mtestani
-
Posts
23 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by mtestani
-
-
This is the only item that this scan found - the file you asked me to send earlier. Sorry I haven't gotten back to you sooner but I've been out of town.
C:\Qoobox\Quarantine\C\Users\Testani\AppData\Roaming\msdxmu.dll.vir a variant of Win32/Ponmocup.FR trojan cleaned by deleting - quarantined
-
Could you offer some instruction on performing this process - I'm a bit of a novice when it comes to this stuff. Thanks
-
This may be a stupid question but where do I find this file?
-
Here's the combofix log - I appreciate the help
ComboFix 13-03-13.02 - Testani 03/13/2013 23:05:47.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8086.5777 [GMT -4:00]
Running from: c:\users\Testani\Desktop\ComboFix.exe
AV: Trend Micro Titanium *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6032\AddOnDownloaded\1abc6cc6-7642-443e-ad9d-336734fd2832.dll
c:\programdata\PCDr\6032\AddOnDownloaded\69eaa8a4-3131-4718-aad0-994ebde678d1.dll
c:\programdata\PCDr\6032\AddOnDownloaded\9192d3e9-aa66-4560-a2e3-209867aafd30.dll
c:\programdata\PCDr\6032\AddOnDownloaded\d4ffe1c0-8021-4dfa-bf52-cb9224f001ce.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e238f8f5-5f0a-478f-b96a-d15f6f6cac94.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e5a71f43-c979-4b3d-a544-9ed1dc6dc4c8.dll
c:\programdata\PCDr\6032\AddOnDownloaded\f8b3befb-ca07-4bff-8777-f565b237979f.dll
c:\users\Testani\AppData\Roaming\msdxmu.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-02-14 to 2013-03-14 )))))))))))))))))))))))))))))))
.
.
2013-03-14 03:14 . 2013-03-14 03:14 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-03-14 03:14 . 2013-03-14 03:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-28 08:01 . 2013-01-13 19:53 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-02-28 08:00 . 2013-01-13 20:31 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-02-13 08:02 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 08:02 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 02:30 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 02:30 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 02:30 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 02:30 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 02:30 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 02:30 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 02:30 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 02:30 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 02:30 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-13 02:30 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 02:30 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 02:30 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 20:33 . 2012-04-26 00:55 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 20:33 . 2011-09-17 15:57 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 11:14 . 2012-12-02 14:11 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-02-12 05:45 . 2013-03-13 08:55 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 08:55 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 08:55 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 08:55 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 08:55 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 08:55 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-04 04:43 . 2013-02-13 02:30 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-22 06:25 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 06:25 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 06:25 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 06:25 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-14 21:49 . 2012-09-26 02:09 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2013-02-16 298616]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2012-09-29 12105344]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Testani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2012-09-28 24576]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-04-26 34200]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-06-16 340240]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-04 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-08-08 67664]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2010-12-14 58128]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2010-12-14 274432]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2010-12-14 59904]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-04-26 25496]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-30 412264]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 20:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391512]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 415064]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-06-16 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-12-14 10222080]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.cnn.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
DPF: {62D90588-609E-4208-A260-A6CEC45BB92C} - hxxp://watcherswebclubhouse.com/dating/download/v2/cfweb_watcherswebclubhouse.com-dating-download-v2_instmodule.exe
DPF: {DABA1849-E884-4DC0-B7E6-41E49B5D7C37} - hxxps://ive-ssdc.kp.org/Integrations/iSiteEMR/,DanaInfo=cidma.appl.kp.org+iSiteExt.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Vjmvdvlf - c:\users\Testani\AppData\Roaming\msdxmu.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-13 23:16:17
ComboFix-quarantined-files.txt 2013-03-14 03:16
ComboFix2.txt 2012-10-17 03:46
.
Pre-Run: 543,313,559,552 bytes free
Post-Run: 545,801,326,592 bytes free
.
- - End Of File - - 6D65B70B95309DC4D5A47CBECF0530DC
-
Here is the log - Malwarebytes has never identified anything since this problem started.
Malwarebytes Anti-Malware 1.70.0.1100
Database version: v2013.03.13.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Testani :: TESTANI-PC [administrator]
3/12/2013 9:52:27 PM
mbam-log-2013-03-12 (21-52-27).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213152
Time elapsed: 4 minute(s), 53 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
attach.txt
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/29/2011 7:14:21 PM
System Uptime: 3/11/2013 9:47:23 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0YH79Y
Processor: Intel® Core i5-2430M CPU @ 2.40GHz | CPU | 2401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 577 GiB total, 506.567 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP334: 1/17/2013 9:01:39 AM - Scheduled Checkpoint
RP335: 1/31/2013 12:34:13 PM - Scheduled Checkpoint
RP336: 2/8/2013 9:08:00 AM - Scheduled Checkpoint
RP337: 2/13/2013 3:00:33 AM - Windows Update
RP338: 2/21/2013 10:17:22 AM - Scheduled Checkpoint
RP339: 2/28/2013 3:00:33 AM - Windows Update
RP340: 3/7/2013 9:37:35 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4) MUI
Advanced Audio FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bing Bar
Bing Rewards Client Installer
Bonjour
Camfrog Web Advanced 2.0 ActiveX Plugin (remove only)
Cozi
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Edoc Viewer
Dell Getting Started Guide
Dell Home Systems Service Agreement
Dell Marketplace Webslice IE8
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell Support Center
Dell Touchpad
Dell VideoStage
Dell Webcam Central
DirectX 9 Runtime
eBay
ESET Online Scanner v3
ExamView Assessment Suite
ExamView Player
GoToAssist 8.0.0.514
Intel PROSet Wireless
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless Software for Bluetooth® Technology
Intel® PROSet/Wireless WiFi Software
Intel® Turbo Boost Technology Monitor 2.0
Intel® WiDi
Intel® Wireless Display
Internet Explorer
iTunes
Java 7 Update 9
Java Auto Updater
Juniper Networks Setup Client
Junk Mail filter update
LeapFrog Connect
LeapFrog Leapster2 Plugin
LeapFrog Tag Plugin
Malwarebytes Anti-Malware version 1.70.0.1100
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft Lync 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PhotoShowExpress
Quickset64
RBVirtualFolder64Inst
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Secure Download Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype Toolbars
Skype™ 5.10
Sonic CinePlayer Decoder Pack
Trend Micro Titanium
Trend Micro™ Titanium™
TrustedID
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WOT for Internet Explorer
.
==== Event Viewer Messages From Past Week ========
.
3/7/2013 1:44:02 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
3/11/2013 9:48:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
.
==== End Of File ===========================
-
Here are the logs
dds.txt
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.9.2
Run by Testani at 21:57:00 on 2013-03-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8086.5587 [GMT -4:00]
.
AV: Trend Micro Titanium *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.cnn.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [Vjmvdvlf] rundll32 "C:\Users\Testani\AppData\Roaming\msdxmu.dll",Vxbdhzlo
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Testani\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INTEL(~1.LNK - C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {62D90588-609E-4208-A260-A6CEC45BB92C} - hxxp://watcherswebclubhouse.com/dating/download/v2/cfweb_watcherswebclubhouse.com-dating-download-v2_instmodule.exe
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {DABA1849-E884-4DC0-B7E6-41E49B5D7C37} - hxxps://ive-ssdc.kp.org/Integrations/iSiteEMR/,DanaInfo=cidma.appl.kp.org+iSiteExt.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ive-ssdc.kp.org/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{25E196CA-531A-4DBE-A744-F99D02714D1C} : DHCPNameServer = 172.16.2.5 172.18.82.11 4.2.2.2
TCP: Interfaces\{B8626C57-8E68-4C2F-9A97-345E5A847F00} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B8626C57-8E68-4C2F-9A97-345E5A847F00}\2656C6B696E6E2030383 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{B8626C57-8E68-4C2F-9A97-345E5A847F00}\56C647F6E6 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll
x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL ""
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-9-17 55856]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-9-17 98208]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-9-20 256336]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-25 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-25 682344]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-9-17 1692480]
R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2012-9-20 67664]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-17 2656280]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2010-12-14 58128]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2010-12-14 274432]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-9-17 176096]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2010-12-14 59904]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-9-17 317440]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-4-26 25496]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-25 24176]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-9-17 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-9-17 181760]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-17 412264]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
S3 FlyUsb;FLY Fusion;C:\Windows\System32\drivers\FlyUsb.sys [2012-9-28 24576]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-9-17 158976]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-4-26 34200]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-6-16 340240]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-9-17 250984]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-4 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-02-28 08:00:59 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-02-13 08:02:57 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 08:02:56 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 08:00:59 763424 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2013-02-13 02:30:56 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-02-13 02:30:55 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-13 02:30:55 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-02-13 02:30:49 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-13 02:30:48 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-02-13 02:30:47 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-02-13 02:30:47 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-02-13 02:30:47 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-02-13 02:30:47 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-02-13 02:30:47 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-02-13 02:30:45 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-02-13 02:30:45 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2013-02-28 01:32:21 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-28 01:32:21 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 21:57:26.98 ===============
-
Thank you - I will run the scans and attach the results tomorrow.
-
Hi - I would appreciate some help with a problem I am having. After performing a search with google - when I click on one of the results, I am redirected to another site which my antivirus program blocks fortunately. This doesn't happen on the 1st search I run after opening internet explorer - only on subsequent searches. I have updated and ran malwarebytes anti malware but no malicious processes are detected. My antivirus program does not detect anything either. Is there anything else I can do to fix this? - thanks - Matt
-
Hi - I would appreciate some help with a problem I am having. After performing a search with google - when I click on one of the results, I am redirected to another site which my antivirus program blocks fortunately. This doesn't happen on the 1st search I run after opening internet explorer - only on subsequent searches. I have updated and run malwarebytes anti malware but no malicious processes are detected. My antivirus program does not detect anything either. Is there anything else I can do to fix this - thanks - Matt
-
Jeff - Everything seems fime with the system so far. There have been no problems for the last 2 days that I have seen.
-
Here are the threats found on ESET
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\TDSSKiller_Quarantine\14.10.2012_20.44.12\mbr0000\tdlfs0000\tsk0000.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\14.10.2012_20.44.12\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYH trojan
-
It's almost done...4 threats found. When it's done do I do anything with the threats?
-
Jeff - Here are the results of the malwarebytes scan.
Malwarebytes Anti-Malware 1.65.1.1000
Database version: v2012.10.17.13
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Testani :: TESTANI-PC [administrator]
10/17/2012 7:12:04 PM
mbam-log-2012-10-17 (19-12-04).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205276
Time elapsed: 4 minute(s), 39 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Jeff - Thanks for the clarification. Here is the latest log. System is running fine as far as I can tell.
ComboFix 12-10-16.02 - Testani 10/16/2012 23:22:58.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8086.6081 [GMT -4:00]
Running from: c:\users\Testani\Desktop\ComboFix.exe
Command switches used :: c:\users\Testani\Desktop\CFScript.txt
AV: Trend Micro Titanium *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
((((((((((((((((((((((((( Files Created from 2012-09-17 to 2012-10-17 )))))))))))))))))))))))))))))))
.
.
2012-10-17 03:33 . 2012-10-17 03:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-15 00:46 . 2012-10-15 22:34 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-26 03:05 . 2012-09-26 03:05 -------- d-----w- c:\users\Testani\AppData\Roaming\Camfrog Web
2012-09-26 02:09 . 2012-09-26 02:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-26 02:09 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 22:44 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-23 23:58 . 1999-12-17 15:13 86016 ----a-w- c:\windows\unvise32.exe
2012-09-23 23:58 . 2012-09-24 00:03 -------- d-----w- C:\ExamView
2012-09-22 18:14 . 2012-08-24 11:15 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-09-22 18:14 . 2012-08-24 10:39 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-09-21 07:04 . 2012-09-21 07:04 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-09-21 03:20 . 2012-09-21 03:20 -------- dc----w- c:\windows\system32\DRVSTORE
2012-09-21 03:20 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-21 03:20 . 2012-09-21 03:20 -------- d-----w- c:\program files\iTunes
2012-09-21 02:20 . 2010-08-08 22:04 105552 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2012-09-21 02:20 . 2010-08-08 22:04 90704 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2012-09-21 02:20 . 2010-08-08 22:04 67664 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2012-09-21 02:20 . 2010-08-08 22:04 144464 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-09-21 02:12 . 2012-09-21 02:19 -------- d-----w- c:\program files\Trend Micro
2012-09-21 01:26 . 2012-10-10 13:30 -------- d-----w- c:\program files\Microsoft Lync
2012-09-21 01:26 . 2012-10-10 13:30 -------- d-----w- c:\program files (x86)\Microsoft Lync
2012-09-21 01:17 . 2012-09-21 02:02 -------- d-----w- c:\users\Testani\Tracing
2012-09-21 01:17 . 2012-09-21 01:25 -------- d-----w- c:\program files (x86)\OCSetup
2012-09-21 01:11 . 2012-09-21 01:11 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-09-21 01:11 . 2012-09-21 01:11 -------- d-----w- c:\windows\PCHEALTH
2012-09-21 01:11 . 2012-09-21 01:11 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2012-09-21 01:09 . 2012-09-21 01:09 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-09-21 01:09 . 2012-09-21 01:09 -------- d-----w- c:\program files\Microsoft Office
2012-09-21 01:09 . 2012-09-21 01:09 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-09-21 01:08 . 2012-09-21 01:08 -------- d-----r- C:\MSOCache
2012-09-21 00:32 . 2012-09-21 00:32 -------- d-----w- c:\users\Testani\AppData\Roaming\e-academy Inc
2012-09-21 00:32 . 2012-09-21 00:32 -------- d-----w- c:\users\Testani\AppData\Local\e-academy Inc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 13:32 . 2012-04-26 00:55 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 13:32 . 2011-09-17 15:57 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-23 08:26 . 2012-09-18 14:10 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{87B4611A-7A8C-4E5A-B8B8-0C6B413A5446}\mpengine.dll
2012-08-22 18:12 . 2012-09-12 23:13 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 23:13 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 23:13 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 23:13 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 17:01 . 2012-08-21 17:01 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 17:01 . 2012-08-21 17:01 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-10-10 01:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 23:13 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 23:13 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-07-20 14:45 . 2012-07-20 14:45 0 ------w- c:\windows\SysWow64\sho39F3.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2012-07-28 12100696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\users\Testani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-04-26 34200]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-06-16 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-04 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-08-08 67664]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2010-12-14 58128]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2010-12-14 274432]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2010-12-14 59904]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-04-26 25496]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-06-22 8596992]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-30 412264]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 13:32]
.
2012-07-27 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-08-24 05:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391512]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 415064]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-06-16 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-12-14 10222080]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.cnn.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
DPF: {62D90588-609E-4208-A260-A6CEC45BB92C} - hxxp://watcherswebclubhouse.com/dating/download/v2/cfweb_watcherswebclubhouse.com-dating-download-v2_instmodule.exe
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
.
**************************************************************************
.
Completion time: 2012-10-16 23:43:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-17 03:43
ComboFix2.txt 2012-10-15 23:03
.
Pre-Run: 543,846,801,408 bytes free
Post-Run: 543,908,827,136 bytes free
.
- - End Of File - - 3017066D3BEF306265E46E57B46E4779
Upload was successful
-
Jeff - I'm sorry - this is the 1st time you lost me. Not sure what notepad is or what from the box should be copied into it.
-
I then ran combofix - here is the log...
ComboFix 12-10-15.01 - Testani 10/15/2012 18:45:45.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8086.5930 [GMT -4:00]
Running from: c:\users\Testani\Desktop\ComboFix.exe
AV: Trend Micro Titanium *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\etadpuelgoog.pad
c:\programdata\Roaming
c:\users\Testani\Documents\~WRD0005.tmp
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-15 to 2012-10-15 )))))))))))))))))))))))))))))))
.
.
2012-10-15 22:59 . 2012-10-15 22:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-15 00:46 . 2012-10-15 22:34 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-26 03:05 . 2012-09-26 03:05 -------- d-----w- c:\users\Testani\AppData\Roaming\Camfrog Web
2012-09-26 02:09 . 2012-09-26 02:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-26 02:09 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 22:44 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-23 23:58 . 1999-12-17 15:13 86016 ----a-w- c:\windows\unvise32.exe
2012-09-23 23:58 . 2012-09-24 00:03 -------- d-----w- C:\ExamView
2012-09-22 18:14 . 2012-08-24 11:15 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-09-22 18:14 . 2012-08-24 10:39 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-09-21 07:04 . 2012-09-21 07:04 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-09-21 03:20 . 2012-09-21 03:20 -------- dc----w- c:\windows\system32\DRVSTORE
2012-09-21 03:20 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-21 03:20 . 2012-09-21 03:20 -------- d-----w- c:\program files\iTunes
2012-09-21 02:20 . 2010-08-08 22:04 105552 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2012-09-21 02:20 . 2010-08-08 22:04 90704 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2012-09-21 02:20 . 2010-08-08 22:04 67664 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2012-09-21 02:20 . 2010-08-08 22:04 144464 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-09-21 02:12 . 2012-09-21 02:19 -------- d-----w- c:\program files\Trend Micro
2012-09-21 01:26 . 2012-10-10 13:30 -------- d-----w- c:\program files\Microsoft Lync
2012-09-21 01:26 . 2012-10-10 13:30 -------- d-----w- c:\program files (x86)\Microsoft Lync
2012-09-21 01:17 . 2012-09-21 02:02 -------- d-----w- c:\users\Testani\Tracing
2012-09-21 01:17 . 2012-09-21 01:25 -------- d-----w- c:\program files (x86)\OCSetup
2012-09-21 01:11 . 2012-09-21 01:11 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-09-21 01:11 . 2012-09-21 01:11 -------- d-----w- c:\windows\PCHEALTH
2012-09-21 01:11 . 2012-09-21 01:11 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2012-09-21 01:09 . 2012-09-21 01:09 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-09-21 01:09 . 2012-09-21 01:09 -------- d-----w- c:\program files\Microsoft Office
2012-09-21 01:09 . 2012-09-21 01:09 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-09-21 01:08 . 2012-09-21 01:08 -------- d-----r- C:\MSOCache
2012-09-21 00:32 . 2012-09-21 00:32 -------- d-----w- c:\users\Testani\AppData\Roaming\e-academy Inc
2012-09-21 00:32 . 2012-09-21 00:32 -------- d-----w- c:\users\Testani\AppData\Local\e-academy Inc
2012-09-18 14:10 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{87B4611A-7A8C-4E5A-B8B8-0C6B413A5446}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 13:32 . 2012-04-26 00:55 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 13:32 . 2011-09-17 15:57 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-22 18:12 . 2012-09-12 23:13 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 23:13 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 23:13 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 23:13 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 17:01 . 2012-08-21 17:01 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 17:01 . 2012-08-21 17:01 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-10-10 01:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 23:13 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 23:13 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-07-20 14:45 . 2012-07-20 14:45 0 ----a-w- c:\windows\SysWow64\sho39F3.tmp
2012-07-18 18:15 . 2012-08-16 01:33 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2012-07-28 12100696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\users\Testani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-04-26 34200]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-06-16 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-04 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-08-08 67664]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2010-12-14 58128]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2010-12-14 274432]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2010-12-14 59904]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-04-26 25496]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-06-22 8596992]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-30 412264]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 51528092
*Deregistered* - 51528092
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 13:32]
.
2012-07-27 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-08-24 05:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391512]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 415064]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-06-16 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-12-14 10222080]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.cnn.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
DPF: {62D90588-609E-4208-A260-A6CEC45BB92C} - hxxp://watcherswebclubhouse.com/dating/download/v2/cfweb_watcherswebclubhouse.com-dating-download-v2_instmodule.exe
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-01687352.sys
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-15 19:03:04
ComboFix-quarantined-files.txt 2012-10-15 23:03
.
Pre-Run: 543,417,597,952 bytes free
Post-Run: 545,339,867,136 bytes free
.
- - End Of File - - 3A04AA54893DA3EAA233BD6761EE8DB3
-
Jeff - I ran tdsskiller - it did find that and I deleted it. here is the log...
19:07:31.0979 7748 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
19:07:32.0291 7748 ============================================================
19:07:32.0291 7748 Current date / time: 2012/10/15 19:07:32.0291
19:07:32.0291 7748 SystemInfo:
19:07:32.0291 7748
19:07:32.0291 7748 OS Version: 6.1.7601 ServicePack: 1.0
19:07:32.0291 7748 Product type: Workstation
19:07:32.0291 7748 ComputerName: TESTANI-PC
19:07:32.0291 7748 UserName: Testani
19:07:32.0291 7748 Windows directory: C:\Windows
19:07:32.0291 7748 System windows directory: C:\Windows
19:07:32.0291 7748 Running under WOW64
19:07:32.0291 7748 Processor architecture: Intel x64
19:07:32.0291 7748 Number of processors: 4
19:07:32.0291 7748 Page size: 0x1000
19:07:32.0291 7748 Boot type: Normal boot
19:07:32.0291 7748 ============================================================
19:07:32.0470 7748 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:07:32.0476 7748 ============================================================
19:07:32.0476 7748 \Device\Harddisk0\DR0:
19:07:32.0476 7748 MBR partitions:
19:07:32.0476 7748 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x34000, BlocksNum 0x2710000
19:07:32.0476 7748 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2744000, BlocksNum 0x48113AB0
19:07:32.0476 7748 ============================================================
19:07:32.0512 7748 C: <-> \Device\Harddisk0\DR0\Partition2
19:07:32.0512 7748 ============================================================
19:07:32.0512 7748 Initialize success
19:07:32.0512 7748 ============================================================
19:07:41.0572 5412 ============================================================
19:07:41.0572 5412 Scan started
19:07:41.0572 5412 Mode: Manual; TDLFS;
19:07:41.0572 5412 ============================================================
19:07:41.0900 5412 ================ Scan system memory ========================
19:07:41.0900 5412 System memory - ok
19:07:41.0900 5412 ================ Scan services =============================
19:07:42.0175 5412 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:07:42.0177 5412 1394ohci - ok
19:07:42.0214 5412 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:07:42.0216 5412 ACPI - ok
19:07:42.0232 5412 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:07:42.0232 5412 AcpiPmi - ok
19:07:42.0357 5412 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:07:42.0357 5412 AdobeARMservice - ok
19:07:42.0544 5412 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:07:42.0560 5412 AdobeFlashPlayerUpdateSvc - ok
19:07:42.0606 5412 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:07:42.0606 5412 adp94xx - ok
19:07:42.0638 5412 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:07:42.0653 5412 adpahci - ok
19:07:42.0684 5412 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:07:42.0684 5412 adpu320 - ok
19:07:42.0716 5412 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:07:42.0716 5412 AeLookupSvc - ok
19:07:42.0809 5412 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
19:07:42.0809 5412 AERTFilters - ok
19:07:42.0872 5412 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:07:42.0872 5412 AFD - ok
19:07:42.0918 5412 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:07:42.0918 5412 agp440 - ok
19:07:42.0934 5412 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:07:42.0934 5412 ALG - ok
19:07:42.0989 5412 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:07:42.0990 5412 aliide - ok
19:07:43.0018 5412 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:07:43.0021 5412 amdide - ok
19:07:43.0043 5412 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:07:43.0047 5412 AmdK8 - ok
19:07:43.0062 5412 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
19:07:43.0063 5412 AmdPPM - ok
19:07:43.0102 5412 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:07:43.0107 5412 amdsata - ok
19:07:43.0127 5412 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
19:07:43.0130 5412 amdsbs - ok
19:07:43.0148 5412 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:07:43.0150 5412 amdxata - ok
19:07:43.0251 5412 [ 18F64623E76FF58009D6F9CB9DEA5D0A ] Amsp C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
19:07:43.0251 5412 Amsp - ok
19:07:43.0298 5412 [ 24ED0EB2B2558970176ECEE680F8F806 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
19:07:43.0313 5412 ApfiltrService - ok
19:07:43.0344 5412 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:07:43.0360 5412 AppID - ok
19:07:43.0391 5412 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:07:43.0391 5412 AppIDSvc - ok
19:07:43.0407 5412 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:07:43.0407 5412 Appinfo - ok
19:07:43.0500 5412 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:07:43.0500 5412 Apple Mobile Device - ok
19:07:43.0547 5412 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
19:07:43.0563 5412 arc - ok
19:07:43.0578 5412 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:07:43.0578 5412 arcsas - ok
19:07:43.0688 5412 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:07:43.0688 5412 aspnet_state - ok
19:07:43.0719 5412 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:07:43.0719 5412 AsyncMac - ok
19:07:43.0766 5412 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:07:43.0766 5412 atapi - ok
19:07:43.0812 5412 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:07:43.0828 5412 AudioEndpointBuilder - ok
19:07:43.0875 5412 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:07:43.0875 5412 AudioSrv - ok
19:07:43.0922 5412 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:07:43.0922 5412 AxInstSV - ok
19:07:43.0977 5412 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
19:07:43.0980 5412 b06bdrv - ok
19:07:44.0003 5412 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:07:44.0005 5412 b57nd60a - ok
19:07:44.0129 5412 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
19:07:44.0135 5412 BBSvc - ok
19:07:44.0177 5412 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
19:07:44.0179 5412 BBUpdate - ok
19:07:44.0215 5412 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:07:44.0216 5412 BDESVC - ok
19:07:44.0254 5412 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:07:44.0254 5412 Beep - ok
19:07:44.0332 5412 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:07:44.0348 5412 BFE - ok
19:07:44.0394 5412 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
19:07:44.0410 5412 BITS - ok
19:07:44.0457 5412 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:07:44.0457 5412 blbdrive - ok
19:07:44.0566 5412 [ C620C59D46F43BEECC556F65E801312B ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
19:07:44.0582 5412 Bluetooth Device Monitor - ok
19:07:44.0628 5412 [ 5E5EDCCEEA4FA3FDF3A907AC204B5828 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
19:07:44.0628 5412 Bluetooth Media Service - ok
19:07:44.0691 5412 [ 826E65C945738CBD64F89EAE4406687F ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
19:07:44.0706 5412 Bluetooth OBEX Service - ok
19:07:44.0784 5412 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:07:44.0800 5412 Bonjour Service - ok
19:07:44.0847 5412 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:07:44.0847 5412 bowser - ok
19:07:44.0894 5412 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
19:07:44.0894 5412 BrFiltLo - ok
19:07:44.0909 5412 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
19:07:44.0909 5412 BrFiltUp - ok
19:07:44.0925 5412 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
19:07:44.0940 5412 BridgeMP - ok
19:07:44.0980 5412 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:07:44.0984 5412 Browser - ok
19:07:45.0004 5412 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:07:45.0006 5412 Brserid - ok
19:07:45.0010 5412 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:07:45.0011 5412 BrSerWdm - ok
19:07:45.0013 5412 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:07:45.0014 5412 BrUsbMdm - ok
19:07:45.0025 5412 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:07:45.0026 5412 BrUsbSer - ok
19:07:45.0080 5412 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
19:07:45.0083 5412 BthEnum - ok
19:07:45.0099 5412 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:07:45.0101 5412 BTHMODEM - ok
19:07:45.0136 5412 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:07:45.0137 5412 BthPan - ok
19:07:45.0162 5412 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
19:07:45.0174 5412 BTHPORT - ok
19:07:45.0238 5412 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:07:45.0238 5412 bthserv - ok
19:07:45.0254 5412 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
19:07:45.0254 5412 BTHUSB - ok
19:07:45.0300 5412 [ 962BD3689E2C85F0BA97F3D7E7BA540B ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
19:07:45.0300 5412 btmaux - ok
19:07:45.0332 5412 [ EC1220B647F0D995DA5CAD4153454779 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
19:07:45.0332 5412 btmhsf - ok
19:07:45.0363 5412 catchme - ok
19:07:45.0394 5412 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:07:45.0394 5412 cdfs - ok
19:07:45.0441 5412 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:07:45.0441 5412 cdrom - ok
19:07:45.0472 5412 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:07:45.0472 5412 CertPropSvc - ok
19:07:45.0488 5412 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
19:07:45.0503 5412 circlass - ok
19:07:45.0519 5412 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:07:45.0519 5412 CLFS - ok
19:07:45.0581 5412 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:07:45.0581 5412 clr_optimization_v2.0.50727_32 - ok
19:07:45.0628 5412 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:07:45.0644 5412 clr_optimization_v2.0.50727_64 - ok
19:07:45.0722 5412 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:07:45.0722 5412 clr_optimization_v4.0.30319_32 - ok
19:07:45.0768 5412 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:07:45.0768 5412 clr_optimization_v4.0.30319_64 - ok
19:07:45.0800 5412 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:07:45.0800 5412 CmBatt - ok
19:07:45.0815 5412 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:07:45.0815 5412 cmdide - ok
19:07:45.0878 5412 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:07:45.0878 5412 CNG - ok
19:07:45.0909 5412 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:07:45.0909 5412 Compbatt - ok
19:07:45.0940 5412 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:07:45.0940 5412 CompositeBus - ok
19:07:45.0956 5412 COMSysApp - ok
19:07:45.0995 5412 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:07:45.0998 5412 crcdisk - ok
19:07:46.0052 5412 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:07:46.0058 5412 CryptSvc - ok
19:07:46.0129 5412 [ BC3D4F90978CD7C8EABD1BAF3BF7873A ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
19:07:46.0135 5412 CtClsFlt - ok
19:07:46.0165 5412 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:07:46.0172 5412 DcomLaunch - ok
19:07:46.0207 5412 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:07:46.0215 5412 defragsvc - ok
19:07:46.0239 5412 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:07:46.0239 5412 DfsC - ok
19:07:46.0270 5412 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:07:46.0286 5412 Dhcp - ok
19:07:46.0302 5412 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:07:46.0302 5412 discache - ok
19:07:46.0333 5412 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
19:07:46.0333 5412 Disk - ok
19:07:46.0364 5412 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:07:46.0364 5412 Dnscache - ok
19:07:46.0395 5412 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:07:46.0395 5412 dot3svc - ok
19:07:46.0442 5412 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:07:46.0442 5412 DPS - ok
19:07:46.0489 5412 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:07:46.0489 5412 drmkaud - ok
19:07:46.0536 5412 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:07:46.0551 5412 DXGKrnl - ok
19:07:46.0598 5412 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:07:46.0614 5412 EapHost - ok
19:07:46.0707 5412 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
19:07:46.0723 5412 ebdrv - ok
19:07:46.0770 5412 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:07:46.0770 5412 EFS - ok
19:07:46.0832 5412 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:07:46.0848 5412 ehRecvr - ok
19:07:46.0894 5412 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:07:46.0894 5412 ehSched - ok
19:07:46.0926 5412 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:07:46.0926 5412 elxstor - ok
19:07:46.0990 5412 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:07:46.0993 5412 ErrDev - ok
19:07:47.0057 5412 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:07:47.0067 5412 EventSystem - ok
19:07:47.0177 5412 [ ED8FBADBBAF7420ADEAE2D5D81F0D4A1 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
19:07:47.0192 5412 EvtEng - ok
19:07:47.0257 5412 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:07:47.0257 5412 exfat - ok
19:07:47.0288 5412 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:07:47.0288 5412 fastfat - ok
19:07:47.0335 5412 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:07:47.0351 5412 Fax - ok
19:07:47.0382 5412 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
19:07:47.0382 5412 fdc - ok
19:07:47.0413 5412 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:07:47.0413 5412 fdPHost - ok
19:07:47.0444 5412 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:07:47.0444 5412 FDResPub - ok
19:07:47.0460 5412 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:07:47.0460 5412 FileInfo - ok
19:07:47.0491 5412 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:07:47.0491 5412 Filetrace - ok
19:07:47.0507 5412 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
19:07:47.0507 5412 flpydisk - ok
19:07:47.0522 5412 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:07:47.0522 5412 FltMgr - ok
19:07:47.0569 5412 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:07:47.0569 5412 FontCache - ok
19:07:47.0632 5412 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:07:47.0632 5412 FontCache3.0.0.0 - ok
19:07:47.0647 5412 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:07:47.0647 5412 FsDepends - ok
19:07:47.0694 5412 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:07:47.0694 5412 Fs_Rec - ok
19:07:47.0725 5412 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:07:47.0725 5412 fvevol - ok
19:07:47.0741 5412 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:07:47.0741 5412 gagp30kx - ok
19:07:47.0850 5412 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:07:47.0850 5412 GEARAspiWDM - ok
19:07:47.0944 5412 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
19:07:47.0959 5412 GoToAssist - ok
19:07:48.0016 5412 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:07:48.0028 5412 gpsvc - ok
19:07:48.0057 5412 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:07:48.0058 5412 hcw85cir - ok
19:07:48.0087 5412 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:07:48.0095 5412 HDAudBus - ok
19:07:48.0114 5412 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
19:07:48.0116 5412 HidBatt - ok
19:07:48.0126 5412 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:07:48.0128 5412 HidBth - ok
19:07:48.0156 5412 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
19:07:48.0157 5412 HidIr - ok
19:07:48.0167 5412 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
19:07:48.0169 5412 hidserv - ok
19:07:48.0200 5412 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:07:48.0203 5412 HidUsb - ok
19:07:48.0238 5412 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:07:48.0240 5412 hkmsvc - ok
19:07:48.0251 5412 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:07:48.0253 5412 HomeGroupListener - ok
19:07:48.0260 5412 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:07:48.0276 5412 HomeGroupProvider - ok
19:07:48.0292 5412 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:07:48.0292 5412 HpSAMD - ok
19:07:48.0338 5412 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:07:48.0354 5412 HTTP - ok
19:07:48.0385 5412 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:07:48.0385 5412 hwpolicy - ok
19:07:48.0416 5412 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:07:48.0416 5412 i8042prt - ok
19:07:48.0494 5412 [ D469B77687E12FE43E344806740B624D ] iaStor C:\Windows\system32\drivers\iaStor.sys
19:07:48.0494 5412 iaStor - ok
19:07:48.0541 5412 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:07:48.0557 5412 iaStorV - ok
19:07:48.0588 5412 [ E44F0B4DC753C14930B8DC48BB7A1644 ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
19:07:48.0588 5412 iBtFltCoex - ok
19:07:48.0666 5412 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
19:07:48.0682 5412 IDriverT - ok
19:07:48.0744 5412 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:07:48.0760 5412 idsvc - ok
19:07:49.0031 5412 [ A47D902F5C0C43DCF5EE2CAE02BF39A8 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:07:49.0088 5412 igfx - ok
19:07:49.0108 5412 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:07:49.0110 5412 iirsp - ok
19:07:49.0157 5412 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:07:49.0169 5412 IKEEXT - ok
19:07:49.0212 5412 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\drivers\Impcd.sys
19:07:49.0217 5412 Impcd - ok
19:07:49.0261 5412 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
19:07:49.0276 5412 intaud_WaveExtensible - ok
19:07:49.0354 5412 [ 8FED6428FDE53D7F4C105095F22524BE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:07:49.0354 5412 IntcAzAudAddService - ok
19:07:49.0401 5412 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
19:07:49.0401 5412 IntcDAud - ok
19:07:49.0417 5412 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:07:49.0432 5412 intelide - ok
19:07:49.0448 5412 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:07:49.0463 5412 intelppm - ok
19:07:49.0495 5412 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:07:49.0495 5412 IPBusEnum - ok
19:07:49.0510 5412 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:07:49.0510 5412 IpFilterDriver - ok
19:07:49.0557 5412 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:07:49.0573 5412 iphlpsvc - ok
19:07:49.0588 5412 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:07:49.0588 5412 IPMIDRV - ok
19:07:49.0619 5412 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:07:49.0635 5412 IPNAT - ok
19:07:49.0713 5412 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:07:49.0729 5412 iPod Service - ok
19:07:49.0760 5412 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:07:49.0760 5412 IRENUM - ok
19:07:49.0775 5412 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:07:49.0775 5412 isapnp - ok
19:07:49.0807 5412 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:07:49.0807 5412 iScsiPrt - ok
19:07:49.0853 5412 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys
19:07:49.0853 5412 iwdbus - ok
19:07:49.0885 5412 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:07:49.0885 5412 kbdclass - ok
19:07:49.0916 5412 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:07:49.0931 5412 kbdhid - ok
19:07:49.0947 5412 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:07:49.0963 5412 KeyIso - ok
19:07:49.0999 5412 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:07:50.0000 5412 KSecDD - ok
19:07:50.0035 5412 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:07:50.0039 5412 KSecPkg - ok
19:07:50.0058 5412 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:07:50.0061 5412 ksthunk - ok
19:07:50.0095 5412 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:07:50.0102 5412 KtmRm - ok
19:07:50.0143 5412 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
19:07:50.0146 5412 LanmanServer - ok
19:07:50.0176 5412 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:07:50.0185 5412 LanmanWorkstation - ok
19:07:50.0371 5412 [ 3C879D04BB6466E2853C3155B635CC45 ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
19:07:50.0402 5412 LeapFrog Connect Device Service - ok
19:07:50.0465 5412 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:07:50.0465 5412 lltdio - ok
19:07:50.0511 5412 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:07:50.0527 5412 lltdsvc - ok
19:07:50.0543 5412 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:07:50.0543 5412 lmhosts - ok
19:07:50.0574 5412 [ 7F32D4C47A50E7223491E8FB9359907D ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
19:07:50.0574 5412 LMS - ok
19:07:50.0605 5412 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:07:50.0605 5412 LSI_FC - ok
19:07:50.0621 5412 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:07:50.0636 5412 LSI_SAS - ok
19:07:50.0652 5412 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
19:07:50.0652 5412 LSI_SAS2 - ok
19:07:50.0667 5412 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:07:50.0667 5412 LSI_SCSI - ok
19:07:50.0699 5412 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:07:50.0699 5412 luafv - ok
19:07:50.0745 5412 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
19:07:50.0745 5412 MBAMProtector - ok
19:07:50.0792 5412 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:07:50.0792 5412 MBAMScheduler - ok
19:07:50.0839 5412 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:07:50.0855 5412 MBAMService - ok
19:07:50.0901 5412 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:07:50.0901 5412 Mcx2Svc - ok
19:07:50.0917 5412 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
19:07:50.0933 5412 megasas - ok
19:07:50.0964 5412 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
19:07:50.0979 5412 MegaSR - ok
19:07:51.0003 5412 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
19:07:51.0004 5412 MEIx64 - ok
19:07:51.0081 5412 Microsoft SharePoint Workspace Audit Service - ok
19:07:51.0117 5412 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:07:51.0118 5412 MMCSS - ok
19:07:51.0133 5412 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:07:51.0134 5412 Modem - ok
19:07:51.0174 5412 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:07:51.0175 5412 monitor - ok
19:07:51.0194 5412 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:07:51.0198 5412 mouclass - ok
19:07:51.0208 5412 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:07:51.0209 5412 mouhid - ok
19:07:51.0223 5412 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:07:51.0225 5412 mountmgr - ok
19:07:51.0239 5412 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:07:51.0240 5412 mpio - ok
19:07:51.0259 5412 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:07:51.0261 5412 mpsdrv - ok
19:07:51.0294 5412 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:07:51.0310 5412 MpsSvc - ok
19:07:51.0325 5412 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:07:51.0325 5412 MRxDAV - ok
19:07:51.0357 5412 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:07:51.0357 5412 mrxsmb - ok
19:07:51.0403 5412 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:07:51.0419 5412 mrxsmb10 - ok
19:07:51.0435 5412 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:07:51.0435 5412 mrxsmb20 - ok
19:07:51.0450 5412 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:07:51.0450 5412 msahci - ok
19:07:51.0466 5412 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:07:51.0481 5412 msdsm - ok
19:07:51.0497 5412 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:07:51.0513 5412 MSDTC - ok
19:07:51.0528 5412 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:07:51.0544 5412 Msfs - ok
19:07:51.0575 5412 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:07:51.0575 5412 mshidkmdf - ok
19:07:51.0591 5412 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:07:51.0591 5412 msisadrv - ok
19:07:51.0622 5412 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:07:51.0622 5412 MSiSCSI - ok
19:07:51.0637 5412 msiserver - ok
19:07:51.0653 5412 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:07:51.0653 5412 MSKSSRV - ok
19:07:51.0684 5412 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:07:51.0684 5412 MSPCLOCK - ok
19:07:51.0700 5412 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:07:51.0700 5412 MSPQM - ok
19:07:51.0731 5412 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:07:51.0731 5412 MsRPC - ok
19:07:51.0747 5412 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:07:51.0747 5412 mssmbios - ok
19:07:51.0762 5412 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:07:51.0762 5412 MSTEE - ok
19:07:51.0778 5412 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
19:07:51.0778 5412 MTConfig - ok
19:07:51.0778 5412 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:07:51.0793 5412 Mup - ok
19:07:51.0856 5412 [ F02A154FDE5DA779E971352256E64CFF ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
19:07:51.0856 5412 MyWiFiDHCPDNS - ok
19:07:51.0887 5412 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:07:51.0903 5412 napagent - ok
19:07:51.0918 5412 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:07:51.0934 5412 NativeWifiP - ok
19:07:51.0997 5412 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:07:52.0014 5412 NDIS - ok
19:07:52.0034 5412 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:07:52.0035 5412 NdisCap - ok
19:07:52.0069 5412 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:07:52.0072 5412 NdisTapi - ok
19:07:52.0107 5412 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:07:52.0110 5412 Ndisuio - ok
19:07:52.0132 5412 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:07:52.0137 5412 NdisWan - ok
19:07:52.0146 5412 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:07:52.0147 5412 NDProxy - ok
19:07:52.0156 5412 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:07:52.0157 5412 NetBIOS - ok
19:07:52.0170 5412 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:07:52.0172 5412 NetBT - ok
19:07:52.0182 5412 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:07:52.0184 5412 Netlogon - ok
19:07:52.0212 5412 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:07:52.0215 5412 Netman - ok
19:07:52.0251 5412 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:07:52.0256 5412 NetMsmqActivator - ok
19:07:52.0259 5412 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:07:52.0261 5412 NetPipeActivator - ok
19:07:52.0281 5412 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:07:52.0281 5412 netprofm - ok
19:07:52.0281 5412 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:07:52.0296 5412 NetTcpActivator - ok
19:07:52.0296 5412 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:07:52.0296 5412 NetTcpPortSharing - ok
19:07:52.0484 5412 [ C3FC3EEE5A0CE77A02B27CFDFAF0C758 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
19:07:52.0530 5412 NETwNs64 - ok
19:07:52.0546 5412 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:07:52.0546 5412 nfrd960 - ok
19:07:52.0577 5412 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:07:52.0577 5412 NlaSvc - ok
19:07:52.0608 5412 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:07:52.0624 5412 Npfs - ok
19:07:52.0640 5412 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:07:52.0640 5412 nsi - ok
19:07:52.0655 5412 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:07:52.0655 5412 nsiproxy - ok
19:07:52.0733 5412 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:07:52.0749 5412 Ntfs - ok
19:07:52.0780 5412 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:07:52.0780 5412 Null - ok
19:07:52.0827 5412 [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
19:07:52.0827 5412 nusb3hub - ok
19:07:52.0858 5412 [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:07:52.0874 5412 nusb3xhc - ok
19:07:52.0889 5412 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:07:52.0889 5412 nvraid - ok
19:07:52.0920 5412 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:07:52.0920 5412 nvstor - ok
19:07:52.0952 5412 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:07:52.0952 5412 nv_agp - ok
19:07:52.0983 5412 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:07:52.0983 5412 ohci1394 - ok
19:07:53.0059 5412 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:07:53.0061 5412 ose - ok
19:07:53.0200 5412 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:07:53.0223 5412 osppsvc - ok
19:07:53.0265 5412 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:07:53.0266 5412 p2pimsvc - ok
19:07:53.0298 5412 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:07:53.0313 5412 p2psvc - ok
19:07:53.0376 5412 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
19:07:53.0376 5412 Parport - ok
19:07:53.0407 5412 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:07:53.0407 5412 partmgr - ok
19:07:53.0422 5412 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:07:53.0422 5412 PcaSvc - ok
19:07:53.0454 5412 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:07:53.0454 5412 pci - ok
19:07:53.0485 5412 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:07:53.0485 5412 pciide - ok
19:07:53.0516 5412 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:07:53.0516 5412 pcmcia - ok
19:07:53.0532 5412 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:07:53.0532 5412 pcw - ok
19:07:53.0563 5412 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:07:53.0563 5412 PEAUTH - ok
19:07:53.0688 5412 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:07:53.0688 5412 PerfHost - ok
19:07:53.0781 5412 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:07:53.0797 5412 pla - ok
19:07:53.0875 5412 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:07:53.0890 5412 PlugPlay - ok
19:07:53.0937 5412 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:07:53.0937 5412 PNRPAutoReg - ok
19:07:53.0953 5412 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:07:53.0953 5412 PNRPsvc - ok
19:07:54.0047 5412 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
19:07:54.0049 5412 Point64 - ok
19:07:54.0088 5412 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:07:54.0094 5412 PolicyAgent - ok
19:07:54.0126 5412 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:07:54.0130 5412 Power - ok
19:07:54.0159 5412 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:07:54.0161 5412 PptpMiniport - ok
19:07:54.0175 5412 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
19:07:54.0177 5412 Processor - ok
19:07:54.0204 5412 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:07:54.0208 5412 ProfSvc - ok
19:07:54.0216 5412 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:07:54.0219 5412 ProtectedStorage - ok
19:07:54.0250 5412 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:07:54.0253 5412 Psched - ok
19:07:54.0298 5412 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
19:07:54.0298 5412 PxHlpa64 - ok
19:07:54.0360 5412 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:07:54.0391 5412 ql2300 - ok
19:07:54.0407 5412 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:07:54.0423 5412 ql40xx - ok
19:07:54.0454 5412 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:07:54.0469 5412 QWAVE - ok
19:07:54.0485 5412 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:07:54.0485 5412 QWAVEdrv - ok
19:07:54.0501 5412 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:07:54.0501 5412 RasAcd - ok
19:07:54.0547 5412 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:07:54.0547 5412 RasAgileVpn - ok
19:07:54.0579 5412 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:07:54.0579 5412 RasAuto - ok
19:07:54.0594 5412 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:07:54.0594 5412 Rasl2tp - ok
19:07:54.0610 5412 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:07:54.0625 5412 RasMan - ok
19:07:54.0641 5412 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:07:54.0641 5412 RasPppoe - ok
19:07:54.0672 5412 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:07:54.0672 5412 RasSstp - ok
19:07:54.0688 5412 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:07:54.0688 5412 rdbss - ok
19:07:54.0703 5412 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
19:07:54.0703 5412 rdpbus - ok
19:07:54.0735 5412 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:07:54.0735 5412 RDPCDD - ok
19:07:54.0750 5412 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:07:54.0750 5412 RDPENCDD - ok
19:07:54.0781 5412 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:07:54.0781 5412 RDPREFMP - ok
19:07:54.0813 5412 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:07:54.0813 5412 RDPWD - ok
19:07:54.0844 5412 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:07:54.0844 5412 rdyboost - ok
19:07:54.0906 5412 [ 3A1EF2F8D0808BECE6A2FEF3EA3987A5 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
19:07:54.0922 5412 RegSrvc - ok
19:07:54.0953 5412 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:07:54.0969 5412 RemoteAccess - ok
19:07:54.0984 5412 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:07:55.0002 5412 RemoteRegistry - ok
19:07:55.0033 5412 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:07:55.0035 5412 RFCOMM - ok
19:07:55.0140 5412 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
19:07:55.0146 5412 RoxMediaDB12OEM - ok
19:07:55.0175 5412 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
19:07:55.0177 5412 RoxWatch12 - ok
19:07:55.0210 5412 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:07:55.0215 5412 RpcEptMapper - ok
19:07:55.0244 5412 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:07:55.0245 5412 RpcLocator - ok
19:07:55.0265 5412 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:07:55.0268 5412 RpcSs - ok
19:07:55.0283 5412 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:07:55.0283 5412 rspndr - ok
19:07:55.0330 5412 [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
19:07:55.0330 5412 RSUSBSTOR - ok
19:07:55.0361 5412 [ A73ED14670220307874AD6BC2F279349 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:07:55.0361 5412 RTL8167 - ok
19:07:55.0393 5412 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:07:55.0393 5412 SamSs - ok
19:07:55.0408 5412 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:07:55.0408 5412 sbp2port - ok
19:07:55.0439 5412 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:07:55.0439 5412 SCardSvr - ok
19:07:55.0471 5412 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:07:55.0471 5412 scfilter - ok
19:07:55.0517 5412 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:07:55.0533 5412 Schedule - ok
19:07:55.0564 5412 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:07:55.0564 5412 SCPolicySvc - ok
19:07:55.0580 5412 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:07:55.0580 5412 SDRSVC - ok
19:07:55.0611 5412 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:07:55.0611 5412 secdrv - ok
19:07:55.0627 5412 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:07:55.0627 5412 seclogon - ok
19:07:55.0642 5412 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
19:07:55.0642 5412 SENS - ok
19:07:55.0673 5412 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:07:55.0673 5412 SensrSvc - ok
19:07:55.0705 5412 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
19:07:55.0705 5412 Serenum - ok
19:07:55.0720 5412 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
19:07:55.0736 5412 Serial - ok
19:07:55.0751 5412 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:07:55.0751 5412 sermouse - ok
19:07:55.0783 5412 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:07:55.0783 5412 SessionEnv - ok
19:07:55.0798 5412 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:07:55.0798 5412 sffdisk - ok
19:07:55.0814 5412 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:07:55.0814 5412 sffp_mmc - ok
19:07:55.0829 5412 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:07:55.0829 5412 sffp_sd - ok
19:07:55.0845 5412 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:07:55.0845 5412 sfloppy - ok
19:07:55.0939 5412 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
19:07:55.0954 5412 SftService - ok
19:07:55.0985 5412 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:07:56.0001 5412 SharedAccess - ok
19:07:56.0018 5412 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:07:56.0022 5412 ShellHWDetection - ok
19:07:56.0040 5412 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
19:07:56.0041 5412 SiSRaid2 - ok
19:07:56.0054 5412 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:07:56.0055 5412 SiSRaid4 - ok
19:07:56.0100 5412 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:07:56.0102 5412 SkypeUpdate - ok
19:07:56.0130 5412 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:07:56.0135 5412 Smb - ok
19:07:56.0169 5412 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:07:56.0171 5412 SNMPTRAP - ok
19:07:56.0186 5412 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:07:56.0187 5412 spldr - ok
19:07:56.0235 5412 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:07:56.0247 5412 Spooler - ok
19:07:56.0316 5412 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:07:56.0331 5412 sppsvc - ok
19:07:56.0347 5412 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:07:56.0363 5412 sppuinotify - ok
19:07:56.0394 5412 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:07:56.0394 5412 srv - ok
19:07:56.0425 5412 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:07:56.0425 5412 srv2 - ok
19:07:56.0441 5412 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:07:56.0456 5412 srvnet - ok
19:07:56.0472 5412 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:07:56.0472 5412 SSDPSRV - ok
19:07:56.0487 5412 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:07:56.0487 5412 SstpSvc - ok
19:07:56.0519 5412 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
19:07:56.0519 5412 stexstor - ok
19:07:56.0565 5412 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:07:56.0581 5412 stisvc - ok
19:07:56.0612 5412 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
19:07:56.0612 5412 stllssvr - ok
19:07:56.0643 5412 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:07:56.0643 5412 swenum - ok
19:07:56.0659 5412 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:07:56.0659 5412 swprv - ok
19:07:56.0706 5412 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:07:56.0737 5412 SysMain - ok
19:07:56.0737 5412 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:07:56.0753 5412 TabletInputService - ok
19:07:56.0768 5412 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:07:56.0768 5412 TapiSrv - ok
19:07:56.0784 5412 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:07:56.0784 5412 TBS - ok
19:07:56.0877 5412 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:07:56.0877 5412 Tcpip - ok
19:07:56.0955 5412 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:07:56.0971 5412 TCPIP6 - ok
19:07:56.0987 5412 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:07:56.0987 5412 tcpipreg - ok
19:07:57.0002 5412 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:07:57.0002 5412 TDPIPE - ok
19:07:57.0051 5412 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:07:57.0052 5412 TDTCP - ok
19:07:57.0077 5412 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:07:57.0082 5412 tdx - ok
19:07:57.0107 5412 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:07:57.0108 5412 TermDD - ok
19:07:57.0138 5412 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:07:57.0143 5412 TermService - ok
19:07:57.0147 5412 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:07:57.0149 5412 Themes - ok
19:07:57.0172 5412 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:07:57.0174 5412 THREADORDER - ok
19:07:57.0220 5412 [ 73AAFFDD2AC3C8814B26C440E5DD9DD4 ] tmactmon C:\Windows\system32\DRIVERS\tmactmon.sys
19:07:57.0222 5412 tmactmon - ok
19:07:57.0286 5412 [ 360E61217D4E1E333583D0C721057F70 ] tmcomm C:\Windows\system32\DRIVERS\tmcomm.sys
19:07:57.0290 5412 tmcomm - ok
19:07:57.0321 5412 [ 699D34EB7C670139CA23A65372BD5743 ] tmevtmgr C:\Windows\system32\DRIVERS\tmevtmgr.sys
19:07:57.0337 5412 tmevtmgr - ok
19:07:57.0368 5412 [ 262198EFB734012BFCD17E7479AE4A09 ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys
19:07:57.0368 5412 tmtdi - ok
19:07:57.0415 5412 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:07:57.0415 5412 TrkWks - ok
19:07:57.0461 5412 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:07:57.0477 5412 TrustedInstaller - ok
19:07:57.0508 5412 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:07:57.0508 5412 tssecsrv - ok
19:07:57.0524 5412 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:07:57.0539 5412 TsUsbFlt - ok
19:07:57.0571 5412 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
19:07:57.0571 5412 TsUsbGD - ok
19:07:57.0617 5412 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:07:57.0617 5412 tunnel - ok
19:07:57.0664 5412 [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
19:07:57.0664 5412 TurboB - ok
19:07:57.0711 5412 [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
19:07:57.0727 5412 TurboBoost - ok
19:07:57.0742 5412 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:07:57.0742 5412 uagp35 - ok
19:07:57.0758 5412 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:07:57.0773 5412 udfs - ok
19:07:57.0789 5412 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:07:57.0805 5412 UI0Detect - ok
19:07:57.0820 5412 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:07:57.0836 5412 uliagpkx - ok
19:07:57.0851 5412 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:07:57.0851 5412 umbus - ok
19:07:57.0883 5412 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
19:07:57.0883 5412 UmPass - ok
19:07:58.0007 5412 [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
19:07:58.0023 5412 UNS - ok
19:07:58.0055 5412 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:07:58.0066 5412 upnphost - ok
19:07:58.0133 5412 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:07:58.0137 5412 USBAAPL64 - ok
19:07:58.0167 5412 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:07:58.0169 5412 usbccgp - ok
19:07:58.0189 5412 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:07:58.0191 5412 usbcir - ok
19:07:58.0201 5412 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:07:58.0203 5412 usbehci - ok
19:07:58.0248 5412 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:07:58.0256 5412 usbhub - ok
19:07:58.0279 5412 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:07:58.0280 5412 usbohci - ok
19:07:58.0290 5412 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
19:07:58.0290 5412 usbprint - ok
19:07:58.0306 5412 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:07:58.0306 5412 USBSTOR - ok
19:07:58.0337 5412 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:07:58.0337 5412 usbuhci - ok
19:07:58.0368 5412 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:07:58.0368 5412 usbvideo - ok
19:07:58.0415 5412 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:07:58.0415 5412 UxSms - ok
19:07:58.0430 5412 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:07:58.0430 5412 VaultSvc - ok
19:07:58.0446 5412 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:07:58.0446 5412 vdrvroot - ok
19:07:58.0477 5412 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:07:58.0493 5412 vds - ok
19:07:58.0540 5412 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:07:58.0540 5412 vga - ok
19:07:58.0555 5412 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:07:58.0555 5412 VgaSave - ok
19:07:58.0586 5412 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:07:58.0586 5412 vhdmp - ok
19:07:58.0602 5412 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:07:58.0602 5412 viaide - ok
19:07:58.0618 5412 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:07:58.0618 5412 volmgr - ok
19:07:58.0633 5412 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:07:58.0633 5412 volmgrx - ok
19:07:58.0664 5412 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:07:58.0664 5412 volsnap - ok
19:07:58.0680 5412 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:07:58.0680 5412 vsmraid - ok
19:07:58.0758 5412 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:07:58.0789 5412 VSS - ok
19:07:58.0805 5412 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:07:58.0805 5412 vwifibus - ok
19:07:58.0836 5412 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:07:58.0836 5412 vwififlt - ok
19:07:58.0867 5412 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
19:07:58.0867 5412 vwifimp - ok
19:07:58.0883 5412 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:07:58.0883 5412 W32Time - ok
19:07:58.0914 5412 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:07:58.0914 5412 WacomPen - ok
19:07:58.0945 5412 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:07:58.0945 5412 WANARP - ok
19:07:58.0945 5412 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:07:58.0945 5412 Wanarpv6 - ok
19:07:59.0031 5412 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:07:59.0037 5412 WatAdminSvc - ok
19:07:59.0072 5412 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:07:59.0084 5412 wbengine - ok
19:07:59.0108 5412 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:07:59.0111 5412 WbioSrvc - ok
19:07:59.0136 5412 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:07:59.0148 5412 wcncsvc - ok
19:07:59.0171 5412 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:07:59.0173 5412 WcsPlugInService - ok
19:07:59.0196 5412 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
19:07:59.0197 5412 Wd - ok
19:07:59.0215 5412 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:07:59.0226 5412 Wdf01000 - ok
19:07:59.0242 5412 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:07:59.0247 5412 WdiServiceHost - ok
19:07:59.0250 5412 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:07:59.0252 5412 WdiSystemHost - ok
19:07:59.0267 5412 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:07:59.0270 5412 WebClient - ok
19:07:59.0284 5412 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:07:59.0287 5412 Wecsvc - ok
19:07:59.0290 5412 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:07:59.0290 5412 wercplsupport - ok
19:07:59.0322 5412 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:07:59.0322 5412 WerSvc - ok
19:07:59.0337 5412 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:07:59.0337 5412 WfpLwf - ok
19:07:59.0368 5412 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
19:07:59.0368 5412 WimFltr - ok
19:07:59.0400 5412 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:07:59.0400 5412 WIMMount - ok
19:07:59.0415 5412 WinDefend - ok
19:07:59.0415 5412 WinHttpAutoProxySvc - ok
19:07:59.0478 5412 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:07:59.0478 5412 Winmgmt - ok
19:07:59.0556 5412 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:07:59.0556 5412 WinRM - ok
19:07:59.0602 5412 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:07:59.0602 5412 WinUsb - ok
19:07:59.0649 5412 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:07:59.0665 5412 Wlansvc - ok
19:07:59.0712 5412 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:07:59.0712 5412 wlcrasvc - ok
19:07:59.0821 5412 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:07:59.0821 5412 wlidsvc - ok
19:07:59.0868 5412 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
19:07:59.0868 5412 WmiAcpi - ok
19:07:59.0883 5412 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:07:59.0899 5412 wmiApSrv - ok
19:07:59.0930 5412 WMPNetworkSvc - ok
19:07:59.0946 5412 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:07:59.0946 5412 WPCSvc - ok
19:07:59.0977 5412 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:07:59.0977 5412 WPDBusEnum - ok
19:08:00.0008 5412 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:08:00.0008 5412 ws2ifsl - ok
19:08:00.0032 5412 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
19:08:00.0034 5412 wscsvc - ok
19:08:00.0036 5412 WSearch - ok
19:08:00.0120 5412 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:08:00.0133 5412 wuauserv - ok
19:08:00.0166 5412 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:08:00.0168 5412 WudfPf - ok
19:08:00.0195 5412 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:08:00.0201 5412 WUDFRd - ok
19:08:00.0222 5412 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:08:00.0224 5412 wudfsvc - ok
19:08:00.0244 5412 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:08:00.0253 5412 WwanSvc - ok
19:08:00.0280 5412 ================ Scan global ===============================
19:08:00.0292 5412 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:08:00.0323 5412 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
19:08:00.0354 5412 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
19:08:00.0401 5412 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:08:00.0432 5412 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:08:00.0448 5412 [Global] - ok
19:08:00.0448 5412 ================ Scan MBR ==================================
19:08:00.0494 5412 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
19:08:01.0033 5412 \Device\Harddisk0\DR0 - ok
19:08:01.0033 5412 ================ Scan VBR ==================================
19:08:01.0035 5412 [ 69B675C5EA6DD149AC56D3E563999F70 ] \Device\Harddisk0\DR0\Partition1
19:08:01.0037 5412 \Device\Harddisk0\DR0\Partition1 - ok
19:08:01.0064 5412 [ 915C3A247FB5B28AB40D14CB4701C3BA ] \Device\Harddisk0\DR0\Partition2
19:08:01.0066 5412 \Device\Harddisk0\DR0\Partition2 - ok
19:08:01.0067 5412 ============================================================
19:08:01.0067 5412 Scan finished
19:08:01.0067 5412 ============================================================
19:08:01.0074 2396 Detected object count: 0
19:08:01.0074 2396 Actual detected object count: 0
-
Hi Jeff - It again found 2 items - recommended to skip one, repair one. I did what it said and here is the follow up scan. Thanks again.
21:27:40.0774 6880 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
21:27:41.0629 6880 ============================================================
21:27:41.0629 6880 Current date / time: 2012/10/14 21:27:41.0629
21:27:41.0629 6880 SystemInfo:
21:27:41.0629 6880
21:27:41.0629 6880 OS Version: 6.1.7601 ServicePack: 1.0
21:27:41.0629 6880 Product type: Workstation
21:27:41.0629 6880 ComputerName: TESTANI-PC
21:27:41.0629 6880 UserName: Testani
21:27:41.0629 6880 Windows directory: C:\Windows
21:27:41.0629 6880 System windows directory: C:\Windows
21:27:41.0629 6880 Running under WOW64
21:27:41.0629 6880 Processor architecture: Intel x64
21:27:41.0629 6880 Number of processors: 4
21:27:41.0629 6880 Page size: 0x1000
21:27:41.0629 6880 Boot type: Normal boot
21:27:41.0629 6880 ============================================================
21:27:43.0184 6880 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:27:43.0190 6880 ============================================================
21:27:43.0191 6880 \Device\Harddisk0\DR0:
21:27:43.0191 6880 MBR partitions:
21:27:43.0191 6880 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x34000, BlocksNum 0x2710000
21:27:43.0191 6880 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2744000, BlocksNum 0x48113AB0
21:27:43.0191 6880 ============================================================
21:27:43.0253 6880 C: <-> \Device\Harddisk0\DR0\Partition2
21:27:43.0253 6880 ============================================================
21:27:43.0254 6880 Initialize success
21:27:43.0254 6880 ============================================================
21:27:52.0041 3224 ============================================================
21:27:52.0041 3224 Scan started
21:27:52.0041 3224 Mode: Manual; TDLFS;
21:27:52.0041 3224 ============================================================
21:27:52.0268 3224 ================ Scan system memory ========================
21:27:52.0268 3224 System memory - ok
21:27:52.0269 3224 ================ Scan services =============================
21:27:52.0650 3224 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:27:52.0662 3224 1394ohci - ok
21:27:52.0691 3224 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:27:52.0693 3224 ACPI - ok
21:27:52.0721 3224 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:27:52.0727 3224 AcpiPmi - ok
21:27:52.0856 3224 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:27:52.0871 3224 AdobeARMservice - ok
21:27:53.0330 3224 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:27:53.0332 3224 AdobeFlashPlayerUpdateSvc - ok
21:27:53.0391 3224 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:27:53.0419 3224 adp94xx - ok
21:27:53.0457 3224 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:27:53.0478 3224 adpahci - ok
21:27:53.0513 3224 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:27:53.0544 3224 adpu320 - ok
21:27:53.0576 3224 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:27:53.0591 3224 AeLookupSvc - ok
21:27:53.0685 3224 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
21:27:53.0716 3224 AERTFilters - ok
21:27:53.0903 3224 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:27:53.0934 3224 AFD - ok
21:27:53.0981 3224 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:27:53.0981 3224 agp440 - ok
21:27:54.0012 3224 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:27:54.0028 3224 ALG - ok
21:27:54.0059 3224 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:27:54.0059 3224 aliide - ok
21:27:54.0106 3224 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:27:54.0122 3224 amdide - ok
21:27:54.0153 3224 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:27:54.0168 3224 AmdK8 - ok
21:27:54.0184 3224 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
21:27:54.0200 3224 AmdPPM - ok
21:27:54.0231 3224 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:27:54.0253 3224 amdsata - ok
21:27:54.0280 3224 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
21:27:54.0291 3224 amdsbs - ok
21:27:54.0302 3224 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:27:54.0307 3224 amdxata - ok
21:27:54.0431 3224 [ 18F64623E76FF58009D6F9CB9DEA5D0A ] Amsp C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
21:27:54.0451 3224 Amsp - ok
21:27:54.0519 3224 [ 24ED0EB2B2558970176ECEE680F8F806 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
21:27:54.0530 3224 ApfiltrService - ok
21:27:54.0564 3224 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:27:54.0564 3224 AppID - ok
21:27:54.0595 3224 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:27:54.0595 3224 AppIDSvc - ok
21:27:54.0626 3224 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:27:54.0642 3224 Appinfo - ok
21:27:54.0751 3224 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:27:54.0766 3224 Apple Mobile Device - ok
21:27:54.0798 3224 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
21:27:54.0798 3224 arc - ok
21:27:54.0829 3224 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:27:54.0860 3224 arcsas - ok
21:27:54.0985 3224 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:27:55.0094 3224 aspnet_state - ok
21:27:55.0125 3224 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:27:55.0156 3224 AsyncMac - ok
21:27:55.0188 3224 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:27:55.0203 3224 atapi - ok
21:27:55.0267 3224 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:27:55.0304 3224 AudioEndpointBuilder - ok
21:27:55.0316 3224 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:27:55.0319 3224 AudioSrv - ok
21:27:55.0375 3224 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:27:55.0394 3224 AxInstSV - ok
21:27:55.0430 3224 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
21:27:55.0449 3224 b06bdrv - ok
21:27:55.0469 3224 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:27:55.0485 3224 b57nd60a - ok
21:27:55.0628 3224 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
21:27:55.0675 3224 BBSvc - ok
21:27:55.0753 3224 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
21:27:55.0784 3224 BBUpdate - ok
21:27:55.0847 3224 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:27:55.0862 3224 BDESVC - ok
21:27:55.0893 3224 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:27:55.0893 3224 Beep - ok
21:27:55.0956 3224 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:27:55.0956 3224 BFE - ok
21:27:56.0127 3224 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
21:27:56.0143 3224 BITS - ok
21:27:56.0190 3224 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:27:56.0205 3224 blbdrive - ok
21:27:56.0413 3224 [ C620C59D46F43BEECC556F65E801312B ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
21:27:56.0418 3224 Bluetooth Device Monitor - ok
21:27:56.0582 3224 [ 5E5EDCCEEA4FA3FDF3A907AC204B5828 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
21:27:56.0597 3224 Bluetooth Media Service - ok
21:27:56.0660 3224 [ 826E65C945738CBD64F89EAE4406687F ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
21:27:56.0722 3224 Bluetooth OBEX Service - ok
21:27:56.0769 3224 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:27:56.0800 3224 Bonjour Service - ok
21:27:56.0878 3224 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:27:56.0909 3224 bowser - ok
21:27:56.0940 3224 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
21:27:56.0972 3224 BrFiltLo - ok
21:27:56.0972 3224 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
21:27:56.0987 3224 BrFiltUp - ok
21:27:57.0034 3224 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:27:57.0065 3224 Browser - ok
21:27:57.0081 3224 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:27:57.0112 3224 Brserid - ok
21:27:57.0112 3224 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:27:57.0128 3224 BrSerWdm - ok
21:27:57.0128 3224 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:27:57.0128 3224 BrUsbMdm - ok
21:27:57.0143 3224 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:27:57.0159 3224 BrUsbSer - ok
21:27:57.0206 3224 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
21:27:57.0221 3224 BthEnum - ok
21:27:57.0237 3224 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:27:57.0252 3224 BTHMODEM - ok
21:27:57.0279 3224 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
21:27:57.0280 3224 BthPan - ok
21:27:57.0300 3224 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
21:27:57.0343 3224 BTHPORT - ok
21:27:57.0417 3224 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:27:57.0435 3224 bthserv - ok
21:27:57.0462 3224 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
21:27:57.0472 3224 BTHUSB - ok
21:27:57.0510 3224 [ 962BD3689E2C85F0BA97F3D7E7BA540B ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
21:27:57.0525 3224 btmaux - ok
21:27:57.0543 3224 [ EC1220B647F0D995DA5CAD4153454779 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
21:27:57.0550 3224 btmhsf - ok
21:27:57.0581 3224 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:27:57.0612 3224 cdfs - ok
21:27:57.0659 3224 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:27:57.0659 3224 cdrom - ok
21:27:57.0690 3224 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:27:57.0722 3224 CertPropSvc - ok
21:27:57.0784 3224 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
21:27:57.0800 3224 circlass - ok
21:27:57.0815 3224 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:27:57.0862 3224 CLFS - ok
21:27:57.0940 3224 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:27:57.0971 3224 clr_optimization_v2.0.50727_32 - ok
21:27:58.0018 3224 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:27:58.0018 3224 clr_optimization_v2.0.50727_64 - ok
21:27:58.0080 3224 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:27:58.0158 3224 clr_optimization_v4.0.30319_32 - ok
21:27:58.0190 3224 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:27:58.0205 3224 clr_optimization_v4.0.30319_64 - ok
21:27:58.0268 3224 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:27:58.0268 3224 CmBatt - ok
21:27:58.0311 3224 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:27:58.0318 3224 cmdide - ok
21:27:58.0370 3224 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:27:58.0398 3224 CNG - ok
21:27:58.0436 3224 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:27:58.0442 3224 Compbatt - ok
21:27:58.0457 3224 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
21:27:58.0464 3224 CompositeBus - ok
21:27:58.0475 3224 COMSysApp - ok
21:27:58.0494 3224 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:27:58.0500 3224 crcdisk - ok
21:27:58.0551 3224 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:27:58.0570 3224 CryptSvc - ok
21:27:58.0679 3224 [ BC3D4F90978CD7C8EABD1BAF3BF7873A ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
21:27:58.0710 3224 CtClsFlt - ok
21:27:58.0788 3224 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:27:58.0788 3224 DcomLaunch - ok
21:27:58.0882 3224 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:27:58.0913 3224 defragsvc - ok
21:27:58.0944 3224 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:27:58.0975 3224 DfsC - ok
21:27:59.0022 3224 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:27:59.0038 3224 Dhcp - ok
21:27:59.0053 3224 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:27:59.0069 3224 discache - ok
21:27:59.0085 3224 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
21:27:59.0085 3224 Disk - ok
21:27:59.0116 3224 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:27:59.0147 3224 Dnscache - ok
21:27:59.0178 3224 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:27:59.0194 3224 dot3svc - ok
21:27:59.0209 3224 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:27:59.0225 3224 DPS - ok
21:27:59.0272 3224 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:27:59.0272 3224 drmkaud - ok
21:27:59.0313 3224 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:27:59.0328 3224 DXGKrnl - ok
21:27:59.0354 3224 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:27:59.0355 3224 EapHost - ok
21:27:59.0438 3224 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
21:27:59.0724 3224 ebdrv - ok
21:27:59.0771 3224 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:27:59.0786 3224 EFS - ok
21:27:59.0927 3224 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:27:59.0974 3224 ehRecvr - ok
21:28:00.0005 3224 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:28:00.0020 3224 ehSched - ok
21:28:00.0145 3224 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:28:00.0161 3224 elxstor - ok
21:28:00.0176 3224 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:28:00.0192 3224 ErrDev - ok
21:28:00.0223 3224 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:28:00.0223 3224 EventSystem - ok
21:28:00.0403 3224 [ ED8FBADBBAF7420ADEAE2D5D81F0D4A1 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
21:28:00.0420 3224 EvtEng - ok
21:28:00.0484 3224 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:28:00.0518 3224 exfat - ok
21:28:00.0557 3224 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:28:00.0583 3224 fastfat - ok
21:28:00.0620 3224 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:28:00.0620 3224 Fax - ok
21:28:00.0636 3224 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
21:28:00.0651 3224 fdc - ok
21:28:00.0667 3224 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:28:00.0667 3224 fdPHost - ok
21:28:00.0682 3224 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:28:00.0682 3224 FDResPub - ok
21:28:00.0698 3224 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:28:00.0714 3224 FileInfo - ok
21:28:00.0729 3224 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:28:00.0745 3224 Filetrace - ok
21:28:00.0760 3224 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
21:28:00.0776 3224 flpydisk - ok
21:28:00.0807 3224 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:28:00.0823 3224 FltMgr - ok
21:28:00.0963 3224 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:28:00.0979 3224 FontCache - ok
21:28:01.0041 3224 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:28:01.0057 3224 FontCache3.0.0.0 - ok
21:28:01.0104 3224 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:28:01.0150 3224 FsDepends - ok
21:28:01.0197 3224 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:28:01.0213 3224 Fs_Rec - ok
21:28:01.0291 3224 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:28:01.0339 3224 fvevol - ok
21:28:01.0385 3224 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:28:01.0402 3224 gagp30kx - ok
21:28:01.0479 3224 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:28:01.0494 3224 GEARAspiWDM - ok
21:28:01.0592 3224 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
21:28:01.0623 3224 GoToAssist - ok
21:28:01.0748 3224 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:28:01.0795 3224 gpsvc - ok
21:28:01.0811 3224 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:28:01.0826 3224 hcw85cir - ok
21:28:01.0842 3224 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:28:01.0842 3224 HDAudBus - ok
21:28:01.0857 3224 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
21:28:01.0873 3224 HidBatt - ok
21:28:01.0904 3224 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:28:01.0920 3224 HidBth - ok
21:28:01.0935 3224 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
21:28:01.0967 3224 HidIr - ok
21:28:01.0967 3224 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:28:01.0982 3224 hidserv - ok
21:28:02.0013 3224 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:28:02.0045 3224 HidUsb - ok
21:28:02.0060 3224 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:28:02.0060 3224 hkmsvc - ok
21:28:02.0076 3224 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:28:02.0076 3224 HomeGroupListener - ok
21:28:02.0154 3224 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:28:02.0169 3224 HomeGroupProvider - ok
21:28:02.0263 3224 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:28:02.0279 3224 HpSAMD - ok
21:28:02.0399 3224 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:28:02.0436 3224 HTTP - ok
21:28:02.0471 3224 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:28:02.0492 3224 hwpolicy - ok
21:28:02.0530 3224 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:28:02.0541 3224 i8042prt - ok
21:28:02.0590 3224 [ D469B77687E12FE43E344806740B624D ] iaStor C:\Windows\system32\drivers\iaStor.sys
21:28:02.0596 3224 iaStor - ok
21:28:02.0640 3224 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:28:02.0686 3224 iaStorV - ok
21:28:02.0702 3224 [ E44F0B4DC753C14930B8DC48BB7A1644 ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
21:28:02.0702 3224 iBtFltCoex - ok
21:28:02.0796 3224 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
21:28:02.0858 3224 IDriverT - ok
21:28:03.0108 3224 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:28:03.0232 3224 idsvc - ok
21:28:04.0045 3224 [ A47D902F5C0C43DCF5EE2CAE02BF39A8 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
21:28:04.0311 3224 igfx - ok
21:28:04.0462 3224 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:28:04.0511 3224 iirsp - ok
21:28:04.0546 3224 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:28:04.0551 3224 IKEEXT - ok
21:28:04.0610 3224 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\drivers\Impcd.sys
21:28:04.0634 3224 Impcd - ok
21:28:04.0693 3224 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
21:28:04.0708 3224 intaud_WaveExtensible - ok
21:28:04.0817 3224 [ 8FED6428FDE53D7F4C105095F22524BE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:28:04.0849 3224 IntcAzAudAddService - ok
21:28:04.0880 3224 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
21:28:04.0895 3224 IntcDAud - ok
21:28:04.0927 3224 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:28:04.0958 3224 intelide - ok
21:28:04.0973 3224 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:28:04.0973 3224 intelppm - ok
21:28:04.0989 3224 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:28:05.0020 3224 IPBusEnum - ok
21:28:05.0051 3224 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:28:05.0083 3224 IpFilterDriver - ok
21:28:05.0129 3224 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:28:05.0176 3224 iphlpsvc - ok
21:28:05.0223 3224 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:28:05.0239 3224 IPMIDRV - ok
21:28:05.0270 3224 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:28:05.0301 3224 IPNAT - ok
21:28:05.0435 3224 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:28:05.0452 3224 iPod Service - ok
21:28:05.0510 3224 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:28:05.0531 3224 IRENUM - ok
21:28:05.0541 3224 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:28:05.0549 3224 isapnp - ok
21:28:05.0566 3224 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:28:05.0580 3224 iScsiPrt - ok
21:28:05.0616 3224 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys
21:28:05.0622 3224 iwdbus - ok
21:28:05.0646 3224 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:28:05.0646 3224 kbdclass - ok
21:28:05.0662 3224 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:28:05.0677 3224 kbdhid - ok
21:28:05.0693 3224 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:28:05.0693 3224 KeyIso - ok
21:28:05.0708 3224 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:28:05.0724 3224 KSecDD - ok
21:28:05.0771 3224 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:28:05.0802 3224 KSecPkg - ok
21:28:05.0849 3224 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:28:05.0864 3224 ksthunk - ok
21:28:05.0958 3224 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:28:05.0989 3224 KtmRm - ok
21:28:06.0052 3224 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:28:06.0052 3224 LanmanServer - ok
21:28:06.0083 3224 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:28:06.0098 3224 LanmanWorkstation - ok
21:28:06.0428 3224 [ 3C879D04BB6466E2853C3155B635CC45 ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
21:28:06.0512 3224 LeapFrog Connect Device Service - ok
21:28:06.0550 3224 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:28:06.0575 3224 lltdio - ok
21:28:06.0641 3224 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:28:06.0664 3224 lltdsvc - ok
21:28:06.0695 3224 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:28:06.0711 3224 lmhosts - ok
21:28:06.0757 3224 [ 7F32D4C47A50E7223491E8FB9359907D ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
21:28:06.0804 3224 LMS - ok
21:28:06.0804 3224 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:28:06.0820 3224 LSI_FC - ok
21:28:06.0867 3224 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:28:06.0882 3224 LSI_SAS - ok
21:28:06.0929 3224 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
21:28:06.0945 3224 LSI_SAS2 - ok
21:28:06.0976 3224 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:28:06.0991 3224 LSI_SCSI - ok
21:28:07.0023 3224 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:28:07.0038 3224 luafv - ok
21:28:07.0101 3224 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:28:07.0116 3224 MBAMProtector - ok
21:28:07.0163 3224 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:28:07.0210 3224 MBAMScheduler - ok
21:28:07.0272 3224 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:28:07.0288 3224 MBAMService - ok
21:28:07.0350 3224 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:28:07.0366 3224 Mcx2Svc - ok
21:28:07.0406 3224 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
21:28:07.0415 3224 megasas - ok
21:28:07.0457 3224 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
21:28:07.0471 3224 MegaSR - ok
21:28:07.0490 3224 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
21:28:07.0497 3224 MEIx64 - ok
21:28:07.0568 3224 Microsoft SharePoint Workspace Audit Service - ok
21:28:07.0615 3224 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:28:07.0616 3224 MMCSS - ok
21:28:07.0632 3224 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:28:07.0640 3224 Modem - ok
21:28:07.0679 3224 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:28:07.0679 3224 monitor - ok
21:28:07.0725 3224 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:28:07.0741 3224 mouclass - ok
21:28:07.0757 3224 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:28:07.0772 3224 mouhid - ok
21:28:07.0819 3224 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:28:07.0819 3224 mountmgr - ok
21:28:07.0881 3224 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:28:07.0913 3224 mpio - ok
21:28:07.0913 3224 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:28:07.0929 3224 mpsdrv - ok
21:28:07.0976 3224 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:28:07.0992 3224 MpsSvc - ok
21:28:08.0007 3224 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:28:08.0007 3224 MRxDAV - ok
21:28:08.0038 3224 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:28:08.0070 3224 mrxsmb - ok
21:28:08.0132 3224 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:28:08.0163 3224 mrxsmb10 - ok
21:28:08.0179 3224 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:28:08.0194 3224 mrxsmb20 - ok
21:28:08.0226 3224 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:28:08.0226 3224 msahci - ok
21:28:08.0257 3224 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:28:08.0288 3224 msdsm - ok
21:28:08.0304 3224 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:28:08.0319 3224 MSDTC - ok
21:28:08.0335 3224 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:28:08.0350 3224 Msfs - ok
21:28:08.0385 3224 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:28:08.0404 3224 mshidkmdf - ok
21:28:08.0422 3224 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:28:08.0427 3224 msisadrv - ok
21:28:08.0448 3224 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:28:08.0458 3224 MSiSCSI - ok
21:28:08.0462 3224 msiserver - ok
21:28:08.0497 3224 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:28:08.0503 3224 MSKSSRV - ok
21:28:08.0517 3224 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:28:08.0522 3224 MSPCLOCK - ok
21:28:08.0531 3224 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:28:08.0537 3224 MSPQM - ok
21:28:08.0551 3224 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:28:08.0565 3224 MsRPC - ok
21:28:08.0579 3224 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:28:08.0580 3224 mssmbios - ok
21:28:08.0594 3224 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:28:08.0600 3224 MSTEE - ok
21:28:08.0614 3224 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
21:28:08.0620 3224 MTConfig - ok
21:28:08.0623 3224 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:28:08.0630 3224 Mup - ok
21:28:08.0649 3224 [ F02A154FDE5DA779E971352256E64CFF ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
21:28:08.0680 3224 MyWiFiDHCPDNS - ok
21:28:08.0727 3224 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:28:08.0758 3224 napagent - ok
21:28:08.0789 3224 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:28:08.0836 3224 NativeWifiP - ok
21:28:09.0039 3224 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:28:09.0054 3224 NDIS - ok
21:28:09.0101 3224 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:28:09.0117 3224 NdisCap - ok
21:28:09.0132 3224 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:28:09.0132 3224 NdisTapi - ok
21:28:09.0163 3224 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:28:09.0195 3224 Ndisuio - ok
21:28:09.0210 3224 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:28:09.0273 3224 NdisWan - ok
21:28:09.0288 3224 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:28:09.0319 3224 NDProxy - ok
21:28:09.0335 3224 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:28:09.0351 3224 NetBIOS - ok
21:28:09.0367 3224 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:28:09.0367 3224 NetBT - ok
21:28:09.0393 3224 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:28:09.0394 3224 Netlogon - ok
21:28:09.0422 3224 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:28:09.0430 3224 Netman - ok
21:28:09.0471 3224 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:28:09.0545 3224 NetMsmqActivator - ok
21:28:09.0552 3224 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:28:09.0553 3224 NetPipeActivator - ok
21:28:09.0576 3224 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:28:09.0579 3224 netprofm - ok
21:28:09.0583 3224 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:28:09.0584 3224 NetTcpActivator - ok
21:28:09.0588 3224 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:28:09.0589 3224 NetTcpPortSharing - ok
21:28:09.0933 3224 [ C3FC3EEE5A0CE77A02B27CFDFAF0C758 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
21:28:10.0229 3224 NETwNs64 - ok
21:28:10.0292 3224 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:28:10.0307 3224 nfrd960 - ok
21:28:10.0354 3224 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:28:10.0370 3224 NlaSvc - ok
21:28:10.0385 3224 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:28:10.0405 3224 Npfs - ok
21:28:10.0422 3224 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:28:10.0423 3224 nsi - ok
21:28:10.0455 3224 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:28:10.0462 3224 nsiproxy - ok
21:28:10.0536 3224 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:28:10.0609 3224 Ntfs - ok
21:28:10.0623 3224 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:28:10.0628 3224 Null - ok
21:28:10.0669 3224 [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
21:28:10.0700 3224 nusb3hub - ok
21:28:10.0747 3224 [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:28:10.0778 3224 nusb3xhc - ok
21:28:10.0794 3224 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:28:10.0856 3224 nvraid - ok
21:28:10.0872 3224 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:28:10.0887 3224 nvstor - ok
21:28:10.0919 3224 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:28:10.0951 3224 nv_agp - ok
21:28:10.0998 3224 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:28:11.0029 3224 ohci1394 - ok
21:28:11.0091 3224 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:28:11.0122 3224 ose - ok
21:28:11.0388 3224 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:28:11.0670 3224 osppsvc - ok
21:28:11.0701 3224 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:28:11.0748 3224 p2pimsvc - ok
21:28:11.0795 3224 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:28:11.0811 3224 p2psvc - ok
21:28:11.0842 3224 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
21:28:11.0873 3224 Parport - ok
21:28:11.0889 3224 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:28:11.0904 3224 partmgr - ok
21:28:11.0920 3224 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:28:11.0920 3224 PcaSvc - ok
21:28:11.0935 3224 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:28:11.0967 3224 pci - ok
21:28:11.0982 3224 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:28:11.0998 3224 pciide - ok
21:28:12.0013 3224 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:28:12.0045 3224 pcmcia - ok
21:28:12.0091 3224 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:28:12.0107 3224 pcw - ok
21:28:12.0123 3224 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:28:12.0154 3224 PEAUTH - ok
21:28:12.0357 3224 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:28:12.0403 3224 PerfHost - ok
21:28:12.0526 3224 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:28:12.0585 3224 pla - ok
21:28:12.0622 3224 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:28:12.0639 3224 PlugPlay - ok
21:28:12.0651 3224 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:28:12.0658 3224 PNRPAutoReg - ok
21:28:12.0675 3224 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:28:12.0677 3224 PNRPsvc - ok
21:28:12.0733 3224 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
21:28:12.0733 3224 Point64 - ok
21:28:12.0780 3224 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:28:12.0811 3224 PolicyAgent - ok
21:28:12.0874 3224 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:28:12.0874 3224 Power - ok
21:28:12.0920 3224 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:28:12.0920 3224 PptpMiniport - ok
21:28:12.0952 3224 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
21:28:12.0952 3224 Processor - ok
21:28:12.0998 3224 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:28:12.0998 3224 ProfSvc - ok
21:28:13.0014 3224 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:28:13.0014 3224 ProtectedStorage - ok
21:28:13.0045 3224 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:28:13.0061 3224 Psched - ok
21:28:13.0108 3224 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
21:28:13.0123 3224 PxHlpa64 - ok
21:28:13.0170 3224 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:28:13.0279 3224 ql2300 - ok
21:28:13.0404 3224 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:28:13.0420 3224 ql40xx - ok
21:28:13.0475 3224 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:28:13.0491 3224 QWAVE - ok
21:28:13.0507 3224 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:28:13.0516 3224 QWAVEdrv - ok
21:28:13.0535 3224 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:28:13.0542 3224 RasAcd - ok
21:28:13.0564 3224 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:28:13.0579 3224 RasAgileVpn - ok
21:28:13.0604 3224 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:28:13.0612 3224 RasAuto - ok
21:28:13.0645 3224 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:28:13.0665 3224 Rasl2tp - ok
21:28:13.0684 3224 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:28:13.0697 3224 RasMan - ok
21:28:13.0712 3224 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:28:13.0722 3224 RasPppoe - ok
21:28:13.0724 3224 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:28:13.0740 3224 RasSstp - ok
21:28:13.0755 3224 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:28:13.0771 3224 rdbss - ok
21:28:13.0786 3224 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
21:28:13.0802 3224 rdpbus - ok
21:28:13.0833 3224 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:28:13.0833 3224 RDPCDD - ok
21:28:13.0849 3224 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:28:13.0849 3224 RDPENCDD - ok
21:28:13.0864 3224 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:28:13.0864 3224 RDPREFMP - ok
21:28:13.0896 3224 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:28:13.0942 3224 RDPWD - ok
21:28:13.0974 3224 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:28:13.0989 3224 rdyboost - ok
21:28:14.0067 3224 [ 3A1EF2F8D0808BECE6A2FEF3EA3987A5 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
21:28:14.0098 3224 RegSrvc - ok
21:28:14.0176 3224 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:28:14.0208 3224 RemoteAccess - ok
21:28:14.0239 3224 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:28:14.0270 3224 RemoteRegistry - ok
21:28:14.0317 3224 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
21:28:14.0364 3224 RFCOMM - ok
21:28:14.0535 3224 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
21:28:14.0598 3224 RoxMediaDB12OEM - ok
21:28:14.0629 3224 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
21:28:14.0660 3224 RoxWatch12 - ok
21:28:14.0707 3224 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:28:14.0707 3224 RpcEptMapper - ok
21:28:14.0769 3224 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:28:14.0785 3224 RpcLocator - ok
21:28:14.0816 3224 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:28:14.0832 3224 RpcSs - ok
21:28:14.0847 3224 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:28:14.0863 3224 rspndr - ok
21:28:14.0894 3224 [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
21:28:14.0910 3224 RSUSBSTOR - ok
21:28:14.0988 3224 [ A73ED14670220307874AD6BC2F279349 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
21:28:15.0019 3224 RTL8167 - ok
21:28:15.0034 3224 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:28:15.0034 3224 SamSs - ok
21:28:15.0050 3224 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:28:15.0066 3224 sbp2port - ok
21:28:15.0097 3224 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:28:15.0112 3224 SCardSvr - ok
21:28:15.0159 3224 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:28:15.0159 3224 scfilter - ok
21:28:15.0206 3224 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:28:15.0284 3224 Schedule - ok
21:28:15.0331 3224 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:28:15.0331 3224 SCPolicySvc - ok
21:28:15.0378 3224 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:28:15.0378 3224 SDRSVC - ok
21:28:15.0409 3224 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:28:15.0409 3224 secdrv - ok
21:28:15.0424 3224 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:28:15.0440 3224 seclogon - ok
21:28:15.0456 3224 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:28:15.0456 3224 SENS - ok
21:28:15.0483 3224 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:28:15.0490 3224 SensrSvc - ok
21:28:15.0512 3224 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
21:28:15.0519 3224 Serenum - ok
21:28:15.0533 3224 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
21:28:15.0543 3224 Serial - ok
21:28:15.0578 3224 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:28:15.0586 3224 sermouse - ok
21:28:15.0608 3224 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:28:15.0670 3224 SessionEnv - ok
21:28:15.0687 3224 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:28:15.0694 3224 sffdisk - ok
21:28:15.0713 3224 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:28:15.0719 3224 sffp_mmc - ok
21:28:15.0735 3224 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:28:15.0742 3224 sffp_sd - ok
21:28:15.0744 3224 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:28:15.0744 3224 sfloppy - ok
21:28:15.0853 3224 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
21:28:15.0916 3224 SftService - ok
21:28:15.0963 3224 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:28:15.0978 3224 SharedAccess - ok
21:28:16.0009 3224 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:28:16.0056 3224 ShellHWDetection - ok
21:28:16.0087 3224 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
21:28:16.0087 3224 SiSRaid2 - ok
21:28:16.0119 3224 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:28:16.0119 3224 SiSRaid4 - ok
21:28:16.0165 3224 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:28:16.0462 3224 SkypeUpdate - ok
21:28:16.0494 3224 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:28:16.0505 3224 Smb - ok
21:28:16.0534 3224 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:28:16.0542 3224 SNMPTRAP - ok
21:28:16.0551 3224 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:28:16.0558 3224 spldr - ok
21:28:16.0606 3224 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:28:16.0621 3224 Spooler - ok
21:28:16.0685 3224 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:28:16.0714 3224 sppsvc - ok
21:28:16.0726 3224 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:28:16.0734 3224 sppuinotify - ok
21:28:16.0759 3224 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:28:16.0775 3224 srv - ok
21:28:16.0806 3224 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:28:16.0853 3224 srv2 - ok
21:28:16.0884 3224 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:28:16.0931 3224 srvnet - ok
21:28:16.0993 3224 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:28:16.0993 3224 SSDPSRV - ok
21:28:17.0009 3224 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:28:17.0024 3224 SstpSvc - ok
21:28:17.0040 3224 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
21:28:17.0055 3224 stexstor - ok
21:28:17.0087 3224 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:28:17.0118 3224 stisvc - ok
21:28:17.0180 3224 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
21:28:17.0180 3224 stllssvr - ok
21:28:17.0211 3224 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:28:17.0211 3224 swenum - ok
21:28:17.0227 3224 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:28:17.0243 3224 swprv - ok
21:28:17.0289 3224 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:28:17.0305 3224 SysMain - ok
21:28:17.0321 3224 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:28:17.0336 3224 TabletInputService - ok
21:28:17.0352 3224 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:28:17.0352 3224 TapiSrv - ok
21:28:17.0367 3224 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:28:17.0383 3224 TBS - ok
21:28:17.0461 3224 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:28:17.0543 3224 Tcpip - ok
21:28:17.0586 3224 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:28:17.0621 3224 TCPIP6 - ok
21:28:17.0688 3224 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:28:17.0712 3224 tcpipreg - ok
21:28:17.0735 3224 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:28:17.0742 3224 TDPIPE - ok
21:28:17.0783 3224 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:28:17.0790 3224 TDTCP - ok
21:28:17.0794 3224 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:28:17.0810 3224 tdx - ok
21:28:17.0841 3224 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:28:17.0841 3224 TermDD - ok
21:28:17.0888 3224 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:28:17.0888 3224 TermService - ok
21:28:17.0904 3224 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:28:17.0919 3224 Themes - ok
21:28:17.0935 3224 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:28:17.0935 3224 THREADORDER - ok
21:28:17.0997 3224 [ 73AAFFDD2AC3C8814B26C440E5DD9DD4 ] tmactmon C:\Windows\system32\DRIVERS\tmactmon.sys
21:28:17.0997 3224 tmactmon - ok
21:28:18.0060 3224 [ 360E61217D4E1E333583D0C721057F70 ] tmcomm C:\Windows\system32\DRIVERS\tmcomm.sys
21:28:18.0091 3224 tmcomm - ok
21:28:18.0153 3224 [ 699D34EB7C670139CA23A65372BD5743 ] tmevtmgr C:\Windows\system32\DRIVERS\tmevtmgr.sys
21:28:18.0169 3224 tmevtmgr - ok
21:28:18.0200 3224 [ 262198EFB734012BFCD17E7479AE4A09 ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys
21:28:18.0200 3224 tmtdi - ok
21:28:18.0247 3224 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:28:18.0247 3224 TrkWks - ok
21:28:18.0325 3224 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:28:18.0356 3224 TrustedInstaller - ok
21:28:18.0372 3224 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:28:18.0387 3224 tssecsrv - ok
21:28:18.0418 3224 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:28:18.0434 3224 TsUsbFlt - ok
21:28:18.0450 3224 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
21:28:18.0481 3224 TsUsbGD - ok
21:28:18.0512 3224 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:28:18.0553 3224 tunnel - ok
21:28:18.0586 3224 [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
21:28:18.0592 3224 TurboB - ok
21:28:18.0675 3224 [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
21:28:18.0702 3224 TurboBoost - ok
21:28:18.0722 3224 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:28:18.0731 3224 uagp35 - ok
21:28:18.0760 3224 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:28:18.0792 3224 udfs - ok
21:28:18.0813 3224 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:28:18.0829 3224 UI0Detect - ok
21:28:18.0860 3224 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:28:18.0860 3224 uliagpkx - ok
21:28:18.0891 3224 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:28:18.0907 3224 umbus - ok
21:28:18.0922 3224 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
21:28:18.0938 3224 UmPass - ok
21:28:19.0141 3224 [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
21:28:19.0172 3224 UNS - ok
21:28:19.0234 3224 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:28:19.0250 3224 upnphost - ok
21:28:19.0297 3224 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
21:28:19.0328 3224 USBAAPL64 - ok
21:28:19.0359 3224 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:28:19.0359 3224 usbccgp - ok
21:28:19.0406 3224 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:28:19.0422 3224 usbcir - ok
21:28:19.0422 3224 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:28:19.0437 3224 usbehci - ok
21:28:19.0468 3224 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:28:19.0515 3224 usbhub - ok
21:28:19.0545 3224 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:28:19.0552 3224 usbohci - ok
21:28:19.0571 3224 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
21:28:19.0579 3224 usbprint - ok
21:28:19.0598 3224 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:28:19.0608 3224 USBSTOR - ok
21:28:19.0658 3224 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:28:19.0675 3224 usbuhci - ok
21:28:19.0743 3224 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:28:19.0758 3224 usbvideo - ok
21:28:19.0792 3224 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:28:19.0798 3224 UxSms - ok
21:28:19.0814 3224 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:28:19.0814 3224 VaultSvc - ok
21:28:19.0846 3224 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:28:19.0861 3224 vdrvroot - ok
21:28:19.0955 3224 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:28:19.0986 3224 vds - ok
21:28:19.0986 3224 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:28:20.0002 3224 vga - ok
21:28:20.0017 3224 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:28:20.0017 3224 VgaSave - ok
21:28:20.0033 3224 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:28:20.0048 3224 vhdmp - ok
21:28:20.0064 3224 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:28:20.0080 3224 viaide - ok
21:28:20.0095 3224 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:28:20.0111 3224 volmgr - ok
21:28:20.0158 3224 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:28:20.0204 3224 volmgrx - ok
21:28:20.0220 3224 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:28:20.0267 3224 volsnap - ok
21:28:20.0298 3224 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:28:20.0329 3224 vsmraid - ok
21:28:20.0392 3224 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:28:20.0438 3224 VSS - ok
21:28:20.0454 3224 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:28:20.0454 3224 vwifibus - ok
21:28:20.0470 3224 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:28:20.0485 3224 vwififlt - ok
21:28:20.0501 3224 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
21:28:20.0501 3224 vwifimp - ok
21:28:20.0585 3224 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:28:20.0593 3224 W32Time - ok
21:28:20.0619 3224 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:28:20.0644 3224 WacomPen - ok
21:28:20.0692 3224 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:28:20.0703 3224 WANARP - ok
21:28:20.0706 3224 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:28:20.0707 3224 Wanarpv6 - ok
21:28:20.0772 3224 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:28:20.0832 3224 WatAdminSvc - ok
21:28:20.0957 3224 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:28:21.0004 3224 wbengine - ok
21:28:21.0019 3224 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:28:21.0035 3224 WbioSrvc - ok
21:28:21.0050 3224 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:28:21.0066 3224 wcncsvc - ok
21:28:21.0097 3224 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:28:21.0113 3224 WcsPlugInService - ok
21:28:21.0144 3224 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
21:28:21.0144 3224 Wd - ok
21:28:21.0175 3224 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:28:21.0222 3224 Wdf01000 - ok
21:28:21.0269 3224 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:28:21.0284 3224 WdiServiceHost - ok
21:28:21.0300 3224 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:28:21.0300 3224 WdiSystemHost - ok
21:28:21.0378 3224 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:28:21.0409 3224 WebClient - ok
21:28:21.0425 3224 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:28:21.0456 3224 Wecsvc - ok
21:28:21.0472 3224 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:28:21.0472 3224 wercplsupport - ok
21:28:21.0503 3224 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:28:21.0518 3224 WerSvc - ok
21:28:21.0518 3224 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:28:21.0518 3224 WfpLwf - ok
21:28:21.0576 3224 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
21:28:21.0588 3224 WimFltr - ok
21:28:21.0600 3224 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:28:21.0607 3224 WIMMount - ok
21:28:21.0624 3224 WinDefend - ok
21:28:21.0628 3224 WinHttpAutoProxySvc - ok
21:28:21.0744 3224 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:28:21.0764 3224 Winmgmt - ok
21:28:21.0821 3224 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:28:21.0914 3224 WinRM - ok
21:28:21.0961 3224 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:28:21.0977 3224 WinUsb - ok
21:28:22.0023 3224 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:28:22.0055 3224 Wlansvc - ok
21:28:22.0101 3224 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:28:22.0117 3224 wlcrasvc - ok
21:28:22.0273 3224 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:28:22.0289 3224 wlidsvc - ok
21:28:22.0320 3224 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
21:28:22.0320 3224 WmiAcpi - ok
21:28:22.0335 3224 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:28:22.0351 3224 wmiApSrv - ok
21:28:22.0382 3224 WMPNetworkSvc - ok
21:28:22.0398 3224 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:28:22.0429 3224 WPCSvc - ok
21:28:22.0460 3224 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:28:22.0491 3224 WPDBusEnum - ok
21:28:22.0507 3224 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:28:22.0507 3224 ws2ifsl - ok
21:28:22.0523 3224 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
21:28:22.0523 3224 wscsvc - ok
21:28:22.0523 3224 WSearch - ok
21:28:22.0602 3224 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:28:22.0625 3224 wuauserv - ok
21:28:22.0642 3224 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:28:22.0652 3224 WudfPf - ok
21:28:22.0680 3224 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:28:22.0692 3224 WUDFRd - ok
21:28:22.0709 3224 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:28:22.0717 3224 wudfsvc - ok
21:28:22.0731 3224 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:28:22.0743 3224 WwanSvc - ok
21:28:22.0771 3224 ================ Scan global ===============================
21:28:22.0787 3224 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:28:22.0833 3224 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
21:28:22.0849 3224 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
21:28:22.0865 3224 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:28:22.0943 3224 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:28:22.0974 3224 [Global] - ok
21:28:22.0974 3224 ================ Scan MBR ==================================
21:28:22.0989 3224 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
21:28:24.0331 3224 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:28:24.0331 3224 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:28:24.0331 3224 ================ Scan VBR ==================================
21:28:24.0347 3224 [ 69B675C5EA6DD149AC56D3E563999F70 ] \Device\Harddisk0\DR0\Partition1
21:28:24.0362 3224 \Device\Harddisk0\DR0\Partition1 - ok
21:28:24.0393 3224 [ 915C3A247FB5B28AB40D14CB4701C3BA ] \Device\Harddisk0\DR0\Partition2
21:28:24.0393 3224 \Device\Harddisk0\DR0\Partition2 - ok
21:28:24.0393 3224 ============================================================
21:28:24.0393 3224 Scan finished
21:28:24.0393 3224 ============================================================
21:28:24.0425 5252 Detected object count: 1
21:28:24.0425 5252 Actual detected object count: 1
21:30:21.0348 5252 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
21:30:21.0348 5252 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
-
Here are the last 2.
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-14 12:56:12
-----------------------------
12:56:12.044 OS Version: Windows x64 6.1.7601 Service Pack 1
12:56:12.044 Number of processors: 4 586 0x2A07
12:56:12.044 ComputerName: TESTANI-PC UserName: Testani
12:56:17.396 Initialize success
12:57:48.019 AVAST engine defs: 12101400
12:59:30.233 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:59:30.233 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
12:59:30.233 Device \Driver\iaStor -> MajorFunction fffffa8009ce55e8
12:59:30.233 Disk 0 MBR read successfully
12:59:30.233 Disk 0 MBR scan
12:59:30.249 Disk 0 Windows VISTA default MBR code
12:59:30.249 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
12:59:30.264 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 20000 MB offset 212992
12:59:30.295 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 590375 MB offset 41172992
12:59:30.358 Disk 0 scanning C:\Windows\system32\drivers
12:59:47.066 Service scanning
13:00:21.588 Modules scanning
13:00:21.604 Disk 0 trace - called modules:
13:00:21.979 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8009ce55e8]<<
13:00:21.994 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009658060]
13:00:22.010 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007713050]
13:00:22.010 \Driver\iaStor[0xfffffa8009c1b230] -> IRP_MJ_CREATE -> 0xfffffa8009ce55e8
13:00:24.075 AVAST engine scan C:\Windows
13:00:27.997 AVAST engine scan C:\Windows\system32
13:04:54.663 AVAST engine scan C:\Windows\system32\drivers
13:05:15.779 AVAST engine scan C:\Users\Testani
13:12:12.866 Disk 0 MBR has been saved successfully to "C:\Users\Testani\Desktop\MBR.dat"
13:12:12.866 The log file has been saved successfully to "C:\Users\Testani\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-14 13:27:38
-----------------------------
13:27:38.653 OS Version: Windows x64 6.1.7601 Service Pack 1
13:27:38.653 Number of processors: 4 586 0x2A07
13:27:38.654 ComputerName: TESTANI-PC UserName: Testani
13:27:40.805 Initialize success
13:27:46.801 AVAST engine defs: 12101400
13:27:54.965 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:27:54.965 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
13:27:54.965 Device \Driver\iaStor -> MajorFunction fffffa8009ce55e8
13:27:54.996 Disk 0 MBR read successfully
13:27:54.996 Disk 0 MBR scan
13:27:54.996 Disk 0 Windows VISTA default MBR code
13:27:54.996 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
13:27:55.043 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 20000 MB offset 212992
13:27:55.074 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 590375 MB offset 41172992
13:27:55.137 Disk 0 scanning C:\Windows\system32\drivers
13:28:09.469 Service scanning
13:28:41.632 Modules scanning
13:28:41.652 Disk 0 trace - called modules:
13:28:41.986 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8009ce55e8]<<
13:28:41.990 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009658060]
13:28:41.994 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007713050]
13:28:41.999 \Driver\iaStor[0xfffffa8009c1b230] -> IRP_MJ_CREATE -> 0xfffffa8009ce55e8
13:28:44.182 AVAST engine scan C:\Windows
13:28:49.137 AVAST engine scan C:\Windows\system32
13:32:15.116 AVAST engine scan C:\Windows\system32\drivers
13:32:31.771 AVAST engine scan C:\Users\Testani
13:45:38.271 Disk 0 MBR has been saved successfully to "C:\Users\Testani\Desktop\MBR.dat"
13:45:38.521 The log file has been saved successfully to "C:\Users\Testani\Desktop\aswMBR.txt"
13:13:07.0907 2940 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
13:13:08.0204 2940 ============================================================
13:13:08.0204 2940 Current date / time: 2012/10/14 13:13:08.0204
13:13:08.0204 2940 SystemInfo:
13:13:08.0204 2940
13:13:08.0204 2940 OS Version: 6.1.7601 ServicePack: 1.0
13:13:08.0204 2940 Product type: Workstation
13:13:08.0204 2940 ComputerName: TESTANI-PC
13:13:08.0204 2940 UserName: Testani
13:13:08.0204 2940 Windows directory: C:\Windows
13:13:08.0204 2940 System windows directory: C:\Windows
13:13:08.0204 2940 Running under WOW64
13:13:08.0204 2940 Processor architecture: Intel x64
13:13:08.0204 2940 Number of processors: 4
13:13:08.0204 2940 Page size: 0x1000
13:13:08.0204 2940 Boot type: Normal boot
13:13:08.0204 2940 ============================================================
13:13:08.0841 2940 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:13:08.0847 2940 ============================================================
13:13:08.0847 2940 \Device\Harddisk0\DR0:
13:13:08.0847 2940 MBR partitions:
13:13:08.0847 2940 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x34000, BlocksNum 0x2710000
13:13:08.0847 2940 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2744000, BlocksNum 0x48113AB0
13:13:08.0847 2940 ============================================================
13:13:08.0878 2940 C: <-> \Device\Harddisk0\DR0\Partition2
13:13:08.0878 2940 ============================================================
13:13:08.0878 2940 Initialize success
13:13:08.0878 2940 ============================================================
13:13:32.0088 8000 ============================================================
13:13:32.0088 8000 Scan started
13:13:32.0088 8000 Mode: Manual; TDLFS;
13:13:32.0088 8000 ============================================================
13:13:32.0854 8000 ================ Scan system memory ========================
13:13:32.0854 8000 System memory - ok
13:13:32.0854 8000 ================ Scan services =============================
13:13:33.0061 8000 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:13:33.0076 8000 1394ohci - ok
13:13:33.0123 8000 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:13:33.0123 8000 ACPI - ok
13:13:33.0139 8000 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:13:33.0139 8000 AcpiPmi - ok
13:13:33.0279 8000 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:13:33.0310 8000 AdobeARMservice - ok
13:13:33.0482 8000 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:13:33.0529 8000 AdobeFlashPlayerUpdateSvc - ok
13:13:33.0591 8000 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
13:13:33.0607 8000 adp94xx - ok
13:13:33.0638 8000 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
13:13:33.0638 8000 adpahci - ok
13:13:33.0654 8000 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
13:13:33.0654 8000 adpu320 - ok
13:13:33.0685 8000 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:13:33.0685 8000 AeLookupSvc - ok
13:13:33.0773 8000 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
13:13:33.0794 8000 AERTFilters - ok
13:13:33.0858 8000 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:13:33.0868 8000 AFD - ok
13:13:33.0894 8000 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:13:33.0895 8000 agp440 - ok
13:13:33.0921 8000 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:13:33.0922 8000 ALG - ok
13:13:33.0952 8000 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:13:33.0954 8000 aliide - ok
13:13:33.0968 8000 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:13:33.0970 8000 amdide - ok
13:13:33.0994 8000 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
13:13:33.0995 8000 AmdK8 - ok
13:13:34.0014 8000 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
13:13:34.0017 8000 AmdPPM - ok
13:13:34.0065 8000 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:13:34.0065 8000 amdsata - ok
13:13:34.0096 8000 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
13:13:34.0096 8000 amdsbs - ok
13:13:34.0112 8000 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:13:34.0112 8000 amdxata - ok
13:13:34.0221 8000 [ 18F64623E76FF58009D6F9CB9DEA5D0A ] Amsp C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
13:13:34.0252 8000 Amsp - ok
13:13:34.0330 8000 [ 24ED0EB2B2558970176ECEE680F8F806 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
13:13:34.0346 8000 ApfiltrService - ok
13:13:34.0362 8000 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:13:34.0377 8000 AppID - ok
13:13:34.0393 8000 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:13:34.0408 8000 AppIDSvc - ok
13:13:34.0424 8000 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:13:34.0424 8000 Appinfo - ok
13:13:34.0533 8000 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:13:34.0564 8000 Apple Mobile Device - ok
13:13:34.0596 8000 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
13:13:34.0596 8000 arc - ok
13:13:34.0611 8000 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:13:34.0611 8000 arcsas - ok
13:13:34.0720 8000 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:13:34.0752 8000 aspnet_state - ok
13:13:34.0794 8000 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:13:34.0796 8000 AsyncMac - ok
13:13:34.0835 8000 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:13:34.0836 8000 atapi - ok
13:13:34.0875 8000 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:13:34.0879 8000 AudioEndpointBuilder - ok
13:13:34.0895 8000 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:13:34.0899 8000 AudioSrv - ok
13:13:34.0961 8000 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:13:34.0962 8000 AxInstSV - ok
13:13:35.0004 8000 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
13:13:35.0007 8000 b06bdrv - ok
13:13:35.0022 8000 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:13:35.0024 8000 b57nd60a - ok
13:13:35.0125 8000 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
13:13:35.0141 8000 BBSvc - ok
13:13:35.0188 8000 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
13:13:35.0235 8000 BBUpdate - ok
13:13:35.0281 8000 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:13:35.0281 8000 BDESVC - ok
13:13:35.0344 8000 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:13:35.0344 8000 Beep - ok
13:13:35.0407 8000 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
13:13:35.0423 8000 BFE - ok
13:13:35.0454 8000 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
13:13:35.0470 8000 BITS - ok
13:13:35.0501 8000 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:13:35.0501 8000 blbdrive - ok
13:13:35.0610 8000 [ C620C59D46F43BEECC556F65E801312B ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
13:13:35.0719 8000 Bluetooth Device Monitor - ok
13:13:35.0750 8000 [ 5E5EDCCEEA4FA3FDF3A907AC204B5828 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
13:13:35.0833 8000 Bluetooth Media Service - ok
13:13:35.0880 8000 [ 826E65C945738CBD64F89EAE4406687F ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
13:13:35.0958 8000 Bluetooth OBEX Service - ok
13:13:36.0028 8000 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:13:36.0048 8000 Bonjour Service - ok
13:13:36.0096 8000 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:13:36.0096 8000 bowser - ok
13:13:36.0128 8000 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
13:13:36.0143 8000 BrFiltLo - ok
13:13:36.0143 8000 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
13:13:36.0143 8000 BrFiltUp - ok
13:13:36.0206 8000 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
13:13:36.0206 8000 Browser - ok
13:13:36.0221 8000 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:13:36.0221 8000 Brserid - ok
13:13:36.0237 8000 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:13:36.0237 8000 BrSerWdm - ok
13:13:36.0237 8000 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:13:36.0237 8000 BrUsbMdm - ok
13:13:36.0252 8000 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:13:36.0252 8000 BrUsbSer - ok
13:13:36.0299 8000 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
13:13:36.0299 8000 BthEnum - ok
13:13:36.0315 8000 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
13:13:36.0330 8000 BTHMODEM - ok
13:13:36.0362 8000 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
13:13:36.0377 8000 BthPan - ok
13:13:36.0408 8000 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
13:13:36.0408 8000 BTHPORT - ok
13:13:36.0455 8000 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:13:36.0471 8000 bthserv - ok
13:13:36.0486 8000 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
13:13:36.0486 8000 BTHUSB - ok
13:13:36.0533 8000 [ 962BD3689E2C85F0BA97F3D7E7BA540B ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
13:13:36.0533 8000 btmaux - ok
13:13:36.0564 8000 [ EC1220B647F0D995DA5CAD4153454779 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
13:13:36.0564 8000 btmhsf - ok
13:13:36.0580 8000 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:13:36.0580 8000 cdfs - ok
13:13:36.0627 8000 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:13:36.0627 8000 cdrom - ok
13:13:36.0642 8000 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:13:36.0642 8000 CertPropSvc - ok
13:13:36.0674 8000 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
13:13:36.0689 8000 circlass - ok
13:13:36.0705 8000 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:13:36.0720 8000 CLFS - ok
13:13:36.0767 8000 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:13:36.0795 8000 clr_optimization_v2.0.50727_32 - ok
13:13:36.0851 8000 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:13:36.0856 8000 clr_optimization_v2.0.50727_64 - ok
13:13:36.0922 8000 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:13:36.0927 8000 clr_optimization_v4.0.30319_32 - ok
13:13:36.0964 8000 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:13:36.0966 8000 clr_optimization_v4.0.30319_64 - ok
13:13:36.0998 8000 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:13:36.0999 8000 CmBatt - ok
13:13:37.0009 8000 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:13:37.0010 8000 cmdide - ok
13:13:37.0053 8000 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
13:13:37.0068 8000 CNG - ok
13:13:37.0100 8000 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:13:37.0100 8000 Compbatt - ok
13:13:37.0115 8000 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
13:13:37.0115 8000 CompositeBus - ok
13:13:37.0131 8000 COMSysApp - ok
13:13:37.0178 8000 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
13:13:37.0178 8000 crcdisk - ok
13:13:37.0224 8000 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:13:37.0240 8000 CryptSvc - ok
13:13:37.0365 8000 [ BC3D4F90978CD7C8EABD1BAF3BF7873A ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
13:13:37.0365 8000 CtClsFlt - ok
13:13:37.0412 8000 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:13:37.0412 8000 DcomLaunch - ok
13:13:37.0443 8000 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:13:37.0443 8000 defragsvc - ok
13:13:37.0458 8000 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:13:37.0474 8000 DfsC - ok
13:13:37.0490 8000 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:13:37.0505 8000 Dhcp - ok
13:13:37.0521 8000 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:13:37.0521 8000 discache - ok
13:13:37.0568 8000 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
13:13:37.0568 8000 Disk - ok
13:13:37.0599 8000 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:13:37.0599 8000 Dnscache - ok
13:13:37.0614 8000 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:13:37.0646 8000 dot3svc - ok
13:13:37.0677 8000 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:13:37.0692 8000 DPS - ok
13:13:37.0795 8000 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:13:37.0796 8000 drmkaud - ok
13:13:37.0841 8000 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:13:37.0846 8000 DXGKrnl - ok
13:13:37.0874 8000 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:13:37.0880 8000 EapHost - ok
13:13:37.0966 8000 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
13:13:38.0045 8000 ebdrv - ok
13:13:38.0071 8000 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
13:13:38.0071 8000 EFS - ok
13:13:38.0149 8000 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:13:38.0211 8000 ehRecvr - ok
13:13:38.0258 8000 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:13:38.0289 8000 ehSched - ok
13:13:38.0320 8000 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
13:13:38.0320 8000 elxstor - ok
13:13:38.0336 8000 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:13:38.0336 8000 ErrDev - ok
13:13:38.0383 8000 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:13:38.0383 8000 EventSystem - ok
13:13:38.0476 8000 [ ED8FBADBBAF7420ADEAE2D5D81F0D4A1 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
13:13:38.0507 8000 EvtEng - ok
13:13:38.0539 8000 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:13:38.0539 8000 exfat - ok
13:13:38.0554 8000 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:13:38.0554 8000 fastfat - ok
13:13:38.0585 8000 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:13:38.0585 8000 Fax - ok
13:13:38.0617 8000 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
13:13:38.0617 8000 fdc - ok
13:13:38.0648 8000 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:13:38.0663 8000 fdPHost - ok
13:13:38.0663 8000 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:13:38.0663 8000 FDResPub - ok
13:13:38.0679 8000 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:13:38.0679 8000 FileInfo - ok
13:13:38.0695 8000 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:13:38.0695 8000 Filetrace - ok
13:13:38.0710 8000 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
13:13:38.0710 8000 flpydisk - ok
13:13:38.0726 8000 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:13:38.0726 8000 FltMgr - ok
13:13:38.0773 8000 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
13:13:38.0791 8000 FontCache - ok
13:13:38.0841 8000 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:13:38.0863 8000 FontCache3.0.0.0 - ok
13:13:38.0882 8000 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:13:38.0883 8000 FsDepends - ok
13:13:38.0916 8000 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:13:38.0917 8000 Fs_Rec - ok
13:13:38.0934 8000 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:13:38.0940 8000 fvevol - ok
13:13:38.0971 8000 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:13:38.0972 8000 gagp30kx - ok
13:13:39.0020 8000 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:13:39.0023 8000 GEARAspiWDM - ok
13:13:39.0117 8000 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
13:13:39.0132 8000 GoToAssist - ok
13:13:39.0195 8000 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:13:39.0195 8000 gpsvc - ok
13:13:39.0226 8000 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:13:39.0226 8000 hcw85cir - ok
13:13:39.0257 8000 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:13:39.0257 8000 HDAudBus - ok
13:13:39.0288 8000 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
13:13:39.0288 8000 HidBatt - ok
13:13:39.0304 8000 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
13:13:39.0304 8000 HidBth - ok
13:13:39.0335 8000 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
13:13:39.0335 8000 HidIr - ok
13:13:39.0351 8000 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
13:13:39.0366 8000 hidserv - ok
13:13:39.0414 8000 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:13:39.0414 8000 HidUsb - ok
13:13:39.0445 8000 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:13:39.0445 8000 hkmsvc - ok
13:13:39.0461 8000 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:13:39.0461 8000 HomeGroupListener - ok
13:13:39.0492 8000 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:13:39.0508 8000 HomeGroupProvider - ok
13:13:39.0523 8000 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:13:39.0523 8000 HpSAMD - ok
13:13:39.0570 8000 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:13:39.0586 8000 HTTP - ok
13:13:39.0601 8000 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:13:39.0601 8000 hwpolicy - ok
13:13:39.0617 8000 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:13:39.0617 8000 i8042prt - ok
13:13:39.0679 8000 [ D469B77687E12FE43E344806740B624D ] iaStor C:\Windows\system32\drivers\iaStor.sys
13:13:39.0679 8000 iaStor - ok
13:13:39.0710 8000 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:13:39.0710 8000 iaStorV - ok
13:13:39.0742 8000 [ E44F0B4DC753C14930B8DC48BB7A1644 ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
13:13:39.0742 8000 iBtFltCoex - ok
13:13:39.0840 8000 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
13:13:39.0879 8000 IDriverT - ok
13:13:39.0951 8000 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:13:40.0005 8000 idsvc - ok
13:13:40.0261 8000 [ A47D902F5C0C43DCF5EE2CAE02BF39A8 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
13:13:40.0495 8000 igfx - ok
13:13:40.0526 8000 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
13:13:40.0526 8000 iirsp - ok
13:13:40.0589 8000 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:13:40.0604 8000 IKEEXT - ok
13:13:40.0651 8000 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\drivers\Impcd.sys
13:13:40.0651 8000 Impcd - ok
13:13:40.0698 8000 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
13:13:40.0698 8000 intaud_WaveExtensible - ok
13:13:40.0807 8000 [ 8FED6428FDE53D7F4C105095F22524BE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:13:40.0823 8000 IntcAzAudAddService - ok
13:13:40.0854 8000 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
13:13:40.0870 8000 IntcDAud - ok
13:13:40.0901 8000 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
13:13:40.0916 8000 intelide - ok
13:13:40.0948 8000 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:13:40.0948 8000 intelppm - ok
13:13:40.0979 8000 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:13:40.0979 8000 IPBusEnum - ok
13:13:40.0994 8000 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:13:41.0010 8000 IpFilterDriver - ok
13:13:41.0057 8000 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:13:41.0072 8000 iphlpsvc - ok
13:13:41.0088 8000 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:13:41.0088 8000 IPMIDRV - ok
13:13:41.0104 8000 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:13:41.0104 8000 IPNAT - ok
13:13:41.0182 8000 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:13:41.0213 8000 iPod Service - ok
13:13:41.0228 8000 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:13:41.0228 8000 IRENUM - ok
13:13:41.0260 8000 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:13:41.0260 8000 isapnp - ok
13:13:41.0260 8000 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:13:41.0275 8000 iScsiPrt - ok
13:13:41.0306 8000 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys
13:13:41.0306 8000 iwdbus - ok
13:13:41.0322 8000 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:13:41.0338 8000 kbdclass - ok
13:13:41.0369 8000 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
13:13:41.0369 8000 kbdhid - ok
13:13:41.0400 8000 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
13:13:41.0400 8000 KeyIso - ok
13:13:41.0431 8000 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:13:41.0431 8000 KSecDD - ok
13:13:41.0478 8000 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:13:41.0478 8000 KSecPkg - ok
13:13:41.0509 8000 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:13:41.0509 8000 ksthunk - ok
13:13:41.0540 8000 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:13:41.0572 8000 KtmRm - ok
13:13:41.0603 8000 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:13:41.0603 8000 LanmanServer - ok
13:13:41.0634 8000 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:13:41.0650 8000 LanmanWorkstation - ok
13:13:41.0846 8000 [ 3C879D04BB6466E2853C3155B635CC45 ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
13:13:41.0925 8000 LeapFrog Connect Device Service - ok
13:13:41.0974 8000 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:13:41.0978 8000 lltdio - ok
13:13:42.0016 8000 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:13:42.0027 8000 lltdsvc - ok
13:13:42.0050 8000 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:13:42.0056 8000 lmhosts - ok
13:13:42.0123 8000 [ 7F32D4C47A50E7223491E8FB9359907D ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
13:13:42.0155 8000 LMS - ok
13:13:42.0201 8000 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
13:13:42.0201 8000 LSI_FC - ok
13:13:42.0217 8000 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:13:42.0233 8000 LSI_SAS - ok
13:13:42.0248 8000 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
13:13:42.0248 8000 LSI_SAS2 - ok
13:13:42.0279 8000 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
13:13:42.0279 8000 LSI_SCSI - ok
13:13:42.0295 8000 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:13:42.0295 8000 luafv - ok
13:13:42.0342 8000 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
13:13:42.0357 8000 MBAMProtector - ok
13:13:42.0404 8000 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:13:42.0451 8000 MBAMScheduler - ok
13:13:42.0498 8000 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:13:42.0529 8000 MBAMService - ok
13:13:42.0560 8000 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:13:42.0576 8000 Mcx2Svc - ok
13:13:42.0607 8000 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
13:13:42.0607 8000 megasas - ok
13:13:42.0654 8000 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
13:13:42.0654 8000 MegaSR - ok
13:13:42.0685 8000 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
13:13:42.0685 8000 MEIx64 - ok
13:13:42.0763 8000 Microsoft SharePoint Workspace Audit Service - ok
13:13:42.0779 8000 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:13:42.0794 8000 MMCSS - ok
13:13:42.0794 8000 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:13:42.0794 8000 Modem - ok
13:13:42.0848 8000 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:13:42.0849 8000 monitor - ok
13:13:42.0868 8000 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:13:42.0871 8000 mouclass - ok
13:13:42.0888 8000 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:13:42.0889 8000 mouhid - ok
13:13:42.0908 8000 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:13:42.0909 8000 mountmgr - ok
13:13:42.0924 8000 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:13:42.0925 8000 mpio - ok
13:13:42.0944 8000 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:13:42.0953 8000 mpsdrv - ok
13:13:42.0979 8000 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:13:42.0984 8000 MpsSvc - ok
13:13:42.0996 8000 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:13:42.0997 8000 MRxDAV - ok
13:13:43.0029 8000 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:13:43.0031 8000 mrxsmb - ok
13:13:43.0073 8000 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:13:43.0077 8000 mrxsmb10 - ok
13:13:43.0079 8000 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:13:43.0079 8000 mrxsmb20 - ok
13:13:43.0110 8000 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:13:43.0110 8000 msahci - ok
13:13:43.0126 8000 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:13:43.0126 8000 msdsm - ok
13:13:43.0157 8000 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:13:43.0157 8000 MSDTC - ok
13:13:43.0188 8000 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:13:43.0188 8000 Msfs - ok
13:13:43.0204 8000 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:13:43.0204 8000 mshidkmdf - ok
13:13:43.0235 8000 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:13:43.0235 8000 msisadrv - ok
13:13:43.0266 8000 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:13:43.0282 8000 MSiSCSI - ok
13:13:43.0282 8000 msiserver - ok
13:13:43.0313 8000 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:13:43.0313 8000 MSKSSRV - ok
13:13:43.0344 8000 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:13:43.0344 8000 MSPCLOCK - ok
13:13:43.0360 8000 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:13:43.0360 8000 MSPQM - ok
13:13:43.0375 8000 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:13:43.0375 8000 MsRPC - ok
13:13:43.0391 8000 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:13:43.0391 8000 mssmbios - ok
13:13:43.0406 8000 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:13:43.0406 8000 MSTEE - ok
13:13:43.0422 8000 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
13:13:43.0422 8000 MTConfig - ok
13:13:43.0438 8000 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:13:43.0438 8000 Mup - ok
13:13:43.0517 8000 [ F02A154FDE5DA779E971352256E64CFF ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
13:13:43.0563 8000 MyWiFiDHCPDNS - ok
13:13:43.0595 8000 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:13:43.0626 8000 napagent - ok
13:13:43.0673 8000 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:13:43.0704 8000 NativeWifiP - ok
13:13:43.0766 8000 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:13:43.0782 8000 NDIS - ok
13:13:43.0782 8000 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:13:43.0797 8000 NdisCap - ok
13:13:43.0813 8000 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:13:43.0813 8000 NdisTapi - ok
13:13:43.0844 8000 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:13:43.0844 8000 Ndisuio - ok
13:13:43.0860 8000 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:13:43.0875 8000 NdisWan - ok
13:13:43.0891 8000 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:13:43.0891 8000 NDProxy - ok
13:13:43.0907 8000 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:13:43.0922 8000 NetBIOS - ok
13:13:43.0938 8000 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:13:43.0938 8000 NetBT - ok
13:13:43.0953 8000 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
13:13:43.0969 8000 Netlogon - ok
13:13:44.0000 8000 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:13:44.0016 8000 Netman - ok
13:13:44.0047 8000 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:13:44.0078 8000 NetMsmqActivator - ok
13:13:44.0094 8000 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:13:44.0094 8000 NetPipeActivator - ok
13:13:44.0109 8000 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:13:44.0109 8000 netprofm - ok
13:13:44.0109 8000 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:13:44.0125 8000 NetTcpActivator - ok
13:13:44.0125 8000 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:13:44.0125 8000 NetTcpPortSharing - ok
13:13:44.0343 8000 [ C3FC3EEE5A0CE77A02B27CFDFAF0C758 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
13:13:44.0468 8000 NETwNs64 - ok
13:13:44.0531 8000 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
13:13:44.0531 8000 nfrd960 - ok
13:13:44.0577 8000 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:13:44.0577 8000 NlaSvc - ok
13:13:44.0593 8000 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:13:44.0609 8000 Npfs - ok
13:13:44.0624 8000 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:13:44.0624 8000 nsi - ok
13:13:44.0640 8000 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:13:44.0640 8000 nsiproxy - ok
13:13:44.0702 8000 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:13:44.0733 8000 Ntfs - ok
13:13:44.0765 8000 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:13:44.0765 8000 Null - ok
13:13:44.0796 8000 [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
13:13:44.0796 8000 nusb3hub - ok
13:13:44.0848 8000 [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
13:13:44.0854 8000 nusb3xhc - ok
13:13:44.0871 8000 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:13:44.0872 8000 nvraid - ok
13:13:44.0884 8000 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:13:44.0886 8000 nvstor - ok
13:13:44.0916 8000 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:13:44.0917 8000 nv_agp - ok
13:13:44.0935 8000 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:13:44.0938 8000 ohci1394 - ok
13:13:45.0002 8000 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:13:45.0026 8000 ose - ok
13:13:45.0206 8000 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:13:45.0237 8000 osppsvc - ok
13:13:45.0269 8000 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:13:45.0269 8000 p2pimsvc - ok
13:13:45.0300 8000 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:13:45.0331 8000 p2psvc - ok
13:13:45.0347 8000 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
13:13:45.0347 8000 Parport - ok
13:13:45.0378 8000 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:13:45.0393 8000 partmgr - ok
13:13:45.0409 8000 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:13:45.0409 8000 PcaSvc - ok
13:13:45.0440 8000 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:13:45.0440 8000 pci - ok
13:13:45.0471 8000 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:13:45.0471 8000 pciide - ok
13:13:45.0503 8000 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:13:45.0503 8000 pcmcia - ok
13:13:45.0534 8000 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:13:45.0534 8000 pcw - ok
13:13:45.0549 8000 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:13:45.0549 8000 PEAUTH - ok
13:13:45.0659 8000 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:13:45.0690 8000 PerfHost - ok
13:13:45.0768 8000 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:13:45.0783 8000 pla - ok
13:13:45.0830 8000 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:13:45.0846 8000 PlugPlay - ok
13:13:45.0860 8000 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:13:45.0862 8000 PNRPAutoReg - ok
13:13:45.0886 8000 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:13:45.0895 8000 PNRPsvc - ok
13:13:45.0955 8000 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
13:13:45.0958 8000 Point64 - ok
13:13:46.0007 8000 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:13:46.0018 8000 PolicyAgent - ok
13:13:46.0055 8000 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:13:46.0057 8000 Power - ok
13:13:46.0076 8000 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:13:46.0078 8000 PptpMiniport - ok
13:13:46.0093 8000 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
13:13:46.0094 8000 Processor - ok
13:13:46.0114 8000 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
13:13:46.0114 8000 ProfSvc - ok
13:13:46.0129 8000 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:13:46.0129 8000 ProtectedStorage - ok
13:13:46.0161 8000 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:13:46.0161 8000 Psched - ok
13:13:46.0207 8000 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
13:13:46.0207 8000 PxHlpa64 - ok
13:13:46.0301 8000 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
13:13:46.0301 8000 ql2300 - ok
13:13:46.0348 8000 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
13:13:46.0348 8000 ql40xx - ok
13:13:46.0426 8000 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:13:46.0426 8000 QWAVE - ok
13:13:46.0473 8000 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:13:46.0473 8000 QWAVEdrv - ok
13:13:46.0504 8000 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:13:46.0504 8000 RasAcd - ok
13:13:46.0535 8000 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:13:46.0535 8000 RasAgileVpn - ok
13:13:46.0551 8000 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:13:46.0551 8000 RasAuto - ok
13:13:46.0566 8000 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:13:46.0566 8000 Rasl2tp - ok
13:13:46.0613 8000 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:13:46.0613 8000 RasMan - ok
13:13:46.0660 8000 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:13:46.0660 8000 RasPppoe - ok
13:13:46.0675 8000 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:13:46.0675 8000 RasSstp - ok
13:13:46.0691 8000 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:13:46.0707 8000 rdbss - ok
13:13:46.0707 8000 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
13:13:46.0707 8000 rdpbus - ok
13:13:46.0722 8000 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:13:46.0722 8000 RDPCDD - ok
13:13:46.0753 8000 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:13:46.0753 8000 RDPENCDD - ok
13:13:46.0769 8000 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:13:46.0769 8000 RDPREFMP - ok
13:13:46.0816 8000 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:13:46.0816 8000 RDPWD - ok
13:13:46.0863 8000 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:13:46.0865 8000 rdyboost - ok
13:13:46.0926 8000 [ 3A1EF2F8D0808BECE6A2FEF3EA3987A5 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
13:13:46.0956 8000 RegSrvc - ok
13:13:46.0995 8000 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:13:47.0002 8000 RemoteAccess - ok
13:13:47.0026 8000 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:13:47.0029 8000 RemoteRegistry - ok
13:13:47.0062 8000 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
13:13:47.0064 8000 RFCOMM - ok
13:13:47.0162 8000 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
13:13:47.0240 8000 RoxMediaDB12OEM - ok
13:13:47.0287 8000 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
13:13:47.0333 8000 RoxWatch12 - ok
13:13:47.0349 8000 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:13:47.0365 8000 RpcEptMapper - ok
13:13:47.0396 8000 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:13:47.0396 8000 RpcLocator - ok
13:13:47.0443 8000 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
13:13:47.0443 8000 RpcSs - ok
13:13:47.0474 8000 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:13:47.0474 8000 rspndr - ok
13:13:47.0505 8000 [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
13:13:47.0521 8000 RSUSBSTOR - ok
13:13:47.0567 8000 [ A73ED14670220307874AD6BC2F279349 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
13:13:47.0567 8000 RTL8167 - ok
13:13:47.0599 8000 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
13:13:47.0599 8000 SamSs - ok
13:13:47.0599 8000 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:13:47.0614 8000 sbp2port - ok
13:13:47.0630 8000 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:13:47.0630 8000 SCardSvr - ok
13:13:47.0645 8000 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:13:47.0645 8000 scfilter - ok
13:13:47.0692 8000 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:13:47.0708 8000 Schedule - ok
13:13:47.0739 8000 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:13:47.0739 8000 SCPolicySvc - ok
13:13:47.0755 8000 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:13:47.0770 8000 SDRSVC - ok
13:13:47.0786 8000 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:13:47.0786 8000 secdrv - ok
13:13:47.0801 8000 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:13:47.0817 8000 seclogon - ok
13:13:47.0853 8000 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
13:13:47.0857 8000 SENS - ok
13:13:47.0869 8000 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:13:47.0873 8000 SensrSvc - ok
13:13:47.0910 8000 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
13:13:47.0911 8000 Serenum - ok
13:13:47.0930 8000 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
13:13:47.0933 8000 Serial - ok
13:13:47.0964 8000 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
13:13:47.0966 8000 sermouse - ok
13:13:47.0995 8000 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:13:47.0997 8000 SessionEnv - ok
13:13:48.0007 8000 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:13:48.0007 8000 sffdisk - ok
13:13:48.0021 8000 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:13:48.0027 8000 sffp_mmc - ok
13:13:48.0044 8000 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:13:48.0044 8000 sffp_sd - ok
13:13:48.0070 8000 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
13:13:48.0073 8000 sfloppy - ok
13:13:48.0163 8000 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
13:13:48.0194 8000 SftService - ok
13:13:48.0241 8000 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:13:48.0257 8000 SharedAccess - ok
13:13:48.0272 8000 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:13:48.0288 8000 ShellHWDetection - ok
13:13:48.0319 8000 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
13:13:48.0319 8000 SiSRaid2 - ok
13:13:48.0350 8000 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:13:48.0350 8000 SiSRaid4 - ok
13:13:48.0397 8000 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
13:13:48.0647 8000 SkypeUpdate - ok
13:13:48.0678 8000 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:13:48.0678 8000 Smb - ok
13:13:48.0709 8000 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:13:48.0709 8000 SNMPTRAP - ok
13:13:48.0725 8000 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:13:48.0725 8000 spldr - ok
13:13:48.0772 8000 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
13:13:48.0803 8000 Spooler - ok
13:13:48.0888 8000 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:13:48.0907 8000 sppsvc - ok
13:13:48.0925 8000 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:13:48.0926 8000 sppuinotify - ok
13:13:48.0954 8000 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
13:13:48.0957 8000 srv - ok
13:13:48.0981 8000 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:13:48.0983 8000 srv2 - ok
13:13:49.0004 8000 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:13:49.0009 8000 srvnet - ok
13:13:49.0047 8000 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:13:49.0049 8000 SSDPSRV - ok
13:13:49.0062 8000 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:13:49.0069 8000 SstpSvc - ok
13:13:49.0091 8000 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
13:13:49.0092 8000 stexstor - ok
13:13:49.0120 8000 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:13:49.0135 8000 stisvc - ok
13:13:49.0166 8000 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
13:13:49.0198 8000 stllssvr - ok
13:13:49.0213 8000 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:13:49.0213 8000 swenum - ok
13:13:49.0229 8000 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:13:49.0244 8000 swprv - ok
13:13:49.0307 8000 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:13:49.0307 8000 SysMain - ok
13:13:49.0322 8000 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:13:49.0338 8000 TabletInputService - ok
13:13:49.0354 8000 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:13:49.0354 8000 TapiSrv - ok
13:13:49.0369 8000 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:13:49.0385 8000 TBS - ok
13:13:49.0478 8000 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:13:49.0494 8000 Tcpip - ok
13:13:49.0588 8000 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:13:49.0603 8000 TCPIP6 - ok
13:13:49.0634 8000 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:13:49.0634 8000 tcpipreg - ok
13:13:49.0650 8000 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:13:49.0650 8000 TDPIPE - ok
13:13:49.0681 8000 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:13:49.0681 8000 TDTCP - ok
13:13:49.0712 8000 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:13:49.0712 8000 tdx - ok
13:13:49.0728 8000 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:13:49.0728 8000 TermDD - ok
13:13:49.0759 8000 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:13:49.0775 8000 TermService - ok
13:13:49.0790 8000 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:13:49.0790 8000 Themes - ok
13:13:49.0806 8000 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:13:49.0806 8000 THREADORDER - ok
13:13:49.0861 8000 [ 73AAFFDD2AC3C8814B26C440E5DD9DD4 ] tmactmon C:\Windows\system32\DRIVERS\tmactmon.sys
13:13:49.0862 8000 tmactmon - ok
13:13:49.0916 8000 [ 360E61217D4E1E333583D0C721057F70 ] tmcomm C:\Windows\system32\DRIVERS\tmcomm.sys
13:13:49.0921 8000 tmcomm - ok
13:13:49.0964 8000 [ 699D34EB7C670139CA23A65372BD5743 ] tmevtmgr C:\Windows\system32\DRIVERS\tmevtmgr.sys
13:13:49.0967 8000 tmevtmgr - ok
13:13:50.0004 8000 [ 262198EFB734012BFCD17E7479AE4A09 ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys
13:13:50.0005 8000 tmtdi - ok
13:13:50.0033 8000 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:13:50.0040 8000 TrkWks - ok
13:13:50.0094 8000 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:13:50.0116 8000 TrustedInstaller - ok
13:13:50.0135 8000 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:13:50.0135 8000 tssecsrv - ok
13:13:50.0167 8000 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:13:50.0167 8000 TsUsbFlt - ok
13:13:50.0182 8000 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
13:13:50.0198 8000 TsUsbGD - ok
13:13:50.0245 8000 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:13:50.0245 8000 tunnel - ok
13:13:50.0276 8000 [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
13:13:50.0276 8000 TurboB - ok
13:13:50.0338 8000 [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
13:13:50.0354 8000 TurboBoost - ok
13:13:50.0432 8000 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:13:50.0432 8000 uagp35 - ok
13:13:50.0447 8000 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:13:50.0463 8000 udfs - ok
13:13:50.0525 8000 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:13:50.0525 8000 UI0Detect - ok
13:13:50.0572 8000 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:13:50.0572 8000 uliagpkx - ok
13:13:50.0588 8000 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:13:50.0588 8000 umbus - ok
13:13:50.0619 8000 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
13:13:50.0619 8000 UmPass - ok
13:13:50.0744 8000 [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
13:13:50.0791 8000 UNS - ok
13:13:50.0806 8000 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:13:50.0806 8000 upnphost - ok
13:13:50.0863 8000 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
13:13:50.0889 8000 USBAAPL64 - ok
13:13:50.0907 8000 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:13:50.0908 8000 usbccgp - ok
13:13:50.0941 8000 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:13:50.0942 8000 usbcir - ok
13:13:50.0954 8000 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:13:50.0978 8000 usbehci - ok
13:13:51.0022 8000 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:13:51.0030 8000 usbhub - ok
13:13:51.0064 8000 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:13:51.0065 8000 usbohci - ok
13:13:51.0080 8000 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
13:13:51.0083 8000 usbprint - ok
13:13:51.0107 8000 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:13:51.0108 8000 USBSTOR - ok
13:13:51.0121 8000 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:13:51.0137 8000 usbuhci - ok
13:13:51.0168 8000 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
13:13:51.0183 8000 usbvideo - ok
13:13:51.0199 8000 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:13:51.0215 8000 UxSms - ok
13:13:51.0230 8000 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
13:13:51.0230 8000 VaultSvc - ok
13:13:51.0277 8000 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:13:51.0277 8000 vdrvroot - ok
13:13:51.0324 8000 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:13:51.0339 8000 vds - ok
13:13:51.0355 8000 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:13:51.0355 8000 vga - ok
13:13:51.0371 8000 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:13:51.0371 8000 VgaSave - ok
13:13:51.0417 8000 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:13:51.0433 8000 vhdmp - ok
13:13:51.0449 8000 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:13:51.0449 8000 viaide - ok
13:13:51.0464 8000 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:13:51.0464 8000 volmgr - ok
13:13:51.0480 8000 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:13:51.0480 8000 volmgrx - ok
13:13:51.0495 8000 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:13:51.0495 8000 volsnap - ok
13:13:51.0527 8000 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:13:51.0542 8000 vsmraid - ok
13:13:51.0620 8000 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:13:51.0651 8000 VSS - ok
13:13:51.0667 8000 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
13:13:51.0667 8000 vwifibus - ok
13:13:51.0698 8000 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:13:51.0714 8000 vwififlt - ok
13:13:51.0729 8000 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
13:13:51.0729 8000 vwifimp - ok
13:13:51.0745 8000 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:13:51.0745 8000 W32Time - ok
13:13:51.0761 8000 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
13:13:51.0761 8000 WacomPen - ok
13:13:51.0792 8000 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:13:51.0792 8000 WANARP - ok
13:13:51.0807 8000 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:13:51.0807 8000 Wanarpv6 - ok
13:13:51.0906 8000 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:13:51.0976 8000 WatAdminSvc - ok
13:13:52.0023 8000 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:13:52.0039 8000 wbengine - ok
13:13:52.0060 8000 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:13:52.0063 8000 WbioSrvc - ok
13:13:52.0085 8000 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:13:52.0088 8000 wcncsvc - ok
13:13:52.0101 8000 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:13:52.0103 8000 WcsPlugInService - ok
13:13:52.0126 8000 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
13:13:52.0129 8000 Wd - ok
13:13:52.0157 8000 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:13:52.0173 8000 Wdf01000 - ok
13:13:52.0235 8000 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:13:52.0251 8000 WdiServiceHost - ok
13:13:52.0267 8000 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:13:52.0267 8000 WdiSystemHost - ok
13:13:52.0282 8000 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:13:52.0298 8000 WebClient - ok
13:13:52.0313 8000 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:13:52.0313 8000 Wecsvc - ok
13:13:52.0345 8000 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:13:52.0345 8000 wercplsupport - ok
13:13:52.0360 8000 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:13:52.0360 8000 WerSvc - ok
13:13:52.0376 8000 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:13:52.0376 8000 WfpLwf - ok
13:13:52.0423 8000 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
13:13:52.0423 8000 WimFltr - ok
13:13:52.0454 8000 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:13:52.0454 8000 WIMMount - ok
13:13:52.0469 8000 WinDefend - ok
13:13:52.0485 8000 WinHttpAutoProxySvc - ok
13:13:52.0547 8000 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:13:52.0563 8000 Winmgmt - ok
13:13:52.0641 8000 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:13:52.0641 8000 WinRM - ok
13:13:52.0703 8000 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:13:52.0703 8000 WinUsb - ok
13:13:52.0766 8000 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:13:52.0781 8000 Wlansvc - ok
13:13:52.0828 8000 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:13:52.0859 8000 wlcrasvc - ok
13:13:52.0989 8000 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:13:53.0012 8000 wlidsvc - ok
13:13:53.0044 8000 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
13:13:53.0044 8000 WmiAcpi - ok
13:13:53.0066 8000 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:13:53.0082 8000 wmiApSrv - ok
13:13:53.0106 8000 WMPNetworkSvc - ok
13:13:53.0128 8000 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:13:53.0130 8000 WPCSvc - ok
13:13:53.0140 8000 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:13:53.0140 8000 WPDBusEnum - ok
13:13:53.0156 8000 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:13:53.0156 8000 ws2ifsl - ok
13:13:53.0171 8000 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
13:13:53.0187 8000 wscsvc - ok
13:13:53.0187 8000 WSearch - ok
13:13:53.0280 8000 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:13:53.0296 8000 wuauserv - ok
13:13:53.0312 8000 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:13:53.0312 8000 WudfPf - ok
13:13:53.0343 8000 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:13:53.0343 8000 WUDFRd - ok
13:13:53.0358 8000 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:13:53.0358 8000 wudfsvc - ok
13:13:53.0374 8000 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:13:53.0390 8000 WwanSvc - ok
13:13:53.0405 8000 ================ Scan global ===============================
13:13:53.0421 8000 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:13:53.0468 8000 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
13:13:53.0483 8000 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
13:13:53.0514 8000 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:13:53.0530 8000 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:13:53.0530 8000 [Global] - ok
13:13:53.0530 8000 ================ Scan MBR ==================================
13:13:53.0546 8000 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
13:13:53.0546 8000 Suspicious mbr (Forged): \Device\Harddisk0\DR0
13:13:53.0624 8000 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
13:13:53.0624 8000 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
13:13:53.0733 8000 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:13:53.0733 8000 \Device\Harddisk0\DR0 - detected TDSS File System (1)
13:13:53.0733 8000 ================ Scan VBR ==================================
13:13:53.0733 8000 [ 69B675C5EA6DD149AC56D3E563999F70 ] \Device\Harddisk0\DR0\Partition1
13:13:53.0733 8000 \Device\Harddisk0\DR0\Partition1 - ok
13:13:53.0780 8000 [ 915C3A247FB5B28AB40D14CB4701C3BA ] \Device\Harddisk0\DR0\Partition2
13:13:53.0780 8000 \Device\Harddisk0\DR0\Partition2 - ok
13:13:53.0780 8000 ============================================================
13:13:53.0780 8000 Scan finished
13:13:53.0780 8000 ============================================================
13:13:53.0795 4944 Detected object count: 2
13:13:53.0795 4944 Actual detected object count: 2
13:14:47.0275 4944 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - skipped by user
13:14:47.0275 4944 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Skip
13:14:47.0275 4944 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:14:47.0275 4944 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
-
Jeff - Thanks for your help. Here are the logs you requested. Not sure how to send these more compactly.
DDS (Ver_2012-10-14.05) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by Testani at 12:49:52 on 2012-10-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8086.5570 [GMT -4:00]
.
AV: Trend Micro Titanium *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Windows\system32\conhost.exe
-netsvcs
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
C:\Windows\system32\conhost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.cnn.com/
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Testani\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INTEL(~1.LNK - C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {62D90588-609E-4208-A260-A6CEC45BB92C} - hxxp://watcherswebclubhouse.com/dating/download/v2/cfweb_watcherswebclubhouse.com-dating-download-v2_instmodule.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ive-ssdc.kp.org/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{25E196CA-531A-4DBE-A744-F99D02714D1C} : DHCPNameServer = 13.35.0.1 13.35.0.2
TCP: Interfaces\{B8626C57-8E68-4C2F-9A97-345E5A847F00} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B8626C57-8E68-4C2F-9A97-345E5A847F00}\2656C6B696E6E2030383 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{B8626C57-8E68-4C2F-9A97-345E5A847F00}\960586F6E656 : DHCPNameServer = 172.26.38.1 172.26.38.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL ""
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-9-17 55856]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-9-17 98208]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-9-20 256336]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-25 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-25 676936]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-9-17 1692480]
R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2012-9-20 67664]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-17 2656280]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2010-12-14 58128]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2010-12-14 274432]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-9-17 176096]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2010-12-14 59904]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-9-17 317440]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-4-26 25496]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-25 25928]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-9-17 56344]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETwNs64.sys [2011-9-17 8596992]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-9-17 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-9-17 181760]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-17 412264]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-25 250808]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-9-17 158976]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-4-26 34200]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-6-16 340240]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-9-17 250984]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-4 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-10-14 01:48:56 20480 ----a-w- C:\Windows\svchost.exe
2012-09-26 03:05:20 -------- d-----w- C:\Users\Testani\AppData\Roaming\Camfrog Web
2012-09-26 02:09:22 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-26 02:09:22 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-25 22:44:23 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-23 23:58:39 86016 ----a-w- C:\Windows\unvise32.exe
2012-09-23 23:58:38 -------- d-----w- C:\ExamView
2012-09-21 03:20:13 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-09-21 03:20:07 -------- d-----w- C:\Program Files\iTunes
2012-09-21 02:20:37 105552 ----a-w- C:\Windows\System32\drivers\tmtdi.sys
2012-09-21 02:20:16 90704 ----a-w- C:\Windows\System32\drivers\tmactmon.sys
2012-09-21 02:20:16 67664 ----a-w- C:\Windows\System32\drivers\tmevtmgr.sys
2012-09-21 02:20:16 144464 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2012-09-21 02:12:35 -------- d-----w- C:\Program Files\Trend Micro
2012-09-21 01:26:24 -------- d-----w- C:\Program Files\Microsoft Lync
2012-09-21 01:26:18 -------- d-----w- C:\Program Files (x86)\Microsoft Lync
2012-09-21 01:17:47 -------- d-----w- C:\Users\Testani\Tracing
2012-09-21 01:17:47 -------- d-----w- C:\Program Files (x86)\OCSetup
2012-09-21 01:11:59 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-09-21 01:11:44 -------- d-----w- C:\Windows\PCHEALTH
2012-09-21 01:09:42 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-09-21 01:09:14 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-09-21 00:32:36 -------- d-----w- C:\Users\Testani\AppData\Roaming\e-academy Inc
2012-09-21 00:32:36 -------- d-----w- C:\Users\Testani\AppData\Local\e-academy Inc
2012-09-18 14:10:17 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{87B4611A-7A8C-4E5A-B8B8-0C6B413A5446}\mpengine.dll
2012-09-15 15:20:24 -------- d-----w- C:\Users\Testani\AppData\Local\Apple Computer
2012-09-15 15:19:11 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-15 15:19:11 -------- d-----w- C:\Program Files\iPod
2012-09-15 15:19:11 -------- d-----w- C:\Program Files (x86)\iTunes
2012-09-15 15:18:43 -------- d-----w- C:\Users\Testani\AppData\Local\Apple
2012-09-15 15:18:25 -------- d-----w- C:\Program Files\Bonjour
2012-09-15 15:18:25 -------- d-----w- C:\Program Files (x86)\Bonjour
.
==================== Find3M ====================
.
2012-10-09 13:32:24 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 13:32:24 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 17:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 17:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-07-20 14:45:38 0 ----a-w- C:\Windows\SysWow64\sho39F3.tmp
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 12:52:22.07 ===============
DDS (Ver_2012-10-14.05)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/29/2011 7:14:21 PM
System Uptime: 10/14/2012 12:43:00 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0YH79Y
Processor: Intel® Core i5-2430M CPU @ 2.40GHz | CPU | 2401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 577 GiB total, 506.744 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP262: 9/30/2012 11:48:50 PM - Windows Update
RP263: 10/1/2012 6:22:24 AM - Windows Update
RP264: 10/1/2012 3:46:34 PM - Windows Update
RP265: 10/2/2012 12:26:26 AM - Windows Update
RP266: 10/2/2012 9:46:22 AM - Windows Update
RP267: 10/2/2012 10:34:56 AM - Windows Update
RP268: 10/2/2012 3:57:45 PM - Windows Update
RP269: 10/3/2012 8:30:35 AM - Windows Update
RP270: 10/3/2012 1:22:00 PM - Windows Update
RP271: 10/3/2012 3:10:19 PM - Windows Update
RP272: 10/4/2012 12:58:23 PM - Windows Update
RP273: 10/4/2012 2:11:11 PM - Windows Update
RP274: 10/5/2012 12:30:09 AM - Windows Update
RP275: 10/5/2012 10:55:19 AM - Windows Update
RP276: 10/6/2012 8:19:11 AM - Windows Update
RP277: 10/6/2012 12:24:23 PM - Windows Update
RP278: 10/7/2012 12:15:36 PM - Windows Update
RP279: 10/7/2012 10:34:44 PM - Windows Update
RP280: 10/8/2012 8:13:31 AM - Windows Update
RP281: 10/8/2012 12:00:18 PM - Windows Update
RP282: 10/9/2012 12:06:13 AM - Windows Update
RP283: 10/9/2012 5:20:54 PM - Windows Update
RP284: 10/10/2012 9:26:57 AM - Windows Update
RP285: 10/10/2012 11:40:19 AM - Windows Update
RP286: 10/11/2012 8:30:53 AM - Windows Update
RP287: 10/11/2012 3:11:20 PM - Windows Update
RP288: 10/11/2012 11:44:01 PM - Windows Update
RP289: 10/12/2012 2:43:20 PM - Windows Update
RP290: 10/13/2012 10:18:48 AM - Windows Update
RP291: 10/13/2012 3:48:41 PM - Windows Update
RP292: 10/14/2012 1:06:42 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3) MUI
Advanced Audio FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bing Bar
Bing Rewards Client Installer
Bonjour
Camfrog Web Advanced 2.0 ActiveX Plugin (remove only)
Cozi
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Edoc Viewer
Dell Getting Started Guide
Dell Home Systems Service Agreement
Dell Marketplace Webslice IE8
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell Support Center
Dell Touchpad
Dell VideoStage
Dell Webcam Central
DirectX 9 Runtime
eBay
ExamView Assessment Suite
ExamView Player
GoToAssist 8.0.0.514
Intel PROSet Wireless
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless Software for Bluetooth® Technology
Intel® PROSet/Wireless WiFi Software
Intel® Turbo Boost Technology Monitor 2.0
Intel® WiDi
Intel® Wireless Display
Internet Explorer
iTunes
Java Auto Updater
Java 6 Update 27
Java 6 Update 27 (64-bit)
Juniper Networks Setup Client
Junk Mail filter update
LeapFrog Connect
LeapFrog Leapster2 Plugin
Malwarebytes Anti-Malware version 1.65.0.1400
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft Lync 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PhotoShowExpress
Quickset64
RBVirtualFolder64Inst
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Secure Download Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Skype Toolbars
Skype™ 5.10
Sonic CinePlayer Decoder Pack
Trend Micro Titanium
Trend Micro™ Titanium™
TrustedID
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
10/9/2012 5:21:20 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2709715).
10/14/2012 12:45:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
10/14/2012 1:07:04 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2724197).
.
==== End Of File ===========================
-
Hi - About a month ago we were infected with the FBI moneypak virus. At the time I was able to start in safe mode, update malwarebytes antimalware and run a scan. After the scan was complete the computer seemed to return to normal functioning. Since then we have only occasional small issues with the computer. When I continue to run scans with malwarebytes, the same 2 items continue to be identified and are not removed with re boot of the computer. One is listed as file and 1 as memory process - both svchost.exe. I will attach the log from the most recent scan - this was a quick scan - a previous full scan identified onlty the same 2 items. As I said, the computer runs well and I have been hesitatnt to try to manually remove these items as I am not very computer savvy and don't want to erase something I shouldn't. Any instruction would be greatly appreciated. Thanks in advance.
Malwarebytes Anti-Malware 1.65.0.1400
Database version: v2012.10.13.09
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Testani :: TESTANI-PC [administrator]
10/13/2012 8:42:27 PM
mbam-log-2012-10-13 (20-42-27).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218423
Time elapsed: 17 minute(s), 54 second(s)
Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 5152 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
(end)
Search results redirected
in Resolved Malware Removal Logs
Posted
It has been running fine. No search redirects since running these scans.