Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with possible rootkit/bootkit!


  • Please log in to reply
14 replies to this topic

#1 thedude325

thedude325

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 05 April 2012 - 05:45 PM

Recently I found that my searches were being redirected to happili.com and other random junk websites. I began scanning my computer and removing threats, but the problem still continued. After running every free anti-malware/ anti-spyware known to man, I'm convinced that I have a hard to get rootkit/bootkit judging from my very limited knowledge of how to read av logs. Among virus' and trojans detected on my computer have been: Java/Exploit Blacole, Trojan win32/Alureon.FK. Help please.

Edited by hamluis, 05 April 2012 - 05:51 PM.
Moved from Win 7 to Am I Infected.


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:03 PM

Posted 05 April 2012 - 05:59 PM

Hello,

And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can. If you have performed any of the scans below post the logs for those scans, and then perform the ones you have not done.

Please download and run Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Malwarebytes Anti-Malware

NOTEMalwarebytes is now offering a free trial of their program, if you want to accept it you will need to enter some billing information, so that at the end of the trial you would be charged the cost of the product. Please decline this offer, if you are unable to provide billing information. If you want to try it out, then provide the billing information.

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are unchecked (leave all others checked):
    • Ignore files larger then 4mb
    • Ignore non-executable files

    Now Perform the scan with SUPERAntiSpyware as follows:
    • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes" and reboot normally.
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.[list]
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

SAS Portable
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.


All scans above should be performed in regular boot mode, and if that is not possible then I will post instructions in a follow up reply on how to get into Safe Mode to perform the scans. Also all scans should be COMPLETE and not quick unless specifically instructed to do so.

#3 thedude325

thedude325
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 05 April 2012 - 08:38 PM

Ok first is the SecurityCheck.exe
=================================
Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Sophos Virus Removal Tool
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Java™ 6 Update 29
Java version out of date!
Adobe Flash Player 10.0.32.18 Flash Player out of Date!
Adobe Reader X (10.1.2)
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
Anvisoft Anvi Smart Defender ASDSrv.exe
Anvisoft Anvi Smart Defender ASDTray.exe
``````````End of Log````````````


Malware Bytes
==============
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.05.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Sam :: SAM-NEW-PC [administrator]

4/5/2012 7:17:07 PM
mbam-log-2012-04-05 (19-17-07).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 376241
Time elapsed: 43 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Now SuperAntiSpyware
====================

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/05/2012 at 09:04 PM

Application Version : 5.0.1146

Core Rules Database Version : 8418
Trace Rules Database Version: 6230

Scan type : Complete Scan
Total Scan Time : 00:47:28

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 700
Memory threats detected : 0
Registry items scanned : 67750
Registry threats detected : 0
File items scanned : 82783
File threats detected : 25

Adware.Tracking Cookie
C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\5VHB3OPQ.txt [ /kontera.com ]
C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\92T8SHHO.txt [ /collective-media.net ]
C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\4MKA88KQ.txt [ /solvemedia.com ]
C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\2Z8T8CFL.txt [ /serving-sys.com ]
C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\QQEEMAD9.txt [ /statcounter.com ]
C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\7KJQ1IMG.txt [ /ads.pubmatic.com ]
C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\HYG1IYJF.txt [ /legolas-media.com ]
C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\7O2OGJDL.txt [ /eset.122.2o7.net ]
C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\13WRE1S0.txt [ /media6degrees.com ]
C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\ZOFVVZ09.txt [ /adxpose.com ]
C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\IZA19EW3.txt [ /chitika.net ]
C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\JTWGRI5P.txt [ /specificclick.net ]
C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\0WF5AM37.txt [ /interclick.com ]
C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Cookies\ISMJW47H.txt [ /mm.chitika.net ]
C:\USERS\SAM\Cookies\5VHB3OPQ.txt [ Cookie:sam@kontera.com/ ]
C:\USERS\SAM\Cookies\92T8SHHO.txt [ Cookie:sam@collective-media.net/ ]
C:\USERS\SAM\Cookies\2Z8T8CFL.txt [ Cookie:sam@serving-sys.com/ ]
C:\USERS\SAM\Cookies\HYG1IYJF.txt [ Cookie:sam@legolas-media.com/ ]
C:\USERS\SAM\Cookies\13WRE1S0.txt [ Cookie:sam@media6degrees.com/ ]
C:\USERS\SAM\Cookies\ZOFVVZ09.txt [ Cookie:sam@adxpose.com/ ]
C:\USERS\SAM\Cookies\IZA19EW3.txt [ Cookie:sam@chitika.net/ ]
C:\USERS\SAM\Cookies\JTWGRI5P.txt [ Cookie:sam@specificclick.net/ ]
C:\USERS\SAM\Cookies\0WF5AM37.txt [ Cookie:sam@interclick.com/ ]
C:\USERS\SAM\Cookies\ISMJW47H.txt [ Cookie:sam@mm.chitika.net/ ]

Trojan.Agent/Gen-Buzus
C:\USERS\SAM\DESKTOP\LISTPARTS64.EXE

GMER - Iím on x64 so tried Windows 7 compatibility mode?
=========================================================

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-05 21:35:43
Windows 6.1.7600
Running: y90ekhdh.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS01F36.log 1048576 bytes

---- EOF - GMER 1.0.15 ----

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:03 PM

Posted 05 April 2012 - 08:53 PM

Can you please download and run TDSS Killer. If you asks you to fix anything, theh PLEASE DO NOT FIX ANYTHING. Just post the log file that is generated.

#5 thedude325

thedude325
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 05 April 2012 - 09:36 PM

22:34:17.0216 6896 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
22:34:17.0606 6896 ============================================================
22:34:17.0606 6896 Current date / time: 2012/04/05 22:34:17.0606
22:34:17.0606 6896 SystemInfo:
22:34:17.0606 6896
22:34:17.0606 6896 OS Version: 6.1.7601 ServicePack: 1.0
22:34:17.0606 6896 Product type: Workstation
22:34:17.0606 6896 ComputerName: SAM-NEW-PC
22:34:17.0606 6896 UserName: Sam
22:34:17.0606 6896 Windows directory: C:\Windows
22:34:17.0606 6896 System windows directory: C:\Windows
22:34:17.0606 6896 Running under WOW64
22:34:17.0606 6896 Processor architecture: Intel x64
22:34:17.0606 6896 Number of processors: 4
22:34:17.0606 6896 Page size: 0x1000
22:34:17.0606 6896 Boot type: Normal boot
22:34:17.0606 6896 ============================================================
22:34:18.0105 6896 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:34:18.0152 6896 Drive \Device\Harddisk1\DR1 - Size: 0x3BDDBE00 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:34:18.0152 6896 \Device\Harddisk0\DR0:
22:34:18.0152 6896 MBR used
22:34:18.0152 6896 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x476572B0
22:34:18.0152 6896 \Device\Harddisk1\DR1:
22:34:18.0152 6896 MBR used
22:34:18.0199 6896 Initialize success
22:34:18.0199 6896 ============================================================
22:34:25.0422 3780 ============================================================
22:34:25.0422 3780 Scan started
22:34:25.0422 3780 Mode: Manual; SigCheck; TDLFS;
22:34:25.0422 3780 ============================================================
22:34:25.0781 3780 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
22:34:25.0859 3780 !SASCORE - ok
22:34:26.0015 3780 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:34:26.0077 3780 1394ohci - ok
22:34:26.0139 3780 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:34:26.0171 3780 ACPI - ok
22:34:26.0217 3780 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:34:26.0327 3780 AcpiPmi - ok
22:34:26.0498 3780 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:34:26.0514 3780 AdobeARMservice - ok
22:34:26.0654 3780 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
22:34:26.0670 3780 adp94xx - ok
22:34:26.0732 3780 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
22:34:26.0748 3780 adpahci - ok
22:34:26.0763 3780 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
22:34:26.0779 3780 adpu320 - ok
22:34:26.0795 3780 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:34:26.0982 3780 AeLookupSvc - ok
22:34:27.0044 3780 AFBAgent (6e79a119b0ce418fe44e0c824bf3f039) C:\Windows\system32\FBAgent.exe
22:34:27.0122 3780 AFBAgent - ok
22:34:27.0247 3780 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:34:27.0309 3780 AFD - ok
22:34:27.0387 3780 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:34:27.0403 3780 agp440 - ok
22:34:27.0434 3780 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:34:27.0512 3780 ALG - ok
22:34:27.0543 3780 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:34:27.0559 3780 aliide - ok
22:34:27.0606 3780 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:34:27.0621 3780 amdide - ok
22:34:27.0684 3780 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
22:34:27.0731 3780 AmdK8 - ok
22:34:27.0746 3780 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
22:34:27.0777 3780 AmdPPM - ok
22:34:27.0840 3780 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:34:27.0855 3780 amdsata - ok
22:34:27.0887 3780 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
22:34:27.0902 3780 amdsbs - ok
22:34:27.0933 3780 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:34:27.0949 3780 amdxata - ok
22:34:27.0996 3780 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:34:28.0199 3780 AppID - ok
22:34:28.0230 3780 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:34:28.0292 3780 AppIDSvc - ok
22:34:28.0355 3780 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
22:34:28.0417 3780 Appinfo - ok
22:34:28.0526 3780 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
22:34:28.0542 3780 arc - ok
22:34:28.0542 3780 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
22:34:28.0589 3780 arcsas - ok
22:34:28.0745 3780 asdsrv (2be4aa54c7728b7a432713961b09fa89) C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
22:34:28.0854 3780 asdsrv - ok
22:34:28.0963 3780 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
22:34:29.0010 3780 ASLDRService - ok
22:34:29.0025 3780 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
22:34:29.0041 3780 ASMMAP64 - ok
22:34:29.0166 3780 asmthub3 (718692fff22d6af47eba0a741a924921) C:\Windows\system32\DRIVERS\asmthub3.sys
22:34:29.0213 3780 asmthub3 - ok
22:34:29.0275 3780 asmtxhci (bad70a5ac534c108f680a33c654bc626) C:\Windows\system32\DRIVERS\asmtxhci.sys
22:34:29.0322 3780 asmtxhci - ok
22:34:29.0431 3780 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:34:29.0447 3780 aspnet_state - ok
22:34:29.0571 3780 assd (06f30358a657cba22115c4368b4001f9) C:\Windows\system32\drivers\assd.sys
22:34:29.0587 3780 assd - ok
22:34:29.0634 3780 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:34:29.0696 3780 AsyncMac - ok
22:34:29.0743 3780 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:34:29.0759 3780 atapi - ok
22:34:29.0805 3780 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
22:34:29.0883 3780 athr - ok
22:34:30.0055 3780 ATKGFNEXSrv (7910158929571214a959d5a6d16dd9c0) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
22:34:30.0180 3780 ATKGFNEXSrv - ok
22:34:30.0258 3780 ATKWMIACPIIO (1f7238a37389ed92e9d8eee975cabd54) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
22:34:30.0273 3780 ATKWMIACPIIO - ok
22:34:30.0398 3780 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:34:30.0492 3780 AudioEndpointBuilder - ok
22:34:30.0492 3780 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:34:30.0539 3780 AudioSrv - ok
22:34:30.0663 3780 avfsmn (7f5ea096d5edbaa9caeedf07dfae65da) C:\Windows\system32\DRIVERS\avfsmn.sys
22:34:30.0695 3780 avfsmn - ok
22:34:30.0741 3780 avhips (e0edb0f31b9755fb8f8017f3326de033) C:\Windows\system32\DRIVERS\avhips.sys
22:34:30.0757 3780 avhips - ok
22:34:30.0835 3780 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
22:34:30.0913 3780 AxInstSV - ok
22:34:31.0100 3780 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
22:34:31.0163 3780 b06bdrv - ok
22:34:31.0241 3780 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:34:31.0287 3780 b57nd60a - ok
22:34:31.0350 3780 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:34:31.0397 3780 BDESVC - ok
22:34:31.0428 3780 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:34:31.0475 3780 Beep - ok
22:34:31.0584 3780 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
22:34:31.0677 3780 BFE - ok
22:34:31.0740 3780 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
22:34:31.0802 3780 BITS - ok
22:34:31.0833 3780 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:34:31.0849 3780 blbdrive - ok
22:34:31.0896 3780 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:34:31.0943 3780 bowser - ok
22:34:32.0021 3780 bpenum (597fffac47605337b1c719b4975238f0) C:\Windows\system32\DRIVERS\bpenum.sys
22:34:32.0083 3780 bpenum - ok
22:34:32.0161 3780 bpmp (f66c6ad105ef5a899207f4907366e2e2) C:\Windows\system32\DRIVERS\bpmp.sys
22:34:32.0192 3780 bpmp - ok
22:34:32.0270 3780 bpusb (ae6751f004dfebe0a7548265ccf432ce) C:\Windows\system32\Drivers\bpusb.sys
22:34:32.0301 3780 bpusb - ok
22:34:32.0364 3780 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
22:34:32.0426 3780 BrFiltLo - ok
22:34:32.0442 3780 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
22:34:32.0457 3780 BrFiltUp - ok
22:34:32.0504 3780 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
22:34:32.0535 3780 BridgeMP - ok
22:34:32.0598 3780 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:34:32.0660 3780 Browser - ok
22:34:32.0707 3780 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:34:32.0738 3780 Brserid - ok
22:34:32.0738 3780 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:34:32.0785 3780 BrSerWdm - ok
22:34:32.0816 3780 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:34:32.0847 3780 BrUsbMdm - ok
22:34:32.0863 3780 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:34:32.0925 3780 BrUsbSer - ok
22:34:33.0003 3780 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
22:34:33.0050 3780 BthEnum - ok
22:34:33.0113 3780 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
22:34:33.0144 3780 BTHMODEM - ok
22:34:33.0159 3780 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
22:34:33.0206 3780 BthPan - ok
22:34:33.0300 3780 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
22:34:33.0362 3780 BTHPORT - ok
22:34:33.0425 3780 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:34:33.0471 3780 bthserv - ok
22:34:33.0518 3780 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
22:34:33.0565 3780 BTHUSB - ok
22:34:33.0627 3780 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:34:33.0659 3780 cdfs - ok
22:34:33.0690 3780 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
22:34:33.0721 3780 cdrom - ok
22:34:33.0799 3780 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:34:33.0846 3780 CertPropSvc - ok
22:34:33.0893 3780 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
22:34:33.0908 3780 circlass - ok
22:34:33.0939 3780 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:34:33.0955 3780 CLFS - ok
22:34:34.0064 3780 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:34:34.0111 3780 clr_optimization_v2.0.50727_32 - ok
22:34:34.0236 3780 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:34:34.0251 3780 clr_optimization_v2.0.50727_64 - ok
22:34:34.0407 3780 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:34:34.0423 3780 clr_optimization_v4.0.30319_32 - ok
22:34:34.0470 3780 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:34:34.0485 3780 clr_optimization_v4.0.30319_64 - ok
22:34:34.0563 3780 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:34:34.0595 3780 CmBatt - ok
22:34:34.0626 3780 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:34:34.0641 3780 cmdide - ok
22:34:34.0688 3780 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
22:34:34.0766 3780 CNG - ok
22:34:34.0844 3780 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
22:34:34.0860 3780 Compbatt - ok
22:34:34.0907 3780 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:34:34.0938 3780 CompositeBus - ok
22:34:34.0969 3780 COMSysApp - ok
22:34:35.0000 3780 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
22:34:35.0016 3780 crcdisk - ok
22:34:35.0078 3780 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
22:34:35.0125 3780 CryptSvc - ok
22:34:35.0187 3780 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:34:35.0281 3780 DcomLaunch - ok
22:34:35.0343 3780 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:34:35.0390 3780 defragsvc - ok
22:34:35.0437 3780 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:34:35.0484 3780 DfsC - ok
22:34:35.0515 3780 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
22:34:35.0562 3780 Dhcp - ok
22:34:35.0593 3780 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:34:35.0624 3780 discache - ok
22:34:35.0687 3780 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
22:34:35.0702 3780 Disk - ok
22:34:35.0843 3780 DMAgent (fd6780d8e79a4a0037dbcb339582f091) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
22:34:36.0061 3780 DMAgent ( UnsignedFile.Multi.Generic ) - warning
22:34:36.0061 3780 DMAgent - detected UnsignedFile.Multi.Generic (1)
22:34:36.0092 3780 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
22:34:36.0139 3780 Dnscache - ok
22:34:36.0155 3780 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
22:34:36.0217 3780 dot3svc - ok
22:34:36.0295 3780 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
22:34:36.0326 3780 Dot4 - ok
22:34:36.0404 3780 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:34:36.0420 3780 Dot4Print - ok
22:34:36.0451 3780 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
22:34:36.0467 3780 dot4usb - ok
22:34:36.0498 3780 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:34:36.0545 3780 DPS - ok
22:34:36.0623 3780 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:34:36.0654 3780 drmkaud - ok
22:34:36.0685 3780 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:34:36.0716 3780 DXGKrnl - ok
22:34:36.0763 3780 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:34:36.0810 3780 EapHost - ok
22:34:36.0872 3780 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
22:34:36.0981 3780 ebdrv - ok
22:34:37.0059 3780 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
22:34:37.0137 3780 EFS - ok
22:34:37.0215 3780 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:34:37.0356 3780 ehRecvr - ok
22:34:37.0387 3780 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:34:37.0465 3780 ehSched - ok
22:34:37.0574 3780 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
22:34:37.0590 3780 ElbyCDIO - ok
22:34:37.0652 3780 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
22:34:37.0683 3780 elxstor - ok
22:34:37.0683 3780 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:34:37.0715 3780 ErrDev - ok
22:34:37.0777 3780 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:34:37.0839 3780 EventSystem - ok
22:34:37.0964 3780 EvtEng (54fc81b0162478a72a93dbbeafb35671) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
22:34:38.0058 3780 EvtEng - ok
22:34:38.0105 3780 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:34:38.0151 3780 exfat - ok
22:34:38.0198 3780 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:34:38.0245 3780 fastfat - ok
22:34:38.0339 3780 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:34:38.0432 3780 Fax - ok
22:34:38.0479 3780 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
22:34:38.0526 3780 fdc - ok
22:34:38.0588 3780 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:34:38.0635 3780 fdPHost - ok
22:34:38.0651 3780 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:34:38.0713 3780 FDResPub - ok
22:34:38.0760 3780 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:34:38.0775 3780 FileInfo - ok
22:34:38.0807 3780 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:34:38.0853 3780 Filetrace - ok
22:34:38.0978 3780 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:34:39.0056 3780 FLEXnet Licensing Service - ok
22:34:39.0134 3780 FLEXnet Licensing Service 64 (f1a9c61436e12a637a647870dd6d9eef) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
22:34:39.0212 3780 FLEXnet Licensing Service 64 - ok
22:34:39.0259 3780 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
22:34:39.0275 3780 flpydisk - ok
22:34:39.0337 3780 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:34:39.0353 3780 FltMgr - ok
22:34:39.0399 3780 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
22:34:39.0477 3780 FontCache - ok
22:34:39.0540 3780 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:34:39.0555 3780 FontCache3.0.0.0 - ok
22:34:39.0587 3780 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:34:39.0602 3780 FsDepends - ok
22:34:39.0665 3780 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
22:34:39.0680 3780 fssfltr - ok
22:34:39.0758 3780 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
22:34:39.0821 3780 fsssvc - ok
22:34:39.0836 3780 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:34:39.0852 3780 Fs_Rec - ok
22:34:39.0914 3780 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:34:39.0945 3780 fvevol - ok
22:34:39.0961 3780 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
22:34:39.0977 3780 gagp30kx - ok
22:34:40.0023 3780 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:34:40.0086 3780 gpsvc - ok
22:34:40.0101 3780 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:34:40.0148 3780 hcw85cir - ok
22:34:40.0226 3780 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:34:40.0257 3780 HdAudAddService - ok
22:34:40.0320 3780 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:34:40.0351 3780 HDAudBus - ok
22:34:40.0367 3780 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
22:34:40.0413 3780 HidBatt - ok
22:34:40.0413 3780 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
22:34:40.0460 3780 HidBth - ok
22:34:40.0507 3780 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
22:34:40.0523 3780 HidIr - ok
22:34:40.0554 3780 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
22:34:40.0632 3780 hidserv - ok
22:34:40.0679 3780 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:34:40.0710 3780 HidUsb - ok
22:34:40.0741 3780 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:34:40.0803 3780 hkmsvc - ok
22:34:40.0819 3780 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:34:40.0866 3780 HomeGroupListener - ok
22:34:40.0897 3780 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:34:40.0928 3780 HomeGroupProvider - ok
22:34:41.0084 3780 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
22:34:41.0178 3780 hpqcxs08 - ok
22:34:41.0209 3780 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
22:34:41.0349 3780 hpqddsvc - ok
22:34:41.0443 3780 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:34:41.0459 3780 HpSAMD - ok
22:34:41.0521 3780 HPSLPSVC (d4f91cf4de215d6f14a06087d46725e4) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
22:34:41.0583 3780 HPSLPSVC - ok
22:34:41.0630 3780 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:34:41.0708 3780 HTTP - ok
22:34:41.0724 3780 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:34:41.0739 3780 hwpolicy - ok
22:34:41.0786 3780 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
22:34:41.0817 3780 i8042prt - ok
22:34:41.0880 3780 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
22:34:41.0911 3780 iaStor - ok
22:34:41.0973 3780 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:34:42.0005 3780 iaStorV - ok
22:34:42.0098 3780 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:34:42.0129 3780 idsvc - ok
22:34:42.0395 3780 igfx (66dc0ce2d1867b8178eaa0e11930dbd7) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:34:42.0722 3780 igfx - ok
22:34:42.0738 3780 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
22:34:42.0753 3780 iirsp - ok
22:34:42.0800 3780 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:34:42.0863 3780 IKEEXT - ok
22:34:42.0941 3780 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\Windows\system32\drivers\intelaud.sys
22:34:42.0972 3780 intaud_WaveExtensible - ok
22:34:43.0097 3780 IntcAzAudAddService (a3c9367a02b2a1fc22536add3601b64f) C:\Windows\system32\drivers\RTKVHD64.sys
22:34:43.0143 3780 IntcAzAudAddService - ok
22:34:43.0206 3780 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
22:34:43.0253 3780 IntcDAud - ok
22:34:43.0268 3780 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:34:43.0284 3780 intelide - ok
22:34:43.0331 3780 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:34:43.0362 3780 intelppm - ok
22:34:43.0393 3780 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:34:43.0440 3780 IPBusEnum - ok
22:34:43.0455 3780 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:34:43.0487 3780 IpFilterDriver - ok
22:34:43.0518 3780 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
22:34:43.0580 3780 iphlpsvc - ok
22:34:43.0596 3780 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:34:43.0627 3780 IPMIDRV - ok
22:34:43.0627 3780 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:34:43.0674 3780 IPNAT - ok
22:34:43.0721 3780 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:34:43.0799 3780 IRENUM - ok
22:34:43.0814 3780 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:34:43.0814 3780 isapnp - ok
22:34:43.0845 3780 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:34:43.0877 3780 iScsiPrt - ok
22:34:43.0939 3780 iwdbus (716f66336f10885d935b08174dc54242) C:\Windows\system32\DRIVERS\iwdbus.sys
22:34:43.0939 3780 iwdbus - ok
22:34:44.0001 3780 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:34:44.0017 3780 kbdclass - ok
22:34:44.0017 3780 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
22:34:44.0048 3780 kbdhid - ok
22:34:44.0111 3780 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
22:34:44.0142 3780 kbfiltr - ok
22:34:44.0189 3780 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:34:44.0204 3780 KeyIso - ok
22:34:44.0220 3780 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:34:44.0235 3780 KSecDD - ok
22:34:44.0267 3780 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:34:44.0282 3780 KSecPkg - ok
22:34:44.0345 3780 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:34:44.0391 3780 ksthunk - ok
22:34:44.0423 3780 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:34:44.0485 3780 KtmRm - ok
22:34:44.0547 3780 L1C (655a5d8e80869781cce23760ada7e695) C:\Windows\system32\DRIVERS\L1C62x64.sys
22:34:44.0563 3780 L1C - ok
22:34:44.0641 3780 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
22:34:44.0703 3780 LanmanServer - ok
22:34:44.0735 3780 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:34:44.0781 3780 LanmanWorkstation - ok
22:34:44.0859 3780 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:34:44.0891 3780 lltdio - ok
22:34:44.0937 3780 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:34:44.0984 3780 lltdsvc - ok
22:34:45.0000 3780 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:34:45.0047 3780 lmhosts - ok
22:34:45.0171 3780 LMS (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
22:34:45.0218 3780 LMS - ok
22:34:45.0312 3780 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
22:34:45.0327 3780 LSI_FC - ok
22:34:45.0343 3780 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
22:34:45.0359 3780 LSI_SAS - ok
22:34:45.0359 3780 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
22:34:45.0374 3780 LSI_SAS2 - ok
22:34:45.0390 3780 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
22:34:45.0405 3780 LSI_SCSI - ok
22:34:45.0437 3780 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:34:45.0499 3780 luafv - ok
22:34:45.0577 3780 mbamchameleon (51914228d4b9610fba24f249c0fdd871) C:\Windows\system32\drivers\mbamchameleon.sys
22:34:45.0593 3780 mbamchameleon - ok
22:34:45.0624 3780 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:34:45.0671 3780 Mcx2Svc - ok
22:34:45.0702 3780 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
22:34:45.0717 3780 megasas - ok
22:34:45.0717 3780 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
22:34:45.0749 3780 MegaSR - ok
22:34:45.0811 3780 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
22:34:45.0827 3780 MEIx64 - ok
22:34:45.0873 3780 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:34:45.0936 3780 MMCSS - ok
22:34:45.0936 3780 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:34:45.0983 3780 Modem - ok
22:34:46.0045 3780 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:34:46.0092 3780 monitor - ok
22:34:46.0139 3780 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:34:46.0154 3780 mouclass - ok
22:34:46.0201 3780 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:34:46.0217 3780 mouhid - ok
22:34:46.0248 3780 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:34:46.0263 3780 mountmgr - ok
22:34:46.0341 3780 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
22:34:46.0357 3780 MpFilter - ok
22:34:46.0388 3780 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:34:46.0404 3780 mpio - ok
22:34:46.0466 3780 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
22:34:46.0482 3780 MpNWMon - ok
22:34:46.0513 3780 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:34:46.0560 3780 mpsdrv - ok
22:34:46.0591 3780 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
22:34:46.0669 3780 MpsSvc - ok
22:34:46.0700 3780 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:34:46.0747 3780 MRxDAV - ok
22:34:46.0778 3780 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:34:46.0825 3780 mrxsmb - ok
22:34:46.0856 3780 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:34:46.0887 3780 mrxsmb10 - ok
22:34:46.0903 3780 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:34:46.0919 3780 mrxsmb20 - ok
22:34:46.0934 3780 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:34:46.0950 3780 msahci - ok
22:34:46.0981 3780 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:34:46.0997 3780 msdsm - ok
22:34:47.0028 3780 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:34:47.0075 3780 MSDTC - ok
22:34:47.0090 3780 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:34:47.0137 3780 Msfs - ok
22:34:47.0184 3780 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:34:47.0215 3780 mshidkmdf - ok
22:34:47.0246 3780 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:34:47.0277 3780 msisadrv - ok
22:34:47.0309 3780 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:34:47.0387 3780 MSiSCSI - ok
22:34:47.0387 3780 msiserver - ok
22:34:47.0449 3780 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:34:47.0496 3780 MSKSSRV - ok
22:34:47.0621 3780 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
22:34:47.0636 3780 MsMpSvc - ok
22:34:47.0652 3780 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:34:47.0714 3780 MSPCLOCK - ok
22:34:47.0714 3780 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:34:47.0761 3780 MSPQM - ok
22:34:47.0792 3780 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:34:47.0823 3780 MsRPC - ok
22:34:47.0870 3780 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
22:34:47.0870 3780 mssmbios - ok
22:34:47.0964 3780 MSSQL$SQLEXPRESS - ok
22:34:48.0042 3780 MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
22:34:48.0057 3780 MSSQLServerADHelper100 - ok
22:34:48.0120 3780 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:34:48.0167 3780 MSTEE - ok
22:34:48.0182 3780 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
22:34:48.0198 3780 MTConfig - ok
22:34:48.0245 3780 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:34:48.0260 3780 Mup - ok
22:34:48.0369 3780 MyWiFiDHCPDNS (4bbb9d9c4df259fae2d172c5bb25ddd0) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
22:34:48.0432 3780 MyWiFiDHCPDNS - ok
22:34:48.0479 3780 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:34:48.0541 3780 napagent - ok
22:34:48.0619 3780 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:34:48.0650 3780 NativeWifiP - ok
22:34:48.0728 3780 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
22:34:48.0759 3780 NDIS - ok
22:34:48.0806 3780 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:34:48.0837 3780 NdisCap - ok
22:34:48.0900 3780 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:34:48.0931 3780 NdisTapi - ok
22:34:48.0978 3780 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:34:49.0009 3780 Ndisuio - ok
22:34:49.0040 3780 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:34:49.0087 3780 NdisWan - ok
22:34:49.0103 3780 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:34:49.0134 3780 NDProxy - ok
22:34:49.0165 3780 Net Driver HPZ12 (d4f51e88c71bf8f06ea1be320b0bb75b) C:\Windows\system32\HPZinw12.dll
22:34:49.0212 3780 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:34:49.0212 3780 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:34:49.0227 3780 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:34:49.0290 3780 NetBIOS - ok
22:34:49.0305 3780 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:34:49.0352 3780 NetBT - ok
22:34:49.0383 3780 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:34:49.0415 3780 Netlogon - ok
22:34:49.0461 3780 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:34:49.0524 3780 Netman - ok
22:34:49.0617 3780 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:34:49.0649 3780 NetMsmqActivator - ok
22:34:49.0649 3780 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:34:49.0680 3780 NetPipeActivator - ok
22:34:49.0711 3780 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:34:49.0773 3780 netprofm - ok
22:34:49.0789 3780 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:34:49.0805 3780 NetTcpActivator - ok
22:34:49.0805 3780 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:34:49.0836 3780 NetTcpPortSharing - ok
22:34:50.0023 3780 NETwNs64 (ac69618de5bcce8747c9ab0aae1003c1) C:\Windows\system32\DRIVERS\NETwNs64.sys
22:34:50.0226 3780 NETwNs64 - ok
22:34:50.0273 3780 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
22:34:50.0288 3780 nfrd960 - ok
22:34:50.0319 3780 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:34:50.0335 3780 NisDrv - ok
22:34:50.0460 3780 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
22:34:50.0475 3780 NisSrv - ok
22:34:50.0553 3780 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:34:50.0600 3780 NlaSvc - ok
22:34:50.0647 3780 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:34:50.0678 3780 Npfs - ok
22:34:50.0694 3780 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:34:50.0772 3780 nsi - ok
22:34:50.0787 3780 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:34:50.0834 3780 nsiproxy - ok
22:34:50.0881 3780 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:34:50.0943 3780 Ntfs - ok
22:34:50.0959 3780 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:34:50.0990 3780 Null - ok
22:34:51.0053 3780 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:34:51.0068 3780 nvraid - ok
22:34:51.0146 3780 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:34:51.0177 3780 nvstor - ok
22:34:51.0209 3780 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:34:51.0224 3780 nv_agp - ok
22:34:51.0240 3780 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:34:51.0271 3780 ohci1394 - ok
22:34:51.0349 3780 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:34:51.0396 3780 ose - ok
22:34:51.0552 3780 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:34:51.0817 3780 osppsvc - ok
22:34:51.0879 3780 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:34:51.0926 3780 p2pimsvc - ok
22:34:51.0957 3780 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:34:51.0989 3780 p2psvc - ok
22:34:52.0020 3780 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
22:34:52.0035 3780 Parport - ok
22:34:52.0051 3780 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
22:34:52.0067 3780 partmgr - ok
22:34:52.0160 3780 pavboot (8a0f8a9580d9f2fc512a35d5709088a9) C:\Windows\system32\drivers\pavboot64.sys
22:34:52.0160 3780 pavboot - ok
22:34:52.0191 3780 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:34:52.0238 3780 PcaSvc - ok
22:34:52.0254 3780 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:34:52.0285 3780 pci - ok
22:34:52.0301 3780 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:34:52.0301 3780 pciide - ok
22:34:52.0332 3780 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
22:34:52.0347 3780 pcmcia - ok
22:34:52.0379 3780 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:34:52.0394 3780 pcw - ok
22:34:52.0425 3780 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:34:52.0457 3780 PEAUTH - ok
22:34:52.0535 3780 pefxbo - ok
22:34:52.0597 3780 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:34:52.0644 3780 PerfHost - ok
22:34:52.0706 3780 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:34:52.0784 3780 pla - ok
22:34:52.0862 3780 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:34:52.0925 3780 PlugPlay - ok
22:34:52.0956 3780 Pml Driver HPZ12 (9a80707d8b6c1806531bfd7399b3cc76) C:\Windows\system32\HPZipm12.dll
22:34:53.0003 3780 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:34:53.0003 3780 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:34:53.0034 3780 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:34:53.0049 3780 PNRPAutoReg - ok
22:34:53.0081 3780 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:34:53.0112 3780 PNRPsvc - ok
22:34:53.0143 3780 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:34:53.0205 3780 PolicyAgent - ok
22:34:53.0237 3780 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:34:53.0299 3780 Power - ok
22:34:53.0361 3780 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:34:53.0393 3780 PptpMiniport - ok
22:34:53.0424 3780 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
22:34:53.0455 3780 Processor - ok
22:34:53.0502 3780 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
22:34:53.0580 3780 ProfSvc - ok
22:34:53.0611 3780 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:34:53.0627 3780 ProtectedStorage - ok
22:34:53.0673 3780 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:34:53.0736 3780 Psched - ok
22:34:53.0767 3780 pvkvlw - ok
22:34:53.0845 3780 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
22:34:53.0907 3780 ql2300 - ok
22:34:53.0907 3780 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
22:34:53.0939 3780 ql40xx - ok
22:34:53.0970 3780 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:34:54.0001 3780 QWAVE - ok
22:34:54.0032 3780 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:34:54.0063 3780 QWAVEdrv - ok
22:34:54.0079 3780 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:34:54.0110 3780 RasAcd - ok
22:34:54.0173 3780 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:34:54.0219 3780 RasAgileVpn - ok
22:34:54.0251 3780 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:34:54.0297 3780 RasAuto - ok
22:34:54.0329 3780 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:34:54.0375 3780 Rasl2tp - ok
22:34:54.0407 3780 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:34:54.0453 3780 RasMan - ok
22:34:54.0469 3780 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:34:54.0516 3780 RasPppoe - ok
22:34:54.0578 3780 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:34:54.0625 3780 RasSstp - ok
22:34:54.0656 3780 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:34:54.0703 3780 rdbss - ok
22:34:54.0734 3780 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
22:34:54.0750 3780 rdpbus - ok
22:34:54.0797 3780 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:34:54.0843 3780 RDPCDD - ok
22:34:54.0859 3780 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:34:54.0906 3780 RDPENCDD - ok
22:34:54.0937 3780 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:34:54.0984 3780 RDPREFMP - ok
22:34:55.0015 3780 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
22:34:55.0077 3780 RDPWD - ok
22:34:55.0093 3780 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:34:55.0124 3780 rdyboost - ok
22:34:55.0233 3780 RegSrvc (a436f5e7d80bbdbb0826d0f176d5bea8) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
22:34:55.0296 3780 RegSrvc - ok
22:34:55.0327 3780 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:34:55.0389 3780 RemoteAccess - ok
22:34:55.0421 3780 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:34:55.0483 3780 RemoteRegistry - ok
22:34:55.0545 3780 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
22:34:55.0592 3780 RFCOMM - ok
22:34:55.0670 3780 rpcapd - ok
22:34:55.0717 3780 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:34:55.0779 3780 RpcEptMapper - ok
22:34:55.0795 3780 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:34:55.0826 3780 RpcLocator - ok
22:34:55.0857 3780 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:34:55.0920 3780 RpcSs - ok
22:34:55.0967 3780 rqkdql - ok
22:34:55.0998 3780 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
22:34:56.0029 3780 RsFx0103 - ok
22:34:56.0045 3780 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:34:56.0091 3780 rspndr - ok
22:34:56.0123 3780 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:34:56.0138 3780 SamSs - ok
22:34:56.0279 3780 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
22:34:56.0294 3780 SASDIFSV - ok
22:34:56.0325 3780 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
22:34:56.0341 3780 SASKUTIL - ok
22:34:56.0466 3780 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:34:56.0481 3780 sbp2port - ok
22:34:56.0575 3780 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:34:56.0622 3780 SCardSvr - ok
22:34:56.0653 3780 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:34:56.0700 3780 scfilter - ok
22:34:56.0762 3780 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:34:56.0856 3780 Schedule - ok
22:34:56.0934 3780 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:34:56.0981 3780 SCPolicySvc - ok
22:34:57.0012 3780 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:34:57.0059 3780 SDRSVC - ok
22:34:57.0121 3780 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:34:57.0168 3780 secdrv - ok
22:34:57.0215 3780 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:34:57.0261 3780 seclogon - ok
22:34:57.0277 3780 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
22:34:57.0324 3780 SENS - ok
22:34:57.0371 3780 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:34:57.0402 3780 SensrSvc - ok
22:34:57.0480 3780 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
22:34:57.0511 3780 Serenum - ok
22:34:57.0527 3780 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
22:34:57.0558 3780 Serial - ok
22:34:57.0605 3780 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
22:34:57.0620 3780 sermouse - ok
22:34:57.0667 3780 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:34:57.0729 3780 SessionEnv - ok
22:34:57.0729 3780 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:34:57.0761 3780 sffdisk - ok
22:34:57.0776 3780 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:34:57.0792 3780 sffp_mmc - ok
22:34:57.0807 3780 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:34:57.0823 3780 sffp_sd - ok
22:34:57.0839 3780 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
22:34:57.0870 3780 sfloppy - ok
22:34:57.0885 3780 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:34:57.0948 3780 SharedAccess - ok
22:34:57.0979 3780 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:34:58.0041 3780 ShellHWDetection - ok
22:34:58.0119 3780 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
22:34:58.0151 3780 SiSGbeLH - ok
22:34:58.0151 3780 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
22:34:58.0166 3780 SiSRaid2 - ok
22:34:58.0182 3780 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
22:34:58.0197 3780 SiSRaid4 - ok
22:34:58.0213 3780 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:34:58.0244 3780 Smb - ok
22:34:58.0307 3780 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:34:58.0338 3780 SNMPTRAP - ok
22:34:58.0369 3780 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:34:58.0385 3780 spldr - ok
22:34:58.0416 3780 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:34:58.0525 3780 Spooler - ok
22:34:58.0603 3780 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:34:58.0759 3780 sppsvc - ok
22:34:58.0775 3780 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:34:58.0837 3780 sppuinotify - ok
22:34:58.0962 3780 SQLAgent$SQLEXPRESS (12e6d95cde974b131defaa44bab8b056) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
22:34:58.0993 3780 SQLAgent$SQLEXPRESS - ok
22:34:59.0087 3780 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
22:34:59.0118 3780 SQLBrowser - ok
22:34:59.0165 3780 SQLWriter (6d65985945b03ca59b67d0b73702fc7b) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
22:34:59.0196 3780 SQLWriter - ok
22:34:59.0321 3780 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:34:59.0383 3780 srv - ok
22:34:59.0430 3780 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:34:59.0461 3780 srv2 - ok
22:34:59.0492 3780 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:34:59.0523 3780 srvnet - ok
22:34:59.0601 3780 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:34:59.0648 3780 SSDPSRV - ok
22:34:59.0664 3780 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:34:59.0695 3780 SstpSvc - ok
22:34:59.0726 3780 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
22:34:59.0742 3780 stexstor - ok
22:34:59.0789 3780 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
22:34:59.0835 3780 StillCam - ok
22:34:59.0913 3780 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:34:59.0945 3780 stisvc - ok
22:34:59.0976 3780 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
22:35:00.0007 3780 swenum - ok
22:35:00.0054 3780 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:35:00.0116 3780 swprv - ok
22:35:00.0210 3780 SynTP (f0d7c68cda9784689caa72c17af393b2) C:\Windows\system32\DRIVERS\SynTP.sys
22:35:00.0241 3780 SynTP - ok
22:35:00.0288 3780 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:35:00.0366 3780 SysMain - ok
22:35:00.0397 3780 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:35:00.0428 3780 TabletInputService - ok
22:35:00.0444 3780 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:35:00.0506 3780 TapiSrv - ok
22:35:00.0522 3780 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:35:00.0569 3780 TBS - ok
22:35:00.0693 3780 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
22:35:00.0771 3780 Tcpip - ok
22:35:00.0803 3780 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
22:35:00.0849 3780 TCPIP6 - ok
22:35:00.0881 3780 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:35:00.0927 3780 tcpipreg - ok
22:35:00.0974 3780 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:35:01.0005 3780 TDPIPE - ok
22:35:01.0021 3780 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:35:01.0052 3780 TDTCP - ok
22:35:01.0099 3780 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:35:01.0177 3780 tdx - ok
22:35:01.0193 3780 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
22:35:01.0208 3780 TermDD - ok
22:35:01.0255 3780 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:35:01.0317 3780 TermService - ok
22:35:01.0349 3780 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:35:01.0364 3780 Themes - ok
22:35:01.0395 3780 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:35:01.0442 3780 THREADORDER - ok
22:35:01.0473 3780 TlntSvr (519cb7d7f697f4ba47de05845c20f158) C:\Windows\System32\tlntsvr.exe
22:35:01.0520 3780 TlntSvr - ok
22:35:01.0536 3780 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:35:01.0598 3780 TrkWks - ok
22:35:01.0645 3780 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:35:01.0723 3780 TrustedInstaller - ok
22:35:01.0785 3780 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:35:01.0817 3780 tssecsrv - ok
22:35:01.0879 3780 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:35:01.0895 3780 TsUsbFlt - ok
22:35:01.0910 3780 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
22:35:01.0926 3780 TsUsbGD - ok
22:35:01.0988 3780 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:35:02.0035 3780 tunnel - ok
22:35:02.0097 3780 TurboB (b355581a9da34c92e2dbafa410d2f829) C:\Windows\system32\DRIVERS\TurboB.sys
22:35:02.0113 3780 TurboB - ok
22:35:02.0207 3780 TurboBoost (6564e84b1522c12ea1c3a181ed03276f) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
22:35:02.0238 3780 TurboBoost - ok
22:35:02.0269 3780 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
22:35:02.0300 3780 uagp35 - ok
22:35:02.0347 3780 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:35:02.0394 3780 udfs - ok
22:35:02.0425 3780 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:35:02.0456 3780 UI0Detect - ok
22:35:02.0472 3780 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:35:02.0487 3780 uliagpkx - ok
22:35:02.0503 3780 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
22:35:02.0519 3780 umbus - ok
22:35:02.0534 3780 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
22:35:02.0565 3780 UmPass - ok
22:35:02.0721 3780 UNS (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
22:35:02.0893 3780 UNS - ok
22:35:02.0924 3780 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:35:02.0987 3780 upnphost - ok
22:35:03.0065 3780 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
22:35:03.0096 3780 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
22:35:03.0096 3780 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
22:35:03.0143 3780 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:35:03.0174 3780 usbccgp - ok
22:35:03.0236 3780 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:35:03.0252 3780 usbcir - ok
22:35:03.0299 3780 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
22:35:03.0314 3780 usbehci - ok
22:35:03.0377 3780 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:35:03.0423 3780 usbhub - ok
22:35:03.0486 3780 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
22:35:03.0533 3780 usbohci - ok
22:35:03.0595 3780 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:35:03.0626 3780 usbprint - ok
22:35:03.0689 3780 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:35:03.0735 3780 usbscan - ok
22:35:03.0767 3780 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:35:03.0813 3780 USBSTOR - ok
22:35:03.0829 3780 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:35:03.0860 3780 usbuhci - ok
22:35:03.0938 3780 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
22:35:03.0954 3780 usbvideo - ok
22:35:03.0985 3780 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:35:04.0063 3780 UxSms - ok
22:35:04.0079 3780 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:35:04.0110 3780 VaultSvc - ok
22:35:04.0188 3780 VBoxDrv (81952471021f6a6f56dda6ed6b5dd638) C:\Windows\system32\DRIVERS\VBoxDrv.sys
22:35:04.0219 3780 VBoxDrv - ok
22:35:04.0297 3780 VBoxNetAdp (c9f86aeb504355541ec9820e3155e253) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
22:35:04.0313 3780 VBoxNetAdp - ok
22:35:04.0359 3780 VBoxNetFlt (64715ce639d05d753bcd86f5abf4d82a) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
22:35:04.0391 3780 VBoxNetFlt - ok
22:35:04.0406 3780 VBoxUSB (bcfe50247fbe5c8cb2e22fa5938ea6f7) C:\Windows\system32\Drivers\VBoxUSB.sys
22:35:04.0437 3780 VBoxUSB - ok
22:35:04.0500 3780 VBoxUSBMon (edeb78b6a969107a66a5af145ac0a43f) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
22:35:04.0515 3780 VBoxUSBMon - ok
22:35:04.0562 3780 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
22:35:04.0609 3780 VClone - ok
22:35:04.0640 3780 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:35:04.0656 3780 vdrvroot - ok
22:35:04.0703 3780 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:35:04.0734 3780 vds - ok
22:35:04.0796 3780 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:35:04.0812 3780 vga - ok
22:35:04.0843 3780 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:35:04.0890 3780 VgaSave - ok
22:35:04.0905 3780 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:35:04.0921 3780 vhdmp - ok
22:35:04.0921 3780 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:35:04.0937 3780 viaide - ok
22:35:04.0968 3780 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:35:04.0983 3780 volmgr - ok
22:35:04.0999 3780 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:35:05.0015 3780 volmgrx - ok
22:35:05.0046 3780 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:35:05.0061 3780 volsnap - ok
22:35:05.0093 3780 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
22:35:05.0108 3780 vsmraid - ok
22:35:05.0171 3780 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:35:05.0233 3780 VSS - ok
22:35:05.0264 3780 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:35:05.0280 3780 vwifibus - ok
22:35:05.0311 3780 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:35:05.0342 3780 vwififlt - ok
22:35:05.0389 3780 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
22:35:05.0405 3780 vwifimp - ok
22:35:05.0451 3780 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:35:05.0498 3780 W32Time - ok
22:35:05.0529 3780 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
22:35:05.0545 3780 WacomPen - ok
22:35:05.0576 3780 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:35:05.0607 3780 WANARP - ok
22:35:05.0623 3780 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:35:05.0654 3780 Wanarpv6 - ok
22:35:05.0748 3780 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
22:35:05.0935 3780 WatAdminSvc - ok
22:35:05.0982 3780 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:35:06.0075 3780 wbengine - ok
22:35:06.0107 3780 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:35:06.0138 3780 WbioSrvc - ok
22:35:06.0169 3780 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:35:06.0216 3780 wcncsvc - ok
22:35:06.0231 3780 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:35:06.0278 3780 WcsPlugInService - ok
22:35:06.0325 3780 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
22:35:06.0341 3780 Wd - ok
22:35:06.0372 3780 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:35:06.0403 3780 Wdf01000 - ok
22:35:06.0403 3780 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:35:06.0497 3780 WdiServiceHost - ok
22:35:06.0497 3780 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:35:06.0528 3780 WdiSystemHost - ok
22:35:06.0590 3780 wdkmd (63ce387483e74a0bd79ee4e5eba1fd2e) C:\Windows\system32\DRIVERS\WDKMD.sys
22:35:06.0606 3780 wdkmd - ok
22:35:06.0637 3780 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:35:06.0684 3780 WebClient - ok
22:35:06.0715 3780 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:35:06.0777 3780 Wecsvc - ok
22:35:06.0793 3780 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:35:06.0840 3780 wercplsupport - ok
22:35:06.0887 3780 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:35:06.0933 3780 WerSvc - ok
22:35:06.0980 3780 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:35:07.0027 3780 WfpLwf - ok
22:35:07.0152 3780 WiMAXAppSrv (49f06c7d5517de53d848f38b9ae86a7c) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
22:35:07.0401 3780 WiMAXAppSrv ( UnsignedFile.Multi.Generic ) - warning
22:35:07.0401 3780 WiMAXAppSrv - detected UnsignedFile.Multi.Generic (1)
22:35:07.0464 3780 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
22:35:07.0495 3780 WimFltr - ok
22:35:07.0511 3780 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:35:07.0526 3780 WIMMount - ok
22:35:07.0604 3780 WinDefend - ok
22:35:07.0604 3780 WinHttpAutoProxySvc - ok
22:35:07.0667 3780 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:35:07.0745 3780 Winmgmt - ok
22:35:07.0807 3780 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:35:07.0901 3780 WinRM - ok
22:35:07.0947 3780 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:35:08.0010 3780 Wlansvc - ok
22:35:08.0072 3780 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:35:08.0103 3780 wlcrasvc - ok
22:35:08.0197 3780 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:35:08.0291 3780 wlidsvc - ok
22:35:08.0369 3780 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:35:08.0384 3780 WmiAcpi - ok
22:35:08.0447 3780 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:35:08.0493 3780 wmiApSrv - ok
22:35:08.0556 3780 WMPNetworkSvc - ok
22:35:08.0587 3780 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:35:08.0634 3780 WPCSvc - ok
22:35:08.0681 3780 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:35:08.0712 3780 WPDBusEnum - ok
22:35:08.0805 3780 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:35:08.0837 3780 ws2ifsl - ok
22:35:08.0883 3780 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
22:35:08.0915 3780 wscsvc - ok
22:35:08.0930 3780 WSearch - ok
22:35:08.0977 3780 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
22:35:09.0086 3780 wuauserv - ok
22:35:09.0133 3780 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:35:09.0164 3780 WudfPf - ok
22:35:09.0180 3780 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:35:09.0242 3780 WUDFRd - ok
22:35:09.0258 3780 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:35:09.0305 3780 wudfsvc - ok
22:35:09.0320 3780 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:35:09.0398 3780 WwanSvc - ok
22:35:09.0476 3780 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:35:09.0710 3780 \Device\Harddisk0\DR0 - ok
22:35:09.0710 3780 MBR (0x1B8) (60849b860ba3b1e16120ce3dede739a0) \Device\Harddisk1\DR1
22:35:17.0323 3780 \Device\Harddisk1\DR1 - ok
22:35:17.0323 3780 Boot (0x1200) (142661ebd6b70661e21a09e062700a58) \Device\Harddisk0\DR0\Partition0
22:35:17.0323 3780 \Device\Harddisk0\DR0\Partition0 - ok
22:35:17.0323 3780 ============================================================
22:35:17.0323 3780 Scan finished
22:35:17.0323 3780 ============================================================
22:35:17.0323 6184 Detected object count: 5
22:35:17.0323 6184 Actual detected object count: 5
22:35:21.0629 6184 DMAgent ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:21.0629 6184 DMAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:35:21.0644 6184 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:21.0644 6184 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:35:21.0644 6184 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:21.0644 6184 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:35:21.0644 6184 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:21.0644 6184 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:35:21.0644 6184 WiMAXAppSrv ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:21.0644 6184 WiMAXAppSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:03 PM

Posted 05 April 2012 - 10:01 PM

Did the virus scan clean the infections?

#7 thedude325

thedude325
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 05 April 2012 - 10:14 PM

No I don't think so entirely. SuperAntiSpyware cleaned a trojan but they keep resurfacing. It seems something on my computer is downloading more virus'/trojans. After continually dealing with trojans/malware, etc it seems like there would be a source. My concern is output I got from running a bootkit remover program. It says one of the drives is controlled by a rootkit but when I try to fix it, it says access denied.
The program is Esage Lab Bootkit Remover. This is what the console says when I run it:

Bootkit Remover
© 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
, 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000006`40100000

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...



Then I try to run this command with cmd console started as Administrator

C:\Users\Sam\Desktop\bootkit_remover>remover fix \\.\PhysicalDrive0
Bootkit Remover
© 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
, 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000006`40100000
Restoring boot code at \\.\PhysicalDrive0...
ATA_Write(): DeviceIoControl() ERROR 1
ERROR: Can't write first sector of the disk. <--------And I get this error?

Done;
Press any key to quit...


Any ideas? I have a virtualbox running linux ubuntu, could it be a false positive? Could it be the program? Or might it be a very difficult to find mbr rootkit?

#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:03 PM

Posted 05 April 2012 - 11:34 PM

Lets try another anti-rootkit tool each tool operates differently:

http://www.sophos.com/en-us/products/free-tools/sophos-anti-rootkit.aspx

Post the resulting log.

#9 thedude325

thedude325
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 06 April 2012 - 01:06 PM

Cannot install. Tried in normal mode and safe mode. Get error message: Error 1606 could not access network location data.

#10 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:03 PM

Posted 06 April 2012 - 01:31 PM

Among virus' and trojans detected on my computer have been: Java/Exploit Blacole, Trojan win32/Alureon.FK


Can you tell us what program actually detected those viruses?

#11 thedude325

thedude325
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 06 April 2012 - 02:12 PM

Yea Microsoft Security Essentials for the Alureon. Trojan:Win32/Alureon.FK 4/4/2012 Times: 12:04, 12:49, 12:51 and a Trojan:Win64/Alureon.gen!K @ 12:04 same date.
I think the blacole was also Security Essentials but for some reason the history only covers from 4/4/2012 on. There are some more but these cause me the most concern after looking them up. Especially Alureon.

#12 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:03 PM

Posted 06 April 2012 - 02:14 PM

To get a good clean bill of health, I am referring you to our experts:

Please follow the instructions in ==>Malware Removal and Log Section Preparation Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

Most importantly please be patient till you get a reply to your topic. If you receive a reply from the HelpBot, then please follow the instructions outlined in the helpbot's post.

#13 thedude325

thedude325
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 07 April 2012 - 04:53 PM

I just ended up restoring my computer to factory settings. My question is, I booted up Asus re-install or whatever, and used the hidden partition to restore my computer to factory settings, without using a CD or anything. Is it possible that a rootkit could have infected those files? Or should I be good to go?

#14 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:03 PM

Posted 07 April 2012 - 08:11 PM

You should be good to go

#15 thedude325

thedude325
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 12 April 2012 - 08:47 PM

Thank you for all your help. It is much appreciated. I ended up DBANing the computer, just in case and used bootrec to fix/replace the mbr. Re-installed Windows. Everything seems to be working great.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users