Xmarks Authentication -- disturbing pop up

Avrohom · April 23, 2012

Are these popups associated with your browser? I mean, when you open your browser, you only see them or not?

That's what I asked you earlier. I haven't seen a direct connection with a browser.

Usually I have been using IE. Once I openned Skype and then is appeared. IE is open right now and the pop up still hasn't appeared.

Log:

ComboFix 12-04-22.02 - Chava 04/23/2012 13:05:56.4.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4256 [GMT 3:00]

Running from: c:\users\Chava\Downloads\ComboFix.exe

Command switches used :: c:\users\Chava\Downloads\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\$AVG

c:\$avg\$VAULT\V_00000002.fil

c:\$avg\$VAULT\V_00000004.fil

c:\$avg\$VAULT\vvfolder.idx

c:\program files (x86)\AVG

c:\program files (x86)\AVG\AVG2012\Firefox\DoNotTrack\chrome.manifest

c:\program files (x86)\AVG\AVG2012\Firefox\DoNotTrack\Chrome\donottrack.jar

c:\program files (x86)\AVG\AVG2012\Firefox\DoNotTrack\defaults\preferences\defaults.js

c:\program files (x86)\AVG\AVG2012\Firefox\DoNotTrack\install.rdf

c:\program files (x86)\AVG\AVG2012\html\reportcard\avg_logo.png

c:\program files (x86)\AVG\AVG2012\html\reportcard\awards.png

c:\program files (x86)\AVG\AVG2012\html\reportcard\index.html

c:\program files (x86)\AVG\AVG2012\html\reportcard\menu-bg.png

c:\program files (x86)\AVG\AVG2012\html\reportcard\menu-content-bg.png

c:\program files (x86)\AVG\AVG2012\html\reportcard\menu-footer-bg.png

c:\program files (x86)\AVG\AVG2012\html\reportcard\reportcard.css

c:\program files (x86)\AVG\AVG2012\html\reportcard\table_bg.png

c:\program files (x86)\Common Files\AVG Secure Search

c:\program files (x86)\Common Files\AVG Secure Search\CommonInstaller\10.2.0\CommonInstaller.exe

c:\program files (x86)\Common Files\AVG Secure Search\InstalledProducts.ini

c:\program files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\10.2.0\ScriptHelper.exe

c:\program files (x86)\Common Files\AVG Secure Search\ToolBandTlb\10.2.0\toolband

c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll

c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe

c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\UpdaterConfig.ini

c:\programdata\AVG2012

c:\programdata\AVG2012\fet\9085836990858369.dat

c:\programdata\AVG2012\fet\a44458e84458beac.dat

c:\programdata\AVG2012\fet\ba8e53138e52c811.dat

c:\programdata\AVG2012\fet\ca2e05502e05374b.dat

c:\programdata\AVG2012\fet\eus-10042012-08.dat

c:\programdata\AVG2012\fet\eus-10042012-09.dat

c:\programdata\AVG2012\fet\eus-10042012-10.dat

c:\programdata\AVG2012\fet\eus-11042012-08.dat

c:\programdata\AVG2012\fet\eus-11042012-09.dat

c:\programdata\AVG2012\fet\eus-12042012-08.dat

c:\programdata\AVG2012\fet\eus-12042012-09.dat

c:\programdata\AVG2012\fet\eus-15042012-03.dat

c:\programdata\AVG2012\fet\eus-15042012-04.dat

c:\programdata\AVG2012\fet\eus-15042012-05.dat

c:\programdata\AVG2012\fet\eus-15042012-06.dat

c:\programdata\AVG2012\fet\eus-15042012-07.dat

c:\programdata\AVG2012\fet\eus-15042012-10.dat

c:\programdata\AVG2012\fet\eus-15042012-11.dat

c:\programdata\AVG2012\fet\eus-15042012-12.dat

c:\programdata\AVG2012\fet\eus-15042012-13.dat

c:\programdata\AVG2012\fet\eus-15042012-14.dat

c:\programdata\AVG2012\fet\eus-15042012-15.dat

c:\programdata\AVG2012\fet\eus-15042012-16.dat

c:\programdata\AVG2012\fet\eus-15042012-17.dat

c:\programdata\AVG2012\fet\eus-16042012-08.dat

c:\programdata\AVG2012\fet\eus-16042012-10.dat

c:\programdata\AVG2012\fet\eus-16042012-11.dat

c:\programdata\AVG2012\fet\eus-16042012-12.dat

c:\programdata\AVG2012\fet\eus-16042012-13.dat

c:\programdata\AVG2012\fet\eus-17042012-11.dat

c:\programdata\AVG2012\fet\eus-17042012-12.dat

c:\programdata\AVG2012\fet\eus-17042012-13.dat

c:\programdata\AVG2012\fet\eus-17042012-14.dat

c:\programdata\AVG2012\fet\eus-18042012-07.dat

c:\programdata\AVG2012\fet\eus-18042012-12.dat

c:\programdata\AVG2012\fet\eus-18042012-13.dat

c:\programdata\AVG2012\fet\eus-18042012-14.dat

c:\programdata\AVG2012\fet\eus-19042012-00.dat

c:\programdata\AVG2012\fet\eus-19042012-18.dat

c:\programdata\AVG2012\fet\eus-19042012-21.dat

c:\programdata\AVG2012\fet\eus-19042012-23.dat

c:\programdata\AVG2012\fet\eus-20042012-15.dat

c:\programdata\AVG2012\IDS\outbox\2\12

c:\programdata\AVG2012\IDS\outbox\3\13

c:\programdata\AVG2012\IDS\outbox\4\14

c:\programdata\AVG2012\IDS\outbox\5\15

c:\programdata\AVG2012\IDS\outbox\6\16

c:\programdata\AVG2012\IDS\outbox\7\17

c:\programdata\AVG2012\IDS\outbox\8\18

c:\users\Chava\AppData\Roaming\AVG2012

c:\users\Chava\AppData\Roaming\AVG2012\cfgall\userawacs.cfg

c:\users\Chava\AppData\Roaming\AVG2012\cfgall\usergui.cfg

c:\users\Chava\AppData\Roaming\Mozilla\Firefox\Profiles\nm84bhij.default\weave\toFetch

.

((((((((((((((((((((((((( Files Created from 2012-03-23 to 2012-04-23 )))))))))))))))))))))))))))))))

.

2012-04-23 10:10 . 2012-04-23 10:10 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-23 09:29 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{972E9EC1-B58A-44A0-8215-21A6F4A703FD}\mpengine.dll

2012-04-22 15:38 . 2012-04-22 15:38 -------- d-----w- c:\users\Chava\AppData\Local\CrashDumps

2012-04-18 21:38 . 2012-04-18 21:38 -------- d-----w- c:\users\Chava\AppData\Local\PackageAware

2012-04-18 21:26 . 2012-04-18 21:26 -------- d-----w- c:\users\Chava\AppData\Local\Wisdom-soft

2012-04-18 21:25 . 2012-04-18 21:26 -------- d-----w- c:\program files (x86)\Wisdom-soft ScreenHunter 6.0 Free

2012-04-17 17:28 . 2012-04-17 17:28 -------- d-----w- C:\_OTL

2012-04-15 13:25 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-15 13:25 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-04-15 13:25 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-04-15 13:20 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-15 13:20 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-15 13:20 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-15 13:20 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-15 13:20 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-15 13:20 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-15 13:20 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-15 10:43 . 2012-04-15 10:43 -------- d-----w- c:\programdata\IObit

2012-04-15 10:43 . 2012-04-15 11:07 -------- d-----w- c:\users\Chava\AppData\Roaming\IObit

2012-04-15 10:42 . 2012-04-15 10:42 -------- d-----w- c:\program files (x86)\IObit

2012-04-15 10:03 . 2012-04-15 10:03 -------- d-----w- c:\program files\Google

2012-04-15 10:00 . 2012-04-15 10:03 -------- d-----w- c:\program files (x86)\Google

2012-04-06 09:15 . 2012-04-22 16:37 -------- d-----w- c:\users\Chava\AppData\Local\cache

2012-04-06 09:14 . 2012-04-06 09:14 -------- d-----w- c:\programdata\FLEXnet

2012-04-06 09:08 . 2012-04-06 09:08 -------- d-----w- c:\program files\Common Files\Macrovision Shared

2012-04-06 09:07 . 2012-04-22 15:18 -------- d-----w- c:\users\Chava\AppData\Local\Autodesk

2012-04-06 09:04 . 2012-04-06 09:11 -------- d-----w- c:\program files\Common Files\Autodesk Shared

2012-04-06 09:04 . 2012-04-06 09:10 -------- d-----w- c:\program files\Autodesk

2012-04-06 09:03 . 2012-04-06 09:03 -------- d-----w- c:\program files (x86)\Autodesk

2012-04-06 09:02 . 2012-04-06 09:11 -------- d-----w- c:\program files (x86)\Common Files\Autodesk Shared

2012-04-06 08:54 . 2012-04-22 15:16 -------- d-----w- c:\users\Chava\AppData\Roaming\Autodesk

2012-04-06 08:54 . 2012-04-22 15:16 -------- d-----w- c:\programdata\Autodesk

2012-04-06 06:17 . 2012-04-06 06:17 -------- d-----w- C:\Autodesk

2012-04-06 06:12 . 2012-04-10 13:44 -------- d-----w- c:\programdata\VirtualizedApplications

2012-04-06 06:04 . 2012-04-15 10:37 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-04-05 05:41 . 2012-04-05 05:41 -------- d-----w- c:\users\Chava\AppData\Local\HP

2012-04-05 05:35 . 2012-04-05 05:35 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-04-05 05:20 . 2012-04-05 05:20 -------- d-----w- c:\users\Chava\AppData\Roaming\Malwarebytes

2012-04-05 05:20 . 2012-04-05 05:20 -------- d-----w- c:\programdata\Malwarebytes

2012-04-05 05:20 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-05 05:20 . 2012-04-15 10:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-04-05 05:00 . 2012-04-05 05:00 -------- d--h--w- c:\programdata\Common Files

2012-04-05 04:59 . 2012-04-21 20:59 -------- d-----w- c:\programdata\MFAData

2012-03-31 18:15 . 2012-03-31 18:15 -------- d-----w- c:\users\Chava\AppData\Local\SoftGrid Client

2012-03-31 18:15 . 2012-04-15 10:28 -------- d-----w- c:\users\Chava\AppData\Roaming\SoftGrid Client

2012-03-31 18:15 . 2012-04-05 08:06 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client

2012-03-31 18:14 . 2012-03-31 18:16 -------- d-----w- c:\users\Chava\AppData\Roaming\TP

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-15 10:37 . 2011-10-30 03:21 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-13 08:46 . 2012-02-26 21:34 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-02-19 16:50 . 2011-03-29 01:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-02-19 03:36 . 2012-02-19 03:36 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{952B9BB0-284B-473D-89C9-95083382F3BE}\gapaengine.dll

2012-02-17 06:38 . 2012-03-17 02:44 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-17 02:44 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-17 02:44 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-17 02:44 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-10 06:36 . 2012-03-17 02:46 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-17 02:46 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-02-07 16:02 . 2012-02-07 16:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-02-07 00:39 . 2012-02-07 00:39 16808 ----a-w- c:\windows\system32\AcSignExtRes.dll

2012-02-07 00:39 . 2012-02-07 00:39 2312616 ----a-w- c:\windows\system32\styleman.cpl

2012-02-07 00:39 . 2012-02-07 00:39 2312616 ----a-w- c:\windows\system32\plotman.cpl

2012-02-07 00:38 . 2012-02-07 00:38 47016 ----a-w- c:\windows\system32\AcSignIcon.dll

2012-02-07 00:38 . 2012-02-07 00:38 435624 ----a-w- c:\windows\system32\AcSignOpt.exe

2012-02-07 00:38 . 2012-02-07 00:38 35240 ----a-w- c:\windows\system32\AcSignExt.dll

2012-02-03 04:34 . 2012-03-17 02:46 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-01-31 12:44 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-01-25 06:38 . 2012-03-17 02:45 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-01-25 06:38 . 2012-03-17 02:45 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-01-25 06:33 . 2012-03-17 02:45 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

.

((((((((((((((((((((((((((((( SnapShot@2012-04-18_21.06.58 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-04-17 17:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-04-21 20:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-04-21 20:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-04-17 17:29 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-04-21 20:52 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-04-17 17:29 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-11-21 03:09 . 2012-04-21 21:01 48704 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-04-22 19:24 39632 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2012-02-18 02:16 . 2012-04-18 20:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2012-02-18 02:16 . 2012-04-23 09:19 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2012-04-18 17:39 . 2012-04-23 09:19 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2012-04-18 17:39 . 2012-04-18 20:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-04-23 09:19 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-04-18 20:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:46 . 2012-04-19 04:26 96856 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2012-02-18 12:01 . 2012-04-22 19:24 8168 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3158178755-1681758875-57547459-1000_UserData.bin

- 2012-04-18 21:06 . 2012-04-18 21:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-04-22 19:21 . 2012-04-22 19:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-04-22 19:21 . 2012-04-22 19:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-04-18 21:06 . 2012-04-18 21:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-02-17 19:35 . 2012-04-23 09:58 267982 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2009-07-14 02:36 . 2012-04-18 20:48 662862 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-04-23 09:59 662862 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-04-18 20:48 122400 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2012-04-23 09:59 122400 c:\windows\system32\perfc009.dat

- 2009-07-14 05:01 . 2012-04-18 21:05 325360 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-04-22 18:09 325360 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-04-19 20:22 . 2012-04-19 20:22 326128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3158178755-1681758875-57547459-1003-8192.dat

- 2012-03-16 21:09 . 2012-04-15 13:29 724324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3158178755-1681758875-57547459-1000-12288.dat

+ 2012-03-16 21:09 . 2012-04-19 04:28 724324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3158178755-1681758875-57547459-1000-12288.dat

- 2011-10-30 09:00 . 2012-04-18 17:33 1069320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-10-30 09:00 . 2012-04-21 22:41 1069320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2012-02-18 12:19 . 2012-04-22 18:09 8280652 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3158178755-1681758875-57547459-1000-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"chromium"="c:\users\Chava\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-04-12 1224176]

"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-15 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]

"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-09-13 103992]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-9-20 1338144]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;????? Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-15 136176]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-08-01 195320]

R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-04-06 1432400]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-15 136176]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]

S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232]

S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-20 249648]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-08-19 260424]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]

S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-13 227896]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-09-01 2425960]

S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]

S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [x]

S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [x]

S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-09-13 1098296]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 10:37]

.

2012-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-15 10:03]

.

2012-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-15 10:03]

.

2012-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3158178755-1681758875-57547459-1000Core.job

- c:\users\Chava\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-10 03:05]

.

2012-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3158178755-1681758875-57547459-1000UA.job

- c:\users\Chava\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-10 03:05]

.

2012-04-16 c:\windows\Tasks\HPCeeScheduleForCHAVA-HP$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]

.

2012-04-15 c:\windows\Tasks\HPCeeScheduleForChava.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-26 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-26 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-26 416024]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-09-08 1424896]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880]

"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-06 415680]

.

------- Supplementary Scan -------

.

uStart Page = https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=hxxp://mail.google.com/mail/&scc=1&ltmpl=default&ltmplcache=2

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 10.0.0.138

FF - ProfilePath - c:\users\Chava\AppData\Roaming\Mozilla\Firefox\Profiles\nm84bhij.default\

FF - prefs.js: browser.startup.homepage - hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http://mail.google.com/mail/?hl%3Diw&scc=1&ltmpl=default&ltmplcache=2&hl=iw

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-04-23 13:12:45

ComboFix-quarantined-files.txt 2012-04-23 10:12

ComboFix2.txt 2012-04-21 21:20

ComboFix3.txt 2012-04-18 22:01

ComboFix4.txt 2012-04-18 21:11

.

Pre-Run: 656,777,838,592 bytes free

Post-Run: 656,667,766,784 bytes free

.

- - End Of File - - D83DCC566C5E5F313E10EF53CD17ED9C

Maniac · April 23, 2012

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Avrohom · April 23, 2012

No threats were found.

Here's the log:

19:34:32.0901 7076 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47

19:34:33.0168 7076 ============================================================

19:34:33.0168 7076 Current date / time: 2012/04/23 19:34:33.0168

19:34:33.0168 7076 SystemInfo:

19:34:33.0168 7076

19:34:33.0168 7076 OS Version: 6.1.7601 ServicePack: 1.0

19:34:33.0168 7076 Product type: Workstation

19:34:33.0169 7076 ComputerName: CHAVA-HP

19:34:33.0169 7076 UserName: Chava

19:34:33.0169 7076 Windows directory: C:\Windows

19:34:33.0169 7076 System windows directory: C:\Windows

19:34:33.0169 7076 Running under WOW64

19:34:33.0169 7076 Processor architecture: Intel x64

19:34:33.0169 7076 Number of processors: 4

19:34:33.0169 7076 Page size: 0x1000

19:34:33.0169 7076 Boot type: Normal boot

19:34:33.0169 7076 ============================================================

19:34:33.0519 7076 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

19:34:33.0569 7076 \Device\Harddisk0\DR0:

19:34:33.0569 7076 MBR partitions:

19:34:33.0569 7076 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

19:34:33.0569 7076 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x544D4800

19:34:33.0569 7076 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x54538800, BlocksNum 0x281E000

19:34:33.0569 7076 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x56D56800, BlocksNum 0x7EF000

19:34:33.0617 7076 C: <-> \Device\Harddisk0\DR0\Partition1

19:34:33.0660 7076 D: <-> \Device\Harddisk0\DR0\Partition2

19:34:33.0672 7076 E: <-> \Device\Harddisk0\DR0\Partition3

19:34:33.0672 7076 Initialize success

19:34:33.0672 7076 ============================================================

19:35:11.0780 5224 ============================================================

19:35:11.0780 5224 Scan started

19:35:11.0780 5224 Mode: Manual; SigCheck; TDLFS;

19:35:11.0780 5224 ============================================================

19:35:12.0423 5224 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

19:35:12.0501 5224 1394ohci - ok

19:35:12.0899 5224 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

19:35:12.0957 5224 ACPI - ok

19:35:13.0337 5224 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

19:35:13.0381 5224 AcpiPmi - ok

19:35:13.0510 5224 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

19:35:13.0597 5224 AdobeARMservice - ok

19:35:13.0918 5224 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

19:35:14.0029 5224 AdobeFlashPlayerUpdateSvc - ok

19:35:14.0430 5224 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

19:35:14.0472 5224 adp94xx - ok

19:35:14.0860 5224 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

19:35:14.0882 5224 adpahci - ok

19:35:15.0276 5224 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

19:35:15.0310 5224 adpu320 - ok

19:35:15.0542 5224 AdvancedSystemCareService5 (b11c71b29fa69e4586f9b65560e6604d) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe

19:35:15.0588 5224 AdvancedSystemCareService5 - ok

19:35:15.0836 5224 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

19:35:15.0892 5224 AeLookupSvc - ok

19:35:16.0279 5224 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

19:35:16.0307 5224 AFD - ok

19:35:16.0704 5224 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

19:35:16.0738 5224 agp440 - ok

19:35:17.0033 5224 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

19:35:17.0084 5224 ALG - ok

19:35:17.0475 5224 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

19:35:17.0496 5224 aliide - ok

19:35:17.0896 5224 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

19:35:17.0931 5224 amdide - ok

19:35:18.0335 5224 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

19:35:18.0368 5224 AmdK8 - ok

19:35:18.0751 5224 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

19:35:18.0770 5224 AmdPPM - ok

19:35:19.0157 5224 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

19:35:19.0192 5224 amdsata - ok

19:35:19.0577 5224 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

19:35:19.0605 5224 amdsbs - ok

19:35:19.0990 5224 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

19:35:20.0019 5224 amdxata - ok

19:35:20.0407 5224 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

19:35:20.0466 5224 AppID - ok

19:35:20.0719 5224 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

19:35:20.0776 5224 AppIDSvc - ok

19:35:21.0076 5224 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

19:35:21.0123 5224 Appinfo - ok

19:35:21.0523 5224 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

19:35:21.0555 5224 arc - ok

19:35:21.0929 5224 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

19:35:21.0979 5224 arcsas - ok

19:35:22.0334 5224 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

19:35:22.0356 5224 aspnet_state - ok

19:35:22.0744 5224 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

19:35:22.0797 5224 AsyncMac - ok

19:35:23.0151 5224 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

19:35:23.0185 5224 atapi - ok

19:35:23.0491 5224 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

19:35:23.0563 5224 AudioEndpointBuilder - ok

19:35:23.0572 5224 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

19:35:23.0625 5224 AudioSrv - ok

19:35:23.0845 5224 Autodesk Content Service (f431dc5d94f4b2fdbc927655d8a9b10e) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe

19:35:23.0861 5224 Autodesk Content Service - ok

19:35:24.0144 5224 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

19:35:24.0179 5224 AxInstSV - ok

19:35:24.0576 5224 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

19:35:24.0613 5224 b06bdrv - ok

19:35:24.0979 5224 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

19:35:25.0021 5224 b57nd60a - ok

19:35:25.0134 5224 BBSvc (28a4012e68bc9597bcb9b26b51aac4b6) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

19:35:25.0201 5224 BBSvc - ok

19:35:25.0237 5224 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

19:35:25.0302 5224 BBUpdate - ok

19:35:25.0684 5224 bcbtums (09a19c806110ce839111850ec27e65f5) C:\Windows\system32\drivers\bcbtums.sys

19:35:25.0745 5224 bcbtums - ok

19:35:26.0235 5224 BCM43XX (461e574d7967e895640109a371a912a5) C:\Windows\system32\DRIVERS\bcmwl664.sys

19:35:26.0321 5224 BCM43XX - ok

19:35:26.0576 5224 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

19:35:26.0604 5224 BDESVC - ok

19:35:26.0990 5224 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

19:35:27.0051 5224 Beep - ok

19:35:27.0356 5224 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

19:35:27.0431 5224 BFE - ok

19:35:27.0698 5224 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

19:35:27.0768 5224 BITS - ok

19:35:28.0138 5224 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

19:35:28.0171 5224 blbdrive - ok

19:35:28.0554 5224 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

19:35:28.0609 5224 bowser - ok

19:35:28.0999 5224 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

19:35:29.0038 5224 BrFiltLo - ok

19:35:29.0404 5224 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

19:35:29.0448 5224 BrFiltUp - ok

19:35:29.0829 5224 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

19:35:29.0877 5224 BridgeMP - ok

19:35:30.0117 5224 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

19:35:30.0164 5224 Browser - ok

19:35:30.0528 5224 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

19:35:30.0562 5224 Brserid - ok

19:35:30.0927 5224 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

19:35:30.0953 5224 BrSerWdm - ok

19:35:31.0345 5224 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

19:35:31.0384 5224 BrUsbMdm - ok

19:35:31.0747 5224 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

19:35:31.0763 5224 BrUsbSer - ok

19:35:32.0144 5224 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys

19:35:32.0182 5224 BthEnum - ok

19:35:32.0571 5224 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

19:35:32.0609 5224 BTHMODEM - ok

19:35:32.0997 5224 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

19:35:33.0030 5224 BthPan - ok

19:35:33.0408 5224 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys

19:35:33.0447 5224 BTHPORT - ok

19:35:33.0693 5224 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

19:35:33.0741 5224 bthserv - ok

19:35:34.0100 5224 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys

19:35:34.0129 5224 BTHUSB - ok

19:35:34.0533 5224 btwampfl (0e78584d5faca0509dfa97bd8b635075) C:\Windows\system32\drivers\btwampfl.sys

19:35:34.0591 5224 btwampfl - ok

19:35:34.0949 5224 btwaudio (409c4117e6027672ef41e68ace1468ad) C:\Windows\system32\drivers\btwaudio.sys

19:35:34.0972 5224 btwaudio - ok

19:35:35.0354 5224 btwavdt (8ca7cabd13316abace386d9f380b4cf3) C:\Windows\system32\DRIVERS\btwavdt.sys

19:35:35.0383 5224 btwavdt - ok

19:35:35.0539 5224 btwdins (1249ede2280f9a1564c946afddcd59d5) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

19:35:35.0619 5224 btwdins - ok

19:35:35.0983 5224 BTWDPAN (41933521a618475644b6e8d8487af326) C:\Windows\system32\DRIVERS\btwdpan.sys

19:35:36.0019 5224 BTWDPAN - ok

19:35:36.0376 5224 btwl2cap (b9354f9f111c64f2495b60f1e24cb453) C:\Windows\system32\DRIVERS\btwl2cap.sys

19:35:36.0412 5224 btwl2cap - ok

19:35:36.0766 5224 btwrchid (71a04f2d9deb21b162561eb574d7d629) C:\Windows\system32\DRIVERS\btwrchid.sys

19:35:36.0787 5224 btwrchid - ok

19:35:36.0828 5224 catchme - ok

19:35:37.0204 5224 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

19:35:37.0275 5224 cdfs - ok

19:35:37.0642 5224 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

19:35:37.0681 5224 cdrom - ok

19:35:37.0951 5224 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

19:35:38.0004 5224 CertPropSvc - ok

19:35:38.0404 5224 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

19:35:38.0455 5224 circlass - ok

19:35:38.0709 5224 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

19:35:38.0746 5224 CLFS - ok

19:35:38.0941 5224 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

19:35:38.0987 5224 clr_optimization_v2.0.50727_32 - ok

19:35:39.0230 5224 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

19:35:39.0247 5224 clr_optimization_v2.0.50727_64 - ok

19:35:39.0592 5224 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

19:35:39.0627 5224 clr_optimization_v4.0.30319_32 - ok

19:35:39.0945 5224 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

19:35:39.0969 5224 clr_optimization_v4.0.30319_64 - ok

19:35:40.0360 5224 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys

19:35:40.0417 5224 clwvd - ok

19:35:40.0786 5224 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

19:35:40.0832 5224 CmBatt - ok

19:35:41.0195 5224 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

19:35:41.0234 5224 cmdide - ok

19:35:41.0608 5224 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

19:35:41.0711 5224 CNG - ok

19:35:42.0085 5224 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

19:35:42.0117 5224 Compbatt - ok

19:35:42.0505 5224 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

19:35:42.0542 5224 CompositeBus - ok

19:35:42.0801 5224 COMSysApp - ok

19:35:43.0159 5224 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

19:35:43.0192 5224 crcdisk - ok

19:35:43.0486 5224 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

19:35:43.0564 5224 CryptSvc - ok

19:35:43.0789 5224 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

19:35:43.0877 5224 cvhsvc - ok

19:35:44.0258 5224 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys

19:35:44.0281 5224 dc3d - ok

19:35:44.0586 5224 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

19:35:44.0653 5224 DcomLaunch - ok

19:35:44.0908 5224 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

19:35:44.0995 5224 defragsvc - ok

19:35:45.0391 5224 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

19:35:45.0433 5224 DfsC - ok

19:35:45.0718 5224 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

19:35:45.0767 5224 Dhcp - ok

19:35:46.0125 5224 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

19:35:46.0192 5224 discache - ok

19:35:46.0575 5224 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

19:35:46.0592 5224 Disk - ok

19:35:46.0846 5224 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

19:35:46.0897 5224 Dnscache - ok

19:35:47.0153 5224 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

19:35:47.0204 5224 dot3svc - ok

19:35:47.0466 5224 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

19:35:47.0513 5224 DPS - ok

19:35:47.0906 5224 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

19:35:47.0957 5224 drmkaud - ok

19:35:48.0334 5224 DXGKrnl (a4f408ad1065c7ad2ed332c68025b435) C:\Windows\System32\drivers\dxgkrnl.sys

19:35:48.0384 5224 DXGKrnl - ok

19:35:48.0643 5224 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

19:35:48.0698 5224 EapHost - ok

19:35:49.0112 5224 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

19:35:49.0164 5224 ebdrv - ok

19:35:49.0407 5224 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

19:35:49.0445 5224 EFS - ok

19:35:49.0625 5224 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

19:35:49.0683 5224 ehRecvr - ok

19:35:49.0818 5224 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

19:35:49.0878 5224 ehSched - ok

19:35:50.0244 5224 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

19:35:50.0284 5224 elxstor - ok

19:35:50.0636 5224 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

19:35:50.0662 5224 ErrDev - ok

19:35:50.0956 5224 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

19:35:51.0033 5224 EventSystem - ok

19:35:51.0391 5224 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

19:35:51.0456 5224 exfat - ok

19:35:51.0815 5224 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

19:35:51.0855 5224 fastfat - ok

19:35:52.0157 5224 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

19:35:52.0223 5224 Fax - ok

19:35:52.0571 5224 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

19:35:52.0603 5224 fdc - ok

19:35:52.0880 5224 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

19:35:52.0936 5224 fdPHost - ok

19:35:53.0193 5224 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

19:35:53.0248 5224 FDResPub - ok

19:35:53.0616 5224 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

19:35:53.0650 5224 FileInfo - ok

19:35:54.0018 5224 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

19:35:54.0102 5224 Filetrace - ok

19:35:54.0215 5224 FLEXnet Licensing Service 64 (64ab6f28047744b9b19c97459c2ab31b) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

19:35:54.0361 5224 FLEXnet Licensing Service 64 - ok

19:35:54.0722 5224 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

19:35:54.0758 5224 flpydisk - ok

19:35:55.0149 5224 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

19:35:55.0188 5224 FltMgr - ok

19:35:55.0444 5224 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

19:35:55.0485 5224 FontCache - ok

19:35:55.0628 5224 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

19:35:55.0650 5224 FontCache3.0.0.0 - ok

19:35:55.0797 5224 FPLService (ec3949088f617acc056fc1ab54a6a13b) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

19:35:55.0846 5224 FPLService - ok

19:35:56.0203 5224 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

19:35:56.0240 5224 FsDepends - ok

19:35:56.0603 5224 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

19:35:56.0629 5224 Fs_Rec - ok

19:35:57.0015 5224 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

19:35:57.0038 5224 fvevol - ok

19:35:57.0398 5224 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

19:35:57.0415 5224 gagp30kx - ok

19:35:57.0539 5224 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

19:35:57.0609 5224 GamesAppService - ok

19:35:57.0884 5224 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

19:35:57.0992 5224 gpsvc - ok

19:35:58.0160 5224 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

19:35:58.0240 5224 gupdate - ok

19:35:58.0244 5224 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

19:35:58.0281 5224 gupdatem - ok

19:35:58.0393 5224 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

19:35:58.0438 5224 gusvc - ok

19:35:58.0803 5224 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

19:35:58.0836 5224 hcw85cir - ok

19:35:59.0217 5224 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

19:35:59.0263 5224 HdAudAddService - ok

19:35:59.0660 5224 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

19:35:59.0680 5224 HDAudBus - ok

19:36:00.0034 5224 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

19:36:00.0093 5224 HidBatt - ok

19:36:00.0460 5224 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

19:36:00.0504 5224 HidBth - ok

19:36:00.0880 5224 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

19:36:00.0916 5224 HidIr - ok

19:36:01.0175 5224 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

19:36:01.0250 5224 hidserv - ok

19:36:01.0634 5224 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

19:36:01.0680 5224 HidUsb - ok

19:36:01.0932 5224 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

19:36:01.0983 5224 hkmsvc - ok

19:36:02.0236 5224 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

19:36:02.0300 5224 HomeGroupListener - ok

19:36:02.0557 5224 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

19:36:02.0604 5224 HomeGroupProvider - ok

19:36:02.0752 5224 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

19:36:02.0794 5224 HP Support Assistant Service - ok

19:36:02.0917 5224 HPAuto (7b8c1b09c11e8db7c4480abd7d17e821) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe

19:36:02.0944 5224 HPAuto - ok

19:36:03.0021 5224 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

19:36:03.0044 5224 HPClientSvc - ok

19:36:03.0273 5224 hpCMSrv (e07f8e78d08d9269e3365c2a4f637191) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

19:36:03.0353 5224 hpCMSrv - ok

19:36:03.0524 5224 HPDrvMntSvc.exe (e6ab9e7ff923928e9f549fddfcedb28a) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

19:36:03.0604 5224 HPDrvMntSvc.exe - ok

19:36:03.0772 5224 hpqwmiex (dbdc0581d4506c13e6bef48d14b1c55b) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

19:36:03.0998 5224 hpqwmiex - ok

19:36:04.0376 5224 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

19:36:04.0410 5224 HpSAMD - ok

19:36:04.0547 5224 HPWMISVC (77c15d7e8f002a173eebff0b20cd697d) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

19:36:04.0588 5224 HPWMISVC - ok

19:36:04.0989 5224 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

19:36:05.0050 5224 HTTP - ok

19:36:05.0418 5224 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

19:36:05.0451 5224 hwpolicy - ok

19:36:05.0848 5224 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

19:36:05.0885 5224 i8042prt - ok

19:36:06.0267 5224 iaStor (26cf4275034214ecedd8ec17b0a18a99) C:\Windows\system32\DRIVERS\iaStor.sys

19:36:06.0307 5224 iaStor - ok

19:36:06.0467 5224 IAStorDataMgrSvc (e79a8e33bd136d14bae1fa20eb2ef124) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

19:36:06.0484 5224 IAStorDataMgrSvc - ok

19:36:06.0886 5224 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

19:36:06.0919 5224 iaStorV - ok

19:36:07.0132 5224 IconMan_R (d3090576412ec63e0c6271d8b0974d73) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

19:36:07.0218 5224 IconMan_R - ok

19:36:07.0392 5224 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

19:36:07.0425 5224 idsvc - ok

19:36:08.0011 5224 igfx (33faa40b288002c89529dbd14f3ab72c) C:\Windows\system32\DRIVERS\igdkmd64.sys

19:36:08.0159 5224 igfx - ok

19:36:08.0531 5224 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

19:36:08.0564 5224 iirsp - ok

19:36:08.0841 5224 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

19:36:08.0912 5224 IKEEXT - ok

19:36:09.0324 5224 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys

19:36:09.0364 5224 IntcDAud - ok

19:36:09.0726 5224 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

19:36:09.0741 5224 intelide - ok

19:36:10.0132 5224 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

19:36:10.0153 5224 intelppm - ok

19:36:10.0413 5224 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

19:36:10.0479 5224 IPBusEnum - ok

19:36:10.0831 5224 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

19:36:10.0890 5224 IpFilterDriver - ok

19:36:11.0155 5224 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

19:36:11.0221 5224 iphlpsvc - ok

19:36:11.0576 5224 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

19:36:11.0608 5224 IPMIDRV - ok

19:36:11.0978 5224 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

19:36:12.0043 5224 IPNAT - ok

19:36:12.0423 5224 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

19:36:12.0466 5224 IRENUM - ok

19:36:12.0845 5224 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

19:36:12.0872 5224 isapnp - ok

19:36:13.0244 5224 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

19:36:13.0282 5224 iScsiPrt - ok

19:36:13.0432 5224 jhi_service (6c85719a21b3f62c2c76280f4bd36c7b) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

19:36:13.0490 5224 jhi_service - ok

19:36:13.0865 5224 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

19:36:13.0895 5224 kbdclass - ok

19:36:14.0274 5224 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

19:36:14.0309 5224 kbdhid - ok

19:36:14.0552 5224 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:36:14.0596 5224 KeyIso - ok

19:36:14.0963 5224 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

19:36:15.0001 5224 KSecDD - ok

19:36:15.0359 5224 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

19:36:15.0379 5224 KSecPkg - ok

19:36:15.0756 5224 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

19:36:15.0818 5224 ksthunk - ok

19:36:16.0077 5224 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

19:36:16.0136 5224 KtmRm - ok

19:36:16.0424 5224 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

19:36:16.0494 5224 LanmanServer - ok

19:36:16.0780 5224 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

19:36:16.0843 5224 LanmanWorkstation - ok

19:36:17.0235 5224 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

19:36:17.0290 5224 lltdio - ok

19:36:17.0543 5224 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

19:36:17.0609 5224 lltdsvc - ok

19:36:17.0851 5224 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

19:36:17.0915 5224 lmhosts - ok

19:36:18.0072 5224 LMS (d75c4b4a8fe6d7fd74a7eecdbaec729f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

19:36:18.0155 5224 LMS - ok

19:36:18.0544 5224 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

19:36:18.0588 5224 LSI_FC - ok

19:36:18.0976 5224 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

19:36:19.0005 5224 LSI_SAS - ok

19:36:19.0400 5224 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

19:36:19.0432 5224 LSI_SAS2 - ok

19:36:19.0803 5224 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

19:36:19.0833 5224 LSI_SCSI - ok

19:36:20.0191 5224 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

19:36:20.0268 5224 luafv - ok

19:36:20.0569 5224 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

19:36:20.0608 5224 Mcx2Svc - ok

19:36:20.0981 5224 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

19:36:21.0015 5224 megasas - ok

19:36:21.0405 5224 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

19:36:21.0453 5224 MegaSR - ok

19:36:21.0838 5224 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

19:36:21.0870 5224 MEIx64 - ok

19:36:22.0143 5224 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

19:36:22.0244 5224 MMCSS - ok

19:36:22.0598 5224 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

19:36:22.0650 5224 Modem - ok

19:36:23.0009 5224 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

19:36:23.0048 5224 monitor - ok

19:36:23.0414 5224 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

19:36:23.0448 5224 mouclass - ok

19:36:23.0853 5224 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

19:36:23.0915 5224 mouhid - ok

19:36:24.0268 5224 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

19:36:24.0292 5224 mountmgr - ok

19:36:24.0659 5224 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys

19:36:24.0704 5224 MpFilter - ok

19:36:25.0057 5224 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

19:36:25.0101 5224 mpio - ok

19:36:25.0462 5224 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys

19:36:25.0496 5224 MpNWMon - ok

19:36:25.0861 5224 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

19:36:25.0914 5224 mpsdrv - ok

19:36:26.0172 5224 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

19:36:26.0229 5224 MpsSvc - ok

19:36:26.0596 5224 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

19:36:26.0641 5224 MRxDAV - ok

19:36:27.0005 5224 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

19:36:27.0046 5224 mrxsmb - ok

19:36:27.0411 5224 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

19:36:27.0442 5224 mrxsmb10 - ok

19:36:27.0808 5224 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

19:36:27.0846 5224 mrxsmb20 - ok

19:36:28.0209 5224 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

19:36:28.0227 5224 msahci - ok

19:36:28.0598 5224 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

19:36:28.0640 5224 msdsm - ok

19:36:28.0897 5224 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

19:36:28.0951 5224 MSDTC - ok

19:36:29.0317 5224 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

19:36:29.0369 5224 Msfs - ok

19:36:29.0750 5224 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

19:36:29.0795 5224 mshidkmdf - ok

19:36:30.0162 5224 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

19:36:30.0212 5224 msisadrv - ok

19:36:30.0491 5224 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

19:36:30.0571 5224 MSiSCSI - ok

19:36:30.0793 5224 msiserver - ok

19:36:31.0179 5224 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

19:36:31.0246 5224 MSKSSRV - ok

19:36:31.0371 5224 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

19:36:31.0396 5224 MsMpSvc - ok

19:36:31.0779 5224 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

19:36:31.0850 5224 MSPCLOCK - ok

19:36:32.0235 5224 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

19:36:32.0297 5224 MSPQM - ok

19:36:32.0667 5224 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

19:36:32.0708 5224 MsRPC - ok

19:36:33.0066 5224 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

19:36:33.0082 5224 mssmbios - ok

19:36:33.0430 5224 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

19:36:33.0492 5224 MSTEE - ok

19:36:33.0845 5224 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

19:36:33.0885 5224 MTConfig - ok

19:36:34.0264 5224 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

19:36:34.0283 5224 Mup - ok

19:36:34.0559 5224 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

19:36:34.0629 5224 napagent - ok

19:36:35.0032 5224 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

19:36:35.0082 5224 NativeWifiP - ok

19:36:35.0483 5224 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys

19:36:35.0519 5224 NDIS - ok

19:36:35.0905 5224 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

19:36:35.0967 5224 NdisCap - ok

19:36:36.0361 5224 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

19:36:36.0418 5224 NdisTapi - ok

19:36:36.0806 5224 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

19:36:36.0843 5224 Ndisuio - ok

19:36:37.0210 5224 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

19:36:37.0292 5224 NdisWan - ok

19:36:37.0644 5224 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

19:36:37.0708 5224 NDProxy - ok

19:36:38.0089 5224 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

19:36:38.0143 5224 NetBIOS - ok

19:36:38.0507 5224 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

19:36:38.0578 5224 NetBT - ok

19:36:38.0821 5224 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:36:38.0854 5224 Netlogon - ok

19:36:39.0143 5224 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

19:36:39.0202 5224 Netman - ok

19:36:39.0531 5224 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

19:36:39.0553 5224 NetMsmqActivator - ok

19:36:39.0556 5224 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

19:36:39.0578 5224 NetPipeActivator - ok

19:36:39.0836 5224 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

19:36:39.0924 5224 netprofm - ok

19:36:40.0254 5224 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

19:36:40.0295 5224 NetTcpActivator - ok

19:36:40.0301 5224 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

19:36:40.0324 5224 NetTcpPortSharing - ok

19:36:40.0692 5224 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

19:36:40.0716 5224 nfrd960 - ok

19:36:41.0088 5224 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

19:36:41.0123 5224 NisDrv - ok

19:36:41.0244 5224 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

19:36:41.0299 5224 NisSrv - ok

19:36:41.0586 5224 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

19:36:41.0664 5224 NlaSvc - ok

19:36:42.0025 5224 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

19:36:42.0087 5224 Npfs - ok

19:36:42.0341 5224 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

19:36:42.0403 5224 nsi - ok

19:36:42.0758 5224 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

19:36:42.0795 5224 nsiproxy - ok

19:36:43.0193 5224 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

19:36:43.0246 5224 Ntfs - ok

19:36:43.0638 5224 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys

19:36:43.0670 5224 NuidFltr - ok

19:36:44.0032 5224 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

19:36:44.0087 5224 Null - ok

19:36:44.0456 5224 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys

19:36:44.0516 5224 NVENETFD - ok

19:36:44.0901 5224 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

19:36:44.0928 5224 nvraid - ok

19:36:45.0284 5224 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

19:36:45.0346 5224 nvstor - ok

19:36:45.0736 5224 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

19:36:45.0781 5224 nv_agp - ok

19:36:45.0957 5224 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

19:36:46.0023 5224 odserv - ok

19:36:46.0386 5224 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

19:36:46.0431 5224 ohci1394 - ok

19:36:46.0552 5224 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

19:36:46.0628 5224 ose - ok

19:36:46.0795 5224 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

19:36:46.0998 5224 osppsvc - ok

19:36:47.0266 5224 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

19:36:47.0306 5224 p2pimsvc - ok

19:36:47.0572 5224 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

19:36:47.0618 5224 p2psvc - ok

19:36:47.0984 5224 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

19:36:48.0020 5224 Parport - ok

19:36:48.0380 5224 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

19:36:48.0401 5224 partmgr - ok

19:36:48.0662 5224 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

19:36:48.0730 5224 PcaSvc - ok

19:36:49.0105 5224 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

19:36:49.0146 5224 pci - ok

19:36:49.0505 5224 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

19:36:49.0525 5224 pciide - ok

19:36:49.0897 5224 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

19:36:49.0943 5224 pcmcia - ok

19:36:50.0301 5224 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

19:36:50.0328 5224 pcw - ok

19:36:50.0701 5224 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

19:36:50.0760 5224 PEAUTH - ok

19:36:51.0025 5224 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

19:36:51.0069 5224 PerfHost - ok

19:36:51.0360 5224 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

19:36:51.0430 5224 pla - ok

19:36:51.0719 5224 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

19:36:51.0771 5224 PlugPlay - ok

19:36:52.0023 5224 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

19:36:52.0048 5224 PNRPAutoReg - ok

19:36:52.0308 5224 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

19:36:52.0340 5224 PNRPsvc - ok

19:36:52.0719 5224 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys

19:36:52.0743 5224 Point64 - ok

19:36:53.0026 5224 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

19:36:53.0088 5224 PolicyAgent - ok

19:36:53.0335 5224 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

19:36:53.0385 5224 Power - ok

19:36:53.0771 5224 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

19:36:53.0810 5224 PptpMiniport - ok

19:36:54.0169 5224 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

19:36:54.0206 5224 Processor - ok

19:36:54.0489 5224 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

19:36:54.0549 5224 ProfSvc - ok

19:36:54.0788 5224 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:36:54.0810 5224 ProtectedStorage - ok

19:36:55.0189 5224 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

19:36:55.0237 5224 Psched - ok

19:36:55.0633 5224 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

19:36:55.0700 5224 ql2300 - ok

19:36:56.0062 5224 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

19:36:56.0097 5224 ql40xx - ok

19:36:56.0366 5224 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

19:36:56.0425 5224 QWAVE - ok

19:36:56.0787 5224 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

19:36:56.0846 5224 QWAVEdrv - ok

19:36:57.0209 5224 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

19:36:57.0250 5224 RasAcd - ok

19:36:57.0635 5224 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

19:36:57.0692 5224 RasAgileVpn - ok

19:36:57.0944 5224 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

19:36:58.0008 5224 RasAuto - ok

19:36:58.0390 5224 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

19:36:58.0428 5224 Rasl2tp - ok

19:36:58.0698 5224 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

19:36:58.0770 5224 RasMan - ok

19:36:59.0147 5224 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

19:36:59.0204 5224 RasPppoe - ok

19:36:59.0595 5224 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

19:36:59.0634 5224 RasSstp - ok

19:37:00.0001 5224 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

19:37:00.0043 5224 rdbss - ok

19:37:00.0405 5224 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

19:37:00.0445 5224 rdpbus - ok

19:37:00.0800 5224 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

19:37:00.0842 5224 RDPCDD - ok

19:37:01.0222 5224 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

19:37:01.0259 5224 RDPENCDD - ok

19:37:01.0611 5224 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

19:37:01.0648 5224 RDPREFMP - ok

19:37:02.0020 5224 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

19:37:02.0064 5224 RDPWD - ok

19:37:02.0449 5224 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

19:37:02.0473 5224 rdyboost - ok

19:37:02.0729 5224 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

19:37:02.0805 5224 RemoteAccess - ok

19:37:03.0064 5224 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

19:37:03.0145 5224 RemoteRegistry - ok

19:37:03.0522 5224 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

19:37:03.0589 5224 RFCOMM - ok

19:37:03.0871 5224 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

19:37:03.0918 5224 RpcEptMapper - ok

19:37:04.0183 5224 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

19:37:04.0227 5224 RpcLocator - ok

19:37:04.0508 5224 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll

19:37:04.0580 5224 RpcSs - ok

19:37:04.0955 5224 RSPCIESTOR (6e5c3d18c3bcc72aa527dbc5fa61ab8f) C:\Windows\system32\DRIVERS\RtsPStor.sys

19:37:04.0991 5224 RSPCIESTOR - ok

19:37:05.0354 5224 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

19:37:05.0402 5224 rspndr - ok

19:37:05.0819 5224 RTL8167 (9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys

19:37:05.0852 5224 RTL8167 - ok

19:37:06.0122 5224 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:37:06.0144 5224 SamSs - ok

19:37:06.0533 5224 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

19:37:06.0550 5224 sbp2port - ok

19:37:06.0850 5224 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

19:37:06.0911 5224 SCardSvr - ok

19:37:07.0267 5224 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

19:37:07.0303 5224 scfilter - ok

19:37:07.0575 5224 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

19:37:07.0637 5224 Schedule - ok

19:37:07.0879 5224 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

19:37:07.0942 5224 SCPolicySvc - ok

19:37:08.0306 5224 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys

19:37:08.0389 5224 sdbus - ok

19:37:08.0649 5224 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

19:37:08.0694 5224 SDRSVC - ok

19:37:09.0071 5224 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

19:37:09.0119 5224 secdrv - ok

19:37:09.0370 5224 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

19:37:09.0425 5224 seclogon - ok

19:37:09.0685 5224 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

19:37:09.0754 5224 SENS - ok

19:37:10.0010 5224 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

19:37:10.0045 5224 SensrSvc - ok

19:37:10.0395 5224 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

19:37:10.0412 5224 Serenum - ok

19:37:10.0793 5224 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

19:37:10.0828 5224 Serial - ok

19:37:11.0265 5224 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

19:37:11.0300 5224 sermouse - ok

19:37:11.0568 5224 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

19:37:11.0635 5224 SessionEnv - ok

19:37:12.0002 5224 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

19:37:12.0037 5224 sffdisk - ok

19:37:12.0398 5224 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

19:37:12.0443 5224 sffp_mmc - ok

19:37:12.0800 5224 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

19:37:12.0825 5224 sffp_sd - ok

19:37:13.0186 5224 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

19:37:13.0225 5224 sfloppy - ok

19:37:13.0649 5224 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys

19:37:13.0699 5224 Sftfs - ok

19:37:13.0831 5224 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

19:37:13.0952 5224 sftlist - ok

19:37:14.0357 5224 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys

19:37:14.0389 5224 Sftplay - ok

19:37:14.0777 5224 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys

19:37:14.0795 5224 Sftredir - ok

19:37:15.0193 5224 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys

19:37:15.0227 5224 Sftvol - ok

19:37:15.0332 5224 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

19:37:15.0445 5224 sftvsa - ok

19:37:15.0735 5224 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

19:37:15.0806 5224 SharedAccess - ok

19:37:16.0053 5224 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

19:37:16.0107 5224 ShellHWDetection - ok

19:37:16.0466 5224 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

19:37:16.0498 5224 SiSRaid2 - ok

19:37:16.0856 5224 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

19:37:16.0875 5224 SiSRaid4 - ok

19:37:16.0989 5224 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe

19:37:17.0106 5224 SkypeUpdate - ok

19:37:17.0470 5224 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

19:37:17.0509 5224 Smb - ok

19:37:17.0794 5224 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

19:37:17.0821 5224 SNMPTRAP - ok

19:37:18.0193 5224 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

19:37:18.0214 5224 spldr - ok

19:37:18.0464 5224 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

19:37:18.0562 5224 Spooler - ok

19:37:18.0864 5224 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

19:37:18.0978 5224 sppsvc - ok

19:37:19.0238 5224 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

19:37:19.0298 5224 sppuinotify - ok

19:37:19.0674 5224 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

19:37:19.0706 5224 srv - ok

19:37:20.0089 5224 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

19:37:20.0114 5224 srv2 - ok

19:37:20.0536 5224 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

19:37:20.0559 5224 SrvHsfHDA - ok

19:37:20.0983 5224 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

19:37:21.0036 5224 SrvHsfV92 - ok

19:37:21.0507 5224 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

19:37:21.0544 5224 SrvHsfWinac - ok

19:37:21.0929 5224 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

19:37:21.0954 5224 srvnet - ok

19:37:22.0230 5224 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

19:37:22.0306 5224 SSDPSRV - ok

19:37:22.0560 5224 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

19:37:22.0622 5224 SstpSvc - ok

19:37:22.0807 5224 STacSV (7bf818b11c1fedc3e76d233124470a30) C:\Program Files\IDT\WDM\STacSV64.exe

19:37:22.0890 5224 STacSV - ok

19:37:23.0253 5224 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

19:37:23.0281 5224 stexstor - ok

19:37:23.0704 5224 STHDA (ebc1a5e076a9be314d3d9e8ed19abb0a) C:\Windows\system32\DRIVERS\stwrt64.sys

19:37:23.0750 5224 STHDA - ok

19:37:24.0037 5224 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

19:37:24.0076 5224 stisvc - ok

19:37:24.0446 5224 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

19:37:24.0479 5224 swenum - ok

19:37:24.0799 5224 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

19:37:24.0877 5224 swprv - ok

19:37:25.0265 5224 SynTP (c447977ed2a4ae9346fe3a0579a34d7c) C:\Windows\system32\DRIVERS\SynTP.sys

19:37:25.0309 5224 SynTP - ok

19:37:25.0604 5224 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

19:37:25.0656 5224 SysMain - ok

19:37:25.0908 5224 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

19:37:25.0951 5224 TabletInputService - ok

19:37:26.0195 5224 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

19:37:26.0257 5224 TapiSrv - ok

19:37:26.0509 5224 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

19:37:26.0568 5224 TBS - ok

19:37:26.0984 5224 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

19:37:27.0036 5224 Tcpip - ok

19:37:27.0467 5224 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

19:37:27.0527 5224 TCPIP6 - ok

19:37:27.0882 5224 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

19:37:27.0949 5224 tcpipreg - ok

19:37:28.0304 5224 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

19:37:28.0333 5224 TDPIPE - ok

19:37:28.0709 5224 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

19:37:28.0741 5224 TDTCP - ok

19:37:29.0121 5224 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

19:37:29.0206 5224 tdx - ok

19:37:29.0571 5224 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

19:37:29.0588 5224 TermDD - ok

19:37:29.0868 5224 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

19:37:29.0951 5224 TermService - ok

19:37:30.0192 5224 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

19:37:30.0224 5224 Themes - ok

19:37:30.0469 5224 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

19:37:30.0515 5224 THREADORDER - ok

19:37:30.0817 5224 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

19:37:30.0865 5224 TrkWks - ok

19:37:30.0982 5224 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

19:37:31.0033 5224 TrustedInstaller - ok

19:37:31.0333 5224 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

19:37:31.0382 5224 tssecsrv - ok

19:37:31.0834 5224 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

19:37:31.0866 5224 TsUsbFlt - ok

19:37:32.0224 5224 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

19:37:32.0250 5224 TsUsbGD - ok

19:37:32.0648 5224 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

19:37:32.0736 5224 tunnel - ok

19:37:33.0111 5224 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

19:37:33.0152 5224 uagp35 - ok

19:37:33.0511 5224 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

19:37:33.0565 5224 udfs - ok

19:37:33.0821 5224 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

19:37:33.0881 5224 UI0Detect - ok

19:37:34.0421 5224 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

19:37:34.0437 5224 uliagpkx - ok

19:37:34.0789 5224 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

19:37:34.0805 5224 umbus - ok

19:37:35.0347 5224 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

19:37:35.0364 5224 UmPass - ok

19:37:35.0521 5224 UNS (758c2ce427c343f780a205e28555c98d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

19:37:35.0737 5224 UNS - ok

19:37:36.0004 5224 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

19:37:36.0073 5224 upnphost - ok

19:37:36.0433 5224 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

19:37:36.0460 5224 usbccgp - ok

19:37:36.0857 5224 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

19:37:36.0878 5224 usbcir - ok

19:37:37.0240 5224 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

19:37:37.0280 5224 usbehci - ok

19:37:37.0647 5224 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

19:37:37.0702 5224 usbhub - ok

19:37:38.0057 5224 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

19:37:38.0072 5224 usbohci - ok

19:37:38.0454 5224 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

19:37:38.0491 5224 usbprint - ok

19:37:38.0851 5224 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

19:37:38.0905 5224 USBSTOR - ok

19:37:39.0258 5224 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

19:37:39.0291 5224 usbuhci - ok

19:37:39.0674 5224 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

19:37:39.0699 5224 usbvideo - ok

19:37:39.0935 5224 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

19:37:39.0998 5224 UxSms - ok

19:37:40.0236 5224 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:37:40.0276 5224 VaultSvc - ok

19:37:40.0635 5224 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

19:37:40.0671 5224 vdrvroot - ok

19:37:40.0915 5224 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

19:37:40.0969 5224 vds - ok

19:37:41.0308 5224 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

19:37:41.0336 5224 vga - ok

19:37:41.0675 5224 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

19:37:41.0724 5224 VgaSave - ok

19:37:42.0073 5224 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

19:37:42.0113 5224 vhdmp - ok

19:37:42.0469 5224 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

19:37:42.0487 5224 viaide - ok

19:37:42.0854 5224 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

19:37:42.0878 5224 volmgr - ok

19:37:43.0235 5224 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

19:37:43.0257 5224 volmgrx - ok

19:37:43.0616 5224 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys

19:37:43.0662 5224 volsnap - ok

19:37:44.0009 5224 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

19:37:44.0044 5224 vsmraid - ok

19:37:44.0313 5224 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

19:37:44.0381 5224 VSS - ok

19:37:44.0733 5224 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

19:37:44.0752 5224 vwifibus - ok

19:37:45.0134 5224 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

19:37:45.0177 5224 vwififlt - ok

19:37:45.0534 5224 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

19:37:45.0564 5224 vwifimp - ok

19:37:45.0800 5224 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

19:37:45.0853 5224 W32Time - ok

19:37:46.0192 5224 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

19:37:46.0215 5224 WacomPen - ok

19:37:46.0594 5224 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

19:37:46.0653 5224 WANARP - ok

19:37:46.0674 5224 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

19:37:46.0712 5224 Wanarpv6 - ok

19:37:47.0016 5224 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

19:37:47.0233 5224 WatAdminSvc - ok

19:37:47.0506 5224 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

19:37:47.0604 5224 wbengine - ok

19:37:47.0863 5224 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

19:37:47.0911 5224 WbioSrvc - ok

19:37:48.0167 5224 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

19:37:48.0245 5224 wcncsvc - ok

19:37:48.0498 5224 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

19:37:48.0543 5224 WcsPlugInService - ok

19:37:48.0908 5224 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

19:37:48.0941 5224 Wd - ok

19:37:49.0320 5224 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

19:37:49.0363 5224 Wdf01000 - ok

19:37:49.0611 5224 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

19:37:49.0644 5224 WdiServiceHost - ok

19:37:49.0648 5224 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

19:37:49.0681 5224 WdiSystemHost - ok

19:37:49.0938 5224 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

19:37:49.0982 5224 WebClient - ok

19:37:50.0232 5224 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

19:37:50.0295 5224 Wecsvc - ok

19:37:50.0542 5224 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

19:37:50.0620 5224 wercplsupport - ok

19:37:50.0902 5224 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

19:37:50.0951 5224 WerSvc - ok

19:37:51.0312 5224 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

19:37:51.0368 5224 WfpLwf - ok

19:37:51.0734 5224 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

19:37:51.0760 5224 WIMMount - ok

19:37:51.0825 5224 WinDefend - ok

19:37:51.0832 5224 WinHttpAutoProxySvc - ok

19:37:52.0165 5224 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

19:37:52.0254 5224 Winmgmt - ok

19:37:52.0544 5224 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

19:37:52.0622 5224 WinRM - ok

19:37:52.0923 5224 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

19:37:52.0973 5224 Wlansvc - ok

19:37:53.0093 5224 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

19:37:53.0115 5224 wlcrasvc - ok

19:37:53.0209 5224 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

19:37:53.0317 5224 wlidsvc - ok

19:37:53.0673 5224 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

19:37:53.0716 5224 WmiAcpi - ok

19:37:54.0059 5224 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

19:37:54.0097 5224 wmiApSrv - ok

19:37:54.0184 5224 WMPNetworkSvc - ok

19:37:54.0434 5224 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

19:37:54.0492 5224 WPCSvc - ok

19:37:54.0760 5224 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

19:37:54.0803 5224 WPDBusEnum - ok

19:37:55.0169 5224 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

19:37:55.0231 5224 ws2ifsl - ok

19:37:55.0510 5224 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

19:37:55.0577 5224 wscsvc - ok

19:37:55.0798 5224 WSearch - ok

19:37:56.0111 5224 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

19:37:56.0190 5224 wuauserv - ok

19:37:56.0559 5224 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

19:37:56.0628 5224 WudfPf - ok

19:37:57.0006 5224 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

19:37:57.0077 5224 WUDFRd - ok

19:37:57.0336 5224 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

19:37:57.0385 5224 wudfsvc - ok

19:37:57.0633 5224 WwanSvc (ce8cf9de9cbfdaa318bd04d8be3fcada) C:\Windows\System32\wwansvc.dll

19:37:57.0697 5224 WwanSvc - ok

19:37:57.0765 5224 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

19:37:58.0521 5224 \Device\Harddisk0\DR0 - ok

19:37:58.0529 5224 Boot (0x1200) (61414348ad765f8677f348259a98e5e3) \Device\Harddisk0\DR0\Partition0

19:37:58.0531 5224 \Device\Harddisk0\DR0\Partition0 - ok

19:37:58.0549 5224 Boot (0x1200) (dfd349396010a7896f2b36d3ad9419e1) \Device\Harddisk0\DR0\Partition1

19:37:58.0551 5224 \Device\Harddisk0\DR0\Partition1 - ok

19:37:58.0584 5224 Boot (0x1200) (76a9b4c03494550f111e0d90beb4bedf) \Device\Harddisk0\DR0\Partition2

19:37:58.0585 5224 \Device\Harddisk0\DR0\Partition2 - ok

19:37:58.0596 5224 Boot (0x1200) (be328afc6894cfab5a8255940a2fe303) \Device\Harddisk0\DR0\Partition3

19:37:58.0597 5224 \Device\Harddisk0\DR0\Partition3 - ok

19:37:58.0598 5224 ============================================================

19:37:58.0598 5224 Scan finished

19:37:58.0598 5224 ============================================================

19:37:58.0612 4668 Detected object count: 0

19:37:58.0612 4668 Actual detected object count: 0

Maniac · April 23, 2012

Good!

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

Avrohom · April 23, 2012

Log:

Run date: 2012-04-23 23:33:10

-----------------------------

23:33:10.010 OS Version: Windows x64 6.1.7601 Service Pack 1

23:33:10.010 Number of processors: 4 586 0x2A07

23:33:10.010 ComputerName: CHAVA-HP UserName: Chava

23:33:11.695 Initialize success

23:33:17.833 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

23:33:17.833 Disk 0 Vendor: TOSHIBA_ GT00 Size: 715404MB BusType: 3

23:33:17.848 Disk 0 MBR read successfully

23:33:17.848 Disk 0 MBR scan

23:33:17.864 Disk 0 Windows 7 default MBR code

23:33:17.864 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048

23:33:17.879 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 690601 MB offset 409600

23:33:17.911 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 20540 MB offset 1414760448

23:33:17.926 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 4062 MB offset 1456826368

23:33:17.957 Disk 0 scanning C:\Windows\system32\drivers

23:33:24.119 Service scanning

23:33:54.461 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32

23:34:34.070 Modules scanning

23:34:34.086 Disk 0 trace - called modules:

23:34:34.195 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll

23:34:34.195 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008ace060]

23:34:34.210 3 CLASSPNP.SYS[fffff88001d7043f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8006213050]

23:34:34.210 Scan finished successfully

23:34:52.852 Disk 0 MBR has been saved successfully to "C:\Users\Chava\Desktop\MBR.dat"

23:34:52.852 The log file has been saved successfully to "C:\Users\Chava\Desktop\aswMBR.txt"

Avrohom · April 24, 2012

One way I have seen (on forums) to deal with the problem is just to accept it. When we see the pop-up -- just log in -- and then pop up won't return. :mellow:

Maniac · April 24, 2012

I don't know whether this was a good idea. Let us just in case do an additional scan:

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

Maurice Naggar · April 29, 2012

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Xmarks Authentication -- disturbing pop up

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information