Jump to content

Malwarebytes blocking incoming connection to svchost.exe - scans pick up nothing


Recommended Posts

Would you like me to run TDSSKiller again? Could you please explain what you believe happened to cause my svchost.exe to be contacted by the chinese IPs? How will I know if I am clean if Malwarebytes, Avast! and everything else never came up with any infections?? I do not understand what has been fixed, or what to do next.

Link to post
Share on other sites

I'm not sure if anything is wrong, I just had you run the scans and cleaned up the computer.

I'm still investigating.

------------------------------

Looks like you have some McAfee on the system??

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe Faulting module

----------------------------------------

Please download SystemLook from the link below and save it to your Desktop.

http://jpshortstuff....temLook_x64.exe

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :Filefind
    ybeq.exe
    svchost.exe


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

----------------------------------------

Run TDSSKiller again > download a fresh copy please:

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff

Log created at 17:28 on 12/05/2012 by Tom

Administrator - Elevation successful

========== Filefind ==========

Searching for "ybeq.exe"

No files found.

Searching for "svchost.exe"

C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe --a---- 199240 bytes [19:12 09/05/2012] [14:56 04/04/2012] 097D0E812D7A9A3101CE46CB2BE0474D

C:\WINDOWS\ERDNT\cache64\svchost.exe --a---- 27136 bytes [16:05 11/05/2012] [01:39 14/07/2009] C78655BC80301D76ED4FEF1C1EA40A7D

C:\WINDOWS\ERDNT\cache86\svchost.exe --a---- 20992 bytes [16:05 11/05/2012] [01:14 14/07/2009] 54A47F6B5E09A77E61649109C6A08866

C:\WINDOWS\System32\svchost.exe --a---- 27136 bytes [23:31 13/07/2009] [01:39 14/07/2009] C78655BC80301D76ED4FEF1C1EA40A7D

C:\WINDOWS\SysWOW64\svchost.exe --a---- 20992 bytes [23:19 13/07/2009] [01:14 14/07/2009] 54A47F6B5E09A77E61649109C6A08866

C:\WINDOWS\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe --a---- 27136 bytes [23:31 13/07/2009] [01:39 14/07/2009] C78655BC80301D76ED4FEF1C1EA40A7D

C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe --a---- 20992 bytes [23:19 13/07/2009] [01:14 14/07/2009] 54A47F6B5E09A77E61649109C6A08866

-= EOF =-

Here is the TDSSKiller log:

17:35:27.0886 6956 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18

17:35:27.0958 6956 ============================================================

17:35:27.0958 6956 Current date / time: 2012/05/12 17:35:27.0958

17:35:27.0958 6956 SystemInfo:

17:35:27.0958 6956

17:35:27.0958 6956 OS Version: 6.1.7601 ServicePack: 1.0

17:35:27.0958 6956 Product type: Workstation

17:35:27.0958 6956 ComputerName: TOM-PC

17:35:27.0958 6956 UserName: Tom

17:35:27.0958 6956 Windows directory: C:\Windows

17:35:27.0958 6956 System windows directory: C:\Windows

17:35:27.0958 6956 Running under WOW64

17:35:27.0958 6956 Processor architecture: Intel x64

17:35:27.0958 6956 Number of processors: 4

17:35:27.0958 6956 Page size: 0x1000

17:35:27.0958 6956 Boot type: Normal boot

17:35:27.0958 6956 ============================================================

17:35:28.0458 6956 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:35:28.0470 6956 ============================================================

17:35:28.0470 6956 \Device\Harddisk0\DR0:

17:35:28.0471 6956 MBR partitions:

17:35:28.0471 6956 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x34000, BlocksNum 0x2710000

17:35:28.0471 6956 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2744000, BlocksNum 0x37C41830

17:35:28.0471 6956 ============================================================

17:35:28.0494 6956 C: <-> \Device\Harddisk0\DR0\Partition1

17:35:28.0494 6956 ============================================================

17:35:28.0494 6956 Initialize success

17:35:28.0494 6956 ============================================================

17:36:26.0981 6436 ============================================================

17:36:26.0981 6436 Scan started

17:36:26.0981 6436 Mode: Manual; SigCheck; TDLFS;

17:36:26.0981 6436 ============================================================

17:36:27.0460 6436 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

17:36:27.0575 6436 1394ohci - ok

17:36:27.0603 6436 Acceler (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys

17:36:27.0630 6436 Acceler - ok

17:36:27.0659 6436 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

17:36:27.0677 6436 ACPI - ok

17:36:27.0698 6436 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

17:36:27.0799 6436 AcpiPmi - ok

17:36:28.0026 6436 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

17:36:28.0036 6436 AdobeARMservice - ok

17:36:28.0073 6436 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

17:36:28.0098 6436 adp94xx - ok

17:36:28.0136 6436 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

17:36:28.0155 6436 adpahci - ok

17:36:28.0173 6436 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

17:36:28.0187 6436 adpu320 - ok

17:36:28.0214 6436 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

17:36:28.0341 6436 AeLookupSvc - ok

17:36:28.0607 6436 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

17:36:28.0628 6436 AERTFilters - ok

17:36:28.0701 6436 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

17:36:28.0779 6436 AFD - ok

17:36:28.0801 6436 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

17:36:28.0812 6436 agp440 - ok

17:36:28.0830 6436 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

17:36:28.0869 6436 ALG - ok

17:36:28.0897 6436 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

17:36:28.0908 6436 aliide - ok

17:36:28.0914 6436 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

17:36:28.0925 6436 amdide - ok

17:36:28.0941 6436 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

17:36:28.0994 6436 AmdK8 - ok

17:36:29.0018 6436 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

17:36:29.0056 6436 AmdPPM - ok

17:36:29.0091 6436 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

17:36:29.0103 6436 amdsata - ok

17:36:29.0129 6436 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

17:36:29.0143 6436 amdsbs - ok

17:36:29.0157 6436 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

17:36:29.0168 6436 amdxata - ok

17:36:29.0189 6436 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

17:36:29.0361 6436 AppID - ok

17:36:29.0379 6436 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

17:36:29.0438 6436 AppIDSvc - ok

17:36:29.0462 6436 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

17:36:29.0520 6436 Appinfo - ok

17:36:29.0571 6436 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

17:36:29.0582 6436 arc - ok

17:36:29.0598 6436 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

17:36:29.0610 6436 arcsas - ok

17:36:29.0939 6436 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

17:36:29.0950 6436 aspnet_state - ok

17:36:29.0982 6436 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys

17:36:29.0999 6436 aswFsBlk - ok

17:36:30.0029 6436 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys

17:36:30.0040 6436 aswMonFlt - ok

17:36:30.0056 6436 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys

17:36:30.0066 6436 aswRdr - ok

17:36:30.0103 6436 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys

17:36:30.0137 6436 aswSnx - ok

17:36:30.0160 6436 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys

17:36:30.0177 6436 aswSP - ok

17:36:30.0194 6436 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys

17:36:30.0205 6436 aswTdi - ok

17:36:30.0229 6436 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

17:36:30.0295 6436 AsyncMac - ok

17:36:30.0329 6436 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

17:36:30.0343 6436 atapi - ok

17:36:30.0392 6436 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

17:36:30.0474 6436 AudioEndpointBuilder - ok

17:36:30.0479 6436 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

17:36:30.0513 6436 AudioSrv - ok

17:36:30.0638 6436 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

17:36:30.0649 6436 avast! Antivirus - ok

17:36:30.0691 6436 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

17:36:30.0783 6436 AxInstSV - ok

17:36:30.0824 6436 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

17:36:30.0885 6436 b06bdrv - ok

17:36:30.0930 6436 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

17:36:30.0971 6436 b57nd60a - ok

17:36:31.0019 6436 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

17:36:31.0078 6436 BDESVC - ok

17:36:31.0084 6436 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

17:36:31.0147 6436 Beep - ok

17:36:31.0224 6436 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

17:36:31.0296 6436 BFE - ok

17:36:31.0362 6436 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

17:36:31.0433 6436 BITS - ok

17:36:31.0599 6436 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

17:36:31.0614 6436 blbdrive - ok

17:36:31.0636 6436 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

17:36:31.0656 6436 bowser - ok

17:36:31.0678 6436 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

17:36:31.0716 6436 BrFiltLo - ok

17:36:31.0742 6436 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

17:36:31.0778 6436 BrFiltUp - ok

17:36:31.0830 6436 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

17:36:31.0883 6436 BridgeMP - ok

17:36:31.0935 6436 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

17:36:31.0991 6436 Browser - ok

17:36:32.0042 6436 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

17:36:32.0109 6436 Brserid - ok

17:36:32.0123 6436 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

17:36:32.0166 6436 BrSerWdm - ok

17:36:32.0192 6436 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

17:36:32.0226 6436 BrUsbMdm - ok

17:36:32.0253 6436 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

17:36:32.0291 6436 BrUsbSer - ok

17:36:32.0333 6436 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

17:36:32.0369 6436 BTHMODEM - ok

17:36:32.0408 6436 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

17:36:32.0457 6436 bthserv - ok

17:36:32.0487 6436 catchme - ok

17:36:32.0506 6436 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

17:36:32.0538 6436 cdfs - ok

17:36:32.0572 6436 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

17:36:32.0611 6436 cdrom - ok

17:36:32.0653 6436 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

17:36:32.0711 6436 CertPropSvc - ok

17:36:32.0747 6436 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

17:36:32.0784 6436 circlass - ok

17:36:32.0823 6436 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

17:36:32.0840 6436 CLFS - ok

17:36:32.0984 6436 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

17:36:32.0996 6436 clr_optimization_v2.0.50727_32 - ok

17:36:33.0133 6436 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

17:36:33.0145 6436 clr_optimization_v2.0.50727_64 - ok

17:36:33.0453 6436 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

17:36:33.0465 6436 clr_optimization_v4.0.30319_32 - ok

17:36:33.0761 6436 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

17:36:33.0773 6436 clr_optimization_v4.0.30319_64 - ok

17:36:33.0803 6436 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

17:36:33.0842 6436 CmBatt - ok

17:36:33.0867 6436 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

17:36:33.0878 6436 cmdide - ok

17:36:33.0956 6436 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

17:36:33.0989 6436 CNG - ok

17:36:34.0005 6436 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

17:36:34.0016 6436 Compbatt - ok

17:36:34.0024 6436 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

17:36:34.0064 6436 CompositeBus - ok

17:36:34.0088 6436 COMSysApp - ok

17:36:34.0102 6436 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

17:36:34.0113 6436 crcdisk - ok

17:36:34.0152 6436 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

17:36:34.0205 6436 CryptSvc - ok

17:36:34.0281 6436 CtClsFlt (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\Windows\system32\DRIVERS\CtClsFlt.sys

17:36:34.0342 6436 CtClsFlt - ok

17:36:34.0556 6436 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

17:36:34.0574 6436 cvhsvc - ok

17:36:34.0597 6436 d554gps (f0d19120042e8d1e6707767d2a3bbaa9) C:\Windows\system32\drivers\d554gps64.sys

17:36:34.0608 6436 d554gps - ok

17:36:34.0624 6436 d554scard (a85ac106a96a65fbf5e028535d6e866e) C:\Windows\system32\DRIVERS\d554scard.sys

17:36:34.0634 6436 d554scard - ok

17:36:34.0684 6436 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

17:36:34.0760 6436 DcomLaunch - ok

17:36:34.0813 6436 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

17:36:34.0870 6436 defragsvc - ok

17:36:34.0906 6436 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

17:36:34.0959 6436 DfsC - ok

17:36:35.0000 6436 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

17:36:35.0063 6436 Dhcp - ok

17:36:35.0087 6436 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

17:36:35.0138 6436 discache - ok

17:36:35.0212 6436 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

17:36:35.0224 6436 Disk - ok

17:36:35.0247 6436 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

17:36:35.0311 6436 Dnscache - ok

17:36:35.0332 6436 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

17:36:35.0390 6436 dot3svc - ok

17:36:35.0431 6436 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

17:36:35.0483 6436 DPS - ok

17:36:35.0528 6436 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

17:36:35.0564 6436 drmkaud - ok

17:36:35.0618 6436 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

17:36:35.0634 6436 dtsoftbus01 - ok

17:36:37.0638 6436 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

17:36:37.0710 6436 DXGKrnl - ok

17:36:37.0728 6436 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

17:36:37.0778 6436 EapHost - ok

17:36:37.0911 6436 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

17:36:38.0028 6436 ebdrv - ok

17:36:38.0179 6436 ecnssndis (f88f2e5806fc405b0fa94b7947a5875e) C:\Windows\system32\Drivers\wwuss64.sys

17:36:38.0190 6436 ecnssndis - ok

17:36:38.0194 6436 ecnssndisfltr (c8cd88218efc28f7e44a9892b3e97f4d) C:\Windows\system32\Drivers\wwussf64.sys

17:36:38.0203 6436 ecnssndisfltr - ok

17:36:38.0260 6436 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

17:36:38.0332 6436 EFS - ok

17:36:38.0394 6436 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

17:36:38.0470 6436 ehRecvr - ok

17:36:38.0485 6436 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

17:36:38.0500 6436 ehSched - ok

17:36:38.0533 6436 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

17:36:38.0562 6436 elxstor - ok

17:36:38.0568 6436 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

17:36:38.0603 6436 ErrDev - ok

17:36:38.0652 6436 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

17:36:38.0713 6436 EventSystem - ok

17:36:38.0869 6436 EvtEng (8b6c9924b0d333dbf76086b8258a0891) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

17:36:38.0936 6436 EvtEng - ok

17:36:39.0083 6436 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

17:36:39.0116 6436 exfat - ok

17:36:39.0131 6436 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

17:36:39.0191 6436 fastfat - ok

17:36:39.0274 6436 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

17:36:39.0346 6436 Fax - ok

17:36:39.0363 6436 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

17:36:39.0396 6436 fdc - ok

17:36:39.0442 6436 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

17:36:39.0495 6436 fdPHost - ok

17:36:39.0519 6436 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

17:36:39.0551 6436 FDResPub - ok

17:36:39.0669 6436 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

17:36:39.0699 6436 FileInfo - ok

17:36:39.0711 6436 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

17:36:39.0761 6436 Filetrace - ok

17:36:39.0796 6436 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

17:36:39.0812 6436 flpydisk - ok

17:36:39.0835 6436 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

17:36:39.0850 6436 FltMgr - ok

17:36:39.0916 6436 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

17:36:40.0009 6436 FontCache - ok

17:36:40.0077 6436 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

17:36:40.0088 6436 FontCache3.0.0.0 - ok

17:36:40.0125 6436 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

17:36:40.0136 6436 FsDepends - ok

17:36:40.0191 6436 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

17:36:40.0207 6436 Fs_Rec - ok

17:36:40.0237 6436 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

17:36:40.0257 6436 fvevol - ok

17:36:40.0270 6436 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

17:36:40.0282 6436 gagp30kx - ok

17:36:40.0410 6436 GoToAssist (8f6ae606eb0cc884ee12c41948424422) C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe

17:36:40.0420 6436 GoToAssist - ok

17:36:42.0001 6436 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

17:36:42.0058 6436 gpsvc - ok

17:36:42.0067 6436 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

17:36:42.0118 6436 hcw85cir - ok

17:36:42.0178 6436 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

17:36:42.0214 6436 HDAudBus - ok

17:36:42.0237 6436 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

17:36:42.0274 6436 HidBatt - ok

17:36:42.0306 6436 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

17:36:42.0348 6436 HidBth - ok

17:36:42.0382 6436 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

17:36:42.0397 6436 HidIr - ok

17:36:42.0414 6436 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

17:36:42.0462 6436 hidserv - ok

17:36:42.0551 6436 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

17:36:42.0563 6436 HidUsb - ok

17:36:42.0738 6436 HiPatchService (d61f8e72032bdc43157f2b8aea32b529) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

17:36:42.0761 6436 HiPatchService ( UnsignedFile.Multi.Generic ) - warning

17:36:42.0761 6436 HiPatchService - detected UnsignedFile.Multi.Generic (1)

17:36:42.0794 6436 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

17:36:42.0860 6436 hkmsvc - ok

17:36:42.0891 6436 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

17:36:42.0954 6436 HomeGroupListener - ok

17:36:42.0976 6436 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

17:36:43.0011 6436 HomeGroupProvider - ok

17:36:43.0046 6436 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

17:36:43.0057 6436 HpSAMD - ok

17:36:43.0097 6436 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

17:36:43.0169 6436 HTTP - ok

17:36:43.0201 6436 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

17:36:43.0216 6436 hwpolicy - ok

17:36:43.0250 6436 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

17:36:43.0268 6436 i8042prt - ok

17:36:43.0310 6436 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\drivers\iaStor.sys

17:36:43.0323 6436 iaStor - ok

17:36:43.0357 6436 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

17:36:43.0376 6436 iaStorV - ok

17:36:43.0469 6436 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

17:36:43.0507 6436 idsvc - ok

17:36:44.0008 6436 igfx (795c99dc4f574c97c03d0bb39cf099ee) C:\Windows\system32\DRIVERS\igdkmd64.sys

17:36:44.0349 6436 igfx - ok

17:36:44.0476 6436 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

17:36:44.0487 6436 iirsp - ok

17:36:44.0532 6436 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

17:36:44.0607 6436 IKEEXT - ok

17:36:44.0643 6436 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys

17:36:44.0705 6436 Impcd - ok

17:36:44.0813 6436 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\Windows\system32\drivers\intelaud.sys

17:36:44.0827 6436 intaud_WaveExtensible - ok

17:36:44.0937 6436 IntcAzAudAddService (8fed6428fde53d7f4c105095f22524be) C:\Windows\system32\drivers\RTKVHD64.sys

17:36:45.0021 6436 IntcAzAudAddService - ok

17:36:45.0195 6436 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys

17:36:45.0218 6436 IntcDAud - ok

17:36:45.0239 6436 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

17:36:45.0250 6436 intelide - ok

17:36:45.0267 6436 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

17:36:45.0301 6436 intelppm - ok

17:36:45.0340 6436 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

17:36:45.0392 6436 IPBusEnum - ok

17:36:45.0419 6436 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:36:45.0450 6436 IpFilterDriver - ok

17:36:45.0480 6436 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

17:36:45.0550 6436 iphlpsvc - ok

17:36:45.0581 6436 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

17:36:45.0620 6436 IPMIDRV - ok

17:36:45.0651 6436 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

17:36:45.0687 6436 IPNAT - ok

17:36:45.0708 6436 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

17:36:45.0731 6436 IRENUM - ok

17:36:45.0743 6436 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

17:36:45.0754 6436 isapnp - ok

17:36:45.0773 6436 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

17:36:45.0788 6436 iScsiPrt - ok

17:36:45.0819 6436 iwdbus (716f66336f10885d935b08174dc54242) C:\Windows\system32\DRIVERS\iwdbus.sys

17:36:45.0829 6436 iwdbus - ok

17:36:45.0899 6436 JMCR (e56417c56b6a7316b6f527c890a1860d) C:\Windows\system32\DRIVERS\jmcr.sys

17:36:45.0914 6436 JMCR - ok

17:36:45.0974 6436 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

17:36:45.0986 6436 kbdclass - ok

17:36:45.0999 6436 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

17:36:46.0030 6436 kbdhid - ok

17:36:46.0068 6436 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

17:36:46.0082 6436 KeyIso - ok

17:36:46.0098 6436 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

17:36:46.0109 6436 KSecDD - ok

17:36:46.0123 6436 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

17:36:46.0137 6436 KSecPkg - ok

17:36:46.0159 6436 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

17:36:46.0207 6436 ksthunk - ok

17:36:46.0252 6436 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

17:36:46.0328 6436 KtmRm - ok

17:36:46.0395 6436 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

17:36:46.0451 6436 LanmanServer - ok

17:36:46.0499 6436 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

17:36:46.0552 6436 LanmanWorkstation - ok

17:36:46.0592 6436 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

17:36:46.0646 6436 lltdio - ok

17:36:46.0690 6436 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

17:36:46.0756 6436 lltdsvc - ok

17:36:46.0822 6436 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

17:36:46.0857 6436 lmhosts - ok

17:36:46.0968 6436 LMS (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

17:36:46.0983 6436 LMS - ok

17:36:47.0018 6436 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

17:36:47.0031 6436 LSI_FC - ok

17:36:47.0043 6436 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

17:36:47.0057 6436 LSI_SAS - ok

17:36:47.0071 6436 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

17:36:47.0082 6436 LSI_SAS2 - ok

17:36:47.0099 6436 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

17:36:47.0111 6436 LSI_SCSI - ok

17:36:47.0126 6436 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

17:36:47.0178 6436 luafv - ok

17:36:47.0276 6436 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

17:36:47.0287 6436 MBAMProtector - ok

17:36:47.0370 6436 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

17:36:47.0385 6436 MBAMService - ok

17:36:47.0424 6436 Mbm3CBus (6ed76604a833d403f24c48c360d2e8b1) C:\Windows\system32\DRIVERS\Mbm3CBus.sys

17:36:47.0441 6436 Mbm3CBus - ok

17:36:47.0481 6436 Mbm3DevMt (1c2b0e328c181a481f55b53305ae19d6) C:\Windows\system32\DRIVERS\Mbm3DevMt.sys

17:36:47.0497 6436 Mbm3DevMt - ok

17:36:47.0502 6436 Mbm3mdfl (b1324558985b6c06773655195571f613) C:\Windows\system32\DRIVERS\Mbm3mdfl.sys

17:36:47.0511 6436 Mbm3mdfl - ok

17:36:47.0547 6436 Mbm3Mdm (f3cc1ccbdae0d8f42028cf4c38589714) C:\Windows\system32\DRIVERS\Mbm3Mdm.sys

17:36:47.0564 6436 Mbm3Mdm - ok

17:36:47.0585 6436 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

17:36:47.0607 6436 Mcx2Svc - ok

17:36:47.0624 6436 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

17:36:47.0634 6436 megasas - ok

17:36:47.0650 6436 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

17:36:47.0665 6436 MegaSR - ok

17:36:47.0769 6436 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

17:36:47.0783 6436 MEIx64 - ok

17:36:47.0794 6436 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

17:36:47.0844 6436 MMCSS - ok

17:36:47.0873 6436 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

17:36:47.0928 6436 Modem - ok

17:36:47.0965 6436 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

17:36:48.0033 6436 monitor - ok

17:36:48.0087 6436 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

17:36:48.0098 6436 mouclass - ok

17:36:48.0112 6436 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

17:36:48.0143 6436 mouhid - ok

17:36:48.0179 6436 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

17:36:48.0191 6436 mountmgr - ok

17:36:48.0296 6436 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

17:36:48.0307 6436 MozillaMaintenance - ok

17:36:48.0327 6436 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

17:36:48.0340 6436 mpio - ok

17:36:48.0351 6436 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

17:36:48.0381 6436 mpsdrv - ok

17:36:48.0431 6436 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

17:36:48.0507 6436 MpsSvc - ok

17:36:48.0532 6436 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

17:36:48.0567 6436 MRxDAV - ok

17:36:48.0594 6436 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

17:36:48.0652 6436 mrxsmb - ok

17:36:48.0709 6436 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:36:48.0736 6436 mrxsmb10 - ok

17:36:48.0761 6436 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:36:48.0774 6436 mrxsmb20 - ok

17:36:48.0789 6436 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

17:36:48.0800 6436 msahci - ok

17:36:48.0811 6436 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

17:36:48.0823 6436 msdsm - ok

17:36:48.0850 6436 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

17:36:48.0886 6436 MSDTC - ok

17:36:48.0914 6436 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

17:36:48.0943 6436 Msfs - ok

17:36:48.0966 6436 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

17:36:49.0014 6436 mshidkmdf - ok

17:36:49.0042 6436 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

17:36:49.0056 6436 msisadrv - ok

17:36:49.0075 6436 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

17:36:49.0133 6436 MSiSCSI - ok

17:36:49.0136 6436 msiserver - ok

17:36:49.0184 6436 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

17:36:49.0216 6436 MSKSSRV - ok

17:36:49.0240 6436 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

17:36:49.0297 6436 MSPCLOCK - ok

17:36:49.0343 6436 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

17:36:49.0402 6436 MSPQM - ok

17:36:49.0446 6436 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

17:36:49.0462 6436 MsRPC - ok

17:36:49.0475 6436 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

17:36:49.0486 6436 mssmbios - ok

17:36:49.0494 6436 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

17:36:49.0543 6436 MSTEE - ok

17:36:49.0567 6436 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

17:36:49.0583 6436 MTConfig - ok

17:36:49.0599 6436 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

17:36:49.0610 6436 Mup - ok

17:36:49.0682 6436 MyWiFiDHCPDNS (6ed8935257672f4cd04a88a0f3de093d) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

17:36:49.0700 6436 MyWiFiDHCPDNS - ok

17:36:49.0731 6436 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

17:36:49.0797 6436 napagent - ok

17:36:49.0857 6436 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

17:36:49.0904 6436 NativeWifiP - ok

17:36:49.0986 6436 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files (x86)\Nero\Update\NASvc.exe

17:36:49.0999 6436 NAUpdate - ok

17:36:50.0060 6436 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys

17:36:50.0099 6436 NDIS - ok

17:36:50.0123 6436 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

17:36:50.0177 6436 NdisCap - ok

17:36:50.0213 6436 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

17:36:50.0247 6436 NdisTapi - ok

17:36:50.0261 6436 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

17:36:50.0292 6436 Ndisuio - ok

17:36:50.0310 6436 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

17:36:50.0367 6436 NdisWan - ok

17:36:50.0399 6436 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

17:36:50.0431 6436 NDProxy - ok

17:36:50.0446 6436 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

17:36:50.0494 6436 NetBIOS - ok

17:36:50.0530 6436 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

17:36:50.0563 6436 NetBT - ok

17:36:50.0621 6436 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

17:36:50.0635 6436 Netlogon - ok

17:36:50.0666 6436 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

17:36:50.0721 6436 Netman - ok

17:36:50.0800 6436 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:36:50.0811 6436 NetMsmqActivator - ok

17:36:50.0814 6436 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:36:50.0823 6436 NetPipeActivator - ok

17:36:50.0853 6436 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

17:36:50.0917 6436 netprofm - ok

17:36:50.0921 6436 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:36:50.0930 6436 NetTcpActivator - ok

17:36:50.0932 6436 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:36:50.0941 6436 NetTcpPortSharing - ok

17:36:51.0287 6436 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys

17:36:51.0512 6436 NETwNs64 - ok

17:36:51.0618 6436 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

17:36:51.0629 6436 nfrd960 - ok

17:36:51.0667 6436 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

17:36:51.0722 6436 NlaSvc - ok

17:36:51.0902 6436 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

17:36:52.0008 6436 NOBU - ok

17:36:52.0114 6436 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

17:36:52.0149 6436 Npfs - ok

17:36:52.0170 6436 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

17:36:52.0224 6436 nsi - ok

17:36:52.0247 6436 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

17:36:52.0280 6436 nsiproxy - ok

17:36:52.0346 6436 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

17:36:52.0409 6436 Ntfs - ok

17:36:52.0483 6436 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

17:36:52.0512 6436 Null - ok

17:36:52.0548 6436 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys

17:36:52.0606 6436 nusb3hub - ok

17:36:52.0634 6436 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys

17:36:52.0668 6436 nusb3xhc - ok

17:36:52.0761 6436 nvkflt (63bcd806f51c31159193697f306feb7f) C:\Windows\system32\DRIVERS\nvkflt.sys

17:36:52.0775 6436 nvkflt - ok

17:36:53.0202 6436 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys

17:36:53.0498 6436 nvlddmkm - ok

17:36:53.0589 6436 nvpciflt (682ea9ed3399d6066f0daecf7938727e) C:\Windows\system32\DRIVERS\nvpciflt.sys

17:36:53.0600 6436 nvpciflt - ok

17:36:53.0635 6436 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

17:36:53.0649 6436 nvraid - ok

17:36:53.0668 6436 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

17:36:53.0682 6436 nvstor - ok

17:36:53.0705 6436 NvStUSB (9e01b716c8085f7adb1cdc10103ceef8) C:\Windows\system32\drivers\nvstusb.sys

17:36:53.0718 6436 NvStUSB - ok

17:36:53.0796 6436 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe

17:36:53.0847 6436 nvsvc - ok

17:36:54.0052 6436 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

17:36:54.0112 6436 nvUpdatusService - ok

17:36:54.0214 6436 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

17:36:54.0227 6436 nv_agp - ok

17:36:54.0242 6436 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

17:36:54.0296 6436 ohci1394 - ok

17:36:54.0424 6436 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

17:36:54.0439 6436 ose - ok

17:36:54.0673 6436 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

17:36:54.0829 6436 osppsvc - ok

17:36:54.0944 6436 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

17:36:55.0012 6436 p2pimsvc - ok

17:36:55.0043 6436 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

17:36:55.0066 6436 p2psvc - ok

17:36:55.0105 6436 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

17:36:55.0121 6436 Parport - ok

17:36:55.0170 6436 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

17:36:55.0187 6436 partmgr - ok

17:36:55.0205 6436 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

17:36:55.0269 6436 PcaSvc - ok

17:36:55.0282 6436 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

17:36:55.0297 6436 pci - ok

17:36:55.0308 6436 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

17:36:55.0318 6436 pciide - ok

17:36:55.0339 6436 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

17:36:55.0353 6436 pcmcia - ok

17:36:55.0372 6436 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

17:36:55.0385 6436 pcw - ok

17:36:55.0421 6436 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

17:36:55.0492 6436 PEAUTH - ok

17:36:55.0564 6436 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

17:36:55.0596 6436 PerfHost - ok

17:36:55.0735 6436 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

17:36:55.0809 6436 pla - ok

17:36:55.0973 6436 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

17:36:56.0049 6436 PlugPlay - ok

17:36:56.0060 6436 PnkBstrA - ok

17:36:56.0078 6436 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

17:36:56.0109 6436 PNRPAutoReg - ok

17:36:56.0144 6436 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

17:36:56.0161 6436 PNRPsvc - ok

17:36:56.0195 6436 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

17:36:56.0256 6436 PolicyAgent - ok

17:36:56.0303 6436 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

17:36:56.0364 6436 Power - ok

17:36:56.0439 6436 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

17:36:56.0494 6436 PptpMiniport - ok

17:36:56.0518 6436 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

17:36:56.0555 6436 Processor - ok

17:36:56.0590 6436 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

17:36:56.0648 6436 ProfSvc - ok

17:36:56.0682 6436 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

17:36:56.0695 6436 ProtectedStorage - ok

17:36:56.0733 6436 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

17:36:56.0766 6436 Psched - ok

17:36:56.0807 6436 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys

17:36:56.0818 6436 PxHlpa64 - ok

17:36:56.0868 6436 qicflt (0928bd20273625622722fe1de5bbde57) C:\Windows\system32\DRIVERS\qicflt.sys

17:36:56.0885 6436 qicflt - ok

17:36:56.0956 6436 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

17:36:57.0018 6436 ql2300 - ok

17:36:57.0107 6436 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

17:36:57.0119 6436 ql40xx - ok

17:36:57.0145 6436 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

17:36:57.0167 6436 QWAVE - ok

17:36:57.0179 6436 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

17:36:57.0222 6436 QWAVEdrv - ok

17:36:57.0247 6436 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

17:36:57.0297 6436 RasAcd - ok

17:36:57.0334 6436 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

17:36:57.0365 6436 RasAgileVpn - ok

17:36:57.0377 6436 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

17:36:57.0439 6436 RasAuto - ok

17:36:57.0473 6436 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

17:36:57.0507 6436 Rasl2tp - ok

17:36:57.0542 6436 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

17:36:57.0606 6436 RasMan - ok

17:36:57.0645 6436 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

17:36:57.0699 6436 RasPppoe - ok

17:36:57.0736 6436 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

17:36:57.0790 6436 RasSstp - ok

17:36:57.0821 6436 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

17:36:57.0854 6436 rdbss - ok

17:36:57.0867 6436 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

17:36:57.0927 6436 rdpbus - ok

17:36:57.0947 6436 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

17:36:57.0997 6436 RDPCDD - ok

17:36:58.0033 6436 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

17:36:58.0088 6436 RDPENCDD - ok

17:36:58.0123 6436 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

17:36:58.0152 6436 RDPREFMP - ok

17:36:58.0206 6436 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

17:36:58.0272 6436 RDPWD - ok

17:36:58.0294 6436 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

17:36:58.0308 6436 rdyboost - ok

17:36:58.0405 6436 RegSrvc (189c5a8d2098e0aa14fd157a954b34fc) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

17:36:58.0439 6436 RegSrvc - ok

17:36:58.0455 6436 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

17:36:58.0512 6436 RemoteAccess - ok

17:36:58.0553 6436 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

17:36:58.0605 6436 RemoteRegistry - ok

17:36:58.0736 6436 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe

17:36:58.0772 6436 RoxMediaDB12OEM - ok

17:36:58.0792 6436 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe

17:36:58.0806 6436 RoxWatch12 - ok

17:36:58.0886 6436 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

17:36:58.0943 6436 RpcEptMapper - ok

17:36:58.0978 6436 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

17:36:58.0995 6436 RpcLocator - ok

17:36:59.0027 6436 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

17:36:59.0062 6436 RpcSs - ok

17:36:59.0104 6436 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

17:36:59.0175 6436 rspndr - ok

17:36:59.0266 6436 RTL8167 (ed5873f7dfb2f96d37f13322211b6bdc) C:\Windows\system32\DRIVERS\Rt64win7.sys

17:36:59.0285 6436 RTL8167 - ok

17:36:59.0333 6436 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

17:36:59.0352 6436 SamSs - ok

17:36:59.0365 6436 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

17:36:59.0377 6436 sbp2port - ok

17:36:59.0408 6436 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

17:36:59.0444 6436 SCardSvr - ok

17:36:59.0461 6436 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

17:36:59.0514 6436 scfilter - ok

17:36:59.0572 6436 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

17:36:59.0656 6436 Schedule - ok

17:36:59.0687 6436 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

17:36:59.0718 6436 SCPolicySvc - ok

17:36:59.0795 6436 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys

17:36:59.0829 6436 sdbus - ok

17:36:59.0873 6436 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

17:36:59.0932 6436 SDRSVC - ok

17:36:59.0953 6436 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

17:37:00.0010 6436 secdrv - ok

17:37:00.0031 6436 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

17:37:00.0062 6436 seclogon - ok

17:37:00.0084 6436 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

17:37:00.0141 6436 SENS - ok

17:37:00.0175 6436 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

17:37:00.0244 6436 SensrSvc - ok

17:37:00.0272 6436 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

17:37:00.0307 6436 Serenum - ok

17:37:00.0345 6436 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

17:37:00.0360 6436 Serial - ok

17:37:00.0373 6436 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

17:37:00.0411 6436 sermouse - ok

17:37:00.0449 6436 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

17:37:00.0504 6436 SessionEnv - ok

17:37:00.0532 6436 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

17:37:00.0550 6436 sffdisk - ok

17:37:00.0565 6436 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

17:37:00.0604 6436 sffp_mmc - ok

17:37:00.0631 6436 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys

17:37:00.0672 6436 sffp_sd - ok

17:37:00.0698 6436 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

17:37:00.0735 6436 sfloppy - ok

17:37:00.0830 6436 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys

17:37:00.0862 6436 Sftfs - ok

17:37:00.0951 6436 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

17:37:00.0972 6436 sftlist - ok

17:37:01.0068 6436 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys

17:37:01.0083 6436 Sftplay - ok

17:37:01.0094 6436 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys

17:37:01.0104 6436 Sftredir - ok

17:37:01.0205 6436 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

17:37:01.0263 6436 SftService - ok

17:37:01.0356 6436 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys

17:37:01.0365 6436 Sftvol - ok

17:37:01.0424 6436 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

17:37:01.0438 6436 sftvsa - ok

17:37:01.0469 6436 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

17:37:01.0506 6436 SharedAccess - ok

17:37:01.0560 6436 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

17:37:01.0624 6436 ShellHWDetection - ok

17:37:01.0680 6436 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

17:37:01.0691 6436 SiSRaid2 - ok

17:37:01.0706 6436 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

17:37:01.0718 6436 SiSRaid4 - ok

17:37:01.0768 6436 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe

17:37:01.0779 6436 SkypeUpdate - ok

17:37:01.0804 6436 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

17:37:01.0858 6436 Smb - ok

17:37:01.0898 6436 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

17:37:01.0937 6436 SNMPTRAP - ok

17:37:01.0966 6436 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

17:37:01.0977 6436 spldr - ok

17:37:02.0008 6436 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

17:37:02.0058 6436 Spooler - ok

17:37:02.0190 6436 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

17:37:02.0311 6436 sppsvc - ok

17:37:02.0391 6436 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

17:37:02.0424 6436 sppuinotify - ok

17:37:02.0463 6436 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

17:37:02.0527 6436 srv - ok

17:37:02.0553 6436 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

17:37:02.0594 6436 srv2 - ok

17:37:02.0628 6436 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

17:37:02.0643 6436 srvnet - ok

17:37:02.0680 6436 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

17:37:02.0735 6436 SSDPSRV - ok

17:37:02.0760 6436 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

17:37:02.0795 6436 SstpSvc - ok

17:37:02.0819 6436 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys

17:37:02.0829 6436 stdcfltn - ok

17:37:02.0882 6436 Steam Client Service - ok

17:37:02.0910 6436 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

17:37:02.0921 6436 stexstor - ok

17:37:02.0965 6436 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

17:37:03.0001 6436 stisvc - ok

17:37:03.0033 6436 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

17:37:03.0044 6436 stllssvr - ok

17:37:03.0058 6436 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

17:37:03.0069 6436 swenum - ok

17:37:03.0108 6436 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

17:37:03.0175 6436 swprv - ok

17:37:03.0268 6436 SynTP (b0c7d4dcf4800df2f2145b500d0161e8) C:\Windows\system32\DRIVERS\SynTP.sys

17:37:03.0313 6436 SynTP - ok

17:37:03.0449 6436 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

17:37:03.0524 6436 SysMain - ok

17:37:03.0595 6436 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

17:37:03.0615 6436 TabletInputService - ok

17:37:03.0995 6436 TabletServicePen (c4c20cfa4f42e9b7454e895c5c47bcd3) C:\Program Files\Tablet\Pen\Pen_Tablet.exe

17:37:04.0160 6436 TabletServicePen - ok

17:37:04.0246 6436 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

17:37:04.0303 6436 TapiSrv - ok

17:37:04.0330 6436 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

17:37:04.0366 6436 TBS - ok

17:37:04.0494 6436 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

17:37:04.0557 6436 Tcpip - ok

17:37:04.0705 6436 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

17:37:04.0737 6436 TCPIP6 - ok

17:37:04.0789 6436 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

17:37:04.0839 6436 tcpipreg - ok

17:37:04.0865 6436 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

17:37:04.0891 6436 TDPIPE - ok

17:37:04.0933 6436 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

17:37:04.0968 6436 TDTCP - ok

17:37:05.0002 6436 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

17:37:05.0032 6436 tdx - ok

17:37:05.0058 6436 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys

17:37:05.0070 6436 TermDD - ok

17:37:05.0110 6436 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

17:37:05.0185 6436 TermService - ok

17:37:05.0211 6436 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

17:37:05.0233 6436 Themes - ok

17:37:05.0253 6436 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

17:37:05.0285 6436 THREADORDER - ok

17:37:05.0373 6436 TouchServicePen (7625dcf246e488e523dc1f64c38abda2) C:\Program Files\Tablet\Pen\Pen_TouchService.exe

17:37:05.0398 6436 TouchServicePen - ok

17:37:05.0423 6436 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

17:37:05.0480 6436 TrkWks - ok

17:37:05.0530 6436 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

17:37:05.0587 6436 TrustedInstaller - ok

17:37:05.0638 6436 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

17:37:05.0688 6436 tssecsrv - ok

17:37:05.0727 6436 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

17:37:05.0751 6436 TsUsbFlt - ok

17:37:05.0761 6436 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

17:37:05.0774 6436 TsUsbGD - ok

17:37:05.0796 6436 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

17:37:05.0848 6436 tunnel - ok

17:37:05.0889 6436 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys

17:37:05.0900 6436 TurboB - ok

17:37:05.0938 6436 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe

17:37:05.0950 6436 TurboBoost - ok

17:37:05.0970 6436 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

17:37:05.0981 6436 uagp35 - ok

17:37:06.0007 6436 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

17:37:06.0065 6436 udfs - ok

17:37:06.0098 6436 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

17:37:06.0113 6436 UI0Detect - ok

17:37:06.0127 6436 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

17:37:06.0138 6436 uliagpkx - ok

17:37:06.0147 6436 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

17:37:06.0205 6436 umbus - ok

17:37:06.0218 6436 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

17:37:06.0251 6436 UmPass - ok

17:37:06.0415 6436 UNS (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

17:37:06.0487 6436 UNS - ok

17:37:06.0591 6436 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

17:37:06.0645 6436 upnphost - ok

17:37:06.0722 6436 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys

17:37:06.0780 6436 usbccgp - ok

17:37:06.0808 6436 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

17:37:06.0828 6436 usbcir - ok

17:37:06.0843 6436 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

17:37:06.0877 6436 usbehci - ok

17:37:06.0920 6436 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

17:37:06.0961 6436 usbhub - ok

17:37:06.0984 6436 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

17:37:07.0016 6436 usbohci - ok

17:37:07.0083 6436 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

17:37:07.0118 6436 usbprint - ok

17:37:07.0153 6436 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

17:37:07.0168 6436 usbscan - ok

17:37:07.0184 6436 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:37:07.0205 6436 USBSTOR - ok

17:37:07.0218 6436 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

17:37:07.0248 6436 usbuhci - ok

17:37:07.0325 6436 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

17:37:07.0347 6436 usbvideo - ok

17:37:07.0369 6436 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

17:37:07.0423 6436 UxSms - ok

17:37:07.0461 6436 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

17:37:07.0478 6436 VaultSvc - ok

17:37:07.0490 6436 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

17:37:07.0501 6436 vdrvroot - ok

17:37:07.0540 6436 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

17:37:07.0592 6436 vds - ok

17:37:07.0608 6436 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

17:37:07.0624 6436 vga - ok

17:37:07.0634 6436 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

17:37:07.0683 6436 VgaSave - ok

17:37:07.0713 6436 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

17:37:07.0727 6436 vhdmp - ok

17:37:07.0741 6436 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

17:37:07.0752 6436 viaide - ok

17:37:07.0769 6436 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

17:37:07.0781 6436 volmgr - ok

17:37:07.0807 6436 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

17:37:07.0824 6436 volmgrx - ok

17:37:07.0878 6436 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

17:37:07.0894 6436 volsnap - ok

17:37:07.0911 6436 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

17:37:07.0924 6436 vsmraid - ok

17:37:08.0000 6436 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

17:37:08.0093 6436 VSS - ok

17:37:08.0225 6436 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

17:37:08.0268 6436 vwifibus - ok

17:37:08.0304 6436 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

17:37:08.0341 6436 vwififlt - ok

17:37:08.0373 6436 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

17:37:08.0389 6436 vwifimp - ok

17:37:08.0429 6436 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

17:37:08.0466 6436 W32Time - ok

17:37:08.0482 6436 wacmoumonitor (fe75777289278a4941fe6139e82b3bd9) C:\Windows\system32\DRIVERS\wacmoumonitor.sys

17:37:08.0506 6436 wacmoumonitor - ok

17:37:08.0529 6436 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys

17:37:08.0538 6436 wacommousefilter - ok

17:37:08.0554 6436 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

17:37:08.0587 6436 WacomPen - ok

17:37:08.0621 6436 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys

17:37:08.0631 6436 wacomvhid - ok

17:37:08.0658 6436 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

17:37:08.0711 6436 WANARP - ok

17:37:08.0714 6436 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

17:37:08.0743 6436 Wanarpv6 - ok

17:37:08.0881 6436 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

17:37:08.0929 6436 WatAdminSvc - ok

17:37:08.0998 6436 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

17:37:09.0099 6436 wbengine - ok

17:37:09.0183 6436 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

17:37:09.0205 6436 WbioSrvc - ok

17:37:09.0225 6436 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

17:37:09.0269 6436 wcncsvc - ok

17:37:09.0293 6436 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

17:37:09.0316 6436 WcsPlugInService - ok

17:37:09.0340 6436 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

17:37:09.0352 6436 Wd - ok

17:37:09.0391 6436 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

17:37:09.0413 6436 Wdf01000 - ok

17:37:09.0429 6436 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

17:37:09.0528 6436 WdiServiceHost - ok

17:37:09.0531 6436 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

17:37:09.0549 6436 WdiSystemHost - ok

17:37:09.0573 6436 wdkmd (63ce387483e74a0bd79ee4e5eba1fd2e) C:\Windows\system32\DRIVERS\WDKMD.sys

17:37:09.0585 6436 wdkmd - ok

17:37:09.0605 6436 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

17:37:09.0657 6436 WebClient - ok

17:37:09.0690 6436 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

17:37:09.0732 6436 Wecsvc - ok

17:37:09.0750 6436 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

17:37:09.0785 6436 wercplsupport - ok

17:37:09.0799 6436 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

17:37:09.0852 6436 WerSvc - ok

17:37:09.0891 6436 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

17:37:09.0923 6436 WfpLwf - ok

17:37:09.0961 6436 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys

17:37:09.0979 6436 WimFltr - ok

17:37:09.0993 6436 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

17:37:10.0004 6436 WIMMount - ok

17:37:10.0039 6436 WinDefend - ok

17:37:10.0045 6436 WinHttpAutoProxySvc - ok

17:37:10.0103 6436 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

17:37:10.0141 6436 Winmgmt - ok

17:37:10.0235 6436 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

17:37:10.0316 6436 WinRM - ok

17:37:10.0428 6436 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

17:37:10.0487 6436 Wlansvc - ok

17:37:10.0560 6436 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

17:37:10.0571 6436 wlcrasvc - ok

17:37:10.0745 6436 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

17:37:10.0832 6436 wlidsvc - ok

17:37:10.0897 6436 WMCoreService - ok

17:37:10.0997 6436 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

17:37:11.0029 6436 WmiAcpi - ok

17:37:11.0086 6436 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

17:37:11.0125 6436 wmiApSrv - ok

17:37:11.0161 6436 WMPNetworkSvc - ok

17:37:11.0185 6436 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

17:37:11.0207 6436 WPCSvc - ok

17:37:11.0218 6436 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

17:37:11.0235 6436 WPDBusEnum - ok

17:37:11.0259 6436 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

17:37:11.0296 6436 ws2ifsl - ok

17:37:11.0311 6436 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

17:37:11.0352 6436 wscsvc - ok

17:37:11.0355 6436 WSearch - ok

17:37:11.0473 6436 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

17:37:11.0588 6436 wuauserv - ok

17:37:11.0696 6436 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

17:37:11.0750 6436 WudfPf - ok

17:37:11.0797 6436 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

17:37:11.0852 6436 WUDFRd - ok

17:37:11.0889 6436 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

17:37:11.0925 6436 wudfsvc - ok

17:37:12.0046 6436 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

17:37:12.0093 6436 WwanSvc - ok

17:37:12.0148 6436 WwanUsbServ (ea6bb634641479986065024ac38a8c1c) C:\Windows\system32\DRIVERS\WwanUsbMp64.sys

17:37:12.0164 6436 WwanUsbServ - ok

17:37:12.0229 6436 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys

17:37:12.0249 6436 xusb21 - ok

17:37:12.0279 6436 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

17:37:12.0415 6436 \Device\Harddisk0\DR0 - ok

17:37:12.0418 6436 Boot (0x1200) (5469d5c151925f6f312b7c8accba5227) \Device\Harddisk0\DR0\Partition0

17:37:12.0420 6436 \Device\Harddisk0\DR0\Partition0 - ok

17:37:12.0449 6436 Boot (0x1200) (ccc1cb2ec1171a2e004abb29a7cb93c2) \Device\Harddisk0\DR0\Partition1

17:37:12.0452 6436 \Device\Harddisk0\DR0\Partition1 - ok

17:37:12.0453 6436 ============================================================

17:37:12.0453 6436 Scan finished

17:37:12.0453 6436 ============================================================

17:37:12.0461 6816 Detected object count: 1

17:37:12.0461 6816 Actual detected object count: 1

17:37:59.0797 6816 HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user

17:37:59.0797 6816 HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:38:08.0352 2992 Deinitialize success

The only thing found was a hi-rez program which is a program for a game I play, and is safe, so I skipped it. It was the same object detected in my previous scans.

Link to post
Share on other sites

No attacks reported thus far and as always every scan is coming back clean. Hopefully the Chinese IPs will stop trying to hack me now. Could you tell me what exactly we've fixed here, though, because I don't remember deleting any major virus files or fixing svchost or anything like that? Thankyou.

Link to post
Share on other sites

Understand that you can't stop incoming.

You can't stop someone from knocking at your front door....you choose not to open it.

You can stop someone from leaving though.

All we can do is clean up the system and make sure there's no malware on it.

MB is doing it's job.

I have my alerts turned off, I get these messages to...and my system is clean as a it can be.

-----------------------------------------

ComboFix found this:

C:\Install.exe

c:\program files (x86)\INSTALL.LOG

c:\programdata\Roaming

c:\users\Tom\AppData\Local\.#

c:\users\Tom\AppData\Roaming\Kowuur

c:\users\Tom\AppData\Roaming\Kowuur\ycovo.ehu

We got rid of this with OTL along with 747.00 mb of temp files:

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}"

IE - HKU\S-1-5-21-4234593452-1771345588-371266355-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3072253

FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"

O2 - BHO: (CorePluginIEBHO Class) - {13FA2453-9287-4F18-8554-976D7C02F4EE} - C:\Perfect World Entertainment\CORE Client\plugins\CorePluginIE.dll (Perfect World Entertainment Inc)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)

[2012/05/07 23:03:26 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Ygyhm

[2012/05/07 23:03:26 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Oruki

[2012/05/07 03:31:06 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\uTorrent

[2012/05/07 03:31:56 | 000,000,969 | ---- | C] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk

[2012/05/10 01:06:12 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\uTorrent

[2012/04/18 00:39:24 | 000,000,935 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\c0owf9iu.default\searchplugins\conduit.xml

MrC

Link to post
Share on other sites

I just got another attack message from an IP in russia, again trying to get in to svchost.exe.

So this is completely normal? I have never experienced this kind of thing before. Is it normal that the exact same IP tried to get into svchost.exe for several days running, at least twice a day? Thankyou.

Link to post
Share on other sites

Also, if that is truly the case, does this mean that when I did not have malwarebytes running (before I installed it) and I was not browsing, I was getting these IPs trying to get into svchost all the time? Because a lot of the attacks happen when I am not browsing, but I am connected to the internet. I did not know that I could be attacked when I was not browsing and had no malware.

Link to post
Share on other sites

No you just were never aware of them, the IP module is a good thing but causes us so much extra work when people see the notifications.

Your firewall will stop any apps or programs from accessing the internet without your OK.

Are you using a router?? MrC

Link to post
Share on other sites

Yup I'm using a router. My laptop is connected to the router via ethernet and then the router to an ethernet cable in the wall provided by my university accommodation. So, going on what you're saying about the IP module, does that mean even if I didn't have Malwarebytes and I only used Avast! and Windows Firewall, the offensive IPs would still be blocked?? So this is totally normal and nothing is wrong with my system? I am not going to get rid of Malwarebytes of course but I never used it in the past and I'd like to know if my PC was blocking those connections anyway even though I didn't have Malwarebytes telling me it was doing so. Many thanks!

Link to post
Share on other sites

Yup I'm using a router

That's good, that acts like a firewall also.

So, going on what you're saying about the IP module, does that mean even if I didn't have Malwarebytes and I only used Avast! and Windows Firewall, the offensive IPs would still be blocked??

I'm really not sure on all of this and how it works......I just volunteer my time here to help people rid there computers of malware, you'll have to ask in this part of the forum. They'll be better able to answer your questions.

http://forums.malwar...hp?showforum=41

So this is totally normal and nothing is wrong with my system?

I don't see any malware on the system, there's a couple of more scans we could run if you want.

Don't do it now...but (lets see if you get any less ip blocks.)

I also suggest you install Blocking Unwanted Parasites with a Hosts File "MVPS HOSTS".

MrC

Link to post
Share on other sites

Just run this one:

Download aswMBR to your desktop.

http://public.avast....erek/aswMBR.exe

Double click the aswMBR.exe to run it.

If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".

Click the "Scan" button to start scan.

On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

MrC

Link to post
Share on other sites

Okay, heres the log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-05-12 23:53:46

-----------------------------

23:53:46.467 OS Version: Windows x64 6.1.7601 Service Pack 1

23:53:46.467 Number of processors: 4 586 0x2A07

23:53:46.468 ComputerName: TOM-PC UserName: Tom

23:53:47.837 Initialize success

23:53:48.587 AVAST engine defs: 12051200

23:54:33.757 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

23:54:33.760 Disk 0 Vendor: ST950042 0001 Size: 476940MB BusType: 3

23:54:33.783 Disk 0 MBR read successfully

23:54:33.785 Disk 0 MBR scan

23:54:33.787 Disk 0 Windows 7 default MBR code

23:54:33.790 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63

23:54:33.801 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 20000 MB offset 212992

23:54:33.813 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 456835 MB offset 41172992

23:54:33.826 Disk 0 scanning C:\Windows\system32\drivers

23:54:49.568 Service scanning

23:55:10.099 Modules scanning

23:55:10.099 Disk 0 trace - called modules:

23:55:10.157 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys

23:55:10.158 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065b2060]

23:55:10.158 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8006454b30]

23:55:10.160 5 stdcfltn.sys[fffff88001b13c52] -> nt!IofCallDriver -> [0xfffffa8004aaf950]

23:55:10.160 7 ACPI.sys[fffff88000f707a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004ab3050]

23:55:11.267 AVAST engine scan C:\Windows

23:55:13.762 AVAST engine scan C:\Windows\system32

23:58:01.063 AVAST engine scan C:\Windows\system32\drivers

23:58:11.762 AVAST engine scan C:\Users\Tom

00:07:46.069 AVAST engine scan C:\ProgramData

00:11:51.979 Scan finished successfully

00:26:06.311 Disk 0 MBR has been saved successfully to "C:\Users\Tom\Desktop\MBR.dat"

00:26:06.320 The log file has been saved successfully to "C:\Users\Tom\Desktop\aswMBR.txt"

What should I do with the .dat file?? I don't want it just sat on my desktop

Link to post
Share on other sites

You're clean, you can just delete that dat file.

A little clean up to do............

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

-----------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.