Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Notebook and no internet access


  • Please log in to reply
9 replies to this topic

#1 joey766

joey766

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 24 April 2012 - 08:22 PM

Hello everyone. A friend of mine brought his notebook over complaining about having a lot of problems. He feeds on my wifi and hasn't been able to connect to my network after removing what he could with Microsoft security essentials.

He has an Aspire one notebook with Windows 7 starter edition.

I offered to see what I could find out for him, since he has no internet to look for himself. All help is greatly appreciated.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:26 PM

Posted 24 April 2012 - 08:26 PM

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Edited by narenxp, 24 April 2012 - 08:26 PM.


#3 joey766

joey766
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 24 April 2012 - 09:45 PM

Thank you very much for the help!

Here is the log for FSS and I will post the log for Avast below it.

Note: I was not able to allow Avast! to download new definitions due to the virus's having the internet blocked, or missing files from the attempted virus removal.

Farbar Service Scanner Version: 24-04-2012
Ran by branden (administrator) on 24-04-2012 at 21:11:26
Running from "C:\Users\branden\Desktop"
Microsoft Windows 7 Starter Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
afd Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open afd registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open afd registry key. The service key does not exist.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to retrieve start type of wscsvc. The value does not exist.
Checking ImagePath: Attention! Unable to retrieve ImagePath of wscsvc. The value does not exist.
Unable to retrieve ServiceDll of wscsvc. The value does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to retrieve start type of WinDefend. The value does not exist.
Checking ImagePath: Attention! Unable to retrieve ImagePath of WinDefend. The value does not exist.
Unable to retrieve ServiceDll of WinDefend. The value does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
Attention! C:\Windows\system32\Drivers\afd.sys is missing.
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****




Avast log


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-24 21:20:53
-----------------------------
21:20:53.775 OS Version: Windows 6.1.7601 Service Pack 1
21:20:53.775 Number of processors: 2 586 0x1C0A
21:20:53.791 ComputerName: BRANDEN-PC UserName: branden
21:21:35.256 Initialize success
21:21:45.754 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:21:45.770 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
21:21:45.801 Disk 0 MBR read successfully
21:21:45.817 Disk 0 MBR scan
21:21:45.832 Disk 0 Windows 7 default MBR code
21:21:45.864 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
21:21:45.910 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27265024
21:21:45.942 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 225061 MB offset 27469824
21:21:45.988 Disk 0 scanning sectors +488394752
21:21:46.144 Disk 0 scanning C:\Windows\system32\drivers
21:22:10.106 Service scanning
21:22:51.649 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
21:23:31.819 Modules scanning
21:24:07.512 Disk 0 trace - called modules:
21:24:08.105 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
21:24:08.136 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f145a0]
21:24:08.167 3 CLASSPNP.SYS[86bdf59e] -> nt!IofCallDriver -> [0x84456c00]
21:24:08.183 5 ACPI.sys[864b73d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84436028]
21:24:08.214 Scan finished successfully
21:24:25.187 Disk 0 MBR has been saved successfully to "C:\Users\branden\Desktop\MBR.dat"
21:24:25.234 The log file has been saved successfully to "C:\Users\branden\Desktop\aswMBR.txt"

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:26 PM

Posted 24 April 2012 - 11:19 PM

Launch FSS again and type

afd.sys in search box and click on search files

Post the generated log

#5 joey766

joey766
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 24 April 2012 - 11:34 PM

Ok here you go.

Farbar Service Scanner Version: 24-04-2012
Ran by branden (administrator) on 24-04-2012 at 23:26:18
Microsoft Windows 7 Starter Service Pack 1 (X86)

************************************************
======== Search: "afd.sys" =========

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
[2011-06-14 17:53] - [2011-04-24 22:24] - 0338944 ____A (Microsoft Corporation) C427F91A748CD342A2B3F9278D9FD6A5

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
[2011-07-01 01:58] - [2010-11-20 03:40] - 0338944 ____A (Microsoft Corporation) 1151FD4FB0216CFED887BFDE29EBD516

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys
[2011-06-14 17:53] - [2011-04-24 21:27] - 0338944 ____A (Microsoft Corporation) C114AB7A1550D42EA1700FFD4179CF5A

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys
[2011-06-14 17:53] - [2011-04-24 21:35] - 0338944 ____A (Microsoft Corporation) 0DB7A48388D54D154EBEC120461A0FCD

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys
[2009-07-13 18:12] - [2009-07-13 18:12] - 0338944 ____A (Microsoft Corporation) DDC040FDB01EF1712A6B13E52AFB104C

====== End Of Search ======

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:26 PM

Posted 25 April 2012 - 01:27 AM

Press Windows+R key and copy this line

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1

click ok

Now copy the afd.sys from the location and save it in C:\windows\system32\drivers folder


Download

http://www.snapfiles.com/get/erunt.html

Install it and backup your registry to C:/Windows/erdnt

Now Download the registry file

http://www.filedropper.com/afd_1

Launch it,click when get a UAC prompt

Restart the PC,check your browser and post the new fss log

#7 joey766

joey766
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 25 April 2012 - 02:26 AM

Ok followed every detail and tried the browser... It works! :D So many thanks, Neranxp!

Here is the log you asked for.

Farbar Service Scanner Version: 24-04-2012
Ran by branden (administrator) on 25-04-2012 at 02:22:25
Running from "C:\Users\branden\Desktop"
Microsoft Windows 7 Starter Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to retrieve start type of wscsvc. The value does not exist.
Checking ImagePath: Attention! Unable to retrieve ImagePath of wscsvc. The value does not exist.
Unable to retrieve ServiceDll of wscsvc. The value does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to retrieve start type of WinDefend. The value does not exist.
Checking ImagePath: Attention! Unable to retrieve ImagePath of WinDefend. The value does not exist.
Unable to retrieve ServiceDll of WinDefend. The value does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:26 PM

Posted 25 April 2012 - 02:59 AM

You're most welcome.lets check the PC for infections

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.

#9 joey766

joey766
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 25 April 2012 - 05:37 PM

Ok here is the scan for Tdsskiller:


16:06:41.0434 1692 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
16:06:42.0682 1692 ============================================================
16:06:42.0682 1692 Current date / time: 2012/04/25 16:06:42.0682
16:06:42.0682 1692 SystemInfo:
16:06:42.0682 1692
16:06:42.0682 1692 OS Version: 6.1.7601 ServicePack: 1.0
16:06:42.0682 1692 Product type: Workstation
16:06:42.0682 1692 ComputerName: BRANDEN-PC
16:06:42.0682 1692 UserName: branden
16:06:42.0682 1692 Windows directory: C:\Windows
16:06:42.0682 1692 System windows directory: C:\Windows
16:06:42.0682 1692 Processor architecture: Intel x86
16:06:42.0682 1692 Number of processors: 2
16:06:42.0682 1692 Page size: 0x1000
16:06:42.0682 1692 Boot type: Normal boot
16:06:42.0682 1692 ============================================================
16:06:43.0649 1692 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:06:43.0665 1692 Drive \Device\Harddisk1\DR1 - Size: 0x3D740000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:06:43.0665 1692 ============================================================
16:06:43.0665 1692 \Device\Harddisk0\DR0:
16:06:43.0665 1692 MBR partitions:
16:06:43.0665 1692 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
16:06:43.0665 1692 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x1B792800
16:06:43.0665 1692 \Device\Harddisk1\DR1:
16:06:43.0681 1692 MBR partitions:
16:06:43.0681 1692 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1EB9E0
16:06:43.0681 1692 ============================================================
16:06:43.0743 1692 C: <-> \Device\Harddisk0\DR0\Partition1
16:06:43.0743 1692 ============================================================
16:06:43.0743 1692 Initialize success
16:06:43.0743 1692 ============================================================
16:07:26.0222 2672 ============================================================
16:07:26.0222 2672 Scan started
16:07:26.0222 2672 Mode: Manual; TDLFS;
16:07:26.0222 2672 ============================================================
16:07:27.0720 2672 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
16:07:27.0751 2672 1394ohci - ok
16:07:27.0876 2672 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
16:07:27.0891 2672 ACPI - ok
16:07:27.0954 2672 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
16:07:27.0954 2672 AcpiPmi - ok
16:07:28.0078 2672 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
16:07:28.0094 2672 adp94xx - ok
16:07:28.0156 2672 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
16:07:28.0172 2672 adpahci - ok
16:07:28.0234 2672 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
16:07:28.0234 2672 adpu320 - ok
16:07:28.0297 2672 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
16:07:28.0297 2672 AeLookupSvc - ok
16:07:28.0468 2672 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
16:07:28.0468 2672 AFD - ok
16:07:28.0531 2672 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
16:07:28.0531 2672 agp440 - ok
16:07:28.0656 2672 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
16:07:28.0671 2672 aic78xx - ok
16:07:28.0765 2672 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
16:07:28.0765 2672 ALG - ok
16:07:28.0843 2672 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
16:07:28.0858 2672 aliide - ok
16:07:28.0921 2672 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
16:07:28.0921 2672 amdagp - ok
16:07:29.0077 2672 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
16:07:29.0108 2672 amdide - ok
16:07:29.0248 2672 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
16:07:29.0264 2672 AmdK8 - ok
16:07:29.0342 2672 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
16:07:29.0342 2672 AmdPPM - ok
16:07:29.0498 2672 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
16:07:29.0498 2672 amdsata - ok
16:07:29.0607 2672 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
16:07:29.0607 2672 amdsbs - ok
16:07:29.0638 2672 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
16:07:29.0638 2672 amdxata - ok
16:07:29.0716 2672 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
16:07:29.0716 2672 AppID - ok
16:07:29.0794 2672 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
16:07:29.0810 2672 AppIDSvc - ok
16:07:29.0857 2672 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
16:07:29.0857 2672 Appinfo - ok
16:07:29.0935 2672 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
16:07:29.0935 2672 arc - ok
16:07:29.0982 2672 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
16:07:29.0982 2672 arcsas - ok
16:07:30.0013 2672 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
16:07:30.0013 2672 AsyncMac - ok
16:07:30.0075 2672 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
16:07:30.0075 2672 atapi - ok
16:07:30.0216 2672 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
16:07:30.0231 2672 AudioEndpointBuilder - ok
16:07:30.0247 2672 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
16:07:30.0262 2672 Audiosrv - ok
16:07:30.0325 2672 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
16:07:30.0340 2672 AxInstSV - ok
16:07:30.0465 2672 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
16:07:30.0481 2672 b06bdrv - ok
16:07:30.0543 2672 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
16:07:30.0559 2672 b57nd60x - ok
16:07:31.0105 2672 BCM43XX (11f7b0df6ba607c904caf159b999a170) C:\Windows\system32\DRIVERS\bcmwl6.sys
16:07:31.0261 2672 BCM43XX - ok
16:07:31.0526 2672 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
16:07:31.0542 2672 BDESVC - ok
16:07:31.0651 2672 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
16:07:31.0651 2672 Beep - ok
16:07:31.0791 2672 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
16:07:31.0807 2672 BFE - ok
16:07:31.0916 2672 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
16:07:31.0947 2672 BITS - ok
16:07:32.0025 2672 BMLoad (c9c78e00a21d3fe21ce5d81ba5b45e21) C:\Windows\system32\drivers\BMLoad.sys
16:07:32.0025 2672 BMLoad - ok
16:07:32.0119 2672 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
16:07:32.0119 2672 bowser - ok
16:07:32.0166 2672 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:07:32.0166 2672 BrFiltLo - ok
16:07:32.0197 2672 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:07:32.0197 2672 BrFiltUp - ok
16:07:32.0244 2672 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
16:07:32.0244 2672 Browser - ok
16:07:32.0306 2672 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
16:07:32.0322 2672 Brserid - ok
16:07:32.0353 2672 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
16:07:32.0368 2672 BrSerWdm - ok
16:07:32.0384 2672 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:07:32.0384 2672 BrUsbMdm - ok
16:07:32.0415 2672 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
16:07:32.0415 2672 BrUsbSer - ok
16:07:32.0478 2672 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
16:07:32.0478 2672 BthEnum - ok
16:07:32.0509 2672 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
16:07:32.0524 2672 BTHMODEM - ok
16:07:32.0556 2672 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
16:07:32.0571 2672 BthPan - ok
16:07:32.0665 2672 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
16:07:32.0680 2672 BTHPORT - ok
16:07:32.0743 2672 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
16:07:32.0743 2672 bthserv - ok
16:07:32.0805 2672 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
16:07:32.0821 2672 BTHUSB - ok
16:07:32.0883 2672 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
16:07:32.0883 2672 cdfs - ok
16:07:32.0961 2672 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
16:07:32.0961 2672 cdrom - ok
16:07:33.0024 2672 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
16:07:33.0024 2672 CertPropSvc - ok
16:07:33.0055 2672 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
16:07:33.0055 2672 circlass - ok
16:07:33.0133 2672 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
16:07:33.0133 2672 CLFS - ok
16:07:33.0273 2672 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:07:33.0289 2672 clr_optimization_v2.0.50727_32 - ok
16:07:33.0585 2672 clr_optimization_v4.0.30319_32 (05cffc195bd64bbf5916e10fe90c68ae) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:07:33.0601 2672 clr_optimization_v4.0.30319_32 - ok
16:07:33.0632 2672 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
16:07:33.0648 2672 CmBatt - ok
16:07:33.0694 2672 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
16:07:33.0694 2672 cmdide - ok
16:07:33.0835 2672 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
16:07:33.0850 2672 CNG - ok
16:07:33.0913 2672 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
16:07:33.0913 2672 Compbatt - ok
16:07:33.0991 2672 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
16:07:33.0991 2672 CompositeBus - ok
16:07:34.0022 2672 COMSysApp - ok
16:07:34.0053 2672 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
16:07:34.0053 2672 crcdisk - ok
16:07:34.0162 2672 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
16:07:34.0162 2672 CryptSvc - ok
16:07:34.0272 2672 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
16:07:34.0287 2672 DcomLaunch - ok
16:07:34.0474 2672 DCService.exe (73e0a6402949dc4a4a207f00921e99f9) C:\ProgramData\DatacardService\DCService.exe
16:07:34.0474 2672 DCService.exe - ok
16:07:34.0552 2672 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
16:07:34.0568 2672 defragsvc - ok
16:07:34.0677 2672 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
16:07:34.0693 2672 Dhcp - ok
16:07:34.0740 2672 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
16:07:34.0740 2672 discache - ok
16:07:34.0802 2672 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
16:07:34.0818 2672 Disk - ok
16:07:34.0864 2672 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
16:07:34.0880 2672 Dnscache - ok
16:07:34.0958 2672 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
16:07:34.0974 2672 dot3svc - ok
16:07:35.0052 2672 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
16:07:35.0067 2672 DPS - ok
16:07:35.0114 2672 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
16:07:35.0130 2672 drmkaud - ok
16:07:35.0332 2672 DsiWMIService (d36678b05d49be4d58a70a77e517a7c8) C:\Program Files\Launch Manager\dsiwmis.exe
16:07:35.0332 2672 DsiWMIService - ok
16:07:35.0598 2672 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
16:07:35.0629 2672 DXGKrnl - ok
16:07:35.0707 2672 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
16:07:35.0722 2672 EapHost - ok
16:07:36.0159 2672 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
16:07:36.0268 2672 ebdrv - ok
16:07:36.0534 2672 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
16:07:36.0534 2672 EFS - ok
16:07:36.0690 2672 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
16:07:36.0705 2672 elxstor - ok
16:07:36.0892 2672 ePowerSvc (0c8ef51f697a6c153577d2ce86c8a825) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
16:07:36.0908 2672 ePowerSvc - ok
16:07:36.0939 2672 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
16:07:36.0939 2672 ErrDev - ok
16:07:37.0080 2672 EUCR (4fab8dfaf156e048ad514eabd268ab3a) C:\Windows\system32\DRIVERS\EUCR6SK.SYS
16:07:37.0095 2672 EUCR - ok
16:07:37.0220 2672 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
16:07:37.0220 2672 EventSystem - ok
16:07:37.0345 2672 ewusbnet (aba5756393410ec871d803d8d1b12fcd) C:\Windows\system32\DRIVERS\ewusbnet.sys
16:07:37.0360 2672 ewusbnet - ok
16:07:37.0438 2672 ew_hwusbdev (e98a64c7f106740a38fb2b78197816f8) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
16:07:37.0438 2672 ew_hwusbdev - ok
16:07:37.0532 2672 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
16:07:37.0532 2672 exfat - ok
16:07:37.0610 2672 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
16:07:37.0610 2672 fastfat - ok
16:07:37.0750 2672 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
16:07:37.0766 2672 Fax - ok
16:07:37.0813 2672 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
16:07:37.0813 2672 fdc - ok
16:07:37.0844 2672 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
16:07:37.0860 2672 fdPHost - ok
16:07:37.0875 2672 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
16:07:37.0891 2672 FDResPub - ok
16:07:37.0922 2672 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
16:07:37.0922 2672 FileInfo - ok
16:07:37.0938 2672 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
16:07:37.0953 2672 Filetrace - ok
16:07:37.0969 2672 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
16:07:37.0984 2672 flpydisk - ok
16:07:38.0047 2672 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
16:07:38.0062 2672 FltMgr - ok
16:07:38.0187 2672 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
16:07:38.0203 2672 FontCache - ok
16:07:38.0359 2672 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:07:38.0374 2672 FontCache3.0.0.0 - ok
16:07:38.0406 2672 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
16:07:38.0406 2672 FsDepends - ok
16:07:38.0484 2672 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
16:07:38.0484 2672 fssfltr - ok
16:07:39.0388 2672 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
16:07:39.0498 2672 fsssvc - ok
16:07:39.0888 2672 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
16:07:39.0888 2672 Fs_Rec - ok
16:07:39.0966 2672 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
16:07:39.0981 2672 fvevol - ok
16:07:40.0278 2672 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:07:40.0324 2672 gagp30kx - ok
16:07:40.0512 2672 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
16:07:40.0527 2672 gpsvc - ok
16:07:40.0621 2672 GREGService (a09c3d4325df9b9305fa20e9315b7a3f) C:\Program Files\Acer\Registration\GREGsvc.exe
16:07:40.0621 2672 GREGService - ok
16:07:40.0683 2672 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
16:07:40.0683 2672 hcw85cir - ok
16:07:40.0777 2672 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
16:07:40.0777 2672 HdAudAddService - ok
16:07:40.0855 2672 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
16:07:40.0855 2672 HDAudBus - ok
16:07:40.0902 2672 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
16:07:40.0917 2672 HidBatt - ok
16:07:40.0948 2672 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
16:07:40.0964 2672 HidBth - ok
16:07:41.0167 2672 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
16:07:41.0198 2672 HidIr - ok
16:07:41.0307 2672 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
16:07:41.0323 2672 hidserv - ok
16:07:41.0401 2672 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
16:07:41.0401 2672 HidUsb - ok
16:07:41.0448 2672 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
16:07:41.0463 2672 hkmsvc - ok
16:07:41.0510 2672 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
16:07:41.0510 2672 HomeGroupListener - ok
16:07:41.0588 2672 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
16:07:41.0604 2672 HomeGroupProvider - ok
16:07:41.0666 2672 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
16:07:41.0682 2672 HpSAMD - ok
16:07:41.0822 2672 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
16:07:41.0838 2672 HTTP - ok
16:07:41.0916 2672 huawei_enumerator (bb3c8e4b88842f3a1b9c5d603210c277) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
16:07:41.0916 2672 huawei_enumerator - ok
16:07:41.0978 2672 hwdatacard (0b3957226ec94b1ecb7b9348bb535a23) C:\Windows\system32\DRIVERS\ewusbmdm.sys
16:07:41.0978 2672 hwdatacard - ok
16:07:42.0025 2672 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
16:07:42.0025 2672 hwpolicy - ok
16:07:42.0118 2672 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
16:07:42.0118 2672 i8042prt - ok
16:07:42.0259 2672 iaStor (d80aa0907748d7cc8efab3773f32629b) C:\Windows\system32\DRIVERS\iaStor.sys
16:07:42.0274 2672 iaStor - ok
16:07:42.0430 2672 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
16:07:42.0430 2672 iaStorV - ok
16:07:43.0351 2672 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:07:43.0413 2672 idsvc - ok
16:07:44.0209 2672 igfx (d0074897c6bc132f3980ea4654bf7fb9) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:07:44.0365 2672 igfx - ok
16:07:44.0677 2672 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
16:07:44.0677 2672 iirsp - ok
16:07:44.0864 2672 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
16:07:44.0880 2672 IKEEXT - ok
16:07:45.0426 2672 IntcAzAudAddService (cfa2d161b146425a3356da92ae59a6f6) C:\Windows\system32\drivers\RTKVHDA.sys
16:07:45.0535 2672 IntcAzAudAddService - ok
16:07:45.0753 2672 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
16:07:45.0769 2672 intelide - ok
16:07:45.0831 2672 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
16:07:45.0831 2672 intelppm - ok
16:07:45.0894 2672 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
16:07:45.0894 2672 IPBusEnum - ok
16:07:45.0940 2672 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:07:45.0940 2672 IpFilterDriver - ok
16:07:46.0096 2672 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
16:07:46.0112 2672 iphlpsvc - ok
16:07:46.0174 2672 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
16:07:46.0174 2672 IPMIDRV - ok
16:07:46.0221 2672 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
16:07:46.0221 2672 IPNAT - ok
16:07:46.0268 2672 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
16:07:46.0268 2672 IRENUM - ok
16:07:46.0330 2672 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
16:07:46.0330 2672 isapnp - ok
16:07:46.0440 2672 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
16:07:46.0440 2672 iScsiPrt - ok
16:07:46.0486 2672 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
16:07:46.0502 2672 kbdclass - ok
16:07:46.0549 2672 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
16:07:46.0549 2672 kbdhid - ok
16:07:46.0611 2672 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:07:46.0627 2672 KeyIso - ok
16:07:46.0658 2672 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
16:07:46.0658 2672 KSecDD - ok
16:07:46.0705 2672 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
16:07:46.0720 2672 KSecPkg - ok
16:07:46.0783 2672 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
16:07:46.0798 2672 KtmRm - ok
16:07:46.0970 2672 L1C (1a91eaad2d73758140b3b7b6ad736573) C:\Windows\system32\DRIVERS\L1C62x86.sys
16:07:46.0986 2672 L1C - ok
16:07:47.0095 2672 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
16:07:47.0110 2672 LanmanServer - ok
16:07:47.0173 2672 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
16:07:47.0204 2672 LanmanWorkstation - ok
16:07:47.0282 2672 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
16:07:47.0282 2672 lltdio - ok
16:07:47.0360 2672 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
16:07:47.0376 2672 lltdsvc - ok
16:07:47.0391 2672 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
16:07:47.0407 2672 lmhosts - ok
16:07:47.0454 2672 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:07:47.0454 2672 LSI_FC - ok
16:07:47.0516 2672 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:07:47.0516 2672 LSI_SAS - ok
16:07:47.0578 2672 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:07:47.0578 2672 LSI_SAS2 - ok
16:07:47.0625 2672 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:07:47.0625 2672 LSI_SCSI - ok
16:07:47.0672 2672 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
16:07:47.0688 2672 luafv - ok
16:07:47.0719 2672 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
16:07:47.0734 2672 megasas - ok
16:07:47.0812 2672 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
16:07:47.0828 2672 MegaSR - ok
16:07:47.0890 2672 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
16:07:47.0906 2672 MMCSS - ok
16:07:47.0953 2672 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
16:07:47.0953 2672 Modem - ok
16:07:48.0015 2672 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
16:07:48.0015 2672 monitor - ok
16:07:48.0078 2672 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
16:07:48.0078 2672 mouclass - ok
16:07:48.0156 2672 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
16:07:48.0156 2672 mouhid - ok
16:07:48.0234 2672 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
16:07:48.0234 2672 mountmgr - ok
16:07:48.0312 2672 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
16:07:48.0312 2672 mpio - ok
16:07:48.0390 2672 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
16:07:48.0390 2672 MpNWMon - ok
16:07:48.0452 2672 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
16:07:48.0452 2672 mpsdrv - ok
16:07:48.0592 2672 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
16:07:48.0608 2672 MpsSvc - ok
16:07:48.0670 2672 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
16:07:48.0670 2672 MRxDAV - ok
16:07:48.0748 2672 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:07:48.0748 2672 mrxsmb - ok
16:07:48.0826 2672 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:07:48.0842 2672 mrxsmb10 - ok
16:07:48.0889 2672 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:07:48.0889 2672 mrxsmb20 - ok
16:07:48.0951 2672 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
16:07:48.0951 2672 msahci - ok
16:07:49.0014 2672 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
16:07:49.0029 2672 msdsm - ok
16:07:49.0092 2672 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
16:07:49.0107 2672 MSDTC - ok
16:07:49.0185 2672 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
16:07:49.0185 2672 Msfs - ok
16:07:49.0216 2672 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
16:07:49.0216 2672 mshidkmdf - ok
16:07:49.0263 2672 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
16:07:49.0263 2672 msisadrv - ok
16:07:49.0341 2672 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
16:07:49.0357 2672 MSiSCSI - ok
16:07:49.0357 2672 msiserver - ok
16:07:49.0419 2672 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
16:07:49.0419 2672 MSKSSRV - ok
16:07:49.0606 2672 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
16:07:49.0606 2672 MsMpSvc - ok
16:07:49.0684 2672 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
16:07:49.0684 2672 MSPCLOCK - ok
16:07:49.0700 2672 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
16:07:49.0700 2672 MSPQM - ok
16:07:49.0762 2672 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
16:07:49.0778 2672 MsRPC - ok
16:07:49.0825 2672 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
16:07:49.0825 2672 mssmbios - ok
16:07:49.0872 2672 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
16:07:49.0872 2672 MSTEE - ok
16:07:49.0903 2672 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
16:07:49.0903 2672 MTConfig - ok
16:07:49.0950 2672 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
16:07:49.0950 2672 Mup - ok
16:07:49.0996 2672 mwlPSDFilter (cb47c414e083ca6e50e634b148f28f64) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
16:07:49.0996 2672 mwlPSDFilter - ok
16:07:50.0028 2672 mwlPSDNServ (647b953019559bff07536f5c6121f333) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
16:07:50.0028 2672 mwlPSDNServ - ok
16:07:50.0059 2672 mwlPSDVDisk (5a236a36db8687d1e64dc81c03eaabe1) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
16:07:50.0074 2672 mwlPSDVDisk - ok
16:07:50.0199 2672 MWLService (3e5e20817259f7328c8f3be5421f35b9) C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe
16:07:50.0215 2672 MWLService - ok
16:07:50.0340 2672 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
16:07:50.0371 2672 napagent - ok
16:07:50.0496 2672 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
16:07:50.0511 2672 NativeWifiP - ok
16:07:50.0714 2672 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
16:07:50.0730 2672 NDIS - ok
16:07:50.0792 2672 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
16:07:50.0792 2672 NdisCap - ok
16:07:50.0839 2672 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
16:07:50.0839 2672 NdisTapi - ok
16:07:50.0901 2672 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
16:07:50.0901 2672 Ndisuio - ok
16:07:50.0979 2672 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
16:07:50.0995 2672 NdisWan - ok
16:07:51.0026 2672 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
16:07:51.0042 2672 NDProxy - ok
16:07:51.0088 2672 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
16:07:51.0088 2672 NetBIOS - ok
16:07:51.0182 2672 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
16:07:51.0182 2672 NetBT - ok
16:07:51.0244 2672 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:07:51.0244 2672 Netlogon - ok
16:07:51.0369 2672 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
16:07:51.0385 2672 Netman - ok
16:07:51.0494 2672 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
16:07:51.0510 2672 netprofm - ok
16:07:51.0634 2672 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:07:51.0650 2672 NetTcpPortSharing - ok
16:07:51.0728 2672 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
16:07:51.0728 2672 nfrd960 - ok
16:07:51.0790 2672 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:07:51.0806 2672 NisDrv - ok
16:07:51.0962 2672 NisSrv (a5cb074f34bbd89948e34a630d459c0c) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
16:07:51.0978 2672 NisSrv - ok
16:07:52.0118 2672 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
16:07:52.0134 2672 NlaSvc - ok
16:07:53.0148 2672 NOBU (8d4d9e2c4b661ba1bdf7f21a3b2eaed3) C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
16:07:53.0194 2672 NOBU - ok
16:07:53.0475 2672 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
16:07:53.0491 2672 Npfs - ok
16:07:53.0538 2672 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
16:07:53.0553 2672 nsi - ok
16:07:53.0569 2672 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
16:07:53.0584 2672 nsiproxy - ok
16:07:53.0928 2672 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
16:07:53.0974 2672 Ntfs - ok
16:07:54.0021 2672 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
16:07:54.0021 2672 Null - ok
16:07:54.0115 2672 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
16:07:54.0115 2672 nvraid - ok
16:07:54.0193 2672 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
16:07:54.0193 2672 nvstor - ok
16:07:54.0255 2672 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
16:07:54.0255 2672 nv_agp - ok
16:07:54.0302 2672 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
16:07:54.0302 2672 ohci1394 - ok
16:07:54.0411 2672 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
16:07:54.0427 2672 p2pimsvc - ok
16:07:54.0552 2672 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
16:07:54.0567 2672 p2psvc - ok
16:07:54.0630 2672 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
16:07:54.0630 2672 Parport - ok
16:07:54.0676 2672 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
16:07:54.0676 2672 partmgr - ok
16:07:54.0708 2672 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
16:07:54.0708 2672 Parvdm - ok
16:07:54.0770 2672 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
16:07:54.0786 2672 PcaSvc - ok
16:07:54.0864 2672 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
16:07:54.0864 2672 pci - ok
16:07:54.0910 2672 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
16:07:54.0926 2672 pciide - ok
16:07:54.0988 2672 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
16:07:54.0988 2672 pcmcia - ok
16:07:55.0035 2672 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
16:07:55.0035 2672 pcw - ok
16:07:55.0207 2672 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
16:07:55.0222 2672 PEAUTH - ok
16:07:55.0675 2672 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
16:07:55.0737 2672 pla - ok
16:07:56.0096 2672 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
16:07:56.0112 2672 PlugPlay - ok
16:07:56.0158 2672 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
16:07:56.0174 2672 PNRPAutoReg - ok
16:07:56.0252 2672 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
16:07:56.0268 2672 PNRPsvc - ok
16:07:56.0408 2672 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
16:07:56.0408 2672 PolicyAgent - ok
16:07:56.0517 2672 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
16:07:56.0533 2672 Power - ok
16:07:56.0658 2672 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
16:07:56.0658 2672 PptpMiniport - ok
16:07:56.0689 2672 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
16:07:56.0704 2672 Processor - ok
16:07:56.0782 2672 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
16:07:56.0798 2672 ProfSvc - ok
16:07:56.0829 2672 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:07:56.0845 2672 ProtectedStorage - ok
16:07:56.0938 2672 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
16:07:56.0938 2672 Psched - ok
16:07:57.0344 2672 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
16:07:57.0375 2672 ql2300 - ok
16:07:57.0687 2672 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
16:07:57.0687 2672 ql40xx - ok
16:07:57.0781 2672 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
16:07:57.0812 2672 QWAVE - ok
16:07:57.0843 2672 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
16:07:57.0843 2672 QWAVEdrv - ok
16:07:57.0874 2672 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
16:07:57.0874 2672 RasAcd - ok
16:07:57.0937 2672 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:07:57.0937 2672 RasAgileVpn - ok
16:07:57.0999 2672 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
16:07:58.0015 2672 RasAuto - ok
16:07:58.0046 2672 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:07:58.0062 2672 Rasl2tp - ok
16:07:58.0186 2672 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
16:07:58.0202 2672 RasMan - ok
16:07:58.0249 2672 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
16:07:58.0249 2672 RasPppoe - ok
16:07:58.0311 2672 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
16:07:58.0311 2672 RasSstp - ok
16:07:58.0405 2672 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
16:07:58.0405 2672 rdbss - ok
16:07:58.0436 2672 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
16:07:58.0436 2672 rdpbus - ok
16:07:58.0483 2672 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:07:58.0483 2672 RDPCDD - ok
16:07:58.0530 2672 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
16:07:58.0530 2672 RDPENCDD - ok
16:07:58.0561 2672 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
16:07:58.0561 2672 RDPREFMP - ok
16:07:58.0654 2672 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
16:07:58.0654 2672 RDPWD - ok
16:07:58.0764 2672 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
16:07:58.0764 2672 rdyboost - ok
16:07:58.0826 2672 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
16:07:58.0826 2672 RemoteAccess - ok
16:07:58.0904 2672 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
16:07:58.0920 2672 RemoteRegistry - ok
16:07:58.0998 2672 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
16:07:59.0013 2672 RFCOMM - ok
16:07:59.0060 2672 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
16:07:59.0076 2672 RpcEptMapper - ok
16:07:59.0122 2672 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
16:07:59.0122 2672 RpcLocator - ok
16:07:59.0263 2672 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
16:07:59.0278 2672 RpcSs - ok
16:07:59.0356 2672 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
16:07:59.0356 2672 rspndr - ok
16:07:59.0512 2672 RS_Service (5a59c3b7e5ab2328ec4afe5e465fd873) C:\Program Files\Acer\Acer VCM\RS_Service.exe
16:07:59.0512 2672 RS_Service - ok
16:07:59.0559 2672 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:07:59.0559 2672 SamSs - ok
16:07:59.0637 2672 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
16:07:59.0653 2672 sbp2port - ok
16:07:59.0715 2672 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
16:07:59.0731 2672 SCardSvr - ok
16:07:59.0762 2672 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
16:07:59.0762 2672 scfilter - ok
16:07:59.0996 2672 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
16:08:00.0012 2672 Schedule - ok
16:08:00.0058 2672 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
16:08:00.0058 2672 SCPolicySvc - ok
16:08:00.0136 2672 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
16:08:00.0152 2672 SDRSVC - ok
16:08:00.0214 2672 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:08:00.0214 2672 secdrv - ok
16:08:00.0261 2672 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
16:08:00.0277 2672 seclogon - ok
16:08:00.0308 2672 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
16:08:00.0324 2672 SENS - ok
16:08:00.0355 2672 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
16:08:00.0355 2672 Serenum - ok
16:08:00.0402 2672 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
16:08:00.0417 2672 Serial - ok
16:08:00.0448 2672 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
16:08:00.0448 2672 sermouse - ok
16:08:00.0542 2672 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
16:08:00.0558 2672 SessionEnv - ok
16:08:00.0604 2672 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
16:08:00.0620 2672 sffdisk - ok
16:08:00.0636 2672 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
16:08:00.0636 2672 sffp_mmc - ok
16:08:00.0651 2672 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
16:08:00.0667 2672 sffp_sd - ok
16:08:00.0698 2672 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
16:08:00.0698 2672 sfloppy - ok
16:08:00.0838 2672 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
16:08:00.0854 2672 SharedAccess - ok
16:08:00.0979 2672 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
16:08:00.0994 2672 ShellHWDetection - ok
16:08:01.0057 2672 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
16:08:01.0057 2672 sisagp - ok
16:08:01.0119 2672 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:08:01.0119 2672 SiSRaid2 - ok
16:08:01.0166 2672 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
16:08:01.0166 2672 SiSRaid4 - ok
16:08:01.0228 2672 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
16:08:01.0228 2672 Smb - ok
16:08:01.0306 2672 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
16:08:01.0322 2672 SNMPTRAP - ok
16:08:01.0384 2672 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
16:08:01.0384 2672 spldr - ok
16:08:01.0525 2672 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
16:08:01.0540 2672 Spooler - ok
16:08:02.0336 2672 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
16:08:02.0476 2672 sppsvc - ok
16:08:02.0757 2672 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
16:08:02.0773 2672 sppuinotify - ok
16:08:02.0929 2672 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
16:08:02.0944 2672 srv - ok
16:08:03.0038 2672 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
16:08:03.0054 2672 srv2 - ok
16:08:03.0100 2672 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
16:08:03.0100 2672 srvnet - ok
16:08:03.0178 2672 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
16:08:03.0194 2672 SSDPSRV - ok
16:08:03.0256 2672 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
16:08:03.0272 2672 SstpSvc - ok
16:08:03.0334 2672 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
16:08:03.0334 2672 stexstor - ok
16:08:03.0490 2672 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
16:08:03.0522 2672 StiSvc - ok
16:08:03.0568 2672 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
16:08:03.0584 2672 swenum - ok
16:08:03.0693 2672 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
16:08:03.0709 2672 swprv - ok
16:08:03.0802 2672 SynTP (5cdd124913e91c7f79b4d5cae1c7c4de) C:\Windows\system32\DRIVERS\SynTP.sys
16:08:03.0818 2672 SynTP - ok
16:08:04.0161 2672 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
16:08:04.0208 2672 SysMain - ok
16:08:04.0270 2672 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
16:08:04.0286 2672 TabletInputService - ok
16:08:04.0380 2672 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
16:08:04.0395 2672 TapiSrv - ok
16:08:04.0473 2672 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
16:08:04.0473 2672 TBS - ok
16:08:04.0957 2672 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
16:08:04.0988 2672 Tcpip - ok
16:08:05.0035 2672 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
16:08:05.0050 2672 TCPIP6 - ok
16:08:05.0113 2672 tcpipBM (b1a9e04d803fde6b78314455211b726e) C:\Windows\system32\drivers\tcpipBM.sys
16:08:05.0113 2672 tcpipBM - ok
16:08:05.0160 2672 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
16:08:05.0175 2672 tcpipreg - ok
16:08:05.0269 2672 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
16:08:05.0269 2672 TDPIPE - ok
16:08:05.0331 2672 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
16:08:05.0331 2672 TDTCP - ok
16:08:05.0394 2672 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
16:08:05.0409 2672 tdx - ok
16:08:05.0456 2672 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
16:08:05.0456 2672 TermDD - ok
16:08:05.0596 2672 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
16:08:05.0628 2672 TermService - ok
16:08:05.0674 2672 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
16:08:05.0690 2672 Themes - ok
16:08:05.0737 2672 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
16:08:05.0737 2672 THREADORDER - ok
16:08:05.0799 2672 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
16:08:05.0799 2672 TrkWks - ok
16:08:05.0924 2672 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
16:08:05.0924 2672 TrustedInstaller - ok
16:08:05.0971 2672 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:08:05.0971 2672 tssecsrv - ok
16:08:06.0049 2672 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
16:08:06.0049 2672 TsUsbFlt - ok
16:08:06.0127 2672 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
16:08:06.0142 2672 tunnel - ok
16:08:06.0205 2672 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
16:08:06.0205 2672 uagp35 - ok
16:08:06.0314 2672 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
16:08:06.0330 2672 udfs - ok
16:08:06.0392 2672 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
16:08:06.0408 2672 UI0Detect - ok
16:08:06.0470 2672 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
16:08:06.0486 2672 uliagpkx - ok
16:08:06.0548 2672 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
16:08:06.0548 2672 umbus - ok
16:08:06.0595 2672 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
16:08:06.0610 2672 UmPass - ok
16:08:06.0657 2672 Updater Service - ok
16:08:06.0766 2672 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
16:08:06.0782 2672 upnphost - ok
16:08:06.0844 2672 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
16:08:06.0844 2672 usbccgp - ok
16:08:06.0907 2672 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
16:08:06.0907 2672 usbcir - ok
16:08:06.0954 2672 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
16:08:06.0954 2672 usbehci - ok
16:08:07.0063 2672 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
16:08:07.0078 2672 usbhub - ok
16:08:07.0110 2672 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
16:08:07.0110 2672 usbohci - ok
16:08:07.0141 2672 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
16:08:07.0156 2672 usbprint - ok
16:08:07.0203 2672 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:08:07.0203 2672 USBSTOR - ok
16:08:07.0250 2672 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
16:08:07.0250 2672 usbuhci - ok
16:08:07.0344 2672 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
16:08:07.0359 2672 usbvideo - ok
16:08:07.0390 2672 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
16:08:07.0390 2672 UxSms - ok
16:08:07.0437 2672 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:08:07.0437 2672 VaultSvc - ok
16:08:07.0500 2672 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
16:08:07.0500 2672 vdrvroot - ok
16:08:07.0656 2672 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
16:08:07.0687 2672 vds - ok
16:08:07.0734 2672 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
16:08:07.0734 2672 vga - ok
16:08:07.0765 2672 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
16:08:07.0765 2672 VgaSave - ok
16:08:07.0858 2672 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
16:08:07.0858 2672 vhdmp - ok
16:08:07.0921 2672 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
16:08:07.0921 2672 viaagp - ok
16:08:07.0952 2672 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
16:08:07.0968 2672 ViaC7 - ok
16:08:07.0999 2672 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
16:08:07.0999 2672 viaide - ok
16:08:08.0030 2672 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
16:08:08.0030 2672 volmgr - ok
16:08:08.0139 2672 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
16:08:08.0139 2672 volmgrx - ok
16:08:08.0233 2672 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
16:08:08.0233 2672 volsnap - ok
16:08:08.0311 2672 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
16:08:08.0326 2672 vsmraid - ok
16:08:08.0638 2672 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
16:08:08.0670 2672 VSS - ok
16:08:08.0716 2672 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
16:08:08.0716 2672 vwifibus - ok
16:08:08.0763 2672 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
16:08:08.0763 2672 vwififlt - ok
16:08:08.0810 2672 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
16:08:08.0810 2672 vwifimp - ok
16:08:08.0935 2672 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
16:08:08.0950 2672 W32Time - ok
16:08:09.0013 2672 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
16:08:09.0013 2672 WacomPen - ok
16:08:09.0075 2672 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
16:08:09.0075 2672 WANARP - ok
16:08:09.0075 2672 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
16:08:09.0091 2672 Wanarpv6 - ok
16:08:09.0450 2672 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
16:08:09.0496 2672 wbengine - ok
16:08:09.0590 2672 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
16:08:09.0606 2672 WbioSrvc - ok
16:08:09.0730 2672 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
16:08:09.0746 2672 wcncsvc - ok
16:08:09.0777 2672 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
16:08:09.0793 2672 WcsPlugInService - ok
16:08:09.0886 2672 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
16:08:09.0902 2672 Wd - ok
16:08:10.0042 2672 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
16:08:10.0058 2672 Wdf01000 - ok
16:08:10.0105 2672 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
16:08:10.0120 2672 WdiServiceHost - ok
16:08:10.0120 2672 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
16:08:10.0136 2672 WdiSystemHost - ok
16:08:10.0230 2672 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
16:08:10.0245 2672 WebClient - ok
16:08:10.0323 2672 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
16:08:10.0339 2672 Wecsvc - ok
16:08:10.0386 2672 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
16:08:10.0386 2672 wercplsupport - ok
16:08:10.0464 2672 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
16:08:10.0464 2672 WerSvc - ok
16:08:10.0510 2672 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
16:08:10.0510 2672 WfpLwf - ok
16:08:10.0542 2672 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
16:08:10.0542 2672 WIMMount - ok
16:08:10.0573 2672 WinHttpAutoProxySvc - ok
16:08:10.0713 2672 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
16:08:10.0729 2672 Winmgmt - ok
16:08:11.0088 2672 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
16:08:11.0134 2672 WinRM - ok
16:08:11.0275 2672 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
16:08:11.0275 2672 WinUsb - ok
16:08:11.0540 2672 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
16:08:11.0556 2672 Wlansvc - ok
16:08:11.0743 2672 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:08:11.0758 2672 wlcrasvc - ok
16:08:12.0273 2672 wlidsvc (0897499cf4d93aef044113d2ef4e6e59) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:08:12.0336 2672 wlidsvc - ok
16:08:12.0616 2672 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
16:08:12.0616 2672 WmiAcpi - ok
16:08:12.0741 2672 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
16:08:12.0741 2672 wmiApSrv - ok
16:08:13.0116 2672 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
16:08:13.0162 2672 WMPNetworkSvc - ok
16:08:13.0318 2672 WMZuneComm (a3ba4712ebf768edfbccec09fa120b6f) C:\Program Files\Zune\WMZuneComm.exe
16:08:13.0334 2672 WMZuneComm - ok
16:08:13.0615 2672 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
16:08:13.0630 2672 WPCSvc - ok
16:08:13.0693 2672 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
16:08:13.0708 2672 WPDBusEnum - ok
16:08:13.0771 2672 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
16:08:13.0771 2672 ws2ifsl - ok
16:08:13.0802 2672 WSearch - ok
16:08:14.0332 2672 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
16:08:14.0410 2672 wuauserv - ok
16:08:14.0722 2672 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
16:08:14.0722 2672 WudfPf - ok
16:08:14.0832 2672 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:08:14.0847 2672 WUDFRd - ok
16:08:14.0925 2672 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
16:08:14.0941 2672 wudfsvc - ok
16:08:15.0019 2672 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
16:08:15.0050 2672 WwanSvc - ok
16:08:15.0346 2672 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
16:08:15.0362 2672 YahooAUService - ok
16:08:16.0984 2672 ZuneNetworkSvc (5bdcacd5b2b0fb972bc570e70f616acf) C:\Program Files\Zune\ZuneNss.exe
16:08:17.0172 2672 ZuneNetworkSvc - ok
16:08:17.0421 2672 ZuneWlanCfgSvc (e22e48654a66aa3e24f4646c6bc1756c) C:\Program Files\Zune\ZuneWlanCfgSvc.exe
16:08:17.0437 2672 ZuneWlanCfgSvc - ok
16:08:17.0515 2672 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:08:17.0811 2672 \Device\Harddisk0\DR0 - ok
16:08:17.0858 2672 MBR (0x1B8) (20c15ef2111b8472bbfe5e65b7c949e6) \Device\Harddisk1\DR1
16:08:20.0494 2672 \Device\Harddisk1\DR1 - ok
16:08:20.0510 2672 Boot (0x1200) (82d974efaace88f900db303a527fb33d) \Device\Harddisk0\DR0\Partition0
16:08:20.0526 2672 \Device\Harddisk0\DR0\Partition0 - ok
16:08:20.0557 2672 Boot (0x1200) (dd55f1b0291f234718f903a781b87063) \Device\Harddisk0\DR0\Partition1
16:08:20.0572 2672 \Device\Harddisk0\DR0\Partition1 - ok
16:08:20.0588 2672 Boot (0x1200) (7ce244512e51826af195c58feacfc1d4) \Device\Harddisk1\DR1\Partition0
16:08:20.0588 2672 \Device\Harddisk1\DR1\Partition0 - ok
16:08:20.0588 2672 ============================================================
16:08:20.0588 2672 Scan finished
16:08:20.0588 2672 ============================================================
16:08:20.0682 3676 Detected object count: 0
16:08:20.0682 3676 Actual detected object count: 0
16:10:18.0270 3544 Deinitialize success





GMER LOG

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-25 17:33:28
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0
Running: dech94m7.exe; Driver: C:\Users\branden\AppData\Local\Temp\pxdiyfog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13C1 81C54359 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81C8DD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [86C2DD56] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[944] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [61347849] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[944] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[944] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [61347917] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[944] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [613470AD] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[944] @ C:\Windows\system32\USER32.dll [GDI32.dll!GetStockObject] [6134649C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[944] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [61347917] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[944] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [613478C9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[944] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [613470AD] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[944] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[944] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[944] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [61347849] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[944] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [61347917] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[944] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [613470AD] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[944] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [613478C9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[944] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6134649C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[944] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [613463D7] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[944] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61346CC4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[944] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61346CC4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[944] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [613464A2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[944] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61346306] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[944] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61346344] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[944] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AnimateWindow] [61346537] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[944] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [613463D7] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[944] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61346CC4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[944] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6134649C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[944] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [61347849] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[944] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[944] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateFileA] [61346622] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[944] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateFileW] [6134657C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001F00] C:\Program Files\EgisTec MyWinLocker\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [10002AC0] C:\Program Files\EgisTec MyWinLocker\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\EgisTec MyWinLocker\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2052] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75C3FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75C3FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2052] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75C3FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75C3FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2052] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75C3FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2052] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75C3FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2052] @ C:\Windows\system32\secur32.dll [KERNEL32.dll!GetProcAddress] [75C3FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[3368] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75C3FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[3368] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75C3FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[3368] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75C3FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[3368] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75C3FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp tcpipBM.sys

Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbb2bb5c
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbb2bb5c (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_dech94m7.exe_b875219042151acea2a44c7b08b9dbc62c099_0c05cee2

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB62959$\3910236245 0 bytes
File C:\Windows\$NtUninstallKB62959$\509547599 0 bytes
File C:\Windows\$NtUninstallKB62959$\509547599\@ 2048 bytes
File C:\Windows\$NtUninstallKB62959$\509547599\L 0 bytes
File C:\Windows\$NtUninstallKB62959$\509547599\L\xadqgnnk 165648 bytes
File C:\Windows\$NtUninstallKB62959$\509547599\U 0 bytes

---- EOF - GMER 1.0.15 ----

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:26 PM

Posted 25 April 2012 - 11:39 PM

You have few rootkit traces still left on your PC.We may need advanced tools to remove it

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users