Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Sirefef trojan family, believed to be removed, issues present still.

Started by Streak118 , Jul 29 2012 04:58 PM

  • Please log in to reply

#1
Streak118
Posted 29 July 2012 - 04:58 PM

Streak118

    New Member

  • Member
  • Pip
  • 6 posts
Good morning/afternoon/evening wherever you are.

On july 23, 2012 I discovered I had a trojan, from the sirefef family, (I.E. sirefef.y, sirefef.ab, ect.) I first noticed a problem because my Microsoft Security Essentials icon was not appearing on my system tray. So I went into my start orb > all programs, located it, and started it up and ran a scan. Within 20 seconds it announced it detected 2 threats just the same as the following image, then about 1 minute later the second window popped up.Posted Image.

After trying to scan and remove about 4 or 5 times, with the same auto reboot happening, I went to google and to a friend with a similar issue for solutions. (At this point, details will get a little sketchy due to length of time since, as well as not keeping track of everything I tried.)

first I uninstalled MSE, reinstalled it, tried to scan. Same auto reboot issue. So uninstalled again, and downloaded malwarebytes, ran it, but cannot remember the outcome but I did have to go and try this removal tool I located at http://www.hotforsec...com/download/31 (website to show what I used). Ran that and scanned with malwarebytes again, found no issue. Uninstalled malewarebytes, reinstalled MSE, ran that again, this time it found issues, but completed the scan and allowed me to clean the infections. From my friends suggestion, I downloaded and installed HitMan Pro vers. 3.6 free trial, scanned and found no threats. Uninstalled HitMan Pro. -EDIT- since posting this, I was reading over some of the other people that have "tickets" open with you guys, and seeing this "TDSSKiller" I remember that is something I tried as well, but do not remember the outcome or even what it does -END EDIT

Since doing all this, there hasn't been any threats detected, however, I have found that my Windows Security Center Service has been turned off, (didn't know this was possible), and my windows firewall is turned off and when I try to turn it on, I get an error message saying "Windows Firewall can't change some of your settings. Error code 0x80070424". Also, desktop issue: the icons on my desktop have been reverted to medium sized, where I had it set to small sizes, and they are auto arranging by type even though I have the tick mark OFF of that setting. When I change the size of the icons back to small, and rearrange them the way I want them, out of testing purposes I hit f5 while on the desktop. The size of the icon remains small, but the arrangement goes back to arranging by type, and when I reboot, the icon size changes back to medium again. One last thing I just now happened to notice, I had the option under "Folder and Search Options" > "view" tab > "hide extenstions for known file types" unchecked, but I had to reboot my computer due to accidentally unplugged my modem for the power outlet. When I rebooted and came back on, that tick box was checked again.

I had just resolved to give up and let it stay this way, but it is nagging at the back of my mind and bothering me, so I thought I would come here, and beg for step by step help, as I've seen the thorough steps provided to other users. I apologize for such a long post, but I wanted to be as detailed as can be, and thank you in advanced for taking the time to help me and all the others you have helped.

prior to starting this post, I followed your "Getting started" steps and downloaded and ran OTL, and will post the 2 .txt files it produced.

Attached Files


Edited by Streak118, 29 July 2012 - 05:24 PM.

  • 0

Advertisements

#2
RKinner
Posted 30 July 2012 - 12:01 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Error - 7/29/2012 4:43:02 PM | Computer Name = SuperSonic | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 7/29/2012 4:43:02 PM | Computer Name = SuperSonic | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.



We used to get this all of the time with the old Zero Access. Without BFE a lot of things don't work.

First run Combofix and TDSSKiller to make sure the bug is gone:

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspersky.com/downloads/utils/tdsskiller.exe
Save it to your desktop then run it.
Right click on TDSSKiller.exe and select Run As Administrator to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Then let's see if we can get BFE to start.


Download and Save the attached BFE64.zip file. Right click on it and Extract All. This will create a folder called BFE64. Inside the folder will be two files. BFE64.reg and mpssvc.reg.

Right click on BFE64.reg and select MERGE. Allow it to merge into the registry. Report any errors you get.

Right click on mpssvc.reg and select MERGE. Allow it to merge into the registry. Report any errors you get.

Reboot.

Start, (All) Programs, Accessories then right click on Command Prompt and select Run As Admin.

Type with an Enter after each line:

net  start  bfe

(We want it to say
"The requested service has already been started

More help is available by typing NET HELPMSG 2182"

but it likely will say Access Denied. If you get Access Denied then:

Go into regedit, (Start, Search, regedit, doubleclick, Continue) navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
(Find HKEY_LOCAL_MACHINE\SYSTEM and click on the + in front of it. Find CurrentControlSet and click on its plus. Click on Services) then right click on Services and select Permissions then click Add.
Type in
NT Service\bfe
and click on Check Name. (It will change your typing to BFE ) OK. You should be back on the first Permissions page. Now select BFE on the permission page and click on the first box to the right of Full Control (Allow column). Then Apply. Reboot and do the 
net  start  bfe
command again and see if BFE has already been started.

Start, (All) Programs, Accessories then right click on Command Prompt and select Run As Admin.

Type with an Enter after each line:

net  start  bfe

(also check the mpssvc which is Windows Firewall)

net  start  mpssvc

Ron
  • 0

#3
Streak118
Posted 30 July 2012 - 12:35 AM

Streak118

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thank you for the reply. Since it is 2:30am for me, I will have to take care of this in the morning, but I wrote down all the steps you wish me to do. Will do them first thing in the morning after I take my wife to work. But I do have a question in the mean time. For the admin cmd prompt, you said

Type with an Enter after each line:

net start bfe

now, does that mean "net (enter for new line) start (enter for new line) bfe (enter for new line)"?or, just "net start bfe (enter)"?

same question for the "net start mpssvc" part
  • 0

#4
RKinner
Posted 30 July 2012 - 08:05 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
net start bfe <Enter>

IF you are writing down the steps, please note that the forum software shortens the visible paths. They still work when you click on them but may not by copying. I'll go back in and edit my first post to force it to show the full paths.

I'll be off island today so it may be late before I get back to you.
  • 0

#5
Streak118
Posted 30 July 2012 - 03:25 PM

Streak118

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ok, did all the steps. I will copy paste the logs after this comment, but with the BFE part, I didn't get an "Access Denied" statement on either, both said "The requested service has already been started, More help is available..." so I didn't do anything in RegEdit (thankfully, messing with reg keys scares me)

ok, here are the logs, in order:

ComboFix 12-07-29.02 - Sarah 07/30/2012 16:55:01.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2962 [GMT -4:00]
Running from: c:\users\Sarah\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Sarah\AppData\Local\._Revolution_
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\WanPacket.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))
.
.
2012-07-30 21:00 . 2012-07-30 21:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-30 21:00 . 2012-07-30 21:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-29 23:53 . 2012-07-29 23:53 -------- d-----w- c:\users\Sarah\AppData\Roaming\HPAppData
2012-07-24 15:17 . 2012-07-24 15:17 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-24 15:17 . 2012-07-24 15:17 -------- d-----w- c:\program files (x86)\Oracle
2012-07-24 15:16 . 2012-07-06 02:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-24 13:02 . 2012-07-24 13:02 -------- d-----w- c:\users\Sarah\AppData\Roaming\Malwarebytes
2012-07-24 13:02 . 2012-07-24 13:02 -------- d-----w- c:\programdata\Malwarebytes
2012-07-24 12:13 . 2012-07-24 12:13 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-07-24 12:06 . 2012-07-24 12:14 -------- d-----w- c:\programdata\HitmanPro
2012-07-22 16:44 . 2012-07-22 16:44 -------- d-----w- c:\program files\Enigma Software Group
2012-07-22 16:43 . 2012-07-22 17:13 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-07-22 15:44 . 2012-07-22 15:44 328704 ----a-w- c:\windows\system32\services.exe.1B381CDC1B10FBD4
2012-07-22 15:41 . 2012-07-22 15:41 328704 ----a-w- c:\windows\system32\services.exe.07B2328C87EBBE1B
2012-07-22 15:38 . 2012-07-22 15:38 328704 ----a-w- c:\windows\system32\services.exe.57D556B300A0778D
2012-07-22 15:29 . 2012-07-22 15:29 328704 ----a-w- c:\windows\system32\services.exe.EDECB7D124725EFF
2012-07-22 15:21 . 2012-07-22 15:21 328704 ----a-w- c:\windows\system32\services.exe.C1B3DEE173515655
2012-07-22 15:16 . 2012-07-22 15:16 328704 ----a-w- c:\windows\system32\services.exe.36E8526133C536BE
2012-07-22 15:11 . 2012-07-22 15:11 328704 ----a-w- c:\windows\system32\services.exe.A6AF18846F376ED6
2012-07-22 15:08 . 2012-07-22 15:08 328704 ----a-w- c:\windows\system32\services.exe.CBF4CDD63913150E
2012-07-22 15:05 . 2012-07-22 15:05 328704 ----a-w- c:\windows\system32\services.exe.CB7596136F04C9D5
2012-07-22 15:01 . 2012-07-22 15:01 328704 ----a-w- c:\windows\system32\services.exe.DEC333DCD03866DE
2012-07-22 14:55 . 2012-07-22 14:55 328704 ----a-w- c:\windows\system32\services.exe.50057518584DCE6A
2012-07-22 14:48 . 2012-07-22 14:48 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-22 14:48 . 2012-07-22 14:48 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-22 10:25 . 2012-07-22 10:25 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-21 05:06 . 2011-03-29 00:15 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-07-21 05:06 . 2011-03-29 00:15 1254464 ----a-w- c:\windows\system32\drivers\AE2500w764.sys
2012-07-21 05:06 . 2011-03-29 00:11 3900928 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2012-07-21 05:06 . 2011-03-29 00:11 3566592 ----a-w- c:\windows\system32\bcmihvui64.dll
2012-07-21 05:06 . 2010-06-09 19:11 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-07-21 05:05 . 2007-11-05 12:23 40464 ----a-r- c:\windows\system32\drivers\npf.sys
2012-07-12 07:04 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 07:00 . 2012-06-02 12:49 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-07-12 07:00 . 2012-06-02 12:17 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-07-02 01:36 . 2012-07-02 01:36 -------- d-----w- c:\program files\iPod
2012-07-02 01:36 . 2012-07-02 01:37 -------- d-----w- c:\program files\iTunes
2012-07-02 01:36 . 2012-07-02 01:36 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-29 01:52 . 2012-04-03 00:49 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-29 01:52 . 2011-05-14 07:17 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-22 15:47 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-07-22 14:50 . 2012-07-22 14:50 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ED0A1CF4-D33E-4BCD-92C8-65B92D97E7EE}\gapaengine.dll
2012-07-12 07:01 . 2010-02-06 22:15 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-06 02:06 . 2010-06-13 00:15 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-29 07:04 . 2012-07-30 06:27 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB313492-1E4F-4C86-8B17-AF6CACBF2156}\mpengine.dll
2012-06-29 07:04 . 2012-07-29 01:59 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-02 22:19 . 2012-06-25 21:13 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-25 21:13 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-25 21:13 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-25 21:13 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-25 21:13 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-25 21:13 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-25 21:13 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-25 21:13 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-25 21:13 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-04 11:06 . 2012-06-17 20:39 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-17 20:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-17 20:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-25 6595928]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-2-18 113664]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\hp\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE2500w764.sys [2011-03-29 1254464]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2010-01-18 4608]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-16 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-01-28 86120]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-26 c:\windows\Tasks\HPCeeScheduleForSarah.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 02:15]
.
2012-03-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://comcast.net/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.gamehouse.com/games/gamehouse/ghplayer.cab
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3039721347-144430401-2274270680-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3039721347-144430401-2274270680-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2012-07-30 17:07:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-30 21:07
.
Pre-Run: 510,690,930,688 bytes free
Post-Run: 511,588,057,088 bytes free
.
- - End Of File - - 8A1787E980AADC8E80F99FC81BAFB9FB


and tdss:

17:12:02.0540 2460 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
17:12:02.0572 2460 ============================================================
17:12:02.0572 2460 Current date / time: 2012/07/30 17:12:02.0572
17:12:02.0572 2460 SystemInfo:
17:12:02.0572 2460
17:12:02.0572 2460 OS Version: 6.1.7601 ServicePack: 1.0
17:12:02.0572 2460 Product type: Workstation
17:12:02.0572 2460 ComputerName: SUPERSONIC
17:12:02.0572 2460 UserName: Sarah
17:12:02.0572 2460 Windows directory: C:\Windows
17:12:02.0572 2460 System windows directory: C:\Windows
17:12:02.0572 2460 Running under WOW64
17:12:02.0572 2460 Processor architecture: Intel x64
17:12:02.0572 2460 Number of processors: 4
17:12:02.0572 2460 Page size: 0x1000
17:12:02.0572 2460 Boot type: Normal boot
17:12:02.0572 2460 ============================================================
17:12:03.0414 2460 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:12:03.0445 2460 ============================================================
17:12:03.0445 2460 \Device\Harddisk0\DR0:
17:12:03.0445 2460 MBR partitions:
17:12:03.0445 2460 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:12:03.0445 2460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x491EF000
17:12:03.0445 2460 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x49221800, BlocksNum 0x1636000
17:12:03.0445 2460 ============================================================
17:12:03.0461 2460 C: <-> \Device\Harddisk0\DR0\Partition1
17:12:03.0508 2460 D: <-> \Device\Harddisk0\DR0\Partition2
17:12:03.0508 2460 ============================================================
17:12:03.0508 2460 Initialize success
17:12:03.0508 2460 ============================================================
17:12:22.0009 3532 ============================================================
17:12:22.0009 3532 Scan started
17:12:22.0009 3532 Mode: Manual;
17:12:22.0009 3532 ============================================================
17:12:22.0352 3532 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:12:22.0352 3532 1394ohci - ok
17:12:22.0384 3532 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:12:22.0399 3532 ACPI - ok
17:12:22.0399 3532 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:12:22.0399 3532 AcpiPmi - ok
17:12:22.0462 3532 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:12:22.0462 3532 adp94xx - ok
17:12:22.0493 3532 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:12:22.0493 3532 adpahci - ok
17:12:22.0508 3532 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:12:22.0508 3532 adpu320 - ok
17:12:22.0540 3532 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:12:22.0540 3532 AeLookupSvc - ok
17:12:22.0586 3532 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:12:22.0586 3532 AFD - ok
17:12:22.0618 3532 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:12:22.0618 3532 agp440 - ok
17:12:22.0633 3532 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:12:22.0649 3532 ALG - ok
17:12:22.0696 3532 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:12:22.0711 3532 aliide - ok
17:12:22.0711 3532 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:12:22.0727 3532 amdide - ok
17:12:22.0742 3532 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:12:22.0742 3532 AmdK8 - ok
17:12:22.0758 3532 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:12:22.0758 3532 AmdPPM - ok
17:12:22.0789 3532 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:12:22.0789 3532 amdsata - ok
17:12:22.0820 3532 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:12:22.0820 3532 amdsbs - ok
17:12:22.0836 3532 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:12:22.0836 3532 amdxata - ok
17:12:22.0883 3532 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:12:22.0883 3532 AppID - ok
17:12:22.0898 3532 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:12:22.0898 3532 AppIDSvc - ok
17:12:22.0930 3532 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:12:22.0930 3532 Appinfo - ok
17:12:23.0008 3532 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:12:23.0008 3532 Apple Mobile Device - ok
17:12:23.0054 3532 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:12:23.0054 3532 arc - ok
17:12:23.0070 3532 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:12:23.0070 3532 arcsas - ok
17:12:23.0101 3532 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:12:23.0101 3532 AsyncMac - ok
17:12:23.0132 3532 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:12:23.0132 3532 atapi - ok
17:12:23.0179 3532 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:12:23.0179 3532 AudioEndpointBuilder - ok
17:12:23.0195 3532 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:12:23.0195 3532 AudioSrv - ok
17:12:23.0226 3532 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:12:23.0226 3532 AxInstSV - ok
17:12:23.0273 3532 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:12:23.0273 3532 b06bdrv - ok
17:12:23.0304 3532 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:12:23.0304 3532 b57nd60a - ok
17:12:23.0335 3532 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:12:23.0335 3532 BDESVC - ok
17:12:23.0351 3532 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:12:23.0351 3532 Beep - ok
17:12:23.0413 3532 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:12:23.0429 3532 BFE - ok
17:12:23.0460 3532 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
17:12:23.0476 3532 BITS - ok
17:12:23.0507 3532 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:12:23.0507 3532 blbdrive - ok
17:12:23.0569 3532 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
17:12:23.0569 3532 Bonjour Service - ok
17:12:23.0600 3532 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:12:23.0600 3532 bowser - ok
17:12:23.0616 3532 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:12:23.0616 3532 BrFiltLo - ok
17:12:23.0616 3532 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:12:23.0616 3532 BrFiltUp - ok
17:12:23.0663 3532 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:12:23.0663 3532 BridgeMP - ok
17:12:23.0694 3532 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:12:23.0694 3532 Browser - ok
17:12:23.0725 3532 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:12:23.0725 3532 Brserid - ok
17:12:23.0741 3532 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:12:23.0741 3532 BrSerWdm - ok
17:12:23.0741 3532 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:12:23.0741 3532 BrUsbMdm - ok
17:12:23.0756 3532 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:12:23.0756 3532 BrUsbSer - ok
17:12:23.0772 3532 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:12:23.0772 3532 BTHMODEM - ok
17:12:23.0803 3532 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:12:23.0803 3532 bthserv - ok
17:12:23.0819 3532 catchme - ok
17:12:23.0834 3532 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:12:23.0834 3532 cdfs - ok
17:12:23.0881 3532 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:12:23.0881 3532 cdrom - ok
17:12:23.0912 3532 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:12:23.0912 3532 CertPropSvc - ok
17:12:23.0944 3532 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:12:23.0944 3532 circlass - ok
17:12:23.0975 3532 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:12:23.0975 3532 CLFS - ok
17:12:24.0022 3532 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:12:24.0022 3532 clr_optimization_v2.0.50727_32 - ok
17:12:24.0053 3532 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:12:24.0053 3532 clr_optimization_v2.0.50727_64 - ok
17:12:24.0131 3532 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:12:24.0131 3532 clr_optimization_v4.0.30319_32 - ok
17:12:24.0146 3532 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:12:24.0146 3532 clr_optimization_v4.0.30319_64 - ok
17:12:24.0178 3532 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:12:24.0178 3532 CmBatt - ok
17:12:24.0209 3532 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:12:24.0209 3532 cmdide - ok
17:12:24.0240 3532 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
17:12:24.0240 3532 CNG - ok
17:12:24.0256 3532 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:12:24.0256 3532 Compbatt - ok
17:12:24.0287 3532 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:12:24.0287 3532 CompositeBus - ok
17:12:24.0287 3532 COMSysApp - ok
17:12:24.0302 3532 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:12:24.0302 3532 crcdisk - ok
17:12:24.0349 3532 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
17:12:24.0349 3532 CryptSvc - ok
17:12:24.0380 3532 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:12:24.0396 3532 DcomLaunch - ok
17:12:24.0427 3532 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:12:24.0427 3532 defragsvc - ok
17:12:24.0458 3532 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:12:24.0458 3532 DfsC - ok
17:12:24.0490 3532 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:12:24.0490 3532 Dhcp - ok
17:12:24.0505 3532 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:12:24.0505 3532 discache - ok
17:12:24.0521 3532 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:12:24.0521 3532 Disk - ok
17:12:24.0552 3532 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:12:24.0552 3532 Dnscache - ok
17:12:24.0599 3532 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:12:24.0599 3532 dot3svc - ok
17:12:24.0661 3532 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
17:12:24.0661 3532 Dot4 - ok
17:12:24.0692 3532 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
17:12:24.0692 3532 Dot4Print - ok
17:12:24.0708 3532 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
17:12:24.0708 3532 dot4usb - ok
17:12:24.0739 3532 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:12:24.0739 3532 DPS - ok
17:12:24.0739 3532 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:12:24.0739 3532 drmkaud - ok
17:12:24.0802 3532 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:12:24.0817 3532 DXGKrnl - ok
17:12:24.0833 3532 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:12:24.0833 3532 EapHost - ok
17:12:24.0942 3532 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:12:24.0973 3532 ebdrv - ok
17:12:25.0051 3532 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:12:25.0051 3532 EFS - ok
17:12:25.0114 3532 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:12:25.0114 3532 ehRecvr - ok
17:12:25.0145 3532 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:12:25.0145 3532 ehSched - ok
17:12:25.0192 3532 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:12:25.0192 3532 elxstor - ok
17:12:25.0223 3532 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:12:25.0223 3532 ErrDev - ok
17:12:25.0285 3532 esgiguard - ok
17:12:25.0301 3532 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:12:25.0301 3532 EventSystem - ok
17:12:25.0332 3532 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:12:25.0332 3532 exfat - ok
17:12:25.0348 3532 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:12:25.0348 3532 fastfat - ok
17:12:25.0410 3532 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:12:25.0410 3532 Fax - ok
17:12:25.0426 3532 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:12:25.0426 3532 fdc - ok
17:12:25.0441 3532 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:12:25.0441 3532 fdPHost - ok
17:12:25.0457 3532 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:12:25.0457 3532 FDResPub - ok
17:12:25.0472 3532 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:12:25.0472 3532 FileInfo - ok
17:12:25.0472 3532 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:12:25.0472 3532 Filetrace - ok
17:12:25.0488 3532 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:12:25.0488 3532 flpydisk - ok
17:12:25.0519 3532 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:12:25.0519 3532 FltMgr - ok
17:12:25.0566 3532 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:12:25.0582 3532 FontCache - ok
17:12:25.0644 3532 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:12:25.0644 3532 FontCache3.0.0.0 - ok
17:12:25.0660 3532 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:12:25.0660 3532 FsDepends - ok
17:12:25.0691 3532 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
17:12:25.0691 3532 Fs_Rec - ok
17:12:25.0722 3532 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:12:25.0722 3532 fvevol - ok
17:12:25.0722 3532 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:12:25.0738 3532 gagp30kx - ok
17:12:25.0816 3532 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
17:12:25.0816 3532 GamesAppService - ok
17:12:25.0862 3532 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:12:25.0878 3532 GEARAspiWDM - ok
17:12:25.0909 3532 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:12:25.0925 3532 gpsvc - ok
17:12:25.0940 3532 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:12:25.0940 3532 hcw85cir - ok
17:12:25.0972 3532 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:12:25.0972 3532 HDAudBus - ok
17:12:25.0987 3532 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
17:12:25.0987 3532 HECIx64 - ok
17:12:26.0003 3532 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:12:26.0003 3532 HidBatt - ok
17:12:26.0018 3532 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:12:26.0018 3532 HidBth - ok
17:12:26.0034 3532 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:12:26.0034 3532 HidIr - ok
17:12:26.0050 3532 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
17:12:26.0050 3532 hidserv - ok
17:12:26.0050 3532 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:12:26.0050 3532 HidUsb - ok
17:12:26.0081 3532 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:12:26.0081 3532 hkmsvc - ok
17:12:26.0128 3532 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:12:26.0128 3532 HomeGroupListener - ok
17:12:26.0159 3532 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:12:26.0159 3532 HomeGroupProvider - ok
17:12:26.0252 3532 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
17:12:26.0252 3532 HP Support Assistant Service - ok
17:12:26.0299 3532 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
17:12:26.0299 3532 HPDrvMntSvc.exe - ok
17:12:26.0393 3532 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
17:12:26.0393 3532 hpqcxs08 - ok
17:12:26.0408 3532 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
17:12:26.0408 3532 hpqddsvc - ok
17:12:26.0471 3532 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
17:12:26.0471 3532 hpqwmiex - ok
17:12:26.0564 3532 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:12:26.0564 3532 HpSAMD - ok
17:12:26.0627 3532 HPSLPSVC (d972f48d0ce396759b788693cd665926) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
17:12:26.0642 3532 HPSLPSVC - ok
17:12:26.0705 3532 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:12:26.0705 3532 HTTP - ok
17:12:26.0736 3532 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:12:26.0736 3532 hwpolicy - ok
17:12:26.0767 3532 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:12:26.0767 3532 i8042prt - ok
17:12:26.0814 3532 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:12:26.0814 3532 iaStorV - ok
17:12:26.0892 3532 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:12:26.0908 3532 idsvc - ok
17:12:26.0939 3532 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:12:26.0939 3532 iirsp - ok
17:12:26.0986 3532 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:12:27.0001 3532 IKEEXT - ok
17:12:27.0095 3532 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
17:12:27.0110 3532 IntcAzAudAddService - ok
17:12:27.0204 3532 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:12:27.0204 3532 intelide - ok
17:12:27.0235 3532 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:12:27.0235 3532 intelppm - ok
17:12:27.0251 3532 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:12:27.0251 3532 IPBusEnum - ok
17:12:27.0282 3532 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:12:27.0282 3532 IpFilterDriver - ok
17:12:27.0344 3532 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:12:27.0344 3532 iphlpsvc - ok
17:12:27.0376 3532 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:12:27.0391 3532 IPMIDRV - ok
17:12:27.0407 3532 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:12:27.0407 3532 IPNAT - ok
17:12:27.0485 3532 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
17:12:27.0485 3532 iPod Service - ok
17:12:27.0500 3532 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:12:27.0500 3532 IRENUM - ok
17:12:27.0532 3532 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:12:27.0532 3532 isapnp - ok
17:12:27.0547 3532 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:12:27.0547 3532 iScsiPrt - ok
17:12:27.0563 3532 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:12:27.0563 3532 kbdclass - ok
17:12:27.0594 3532 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
17:12:27.0594 3532 kbdhid - ok
17:12:27.0610 3532 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:12:27.0610 3532 KeyIso - ok
17:12:27.0641 3532 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
17:12:27.0641 3532 KSecDD - ok
17:12:27.0672 3532 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
17:12:27.0672 3532 KSecPkg - ok
17:12:27.0688 3532 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:12:27.0688 3532 ksthunk - ok
17:12:27.0766 3532 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:12:27.0766 3532 KtmRm - ok
17:12:27.0984 3532 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
17:12:27.0984 3532 LanmanServer - ok
17:12:28.0015 3532 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:12:28.0015 3532 LanmanWorkstation - ok
17:12:28.0062 3532 LightScribeService (0ee66bdf485c6828aa65c0ef5d591133) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
17:12:28.0062 3532 LightScribeService - ok
17:12:28.0140 3532 Linksys_adapter_H (584528bf596a54b2bf6be5067adda44a) C:\Windows\system32\DRIVERS\AE2500w764.sys
17:12:28.0156 3532 Linksys_adapter_H - ok
17:12:28.0171 3532 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:12:28.0171 3532 lltdio - ok
17:12:28.0218 3532 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:12:28.0234 3532 lltdsvc - ok
17:12:28.0234 3532 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:12:28.0234 3532 lmhosts - ok
17:12:28.0265 3532 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:12:28.0265 3532 LSI_FC - ok
17:12:28.0280 3532 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:12:28.0280 3532 LSI_SAS - ok
17:12:28.0296 3532 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:12:28.0296 3532 LSI_SAS2 - ok
17:12:28.0312 3532 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:12:28.0312 3532 LSI_SCSI - ok
17:12:28.0343 3532 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:12:28.0343 3532 luafv - ok
17:12:28.0374 3532 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:12:28.0374 3532 Mcx2Svc - ok
17:12:28.0374 3532 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:12:28.0374 3532 megasas - ok
17:12:28.0405 3532 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:12:28.0405 3532 MegaSR - ok
17:12:28.0421 3532 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:12:28.0421 3532 MMCSS - ok
17:12:28.0436 3532 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:12:28.0436 3532 Modem - ok
17:12:28.0468 3532 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:12:28.0468 3532 monitor - ok
17:12:28.0499 3532 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:12:28.0499 3532 mouclass - ok
17:12:28.0530 3532 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:12:28.0530 3532 mouhid - ok
17:12:28.0561 3532 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:12:28.0561 3532 mountmgr - ok
17:12:28.0592 3532 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
17:12:28.0592 3532 MpFilter - ok
17:12:28.0608 3532 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:12:28.0608 3532 mpio - ok
17:12:28.0608 3532 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:12:28.0624 3532 mpsdrv - ok
17:12:28.0670 3532 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:12:28.0670 3532 MpsSvc - ok
17:12:28.0702 3532 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:12:28.0702 3532 MRxDAV - ok
17:12:28.0733 3532 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:12:28.0733 3532 mrxsmb - ok
17:12:28.0764 3532 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:12:28.0780 3532 mrxsmb10 - ok
17:12:28.0780 3532 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:12:28.0780 3532 mrxsmb20 - ok
17:12:28.0826 3532 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:12:28.0826 3532 msahci - ok
17:12:28.0842 3532 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:12:28.0842 3532 msdsm - ok
17:12:28.0873 3532 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:12:28.0873 3532 MSDTC - ok
17:12:28.0889 3532 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:12:28.0889 3532 Msfs - ok
17:12:28.0904 3532 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:12:28.0904 3532 mshidkmdf - ok
17:12:28.0904 3532 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:12:28.0904 3532 msisadrv - ok
17:12:28.0936 3532 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:12:28.0951 3532 MSiSCSI - ok
17:12:28.0951 3532 msiserver - ok
17:12:28.0967 3532 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:12:28.0967 3532 MSKSSRV - ok
17:12:29.0014 3532 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:12:29.0014 3532 MsMpSvc - ok
17:12:29.0029 3532 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:12:29.0029 3532 MSPCLOCK - ok
17:12:29.0029 3532 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:12:29.0029 3532 MSPQM - ok
17:12:29.0060 3532 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:12:29.0076 3532 MsRPC - ok
17:12:29.0107 3532 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:12:29.0107 3532 mssmbios - ok
17:12:29.0107 3532 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:12:29.0107 3532 MSTEE - ok
17:12:29.0123 3532 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:12:29.0123 3532 MTConfig - ok
17:12:29.0138 3532 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:12:29.0138 3532 Mup - ok
17:12:29.0170 3532 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:12:29.0170 3532 napagent - ok
17:12:29.0216 3532 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:12:29.0216 3532 NativeWifiP - ok
17:12:29.0263 3532 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:12:29.0263 3532 NDIS - ok
17:12:29.0294 3532 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:12:29.0294 3532 NdisCap - ok
17:12:29.0310 3532 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:12:29.0310 3532 NdisTapi - ok
17:12:29.0326 3532 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:12:29.0326 3532 Ndisuio - ok
17:12:29.0357 3532 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:12:29.0357 3532 NdisWan - ok
17:12:29.0388 3532 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:12:29.0388 3532 NDProxy - ok
17:12:29.0435 3532 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
17:12:29.0435 3532 Net Driver HPZ12 - ok
17:12:29.0466 3532 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:12:29.0466 3532 NetBIOS - ok
17:12:29.0497 3532 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:12:29.0497 3532 NetBT - ok
17:12:29.0528 3532 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:12:29.0528 3532 Netlogon - ok
17:12:29.0560 3532 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:12:29.0560 3532 Netman - ok
17:12:29.0575 3532 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:12:29.0591 3532 netprofm - ok
17:12:29.0638 3532 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:12:29.0638 3532 NetTcpPortSharing - ok
17:12:29.0653 3532 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:12:29.0653 3532 nfrd960 - ok
17:12:29.0684 3532 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:12:29.0684 3532 NisDrv - ok
17:12:29.0747 3532 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
17:12:29.0747 3532 NisSrv - ok
17:12:29.0794 3532 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:12:29.0794 3532 NlaSvc - ok
17:12:29.0809 3532 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:12:29.0809 3532 Npfs - ok
17:12:29.0825 3532 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:12:29.0825 3532 nsi - ok
17:12:29.0840 3532 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:12:29.0840 3532 nsiproxy - ok
17:12:29.0918 3532 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:12:29.0918 3532 Ntfs - ok
17:12:29.0996 3532 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:12:29.0996 3532 Null - ok
17:12:30.0028 3532 NVHDA (cddd4478757288df4bb1494bfd084259) C:\Windows\system32\drivers\nvhda64v.sys
17:12:30.0028 3532 NVHDA - ok
17:12:30.0402 3532 nvlddmkm (04a048659b8f77f9151308a690f14e87) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:12:30.0464 3532 nvlddmkm - ok
17:12:30.0574 3532 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:12:30.0574 3532 nvraid - ok
17:12:30.0574 3532 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:12:30.0589 3532 nvstor - ok
17:12:30.0620 3532 nvsvc (35ed605e778509668c08ed15db96e7cd) C:\Windows\system32\nvvsvc.exe
17:12:30.0620 3532 nvsvc - ok
17:12:30.0652 3532 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:12:30.0652 3532 nv_agp - ok
17:12:30.0683 3532 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:12:30.0683 3532 ohci1394 - ok
17:12:30.0714 3532 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:12:30.0714 3532 p2pimsvc - ok
17:12:30.0745 3532 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:12:30.0745 3532 p2psvc - ok
17:12:30.0776 3532 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:12:30.0776 3532 Parport - ok
17:12:30.0792 3532 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
17:12:30.0792 3532 partmgr - ok
17:12:30.0808 3532 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:12:30.0808 3532 PcaSvc - ok
17:12:30.0854 3532 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:12:30.0854 3532 pci - ok
17:12:30.0854 3532 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:12:30.0854 3532 pciide - ok
17:12:30.0870 3532 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:12:30.0870 3532 pcmcia - ok
17:12:30.0886 3532 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:12:30.0886 3532 pcw - ok
17:12:30.0932 3532 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:12:30.0932 3532 PEAUTH - ok
17:12:30.0964 3532 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:12:30.0979 3532 PerfHost - ok
17:12:31.0042 3532 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:12:31.0057 3532 pla - ok
17:12:31.0088 3532 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:12:31.0104 3532 PlugPlay - ok
17:12:31.0166 3532 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
17:12:31.0166 3532 Pml Driver HPZ12 - ok
17:12:31.0198 3532 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:12:31.0198 3532 PNRPAutoReg - ok
17:12:31.0213 3532 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:12:31.0213 3532 PNRPsvc - ok
17:12:31.0260 3532 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:12:31.0260 3532 PolicyAgent - ok
17:12:31.0291 3532 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:12:31.0291 3532 Power - ok
17:12:31.0354 3532 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:12:31.0354 3532 PptpMiniport - ok
17:12:31.0369 3532 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:12:31.0369 3532 Processor - ok
17:12:31.0400 3532 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
17:12:31.0400 3532 ProfSvc - ok
17:12:31.0432 3532 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:12:31.0432 3532 ProtectedStorage - ok
17:12:31.0463 3532 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:12:31.0463 3532 Psched - ok
17:12:31.0525 3532 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:12:31.0541 3532 ql2300 - ok
17:12:31.0619 3532 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:12:31.0634 3532 ql40xx - ok
17:12:31.0650 3532 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:12:31.0666 3532 QWAVE - ok
17:12:31.0666 3532 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:12:31.0666 3532 QWAVEdrv - ok
17:12:31.0681 3532 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:12:31.0681 3532 RasAcd - ok
17:12:31.0697 3532 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:12:31.0697 3532 RasAgileVpn - ok
17:12:31.0712 3532 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:12:31.0712 3532 RasAuto - ok
17:12:31.0744 3532 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:12:31.0744 3532 Rasl2tp - ok
17:12:31.0759 3532 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:12:31.0759 3532 RasMan - ok
17:12:31.0790 3532 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:12:31.0790 3532 RasPppoe - ok
17:12:31.0806 3532 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:12:31.0806 3532 RasSstp - ok
17:12:31.0837 3532 rcmirror (96597c96d5acf4a3ef0b24d396853879) C:\Windows\system32\DRIVERS\rcmirror.sys
17:12:31.0837 3532 rcmirror - ok
17:12:31.0868 3532 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:12:31.0884 3532 rdbss - ok
17:12:31.0884 3532 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:12:31.0884 3532 rdpbus - ok
17:12:31.0884 3532 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:12:31.0884 3532 RDPCDD - ok
17:12:31.0915 3532 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:12:31.0915 3532 RDPENCDD - ok
17:12:31.0931 3532 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:12:31.0931 3532 RDPREFMP - ok
17:12:31.0962 3532 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
17:12:31.0962 3532 RDPWD - ok
17:12:32.0009 3532 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:12:32.0009 3532 rdyboost - ok
17:12:32.0040 3532 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:12:32.0040 3532 RemoteAccess - ok
17:12:32.0071 3532 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:12:32.0071 3532 RemoteRegistry - ok
17:12:32.0087 3532 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:12:32.0087 3532 RpcEptMapper - ok
17:12:32.0102 3532 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:12:32.0102 3532 RpcLocator - ok
17:12:32.0134 3532 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
17:12:32.0134 3532 RpcSs - ok
17:12:32.0165 3532 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:12:32.0165 3532 rspndr - ok
17:12:32.0196 3532 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:12:32.0196 3532 RTL8167 - ok
17:12:32.0227 3532 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:12:32.0227 3532 SamSs - ok
17:12:32.0258 3532 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:12:32.0258 3532 sbp2port - ok
17:12:32.0274 3532 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:12:32.0290 3532 SCardSvr - ok
17:12:32.0305 3532 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:12:32.0305 3532 scfilter - ok
17:12:32.0368 3532 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:12:32.0368 3532 Schedule - ok
17:12:32.0414 3532 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:12:32.0414 3532 SCPolicySvc - ok
17:12:32.0430 3532 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:12:32.0430 3532 SDRSVC - ok
17:12:32.0477 3532 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:12:32.0477 3532 secdrv - ok
17:12:32.0477 3532 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:12:32.0492 3532 seclogon - ok
17:12:32.0508 3532 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
17:12:32.0508 3532 SENS - ok
17:12:32.0508 3532 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:12:32.0524 3532 SensrSvc - ok
17:12:32.0524 3532 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:12:32.0524 3532 Serenum - ok
17:12:32.0539 3532 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:12:32.0539 3532 Serial - ok
17:12:32.0570 3532 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:12:32.0570 3532 sermouse - ok
17:12:32.0617 3532 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:12:32.0617 3532 SessionEnv - ok
17:12:32.0617 3532 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:12:32.0617 3532 sffdisk - ok
17:12:32.0617 3532 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:12:32.0617 3532 sffp_mmc - ok
17:12:32.0633 3532 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:12:32.0633 3532 sffp_sd - ok
17:12:32.0648 3532 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:12:32.0648 3532 sfloppy - ok
17:12:32.0711 3532 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:12:32.0726 3532 SharedAccess - ok
17:12:32.0758 3532 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:12:32.0758 3532 ShellHWDetection - ok
17:12:32.0773 3532 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:12:32.0773 3532 SiSRaid2 - ok
17:12:32.0789 3532 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:12:32.0789 3532 SiSRaid4 - ok
17:12:32.0960 3532 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
17:12:32.0992 3532 Skype C2C Service - ok
17:12:33.0272 3532 SkypeUpdate (f07af60b152221472fbdb2fecec4896d) C:\Program Files (x86)\Skype\Updater\Updater.exe
17:12:33.0272 3532 SkypeUpdate - ok
17:12:33.0366 3532 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:12:33.0366 3532 Smb - ok
17:12:33.0397 3532 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:12:33.0397 3532 SNMPTRAP - ok
17:12:33.0397 3532 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:12:33.0397 3532 spldr - ok
17:12:33.0444 3532 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:12:33.0460 3532 Spooler - ok
17:12:33.0569 3532 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:12:33.0600 3532 sppsvc - ok
17:12:33.0662 3532 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:12:33.0662 3532 sppuinotify - ok
17:12:33.0725 3532 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:12:33.0725 3532 srv - ok
17:12:33.0756 3532 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:12:33.0756 3532 srv2 - ok
17:12:33.0772 3532 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:12:33.0772 3532 srvnet - ok
17:12:33.0787 3532 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:12:33.0787 3532 SSDPSRV - ok
17:12:33.0803 3532 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:12:33.0818 3532 SstpSvc - ok
17:12:33.0834 3532 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:12:33.0834 3532 stexstor - ok
17:12:33.0865 3532 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
17:12:33.0865 3532 StillCam - ok
17:12:33.0928 3532 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:12:33.0928 3532 stisvc - ok
17:12:33.0959 3532 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:12:33.0959 3532 swenum - ok
17:12:33.0974 3532 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:12:33.0990 3532 swprv - ok
17:12:34.0068 3532 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:12:34.0099 3532 SysMain - ok
17:12:34.0162 3532 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:12:34.0162 3532 TabletInputService - ok
17:12:34.0193 3532 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:12:34.0193 3532 TapiSrv - ok
17:12:34.0224 3532 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:12:34.0224 3532 TBS - ok
17:12:34.0333 3532 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
17:12:34.0333 3532 Tcpip - ok
17:12:34.0427 3532 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
17:12:34.0442 3532 TCPIP6 - ok
17:12:34.0474 3532 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:12:34.0474 3532 tcpipreg - ok
17:12:34.0505 3532 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:12:34.0505 3532 TDPIPE - ok
17:12:34.0536 3532 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:12:34.0536 3532 TDTCP - ok
17:12:34.0552 3532 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:12:34.0552 3532 tdx - ok
17:12:34.0583 3532 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:12:34.0583 3532 TermDD - ok
17:12:34.0630 3532 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:12:34.0630 3532 TermService - ok
17:12:34.0661 3532 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:12:34.0661 3532 Themes - ok
17:12:34.0676 3532 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:12:34.0676 3532 THREADORDER - ok
17:12:34.0692 3532 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:12:34.0692 3532 TrkWks - ok
17:12:34.0739 3532 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:12:34.0739 3532 TrustedInstaller - ok
17:12:34.0770 3532 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:12:34.0770 3532 tssecsrv - ok
17:12:34.0817 3532 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:12:34.0817 3532 TsUsbFlt - ok
17:12:34.0864 3532 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:12:34.0864 3532 tunnel - ok
17:12:34.0879 3532 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:12:34.0879 3532 uagp35 - ok
17:12:34.0910 3532 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:12:34.0926 3532 udfs - ok
17:12:34.0942 3532 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:12:34.0957 3532 UI0Detect - ok
17:12:34.0973 3532 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:12:34.0973 3532 uliagpkx - ok
17:12:35.0004 3532 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
17:12:35.0004 3532 umbus - ok
17:12:35.0020 3532 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:12:35.0020 3532 UmPass - ok
17:12:35.0035 3532 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:12:35.0035 3532 upnphost - ok
17:12:35.0066 3532 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
17:12:35.0066 3532 USBAAPL64 - ok
17:12:35.0098 3532 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:12:35.0098 3532 usbccgp - ok
17:12:35.0144 3532 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:12:35.0144 3532 usbcir - ok
17:12:35.0160 3532 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
17:12:35.0160 3532 usbehci - ok
17:12:35.0191 3532 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:12:35.0191 3532 usbhub - ok
17:12:35.0207 3532 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
17:12:35.0207 3532 usbohci - ok
17:12:35.0222 3532 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:12:35.0222 3532 usbprint - ok
17:12:35.0254 3532 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:12:35.0254 3532 usbscan - ok
17:12:35.0285 3532 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:12:35.0285 3532 USBSTOR - ok
17:12:35.0316 3532 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
17:12:35.0316 3532 usbuhci - ok
17:12:35.0332 3532 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:12:35.0332 3532 UxSms - ok
17:12:35.0347 3532 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:12:35.0347 3532 VaultSvc - ok
17:12:35.0378 3532 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:12:35.0378 3532 vdrvroot - ok
17:12:35.0425 3532 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:12:35.0425 3532 vds - ok
17:12:35.0456 3532 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:12:35.0456 3532 vga - ok
17:12:35.0472 3532 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:12:35.0472 3532 VgaSave - ok
17:12:35.0488 3532 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:12:35.0488 3532 vhdmp - ok
17:12:35.0503 3532 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:12:35.0519 3532 viaide - ok
17:12:35.0519 3532 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:12:35.0519 3532 volmgr - ok
17:12:35.0566 3532 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:12:35.0566 3532 volmgrx - ok
17:12:35.0597 3532 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:12:35.0612 3532 volsnap - ok
17:12:35.0628 3532 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:12:35.0628 3532 vsmraid - ok
17:12:35.0690 3532 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:12:35.0706 3532 VSS - ok
17:12:35.0784 3532 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:12:35.0784 3532 vwifibus - ok
17:12:35.0800 3532 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:12:35.0815 3532 vwififlt - ok
17:12:35.0846 3532 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:12:35.0846 3532 W32Time - ok
17:12:35.0862 3532 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:12:35.0862 3532 WacomPen - ok
17:12:35.0909 3532 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:12:35.0909 3532 WANARP - ok
17:12:35.0909 3532 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:12:35.0909 3532 Wanarpv6 - ok
17:12:35.0987 3532 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:12:36.0002 3532 WatAdminSvc - ok
17:12:36.0065 3532 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:12:36.0080 3532 wbengine - ok
17:12:36.0158 3532 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:12:36.0158 3532 WbioSrvc - ok
17:12:36.0190 3532 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:12:36.0190 3532 wcncsvc - ok
17:12:36.0205 3532 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:12:36.0205 3532 WcsPlugInService - ok
17:12:36.0252 3532 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:12:36.0252 3532 Wd - ok
17:12:36.0283 3532 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:12:36.0283 3532 Wdf01000 - ok
17:12:36.0299 3532 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:12:36.0314 3532 WdiServiceHost - ok
17:12:36.0314 3532 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:12:36.0314 3532 WdiSystemHost - ok
17:12:36.0346 3532 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:12:36.0346 3532 WebClient - ok
17:12:36.0377 3532 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:12:36.0377 3532 Wecsvc - ok
17:12:36.0392 3532 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:12:36.0392 3532 wercplsupport - ok
17:12:36.0408 3532 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:12:36.0424 3532 WerSvc - ok
17:12:36.0455 3532 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:12:36.0455 3532 WfpLwf - ok
17:12:36.0470 3532 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:12:36.0470 3532 WIMMount - ok
17:12:36.0517 3532 WinDefend - ok
17:12:36.0517 3532 WinHttpAutoProxySvc - ok
17:12:36.0564 3532 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:12:36.0564 3532 Winmgmt - ok
17:12:36.0642 3532 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:12:36.0658 3532 WinRM - ok
17:12:36.0751 3532 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:12:36.0751 3532 Wlansvc - ok
17:12:36.0814 3532 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:12:36.0814 3532 wlcrasvc - ok
17:12:36.0938 3532 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:12:36.0970 3532 wlidsvc - ok
17:12:37.0063 3532 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:12:37.0063 3532 WmiAcpi - ok
17:12:37.0094 3532 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:12:37.0110 3532 wmiApSrv - ok
17:12:37.0126 3532 WMPNetworkSvc - ok
17:12:37.0141 3532 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:12:37.0141 3532 WPCSvc - ok
17:12:37.0172 3532 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:12:37.0188 3532 WPDBusEnum - ok
17:12:37.0204 3532 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:12:37.0204 3532 ws2ifsl - ok
17:12:37.0235 3532 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
17:12:37.0235 3532 wscsvc - ok
17:12:37.0282 3532 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
17:12:37.0282 3532 WSDPrintDevice - ok
17:12:37.0282 3532 WSearch - ok
17:12:37.0391 3532 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
17:12:37.0422 3532 wuauserv - ok
17:12:37.0516 3532 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:12:37.0516 3532 WudfPf - ok
17:12:37.0531 3532 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:12:37.0531 3532 WUDFRd - ok
17:12:37.0578 3532 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:12:37.0578 3532 wudfsvc - ok
17:12:37.0594 3532 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:12:37.0594 3532 WwanSvc - ok
17:12:37.0625 3532 MBR (0x1B8) (ffaea8e871b891b868a2a298aeaa16a3) \Device\Harddisk0\DR0
17:12:37.0765 3532 \Device\Harddisk0\DR0 - ok
17:12:37.0781 3532 Boot (0x1200) (6606e05fcf967cf78fb6600b51f22dce) \Device\Harddisk0\DR0\Partition0
17:12:37.0781 3532 \Device\Harddisk0\DR0\Partition0 - ok
17:12:37.0781 3532 Boot (0x1200) (4cdbd1900d3d58f849c70e2ad48fe150) \Device\Harddisk0\DR0\Partition1
17:12:37.0781 3532 \Device\Harddisk0\DR0\Partition1 - ok
17:12:37.0812 3532 Boot (0x1200) (a579d73bd0d7c1492b9f159f0921c1df) \Device\Harddisk0\DR0\Partition2
17:12:37.0812 3532 \Device\Harddisk0\DR0\Partition2 - ok
17:12:37.0828 3532 ============================================================
17:12:37.0828 3532 Scan finished
17:12:37.0828 3532 ============================================================
17:12:37.0828 3516 Detected object count: 0
17:12:37.0828 3516 Actual detected object count: 0
17:13:06.0064 0452 ============================================================
17:13:06.0064 0452 Scan started
17:13:06.0064 0452 Mode: Manual; SigCheck; TDLFS;
17:13:06.0064 0452 ============================================================
17:13:06.0267 0452 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:13:06.0329 0452 1394ohci - ok
17:13:06.0345 0452 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:13:06.0360 0452 ACPI - ok
17:13:06.0376 0452 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:13:06.0423 0452 AcpiPmi - ok
17:13:06.0469 0452 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:13:06.0485 0452 adp94xx - ok
17:13:06.0501 0452 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:13:06.0516 0452 adpahci - ok
17:13:06.0532 0452 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:13:06.0547 0452 adpu320 - ok
17:13:06.0563 0452 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:13:06.0610 0452 AeLookupSvc - ok
17:13:06.0657 0452 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:13:06.0672 0452 AFD - ok
17:13:06.0688 0452 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:13:06.0703 0452 agp440 - ok
17:13:06.0719 0452 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:13:06.0735 0452 ALG - ok
17:13:06.0766 0452 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:13:06.0766 0452 aliide - ok
17:13:06.0781 0452 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:13:06.0781 0452 amdide - ok
17:13:06.0797 0452 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:13:06.0844 0452 AmdK8 - ok
17:13:06.0859 0452 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:13:06.0875 0452 AmdPPM - ok
17:13:06.0906 0452 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:13:06.0922 0452 amdsata - ok
17:13:06.0937 0452 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:13:06.0937 0452 amdsbs - ok
17:13:06.0953 0452 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:13:06.0969 0452 amdxata - ok
17:13:07.0000 0452 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:13:07.0062 0452 AppID - ok
17:13:07.0078 0452 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:13:07.0125 0452 AppIDSvc - ok
17:13:07.0140 0452 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:13:07.0171 0452 Appinfo - ok
17:13:07.0234 0452 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:13:07.0249 0452 Apple Mobile Device - ok
17:13:07.0281 0452 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:13:07.0296 0452 arc - ok
17:13:07.0312 0452 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:13:07.0327 0452 arcsas - ok
17:13:07.0343 0452 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:13:07.0374 0452 AsyncMac - ok
17:13:07.0405 0452 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:13:07.0405 0452 atapi - ok
17:13:07.0452 0452 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:13:07.0499 0452 AudioEndpointBuilder - ok
17:13:07.0515 0452 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:13:07.0546 0452 AudioSrv - ok
17:13:07.0561 0452 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:13:07.0608 0452 AxInstSV - ok
17:13:07.0639 0452 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:13:07.0702 0452 b06bdrv - ok
17:13:07.0717 0452 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:13:07.0749 0452 b57nd60a - ok
17:13:07.0780 0452 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:13:07.0811 0452 BDESVC - ok
17:13:07.0827 0452 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:13:07.0873 0452 Beep - ok
17:13:07.0936 0452 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:13:07.0983 0452 BFE - ok
17:13:08.0029 0452 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
17:13:08.0076 0452 BITS - ok
17:13:08.0107 0452 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:13:08.0139 0452 blbdrive - ok
17:13:08.0185 0452 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
17:13:08.0201 0452 Bonjour Service - ok
17:13:08.0232 0452 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:13:08.0248 0452 bowser - ok
17:13:08.0263 0452 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:13:08.0295 0452 BrFiltLo - ok
17:13:08.0295 0452 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:13:08.0310 0452 BrFiltUp - ok
17:13:08.0326 0452 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:13:08.0373 0452 BridgeMP - ok
17:13:08.0404 0452 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:13:08.0435 0452 Browser - ok
17:13:08.0451 0452 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:13:08.0482 0452 Brserid - ok
17:13:08.0482 0452 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:13:08.0513 0452 BrSerWdm - ok
17:13:08.0513 0452 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:13:08.0544 0452 BrUsbMdm - ok
17:13:08.0544 0452 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:13:08.0560 0452 BrUsbSer - ok
17:13:08.0575 0452 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:13:08.0607 0452 BTHMODEM - ok
17:13:08.0638 0452 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:13:08.0669 0452 bthserv - ok
17:13:08.0669 0452 catchme - ok
17:13:08.0685 0452 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:13:08.0731 0452 cdfs - ok
17:13:08.0763 0452 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:13:08.0794 0452 cdrom - ok
17:13:08.0825 0452 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:13:08.0856 0452 CertPropSvc - ok
17:13:08.0887 0452 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:13:08.0903 0452 circlass - ok
17:13:08.0934 0452 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:13:08.0950 0452 CLFS - ok
17:13:08.0997 0452 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:13:08.0997 0452 clr_optimization_v2.0.50727_32 - ok
17:13:09.0043 0452 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:13:09.0043 0452 clr_optimization_v2.0.50727_64 - ok
17:13:09.0106 0452 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:13:09.0106 0452 clr_optimization_v4.0.30319_32 - ok
17:13:09.0137 0452 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:13:09.0137 0452 clr_optimization_v4.0.30319_64 - ok
17:13:09.0153 0452 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:13:09.0184 0452 CmBatt - ok
17:13:09.0215 0452 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:13:09.0231 0452 cmdide - ok
17:13:09.0262 0452 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
17:13:09.0309 0452 CNG - ok
17:13:09.0309 0452 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:13:09.0324 0452 Compbatt - ok
17:13:09.0340 0452 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:13:09.0371 0452 CompositeBus - ok
17:13:09.0371 0452 COMSysApp - ok
17:13:09.0402 0452 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:13:09.0402 0452 crcdisk - ok
17:13:09.0449 0452 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
17:13:09.0465 0452 CryptSvc - ok
17:13:09.0496 0452 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:13:09.0527 0452 DcomLaunch - ok
17:13:09.0558 0452 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:13:09.0605 0452 defragsvc - ok
17:13:09.0636 0452 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:13:09.0683 0452 DfsC - ok
17:13:09.0699 0452 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:13:09.0745 0452 Dhcp - ok
17:13:09.0761 0452 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:13:09.0792 0452 discache - ok
17:13:09.0808 0452 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:13:09.0808 0452 Disk - ok
17:13:09.0839 0452 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:13:09.0855 0452 Dnscache - ok
17:13:09.0886 0452 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:13:09.0933 0452 dot3svc - ok
17:13:09.0964 0452 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
17:13:09.0979 0452 Dot4 - ok
17:13:09.0995 0452 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
17:13:10.0042 0452 Dot4Print - ok
17:13:10.0057 0452 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
17:13:10.0089 0452 dot4usb - ok
17:13:10.0104 0452 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:13:10.0151 0452 DPS - ok
17:13:10.0167 0452 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:13:10.0182 0452 drmkaud - ok
17:13:10.0229 0452 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:13:10.0260 0452 DXGKrnl - ok
17:13:10.0276 0452 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:13:10.0307 0452 EapHost - ok
17:13:10.0432 0452 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:13:10.0494 0452 ebdrv - ok
17:13:10.0572 0452 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:13:10.0588 0452 EFS - ok
17:13:10.0650 0452 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:13:10.0697 0452 ehRecvr - ok
17:13:10.0713 0452 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:13:10.0744 0452 ehSched - ok
17:13:10.0791 0452 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:13:10.0806 0452 elxstor - ok
17:13:10.0822 0452 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:13:10.0853 0452 ErrDev - ok
17:13:10.0884 0452 esgiguard - ok
17:13:10.0900 0452 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:13:10.0931 0452 EventSystem - ok
17:13:10.0947 0452 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:13:10.0978 0452 exfat - ok
17:13:10.0993 0452 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:13:11.0040 0452 fastfat - ok
17:13:11.0087 0452 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:13:11.0134 0452 Fax - ok
17:13:11.0149 0452 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:13:11.0165 0452 fdc - ok
17:13:11.0181 0452 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:13:11.0212 0452 fdPHost - ok
17:13:11.0227 0452 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:13:11.0259 0452 FDResPub - ok
17:13:11.0274 0452 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:13:11.0290 0452 FileInfo - ok
17:13:11.0290 0452 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:13:11.0321 0452 Filetrace - ok
17:13:11.0337 0452 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:13:11.0352 0452 flpydisk - ok
17:13:11.0383 0452 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:13:11.0399 0452 FltMgr - ok
17:13:11.0446 0452 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:13:11.0461 0452 FontCache - ok
17:13:11.0508 0452 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:13:11.0524 0452 FontCache3.0.0.0 - ok
17:13:11.0555 0452 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:13:11.0555 0452 FsDepends - ok
17:13:11.0586 0452 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
17:13:11.0602 0452 Fs_Rec - ok
17:13:11.0633 0452 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:13:11.0649 0452 fvevol - ok
17:13:11.0649 0452 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:13:11.0664 0452 gagp30kx - ok
17:13:11.0742 0452 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
17:13:11.0742 0452 GamesAppService - ok
17:13:11.0773 0452 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:13:11.0773 0452 GEARAspiWDM - ok
17:13:11.0820 0452 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:13:11.0867 0452 gpsvc - ok
17:13:11.0883 0452 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:13:11.0898 0452 hcw85cir - ok
17:13:11.0929 0452 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:13:11.0976 0452 HDAudBus - ok
17:13:12.0007 0452 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
17:13:12.0023 0452 HECIx64 - ok
17:13:12.0023 0452 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:13:12.0054 0452 HidBatt - ok
17:13:12.0070 0452 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:13:12.0101 0452 HidBth - ok
17:13:12.0132 0452 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:13:12.0148 0452 HidIr - ok
17:13:12.0163 0452 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
17:13:12.0210 0452 hidserv - ok
17:13:12.0241 0452 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:13:12.0241 0452 HidUsb - ok
17:13:12.0273 0452 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:13:12.0319 0452 hkmsvc - ok
17:13:12.0351 0452 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:13:12.0397 0452 HomeGroupListener - ok
17:13:12.0429 0452 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:13:12.0460 0452 HomeGroupProvider - ok
17:13:12.0538 0452 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
17:13:12.0538 0452 HP Support Assistant Service - ok
17:13:12.0585 0452 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
17:13:12.0585 0452 HPDrvMntSvc.exe - ok
17:13:12.0663 0452 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
17:13:12.0678 0452 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
17:13:12.0678 0452 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
17:13:12.0709 0452 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
17:13:12.0709 0452 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
17:13:12.0709 0452 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
17:13:12.0741 0452 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
17:13:12.0772 0452 hpqwmiex - ok
17:13:12.0865 0452 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:13:12.0881 0452 HpSAMD - ok
17:13:12.0928 0452 HPSLPSVC (d972f48d0ce396759b788693cd665926) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
17:13:12.0943 0452 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
17:13:12.0943 0452 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
17:13:12.0990 0452 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:13:13.0037 0452 HTTP - ok
17:13:13.0068 0452 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:13:13.0068 0452 hwpolicy - ok
17:13:13.0084 0452 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:13:13.0099 0452 i8042prt - ok
17:13:13.0131 0452 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:13:13.0146 0452 iaStorV - ok
17:13:13.0224 0452 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:13:13.0240 0452 idsvc - ok
17:13:13.0271 0452 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:13:13.0287 0452 iirsp - ok
17:13:13.0333 0452 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:13:13.0365 0452 IKEEXT - ok
17:13:13.0458 0452 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
17:13:13.0489 0452 IntcAzAudAddService - ok
17:13:13.0599 0452 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:13:13.0599 0452 intelide - ok
17:13:13.0630 0452 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:13:13.0645 0452 intelppm - ok
17:13:13.0677 0452 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:13:13.0708 0452 IPBusEnum - ok
17:13:13.0739 0452 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:13:13.0770 0452 IpFilterDriver - ok
17:13:13.0833 0452 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:13:13.0879 0452 iphlpsvc - ok
17:13:13.0895 0452 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:13:13.0926 0452 IPMIDRV - ok
17:13:13.0942 0452 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:13:13.0989 0452 IPNAT - ok
17:13:14.0051 0452 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
17:13:14.0067 0452 iPod Service - ok
17:13:14.0067 0452 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:13:14.0098 0452 IRENUM - ok
17:13:14.0129 0452 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:13:14.0129 0452 isapnp - ok
17:13:14.0145 0452 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:13:14.0160 0452 iScsiPrt - ok
17:13:14.0176 0452 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:13:14.0176 0452 kbdclass - ok
17:13:14.0191 0452 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
17:13:14.0207 0452 kbdhid - ok
17:13:14.0223 0452 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:13:14.0238 0452 KeyIso - ok
17:13:14.0254 0452 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
17:13:14.0269 0452 KSecDD - ok
17:13:14.0301 0452 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
17:13:14.0316 0452 KSecPkg - ok
17:13:14.0332 0452 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:13:14.0363 0452 ksthunk - ok
17:13:14.0394 0452 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:13:14.0425 0452 KtmRm - ok
17:13:14.0457 0452 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
17:13:14.0503 0452 LanmanServer - ok
17:13:14.0535 0452 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:13:14.0581 0452 LanmanWorkstation - ok
17:13:14.0628 0452 LightScribeService (0ee66bdf485c6828aa65c0ef5d591133) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
17:13:14.0644 0452 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
17:13:14.0644 0452 LightScribeService - detected UnsignedFile.Multi.Generic (1)
17:13:14.0706 0452 Linksys_adapter_H (584528bf596a54b2bf6be5067adda44a) C:\Windows\system32\DRIVERS\AE2500w764.sys
17:13:14.0737 0452 Linksys_adapter_H - ok
17:13:14.0737 0452 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:13:14.0784 0452 lltdio - ok
17:13:14.0815 0452 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:13:14.0847 0452 lltdsvc - ok
17:13:14.0862 0452 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:13:14.0893 0452 lmhosts - ok
17:13:14.0893 0452 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:13:14.0909 0452 LSI_FC - ok
17:13:14.0925 0452 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:13:14.0940 0452 LSI_SAS - ok
17:13:14.0956 0452 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:13:14.0956 0452 LSI_SAS2 - ok
17:13:14.0971 0452 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:13:14.0987 0452 LSI_SCSI - ok
17:13:15.0003 0452 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:13:15.0049 0452 luafv - ok
17:13:15.0081 0452 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:13:15.0081 0452 Mcx2Svc - ok
17:13:15.0096 0452 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:13:15.0112 0452 megasas - ok
17:13:15.0127 0452 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:13:15.0127 0452 MegaSR - ok
17:13:15.0159 0452 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:13:15.0190 0452 MMCSS - ok
17:13:15.0205 0452 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:13:15.0252 0452 Modem - ok
17:13:15.0283 0452 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:13:15.0299 0452 monitor - ok
17:13:15.0330 0452 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:13:15.0346 0452 mouclass - ok
17:13:15.0361 0452 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:13:15.0377 0452 mouhid - ok
17:13:15.0393 0452 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:13:15.0408 0452 mountmgr - ok
17:13:15.0439 0452 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
17:13:15.0455 0452 MpFilter - ok
17:13:15.0471 0452 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:13:15.0471 0452 mpio - ok
17:13:15.0486 0452 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:13:15.0517 0452 mpsdrv - ok
17:13:15.0564 0452 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:13:15.0611 0452 MpsSvc - ok
17:13:15.0627 0452 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:13:15.0658 0452 MRxDAV - ok
17:13:15.0673 0452 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:13:15.0705 0452 mrxsmb - ok
17:13:15.0736 0452 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:13:15.0751 0452 mrxsmb10 - ok
17:13:15.0783 0452 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:13:15.0783 0452 mrxsmb20 - ok
17:13:15.0814 0452 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:13:15.0814 0452 msahci - ok
17:13:15.0845 0452 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:13:15.0861 0452 msdsm - ok
17:13:15.0876 0452 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:13:15.0892 0452 MSDTC - ok
17:13:15.0923 0452 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:13:15.0954 0452 Msfs - ok
17:13:15.0954 0452 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:13:16.0001 0452 mshidkmdf - ok
17:13:16.0032 0452 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:13:16.0032 0452 msisadrv - ok
17:13:16.0063 0452 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:13:16.0095 0452 MSiSCSI - ok
17:13:16.0095 0452 msiserver - ok
17:13:16.0110 0452 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:13:16.0141 0452 MSKSSRV - ok
17:13:16.0204 0452 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:13:16.0204 0452 MsMpSvc - ok
17:13:16.0219 0452 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:13:16.0282 0452 MSPCLOCK - ok
17:13:16.0282 0452 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:13:16.0329 0452 MSPQM - ok
17:13:16.0360 0452 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:13:16.0375 0452 MsRPC - ok
17:13:16.0407 0452 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:13:16.0422 0452 mssmbios - ok
17:13:16.0422 0452 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:13:16.0469 0452 MSTEE - ok
17:13:16.0485 0452 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:13:16.0500 0452 MTConfig - ok
17:13:16.0516 0452 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:13:16.0516 0452 Mup - ok
17:13:16.0563 0452 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:13:16.0594 0452 napagent - ok
17:13:16.0609 0452 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:13:16.0641 0452 NativeWifiP - ok
17:13:16.0687 0452 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:13:16.0703 0452 NDIS - ok
17:13:16.0719 0452 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:13:16.0750 0452 NdisCap - ok
17:13:16.0750 0452 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:13:16.0781 0452 NdisTapi - ok
17:13:16.0797 0452 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:13:16.0859 0452 Ndisuio - ok
17:13:16.0875 0452 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:13:16.0906 0452 NdisWan - ok
17:13:16.0937 0452 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:13:16.0968 0452 NDProxy - ok
17:13:16.0999 0452 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
17:13:17.0015 0452 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:13:17.0015 0452 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:13:17.0015 0452 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:13:17.0062 0452 NetBIOS - ok
17:13:17.0093 0452 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:13:17.0140 0452 NetBT - ok
17:13:17.0171 0452 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:13:17.0171 0452 Netlogon - ok
17:13:17.0202 0452 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:13:17.0233 0452 Netman - ok
17:13:17.0249 0452 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:13:17.0296 0452 netprofm - ok
17:13:17.0343 0452 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:13:17.0343 0452 NetTcpPortSharing - ok
17:13:17.0374 0452 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:13:17.0389 0452 nfrd960 - ok
17:13:17.0421 0452 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:13:17.0421 0452 NisDrv - ok
17:13:17.0483 0452 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
17:13:17.0499 0452 NisSrv - ok
17:13:17.0545 0452 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:13:17.0577 0452 NlaSvc - ok
17:13:17.0592 0452 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:13:17.0623 0452 Npfs - ok
17:13:17.0639 0452 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:13:17.0670 0452 nsi - ok
17:13:17.0670 0452 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:13:17.0733 0452 nsiproxy - ok
17:13:17.0811 0452 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:13:17.0842 0452 Ntfs - ok
17:13:17.0935 0452 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:13:17.0967 0452 Null - ok
17:13:17.0982 0452 NVHDA (cddd4478757288df4bb1494bfd084259) C:\Windows\system32\drivers\nvhda64v.sys
17:13:17.0998 0452 NVHDA - ok
17:13:18.0372 0452 nvlddmkm (04a048659b8f77f9151308a690f14e87) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:13:18.0559 0452 nvlddmkm - ok
17:13:18.0653 0452 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:13:18.0669 0452 nvraid - ok
17:13:18.0669 0452 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:13:18.0684 0452 nvstor - ok
17:13:18.0715 0452 nvsvc (35ed605e778509668c08ed15db96e7cd) C:\Windows\system32\nvvsvc.exe
17:13:18.0715 0452 nvsvc - ok
17:13:18.0747 0452 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:13:18.0762 0452 nv_agp - ok
17:13:18.0778 0452 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:13:18.0809 0452 ohci1394 - ok
17:13:18.0840 0452 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:13:18.0871 0452 p2pimsvc - ok
17:13:18.0887 0452 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:13:18.0903 0452 p2psvc - ok
17:13:18.0934 0452 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:13:18.0934 0452 Parport - ok
17:13:18.0965 0452 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
17:13:18.0981 0452 partmgr - ok
17:13:18.0981 0452 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:13:19.0012 0452 PcaSvc - ok
17:13:19.0043 0452 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:13:19.0059 0452 pci - ok
17:13:19.0059 0452 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:13:19.0074 0452 pciide - ok
17:13:19.0090 0452 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:13:19.0105 0452 pcmcia - ok
17:13:19.0121 0452 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:13:19.0121 0452 pcw - ok
17:13:19.0152 0452 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:13:19.0199 0452 PEAUTH - ok
17:13:19.0246 0452 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:13:19.0261 0452 PerfHost - ok
17:13:19.0355 0452 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:13:19.0402 0452 pla - ok
17:13:19.0433 0452 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:13:19.0449 0452 PlugPlay - ok
17:13:19.0480 0452 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
17:13:19.0495 0452 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:13:19.0495 0452 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:13:19.0511 0452 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:13:19.0542 0452 PNRPAutoReg - ok
17:13:19.0573 0452 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:13:19.0573 0452 PNRPsvc - ok
17:13:19.0620 0452 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:13:19.0667 0452 PolicyAgent - ok
17:13:19.0698 0452 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:13:19.0729 0452 Power - ok
17:13:19.0792 0452 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:13:19.0823 0452 PptpMiniport - ok
17:13:19.0839 0452 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:13:19.0854 0452 Processor - ok
17:13:19.0885 0452 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
17:13:19.0917 0452 ProfSvc - ok
17:13:19.0932 0452 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:13:19.0948 0452 ProtectedStorage - ok
17:13:19.0979 0452 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:13:20.0010 0452 Psched - ok
17:13:20.0057 0452 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:13:20.0073 0452 ql2300 - ok
17:13:20.0166 0452 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:13:20.0182 0452 ql40xx - ok
17:13:20.0213 0452 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:13:20.0229 0452 QWAVE - ok
17:13:20.0229 0452 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:13:20.0275 0452 QWAVEdrv - ok
17:13:20.0291 0452 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:13:20.0338 0452 RasAcd - ok
17:13:20.0353 0452 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:13:20.0385 0452 RasAgileVpn - ok
17:13:20.0400 0452 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:13:20.0431 0452 RasAuto - ok
17:13:20.0463 0452 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:13:20.0494 0452 Rasl2tp - ok
17:13:20.0525 0452 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:13:20.0556 0452 RasMan - ok
17:13:20.0572 0452 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:13:20.0634 0452 RasPppoe - ok
17:13:20.0650 0452 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:13:20.0681 0452 RasSstp - ok
17:13:20.0712 0452 rcmirror (96597c96d5acf4a3ef0b24d396853879) C:\Windows\system32\DRIVERS\rcmirror.sys
17:13:20.0728 0452 rcmirror - ok
17:13:20.0759 0452 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:13:20.0790 0452 rdbss - ok
17:13:20.0806 0452 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:13:20.0837 0452 rdpbus - ok
17:13:20.0837 0452 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:13:20.0868 0452 RDPCDD - ok
17:13:20.0884 0452 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:13:20.0946 0452 RDPENCDD - ok
17:13:20.0962 0452 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:13:20.0993 0452 RDPREFMP - ok
17:13:21.0024 0452 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
17:13:21.0071 0452 RDPWD - ok
17:13:21.0102 0452 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:13:21.0118 0452 rdyboost - ok
17:13:21.0133 0452 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:13:21.0180 0452 RemoteAccess - ok
17:13:21.0211 0452 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:13:21.0243 0452 RemoteRegistry - ok
17:13:21.0243 0452 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:13:21.0274 0452 RpcEptMapper - ok
17:13:21.0289 0452 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:13:21.0305 0452 RpcLocator - ok
17:13:21.0336 0452 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
17:13:21.0367 0452 RpcSs - ok
17:13:21.0383 0452 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:13:21.0414 0452 rspndr - ok
17:13:21.0445 0452 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:13:21.0461 0452 RTL8167 - ok
17:13:21.0477 0452 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:13:21.0492 0452 SamSs - ok
17:13:21.0523 0452 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:13:21.0539 0452 sbp2port - ok
17:13:21.0570 0452 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:13:21.0601 0452 SCardSvr - ok
17:13:21.0617 0452 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:13:21.0679 0452 scfilter - ok
17:13:21.0742 0452 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:13:21.0789 0452 Schedule - ok
17:13:21.0820 0452 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:13:21.0851 0452 SCPolicySvc - ok
17:13:21.0867 0452 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:13:21.0898 0452 SDRSVC - ok
17:13:21.0945 0452 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:13:21.0976 0452 secdrv - ok
17:13:21.0991 0452 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:13:22.0023 0452 seclogon - ok
17:13:22.0038 0452 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
17:13:22.0069 0452 SENS - ok
17:13:22.0085 0452 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:13:22.0116 0452 SensrSvc - ok
17:13:22.0132 0452 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:13:22.0147 0452 Serenum - ok
17:13:22.0163 0452 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:13:22.0179 0452 Serial - ok
17:13:22.0210 0452 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:13:22.0241 0452 sermouse - ok
17:13:22.0288 0452 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:13:22.0335 0452 SessionEnv - ok
17:13:22.0350 0452 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:13:22.0366 0452 sffdisk - ok
17:13:22.0381 0452 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:13:22.0381 0452 sffp_mmc - ok
17:13:22.0397 0452 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:13:22.0413 0452 sffp_sd - ok
17:13:22.0428 0452 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:13:22.0428 0452 sfloppy - ok
17:13:22.0459 0452 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:13:22.0506 0452 SharedAccess - ok
17:13:22.0537 0452 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:13:22.0569 0452 ShellHWDetection - ok
17:13:22.0584 0452 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:13:22.0600 0452 SiSRaid2 - ok
17:13:22.0615 0452 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:13:22.0615 0452 SiSRaid4 - ok
17:13:22.0756 0452 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
17:13:22.0803 0452 Skype C2C Service - ok
17:13:22.0849 0452 SkypeUpdate (f07af60b152221472fbdb2fecec4896d) C:\Program Files (x86)\Skype\Updater\Updater.exe
17:13:22.0865 0452 SkypeUpdate - ok
17:13:22.0943 0452 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:13:22.0974 0452 Smb - ok
17:13:23.0005 0452 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:13:23.0005 0452 SNMPTRAP - ok
17:13:23.0021 0452 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:13:23.0021 0452 spldr - ok
17:13:23.0068 0452 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:13:23.0115 0452 Spooler - ok
17:13:23.0224 0452 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:13:23.0302 0452 sppsvc - ok
17:13:23.0364 0452 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:13:23.0411 0452 sppuinotify - ok
17:13:23.0473 0452 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:13:23.0505 0452 srv - ok
17:13:23.0520 0452 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:13:23.0551 0452 srv2 - ok
17:13:23.0567 0452 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:13:23.0583 0452 srvnet - ok
17:13:23.0598 0452 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:13:23.0629 0452 SSDPSRV - ok
17:13:23.0645 0452 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:13:23.0676 0452 SstpSvc - ok
17:13:23.0692 0452 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:13:23.0692 0452 stexstor - ok
17:13:23.0723 0452 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
17:13:23.0754 0452 StillCam - ok
17:13:23.0801 0452 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:13:23.0817 0452 stisvc - ok
17:13:23.0848 0452 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:13:23.0863 0452 swenum - ok
17:13:23.0895 0452 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:13:23.0926 0452 swprv - ok
17:13:24.0004 0452 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:13:24.0051 0452 SysMain - ok
17:13:24.0113 0452 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:13:24.0129 0452 TabletInputService - ok
17:13:24.0160 0452 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:13:24.0191 0452 TapiSrv - ok
17:13:24.0222 0452 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:13:24.0253 0452 TBS - ok
17:13:24.0347 0452 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
17:13:24.0394 0452 Tcpip - ok
17:13:24.0472 0452 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
17:13:24.0503 0452 TCPIP6 - ok
17:13:24.0550 0452 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:13:24.0597 0452 tcpipreg - ok
17:13:24.0628 0452 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:13:24.0659 0452 TDPIPE - ok
17:13:24.0690 0452 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:13:24.0721 0452 TDTCP - ok
17:13:24.0737 0452 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:13:24.0784 0452 tdx - ok
17:13:24.0799 0452 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:13:24.0799 0452 TermDD - ok
17:13:24.0846 0452 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:13:24.0893 0452 TermService - ok
17:13:24.0909 0452 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:13:24.0940 0452 Themes - ok
17:13:24.0955 0452 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:13:24.0987 0452 THREADORDER - ok
17:13:25.0002 0452 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:13:25.0033 0452 TrkWks - ok
17:13:25.0080 0452 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:13:25.0127 0452 TrustedInstaller - ok
17:13:25.0158 0452 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:13:25.0205 0452 tssecsrv - ok
17:13:25.0221 0452 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:13:25.0252 0452 TsUsbFlt - ok
17:13:25.0267 0452 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:13:25.0299 0452 tunnel - ok
17:13:25.0314 0452 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:13:25.0330 0452 uagp35 - ok
17:13:25.0361 0452 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:13:25.0392 0452 udfs - ok
17:13:25.0423 0452 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:13:25.0455 0452 UI0Detect - ok
17:13:25.0486 0452 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:13:25.0486 0452 uliagpkx - ok
17:13:25.0501 0452 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
17:13:25.0517 0452 umbus - ok
17:13:25.0533 0452 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:13:25.0548 0452 UmPass - ok
17:13:25.0579 0452 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:13:25.0611 0452 upnphost - ok
17:13:25.0626 0452 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
17:13:25.0657 0452 USBAAPL64 - ok
17:13:25.0673 0452 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:13:25.0689 0452 usbccgp - ok
17:13:25.0720 0452 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:13:25.0720 0452 usbcir - ok
17:13:25.0751 0452 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
17:13:25.0767 0452 usbehci - ok
17:13:25.0782 0452 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:13:25.0813 0452 usbhub - ok
17:13:25.0845 0452 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
17:13:25.0860 0452 usbohci - ok
17:13:25.0876 0452 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:13:25.0891 0452 usbprint - ok
17:13:25.0923 0452 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:13:25.0954 0452 usbscan - ok
17:13:25.0985 0452 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:13:26.0016 0452 USBSTOR - ok
17:13:26.0047 0452 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
17:13:26.0047 0452 usbuhci - ok
17:13:26.0063 0452 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:13:26.0110 0452 UxSms - ok
17:13:26.0141 0452 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:13:26.0157 0452 VaultSvc - ok
17:13:26.0172 0452 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:13:26.0188 0452 vdrvroot - ok
17:13:26.0203 0452 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:13:26.0250 0452 vds - ok
17:13:26.0281 0452 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:13:26.0297 0452 vga - ok
17:13:26.0313 0452 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:13:26.0344 0452 VgaSave - ok
17:13:26.0359 0452 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:13:26.0375 0452 vhdmp - ok
17:13:26.0375 0452 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:13:26.0391 0452 viaide - ok
17:13:26.0422 0452 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:13:26.0422 0452 volmgr - ok
17:13:26.0453 0452 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:13:26.0484 0452 volmgrx - ok
17:13:26.0500 0452 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:13:26.0515 0452 volsnap - ok
17:13:26.0531 0452 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:13:26.0531 0452 vsmraid - ok
17:13:26.0593 0452 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:13:26.0656 0452 VSS - ok
17:13:26.0749 0452 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:13:26.0765 0452 vwifibus - ok
17:13:26.0765 0452 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:13:26.0796 0452 vwififlt - ok
17:13:26.0827 0452 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:13:26.0859 0452 W32Time - ok
17:13:26.0874 0452 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:13:26.0890 0452 WacomPen - ok
17:13:26.0921 0452 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:13:26.0968 0452 WANARP - ok
17:13:26.0968 0452 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:13:26.0999 0452 Wanarpv6 - ok
17:13:27.0046 0452 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:13:27.0077 0452 WatAdminSvc - ok
17:13:27.0139 0452 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:13:27.0186 0452 wbengine - ok
17:13:27.0264 0452 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:13:27.0280 0452 WbioSrvc - ok
17:13:27.0311 0452 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:13:27.0358 0452 wcncsvc - ok
17:13:27.0373 0452 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:13:27.0405 0452 WcsPlugInService - ok
17:13:27.0436 0452 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:13:27.0451 0452 Wd - ok
17:13:27.0483 0452 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:13:27.0498 0452 Wdf01000 - ok
17:13:27.0529 0452 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:13:27.0545 0452 WdiServiceHost - ok
17:13:27.0545 0452 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:13:27.0561 0452 WdiSystemHost - ok
17:13:27.0607 0452 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:13:27.0639 0452 WebClient - ok
17:13:27.0654 0452 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:13:27.0701 0452 Wecsvc - ok
17:13:27.0717 0452 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:13:27.0748 0452 wercplsupport - ok
17:13:27.0763 0452 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:13:27.0810 0452 WerSvc - ok
17:13:27.0857 0452 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:13:27.0873 0452 WfpLwf - ok
17:13:27.0888 0452 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:13:27.0888 0452 WIMMount - ok
17:13:27.0904 0452 WinDefend - ok
17:13:27.0919 0452 WinHttpAutoProxySvc - ok
17:13:27.0966 0452 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:13:27.0997 0452 Winmgmt - ok
17:13:28.0075 0452 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:13:28.0138 0452 WinRM - ok
17:13:28.0263 0452 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:13:28.0278 0452 Wlansvc - ok
17:13:28.0325 0452 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:13:28.0341 0452 wlcrasvc - ok
17:13:28.0465 0452 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:13:28.0512 0452 wlidsvc - ok
17:13:28.0606 0452 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:13:28.0621 0452 WmiAcpi - ok
17:13:28.0668 0452 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:13:28.0684 0452 wmiApSrv - ok
17:13:28.0715 0452 WMPNetworkSvc - ok
17:13:28.0731 0452 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:13:28.0746 0452 WPCSvc - ok
17:13:28.0777 0452 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:13:28.0793 0452 WPDBusEnum - ok
17:13:28.0809 0452 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:13:28.0855 0452 ws2ifsl - ok
17:13:28.0855 0452 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
17:13:28.0887 0452 wscsvc - ok
17:13:28.0918 0452 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
17:13:28.0933 0452 WSDPrintDevice - ok
17:13:28.0933 0452 WSearch - ok
17:13:29.0027 0452 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
17:13:29.0058 0452 wuauserv - ok
17:13:29.0167 0452 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:13:29.0214 0452 WudfPf - ok
17:13:29.0230 0452 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:13:29.0261 0452 WUDFRd - ok
17:13:29.0292 0452 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:13:29.0323 0452 wudfsvc - ok
17:13:29.0339 0452 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:13:29.0370 0452 WwanSvc - ok
17:13:29.0386 0452 MBR (0x1B8) (ffaea8e871b891b868a2a298aeaa16a3) \Device\Harddisk0\DR0
17:13:29.0573 0452 \Device\Harddisk0\DR0 - ok
17:13:29.0573 0452 Boot (0x1200) (6606e05fcf967cf78fb6600b51f22dce) \Device\Harddisk0\DR0\Partition0
17:13:29.0573 0452 \Device\Harddisk0\DR0\Partition0 - ok
17:13:29.0604 0452 Boot (0x1200) (4cdbd1900d3d58f849c70e2ad48fe150) \Device\Harddisk0\DR0\Partition1
17:13:29.0604 0452 \Device\Harddisk0\DR0\Partition1 - ok
17:13:29.0635 0452 Boot (0x1200) (a579d73bd0d7c1492b9f159f0921c1df) \Device\Harddisk0\DR0\Partition2
17:13:29.0651 0452 \Device\Harddisk0\DR0\Partition2 - ok
17:13:29.0651 0452 ============================================================
17:13:29.0651 0452 Scan finished
17:13:29.0651 0452 ============================================================
17:13:29.0651 3224 Detected object count: 6
17:13:29.0651 3224 Actual detected object count: 6
17:13:45.0610 3224 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
17:13:45.0610 3224 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:13:45.0610 3224 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:13:45.0610 3224 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:13:45.0610 3224 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
17:13:45.0610 3224 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:13:45.0610 3224 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
17:13:45.0610 3224 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:13:45.0610 3224 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:13:45.0610 3224 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:13:45.0610 3224 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:13:45.0610 3224 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:13:57.0559 3804 Deinitialize success


I await your following post. hope you had a good day "off island" :)
  • 0

#6
RKinner
Posted 30 July 2012 - 09:18 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
We have a friend visiting this week so we took her over to another island to play tourist. Had great weather and saw everything we wanted to except orcas. (You can sometimes see killer whales from one park on San Juan island but none today.)


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#7
Streak118
Posted 31 July 2012 - 10:25 AM

Streak118

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Wanted to give you an update. Since beginning this, the steps you have had me do so far has resolved the desktop icon size and arrangement issue. I don't know about the microsoft security center services part though, with firewall and defender. I haven't wanted to check that, since you haven't told me to yet. but now for these latest steps:

Ok, the sfc \scannow part said there was no issues, and the sigverif step produced one result, it is [difxapi.dll] in folder [C:\windows\system32] modified [7/13/2009] file type [application extention] version [2.1.0.0]

And here is the VEW.txt output:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 31/07/2012 12:21:31 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 31/07/2012 4:06:23 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 31/07/2012 4:04:44 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 31/07/2012 4:04:42 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv64.dll
  • 0

#8
RKinner
Posted 31 July 2012 - 10:42 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Looking pretty good now. I expect Firewall to work since we replaced the registry entry that was missing and the service now starts. Windows Defender is disabled by Microsoft Security Essentials so it's not going to run. Any other problems?

If not we can clean up:

We need to cleanup System Restore:

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]
Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#9
Streak118
Posted 31 July 2012 - 11:29 PM

Streak118

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
So, I guess that's it? We are all fixed? I deleted all the txt's that didnt clean themselves off, and uninstalled the other stuff, deleted the zip folder you had me download. All in all, that was relatively painless. Thank you so much for the help! You rock and this forum is great! Thankfully, you don't or else I couldn't have been here, but you guys work great and should charge for this... Still, don't lol. Or I won't be able to come back for help next time if something happens :)


  • 0

#10
RKinner
Posted 01 August 2012 - 01:34 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
If you're happy then we're done.
  • 0

#11
Streak118
Posted 01 August 2012 - 01:37 AM

Streak118

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I am. Thank you again for the help!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP