Jump to content
longbeachlouise

another mydomainadvisor

Recommended Posts

Results of screen317's Security Check version 0.99.43

Windows Vista Service Pack 2 x86 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.62.0.1300

CCleaner

JavaFX 2.1.1

Java 7 Update 5

Adobe Reader 8 Adobe Reader out of Date!

Adobe Reader X (10.1.3)

Mozilla Firefox (14.0.1)

Google Chrome 20.0.1132.57

Google Chrome 21.0.1180.60

Google Chrome VisualElementsManifest.xml..

````````Process Check: objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 68 % Defragment your hard drive soon!

````````````````````End of Log``````````````````````

Share this post


Link to post
Share on other sites

Scary takeover of Chrome!

Looks like I'm not out of the woods! Chrome looks buggy to me. I downloaded it, but never used it . . . Usually, I open a blank screen. But I wanted to test my site and some text got converted to an ad link. May I uninstall Chrome?

Screenshot 1: Instead of a blank screen, the browser shows a search page.

Screenshot 2: Then I typed my site, TabletHybrid.com, and the orange link on the left was created from text.

Screenshot 3: The link took me to the 3rd screenshot, attached.

post-96106-0-36150800-1344662610.jpg

post-96106-0-16734200-1344662639.jpg

post-96106-0-84303600-1344662811.jpg

Share this post


Link to post
Share on other sites

While running a full Malwarebytes scan, I got a message like this, attached, in the system tray, saying, "To help protect your computer, Data Execution Prevention has closed Internet Explorer. Click to learn more."

But Internet Explorer never closed! You can see from the open windows in the bottom bar.

post-96106-0-62544200-1344688472.jpg

Share this post


Link to post
Share on other sites

Here is where the link showed up on the innocent text on my site on Chrome, view attached - in case you missed it!

Plus, I have a question. May I delete stuff before I run a defrag? There are games and things that came with this laptop that I don't use, plus financial software my Dad put on that takes alot of space! It would be good to delete it before running a defrag, right?

post-96106-0-31157100-1344688908.jpg

Share this post


Link to post
Share on other sites

Look! A site wasn't able to open from clicking Google search results. So, the message in the system tray must have applied to the site, veiw attached.

Sorry, I didn't see it until closing IE.

post-96106-0-22806900-1344690322.jpg

Share this post


Link to post
Share on other sites

Okay, I figured it out: It must be, when I downloaded Chrome, my brother made me import the bookmarks and other things from IE. I must have imported the bug - is that possible? And I haven't used it before now, so I didn't know.

Share this post


Link to post
Share on other sites

Malwarebytes Moderators, my info is like a gift to you, because the issue with Chrome wasn't picked up by a full Malwarebytes scan run 08-11-2012

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.06.13

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Carol :: BILL [administrator]

8/11/2012 8:08:23 AM

mbam-log-2012-08-11 (08-08-23).txt

Scan type: Full scan (C:\|D:\|E:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 348667

Time elapsed: 5 hour(s), 28 minute(s), 57 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

Hi, Okay.

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.16.04

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Carol :: BILL [administrator]

8/16/2012 1:37:47 AM

mbam-log-2012-08-16 (01-37-47).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 191853

Time elapsed: 5 minute(s), 34 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

The Quick Scan took only five minutes. Is it because I still have add-ons disabled for IE?

DDS results:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by Carol at 1:44:31 on 2012-08-16

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3262.1627 [GMT -4:00]

.

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\astsrv.exe

C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe

c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\WinTV\WinTV7\WinTVTray.exe

C:\Windows\System32\Macromed\Shockwave 10\SwHelper_1020023.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\notepad.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

uRun: [TClockEx] c:\program files\tclockex\TCLOCKEX.EXE

uRunOnce: [shockwave Updater] "c:\windows\system32\macromed\shockwave 10\SwHelper_1020023.exe" -Update -1020023 -iexplore.exe9.0

mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"

mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctNzgyNDkzMzAzLVhPMTArMi1RSVgxKzQtRjEwTTEwRCsxLVgyMDEwKzItRkwxMCsxLUNJUCsyLUREVCs1MDYyNi1ERDEwRisxLVNUMTBGQVBQKzEtTDEwTSsxLUYxME0xMkFOKzIyLUYxME0xMkErMS1GMTBNMTJBQisxLVUxMCsxLVNUMTJGT0krMS1GMTBNMTJBVSsxLUVVTEErMS1TVDEyRkFQUCsxLVNURjEwTTEyQVVGKzE"&"prod=90"&"ver=2012.0.1831"&"mid=2f5e155032c547d6a51ed1572eb0a5f4-67a770033ab46c38be4f16cb6e0539da3b11bf91

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autostart ir.lnk - c:\program files\wintv\Ir.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wintv recording status..lnk - c:\program files\wintv\wintv7\WinTVTray.exe

uPolicies-explorer: NoInstrumentation = 1

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {58ECB495-38F0-49cb-A538-10282ABF65E7}

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://chill.comcast.net/Gameshell/GameHost/1.0/OberonGameHost.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{5BDA6017-34CF-4407-A303-0315F31DBA14} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{AFF8AD68-D2A5-4A7C-BBF2-ED461B9A885C} : DhcpNameServer = 192.168.1.1

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\carol\appdata\roaming\mozilla\firefox\profiles\n1e4bns6.default\

FF - prefs.js: browser.search.selectedEngine - Blekko

FF - prefs.js: browser.startup.homepage - about:blank

FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=E2D73851095728C817E9D84FDFD98339&q=

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrl.1.0.20926.0.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\users\carol\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-4 63928]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 HauppaugeTVServer;HauppaugeTVServer;c:\program files\wintv\tvserver\HauppaugeTVServer.exe [2011-12-16 562176]

R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-4-16 173352]

R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-11-3 2358656]

R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2011-11-29 2916736]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-8-16 40776]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-19 22344]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-7 113120]

S3 MxL111SF_AVS_USB;Hauppauge WinTV-Aero-M;c:\windows\system32\drivers\hcwC6bda.sys [2011-12-16 85248]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-19 655944]

.

=============== Created Last 30 ================

.

2012-08-16 05:37:22 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-08-03 19:48:00 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-03 18:31:28 -------- d-----w- c:\program files\Oracle

2012-07-27 21:47:18 -------- d-----w- c:\program files\ESET

2012-07-20 07:30:52 -------- d-sh--w- C:\$RECYCLE.BIN

2012-07-20 07:30:49 -------- d-----w- c:\users\carol\appdata\local\temp

2012-07-20 06:09:09 518144 ----a-w- c:\windows\SWREG.exe

2012-07-20 06:09:09 256000 ----a-w- c:\windows\PEV.exe

2012-07-20 06:09:09 208896 ----a-w- c:\windows\MBR.exe

2012-07-20 06:09:08 98816 ----a-w- c:\windows\sed.exe

.

==================== Find3M ====================

.

2012-08-03 19:48:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-06 02:06:30 772544 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-07-06 02:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll

2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 1:45:40.02 ===============

Attach2.zip

Share this post


Link to post
Share on other sites

Hi,

No, the Quick Scan is just generally fast. :)

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingc...to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Share this post


Link to post
Share on other sites

Here is the TDSKiller

01:31:43.0650 5360 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012

17:24:05

01:31:44.0212 5360

============================================================

01:31:44.0212 5360 Current date / time: 2012/08/19 01:31:44.0212

01:31:44.0212 5360 SystemInfo:

01:31:44.0212 5360

01:31:44.0212 5360 OS Version: 6.0.6002 ServicePack: 2.0

01:31:44.0212 5360 Product type: Workstation

01:31:44.0212 5360 ComputerName: BILL

01:31:44.0212 5360 UserName: Carol

01:31:44.0212 5360 Windows directory: C:\Windows

01:31:44.0212 5360 System windows directory: C:\Windows

01:31:44.0212 5360 Processor architecture: Intel x86

01:31:44.0212 5360 Number of processors: 2

01:31:44.0212 5360 Page size: 0x1000

01:31:44.0212 5360 Boot type: Normal boot

01:31:44.0212 5360

============================================================

01:31:48.0439 5360 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000

(111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack:

0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

01:31:48.0502 5360

============================================================

01:31:48.0502 5360 \Device\Harddisk0\DR0:

01:31:48.0502 5360 MBR partitions:

01:31:48.0502 5360 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7,

StartLBA 0x3F, BlocksNum 0xC944DD2

01:31:48.0502 5360 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7,

StartLBA 0xC944E11, BlocksNum 0x164E9B0

01:31:48.0502 5360

============================================================

01:31:48.0533 5360 C: <-> \Device\Harddisk0\DR0\Partition1

01:31:48.0627 5360 D: <-> \Device\Harddisk0\DR0\Partition2

01:31:48.0673 5360

============================================================

01:31:48.0705 5360 Initialize success

01:31:48.0705 5360

============================================================

01:32:08.0704 5832

============================================================

01:32:08.0704 5832 Scan started

01:32:08.0704 5832 Mode: Manual;

01:32:08.0704 5832

============================================================

01:32:54.0833 5832 ================ Scan services

=============================

01:32:55.0847 5832 [ 82b296ae1892fe3dbee00c9cf92f8ac7 ] ACPI

C:\Windows\system32\drivers\acpi.sys

01:32:55.0909 5832 ACPI - ok

01:32:56.0487 5832 [ 62b7936f9036dd6ed36e6a7efa805dc0 ] AdobeARMservice

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

01:32:56.0487 5832 AdobeARMservice - ok

01:32:56.0705 5832 [ 04f0fcac69c7c71a3ac4eb97fafc8303 ] adp94xx

C:\Windows\system32\drivers\adp94xx.sys

01:32:57.0048 5832 adp94xx - ok

01:32:57.0142 5832 [ 60505e0041f7751bdbb80f88bf45c2ce ] adpahci

C:\Windows\system32\drivers\adpahci.sys

01:32:57.0345 5832 adpahci - ok

01:32:57.0407 5832 [ 8a42779b02aec986eab64ecfc98f8bd7 ] adpu160m

C:\Windows\system32\drivers\adpu160m.sys

01:32:57.0438 5832 adpu160m - ok

01:32:57.0501 5832 [ 241c9e37f8ce45ef51c3de27515ca4e5 ] adpu320

C:\Windows\system32\drivers\adpu320.sys

01:32:57.0563 5832 adpu320 - ok

01:32:57.0688 5832 [ 9d1fda9e086ba64e3c93c9de32461bcf ] AeLookupSvc

C:\Windows\System32\aelupsvc.dll

01:32:57.0719 5832 AeLookupSvc - ok

01:32:58.0031 5832 [ 3911b972b55fea0478476b2e777b29fa ] AFD

C:\Windows\system32\drivers\afd.sys

01:32:58.0171 5832 AFD - ok

01:32:58.0530 5832 [ 13f9e33747e6b41a3ff305c37db0d360 ] agp440

C:\Windows\system32\drivers\agp440.sys

01:32:58.0593 5832 agp440 - ok

01:32:58.0733 5832 [ ae1fdf7bf7bb6c6a70f67699d880592a ] aic78xx

C:\Windows\system32\drivers\djsvs.sys

01:32:58.0811 5832 aic78xx - ok

01:32:58.0920 5832 [ a1545b731579895d8cc44fc0481c1192 ] ALG

C:\Windows\System32\alg.exe

01:32:58.0983 5832 ALG - ok

01:32:59.0029 5832 [ 9eaef5fc9b8e351afa7e78a6fae91f91 ] aliide

C:\Windows\system32\drivers\aliide.sys

01:32:59.0092 5832 aliide - ok

01:32:59.0435 5832 [ c47344bc706e5f0b9dce369516661578 ] amdagp

C:\Windows\system32\drivers\amdagp.sys

01:32:59.0451 5832 amdagp - ok

01:32:59.0466 5832 [ 9b78a39a4c173fdbc1321e0dd659b34c ] amdide

C:\Windows\system32\drivers\amdide.sys

01:32:59.0482 5832 amdide - ok

01:32:59.0529 5832 [ 18f29b49ad23ecee3d2a826c725c8d48 ] AmdK7

C:\Windows\system32\drivers\amdk7.sys

01:32:59.0544 5832 AmdK7 - ok

01:32:59.0560 5832 [ 93ae7f7dd54ab986a6f1a1b37be7442d ] AmdK8

C:\Windows\system32\DRIVERS\amdk8.sys

01:32:59.0575 5832 AmdK8 - ok

01:32:59.0653 5832 [ c6d704c7f0434dc791aac37cac4b6e14 ] Appinfo

C:\Windows\System32\appinfo.dll

01:32:59.0669 5832 Appinfo - ok

01:32:59.0887 5832 [ 5d2888182fb46632511acee92fdad522 ] arc

C:\Windows\system32\drivers\arc.sys

01:32:59.0903 5832 arc - ok

01:32:59.0950 5832 [ 5e2a321bd7c8b3624e41fdec3e244945 ] arcsas

C:\Windows\system32\drivers\arcsas.sys

01:32:59.0965 5832 arcsas - ok

01:33:00.0090 5832 [ 0c83fc56707bf68db04947052a8188b1 ] astcc

C:\Windows\system32\astsrv.exe

01:33:00.0090 5832 astcc - ok

01:33:00.0184 5832 [ 53b202abee6455406254444303e87be1 ] AsyncMac

C:\Windows\system32\DRIVERS\asyncmac.sys

01:33:00.0184 5832 AsyncMac - ok

01:33:00.0340 5832 [ 1f05b78ab91c9075565a9d8a4b880bc4 ] atapi

C:\Windows\system32\drivers\atapi.sys

01:33:00.0340 5832 atapi - ok

01:33:00.0418 5832 [ 0437199c88f6e88a387cfec8a8886a6e ] athr

C:\Windows\system32\DRIVERS\athr.sys

01:33:00.0480 5832 athr - ok

01:33:00.0543 5832 [ 68e2a1a0407a66cf50da0300852424ab ]

AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

01:33:00.0558 5832 AudioEndpointBuilder - ok

01:33:00.0574 5832 [ 68e2a1a0407a66cf50da0300852424ab ] Audiosrv

C:\Windows\System32\Audiosrv.dll

01:33:00.0589 5832 Audiosrv - ok

01:33:00.0730 5832 [ cf6a67c90951e3e763d2135dede44b85 ] BCM43XV

C:\Windows\system32\DRIVERS\bcmwl6.sys

01:33:00.0745 5832 BCM43XV - ok

01:33:00.0901 5832 [ 67e506b75bd5326a3ec7b70bd014dfb6 ] Beep

C:\Windows\system32\drivers\Beep.sys

01:33:00.0901 5832 Beep - ok

01:33:01.0057 5832 [ c789af0f724fda5852fb9a7d3a432381 ] BFE

C:\Windows\System32\bfe.dll

01:33:01.0120 5832 BFE - ok

01:33:01.0354 5832 [ 93952506c6d67330367f7e7934b6a02f ] BITS

C:\Windows\system32\qmgr.dll

01:33:01.0447 5832 BITS - ok

01:33:01.0463 5832 [ d4df28447741fd3d953526e33a617397 ] blbdrive

C:\Windows\system32\drivers\blbdrive.sys

01:33:01.0463 5832 blbdrive - ok

01:33:01.0557 5832 [ 35f376253f687bde63976ccb3f2108ca ] bowser

C:\Windows\system32\DRIVERS\bowser.sys

01:33:01.0650 5832 bowser - ok

01:33:02.0352 5832 [ 9f9acc7f7ccde8a15c282d3f88b43309 ] BrFiltLo

C:\Windows\system32\drivers\brfiltlo.sys

01:33:02.0446 5832 BrFiltLo - ok

01:33:02.0586 5832 [ 56801ad62213a41f6497f96dee83755a ] BrFiltUp

C:\Windows\system32\drivers\brfiltup.sys

01:33:02.0586 5832 BrFiltUp - ok

01:33:02.0773 5832 [ a3629a0c4226f9e9c72faaeebc3ad33c ] Browser

C:\Windows\System32\browser.dll

01:33:02.0789 5832 Browser - ok

01:33:02.0945 5832 [ b304e75cff293029eddf094246747113 ] Brserid

C:\Windows\system32\drivers\brserid.sys

01:33:02.0961 5832 Brserid - ok

01:33:03.0007 5832 [ 203f0b1e73adadbbb7b7b1fabd901f6b ] BrSerWdm

C:\Windows\system32\drivers\brserwdm.sys

01:33:03.0039 5832 BrSerWdm - ok

01:33:03.0288 5832 [ bd456606156ba17e60a04e18016ae54b ] BrUsbMdm

C:\Windows\system32\drivers\brusbmdm.sys

01:33:03.0319 5832 BrUsbMdm - ok

01:33:03.0460 5832 [ af72ed54503f717a43268b3cc5faec2e ] BrUsbSer

C:\Windows\system32\drivers\brusbser.sys

01:33:03.0647 5832 BrUsbSer - ok

01:33:04.0006 5832 [ ad07c1ec6665b8b35741ab91200c6b68 ] BTHMODEM

C:\Windows\system32\drivers\bthmodem.sys

01:33:04.0021 5832 BTHMODEM - ok

01:33:04.0302 5832 [ 248dfa5762dde38dfddbbd44149e9d7a ] BVRPMPR5

C:\Windows\system32\drivers\BVRPMPR5.SYS

01:33:04.0333 5832 BVRPMPR5 - ok

01:33:05.0098 5832 catchme - ok

01:33:05.0285 5832 [ 7add03e75beb9e6dd102c3081d29840a ] cdfs

C:\Windows\system32\DRIVERS\cdfs.sys

01:33:05.0332 5832 cdfs - ok

01:33:05.0519 5832 [ 6b4bffb9becd728097024276430db314 ] cdrom

C:\Windows\system32\DRIVERS\cdrom.sys

01:33:07.0126 5832 cdrom - ok

01:33:07.0235 5832 [ 312ec3e37a0a1f2006534913e37b4423 ] CertPropSvc

C:\Windows\System32\certprop.dll

01:33:07.0266 5832 CertPropSvc - ok

01:33:07.0344 5832 [ e5d4133f37219dbcfe102bc61072589d ] circlass

C:\Windows\system32\drivers\circlass.sys

01:33:07.0344 5832 circlass - ok

01:33:07.0438 5832 [ d7659d3b5b92c31e84e53c1431f35132 ] CLFS

C:\Windows\system32\CLFS.sys

01:33:07.0485 5832 CLFS - ok

01:33:07.0937 5832 [ 8ee772032e2fe80a924f3b8dd5082194 ]

clr_optimization_v2.0.50727_32

C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

01:33:08.0717 5832 clr_optimization_v2.0.50727_32 - ok

01:33:10.0121 5832 [ c5a75eb48e2344abdc162bda79e16841 ]

clr_optimization_v4.0.30319_32

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

01:33:10.0558 5832 clr_optimization_v4.0.30319_32 - ok

01:33:10.0823 5832 [ 99afc3795b58cc478fbbbcdc658fcb56 ] CmBatt

C:\Windows\system32\DRIVERS\CmBatt.sys

01:33:11.0166 5832 CmBatt - ok

01:33:11.0572 5832 [ 0ca25e686a4928484e9fdabd168ab629 ] cmdide

C:\Windows\system32\drivers\cmdide.sys

01:33:11.0728 5832 cmdide - ok

01:33:11.0993 5832 [ b6e7991e3d6146c04c85cd31af22a381 ]

CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys

01:33:12.0024 5832 CnxtHdAudService - ok

01:33:12.0352 5832 [ d8774ace03b46c9b01a49818055f9ad4 ] Com4Qlb

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

01:33:12.0383 5832 Com4Qlb - ok

01:33:12.0414 5832 [ 6afef0b60fa25de07c0968983ee4f60a ] Compbatt

C:\Windows\system32\DRIVERS\compbatt.sys

01:33:12.0414 5832 Compbatt - ok

01:33:12.0430 5832 COMSysApp - ok

01:33:12.0445 5832 cpuz134 - ok

01:33:12.0570 5832 [ 741e9dff4f42d2d8477d0fc1dc0df871 ] crcdisk

C:\Windows\system32\drivers\crcdisk.sys

01:33:12.0601 5832 crcdisk - ok

01:33:12.0633 5832 [ 1f07becdca750766a96cda811ba86410 ] Crusoe

C:\Windows\system32\drivers\crusoe.sys

01:33:12.0648 5832 Crusoe - ok

01:33:12.0726 5832 [ fb27772beaf8e1d28ccd825c09da939b ] CryptSvc

C:\Windows\system32\cryptsvc.dll

01:33:12.0742 5832 CryptSvc - ok

01:33:13.0116 5832 [ 3b5b4d53fec14f7476ca29a20cc31ac9 ] DcomLaunch

C:\Windows\system32\rpcss.dll

01:33:13.0506 5832 DcomLaunch - ok

01:33:13.0896 5832 [ 622c41a07ca7e6dd91770f50d532cb6c ] DfsC

C:\Windows\system32\Drivers\dfsc.sys

01:33:14.0567 5832 DfsC - ok

01:33:15.0550 5832 [ 2cc3dcfb533a1035b13dcab6160ab38b ] DFSR

C:\Windows\system32\DFSR.exe

01:33:15.0846 5832 DFSR - ok

01:33:16.0080 5832 [ 9028559c132146fb75eb7acf384b086a ] Dhcp

C:\Windows\System32\dhcpcsvc.dll

01:33:16.0127 5832 Dhcp - ok

01:33:16.0299 5832 [ 5d4aefc3386920236a548271f8f1af6a ] disk

C:\Windows\system32\drivers\disk.sys

01:33:16.0423 5832 disk - ok

01:33:16.0626 5832 [ 57d762f6f5974af0da2be88a3349baaa ] Dnscache

C:\Windows\System32\dnsrslvr.dll

01:33:16.0704 5832 Dnscache - ok

01:33:16.0860 5832 [ 324fd74686b1ef5e7c19a8af49e748f6 ] dot3svc

C:\Windows\System32\dot3svc.dll

01:33:16.0923 5832 dot3svc - ok

01:33:17.0125 5832 [ a622e888f8aa2f6b49e9bc466f0e5def ] DPS

C:\Windows\system32\dps.dll

01:33:17.0297 5832 DPS - ok

01:33:17.0422 5832 [ 97fef831ab90bee128c9af390e243f80 ] drmkaud

C:\Windows\system32\drivers\drmkaud.sys

01:33:17.0422 5832 drmkaud - ok

01:33:17.0469 5832 [ c68ac676b0ef30cfbb1080adce49eb1f ] DXGKrnl

C:\Windows\System32\drivers\dxgkrnl.sys

01:33:17.0625 5832 DXGKrnl - ok

01:33:17.0687 5832 [ 5425f74ac0c1dbd96a1e04f17d63f94c ] E1G60

C:\Windows\system32\DRIVERS\E1G60I32.sys

01:33:17.0703 5832 E1G60 - ok

01:33:17.0749 5832 [ c0b95e40d85cd807d614e264248a45b9 ] EapHost

C:\Windows\System32\eapsvc.dll

01:33:17.0749 5832 EapHost - ok

01:33:17.0812 5832 [ 7f64ea048dcfac7acf8b4d7b4e6fe371 ] Ecache

C:\Windows\system32\drivers\ecache.sys

01:33:17.0827 5832 Ecache - ok

01:33:17.0905 5832 [ 23b62471681a124889978f6295b3f4c6 ] elxstor

C:\Windows\system32\drivers\elxstor.sys

01:33:17.0905 5832 elxstor - ok

01:33:18.0061 5832 [ 4e6b23dfc917ea39306b529b773950f4 ] EMDMgmt

C:\Windows\system32\emdmgmt.dll

01:33:18.0093 5832 EMDMgmt - ok

01:33:18.0139 5832 [ 3db974f3935483555d7148663f726c61 ] ErrDev

C:\Windows\system32\drivers\errdev.sys

01:33:18.0139 5832 ErrDev - ok

01:33:18.0186 5832 [ 67058c46504bc12d821f38cf99b7b28f ] EventSystem

C:\Windows\system32\es.dll

01:33:18.0202 5832 EventSystem - ok

01:33:18.0389 5832 [ 22b408651f9123527bcee54b4f6c5cae ] exfat

C:\Windows\system32\drivers\exfat.sys

01:33:18.0436 5832 exfat - ok

01:33:18.0529 5832 [ 1e9b9a70d332103c52995e957dc09ef8 ] fastfat

C:\Windows\system32\drivers\fastfat.sys

01:33:18.0685 5832 fastfat - ok

01:33:18.0888 5832 [ afe1e8b9782a0dd7fb46bbd88e43f89a ] fdc

C:\Windows\system32\DRIVERS\fdc.sys

01:33:19.0122 5832 fdc - ok

01:33:19.0294 5832 [ 6629b5f0e98151f4afdd87567ea32ba3 ] fdPHost

C:\Windows\system32\fdPHost.dll

01:33:19.0419 5832 fdPHost - ok

01:33:19.0575 5832 [ 89ed56dce8e47af40892778a5bd31fd2 ] FDResPub

C:\Windows\system32\fdrespub.dll

01:33:19.0590 5832 FDResPub - ok

01:33:19.0746 5832 [ a8c0139a884861e3aae9cfe73b208a9f ] FileInfo

C:\Windows\system32\drivers\fileinfo.sys

01:33:19.0840 5832 FileInfo - ok

01:33:20.0043 5832 [ 0ae429a696aecbc5970e3cf2c62635ae ] Filetrace

C:\Windows\system32\drivers\filetrace.sys

01:33:20.0089 5832 Filetrace - ok

01:33:20.0245 5832 [ 85b7cf99d532820495d68d747fda9ebd ] flpydisk

C:\Windows\system32\DRIVERS\flpydisk.sys

01:33:20.0277 5832 flpydisk - ok

01:33:20.0464 5832 [ 01334f9ea68e6877c4ef05d3ea8abb05 ] FltMgr

C:\Windows\system32\drivers\fltmgr.sys

01:33:20.0464 5832 FltMgr - ok

01:33:20.0557 5832 [ 8ce364388c8eca59b14b539179276d44 ] FontCache

C:\Windows\system32\FntCache.dll

01:33:20.0698 5832 FontCache - ok

01:33:20.0791 5832 [ c7fbdd1ed42f82bfa35167a5c9803ea3 ]

FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0

\WPF\PresentationFontCache.exe

01:33:20.0791 5832 FontCache3.0.0.0 - ok

01:33:20.0807 5832 [ 65ea8b77b5851854f0c55c43fa51a198 ] Fs_Rec

C:\Windows\system32\drivers\Fs_Rec.sys

01:33:20.0807 5832 Fs_Rec - ok

01:33:20.0838 5832 [ 34582a6e6573d54a07ece5fe24a126b5 ] gagp30kx

C:\Windows\system32\drivers\gagp30kx.sys

01:33:20.0838 5832 gagp30kx - ok

01:33:21.0025 5832 [ 44d07e5a444692e9b6a5cdd7401b4402 ]

GameConsoleService C:\Program Files\HP Games\My HP Game

Console\GameConsoleService.exe

01:33:21.0041 5832 GameConsoleService - ok

01:33:21.0072 5832 [ cd5d0aeee35dfd4e986a5aa1500a6e66 ] gpsvc

C:\Windows\System32\gpsvc.dll

01:33:21.0103 5832 gpsvc - ok

01:33:21.0431 5832 [ de847265c24e69df988bcb1399026fc7 ]

HauppaugeTVServer C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe

01:33:21.0478 5832 HauppaugeTVServer - ok

01:33:21.0618 5832 [ de15777902a5d9121857d155873a1d1b ] HBtnKey

C:\Windows\system32\DRIVERS\cpqbttn.sys

01:33:21.0743 5832 HBtnKey - ok

01:33:21.0977 5832 [ 7be40bb4cd16d8760e18ea981ff452ec ] HdAudAddService

C:\Windows\system32\drivers\CHDART.sys

01:33:22.0164 5832 HdAudAddService - ok

01:33:22.0351 5832 [ 062452b7ffd68c8c042a6261fe8dff4a ] HDAudBus

C:\Windows\system32\DRIVERS\HDAudBus.sys

01:33:22.0507 5832 HDAudBus - ok

01:33:22.0585 5832 [ 1338520e78d90154ed6be8f84de5fceb ] HidBth

C:\Windows\system32\drivers\hidbth.sys

01:33:22.0679 5832 HidBth - ok

01:33:22.0741 5832 [ ff3160c3a2445128c5a6d9b076da519e ] HidIr

C:\Windows\system32\drivers\hidir.sys

01:33:22.0741 5832 HidIr - ok

01:33:22.0773 5832 [ 84067081f3318162797385e11a8f0582 ] hidserv

C:\Windows\System32\hidserv.dll

01:33:22.0773 5832 hidserv - ok

01:33:22.0804 5832 [ cca4b519b17e23a00b826c55716809cc ] HidUsb

C:\Windows\system32\DRIVERS\hidusb.sys

01:33:22.0851 5832 HidUsb - ok

01:33:22.0929 5832 [ d8ad255b37da92434c26e4876db7d418 ] hkmsvc

C:\Windows\system32\kmsvc.dll

01:33:22.0991 5832 hkmsvc - ok

01:33:23.0085 5832 [ 0d26c438e2938a3e6bdd91173bc96ff0 ] HP Health Check

Service c:\Program Files\Hewlett-Packard\HP Health

Check\hphc_service.exe

01:33:23.0085 5832 HP Health Check Service - ok

01:33:23.0256 5832 [ 16ee7b23a009e00d835cdb79574a91a6 ] HpCISSs

C:\Windows\system32\drivers\hpcisss.sys

01:33:23.0303 5832 HpCISSs - ok

01:33:23.0381 5832 [ 35956140e686d53bf676cf0c778880fc ] HpqKbFiltr

C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

01:33:23.0397 5832 HpqKbFiltr - ok

01:33:23.0490 5832 [ f8968c9778f25a90a35755c3c97c7f62 ] hpqwmiex

C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

01:33:23.0553 5832 hpqwmiex - ok

01:33:23.0646 5832 [ 46d67209550973257601a533e2ac5785 ] HSFHWAZL

C:\Windows\system32\DRIVERS\VSTAZL3.SYS

01:33:23.0724 5832 HSFHWAZL - ok

01:33:23.0943 5832 [ cc267848cb3508e72762be65734e764d ] HSF_DPV

C:\Windows\system32\DRIVERS\HSX_DPV.sys

01:33:24.0099 5832 HSF_DPV - ok

01:33:24.0161 5832 [ a2882945cc4b6e3e4e9e825590438888 ] HSXHWAZL

C:\Windows\system32\DRIVERS\HSXHWAZL.sys

01:33:24.0177 5832 HSXHWAZL - ok

01:33:24.0333 5832 [ 0eeeca26c8d4bde2a4664db058a81937 ] HTTP

C:\Windows\system32\drivers\HTTP.sys

01:33:24.0567 5832 HTTP - ok

01:33:24.0754 5832 [ c6b032d69650985468160fc9937cf5b4 ] i2omp

C:\Windows\system32\drivers\i2omp.sys

01:33:24.0988 5832 i2omp - ok

01:33:25.0362 5832 [ 22d56c8184586b7a1f6fa60be5f5a2bd ] i8042prt

C:\Windows\system32\DRIVERS\i8042prt.sys

01:33:25.0393 5832 i8042prt - ok

01:33:25.0456 5832 [ 54155ea1b0df185878e0fc9ec3ac3a14 ] iaStorV

C:\Windows\system32\drivers\iastorv.sys

01:33:25.0471 5832 iaStorV - ok

01:33:25.0659 5832 [ 1cf03c69b49acb70c722df92755c0c8c ] IDriverT

C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32

\IDriverT.exe

01:33:25.0737 5832 IDriverT - ok

01:33:25.0939 5832 [ 98477b08e61945f974ed9fdc4cb6bdab ] idsvc

C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication

Foundation\infocard.exe

01:33:26.0251 5832 idsvc - ok

01:33:26.0392 5832 [ 2d077bf86e843f901d8db709c95b49a5 ] iirsp

C:\Windows\system32\drivers\iirsp.sys

01:33:26.0392 5832 iirsp - ok

01:33:26.0439 5832 [ 9908d8a397b76cd8d31d0d383c5773c9 ] IKEEXT

C:\Windows\System32\ikeext.dll

01:33:26.0454 5832 IKEEXT - ok

01:33:26.0532 5832 [ 83aa759f3189e6370c30de5dc5590718 ] intelide

C:\Windows\system32\drivers\intelide.sys

01:33:26.0673 5832 intelide - ok

01:33:26.0891 5832 [ 224191001e78c89dfa78924c3ea595ff ] intelppm

C:\Windows\system32\DRIVERS\intelppm.sys

01:33:27.0141 5832 intelppm - ok

01:33:27.0390 5832 [ 9ac218c6e6105477484c6fdbe7d409a4 ] IPBusEnum

C:\Windows\system32\ipbusenum.dll

01:33:27.0593 5832 IPBusEnum - ok

01:33:27.0624 5832 [ 62c265c38769b864cb25b4bcf62df6c3 ] IpFilterDriver

C:\Windows\system32\DRIVERS\ipfltdrv.sys

01:33:27.0624 5832 IpFilterDriver - ok

01:33:27.0671 5832 [ 1998bd97f950680bb55f55a7244679c2 ] iphlpsvc

C:\Windows\System32\iphlpsvc.dll

01:33:27.0718 5832 iphlpsvc - ok

01:33:27.0718 5832 IpInIp - ok

01:33:27.0765 5832 [ b25aaf203552b7b3491139d582b39ad1 ] IPMIDRV

C:\Windows\system32\drivers\ipmidrv.sys

01:33:27.0765 5832 IPMIDRV - ok

01:33:27.0827 5832 [ 8793643a67b42cec66490b2a0cf92d68 ] IPNAT

C:\Windows\system32\DRIVERS\ipnat.sys

01:33:27.0858 5832 IPNAT - ok

01:33:27.0905 5832 [ 109c0dfb82c3632fbd11949b73aeeac9 ] IRENUM

C:\Windows\system32\drivers\irenum.sys

01:33:27.0921 5832 IRENUM - ok

01:33:27.0999 5832 [ 6c70698a3e5c4376c6ab5c7c17fb0614 ] isapnp

C:\Windows\system32\drivers\isapnp.sys

01:33:28.0045 5832 isapnp - ok

01:33:28.0139 5832 [ 232fa340531d940aac623b121a595034 ] iScsiPrt

C:\Windows\system32\DRIVERS\msiscsi.sys

01:33:28.0233 5832 iScsiPrt - ok

01:33:28.0326 5832 [ bced60d16156e428f8df8cf27b0df150 ] iteatapi

C:\Windows\system32\drivers\iteatapi.sys

01:33:28.0389 5832 iteatapi - ok

01:33:28.0467 5832 [ 06fa654504a498c30adca8bec4e87e7e ] iteraid

C:\Windows\system32\drivers\iteraid.sys

01:33:28.0467 5832 iteraid - ok

01:33:28.0545 5832 [ 37605e0a8cf00cbba538e753e4344c6e ] kbdclass

C:\Windows\system32\DRIVERS\kbdclass.sys

01:33:28.0638 5832 kbdclass - ok

01:33:28.0732 5832 [ ede59ec70e25c24581add1fbec7325f7 ] kbdhid

C:\Windows\system32\DRIVERS\kbdhid.sys

01:33:28.0935 5832 kbdhid - ok

01:33:29.0184 5832 [ a3e186b4b935905b829219502557314e ] KeyIso

C:\Windows\system32\lsass.exe

01:33:29.0325 5832 KeyIso - ok

01:33:29.0512 5832 [ 2b2f1638466e8cb091400c9019cc730e ] KSecDD

C:\Windows\system32\Drivers\ksecdd.sys

01:33:29.0668 5832 KSecDD - ok

01:33:29.0886 5832 [ 8078f8f8f7a79e2e6b494523a828c585 ] KtmRm

C:\Windows\system32\msdtckrm.dll

01:33:30.0183 5832 KtmRm - ok

01:33:30.0245 5832 [ 1bf5eebfd518dd7298434d8c862f825d ] LanmanServer

C:\Windows\System32\srvsvc.dll

01:33:30.0245 5832 LanmanServer - ok

01:33:30.0370 5832 [ 1db69705b695b987082c8baec0c6b34f ]

LanmanWorkstation C:\Windows\System32\wkssvc.dll

01:33:30.0432 5832 LanmanWorkstation - ok

01:33:30.0510 5832 [ d1c5883087a0c3f1344d9d55a44901f6 ] lltdio

C:\Windows\system32\DRIVERS\lltdio.sys

01:33:30.0526 5832 lltdio - ok

01:33:30.0573 5832 [ 2d5a428872f1442631d0959a34abff63 ] lltdsvc

C:\Windows\System32\lltdsvc.dll

01:33:30.0651 5832 lltdsvc - ok

01:33:30.0682 5832 [ 35d40113e4a5b961b6ce5c5857702518 ] lmhosts

C:\Windows\System32\lmhsvc.dll

01:33:30.0713 5832 lmhosts - ok

01:33:30.0838 5832 [ c7e15e82879bf3235b559563d4185365 ] LSI_FC

C:\Windows\system32\drivers\lsi_fc.sys

01:33:30.0900 5832 LSI_FC - ok

01:33:30.0978 5832 [ ee01ebae8c9bf0fa072e0ff68718920a ] LSI_SAS

C:\Windows\system32\drivers\lsi_sas.sys

01:33:30.0978 5832 LSI_SAS - ok

01:33:31.0103 5832 [ 912a04696e9ca30146a62afa1463dd5c ] LSI_SCSI

C:\Windows\system32\drivers\lsi_scsi.sys

01:33:31.0150 5832 LSI_SCSI - ok

01:33:31.0212 5832 [ 8f5c7426567798e62a3b3614965d62cc ] luafv

C:\Windows\system32\drivers\luafv.sys

01:33:31.0212 5832 luafv - ok

01:33:31.0321 5832 [ 6dfe7f2e8e8a337263aa5c92a215f161 ] MBAMProtector

C:\Windows\system32\drivers\mbam.sys

01:33:31.0571 5832 MBAMProtector - ok

01:33:32.0055 5832 [ 43683e970f008c93c9429ef428147a54 ] MBAMService

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

01:33:32.0351 5832 MBAMService - ok

01:33:32.0585 5832 [ 0cea2d0d3fa284b85ed5b68365114f76 ] mdmxsdk

C:\Windows\system32\DRIVERS\mdmxsdk.sys

01:33:32.0585 5832 mdmxsdk - ok

01:33:32.0710 5832 [ 0001ce609d66632fa17b84705f658879 ] megasas

C:\Windows\system32\drivers\megasas.sys

01:33:32.0772 5832 megasas - ok

01:33:32.0835 5832 [ c252f32cd9a49dbfc25ecf26ebd51a99 ] MegaSR

C:\Windows\system32\drivers\megasr.sys

01:33:32.0944 5832 MegaSR - ok

01:33:32.0991 5832 [ 1076ffcffaae8385fd62dfcb25ac4708 ] MMCSS

C:\Windows\system32\mmcss.dll

01:33:32.0991 5832 MMCSS - ok

01:33:33.0069 5832 [ e13b5ea0f51ba5b1512ec671393d09ba ] Modem

C:\Windows\system32\drivers\modem.sys

01:33:33.0069 5832 Modem - ok

01:33:33.0162 5832 [ 0a9bb33b56e294f686abb7c1e4e2d8a8 ] monitor

C:\Windows\system32\DRIVERS\monitor.sys

01:33:33.0162 5832 monitor - ok

01:33:33.0240 5832 [ 5bf6a1326a335c5298477754a506d263 ] mouclass

C:\Windows\system32\DRIVERS\mouclass.sys

01:33:33.0240 5832 mouclass - ok

01:33:33.0349 5832 [ 93b8d4869e12cfbe663915502900876f ] mouhid

C:\Windows\system32\DRIVERS\mouhid.sys

01:33:33.0349 5832 mouhid - ok

01:33:33.0381 5832 [ bdafc88aa6b92f7842416ea6a48e1600 ] MountMgr

C:\Windows\system32\drivers\mountmgr.sys

01:33:33.0381 5832 MountMgr - ok

01:33:33.0474 5832 [ 46297fa8e30a6007f14118fc2b942fbc ]

MozillaMaintenance C:\Program Files\Mozilla Maintenance

Service\maintenanceservice.exe

01:33:33.0537 5832 MozillaMaintenance - ok

01:33:33.0661 5832 [ 511d011289755dd9f9a7579fb0b064e6 ] mpio

C:\Windows\system32\drivers\mpio.sys

01:33:33.0724 5832 mpio - ok

01:33:33.0817 5832 [ 22241feba9b2defa669c8cb0a8dd7d2e ] mpsdrv

C:\Windows\system32\drivers\mpsdrv.sys

01:33:33.0973 5832 mpsdrv - ok

01:33:34.0254 5832 [ 5de62c6e9108f14f6794060a9bdecaec ] MpsSvc

C:\Windows\system32\mpssvc.dll

01:33:34.0566 5832 MpsSvc - ok

01:33:34.0785 5832 [ 4fbbb70d30fd20ec51f80061703b001e ] Mraid35x

C:\Windows\system32\drivers\mraid35x.sys

01:33:34.0987 5832 Mraid35x - ok

01:33:35.0050 5832 [ 82cea0395524aacfeb58ba1448e8325c ] MRxDAV

C:\Windows\system32\drivers\mrxdav.sys

01:33:35.0097 5832 MRxDAV - ok

01:33:35.0159 5832 [ 1e94971c4b446ab2290deb71d01cf0c2 ] mrxsmb

C:\Windows\system32\DRIVERS\mrxsmb.sys

01:33:35.0206 5832 mrxsmb - ok

01:33:35.0299 5832 [ 4fccb34d793b116423209c0f8b7a3b03 ] mrxsmb10

C:\Windows\system32\DRIVERS\mrxsmb10.sys

01:33:35.0346 5832 mrxsmb10 - ok

01:33:35.0424 5832 [ c3cb1b40ad4a0124d617a1199b0b9d7c ] mrxsmb20

C:\Windows\system32\DRIVERS\mrxsmb20.sys

01:33:35.0440 5832 mrxsmb20 - ok

01:33:35.0502 5832 [ 28023e86f17001f7cd9b15a5bc9ae07d ] msahci

C:\Windows\system32\drivers\msahci.sys

01:33:35.0502 5832 msahci - ok

01:33:35.0580 5832 [ 4468b0f385a86ecddaf8d3ca662ec0e7 ] msdsm

C:\Windows\system32\drivers\msdsm.sys

01:33:35.0611 5832 msdsm - ok

01:33:35.0689 5832 [ fd7520cc3a80c5fc8c48852bb24c6ded ] MSDTC

C:\Windows\System32\msdtc.exe

01:33:35.0689 5832 MSDTC - ok

01:33:35.0752 5832 [ a9927f4a46b816c92f461acb90cf8515 ] Msfs

C:\Windows\system32\drivers\Msfs.sys

01:33:35.0752 5832 Msfs - ok

01:33:35.0877 5832 [ 0f400e306f385c56317357d6dea56f62 ] msisadrv

C:\Windows\system32\drivers\msisadrv.sys

01:33:35.0892 5832 msisadrv - ok

01:33:36.0017 5832 [ 85466c0757a23d9a9aecdc0755203cb2 ] MSiSCSI

C:\Windows\system32\iscsiexe.dll

01:33:36.0079 5832 MSiSCSI - ok

01:33:36.0126 5832 msiserver - ok

01:33:36.0313 5832 [ d8c63d34d9c9e56c059e24ec7185cc07 ] MSKSSRV

C:\Windows\system32\drivers\MSKSSRV.sys

01:33:36.0547 5832 MSKSSRV - ok

01:33:36.0828 5832 [ 1d373c90d62ddb641d50e55b9e78d65e ] MSPCLOCK

C:\Windows\system32\drivers\MSPCLOCK.sys

01:33:36.0984 5832 MSPCLOCK - ok

01:33:37.0249 5832 [ b572da05bf4e098d4bba3a4734fb505b ] MSPQM

C:\Windows\system32\drivers\MSPQM.sys

01:33:37.0483 5832 MSPQM - ok

01:33:37.0515 5832 [ b49456d70555de905c311bcda6ec6adb ] MsRPC

C:\Windows\system32\drivers\MsRPC.sys

01:33:37.0515 5832 MsRPC - ok

01:33:37.0546 5832 [ e384487cb84be41d09711c30ca79646c ] mssmbios

C:\Windows\system32\DRIVERS\mssmbios.sys

01:33:37.0561 5832 mssmbios - ok

01:33:37.0639 5832 MSSQL$SQLEXPRESS - ok

01:33:37.0671 5832 [ 1d89eb4e2a99cabd4e81225f4f4c4b25 ]

MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90

\Shared\sqladhlp90.exe

01:33:37.0671 5832 MSSQLServerADHelper - ok

01:33:37.0717 5832 [ 7199c1eec1e4993caf96b8c0a26bd58a ] MSTEE

C:\Windows\system32\drivers\MSTEE.sys

01:33:37.0717 5832 MSTEE - ok

01:33:37.0749 5832 [ 6a57b5733d4cb702c8ea4542e836b96c ] Mup

C:\Windows\system32\Drivers\mup.sys

01:33:37.0795 5832 Mup - ok

01:33:37.0873 5832 [ 87efbc5a9d095e5a1c7df49086b4b81d ]

MxL111SF_AVS_USB C:\Windows\system32\DRIVERS\hcwC6bda.sys

01:33:37.0873 5832 MxL111SF_AVS_USB - ok

01:33:37.0951 5832 [ e4eaf0c5c1b41b5c83386cf212ca9584 ] napagent

C:\Windows\system32\qagentRT.dll

01:33:37.0998 5832 napagent - ok

01:33:38.0107 5832 [ 85c44fdff9cf7e72a40dcb7ec06a4416 ] NativeWifiP

C:\Windows\system32\DRIVERS\nwifi.sys

01:33:38.0217 5832 NativeWifiP - ok

01:33:38.0373 5832 [ 1357274d1883f68300aeadd15d7bbb42 ] NDIS

C:\Windows\system32\drivers\ndis.sys

01:33:38.0544 5832 NDIS - ok

01:33:38.0747 5832 [ 0e186e90404980569fb449ba7519ae61 ] NdisTapi

C:\Windows\system32\DRIVERS\ndistapi.sys

01:33:38.0903 5832 NdisTapi - ok

01:33:39.0121 5832 [ d6973aa34c4d5d76c0430b181c3cd389 ] Ndisuio

C:\Windows\system32\DRIVERS\ndisuio.sys

01:33:39.0246 5832 Ndisuio - ok

01:33:39.0433 5832 [ 818f648618ae34f729fdb47ec68345c3 ] NdisWan

C:\Windows\system32\DRIVERS\ndiswan.sys

01:33:39.0605 5832 NdisWan - ok

01:33:39.0777 5832 [ 71dab552b41936358f3b541ae5997fb3 ] NDProxy

C:\Windows\system32\drivers\NDProxy.sys

01:33:39.0777 5832 NDProxy - ok

01:33:39.0839 5832 [ bcd093a5a6777cf626434568dc7dba78 ] NetBIOS

C:\Windows\system32\DRIVERS\netbios.sys

01:33:39.0855 5832 NetBIOS - ok

01:33:39.0964 5832 [ ecd64230a59cbd93c85f1cd1cab9f3f6 ] netbt

C:\Windows\system32\DRIVERS\netbt.sys

01:33:39.0964 5832 netbt - ok

01:33:40.0026 5832 [ a3e186b4b935905b829219502557314e ] Netlogon

C:\Windows\system32\lsass.exe

01:33:40.0026 5832 Netlogon - ok

01:33:40.0182 5832 [ c8052711daecc48b982434c5116ca401 ] Netman

C:\Windows\System32\netman.dll

01:33:40.0245 5832 Netman - ok

01:33:40.0323 5832 [ 2ef3bbe22e5a5acd1428ee387a0d0172 ] netprofm

C:\Windows\System32\netprofm.dll

01:33:40.0416 5832 netprofm - ok

01:33:40.0525 5832 [ d6c4e4a39a36029ac0813d476fbd0248 ]

NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows

Communication Foundation\SMSvcHost.exe

01:33:40.0619 5832 NetTcpPortSharing - ok

01:33:40.0759 5832 [ 2e7fb731d4790a1bc6270accefacb36e ] nfrd960

C:\Windows\system32\drivers\nfrd960.sys

01:33:40.0759 5832 nfrd960 - ok

01:33:40.0853 5832 [ 2997b15415f9bbe05b5a4c1c85e0c6a2 ] NlaSvc

C:\Windows\System32\nlasvc.dll

01:33:40.0993 5832 NlaSvc - ok

01:33:41.0165 5832 [ d36f239d7cce1931598e8fb90a0dbc26 ] Npfs

C:\Windows\system32\drivers\Npfs.sys

01:33:41.0181 5832 Npfs - ok

01:33:41.0274 5832 [ 8bb86f0c7eea2bded6fe095d0b4ca9bd ] nsi

C:\Windows\system32\nsisvc.dll

01:33:41.0337 5832 nsi - ok

01:33:41.0399 5832 [ 609773e344a97410ce4ebf74a8914fcf ] nsiproxy

C:\Windows\system32\drivers\nsiproxy.sys

01:33:41.0399 5832 nsiproxy - ok

01:33:41.0664 5832 [ 6a4a98cee84cf9e99564510dda4baa47 ] Ntfs

C:\Windows\system32\drivers\Ntfs.sys

01:33:42.0007 5832 Ntfs - ok

01:33:42.0101 5832 [ e875c093aec0c978a90f30c9e0dfbb72 ] ntrigdigi

C:\Windows\system32\drivers\ntrigdigi.sys

01:33:42.0101 5832 ntrigdigi - ok

01:33:42.0210 5832 [ cf7e041663119e09d2e118521ada9300 ] NuidFltr

C:\Windows\system32\DRIVERS\NuidFltr.sys

01:33:42.0351 5832 NuidFltr - ok

01:33:42.0522 5832 [ c5dbbcda07d780bda9b685df333bb41e ] Null

C:\Windows\system32\drivers\Null.sys

01:33:42.0522 5832 Null - ok

01:33:42.0803 5832 [ a1108084b0d2fc43dcc401735770e2a3 ] NVENETFD

C:\Windows\system32\DRIVERS\nvmfdx32.sys

01:33:43.0193 5832 NVENETFD - ok

01:33:44.0831 5832 [ 3c65f41ebb779a0f16ff965bfd0df179 ] nvlddmkm

C:\Windows\system32\DRIVERS\nvlddmkm.sys

01:33:47.0436 5832 nvlddmkm - ok

01:33:47.0608 5832 [ 2edf9e7751554b42cbb60116de727101 ] nvraid

C:\Windows\system32\drivers\nvraid.sys

01:33:47.0857 5832 nvraid - ok

01:33:47.0920 5832 [ 9aebc32f9d6e02ebee0369ab296fe7c8 ] nvsmu

C:\Windows\system32\DRIVERS\nvsmu.sys

01:33:47.0920 5832 nvsmu - ok

01:33:47.0982 5832 [ abed0c09758d1d97db0042dbb2688177 ] nvstor

C:\Windows\system32\drivers\nvstor.sys

01:33:47.0998 5832 nvstor - ok

01:33:48.0029 5832 [ 18bbdf913916b71bd54575bdb6eeac0b ] nv_agp

C:\Windows\system32\drivers\nv_agp.sys

01:33:48.0060 5832 nv_agp - ok

01:33:48.0076 5832 NwlnkFlt - ok

01:33:48.0076 5832 NwlnkFwd - ok

01:33:48.0232 5832 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv

C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

01:33:48.0372 5832 odserv - ok

01:33:48.0513 5832 [ be32da025a0be1878f0ee8d6d9386cd5 ] ohci1394

C:\Windows\system32\drivers\ohci1394.sys

01:33:48.0528 5832 ohci1394 - ok

01:33:48.0591 5832 [ 5a432a042dae460abe7199b758e8606c ] ose

C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

01:33:48.0669 5832 ose - ok

01:33:48.0903 5832 [ 0c8e8e61ad1eb0b250b846712c917506 ] p2pimsvc

C:\Windows\system32\p2psvc.dll

01:33:49.0199 5832 p2pimsvc - ok

01:33:49.0371 5832 [ 0c8e8e61ad1eb0b250b846712c917506 ] p2psvc

C:\Windows\system32\p2psvc.dll

01:33:49.0371 5832 p2psvc - ok

01:33:49.0449 5832 [ 0fa9b5055484649d63c303fe404e5f4d ] Parport

C:\Windows\system32\drivers\parport.sys

01:33:49.0527 5832 Parport - ok

01:33:49.0636 5832 [ 57389fa59a36d96b3eb09d0cb91e9cdc ] partmgr

C:\Windows\system32\drivers\partmgr.sys

01:33:49.0636 5832 partmgr - ok

01:33:49.0714 5832 [ 4f9a6a8a31413180d0fcb279ad5d8112 ] Parvdm

C:\Windows\system32\drivers\parvdm.sys

01:33:49.0714 5832 Parvdm - ok

01:33:49.0776 5832 [ c6276ad11f4bb49b58aa1ed88537f14a ] PcaSvc

C:\Windows\System32\pcasvc.dll

01:33:49.0792 5832 PcaSvc - ok

01:33:49.0901 5832 [ 941dc1d19e7e8620f40bbc206981efdb ] pci

C:\Windows\system32\drivers\pci.sys

01:33:49.0995 5832 pci - ok

01:33:50.0041 5832 [ 1636d43f10416aeb483bc6001097b26c ] pciide

C:\Windows\system32\drivers\pciide.sys

01:33:50.0041 5832 pciide - ok

01:33:50.0151 5832 [ e6f3fb1b86aa519e7698ad05e58b04e5 ] pcmcia

C:\Windows\system32\drivers\pcmcia.sys

01:33:50.0229 5832 pcmcia - ok

01:33:50.0385 5832 [ 6349f6ed9c623b44b52ea3c63c831a92 ] PEAUTH

C:\Windows\system32\drivers\peauth.sys

01:33:50.0650 5832 PEAUTH - ok

01:33:50.0884 5832 [ b1689df169143f57053f795390c99db3 ] pla

C:\Windows\system32\pla.dll

01:33:51.0196 5832 pla - ok

01:33:51.0352 5832 [ c5e7f8a996ec0a82d508fd9064a5569e ] PlugPlay

C:\Windows\system32\umpnpmgr.dll

01:33:51.0445 5832 PlugPlay - ok

01:33:51.0570 5832 [ 0c8e8e61ad1eb0b250b846712c917506 ] PNRPAutoReg

C:\Windows\system32\p2psvc.dll

01:33:51.0570 5832 PNRPAutoReg - ok

01:33:51.0695 5832 [ 0c8e8e61ad1eb0b250b846712c917506 ] PNRPsvc

C:\Windows\system32\p2psvc.dll

01:33:51.0711 5832 PNRPsvc - ok

01:33:51.0835 5832 [ d0494460421a03cd5225cca0059aa146 ] PolicyAgent

C:\Windows\System32\ipsecsvc.dll

01:33:52.0023 5832 PolicyAgent - ok

01:33:52.0163 5832 [ ecfffaec0c1ecd8dbc77f39070ea1db1 ] PptpMiniport

C:\Windows\system32\DRIVERS\raspptp.sys

01:33:52.0225 5832 PptpMiniport - ok

01:33:52.0319 5832 [ 2027293619dd0f047c584cf2e7df4ffd ] Processor

C:\Windows\system32\drivers\processr.sys

01:33:52.0335 5832 Processor - ok

01:33:52.0428 5832 [ 0508faa222d28835310b7bfca7a77346 ] ProfSvc

C:\Windows\system32\profsvc.dll

01:33:52.0491 5832 ProfSvc - ok

01:33:52.0553 5832 [ a3e186b4b935905b829219502557314e ]

ProtectedStorage C:\Windows\system32\lsass.exe

01:33:52.0553 5832 ProtectedStorage - ok

01:33:52.0662 5832 [ 99514faa8df93d34b5589187db3aa0ba ] PSched

C:\Windows\system32\DRIVERS\pacer.sys

01:33:52.0662 5832 PSched - ok

01:33:52.0943 5832 [ 0a6db55afb7820c99aa1f3a1d270f4f6 ] ql2300

C:\Windows\system32\drivers\ql2300.sys

01:33:53.0364 5832 ql2300 - ok

01:33:53.0473 5832 [ 81a7e5c076e59995d54bc1ed3a16e60b ] ql40xx

C:\Windows\system32\drivers\ql40xx.sys

01:33:53.0505 5832 ql40xx - ok

01:33:53.0645 5832 [ e9ecae663f47e6cb43962d18ab18890f ] QWAVE

C:\Windows\system32\qwave.dll

01:33:53.0754 5832 QWAVE - ok

01:33:53.0941 5832 [ 9f5e0e1926014d17486901c88eca2db7 ] QWAVEdrv

C:\Windows\system32\drivers\qwavedrv.sys

01:33:54.0051 5832 QWAVEdrv - ok

01:33:54.0113 5832 [ 147d7f9c556d259924351feb0de606c3 ] RasAcd

C:\Windows\system32\DRIVERS\rasacd.sys

01:33:54.0129 5832 RasAcd - ok

01:33:54.0222 5832 [ f6a452eb4ceadbb51c9e0ee6b3ecef0f ] RasAuto

C:\Windows\System32\rasauto.dll

01:33:54.0285 5832 RasAuto - ok

01:33:54.0363 5832 [ a214adbaf4cb47dd2728859ef31f26b0 ] Rasl2tp

C:\Windows\system32\DRIVERS\rasl2tp.sys

01:33:54.0409 5832 Rasl2tp - ok

01:33:54.0519 5832 [ 75d47445d70ca6f9f894b032fbc64fcf ] RasMan

C:\Windows\System32\rasmans.dll

01:33:54.0628 5832 RasMan - ok

01:33:54.0721 5832 [ 509a98dd18af4375e1fc40bc175f1def ] RasPppoe

C:\Windows\system32\DRIVERS\raspppoe.sys

01:33:54.0815 5832 RasPppoe - ok

01:33:54.0909 5832 [ 2005f4a1e05fa09389ac85840f0a9e4d ] RasSstp

C:\Windows\system32\DRIVERS\rassstp.sys

01:33:54.0909 5832 RasSstp - ok

01:33:55.0002 5832 [ b14c9d5b9add2f84f70570bbbfaa7935 ] rdbss

C:\Windows\system32\DRIVERS\rdbss.sys

01:33:55.0065 5832 rdbss - ok

01:33:55.0143 5832 [ 89e59be9a564262a3fb6c4f4f1cd9899 ] RDPCDD

C:\Windows\system32\DRIVERS\RDPCDD.sys

01:33:55.0143 5832 RDPCDD - ok

01:33:55.0236 5832 [ fbc0bacd9c3d7f6956853f64a66e252d ] rdpdr

C:\Windows\system32\drivers\rdpdr.sys

01:33:55.0299 5832 rdpdr - ok

01:33:55.0345 5832 [ 9d91fe5286f748862ecffa05f8a0710c ] RDPENCDD

C:\Windows\system32\drivers\rdpencdd.sys

01:33:55.0345 5832 RDPENCDD - ok

01:33:55.0439 5832 [ 30bfbdfb7f95559ede971f9ddb9a00ba ] RDPWD

C:\Windows\system32\drivers\RDPWD.sys

01:33:55.0455 5832 RDPWD - ok

01:33:55.0533 5832 [ bcdd6b4804d06b1f7ebf29e53a57ece9 ] RemoteAccess

C:\Windows\System32\mprdim.dll

01:33:55.0579 5832 RemoteAccess - ok

01:33:55.0642 5832 [ 9e6894ea18daff37b63e1005f83ae4ab ] RemoteRegistry

C:\Windows\system32\regsvc.dll

01:33:55.0704 5832 RemoteRegistry - ok

01:33:55.0923 5832 [ 17e0bef5ca5c9ce52cc8082ac6ebc449 ] RichVideo

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

01:33:56.0001 5832 RichVideo - ok

01:33:56.0063 5832 [ c35ca13d3627ebd9dd12a23ce781bc3d ] rimmptsk

C:\Windows\system32\DRIVERS\rimmptsk.sys

01:33:56.0063 5832 rimmptsk - ok

01:33:56.0188 5832 [ c398bca91216755b098679a8da8a2300 ] rimsptsk

C:\Windows\system32\DRIVERS\rimsptsk.sys

01:33:56.0344 5832 rimsptsk - ok

01:33:56.0453 5832 [ 2a2554cb24506e0a0508fc395c4a1b42 ] rismxdp

C:\Windows\system32\DRIVERS\rixdptsk.sys

01:33:56.0453 5832 rismxdp - ok

01:33:56.0531 5832 [ 5123f83cbc4349d065534eeb6bbdc42b ] RpcLocator

C:\Windows\system32\locator.exe

01:33:56.0531 5832 RpcLocator - ok

01:33:56.0656 5832 [ 3b5b4d53fec14f7476ca29a20cc31ac9 ] RpcSs

C:\Windows\system32\rpcss.dll

01:33:56.0671 5832 RpcSs - ok

01:33:56.0734 5832 [ 9c508f4074a39e8b4b31d27198146fad ] rspndr

C:\Windows\system32\DRIVERS\rspndr.sys

01:33:56.0734 5832 rspndr - ok

01:33:56.0812 5832 [ a3e186b4b935905b829219502557314e ] SamSs

C:\Windows\system32\lsass.exe

01:33:56.0812 5832 SamSs - ok

01:33:56.0827 5832 [ 3ce8f073a557e172b330109436984e30 ] sbp2port

C:\Windows\system32\drivers\sbp2port.sys

01:33:56.0827 5832 sbp2port - ok

01:33:56.0905 5832 [ 77b7a11a0c3d78d3386398fbbea1b632 ] SCardSvr

C:\Windows\System32\SCardSvr.dll

01:33:56.0968 5832 SCardSvr - ok

01:33:57.0061 5832 [ 1a58069db21d05eb2ab58ee5753ebe8d ] Schedule

C:\Windows\system32\schedsvc.dll

01:33:57.0264 5832 Schedule - ok

01:33:57.0327 5832 [ 312ec3e37a0a1f2006534913e37b4423 ] SCPolicySvc

C:\Windows\System32\certprop.dll

01:33:57.0327 5832 SCPolicySvc - ok

01:33:57.0436 5832 [ 8f36b54688c31eed4580129040c6a3d3 ] sdbus

C:\Windows\system32\DRIVERS\sdbus.sys

01:33:57.0483 5832 sdbus - ok

01:33:57.0561 5832 [ 716313d9f6b0529d03f726d5aaf6f191 ] SDRSVC

C:\Windows\System32\SDRSVC.dll

01:33:57.0561 5832 SDRSVC - ok

01:33:57.0639 5832 [ 90a3935d05b494a5a39d37e71f09a677 ] secdrv

C:\Windows\system32\drivers\secdrv.sys

01:33:57.0639 5832 secdrv - ok

01:33:57.0763 5832 [ fd5199d4d8a521005e4b5ee7fe00fa9b ] seclogon

C:\Windows\system32\seclogon.dll

01:33:57.0779 5832 seclogon - ok

01:33:57.0841 5832 [ a9bbab5759771e523f55563d6cbe140f ] SENS

C:\Windows\system32\sens.dll

01:33:57.0904 5832 SENS - ok

01:33:57.0919 5832 [ 68e44e331d46f0fb38f0863a84cd1a31 ] Serenum

C:\Windows\system32\drivers\serenum.sys

01:33:57.0919 5832 Serenum - ok

01:33:58.0029 5832 [ c70d69a918b178d3c3b06339b40c2e1b ] Serial

C:\Windows\system32\drivers\serial.sys

01:33:58.0138 5832 Serial - ok

01:33:58.0278 5832 [ 8af3d28a879bf75db53a0ee7a4289624 ] sermouse

C:\Windows\system32\drivers\sermouse.sys

01:33:58.0387 5832 sermouse - ok

01:33:58.0512 5832 [ d2193326f729b163125610dbf3e17d57 ] SessionEnv

C:\Windows\system32\sessenv.dll

01:33:58.0559 5832 SessionEnv - ok

01:33:58.0621 5832 [ 3efa810bdca87f6ecc24f9832243fe86 ] sffdisk

C:\Windows\system32\drivers\sffdisk.sys

01:33:58.0621 5832 sffdisk - ok

01:33:58.0668 5832 [ e95d451f7ea3e583aec75f3b3ee42dc5 ] sffp_mmc

C:\Windows\system32\drivers\sffp_mmc.sys

01:33:58.0668 5832 sffp_mmc - ok

01:33:58.0762 5832 [ 3d0ea348784b7ac9ea9bd9f317980979 ] sffp_sd

C:\Windows\system32\drivers\sffp_sd.sys

01:33:58.0762 5832 sffp_sd - ok

01:33:58.0855 5832 [ 46ed8e91793b2e6f848015445a0ac188 ] sfloppy

C:\Windows\system32\drivers\sfloppy.sys

01:33:58.0855 5832 sfloppy - ok

01:33:58.0980 5832 [ e1499bd0ff76b1b2fbbf1af339d91165 ] SharedAccess

C:\Windows\System32\ipnathlp.dll

01:33:59.0011 5832 SharedAccess - ok

01:33:59.0105 5832 [ c7230fbee14437716701c15be02c27b8 ]

ShellHWDetection C:\Windows\System32\shsvcs.dll

01:33:59.0230 5832 ShellHWDetection - ok

01:33:59.0292 5832 [ 1d76624a09a054f682d746b924e2dbc3 ] sisagp

C:\Windows\system32\drivers\sisagp.sys

01:33:59.0292 5832 sisagp - ok

01:33:59.0401 5832 [ 43cb7aa756c7db280d01da9b676cfde2 ] SiSRaid2

C:\Windows\system32\drivers\sisraid2.sys

01:33:59.0417 5832 SiSRaid2 - ok

01:33:59.0511 5832 [ a99c6c8b0baa970d8aa59ddc50b57f94 ] SiSRaid4

C:\Windows\system32\drivers\sisraid4.sys

01:33:59.0557 5832 SiSRaid4 - ok

01:34:00.0010 5832 [ 862bb4cbc05d80c5b45be430e5ef872f ] slsvc

C:\Windows\system32\SLsvc.exe

01:34:00.0805 5832 slsvc - ok

01:34:00.0899 5832 [ 6edc422215cd78aa8a9cde6b30abbd35 ] SLUINotify

C:\Windows\system32\SLUINotify.dll

01:34:00.0961 5832 SLUINotify - ok

01:34:01.0055 5832 [ 7b75299a4d201d6a6533603d6914ab04 ] Smb

C:\Windows\system32\DRIVERS\smb.sys

01:34:01.0102 5832 Smb - ok

01:34:01.0180 5832 [ 2a146a055b4401c16ee62d18b8e2a032 ] SNMPTRAP

C:\Windows\System32\snmptrap.exe

01:34:01.0180 5832 SNMPTRAP - ok

01:34:01.0273 5832 [ 7aebdeef071fe28b0eef2cdd69102bff ] spldr

C:\Windows\system32\drivers\spldr.sys

01:34:01.0336 5832 spldr - ok

01:34:01.0398 5832 [ 8554097e5136c3bf9f69fe578a1b35f4 ] Spooler

C:\Windows\System32\spoolsv.exe

01:34:01.0461 5832 Spooler - ok

01:34:01.0539 5832 [ 86ebd8b1f23e743aad21f4d5b4d40985 ] SQLBrowser

c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

01:34:01.0663 5832 SQLBrowser - ok

01:34:01.0866 5832 [ d89083c4eb02daca8f944b0e05e57f9d ] SQLWriter

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

01:34:01.0929 5832 SQLWriter - ok

01:34:02.0100 5832 [ 41987f9fc0e61adf54f581e15029ad91 ] srv

C:\Windows\system32\DRIVERS\srv.sys

01:34:02.0319 5832 srv - ok

01:34:02.0443 5832 [ ff33aff99564b1aa534f58868cbe41ef ] srv2

C:\Windows\system32\DRIVERS\srv2.sys

01:34:02.0553 5832 srv2 - ok

01:34:02.0646 5832 [ 7605c0e1d01a08f3ecd743f38b834a44 ] srvnet

C:\Windows\system32\DRIVERS\srvnet.sys

01:34:02.0709 5832 srvnet - ok

01:34:02.0833 5832 [ 03d50b37234967433a5ea5ba72bc0b62 ] SSDPSRV

C:\Windows\System32\ssdpsrv.dll

01:34:02.0958 5832 SSDPSRV - ok

01:34:03.0067 5832 [ 3d2829fde1c52fc64da5413889ce4dee ] ssmdrv

C:\Windows\system32\DRIVERS\ssmdrv.sys

01:34:03.0067 5832 ssmdrv - ok

01:34:03.0239 5832 [ 6f1a32e7b7b30f004d9a20afadb14944 ] SstpSvc

C:\Windows\system32\sstpsvc.dll

01:34:03.0239 5832 SstpSvc - ok

01:34:03.0379 5832 [ 5de7d67e49b88f5f07f3e53c4b92a352 ] stisvc

C:\Windows\System32\wiaservc.dll

01:34:03.0535 5832 stisvc - ok

01:34:03.0598 5832 [ 7ba58ecf0c0a9a69d44b3dca62becf56 ] swenum

C:\Windows\system32\DRIVERS\swenum.sys

01:34:03.0613 5832 swenum - ok

01:34:03.0801 5832 [ f21fd248040681cca1fb6c9a03aaa93d ] swprv

C:\Windows\System32\swprv.dll

01:34:03.0988 5832 swprv - ok

01:34:04.0097 5832 [ 192aa3ac01df071b541094f251deed10 ] Symc8xx

C:\Windows\system32\drivers\symc8xx.sys

01:34:04.0097 5832 Symc8xx - ok

01:34:04.0175 5832 SymIM - ok

01:34:04.0237 5832 SymIMMP - ok

01:34:04.0362 5832 [ 8c8eb8c76736ebaf3b13b633b2e64125 ] Sym_hi

C:\Windows\system32\drivers\sym_hi.sys

01:34:04.0362 5832 Sym_hi - ok

01:34:04.0487 5832 [ 8072af52b5fd103bbba387a1e49f62cb ] Sym_u3

C:\Windows\system32\drivers\sym_u3.sys

01:34:04.0487 5832 Sym_u3 - ok

01:34:04.0581 5832 [ f5d926807bd9bc0af68f9376144de425 ] SynTP

C:\Windows\system32\DRIVERS\SynTP.sys

01:34:04.0659 5832 SynTP - ok

01:34:04.0861 5832 [ 9a51b04e9886aa4ee90093586b0ba88d ] SysMain

C:\Windows\system32\sysmain.dll

01:34:05.0064 5832 SysMain - ok

01:34:05.0173 5832 [ 2dca225eae15f42c0933e998ee0231c3 ]

TabletInputService C:\Windows\System32\TabSvc.dll

01:34:05.0236 5832 TabletInputService - ok

01:34:05.0345 5832 [ d7673e4b38ce21ee54c59eeeb65e2483 ] TapiSrv

C:\Windows\System32\tapisrv.dll

01:34:05.0407 5832 TapiSrv - ok

01:34:05.0501 5832 [ cb05822cd9cc6c688168e113c603dbe7 ] TBS

C:\Windows\System32\tbssvc.dll

01:34:05.0501 5832 TBS - ok

01:34:05.0751 5832 [ 16731b631f28f63cd9f4cb60940e7ddd ] Tcpip

C:\Windows\system32\drivers\tcpip.sys

01:34:06.0078 5832 Tcpip - ok

01:34:06.0250 5832 [ 16731b631f28f63cd9f4cb60940e7ddd ] Tcpip6

C:\Windows\system32\DRIVERS\tcpip.sys

01:34:06.0265 5832 Tcpip6 - ok

01:34:06.0343 5832 [ 3fc13f09af9be487c7b4fac4070a036c ] tcpipreg

C:\Windows\system32\drivers\tcpipreg.sys

01:34:06.0406 5832 tcpipreg - ok

01:34:06.0515 5832 [ 5dcf5e267be67a1ae926f2df77fbcc56 ] TDPIPE

C:\Windows\system32\drivers\tdpipe.sys

01:34:06.0515 5832 TDPIPE - ok

01:34:06.0593 5832 [ 389c63e32b3cefed425b61ed92d3f021 ] TDTCP

C:\Windows\system32\drivers\tdtcp.sys

01:34:06.0593 5832 TDTCP - ok

01:34:06.0702 5832 [ 76b06eb8a01fc8624d699e7045303e54 ] tdx

C:\Windows\system32\DRIVERS\tdx.sys

01:34:06.0749 5832 tdx - ok

01:34:07.0061 5832 [ 5624acd0b7900beabbd329443a4f4454 ] TeamViewer5

C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

01:34:07.0201 5832 TeamViewer5 - ok

01:34:07.0669 5832 [ 01a402d34732ca3da91786adcc765069 ] TeamViewer6

C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

01:34:08.0449 5832 TeamViewer6 - ok

01:34:09.0214 5832 [ de09282b3abef632917ebedc4dcdfb56 ] TeamViewer7

C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

01:34:09.0968 5832 TeamViewer7 - ok

01:34:10.0028 5832 [ 3cad38910468eab9a6479e2f01db43c7 ] TermDD

C:\Windows\system32\DRIVERS\termdd.sys

01:34:10.0028 5832 TermDD - ok

01:34:10.0168 5832 [ bb95da09bef6e7a131bff3ba5032090d ] TermService

C:\Windows\System32\termsrv.dll

01:34:10.0318 5832 TermService - ok

01:34:10.0398 5832 [ c7230fbee14437716701c15be02c27b8 ] Themes

C:\Windows\system32\shsvcs.dll

01:34:10.0508 5832 Themes - ok

01:34:10.0568 5832 [ 1076ffcffaae8385fd62dfcb25ac4708 ] THREADORDER

C:\Windows\system32\mmcss.dll

01:34:10.0578 5832 THREADORDER - ok

01:34:10.0658 5832 [ ec74e77d0eb004bd3a809b5f8fb8c2ce ] TrkWks

C:\Windows\System32\trkwks.dll

01:34:10.0658 5832 TrkWks - ok

01:34:10.0878 5832 [ 97d9d6a04e3ad9b6c626b9931db78dba ]

TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

01:34:10.0878 5832 TrustedInstaller - ok

01:34:10.0998 5832 [ dcf0f056a2e4f52287264f5ab29cf206 ] tssecsrv

C:\Windows\system32\DRIVERS\tssecsrv.sys

01:34:10.0998 5832 tssecsrv - ok

01:34:11.0118 5832 [ caecc0120ac49e3d2f758b9169872d38 ] tunmp

C:\Windows\system32\DRIVERS\tunmp.sys

01:34:11.0118 5832 tunmp - ok

01:34:11.0208 5832 [ 300db877ac094feab0be7688c3454a9c ] tunnel

C:\Windows\system32\DRIVERS\tunnel.sys

01:34:11.0358 5832 tunnel - ok

01:34:11.0478 5832 [ 7d33c4db2ce363c8518d2dfcf533941f ] uagp35

C:\Windows\system32\drivers\uagp35.sys

01:34:11.0478 5832 uagp35 - ok

01:34:11.0528 5832 [ d9728af68c4c7693cb100b8441cbdec6 ] udfs

C:\Windows\system32\DRIVERS\udfs.sys

01:34:11.0578 5832 udfs - ok

01:34:11.0648 5832 [ ecef404f62863755951e09c802c94ad5 ] UI0Detect

C:\Windows\system32\UI0Detect.exe

01:34:11.0648 5832 UI0Detect - ok

01:34:11.0718 5832 [ b0acfdc9e4af279e9116c03e014b2b27 ] uliagpkx

C:\Windows\system32\drivers\uliagpkx.sys

01:34:11.0718 5832 uliagpkx - ok

01:34:11.0808 5832 [ 9224bb254f591de4ca8d572a5f0d635c ] uliahci

C:\Windows\system32\drivers\uliahci.sys

01:34:11.0928 5832 uliahci - ok

01:34:11.0978 5832 [ 8514d0e5cd0534467c5fc61be94a569f ] UlSata

C:\Windows\system32\drivers\ulsata.sys

01:34:12.0028 5832 UlSata - ok

01:34:12.0178 5832 [ 38c3c6e62b157a6bc46594fada45c62b ] ulsata2

C:\Windows\system32\drivers\ulsata2.sys

01:34:12.0238 5832 ulsata2 - ok

01:34:12.0308 5832 [ 32cff9f809ae9aed85464492bf3e32d2 ] umbus

C:\Windows\system32\DRIVERS\umbus.sys

01:34:12.0318 5832 umbus - ok

01:34:12.0408 5832 [ 68308183f4ae0be7bf8ecd07cb297999 ] upnphost

C:\Windows\System32\upnphost.dll

01:34:12.0508 5832 upnphost - ok

01:34:12.0628 5832 [ caf811ae4c147ffcd5b51750c7f09142 ] usbccgp

C:\Windows\system32\DRIVERS\usbccgp.sys

01:34:12.0698 5832 usbccgp - ok

01:34:12.0758 5832 [ e9476e6c486e76bc4898074768fb7131 ] usbcir

C:\Windows\system32\drivers\usbcir.sys

01:34:12.0818 5832 usbcir - ok

01:34:12.0918 5832 [ 79e96c23a97ce7b8f14d310da2db0c9b ] usbehci

C:\Windows\system32\DRIVERS\usbehci.sys

01:34:12.0918 5832 usbehci - ok

01:34:13.0008 5832 [ 4673bbcb006af60e7abddbe7a130ba42 ] usbhub

C:\Windows\system32\DRIVERS\usbhub.sys

01:34:13.0118 5832 usbhub - ok

01:34:13.0228 5832 [ ce697fee0d479290d89bec80dfe793b7 ] usbohci

C:\Windows\system32\DRIVERS\usbohci.sys

01:34:13.0238 5832 usbohci - ok

01:34:13.0338 5832 [ e75c4b5269091d15a2e7dc0b6d35f2f5 ] usbprint

C:\Windows\system32\DRIVERS\usbprint.sys

01:34:13.0338 5832 usbprint - ok

01:34:13.0538 5832 [ a508c9bd8724980512136b039bba65e9 ] usbscan

C:\Windows\system32\DRIVERS\usbscan.sys

01:34:13.0538 5832 usbscan - ok

01:34:13.0698 5832 [ be3da31c191bc222d9ad503c5224f2ad ] USBSTOR

C:\Windows\system32\DRIVERS\USBSTOR.SYS

01:34:13.0708 5832 USBSTOR - ok

01:34:13.0818 5832 [ 814d653efc4d48be3b04a307eceff56f ] usbuhci

C:\Windows\system32\DRIVERS\usbuhci.sys

01:34:13.0818 5832 usbuhci - ok

01:34:13.0978 5832 [ e67998e8f14cb0627a769f6530bcb352 ] usbvideo

C:\Windows\system32\Drivers\usbvideo.sys

01:34:14.0128 5832 usbvideo - ok

01:34:14.0208 5832 [ 1509e705f3ac1d474c92454a5c2dd81f ] UxSms

C:\Windows\System32\uxsms.dll

01:34:14.0208 5832 UxSms - ok

01:34:14.0408 5832 [ cd88d1b7776dc17a119049742ec07eb4 ] vds

C:\Windows\System32\vds.exe

01:34:14.0588 5832 vds - ok

01:34:14.0728 5832 [ 87b06e1f30b749a114f74622d013f8d4 ] vga

C:\Windows\system32\DRIVERS\vgapnp.sys

01:34:14.0818 5832 vga - ok

01:34:14.0878 5832 [ 2e93ac0a1d8c79d019db6c51f036636c ] VgaSave

C:\Windows\System32\drivers\vga.sys

01:34:14.0878 5832 VgaSave - ok

01:34:14.0958 5832 [ 5d7159def58a800d5781ba3a879627bc ] viaagp

C:\Windows\system32\drivers\viaagp.sys

01:34:15.0068 5832 viaagp - ok

01:34:15.0128 5832 [ c4f3a691b5bad343e6249bd8c2d45dee ] ViaC7

C:\Windows\system32\drivers\viac7.sys

01:34:15.0138 5832 ViaC7 - ok

01:34:15.0218 5832 [ aadf5587a4063f52c2c3fed7887426fc ] viaide

C:\Windows\system32\drivers\viaide.sys

01:34:15.0218 5832 viaide - ok

01:34:15.0338 5832 [ 69503668ac66c77c6cd7af86fbdf8c43 ] volmgr

C:\Windows\system32\drivers\volmgr.sys

01:34:15.0348 5832 volmgr - ok

01:34:15.0538 5832 [ 23e41b834759917bfd6b9a0d625d0c28 ] volmgrx

C:\Windows\system32\drivers\volmgrx.sys

01:34:15.0668 5832 volmgrx - ok

01:34:15.0798 5832 [ 147281c01fcb1df9252de2a10d5e7093 ] volsnap

C:\Windows\system32\drivers\volsnap.sys

01:34:15.0928 5832 volsnap - ok

01:34:16.0008 5832 [ 587253e09325e6bf226b299774b728a9 ] vsmraid

C:\Windows\system32\drivers\vsmraid.sys

01:34:16.0098 5832 vsmraid - ok

01:34:16.0468 5832 [ db3d19f850c6eb32bdcb9bc0836acddb ] VSS

C:\Windows\system32\vssvc.exe

01:34:16.0778 5832 VSS - ok

01:34:16.0968 5832 [ 96ea68b9eb310a69c25ebb0282b2b9de ] W32Time

C:\Windows\system32\w32time.dll

01:34:17.0098 5832 W32Time - ok

01:34:17.0178 5832 [ 48dfee8f1af7c8235d4e626f0c4fe031 ] WacomPen

C:\Windows\system32\drivers\wacompen.sys

01:34:17.0238 5832 WacomPen - ok

01:34:17.0298 5832 [ 55201897378cca7af8b5efd874374a26 ] Wanarp

C:\Windows\system32\DRIVERS\wanarp.sys

01:34:17.0298 5832 Wanarp - ok

01:34:17.0358 5832 [ 55201897378cca7af8b5efd874374a26 ] Wanarpv6

C:\Windows\system32\DRIVERS\wanarp.sys

01:34:17.0368 5832 Wanarpv6 - ok

01:34:17.0548 5832 [ a3cd60fd826381b49f03832590e069af ] wcncsvc

C:\Windows\System32\wcncsvc.dll

01:34:17.0678 5832 wcncsvc - ok

01:34:17.0808 5832 [ 11bcb7afcdd7aadacb5746f544d3a9c7 ]

WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

01:34:17.0858 5832 WcsPlugInService - ok

01:34:17.0958 5832 [ 78fe9542363f297b18c027b2d7e7c07f ] Wd

C:\Windows\system32\drivers\wd.sys

01:34:18.0108 5832 Wd - ok

01:34:18.0268 5832 [ b6f0a7ad6d4bd325fbcd8bac96cd8d96 ] Wdf01000

C:\Windows\system32\drivers\Wdf01000.sys

01:34:18.0548 5832 Wdf01000 - ok

01:34:18.0608 5832 [ abfc76b48bb6c96e3338d8943c5d93b5 ] WdiServiceHost

C:\Windows\system32\wdi.dll

01:34:18.0678 5832 WdiServiceHost - ok

01:34:18.0738 5832 [ abfc76b48bb6c96e3338d8943c5d93b5 ] WdiSystemHost

C:\Windows\system32\wdi.dll

01:34:18.0748 5832 WdiSystemHost - ok

01:34:18.0868 5832 [ 04c37d8107320312fbae09926103d5e2 ] WebClient

C:\Windows\System32\webclnt.dll

01:34:18.0998 5832 WebClient - ok

01:34:19.0068 5832 [ ae3736e7e8892241c23e4ebbb7453b60 ] Wecsvc

C:\Windows\system32\wecsvc.dll

01:34:19.0138 5832 Wecsvc - ok

01:34:19.0268 5832 [ 670ff720071ed741206d69bd995ea453 ] wercplsupport

C:\Windows\System32\wercplsupport.dll

01:34:19.0438 5832 wercplsupport - ok

01:34:19.0478 5832 [ 32b88481d3b326da6deb07b1d03481e7 ] WerSvc

C:\Windows\System32\WerSvc.dll

01:34:19.0498 5832 WerSvc - ok

01:34:19.0708 5832 [ 0acd399f5db3df1b58903cf4949ab5a8 ] winachsf

C:\Windows\system32\DRIVERS\HSX_CNXT.sys

01:34:19.0968 5832 winachsf - ok

01:34:20.0158 5832 [ 4575aa12561c5648483403541d0d7f2b ] WinDefend

C:\Program Files\Windows Defender\mpsvc.dll

01:34:20.0288 5832 WinDefend - ok

01:34:20.0308 5832 WinHttpAutoProxySvc - ok

01:34:20.0608 5832 [ 6b2a1d0e80110e3d04e6863c6e62fd8a ] Winmgmt

C:\Windows\system32\wbem\WMIsvc.dll

01:34:20.0678 5832 Winmgmt - ok

01:34:20.0918 5832 [ 7cfe68bdc065e55aa5e8421607037511 ] WinRM

C:\Windows\system32\WsmSvc.dll

01:34:21.0268 5832 WinRM - ok

01:34:21.0418 5832 [ c008405e4feeb069e30da1d823910234 ] Wlansvc

C:\Windows\System32\wlansvc.dll

01:34:21.0598 5832 Wlansvc - ok

01:34:21.0708 5832 [ 2e7255d172df0b8283cdfb7b433b864e ] WmiAcpi

C:\Windows\system32\DRIVERS\wmiacpi.sys

01:34:21.0708 5832 WmiAcpi - ok

01:34:21.0778 5832 [ 43be3875207dcb62a85c8c49970b66cc ] wmiApSrv

C:\Windows\system32\wbem\WmiApSrv.exe

01:34:21.0848 5832 wmiApSrv - ok

01:34:22.0168 5832 [ 3978704576a121a9204f8cc49a301a9b ] WMPNetworkSvc

C:\Program Files\Windows Media Player\wmpnetwk.exe

01:34:22.0478 5832 WMPNetworkSvc - ok

01:34:22.0558 5832 [ cfc5a04558f5070cee3e3a7809f3ff52 ] WPCSvc

C:\Windows\System32\wpcsvc.dll

01:34:22.0598 5832 WPCSvc - ok

01:34:22.0678 5832 [ 801fbdb89d472b3c467eb112a0fc9246 ] WPDBusEnum

C:\Windows\system32\wpdbusenum.dll

01:34:22.0818 5832 WPDBusEnum - ok

01:34:23.0308 5832 [ dcf3e3edf5109ee8bc02fe6e1f045795 ]

WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319

\WPF\WPFFontCache_v0400.exe

01:34:23.0494 5832 WPFFontCache_v0400 - ok

01:34:23.0541 5832 [ e3a3cb253c0ec2494d4a61f5e43a389c ] ws2ifsl

C:\Windows\system32\drivers\ws2ifsl.sys

01:34:23.0557 5832 ws2ifsl - ok

01:34:23.0666 5832 [ 1ca6c40261ddc0425987980d0cd2aaab ] wscsvc

C:\Windows\system32\wscsvc.dll

01:34:23.0681 5832 wscsvc - ok

01:34:23.0681 5832 WSearch - ok

01:34:24.0089 5832 [ 6298277b73c77fa99106b271a7525163 ] wuauserv

C:\Windows\system32\wuaueng.dll

01:34:24.0659 5832 wuauserv - ok

01:34:24.0719 5832 [ ac13cb789d93412106b0fb6c7eb2bcb6 ] WUDFRd

C:\Windows\system32\DRIVERS\WUDFRd.sys

01:34:24.0719 5832 WUDFRd - ok

01:34:24.0809 5832 [ 575a4190d989f64732119e4114045a4f ] wudfsvc

C:\Windows\System32\WUDFSvc.dll

01:34:24.0819 5832 wudfsvc - ok

01:34:24.0909 5832 [ dab33cfa9dd24251aaa389ff36b64d4b ] XAudio

C:\Windows\system32\DRIVERS\xaudio.sys

01:34:24.0919 5832 XAudio - ok

01:34:25.0059 5832 [ cd5f291a1161f15896d1a4d63daff5df ] XAudioService

C:\Windows\system32\DRIVERS\xaudio.exe

01:34:25.0219 5832 XAudioService - ok

01:34:25.0429 5832 ================ Scan global

===============================

01:34:25.0499 5832 (f31eebc1a1c81fd04005489cc3dcdfe7)

C:\Windows\system32\basesrv.dll

01:34:25.0649 5832 (d2293b069e4b63dc17b2f08d45e71124)

C:\Windows\system32\winsrv.dll

01:34:25.0919 5832 (d2293b069e4b63dc17b2f08d45e71124)

C:\Windows\system32\winsrv.dll

01:34:25.0999 5832 (d4e6d91c1349b7bfb3599a6ada56851b)

C:\Windows\system32\services.exe

01:34:26.0119 5832 [Global] - ok

01:34:26.0129 5832 ================ Scan MBR

==================================

01:34:26.0189 5832 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3)

\Device\Harddisk0\DR0

01:34:31.0502 5832 \Device\Harddisk0\DR0 - ok

01:34:31.0502 5832 ================ Scan VBR

==================================

01:34:31.0533 5832 Boot (0x1200) (203649e746198176217358cb0be9f1ae)

\Device\Harddisk0\DR0\Partition1

01:34:31.0533 5832 \Device\Harddisk0\DR0\Partition1 - ok

01:34:31.0564 5832 Boot (0x1200) (f10ef0571b6be9f8f927e610e89a6150)

\Device\Harddisk0\DR0\Partition2

01:34:31.0580 5832 \Device\Harddisk0\DR0\Partition2 - ok

01:34:31.0580 5832

============================================================

01:34:31.0580 5832 Scan finished

01:34:31.0580 5832

============================================================

01:34:31.0595 5616 Detected object count: 0

01:34:31.0595 5616 Actual detected object count: 0

Share this post


Link to post
Share on other sites

Hi, I have to wait until Monday to run the ComboFix . . . The one I downloaded is still on my desktop - that's okay to use, right? It's from July 2012. I never uninstalled it. If that's not okay, please tell me before Monday.

Thanx! :)

Share this post


Link to post
Share on other sites

ComboFix 12-08-22.03 - Carol 08/23/2012 18:42:09.2.2 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3262.2102 [GMT -4:00]

Running from: c:\users\Carol\Documents\Louise\ComboFix.exe

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-07-23 to 2012-08-23 )))))))))))))))))))))))))))))))

.

.

2012-08-23 23:06 . 2012-08-23 23:06 -------- d-----w- c:\users\Williaim\AppData\Local\temp

2012-08-23 23:06 . 2012-08-23 23:06 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-08-23 23:06 . 2012-08-23 23:06 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-03 19:48 . 2012-08-03 19:48 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-03 19:44 . 2012-08-03 19:44 -------- d-----w- c:\program files\Common Files\Java

2012-08-03 18:31 . 2012-08-03 18:31 -------- d-----w- c:\program files\Oracle

2012-08-03 02:52 . 2012-08-03 02:52 -------- d-----w- c:\program files\Common Files\Adobe

2012-07-27 21:47 . 2012-07-27 21:47 -------- d-----w- c:\program files\ESET

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-03 19:48 . 2011-05-19 01:01 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-06 05:08 . 2012-07-06 05:07 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8667A28-FDD6-4741-8BF1-8143C62EA1F2}\offreg.dll

2012-07-06 02:06 . 2012-05-04 00:35 772544 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-07-06 02:06 . 2010-04-29 14:25 687544 ----a-w- c:\windows\system32\deployJava1.dll

2012-07-03 17:46 . 2012-06-19 15:51 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-18 07:14 . 2012-07-02 02:42 6762896 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8667A28-FDD6-4741-8BF1-8143C62EA1F2}\mpengine.dll

2012-08-03 19:48 . 2012-06-07 19:40 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TClockEx"="c:\program files\TClockEx\TCLOCKEX.EXE" [2000-03-09 89088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-09 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-09 8497696]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-09 81920]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 202032]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]

"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk&inst=NzctNzgyNDkzMzAzLVhPMTArMi1RSVgxKzQtRjEwTTEwRCsxLVgyMDEwKzItRkwxMCsxLUNJUCsyLUREVCs1MDYyNi1ERDEwRisxLVNUMTBGQVBQKzEtTDEwTSsxLUYxME0xMkFOKzIyLUYxME0xMkErMS1GMTBNMTJBQisxLVUxMCsxLVNUMTJGT0krMS1GMTBNMTJBVSsxLUVVTEErMS1TVDEyRkFQUCsxLVNURjEwTTEyQVVGKzE∏=90&ver=2012.0.1831&mid=2f5e155032c547d6a51ed1572eb0a5f4-67a770033ab46c38be4f16cb6e0539da3b11bf91" [?]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2011-12-16 117344]

WinTV Recording Status..lnk - c:\program files\WinTV\WinTV7\WinTVTray.exe [2011-12-16 82944]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3482760682-2379212304-40738887-1000Core.job

- c:\users\Carol\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-04 23:51]

.

2012-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3482760682-2379212304-40738887-1000UA.job

- c:\users\Carol\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-04 23:51]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\n1e4bns6.default\

FF - prefs.js: browser.search.selectedEngine - Blekko

FF - prefs.js: browser.startup.homepage - about:blank

FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=E2D73851095728C817E9D84FDFD98339&q=

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-Wdf01000.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-23 19:06

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2012-08-23 19:18:39

ComboFix-quarantined-files.txt 2012-08-23 23:18

ComboFix2.txt 2012-07-20 07:30

.

Pre-Run: 35,623,518,208 bytes free

Post-Run: 35,597,762,560 bytes free

.

- - End Of File - - 81310E59975BACE6D9F1F05FFD5CD9B1

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.