Jump to content

Svchost.eve torjan

xbigrig

By xbigrig
in Resolved Malware Removal Logs

 Share

Recommended Posts

MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites
xbigrig

xbigrig

Posted
  • Author
Posted

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Bigrig [Admin rights]

Mode: Scan -- Date: 08/14/2012 21:35:52

¤¤¤ Bad processes: 1 ¤¤¤

[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 2 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

76.251.212.12 Why_you_lookin_at_my_ip

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST31000524AS +++++

--- User ---

[MBR] 1911ffb04d86a5e9bf39ab881c9b7933

[bSP] fc588b43e35d1df802c1161d4da6a393 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 17662 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 36253696 | Size: 936166 Mo

User != LL1 ... KO!

--- LL1 ---

[MBR] 805ff4d7ce1cfa90b15d7566b79d9fa2

[bSP] fc588b43e35d1df802c1161d4da6a393 : Windows Vista MBR Code

Partition table:

1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 17662 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 36253696 | Size: 936166 Mo

User != LL2 ... KO!

--- LL2 ---

[MBR] 805ff4d7ce1cfa90b15d7566b79d9fa2

[bSP] fc588b43e35d1df802c1161d4da6a393 : Windows Vista MBR Code

Partition table:

1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 17662 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 36253696 | Size: 936166 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites
xbigrig

xbigrig

Posted
  • Author
Posted

I forgot to disable Trend Micro when I clicked continue for it to cure and it blocked 2 files hopefully that didn't screw anything up but I disabled it right after.

21:40:14.0837 5532 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05

21:40:15.0261 5532 ============================================================

21:40:15.0261 5532 Current date / time: 2012/08/14 21:40:15.0261

21:40:15.0261 5532 SystemInfo:

21:40:15.0261 5532

21:40:15.0261 5532 OS Version: 6.1.7601 ServicePack: 1.0

21:40:15.0261 5532 Product type: Workstation

21:40:15.0261 5532 ComputerName: BIGRIG-PC

21:40:15.0261 5532 UserName: Bigrig

21:40:15.0261 5532 Windows directory: C:\Windows

21:40:15.0261 5532 System windows directory: C:\Windows

21:40:15.0261 5532 Running under WOW64

21:40:15.0261 5532 Processor architecture: Intel x64

21:40:15.0261 5532 Number of processors: 4

21:40:15.0261 5532 Page size: 0x1000

21:40:15.0261 5532 Boot type: Normal boot

21:40:15.0261 5532 ============================================================

21:40:16.0107 5532 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

21:40:16.0121 5532 ============================================================

21:40:16.0121 5532 \Device\Harddisk0\DR0:

21:40:16.0122 5532 MBR partitions:

21:40:16.0122 5532 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x227F000

21:40:16.0122 5532 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2293000, BlocksNum 0x72473000

21:40:16.0122 5532 ============================================================

21:40:16.0193 5532 C: <-> \Device\Harddisk0\DR0\Partition2

21:40:16.0193 5532 ============================================================

21:40:16.0193 5532 Initialize success

21:40:16.0193 5532 ============================================================

21:41:52.0613 7548 ============================================================

21:41:52.0613 7548 Scan started

21:41:52.0613 7548 Mode: Manual; SigCheck; TDLFS;

21:41:52.0613 7548 ============================================================

21:41:52.0784 7548 ================ Scan services =============================

21:41:52.0899 7548 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

21:41:52.0975 7548 1394ohci - ok

21:41:53.0011 7548 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

21:41:53.0024 7548 ACPI - ok

21:41:53.0028 7548 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

21:41:53.0074 7548 AcpiPmi - ok

21:41:53.0139 7548 [ f19c98ad81d2c0e1bbfd8153d2c80ee8 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

21:41:53.0151 7548 AdobeFlashPlayerUpdateSvc - ok

21:41:53.0177 7548 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

21:41:53.0191 7548 adp94xx - ok

21:41:53.0209 7548 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

21:41:53.0221 7548 adpahci - ok

21:41:53.0226 7548 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

21:41:53.0236 7548 adpu320 - ok

21:41:53.0250 7548 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

21:41:53.0323 7548 AeLookupSvc - ok

21:41:53.0371 7548 [ 0d0e5281784c2c526ba43c2ecd374288 ] Afc C:\Windows\syswow64\drivers\Afc.sys

21:41:53.0385 7548 Afc - ok

21:41:53.0415 7548 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys

21:41:53.0441 7548 AFD - ok

21:41:53.0452 7548 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

21:41:53.0462 7548 agp440 - ok

21:41:53.0475 7548 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe

21:41:53.0504 7548 ALG - ok

21:41:53.0506 7548 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys

21:41:53.0515 7548 aliide - ok

21:41:53.0521 7548 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys

21:41:53.0529 7548 amdide - ok

21:41:53.0532 7548 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

21:41:53.0543 7548 AmdK8 - ok

21:41:53.0550 7548 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

21:41:53.0579 7548 AmdPPM - ok

21:41:53.0613 7548 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

21:41:53.0623 7548 amdsata - ok

21:41:53.0647 7548 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

21:41:53.0657 7548 amdsbs - ok

21:41:53.0676 7548 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

21:41:53.0685 7548 amdxata - ok

21:41:53.0754 7548 [ 1b7d1f0a0dfadbc797c16364792a7aa5 ] Amsp C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

21:41:53.0765 7548 Amsp - ok

21:41:53.0784 7548 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys

21:41:53.0822 7548 AppID - ok

21:41:53.0837 7548 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

21:41:53.0865 7548 AppIDSvc - ok

21:41:53.0900 7548 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll

21:41:53.0937 7548 Appinfo - ok

21:41:53.0988 7548 [ 7ef47644b74ebe721cc32211d3c35e76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

21:41:53.0996 7548 Apple Mobile Device - ok

21:41:54.0016 7548 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\drivers\arc.sys

21:41:54.0026 7548 arc - ok

21:41:54.0035 7548 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\drivers\arcsas.sys

21:41:54.0045 7548 arcsas - ok

21:41:54.0122 7548 [ 9217d874131ae6ff8f642f124f00a555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

21:41:54.0130 7548 aspnet_state - ok

21:41:54.0160 7548 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

21:41:54.0203 7548 AsyncMac - ok

21:41:54.0241 7548 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys

21:41:54.0249 7548 atapi - ok

21:41:54.0272 7548 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

21:41:54.0306 7548 AudioEndpointBuilder - ok

21:41:54.0313 7548 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

21:41:54.0345 7548 AudioSrv - ok

21:41:54.0375 7548 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll

21:41:54.0406 7548 AxInstSV - ok

21:41:54.0437 7548 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

21:41:54.0477 7548 b06bdrv - ok

21:41:54.0488 7548 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

21:41:54.0510 7548 b57nd60a - ok

21:41:54.0583 7548 [ 8b5d16d20774fc3727f44e161be2c0ac ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys

21:41:54.0625 7548 BCM43XX - ok

21:41:54.0629 7548 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll

21:41:54.0663 7548 BDESVC - ok

21:41:54.0679 7548 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

21:41:54.0716 7548 Beep - ok

21:41:54.0755 7548 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\Windows\System32\bfe.dll

21:41:54.0803 7548 BFE - ok

21:41:54.0825 7548 [ 1ea7969e3271cbc59e1730697dc74682 ] BITS C:\Windows\System32\qmgr.dll

21:41:54.0874 7548 BITS - ok

21:41:54.0890 7548 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

21:41:54.0901 7548 blbdrive - ok

21:41:54.0946 7548 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

21:41:54.0966 7548 Bonjour Service - ok

21:41:55.0012 7548 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

21:41:55.0061 7548 bowser - ok

21:41:55.0146 7548 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

21:41:55.0172 7548 BrFiltLo - ok

21:41:55.0174 7548 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

21:41:55.0219 7548 BrFiltUp - ok

21:41:55.0299 7548 [ 5c2f352a4e961d72518261257aae204b ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

21:41:55.0328 7548 BridgeMP - ok

21:41:55.0355 7548 [ 8ef0d5c41ec907751b8429162b1239ed ] Browser C:\Windows\System32\browser.dll

21:41:55.0475 7548 Browser - ok

21:41:55.0490 7548 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys

21:41:55.0515 7548 Brserid - ok

21:41:55.0518 7548 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

21:41:55.0540 7548 BrSerWdm - ok

21:41:55.0546 7548 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

21:41:55.0559 7548 BrUsbMdm - ok

21:41:55.0562 7548 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

21:41:55.0573 7548 BrUsbSer - ok

21:41:55.0588 7548 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

21:41:55.0612 7548 BTHMODEM - ok

21:41:55.0658 7548 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll

21:41:55.0695 7548 bthserv - ok

21:41:55.0713 7548 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

21:41:55.0741 7548 cdfs - ok

21:41:55.0762 7548 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

21:41:55.0785 7548 cdrom - ok

21:41:55.0805 7548 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll

21:41:55.0833 7548 CertPropSvc - ok

21:41:55.0883 7548 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\drivers\circlass.sys

21:41:55.0903 7548 circlass - ok

21:41:55.0919 7548 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys

21:41:55.0933 7548 CLFS - ok

21:41:55.0978 7548 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

21:41:55.0986 7548 clr_optimization_v2.0.50727_32 - ok

21:41:56.0017 7548 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

21:41:56.0025 7548 clr_optimization_v2.0.50727_64 - ok

21:41:56.0089 7548 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

21:41:56.0098 7548 clr_optimization_v4.0.30319_32 - ok

21:41:56.0116 7548 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

21:41:56.0124 7548 clr_optimization_v4.0.30319_64 - ok

21:41:56.0127 7548 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys

21:41:56.0151 7548 CmBatt - ok

21:41:56.0153 7548 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys

21:41:56.0162 7548 cmdide - ok

21:41:56.0201 7548 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys

21:41:56.0218 7548 CNG - ok

21:41:56.0225 7548 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

21:41:56.0234 7548 Compbatt - ok

21:41:56.0253 7548 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

21:41:56.0266 7548 CompositeBus - ok

21:41:56.0268 7548 COMSysApp - ok

21:41:56.0296 7548 [ 75dbd5db9892d7451d0429bec1aabe1a ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys

21:41:56.0304 7548 cpuz135 - ok

21:41:56.0307 7548 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

21:41:56.0315 7548 crcdisk - ok

21:41:56.0354 7548 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll

21:41:56.0404 7548 CryptSvc - ok

21:41:56.0471 7548 [ 72794d112cbaff3bc0c29bf7350d4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

21:41:56.0497 7548 cvhsvc - ok

21:41:56.0540 7548 [ b1c55a95006d621d04fe4a23f86c0a54 ] DCamUSBEMPIA C:\Windows\system32\DRIVERS\emDevice64.sys

21:41:56.0581 7548 DCamUSBEMPIA - ok

21:41:56.0610 7548 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll

21:41:56.0667 7548 DcomLaunch - ok

21:41:56.0690 7548 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll

21:41:56.0731 7548 defragsvc - ok

21:41:56.0757 7548 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

21:41:56.0792 7548 DfsC - ok

21:41:56.0829 7548 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll

21:41:56.0875 7548 Dhcp - ok

21:41:56.0907 7548 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys

21:41:56.0957 7548 discache - ok

21:41:56.0965 7548 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\drivers\disk.sys

21:41:56.0974 7548 Disk - ok

21:41:57.0009 7548 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

21:41:57.0057 7548 Dnscache - ok

21:41:57.0066 7548 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll

21:41:57.0096 7548 dot3svc - ok

21:41:57.0106 7548 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll

21:41:57.0145 7548 DPS - ok

21:41:57.0173 7548 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

21:41:57.0196 7548 drmkaud - ok

21:41:57.0237 7548 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

21:41:57.0262 7548 DXGKrnl - ok

21:41:57.0302 7548 [ 2de3e24ee3409ce33f49b2d7b6603360 ] Dyyno Launcher C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe

21:41:57.0313 7548 Dyyno Launcher - ok

21:41:57.0325 7548 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll

21:41:57.0354 7548 EapHost - ok

21:41:57.0409 7548 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\drivers\evbda.sys

21:41:57.0454 7548 ebdrv - ok

21:41:57.0480 7548 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe

21:41:57.0490 7548 EFS - ok

21:41:57.0541 7548 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

21:41:57.0589 7548 ehRecvr - ok

21:41:57.0607 7548 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe

21:41:57.0634 7548 ehSched - ok

21:41:57.0674 7548 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

21:41:57.0700 7548 elxstor - ok

21:41:57.0749 7548 [ 8543bb84cd5872cd1619183f5cbbe3f9 ] emAudio C:\Windows\system32\drivers\emAudio64.sys

21:41:57.0792 7548 emAudio - ok

21:41:57.0796 7548 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys

21:41:57.0835 7548 ErrDev - ok

21:41:57.0861 7548 [ 7db2445bee09a367c70149f2b2889117 ] EuMusDesignVirtualAudioCableWdm C:\Windows\system32\DRIVERS\vrtaucbl.sys

21:41:57.0869 7548 EuMusDesignVirtualAudioCableWdm - ok

21:41:57.0897 7548 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll

21:41:57.0928 7548 EventSystem - ok

21:41:57.0933 7548 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys

21:41:57.0961 7548 exfat - ok

21:41:57.0980 7548 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys

21:41:58.0024 7548 fastfat - ok

21:41:58.0051 7548 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe

21:41:58.0101 7548 Fax - ok

21:41:58.0106 7548 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\drivers\fdc.sys

21:41:58.0152 7548 fdc - ok

21:41:58.0176 7548 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll

21:41:58.0219 7548 fdPHost - ok

21:41:58.0227 7548 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

21:41:58.0268 7548 FDResPub - ok

21:41:58.0287 7548 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

21:41:58.0296 7548 FileInfo - ok

21:41:58.0308 7548 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

21:41:58.0349 7548 Filetrace - ok

21:41:58.0384 7548 [ 73fbb50c4d92adc30a9d57a269489a0b ] FiltUSBEMPIA C:\Windows\system32\DRIVERS\emFilter64.sys

21:41:58.0408 7548 FiltUSBEMPIA - ok

21:41:58.0464 7548 [ 8669be94f63944e4f899c3950b520241 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

21:41:58.0489 7548 FLEXnet Licensing Service - ok

21:41:58.0493 7548 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

21:41:58.0503 7548 flpydisk - ok

21:41:58.0519 7548 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

21:41:58.0530 7548 FltMgr - ok

21:41:58.0562 7548 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll

21:41:58.0623 7548 FontCache - ok

21:41:58.0663 7548 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

21:41:58.0675 7548 FontCache3.0.0.0 - ok

21:41:58.0690 7548 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

21:41:58.0702 7548 FsDepends - ok

21:41:58.0720 7548 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

21:41:58.0730 7548 Fs_Rec - ok

21:41:58.0750 7548 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

21:41:58.0765 7548 fvevol - ok

21:41:58.0788 7548 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

21:41:58.0799 7548 gagp30kx - ok

21:41:58.0827 7548 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

21:41:58.0833 7548 GEARAspiWDM - ok

21:41:58.0863 7548 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll

21:41:58.0912 7548 gpsvc - ok

21:41:58.0932 7548 [ 1e6438d4ea6e1174a3b3b1edc4de660b ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys

21:41:58.0944 7548 hamachi - ok

21:41:59.0034 7548 [ 21d24138b736983f6e23823e092e9428 ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

21:41:59.0075 7548 Hamachi2Svc - ok

21:41:59.0115 7548 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

21:41:59.0148 7548 hcw85cir - ok

21:41:59.0187 7548 [ 06b60a20c7843da78f28cd77a58548c9 ] hcwhdpvr C:\Windows\system32\DRIVERS\hcwhdpvr.sys

21:41:59.0201 7548 hcwhdpvr - ok

21:41:59.0222 7548 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

21:41:59.0256 7548 HDAudBus - ok

21:41:59.0260 7548 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

21:41:59.0284 7548 HidBatt - ok

21:41:59.0287 7548 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

21:41:59.0315 7548 HidBth - ok

21:41:59.0319 7548 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

21:41:59.0336 7548 HidIr - ok

21:41:59.0362 7548 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\System32\hidserv.dll

21:41:59.0418 7548 hidserv - ok

21:41:59.0455 7548 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

21:41:59.0465 7548 HidUsb - ok

21:41:59.0478 7548 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll

21:41:59.0521 7548 hkmsvc - ok

21:41:59.0543 7548 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll

21:41:59.0569 7548 HomeGroupListener - ok

21:41:59.0588 7548 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

21:41:59.0612 7548 HomeGroupProvider - ok

21:41:59.0632 7548 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

21:41:59.0641 7548 HpSAMD - ok

21:41:59.0658 7548 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

21:41:59.0698 7548 HTTP - ok

21:41:59.0714 7548 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

21:41:59.0722 7548 hwpolicy - ok

21:41:59.0740 7548 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

21:41:59.0751 7548 i8042prt - ok

21:41:59.0772 7548 [ f7ce9be72edac499b713eca6dae5d26f ] iaStor C:\Windows\system32\drivers\iaStor.sys

21:41:59.0783 7548 iaStor - ok

21:41:59.0809 7548 [ b25f192ea1f84a316eb7c19efcccf33d ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

21:41:59.0816 7548 IAStorDataMgrSvc - ok

21:41:59.0843 7548 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

21:41:59.0855 7548 iaStorV - ok

21:41:59.0900 7548 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

21:41:59.0926 7548 idsvc - ok

21:41:59.0929 7548 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

21:41:59.0938 7548 iirsp - ok

21:41:59.0990 7548 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll

21:42:00.0045 7548 IKEEXT - ok

21:42:00.0066 7548 [ dd587a55390ed2295bce6d36ad567da9 ] Impcd C:\Windows\system32\drivers\Impcd.sys

21:42:00.0102 7548 Impcd - ok

21:42:00.0145 7548 [ 235362d403d9d677514649d88db31914 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

21:42:00.0178 7548 IntcAzAudAddService - ok

21:42:00.0197 7548 [ fc727061c0f47c8059e88e05d5c8e381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys

21:42:00.0213 7548 IntcDAud - ok

21:42:00.0232 7548 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys

21:42:00.0241 7548 intelide - ok

21:42:00.0254 7548 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

21:42:00.0276 7548 intelppm - ok

21:42:00.0299 7548 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll

21:42:00.0341 7548 IPBusEnum - ok

21:42:00.0357 7548 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

21:42:00.0383 7548 IpFilterDriver - ok

21:42:00.0409 7548 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

21:42:00.0469 7548 iphlpsvc - ok

21:42:00.0473 7548 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

21:42:00.0488 7548 IPMIDRV - ok

21:42:00.0491 7548 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

21:42:00.0519 7548 IPNAT - ok

21:42:00.0574 7548 [ 50d6ccc6ff5561f9f56946b3e6164fb8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

21:42:00.0599 7548 iPod Service - ok

21:42:00.0622 7548 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

21:42:00.0636 7548 IRENUM - ok

21:42:00.0639 7548 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

21:42:00.0648 7548 isapnp - ok

21:42:00.0665 7548 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

21:42:00.0676 7548 iScsiPrt - ok

21:42:00.0701 7548 [ 12e27942dbb7c91880163634b0d8a776 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys

21:42:00.0713 7548 k57nd60a - ok

21:42:00.0725 7548 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

21:42:00.0734 7548 kbdclass - ok

21:42:00.0744 7548 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

21:42:00.0771 7548 kbdhid - ok

21:42:00.0794 7548 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe

21:42:00.0804 7548 KeyIso - ok

21:42:00.0835 7548 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

21:42:00.0845 7548 KSecDD - ok

21:42:00.0876 7548 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

21:42:00.0889 7548 KSecPkg - ok

21:42:00.0901 7548 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

21:42:00.0949 7548 ksthunk - ok

21:42:00.0996 7548 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll

21:42:01.0038 7548 KtmRm - ok

21:42:01.0064 7548 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\System32\srvsvc.dll

21:42:01.0094 7548 LanmanServer - ok

21:42:01.0114 7548 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

21:42:01.0157 7548 LanmanWorkstation - ok

21:42:01.0180 7548 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

21:42:01.0223 7548 lltdio - ok

21:42:01.0252 7548 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll

21:42:01.0283 7548 lltdsvc - ok

21:42:01.0305 7548 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll

21:42:01.0333 7548 lmhosts - ok

21:42:01.0354 7548 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

21:42:01.0363 7548 LSI_FC - ok

21:42:01.0366 7548 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

21:42:01.0375 7548 LSI_SAS - ok

21:42:01.0378 7548 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

21:42:01.0387 7548 LSI_SAS2 - ok

21:42:01.0390 7548 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

21:42:01.0400 7548 LSI_SCSI - ok

21:42:01.0415 7548 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys

21:42:01.0451 7548 luafv - ok

21:42:01.0483 7548 [ 0c85b2b6fb74b36a251792d45e0ef860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys

21:42:01.0503 7548 LVRS64 - ok

21:42:01.0538 7548 [ 024da28053d57e9e32bee52600576bbb ] MarvinBus C:\Windows\system32\DRIVERS\MarvinBus64.sys

21:42:01.0587 7548 MarvinBus - ok

21:42:01.0623 7548 [ dc8490812a3b72811ae534f423b4c206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

21:42:01.0637 7548 MBAMProtector - ok

21:42:01.0660 7548 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

21:42:01.0674 7548 MBAMService - ok

21:42:01.0698 7548 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

21:42:01.0710 7548 Mcx2Svc - ok

21:42:01.0713 7548 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\drivers\megasas.sys

21:42:01.0721 7548 megasas - ok

21:42:01.0726 7548 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

21:42:01.0738 7548 MegaSR - ok

21:42:01.0765 7548 [ 1c6e73fc46b509eff9d0086aa37132df ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

21:42:01.0772 7548 MEIx64 - ok

21:42:01.0781 7548 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll

21:42:01.0824 7548 MMCSS - ok

21:42:01.0827 7548 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys

21:42:01.0870 7548 Modem - ok

21:42:01.0891 7548 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys

21:42:01.0919 7548 monitor - ok

21:42:01.0944 7548 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

21:42:01.0957 7548 mouclass - ok

21:42:01.0969 7548 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

21:42:01.0990 7548 mouhid - ok

21:42:02.0017 7548 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

21:42:02.0026 7548 mountmgr - ok

21:42:02.0030 7548 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys

21:42:02.0040 7548 mpio - ok

21:42:02.0049 7548 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

21:42:02.0078 7548 mpsdrv - ok

21:42:02.0099 7548 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\Windows\system32\mpssvc.dll

21:42:02.0135 7548 MpsSvc - ok

21:42:02.0140 7548 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

21:42:02.0163 7548 MRxDAV - ok

21:42:02.0198 7548 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

21:42:02.0219 7548 mrxsmb - ok

21:42:02.0254 7548 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

21:42:02.0266 7548 mrxsmb10 - ok

21:42:02.0275 7548 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

21:42:02.0286 7548 mrxsmb20 - ok

21:42:02.0297 7548 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys

21:42:02.0306 7548 msahci - ok

21:42:02.0309 7548 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

21:42:02.0319 7548 msdsm - ok

21:42:02.0338 7548 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe

21:42:02.0351 7548 MSDTC - ok

21:42:02.0372 7548 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

21:42:02.0399 7548 Msfs - ok

21:42:02.0423 7548 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

21:42:02.0450 7548 mshidkmdf - ok

21:42:02.0463 7548 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

21:42:02.0472 7548 msisadrv - ok

21:42:02.0486 7548 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

21:42:02.0524 7548 MSiSCSI - ok

21:42:02.0527 7548 msiserver - ok

21:42:02.0547 7548 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

21:42:02.0588 7548 MSKSSRV - ok

21:42:02.0599 7548 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

21:42:02.0635 7548 MSPCLOCK - ok

21:42:02.0674 7548 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

21:42:02.0702 7548 MSPQM - ok

21:42:02.0718 7548 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

21:42:02.0730 7548 MsRPC - ok

21:42:02.0745 7548 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

21:42:02.0754 7548 mssmbios - ok

21:42:02.0761 7548 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

21:42:02.0787 7548 MSTEE - ok

21:42:02.0790 7548 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

21:42:02.0800 7548 MTConfig - ok

21:42:02.0815 7548 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys

21:42:02.0824 7548 Mup - ok

21:42:02.0838 7548 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll

21:42:02.0886 7548 napagent - ok

21:42:02.0907 7548 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

21:42:02.0938 7548 NativeWifiP - ok

21:42:02.0975 7548 [ c38b8ae57f78915905064a9a24dc1586 ] NDIS C:\Windows\system32\drivers\ndis.sys

21:42:03.0004 7548 NDIS - ok

21:42:03.0027 7548 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

21:42:03.0054 7548 NdisCap - ok

21:42:03.0069 7548 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

21:42:03.0096 7548 NdisTapi - ok

21:42:03.0106 7548 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

21:42:03.0133 7548 Ndisuio - ok

21:42:03.0141 7548 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

21:42:03.0184 7548 NdisWan - ok

21:42:03.0203 7548 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

21:42:03.0229 7548 NDProxy - ok

21:42:03.0236 7548 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

21:42:03.0278 7548 NetBIOS - ok

21:42:03.0292 7548 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

21:42:03.0321 7548 NetBT - ok

21:42:03.0324 7548 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe

21:42:03.0335 7548 Netlogon - ok

21:42:03.0352 7548 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll

21:42:03.0392 7548 Netman - ok

21:42:03.0419 7548 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

21:42:03.0427 7548 NetMsmqActivator - ok

21:42:03.0430 7548 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

21:42:03.0438 7548 NetPipeActivator - ok

21:42:03.0460 7548 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll

21:42:03.0505 7548 netprofm - ok

21:42:03.0508 7548 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

21:42:03.0517 7548 NetTcpActivator - ok

21:42:03.0519 7548 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

21:42:03.0527 7548 NetTcpPortSharing - ok

21:42:03.0550 7548 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

21:42:03.0558 7548 nfrd960 - ok

21:42:03.0574 7548 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

21:42:03.0613 7548 NlaSvc - ok

21:42:03.0713 7548 [ b9b72faaaa41d59b73b88fe3dd737ed1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

21:42:03.0759 7548 NOBU - ok

21:42:03.0775 7548 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

21:42:03.0803 7548 Npfs - ok

21:42:03.0810 7548 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll

21:42:03.0847 7548 nsi - ok

21:42:03.0870 7548 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

21:42:03.0897 7548 nsiproxy - ok

21:42:03.0944 7548 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

21:42:03.0982 7548 Ntfs - ok

21:42:03.0995 7548 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys

21:42:04.0021 7548 Null - ok

21:42:04.0051 7548 [ 8d4aac74b571fc356560e5b308955e93 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys

21:42:04.0061 7548 NVHDA - ok

21:42:04.0259 7548 [ 0eb204639119370f5f8f2871fbf4e14b ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

21:42:04.0420 7548 nvlddmkm - ok

21:42:04.0452 7548 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys

21:42:04.0469 7548 nvraid - ok

21:42:04.0490 7548 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys

21:42:04.0500 7548 nvstor - ok

21:42:04.0527 7548 [ 32ff8ee6dcee5c0cb91ff892fb1ca364 ] nvsvc C:\Windows\system32\nvvsvc.exe

21:42:04.0545 7548 nvsvc - ok

21:42:04.0606 7548 [ bd012dc22c78be1071bc21eb125d782f ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

21:42:04.0650 7548 nvUpdatusService - ok

21:42:04.0699 7548 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

21:42:04.0715 7548 nv_agp - ok

21:42:04.0720 7548 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

21:42:04.0742 7548 ohci1394 - ok

21:42:04.0796 7548 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

21:42:04.0810 7548 ose - ok

21:42:04.0921 7548 [ 61bffb5f57ad12f83ab64b7181829b34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

21:42:04.0987 7548 osppsvc - ok

21:42:05.0013 7548 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

21:42:05.0062 7548 p2pimsvc - ok

21:42:05.0085 7548 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll

21:42:05.0101 7548 p2psvc - ok

21:42:05.0104 7548 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\drivers\parport.sys

21:42:05.0115 7548 Parport - ok

21:42:05.0131 7548 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys

21:42:05.0140 7548 partmgr - ok

21:42:05.0152 7548 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

21:42:05.0177 7548 PcaSvc - ok

21:42:05.0210 7548 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys

21:42:05.0220 7548 pci - ok

21:42:05.0234 7548 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys

21:42:05.0242 7548 pciide - ok

21:42:05.0257 7548 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

21:42:05.0267 7548 pcmcia - ok

21:42:05.0276 7548 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys

21:42:05.0285 7548 pcw - ok

21:42:05.0302 7548 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys

21:42:05.0345 7548 PEAUTH - ok

21:42:05.0416 7548 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe

21:42:05.0444 7548 PerfHost - ok

21:42:05.0904 7548 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll

21:42:06.0002 7548 pla - ok

21:42:06.0055 7548 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

21:42:06.0104 7548 PlugPlay - ok

21:42:06.0119 7548 PnkBstrA - ok

21:42:06.0132 7548 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

21:42:06.0158 7548 PNRPAutoReg - ok

21:42:06.0187 7548 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

21:42:06.0207 7548 PNRPsvc - ok

21:42:06.0226 7548 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

21:42:06.0267 7548 PolicyAgent - ok

21:42:06.0303 7548 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll

21:42:06.0345 7548 Power - ok

21:42:06.0397 7548 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

21:42:06.0465 7548 PptpMiniport - ok

21:42:06.0477 7548 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\drivers\processr.sys

21:42:06.0497 7548 Processor - ok

21:42:06.0527 7548 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll

21:42:06.0572 7548 ProfSvc - ok

21:42:06.0579 7548 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe

21:42:06.0596 7548 ProtectedStorage - ok

21:42:06.0613 7548 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys

21:42:06.0663 7548 Psched - ok

21:42:06.0696 7548 [ 87b04878a6d59d6c79251dc960c674c1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys

21:42:06.0703 7548 PxHlpa64 - ok

21:42:06.0732 7548 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

21:42:06.0758 7548 ql2300 - ok

21:42:06.0761 7548 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

21:42:06.0771 7548 ql40xx - ok

21:42:06.0803 7548 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll

21:42:06.0825 7548 QWAVE - ok

21:42:06.0841 7548 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

21:42:06.0855 7548 QWAVEdrv - ok

21:42:06.0858 7548 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

21:42:06.0885 7548 RasAcd - ok

21:42:06.0908 7548 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

21:42:06.0935 7548 RasAgileVpn - ok

21:42:06.0946 7548 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll

21:42:06.0976 7548 RasAuto - ok

21:42:06.0985 7548 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

21:42:07.0012 7548 Rasl2tp - ok

21:42:07.0033 7548 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll

21:42:07.0071 7548 RasMan - ok

21:42:07.0091 7548 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

21:42:07.0135 7548 RasPppoe - ok

21:42:07.0154 7548 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

21:42:07.0182 7548 RasSstp - ok

21:42:07.0195 7548 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

21:42:07.0232 7548 rdbss - ok

21:42:07.0247 7548 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

21:42:07.0269 7548 rdpbus - ok

21:42:07.0291 7548 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

21:42:07.0318 7548 RDPCDD - ok

21:42:07.0325 7548 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

21:42:07.0368 7548 RDPENCDD - ok

21:42:07.0389 7548 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

21:42:07.0416 7548 RDPREFMP - ok

21:42:07.0445 7548 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

21:42:07.0468 7548 RDPWD - ok

21:42:07.0480 7548 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

21:42:07.0490 7548 rdyboost - ok

21:42:07.0507 7548 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll

21:42:07.0536 7548 RemoteAccess - ok

21:42:07.0548 7548 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

21:42:07.0577 7548 RemoteRegistry - ok

21:42:07.0646 7548 [ 3c957189b31c34d3ad21967b12b6aed7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe

21:42:07.0671 7548 RoxMediaDB12OEM - ok

21:42:07.0698 7548 [ 2b73088cc2ca757a172b425c9398e5bc ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe

21:42:07.0707 7548 RoxWatch12 - ok

21:42:07.0717 7548 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

21:42:07.0745 7548 RpcEptMapper - ok

21:42:07.0783 7548 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe

21:42:07.0802 7548 RpcLocator - ok

21:42:07.0823 7548 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\system32\rpcss.dll

21:42:07.0853 7548 RpcSs - ok

21:42:07.0860 7548 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

21:42:07.0888 7548 rspndr - ok

21:42:07.0911 7548 [ b674400273552406f11a02387222cd0f ] rzjoystk C:\Windows\system32\DRIVERS\rzjoystk.sys

21:42:07.0941 7548 rzjoystk - ok

21:42:07.0980 7548 [ 95cbc73e98f4a5ef4366dbb4b4e5d436 ] RzSynapse C:\Windows\system32\DRIVERS\RzSynapse.sys

21:42:08.0029 7548 RzSynapse - ok

21:42:08.0045 7548 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe

21:42:08.0057 7548 SamSs - ok

21:42:08.0072 7548 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

21:42:08.0081 7548 sbp2port - ok

21:42:08.0101 7548 [ eecbbf7d76300e5558d316983961ffc1 ] ScanUSBEMPIA C:\Windows\system32\DRIVERS\emScan64.sys

21:42:08.0121 7548 ScanUSBEMPIA - ok

21:42:08.0137 7548 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll

21:42:08.0168 7548 SCardSvr - ok

21:42:08.0177 7548 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

21:42:08.0219 7548 scfilter - ok

21:42:08.0255 7548 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll

21:42:08.0311 7548 Schedule - ok

21:42:08.0346 7548 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll

21:42:08.0374 7548 SCPolicySvc - ok

21:42:08.0390 7548 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

21:42:08.0412 7548 SDRSVC - ok

21:42:08.0432 7548 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

21:42:08.0467 7548 secdrv - ok

21:42:08.0479 7548 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll

21:42:08.0507 7548 seclogon - ok

21:42:08.0525 7548 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\System32\sens.dll

21:42:08.0567 7548 SENS - ok

21:42:08.0593 7548 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

21:42:08.0612 7548 SensrSvc - ok

21:42:08.0623 7548 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\drivers\serenum.sys

21:42:08.0646 7548 Serenum - ok

21:42:08.0649 7548 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\drivers\serial.sys

21:42:08.0667 7548 Serial - ok

21:42:08.0670 7548 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

21:42:08.0689 7548 sermouse - ok

21:42:08.0718 7548 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll

21:42:08.0759 7548 SessionEnv - ok

21:42:08.0761 7548 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

21:42:08.0774 7548 sffdisk - ok

21:42:08.0785 7548 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

21:42:08.0799 7548 sffp_mmc - ok

21:42:08.0801 7548 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

21:42:08.0828 7548 sffp_sd - ok

21:42:08.0830 7548 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

21:42:08.0841 7548 sfloppy - ok

21:42:08.0882 7548 [ c6cc9297bd53e5229653303e556aa539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys

21:42:08.0898 7548 Sftfs - ok

21:42:08.0967 7548 [ 13693b6354dd6e72dc5131da7d764b90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

21:42:08.0980 7548 sftlist - ok

21:42:08.0994 7548 [ 390aa7bc52cee43f6790cdea1e776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys

21:42:09.0004 7548 Sftplay - ok

21:42:09.0012 7548 [ 617e29a0b0a2807466560d4c4e338d3e ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys

21:42:09.0019 7548 Sftredir - ok

21:42:09.0066 7548 [ e1974a92ac0914a3859359a0a8c82c68 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

21:42:09.0081 7548 SftService - ok

21:42:09.0086 7548 [ 8f571f016fa1976f445147e9e6c8ae9b ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys

21:42:09.0094 7548 Sftvol - ok

21:42:09.0109 7548 [ c3cddd18f43d44ab713cf8c4916f7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

21:42:09.0119 7548 sftvsa - ok

21:42:09.0147 7548 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll

21:42:09.0178 7548 SharedAccess - ok

21:42:09.0199 7548 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll

21:42:09.0243 7548 ShellHWDetection - ok

21:42:09.0264 7548 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

21:42:09.0272 7548 SiSRaid2 - ok

21:42:09.0281 7548 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

21:42:09.0291 7548 SiSRaid4 - ok

21:42:09.0302 7548 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

21:42:09.0341 7548 Smb - ok

21:42:09.0361 7548 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe

21:42:09.0386 7548 SNMPTRAP - ok

21:42:09.0439 7548 [ 12583af6cbe0050651eaf2723b3ad7b3 ] speedfan C:\Windows\syswow64\speedfan.sys

21:42:09.0453 7548 speedfan - ok

21:42:09.0460 7548 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys

21:42:09.0469 7548 spldr - ok

21:42:09.0487 7548 [ b96c17b5dc1424d56eea3a99e97428cd ] Spooler C:\Windows\System32\spoolsv.exe

21:42:09.0518 7548 Spooler - ok

21:42:09.0569 7548 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe

21:42:09.0624 7548 sppsvc - ok

21:42:09.0647 7548 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

21:42:09.0677 7548 sppuinotify - ok

21:42:09.0695 7548 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys

21:42:09.0740 7548 srv - ok

21:42:09.0759 7548 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

21:42:09.0772 7548 srv2 - ok

21:42:09.0781 7548 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

21:42:09.0792 7548 srvnet - ok

21:42:09.0826 7548 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

21:42:09.0868 7548 SSDPSRV - ok

21:42:09.0876 7548 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll

21:42:09.0914 7548 SstpSvc - ok

21:42:09.0927 7548 Steam Client Service - ok

21:42:09.0955 7548 [ fc0a58529a02b1eed55ddc58696b7908 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

21:42:09.0973 7548 Stereo Service - ok

21:42:09.0990 7548 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\drivers\stexstor.sys

21:42:09.0999 7548 stexstor - ok

21:42:10.0028 7548 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll

21:42:10.0062 7548 stisvc - ok

21:42:10.0080 7548 [ 7731f46ec0d687a931cba063e8f90ef0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

21:42:10.0088 7548 stllssvr - ok

21:42:10.0108 7548 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

21:42:10.0117 7548 swenum - ok

21:42:10.0131 7548 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll

21:42:10.0167 7548 swprv - ok

21:42:10.0209 7548 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll

21:42:10.0265 7548 SysMain - ok

21:42:10.0284 7548 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

21:42:10.0300 7548 TabletInputService - ok

21:42:10.0314 7548 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

21:42:10.0352 7548 TapiSrv - ok

21:42:10.0373 7548 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll

21:42:10.0401 7548 TBS - ok

21:42:10.0446 7548 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

21:42:10.0476 7548 Tcpip - ok

21:42:10.0504 7548 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

21:42:10.0534 7548 TCPIP6 - ok

21:42:10.0544 7548 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

21:42:10.0580 7548 tcpipreg - ok

21:42:10.0623 7548 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

21:42:10.0646 7548 TDPIPE - ok

21:42:10.0662 7548 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

21:42:10.0684 7548 TDTCP - ok

21:42:10.0709 7548 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

21:42:10.0735 7548 tdx - ok

21:42:10.0812 7548 [ 8a9828975a857e477efef5a61ba45ac0 ] TeamViewer6 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

21:42:10.0845 7548 TeamViewer6 - ok

21:42:10.0868 7548 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

21:42:10.0877 7548 TermDD - ok

21:42:10.0893 7548 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll

21:42:10.0926 7548 TermService - ok

21:42:10.0940 7548 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll

21:42:10.0966 7548 Themes - ok

21:42:10.0988 7548 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll

21:42:11.0015 7548 THREADORDER - ok

21:42:11.0050 7548 [ e386dd8ec68c67ca3e2a3abdc1df5c56 ] tmactmon C:\Windows\system32\DRIVERS\tmactmon.sys

21:42:11.0058 7548 tmactmon - ok

21:42:11.0088 7548 [ ab011c569487fd65c8944ddf8cbb2572 ] tmcomm C:\Windows\system32\DRIVERS\tmcomm.sys

21:42:11.0097 7548 tmcomm - ok

21:42:11.0122 7548 [ 8870a3d7305455b47adccd226f8e51bc ] tmevtmgr C:\Windows\system32\DRIVERS\tmevtmgr.sys

21:42:11.0130 7548 tmevtmgr - ok

21:42:11.0136 7548 [ 065cb7d9278d778fb9ef62cead01433f ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys

21:42:11.0145 7548 tmtdi - ok

21:42:11.0152 7548 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll

21:42:11.0194 7548 TrkWks - ok

21:42:11.0244 7548 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

21:42:11.0278 7548 TrustedInstaller - ok

21:42:11.0290 7548 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

21:42:11.0325 7548 tssecsrv - ok

21:42:11.0359 7548 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

21:42:11.0381 7548 TsUsbFlt - ok

21:42:11.0394 7548 [ 9cc2ccae8a84820eaecb886d477cbcb8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

21:42:11.0411 7548 TsUsbGD - ok

21:42:11.0430 7548 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

21:42:11.0473 7548 tunnel - ok

21:42:11.0491 7548 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

21:42:11.0500 7548 uagp35 - ok

21:42:11.0519 7548 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

21:42:11.0548 7548 udfs - ok

21:42:11.0592 7548 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

21:42:11.0613 7548 UI0Detect - ok

21:42:11.0624 7548 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

21:42:11.0633 7548 uliagpkx - ok

21:42:11.0639 7548 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

21:42:11.0659 7548 umbus - ok

21:42:11.0679 7548 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\drivers\umpass.sys

21:42:11.0699 7548 UmPass - ok

21:42:11.0723 7548 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll

21:42:11.0764 7548 upnphost - ok

21:42:11.0800 7548 [ fb251567f41bc61988b26731dec19e4b ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

21:42:11.0855 7548 USBAAPL64 - ok

21:42:11.0891 7548 [ 82e8f44688e6fac57b5b7c6fc7adbc2a ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

21:42:11.0924 7548 usbaudio - ok

21:42:11.0952 7548 [ 19ad7990c0b67e48dac5b26f99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

21:42:12.0004 7548 usbccgp - ok

21:42:12.0008 7548 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

21:42:12.0022 7548 usbcir - ok

21:42:12.0033 7548 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\drivers\usbehci.sys

21:42:12.0044 7548 usbehci - ok

21:42:12.0067 7548 [ 8b892002d7b79312821169a14317ab86 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

21:42:12.0090 7548 usbhub - ok

21:42:12.0116 7548 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

21:42:12.0135 7548 usbohci - ok

21:42:12.0156 7548 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\drivers\usbprint.sys

21:42:12.0178 7548 usbprint - ok

21:42:12.0190 7548 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

21:42:12.0221 7548 USBSTOR - ok

21:42:12.0234 7548 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

21:42:12.0260 7548 usbuhci - ok

21:42:12.0293 7548 [ 454800c2bc7f3927ce030141ee4f4c50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

21:42:12.0314 7548 usbvideo - ok

21:42:12.0333 7548 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll

21:42:12.0362 7548 UxSms - ok

21:42:12.0373 7548 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe

21:42:12.0384 7548 VaultSvc - ok

21:42:12.0400 7548 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

21:42:12.0409 7548 vdrvroot - ok

21:42:12.0430 7548 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe

21:42:12.0475 7548 vds - ok

21:42:12.0478 7548 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

21:42:12.0490 7548 vga - ok

21:42:12.0499 7548 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys

21:42:12.0539 7548 VgaSave - ok

21:42:12.0561 7548 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

21:42:12.0572 7548 vhdmp - ok

21:42:12.0579 7548 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys

21:42:12.0587 7548 viaide - ok

21:42:12.0598 7548 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

21:42:12.0607 7548 volmgr - ok

21:42:12.0619 7548 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

21:42:12.0632 7548 volmgrx - ok

21:42:12.0642 7548 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

21:42:12.0653 7548 volsnap - ok

21:42:12.0671 7548 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

21:42:12.0681 7548 vsmraid - ok

21:42:12.0710 7548 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe

21:42:12.0795 7548 VSS - ok

21:42:12.0821 7548 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

21:42:12.0853 7548 vwifibus - ok

21:42:12.0873 7548 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

21:42:12.0887 7548 vwififlt - ok

21:42:12.0903 7548 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll

21:42:12.0934 7548 W32Time - ok

21:42:12.0938 7548 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\drivers\wacompen.sys

21:42:12.0957 7548 WacomPen - ok

21:42:12.0972 7548 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

21:42:13.0008 7548 WANARP - ok

21:42:13.0011 7548 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

21:42:13.0038 7548 Wanarpv6 - ok

21:42:13.0093 7548 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

21:42:13.0150 7548 WatAdminSvc - ok

21:42:13.0180 7548 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe

21:42:13.0257 7548 wbengine - ok

21:42:13.0276 7548 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

21:42:13.0293 7548 WbioSrvc - ok

21:42:13.0310 7548 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll

21:42:13.0342 7548 wcncsvc - ok

21:42:13.0362 7548 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

21:42:13.0380 7548 WcsPlugInService - ok

21:42:13.0383 7548 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\drivers\wd.sys

21:42:13.0392 7548 Wd - ok

21:42:13.0410 7548 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

21:42:13.0425 7548 Wdf01000 - ok

21:42:13.0433 7548 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll

21:42:13.0509 7548 WdiServiceHost - ok

21:42:13.0512 7548 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll

21:42:13.0527 7548 WdiSystemHost - ok

21:42:13.0550 7548 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll

21:42:13.0584 7548 WebClient - ok

21:42:13.0588 7548 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll

21:42:13.0645 7548 Wecsvc - ok

21:42:13.0663 7548 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

21:42:13.0692 7548 wercplsupport - ok

21:42:13.0708 7548 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll

21:42:13.0744 7548 WerSvc - ok

21:42:13.0763 7548 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

21:42:13.0790 7548 WfpLwf - ok

21:42:13.0822 7548 [ b14ef15bd757fa488f9c970eee9c0d35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys

21:42:13.0831 7548 WimFltr - ok

21:42:13.0846 7548 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys

21:42:13.0854 7548 WIMMount - ok

21:42:13.0871 7548 WinDefend - ok

21:42:13.0874 7548 WinHttpAutoProxySvc - ok

21:42:13.0909 7548 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

21:42:13.0939 7548 Winmgmt - ok

21:42:13.0975 7548 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll

21:42:14.0043 7548 WinRM - ok

21:42:14.0093 7548 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll

21:42:14.0127 7548 Wlansvc - ok

21:42:14.0172 7548 [ 06c8fa1cf39de6a735b54d906ba791c6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

21:42:14.0180 7548 wlcrasvc - ok

21:42:14.0262 7548 [ 2bacd71123f42cea603f4e205e1ae337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

21:42:14.0295 7548 wlidsvc - ok

21:42:14.0298 7548 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

21:42:14.0309 7548 WmiAcpi - ok

21:42:14.0317 7548 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

21:42:14.0330 7548 wmiApSrv - ok

21:42:14.0339 7548 WMPNetworkSvc - ok

21:42:14.0351 7548 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll

21:42:14.0392 7548 WPCSvc - ok

21:42:14.0405 7548 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

21:42:14.0420 7548 WPDBusEnum - ok

21:42:14.0432 7548 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

21:42:14.0459 7548 ws2ifsl - ok

21:42:14.0474 7548 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\Windows\system32\wscsvc.dll

21:42:14.0503 7548 wscsvc - ok

21:42:14.0505 7548 WSearch - ok

21:42:14.0579 7548 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll

21:42:14.0639 7548 wuauserv - ok

21:42:14.0653 7548 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

21:42:14.0695 7548 WudfPf - ok

21:42:14.0751 7548 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

21:42:14.0809 7548 WUDFRd - ok

21:42:14.0832 7548 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

21:42:14.0861 7548 wudfsvc - ok

21:42:14.0876 7548 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll

21:42:14.0909 7548 WwanSvc - ok

21:42:14.0943 7548 ================ Scan global ===============================

21:42:14.0958 7548 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll

21:42:14.0979 7548 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll

21:42:14.0988 7548 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll

21:42:15.0006 7548 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll

21:42:15.0018 7548 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe

21:42:15.0020 7548 [Global] - ok

21:42:15.0020 7548 ================ Scan MBR ==================================

21:42:15.0022 7548 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

21:42:15.0023 7548 Suspicious mbr (Forged): \Device\Harddisk0\DR0

21:42:15.0072 7548 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

21:42:15.0073 7548 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

21:42:15.0122 7548 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

21:42:15.0123 7548 \Device\Harddisk0\DR0 - detected TDSS File System (1)

21:42:15.0123 7548 ================ Scan VBR ==================================

21:42:15.0126 7548 Boot (0x1200) (3dd24bea85ddf0b5563f22cb97f43d56) \Device\Harddisk0\DR0\Partition1

21:42:15.0127 7548 \Device\Harddisk0\DR0\Partition1 - ok

21:42:15.0157 7548 Boot (0x1200) (5dba23f4ebf66b24056eaec3be458a6b) \Device\Harddisk0\DR0\Partition2

21:42:15.0159 7548 \Device\Harddisk0\DR0\Partition2 - ok

21:42:15.0159 7548 ============================================================

21:42:15.0159 7548 Scan finished

21:42:15.0159 7548 ============================================================

21:42:15.0167 7536 Detected object count: 2

21:42:15.0167 7536 Actual detected object count: 2

21:43:40.0172 7536 \Device\Harddisk0\DR0\# - copied to quarantine

21:43:40.0179 7536 \Device\Harddisk0\DR0 - copied to quarantine

21:43:40.0233 7536 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

21:43:47.0136 7536 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

21:43:47.0259 7536 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

21:43:55.0238 7536 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

21:44:02.0563 7536 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

21:44:02.0987 7536 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

21:44:03.0037 7536 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

21:44:03.0039 7536 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

21:44:03.0041 7536 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

21:44:03.0179 7536 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

21:44:03.0206 7536 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

21:44:03.0207 7536 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

21:44:03.0209 7536 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

21:44:03.0270 7536 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

21:44:03.0430 7536 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

21:44:03.0431 7536 \Device\Harddisk0\DR0 - ok

21:44:03.0445 7536 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

21:44:03.0445 7536 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

21:44:03.0445 7536 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Just run it again and choose Delete for this one only: (you don't have to post the log)

21:44:03.0445 7536 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

21:44:03.0445 7536 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

----------------------------------

Then..........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites
xbigrig

xbigrig

Posted
  • Author
Posted

ComboFix 12-08-14.05 - Bigrig 08/14/2012 22:27:54.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8174.6456 [GMT -4:00]

Running from: c:\users\Bigrig\Downloads\ComboFix.exe

AV: Trend Micro Titanium 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}

SP: Trend Micro Titanium 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Hyperionics DB Toolbar\tbHElper.dll

c:\programdata\100

c:\programdata\PCDr\5907\Downloads\f0fc9c9c-10ba-435b-8365-dadb523644ff.dll

c:\users\Bigrig\AppData\Roaming\Bigriglog.dat

c:\users\Bigrig\AppData\Roaming\RSBot.db

c:\windows\security\Database\tmp.edb

c:\windows\SysWow64\~GLH0014.TMP

c:\windows\SysWow64\~GLH0018.TMP

c:\windows\SysWow64\~GLH001c.TMP

c:\windows\SysWow64\~GLH0020.TMP

c:\windows\SysWow64\~GLH0026.TMP

.

.

((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))

.

.

2012-08-15 02:31 . 2012-08-15 02:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-08-14 21:40 . 2012-08-14 21:40 -------- d-----w- c:\users\Bigrig\AppData\Roaming\Malwarebytes

2012-08-14 21:40 . 2012-08-14 21:40 -------- d-----w- c:\programdata\Malwarebytes

2012-08-14 21:40 . 2012-08-14 21:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-14 21:40 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-14 01:38 . 2012-08-14 01:38 123904 ----a-w- c:\programdata\Microsoft\Windows\DRM\1F15.tmp.dat

2012-08-07 02:36 . 2012-08-14 01:54 -------- d-----w- c:\program files (x86)\Flash Keep FullScreen

2012-07-24 00:56 . 2012-07-24 00:56 -------- d-----w- c:\users\Bigrig\AppData\Roaming\gslist

2012-07-24 00:56 . 2012-07-24 00:56 -------- d-----w- c:\users\Bigrig\AppData\Local\DayZCommander

2012-07-24 00:55 . 2012-07-24 00:55 -------- d-----w- c:\program files (x86)\Dotjosh Open Source

2012-07-20 08:13 . 2012-07-20 08:13 -------- d-----w- c:\program files (x86)\WinDirStat

2012-07-19 17:07 . 2008-05-07 23:59 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPLHN.DLL

2012-07-19 17:05 . 2012-07-19 17:05 -------- d-----w- c:\programdata\Hewlett-Packard

2012-07-19 17:05 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-14 02:43 . 2012-04-11 12:48 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-14 02:43 . 2011-08-16 15:58 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-27 19:20 . 2012-07-13 17:33 233920 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-07-27 19:20 . 2012-07-13 17:30 233920 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-07-27 19:19 . 2012-07-13 17:30 233920 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-07-13 17:30 . 2012-07-13 17:30 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-07-12 07:01 . 2011-07-01 07:41 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-06-12 03:08 . 2012-07-12 07:03 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-06-09 05:43 . 2012-07-11 11:32 14172672 ----a-w- c:\windows\system32\shell32.dll

2012-06-06 06:06 . 2012-07-11 11:32 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 06:06 . 2012-07-11 11:32 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 06:02 . 2012-07-11 11:32 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-06-06 05:05 . 2012-07-11 11:32 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-06 05:05 . 2012-07-11 11:32 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-06 05:03 . 2012-07-11 11:32 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-06-02 22:19 . 2012-06-21 11:08 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 11:08 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-21 11:08 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 11:08 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 11:08 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-21 11:08 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-21 11:08 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19 . 2012-06-21 11:08 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:15 . 2012-06-21 11:08 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 12:49 . 2012-07-12 07:00 17807360 ----a-w- c:\windows\system32\mshtml.dll

2012-06-02 12:17 . 2012-07-12 07:00 10924032 ----a-w- c:\windows\system32\ieframe.dll

2012-06-02 12:12 . 2012-07-12 07:00 2311680 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 12:05 . 2012-07-12 07:00 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-06-02 12:05 . 2012-07-12 07:00 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 12:04 . 2012-07-12 07:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 12:04 . 2012-07-12 07:00 237056 ----a-w- c:\windows\system32\url.dll

2012-06-02 12:03 . 2012-07-12 07:00 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-06-02 12:01 . 2012-07-12 07:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 12:00 . 2012-07-12 07:00 818688 ----a-w- c:\windows\system32\jscript.dll

2012-06-02 11:59 . 2012-07-12 07:00 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-06-02 11:57 . 2012-07-12 07:00 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-06-02 11:57 . 2012-07-12 07:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-02 11:54 . 2012-07-12 07:00 248320 ----a-w- c:\windows\system32\ieui.dll

2012-06-02 08:33 . 2012-07-12 07:00 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-06-02 08:25 . 2012-07-12 07:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-06-02 08:25 . 2012-07-12 07:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-06-02 08:20 . 2012-07-12 07:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-06-02 08:16 . 2012-07-12 07:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-06-02 05:50 . 2012-07-11 11:32 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 05:48 . 2012-07-11 11:32 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:48 . 2012-07-11 11:32 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:45 . 2012-07-11 11:32 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:44 . 2012-07-11 11:32 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-02 04:40 . 2012-07-11 11:32 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-06-02 04:40 . 2012-07-11 11:32 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-06-02 04:39 . 2012-07-11 11:32 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34 . 2012-07-11 11:32 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2012-05-30 02:46 . 2012-05-30 02:46 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]

"Razer Blackwidow Driver"="c:\program files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe" [2011-05-16 887712]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]

R3 hcwhdpvr;Hauppauge HD PVR Capture Service;c:\windows\system32\DRIVERS\hcwhdpvr.sys [2012-03-26 192072]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

R3 rzjoystk;Razer VJoystick;c:\windows\system32\DRIVERS\rzjoystk.sys [2011-03-24 19968]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-02 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2011-09-13 70928]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2012-03-09 23816]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 Dyyno Launcher;Dyyno Service;c:\program files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [2011-01-15 415072]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]

S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]

S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2011-07-10 73384]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-16 317440]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-06-08 406056]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-22 56344]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]

S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-07-14 157184]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 02:43]

.

2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3050166332-28816295-1962625346-1000Core.job

- c:\users\Bigrig\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-14 02:00]

.

2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3050166332-28816295-1962625346-1000UA.job

- c:\users\Bigrig\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-14 02:00]

.

2012-07-18 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]

.

2012-07-20 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]

.

2012-08-14 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-23 10920552]

"RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]

"RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]

"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-07-06 1304824]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9848

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: Interfaces\{4E9DC6C4-D0CD-462F-845B-F35226F3D5FC}: NameServer = 8.8.8.8,8.8.4.4

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

SafeBoot-44643255.sys

Toolbar-Locked - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\02\06\0b\14\00\0a"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\PnkBstrA.exe

.

**************************************************************************

.

Completion time: 2012-08-14 22:36:14 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-15 02:36

.

Pre-Run: 824,052,056,064 bytes free

Post-Run: 823,704,219,648 bytes free

.

- - End Of File - - A9FC7169AE2631BA46AF26E5068AFAF8

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Great thumbsup.gif

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassociates.com/OT-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.