 4604 seclogon - ok 20:00:46.0575 4604 [ F3D951071C624137430FE65A67541EF9 ] SecureStorageService C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe 20:00:46.0728 4604 SecureStorageService - ok 20:00:46.0744 4604 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 20:00:46.0747 4604 SENS - ok 20:00:46.0765 4604 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 20:00:46.0768 4604 SensrSvc - ok 20:00:46.0796 4604 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 20:00:46.0800 4604 Serenum - ok 20:00:46.0825 4604 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 20:00:46.0831 4604 Serial - ok 20:00:46.0849 4604 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 20:00:46.0853 4604 sermouse - ok 20:00:46.0872 4604 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 20:00:46.0881 4604 SessionEnv - ok 20:00:46.0888 4604 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 20:00:46.0892 4604 sffdisk - ok 20:00:46.0897 4604 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 20:00:46.0899 4604 sffp_mmc - ok 20:00:46.0906 4604 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 20:00:46.0909 4604 sffp_sd - ok 20:00:46.0913 4604 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 20:00:46.0915 4604 sfloppy - ok 20:00:46.0949 4604 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 20:00:46.0962 4604 SharedAccess - ok 20:00:46.0980 4604 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 20:00:46.0992 4604 ShellHWDetection - ok 20:00:47.0002 4604 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 20:00:47.0007 4604 SiSRaid2 - ok 20:00:47.0014 4604 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 20:00:47.0017 4604 SiSRaid4 - ok 20:00:47.0030 4604 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 20:00:47.0032 4604 Smb - ok 20:00:47.0078 4604 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 20:00:47.0084 4604 SNMPTRAP - ok 20:00:47.0103 4604 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 20:00:47.0106 4604 spldr - ok 20:00:47.0133 4604 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe 20:00:47.0151 4604 Spooler - ok 20:00:47.0229 4604 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 20:00:47.0274 4604 sppsvc - ok 20:00:47.0289 4604 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 20:00:47.0293 4604 sppuinotify - ok 20:00:47.0318 4604 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 20:00:47.0323 4604 srv - ok 20:00:47.0339 4604 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 20:00:47.0347 4604 srv2 - ok 20:00:47.0357 4604 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 20:00:47.0361 4604 srvnet - ok 20:00:47.0395 4604 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 20:00:47.0400 4604 SSDPSRV - ok 20:00:47.0410 4604 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 20:00:47.0415 4604 SstpSvc - ok 20:00:47.0437 4604 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 20:00:47.0440 4604 stexstor - ok 20:00:47.0485 4604 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys 20:00:47.0488 4604 StillCam - ok 20:00:47.0527 4604 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 20:00:47.0544 4604 stisvc - ok 20:00:47.0592 4604 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe 20:00:47.0605 4604 stllssvr - ok 20:00:47.0629 4604 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll 20:00:47.0636 4604 StorSvc - ok 20:00:47.0663 4604 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 20:00:47.0666 4604 storvsc - ok 20:00:47.0681 4604 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 20:00:47.0685 4604 swenum - ok 20:00:47.0717 4604 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 20:00:47.0740 4604 swprv - ok 20:00:47.0754 4604 [ 4CDD7DF58730D23BA9CB5829A6E2ECEA ] SynthVid C:\Windows\system32\DRIVERS\VMBusVideoM.sys 20:00:47.0758 4604 SynthVid - ok 20:00:47.0802 4604 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 20:00:47.0837 4604 SysMain - ok 20:00:47.0853 4604 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 20:00:47.0858 4604 TabletInputService - ok 20:00:47.0874 4604 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 20:00:47.0881 4604 TapiSrv - ok 20:00:47.0892 4604 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 20:00:47.0896 4604 TBS - ok 20:00:47.0957 4604 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys 20:00:47.0992 4604 Tcpip - ok 20:00:48.0041 4604 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 20:00:48.0058 4604 TCPIP6 - ok 20:00:48.0084 4604 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 20:00:48.0088 4604 tcpipreg - ok 20:00:48.0152 4604 [ E42D560E2163480E7B586B14ABEB3386 ] tcsd_win32.exe C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe 20:00:48.0297 4604 tcsd_win32.exe - ok 20:00:48.0386 4604 [ 347D6407C90C0B6AC82F8249EBA9A482 ] TdmService C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe 20:00:48.0444 4604 TdmService - ok 20:00:48.0464 4604 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 20:00:48.0467 4604 TDPIPE - ok 20:00:48.0504 4604 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 20:00:48.0506 4604 TDTCP - ok 20:00:48.0533 4604 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 20:00:48.0539 4604 tdx - ok 20:00:48.0559 4604 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 20:00:48.0563 4604 TermDD - ok 20:00:48.0602 4604 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 20:00:48.0628 4604 TermService - ok 20:00:48.0647 4604 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 20:00:48.0654 4604 Themes - ok 20:00:48.0679 4604 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 20:00:48.0682 4604 THREADORDER - ok 20:00:48.0698 4604 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 20:00:48.0707 4604 TrkWks - ok 20:00:48.0750 4604 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 20:00:48.0757 4604 TrustedInstaller - ok 20:00:48.0783 4604 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 20:00:48.0892 4604 tssecsrv - ok 20:00:48.0911 4604 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 20:00:48.0913 4604 TsUsbFlt - ok 20:00:48.0927 4604 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 20:00:48.0929 4604 TsUsbGD - ok 20:00:48.0944 4604 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 20:00:48.0947 4604 tunnel - ok 20:00:48.0964 4604 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 20:00:48.0967 4604 uagp35 - ok 20:00:48.0985 4604 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 20:00:48.0989 4604 udfs - ok 20:00:49.0006 4604 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 20:00:49.0014 4604 UI0Detect - ok 20:00:49.0021 4604 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 20:00:49.0025 4604 uliagpkx - ok 20:00:49.0042 4604 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 20:00:49.0047 4604 umbus - ok 20:00:49.0064 4604 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 20:00:49.0065 4604 UmPass - ok 20:00:49.0094 4604 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 20:00:49.0100 4604 UmRdpService - ok 20:00:49.0119 4604 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 20:00:49.0133 4604 upnphost - ok 20:00:49.0160 4604 [ 54D4B48D443E7228BF64CF7CDC3118AC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 20:00:49.0165 4604 USBAAPL64 - ok 20:00:49.0198 4604 [ 3FAF7E3545695D3AE0F2A11FCC01C1F1 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 20:00:49.0201 4604 usbccgp - ok 20:00:49.0210 4604 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 20:00:49.0213 4604 usbcir - ok 20:00:49.0226 4604 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 20:00:49.0228 4604 usbehci - ok 20:00:49.0255 4604 [ 24FD746641704A5B37903CBD7A2814DA ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 20:00:49.0266 4604 usbhub - ok 20:00:49.0279 4604 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys 20:00:49.0282 4604 usbohci - ok 20:00:49.0298 4604 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 20:00:49.0302 4604 usbprint - ok 20:00:49.0335 4604 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 20:00:49.0339 4604 usbscan - ok 20:00:49.0356 4604 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:00:49.0361 4604 USBSTOR - ok 20:00:49.0379 4604 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 20:00:49.0383 4604 usbuhci - ok 20:00:49.0417 4604 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 20:00:49.0424 4604 UxSms - ok 20:00:49.0433 4604 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 20:00:49.0438 4604 VaultSvc - ok 20:00:49.0452 4604 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 20:00:49.0456 4604 vdrvroot - ok 20:00:49.0478 4604 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 20:00:49.0503 4604 vds - ok 20:00:49.0521 4604 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 20:00:49.0525 4604 vga - ok 20:00:49.0539 4604 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 20:00:49.0543 4604 VgaSave - ok 20:00:49.0552 4604 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 20:00:49.0559 4604 vhdmp - ok 20:00:49.0566 4604 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 20:00:49.0570 4604 viaide - ok 20:00:49.0595 4604 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 20:00:49.0598 4604 VMBusHID - ok 20:00:49.0613 4604 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 20:00:49.0618 4604 volmgr - ok 20:00:49.0639 4604 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 20:00:49.0647 4604 volmgrx - ok 20:00:49.0664 4604 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 20:00:49.0673 4604 volsnap - ok 20:00:49.0693 4604 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 20:00:49.0700 4604 vsmraid - ok 20:00:49.0749 4604 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 20:00:49.0802 4604 VSS - ok 20:00:49.0815 4604 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 20:00:49.0819 4604 vwifibus - ok 20:00:49.0840 4604 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 20:00:49.0856 4604 W32Time - ok 20:00:49.0867 4604 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 20:00:49.0871 4604 WacomPen - ok 20:00:49.0889 4604 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 20:00:49.0894 4604 WANARP - ok 20:00:49.0900 4604 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 20:00:49.0901 4604 Wanarpv6 - ok 20:00:49.0946 4604 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 20:00:49.0982 4604 WatAdminSvc - ok 20:00:50.0024 4604 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 20:00:50.0077 4604 wbengine - ok 20:00:50.0093 4604 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 20:00:50.0100 4604 WbioSrvc - ok 20:00:50.0121 4604 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 20:00:50.0130 4604 wcncsvc - ok 20:00:50.0141 4604 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 20:00:50.0145 4604 WcsPlugInService - ok 20:00:50.0172 4604 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 20:00:50.0174 4604 Wd - ok 20:00:50.0193 4604 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 20:00:50.0210 4604 Wdf01000 - ok 20:00:50.0222 4604 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 20:00:50.0230 4604 WdiServiceHost - ok 20:00:50.0236 4604 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 20:00:50.0241 4604 WdiSystemHost - ok 20:00:50.0255 4604 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 20:00:50.0262 4604 WebClient - ok 20:00:50.0278 4604 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 20:00:50.0285 4604 Wecsvc - ok 20:00:50.0299 4604 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 20:00:50.0302 4604 wercplsupport - ok 20:00:50.0322 4604 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 20:00:50.0326 4604 WerSvc - ok 20:00:50.0342 4604 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 20:00:50.0344 4604 WfpLwf - ok 20:00:50.0360 4604 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 20:00:50.0362 4604 WIMMount - ok 20:00:50.0374 4604 WinDefend - ok 20:00:50.0381 4604 WinHttpAutoProxySvc - ok 20:00:50.0418 4604 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 20:00:50.0425 4604 Winmgmt - ok 20:00:50.0470 4604 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 20:00:50.0534 4604 WinRM - ok 20:00:50.0586 4604 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 20:00:50.0588 4604 WinUsb - ok 20:00:50.0613 4604 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 20:00:50.0640 4604 Wlansvc - ok 20:00:50.0691 4604 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 20:00:50.0696 4604 wlcrasvc - ok 20:00:50.0765 4604 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 20:00:50.0845 4604 wlidsvc - ok 20:00:50.0876 4604 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 20:00:50.0878 4604 WmiAcpi - ok 20:00:50.0902 4604 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 20:00:50.0908 4604 wmiApSrv - ok 20:00:50.0932 4604 WMPNetworkSvc - ok 20:00:50.0958 4604 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 20:00:50.0965 4604 WPCSvc - ok 20:00:50.0983 4604 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 20:00:50.0991 4604 WPDBusEnum - ok 20:00:51.0009 4604 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 20:00:51.0013 4604 ws2ifsl - ok 20:00:51.0029 4604 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 20:00:51.0037 4604 wscsvc - ok 20:00:51.0076 4604 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys 20:00:51.0080 4604 WSDPrintDevice - ok 20:00:51.0086 4604 WSearch - ok 20:00:51.0161 4604 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 20:00:51.0212 4604 wuauserv - ok 20:00:51.0230 4604 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 20:00:51.0233 4604 WudfPf - ok 20:00:51.0259 4604 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 20:00:51.0262 4604 WUDFRd - ok 20:00:51.0272 4604 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 20:00:51.0278 4604 wudfsvc - ok 20:00:51.0298 4604 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 20:00:51.0311 4604 WwanSvc - ok 20:00:51.0322 4604 ================ Scan global =============================== 20:00:51.0363 4604 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 20:00:51.0391 4604 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 20:00:51.0417 4604 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 20:00:51.0447 4604 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 20:00:51.0482 4604 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 20:00:51.0494 4604 [Global] - ok 20:00:51.0495 4604 ================ Scan MBR ================================== 20:00:51.0512 4604 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 20:00:51.0714 4604 \Device\Harddisk0\DR0 - ok 20:00:51.0721 4604 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR2 20:00:53.0383 4604 \Device\Harddisk1\DR2 - ok 20:00:53.0383 4604 ================ Scan VBR ================================== 20:00:53.0385 4604 [ D7B99BAD13A90BB2F97560BA176D48A2 ] \Device\Harddisk0\DR0\Partition1 20:00:53.0386 4604 \Device\Harddisk0\DR0\Partition1 - ok 20:00:53.0390 4604 [ 439316294545F234F7FC19573674D1DE ] \Device\Harddisk0\DR0\Partition2 20:00:53.0391 4604 \Device\Harddisk0\DR0\Partition2 - ok 20:00:53.0396 4604 [ 24ABEE232E0204D9F149F8F9D28F955D ] \Device\Harddisk1\DR2\Partition1 20:00:53.0397 4604 \Device\Harddisk1\DR2\Partition1 - ok 20:00:53.0397 4604 ============================================================ 20:00:53.0397 4604 Scan finished 20:00:53.0397 4604 ============================================================ 20:00:53.0408 3808 Detected object count: 0 20:00:53.0408 3808 Actual detected object count: 0 RogueKiller V8.0.3 [09/13/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : kjw [Admin rights] Mode : Scan -- Date : 09/18/2012 20:03:23 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost 64.27.10.42 www.google-analytics.com. 64.27.10.42 ad-emea.doubleclick.net. 64.27.10.42 www.statcounter.com. 108.163.215.51 www.google-analytics.com. 108.163.215.51 ad-emea.doubleclick.net. 108.163.215.51 www.statcounter.com. ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD2500AAKX-753CA0 ATA Device +++++ --- User --- [MBR] 587849e339b0478d5650725534eec6e8 [bSP] 3e5715d48ae66b6307961db5f9804bee : Windows 7 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 12048 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24675840 | Size: 226392 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt and fyi, here's the eset report that ran earlier: C:\ProgramData\LqZ6Q5P2qVqdWz.exe a variant of Win32/Kryptik.ALVH trojan cleaned by deleting - quarantined C:\ProgramData\OeeeIHmGxabi.exe a variant of Win32/Kryptik.ALVH trojan cleaned by deleting - quarantined C:\Users\kjw\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000f4 HTML/ScrInject.B.Gen virus deleted - quarantined C:\Users\Shigematsu Insurance\AppData\Local\Temp\212B.tmp a variant of Win32/Kryptik.ALUA trojan cleaned by deleting - quarantined C:\Users\Shigematsu Insurance\AppData\Local\Temp\C937.tmp a variant of Win32/Kryptik.ALUA trojan cleaned by deleting - quarantined C:\Users\Shigematsu Insurance\AppData\Local\Temp\hfzNaUAVWHRsG1.exe.tmp a variant of Win32/Kryptik.ALVH trojan cleaned by deleting - quarantined C:\Users\Shigematsu Insurance\AppData\Local\Temp\l0OVEZkZiEwL7V.exe a variant of Win32/Kryptik.ALUA trojan cleaned by deleting - quarantined C:\Users\Shigematsu Insurance\AppData\Local\Temp\UAC.exe a variant of Win32/Kryptik.ALUA trojan cleaned by deleting - quarantined C:\Users\Shigematsu Insurance\AppData\Local\Temp\Uninstall.exe a variant of Win32/Kryptik.ALUA trojan cleaned by deleting - quarantined C:\Users\Shigematsu Insurance\AppData\Local\Temp\V.class probably a variant of Java/Exploit.CVE-2011-3544.BQ trojan cleaned by deleting - quarantined C:\Users\Shigematsu Insurance\AppData\Local\Temp\zZ9HbrtCxZq2LF.exe a variant of Win32/Kryptik.ALUA trojan cleaned by deleting - quarantined I have a backup of the drive (removed, not booted) so I can recover these files if needed.
  7. This malware pops up ads in the bottom left and bottom right corners of the browser. One of the ads that keeps coming up is for a green card service (probably a scam of course). It also causes regular clicks on links to get redirected to ads. It pops up for odd (squatter) sites like sale.com and sell.com, but not google.com or yahoo.com. Proxy server appears normal. Malware Bytes, FPAV, and ESET do not detect this, though the attached DDS.txt notes five Hosts entries that are definitely wrong. but I don't see them in C:\Windows\system32\drivers\etc\hosts . I don't see them in the registry either. I'm not sure where to remove them. Note: this system had a second infection that FPAV and MalwareBytes did not detect. It appears to be a new variant of http://blog.teesupport.com/system-error-hard-disk-failure-detected-fake-alert-and-all-files-hidden-how-to-fix/ . ESET did detect something and appear to have removed it, though logins now cause a temporary profile to be used. That is a common end result of removing the above ransom-ware. DDS.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.