Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD and now missing some functionality


  • This topic is locked This topic is locked
35 replies to this topic

#1 RedSnow4

RedSnow4

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 26 May 2012 - 04:53 PM

I was advised by crptodan to seek help in the malware forum from http://www.bleepingcomputer.com/forums/topic450914.html

Basically, I got a BSOD and as a result, I had to revalidate my windows 7. The problem came after when some programs wouldn't work and the machine is stuck updating the same update over and over. If you read through the old thread, you will see some of the problems we encountered when we tried analysing the situation.

The DDS application would pop up and then a message would appear below the information for a split second and then close. It says that the application is incompatible with my machine. When I try running defogger, it also says that it is incompatible with my version of windows but I cant find a 64 bit version.

As for gmer, everything was greyed out except for Services, Registry, Files and the C drive so I couldn't check any of the other options. I still did the scan and I have attached the result

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:13 PM

Posted 01 June 2012 - 09:40 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

From your previous topic you have the msvbvm60.dll. It probably needs to be registered.

To register the msvbvm60.dll file, go to Start>Run. In the textbox paste the following: regsvr32 "C:\Windows\SysWOW64\msvbvm60.dll” (Make sure you include the quotes.) Press Enter and you will see a prompt after successful registration. Press OK button and the dll will be successfully registered.

Can you now run Malwarebytes?

Post the log if you can.

#3 RedSnow4

RedSnow4
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 01 June 2012 - 01:13 PM

Hello, nasdaq and thanks for helping me.

I did what you asked and this message popped up

Posted Image

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:13 PM

Posted 01 June 2012 - 03:29 PM

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe
rkill.com
rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

When complete without restarting the computer try to run any .exe files available.

#5 RedSnow4

RedSnow4
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 02 June 2012 - 01:41 PM

I tried running the tool as admin and these messages popped up

Posted Image

Posted Image

I did see the rkill window and it said it was terminating known malware programs so I let it run. A few hours passed and nothing changed so I just closed it since I knew the program should't take that long since I had used it in the past

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:13 PM

Posted 03 June 2012 - 07:57 AM

Please run these tools and post the logs if you can.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#7 RedSnow4

RedSnow4
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 03 June 2012 - 03:15 PM

The TDDS scan came up with no infected files. The Avast scan ran and after a little bit after the scan finished I got another BSOD. Thankfully nothing seems to have changed because of it.

This is the result of the TDDS scan
16:11:53.0196 7140 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
16:11:53.0899 7140 ============================================================
16:11:53.0899 7140 Current date / time: 2012/06/03 16:11:53.0899
16:11:53.0899 7140 SystemInfo:
16:11:53.0899 7140
16:11:53.0899 7140 OS Version: 6.1.7601 ServicePack: 1.0
16:11:53.0899 7140 Product type: Workstation
16:11:53.0900 7140 ComputerName: KENNY-PC
16:11:53.0900 7140 UserName: Kenny
16:11:53.0900 7140 Windows directory: C:\Windows
16:11:53.0900 7140 System windows directory: C:\Windows
16:11:53.0900 7140 Running under WOW64
16:11:53.0900 7140 Processor architecture: Intel x64
16:11:53.0900 7140 Number of processors: 4
16:11:53.0900 7140 Page size: 0x1000
16:11:53.0900 7140 Boot type: Normal boot
16:11:53.0900 7140 ============================================================
16:11:56.0007 7140 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:11:59.0683 7140 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:11:59.0922 7140 ============================================================
16:11:59.0923 7140 \Device\Harddisk0\DR0:
16:11:59.0963 7140 MBR partitions:
16:11:59.0963 7140 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2000800, BlocksNum 0x32000
16:11:59.0963 7140 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2032800, BlocksNum 0x38353000
16:11:59.0963 7140 \Device\Harddisk1\DR1:
16:11:59.0964 7140 MBR partitions:
16:11:59.0964 7140 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
16:11:59.0964 7140 ============================================================
16:12:00.0022 7140 C: <-> \Device\Harddisk0\DR0\Partition1
16:12:00.0049 7140 D: <-> \Device\Harddisk1\DR1\Partition0
16:12:00.0049 7140 ============================================================
16:12:00.0049 7140 Initialize success
16:12:00.0049 7140 ============================================================
16:12:01.0976 5648 ============================================================
16:12:01.0976 5648 Scan started
16:12:01.0976 5648 Mode: Manual;
16:12:01.0976 5648 ============================================================
16:12:05.0818 5648 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:12:05.0867 5648 1394ohci - ok
16:12:05.0988 5648 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:12:06.0023 5648 ACPI - ok
16:12:06.0093 5648 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:12:06.0144 5648 AcpiPmi - ok
16:12:06.0562 5648 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:12:06.0603 5648 AdobeARMservice - ok
16:12:06.0669 5648 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
16:12:06.0682 5648 adp94xx - ok
16:12:06.0823 5648 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
16:12:06.0852 5648 adpahci - ok
16:12:06.0867 5648 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
16:12:06.0872 5648 adpu320 - ok
16:12:06.0948 5648 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:12:06.0954 5648 AeLookupSvc - ok
16:12:07.0271 5648 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:12:07.0317 5648 AFD - ok
16:12:07.0630 5648 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:12:07.0670 5648 agp440 - ok
16:12:08.0094 5648 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:12:08.0135 5648 ALG - ok
16:12:08.0330 5648 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:12:08.0341 5648 aliide - ok
16:12:08.0491 5648 AMD External Events Utility (8df863f3fb78da82e3739e8f33fabb99) C:\Windows\system32\atiesrxx.exe
16:12:08.0538 5648 AMD External Events Utility - ok
16:12:08.0619 5648 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:12:08.0624 5648 amdide - ok
16:12:08.0644 5648 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
16:12:08.0652 5648 AmdK8 - ok
16:12:09.0534 5648 amdkmdag (7f0282dfdffdbc30256b26b3f5566ae2) C:\Windows\system32\DRIVERS\atikmdag.sys
16:12:10.0170 5648 amdkmdag - ok
16:12:10.0716 5648 amdkmdap (4cf78b1ee8a27740e6f4d50209ae5640) C:\Windows\system32\DRIVERS\atikmpag.sys
16:12:10.0747 5648 amdkmdap - ok
16:12:11.0490 5648 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
16:12:11.0523 5648 AmdPPM - ok
16:12:12.0206 5648 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:12:12.0334 5648 amdsata - ok
16:12:12.0400 5648 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
16:12:12.0411 5648 amdsbs - ok
16:12:12.0448 5648 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:12:12.0481 5648 amdxata - ok
16:12:12.0486 5648 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:12:12.0517 5648 AppID - ok
16:12:12.0586 5648 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:12:12.0589 5648 AppIDSvc - ok
16:12:12.0655 5648 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:12:12.0700 5648 Appinfo - ok
16:12:13.0017 5648 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:12:13.0063 5648 Apple Mobile Device - ok
16:12:13.0160 5648 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
16:12:13.0190 5648 arc - ok
16:12:13.0302 5648 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
16:12:13.0324 5648 arcsas - ok
16:12:13.0341 5648 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:12:13.0346 5648 AsyncMac - ok
16:12:13.0370 5648 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:12:13.0371 5648 atapi - ok
16:12:13.0464 5648 AthBTPort (cbe61b4494165f458bd87e37181ee934) C:\Windows\system32\DRIVERS\btath_flt.sys
16:12:13.0497 5648 AthBTPort - ok
16:12:13.0550 5648 AtherosSvc (21753130331188c4b474e1d3b396e629) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
16:12:13.0582 5648 AtherosSvc - ok
16:12:13.0807 5648 athr (c8679a07267f030704168e45e27c3d43) C:\Windows\system32\DRIVERS\athrx.sys
16:12:13.0952 5648 athr - ok
16:12:14.0560 5648 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:12:14.0606 5648 AudioEndpointBuilder - ok
16:12:14.0611 5648 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:12:14.0615 5648 AudioSrv - ok
16:12:14.0797 5648 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:12:14.0842 5648 AxInstSV - ok
16:12:15.0266 5648 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
16:12:15.0277 5648 b06bdrv - ok
16:12:15.0366 5648 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:12:15.0376 5648 b57nd60a - ok
16:12:16.0082 5648 BCM43XX (85111026f1c5a1c4cce3697f0da7bc1a) C:\Windows\system32\DRIVERS\bcmwl664.sys
16:12:16.0392 5648 BCM43XX - ok
16:12:16.0845 5648 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:12:16.0851 5648 BDESVC - ok
16:12:16.0920 5648 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:12:16.0926 5648 Beep - ok
16:12:16.0989 5648 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:12:17.0020 5648 BFE - ok
16:12:17.0084 5648 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
16:12:17.0168 5648 BITS - ok
16:12:17.0278 5648 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
16:12:17.0282 5648 blbdrive - ok
16:12:17.0782 5648 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
16:12:17.0817 5648 Bonjour Service - ok
16:12:18.0225 5648 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:12:18.0255 5648 bowser - ok
16:12:18.0283 5648 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
16:12:18.0287 5648 BrFiltLo - ok
16:12:18.0309 5648 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
16:12:18.0315 5648 BrFiltUp - ok
16:12:18.0395 5648 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:12:18.0449 5648 Browser - ok
16:12:18.0540 5648 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:12:18.0556 5648 Brserid - ok
16:12:18.0565 5648 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:12:18.0572 5648 BrSerWdm - ok
16:12:18.0579 5648 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:12:18.0583 5648 BrUsbMdm - ok
16:12:18.0589 5648 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:12:18.0591 5648 BrUsbSer - ok
16:12:19.0405 5648 BTATH_A2DP (fe70889a85c57a9268101b2db0474509) C:\Windows\system32\drivers\btath_a2dp.sys
16:12:19.0512 5648 BTATH_A2DP - ok
16:12:19.0590 5648 BTATH_BUS (a83a91d07d1fe6bbe7a9db46ca00434b) C:\Windows\system32\DRIVERS\btath_bus.sys
16:12:19.0621 5648 BTATH_BUS - ok
16:12:19.0843 5648 BTATH_HCRP (c864ff85ee16d61c2bdd5ef76824625f) C:\Windows\system32\DRIVERS\btath_hcrp.sys
16:12:19.0900 5648 BTATH_HCRP - ok
16:12:19.0949 5648 BTATH_LWFLT (0dea505efb5d771826d177ef8b8a208f) C:\Windows\system32\DRIVERS\btath_lwflt.sys
16:12:19.0986 5648 BTATH_LWFLT - ok
16:12:20.0057 5648 BTATH_RCP (724c8088c96efe7a3e63fec21d4681c0) C:\Windows\system32\DRIVERS\btath_rcp.sys
16:12:20.0091 5648 BTATH_RCP - ok
16:12:20.0208 5648 BtFilter (aa0f5afcf077c5246589b32eceeae566) C:\Windows\system32\DRIVERS\btfilter.sys
16:12:20.0263 5648 BtFilter - ok
16:12:20.0375 5648 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
16:12:20.0408 5648 BthEnum - ok
16:12:20.0499 5648 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
16:12:20.0502 5648 BTHMODEM - ok
16:12:20.0805 5648 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
16:12:20.0836 5648 BthPan - ok
16:12:20.0990 5648 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
16:12:21.0036 5648 BTHPORT - ok
16:12:21.0085 5648 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:12:21.0088 5648 bthserv - ok
16:12:21.0169 5648 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
16:12:21.0226 5648 BTHUSB - ok
16:12:21.0334 5648 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:12:21.0338 5648 cdfs - ok
16:12:21.0406 5648 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:12:21.0443 5648 cdrom - ok
16:12:21.0474 5648 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:12:21.0498 5648 CertPropSvc - ok
16:12:21.0529 5648 cfwids (75f91554e5fa6e962b880405fecc97a1) C:\Windows\system32\drivers\cfwids.sys
16:12:21.0570 5648 cfwids - ok
16:12:21.0585 5648 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
16:12:21.0588 5648 circlass - ok
16:12:21.0663 5648 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:12:21.0670 5648 CLFS - ok
16:12:21.0824 5648 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:12:21.0827 5648 clr_optimization_v2.0.50727_32 - ok
16:12:21.0874 5648 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:12:21.0878 5648 clr_optimization_v2.0.50727_64 - ok
16:12:22.0648 5648 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:12:22.0796 5648 clr_optimization_v4.0.30319_32 - ok
16:12:22.0856 5648 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:12:22.0902 5648 clr_optimization_v4.0.30319_64 - ok
16:12:23.0057 5648 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
16:12:23.0060 5648 CmBatt - ok
16:12:23.0151 5648 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:12:23.0161 5648 cmdide - ok
16:12:23.0366 5648 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:12:23.0394 5648 CNG - ok
16:12:23.0433 5648 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
16:12:23.0436 5648 Compbatt - ok
16:12:23.0496 5648 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:12:23.0568 5648 CompositeBus - ok
16:12:23.0570 5648 COMSysApp - ok
16:12:23.0586 5648 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
16:12:23.0588 5648 crcdisk - ok
16:12:23.0637 5648 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
16:12:23.0688 5648 CryptSvc - ok
16:12:23.0959 5648 DAUpdaterSvc (914a7156b0c0f10be645a02e13f576b2) C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
16:12:24.0009 5648 DAUpdaterSvc - ok
16:12:24.0124 5648 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
16:12:24.0185 5648 dc3d - ok
16:12:24.0289 5648 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:12:24.0292 5648 DcomLaunch - ok
16:12:24.0374 5648 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:12:24.0409 5648 defragsvc - ok
16:12:24.0482 5648 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:12:24.0512 5648 DfsC - ok
16:12:24.0534 5648 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:12:24.0558 5648 Dhcp - ok
16:12:24.0617 5648 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:12:24.0620 5648 discache - ok
16:12:24.0642 5648 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
16:12:24.0646 5648 Disk - ok
16:12:24.0697 5648 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:12:24.0721 5648 Dnscache - ok
16:12:24.0767 5648 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:12:24.0837 5648 dot3svc - ok
16:12:24.0849 5648 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:12:24.0879 5648 DPS - ok
16:12:24.0937 5648 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:12:24.0941 5648 drmkaud - ok
16:12:25.0105 5648 DsiWMIService (4ab2a58816cc6be771f1d8c768b804c5) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
16:12:25.0166 5648 DsiWMIService - ok
16:12:25.0275 5648 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:12:25.0339 5648 DXGKrnl - ok
16:12:25.0453 5648 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:12:25.0457 5648 EapHost - ok
16:12:25.0789 5648 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
16:12:26.0307 5648 ebdrv - ok
16:12:26.0792 5648 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:12:26.0824 5648 EFS - ok
16:12:27.0229 5648 EgisTec Ticket Service (03e6888da1a85acf14ac2a3c328a9e62) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
16:12:27.0266 5648 EgisTec Ticket Service - ok
16:12:27.0814 5648 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:12:27.0857 5648 ehRecvr - ok
16:12:28.0010 5648 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:12:28.0021 5648 ehSched - ok
16:12:28.0214 5648 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
16:12:28.0246 5648 elxstor - ok
16:12:29.0044 5648 ePowerSvc (eb1c213a8550f066b2ccc29c9f41e2ae) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
16:12:29.0172 5648 ePowerSvc - ok
16:12:29.0879 5648 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:12:29.0886 5648 ErrDev - ok
16:12:30.0064 5648 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:12:30.0079 5648 EventSystem - ok
16:12:30.0310 5648 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:12:30.0342 5648 exfat - ok
16:12:30.0601 5648 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:12:30.0607 5648 fastfat - ok
16:12:30.0934 5648 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:12:30.0999 5648 Fax - ok
16:12:31.0091 5648 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
16:12:31.0094 5648 fdc - ok
16:12:31.0230 5648 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:12:31.0238 5648 fdPHost - ok
16:12:31.0404 5648 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:12:31.0406 5648 FDResPub - ok
16:12:31.0714 5648 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:12:31.0717 5648 FileInfo - ok
16:12:31.0827 5648 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:12:31.0835 5648 Filetrace - ok
16:12:32.0350 5648 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:12:32.0401 5648 FLEXnet Licensing Service - ok
16:12:32.0477 5648 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
16:12:32.0501 5648 flpydisk - ok
16:12:32.0561 5648 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:12:32.0594 5648 FltMgr - ok
16:12:32.0797 5648 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:12:32.0826 5648 FontCache - ok
16:12:33.0392 5648 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:12:33.0459 5648 FontCache3.0.0.0 - ok
16:12:33.0579 5648 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:12:33.0583 5648 FsDepends - ok
16:12:33.0621 5648 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:12:33.0622 5648 Fs_Rec - ok
16:12:33.0674 5648 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:12:33.0708 5648 fvevol - ok
16:12:33.0733 5648 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
16:12:33.0737 5648 gagp30kx - ok
16:12:33.0868 5648 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
16:12:33.0910 5648 GamesAppService - ok
16:12:34.0029 5648 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:12:34.0065 5648 GEARAspiWDM - ok
16:12:34.0193 5648 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:12:34.0223 5648 gpsvc - ok
16:12:34.0279 5648 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
16:12:34.0323 5648 GREGService - ok
16:12:34.0360 5648 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:12:34.0362 5648 hcw85cir - ok
16:12:34.0410 5648 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:12:34.0452 5648 HdAudAddService - ok
16:12:34.0484 5648 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:12:34.0516 5648 HDAudBus - ok
16:12:34.0519 5648 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
16:12:34.0522 5648 HidBatt - ok
16:12:34.0550 5648 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
16:12:34.0553 5648 HidBth - ok
16:12:34.0558 5648 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
16:12:34.0561 5648 HidIr - ok
16:12:34.0707 5648 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
16:12:34.0710 5648 hidserv - ok
16:12:34.0918 5648 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:12:34.0952 5648 HidUsb - ok
16:12:35.0273 5648 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:12:35.0349 5648 hkmsvc - ok
16:12:35.0436 5648 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:12:35.0463 5648 HomeGroupListener - ok
16:12:35.0520 5648 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:12:35.0544 5648 HomeGroupProvider - ok
16:12:35.0780 5648 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:12:35.0838 5648 HpSAMD - ok
16:12:36.0094 5648 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:12:36.0131 5648 HTTP - ok
16:12:36.0240 5648 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:12:36.0267 5648 hwpolicy - ok
16:12:36.0495 5648 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:12:36.0539 5648 i8042prt - ok
16:12:36.0713 5648 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\drivers\iaStor.sys
16:12:36.0716 5648 iaStor - ok
16:12:37.0193 5648 IAStorDataMgrSvc (983fc69644ddf0486c8dfea262948d1a) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
16:12:37.0225 5648 IAStorDataMgrSvc - ok
16:12:39.0945 5648 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:12:40.0181 5648 iaStorV - ok
16:12:40.0397 5648 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:12:40.0476 5648 idsvc - ok
16:12:40.0520 5648 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
16:12:40.0531 5648 iirsp - ok
16:12:40.0712 5648 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:12:40.0768 5648 IKEEXT - ok
16:12:41.0084 5648 IntcAzAudAddService (b60accd29f8fafc4a6344cd2bd5ca3a5) C:\Windows\system32\drivers\RTKVHD64.sys
16:12:41.0226 5648 IntcAzAudAddService - ok
16:12:41.0481 5648 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
16:12:41.0543 5648 IntcDAud - ok
16:12:41.0607 5648 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:12:41.0609 5648 intelide - ok
16:12:43.0382 5648 intelkmd (795c99dc4f574c97c03d0bb39cf099ee) C:\Windows\system32\DRIVERS\igdpmd64.sys
16:12:43.0992 5648 intelkmd - ok
16:12:45.0034 5648 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:12:45.0046 5648 intelppm - ok
16:12:45.0182 5648 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:12:45.0187 5648 IPBusEnum - ok
16:12:45.0284 5648 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:12:45.0315 5648 IpFilterDriver - ok
16:12:45.0790 5648 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:12:45.0830 5648 iphlpsvc - ok
16:12:45.0990 5648 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:12:46.0051 5648 IPMIDRV - ok
16:12:46.0094 5648 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:12:46.0101 5648 IPNAT - ok
16:12:46.0917 5648 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
16:12:46.0965 5648 iPod Service - ok
16:12:47.0053 5648 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:12:47.0055 5648 IRENUM - ok
16:12:47.0106 5648 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:12:47.0110 5648 isapnp - ok
16:12:47.0336 5648 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:12:47.0471 5648 iScsiPrt - ok
16:12:47.0818 5648 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:12:47.0822 5648 kbdclass - ok
16:12:48.0016 5648 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:12:48.0068 5648 kbdhid - ok
16:12:48.0200 5648 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:12:48.0206 5648 KeyIso - ok
16:12:48.0550 5648 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:12:48.0601 5648 KSecDD - ok
16:12:49.0019 5648 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:12:49.0066 5648 KSecPkg - ok
16:12:49.0120 5648 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:12:49.0124 5648 ksthunk - ok
16:12:49.0200 5648 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:12:49.0219 5648 KtmRm - ok
16:12:49.0347 5648 L1C (0e154da6ca9105354a07d0c576804037) C:\Windows\system32\DRIVERS\L1C62x64.sys
16:12:49.0386 5648 L1C - ok
16:12:49.0562 5648 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
16:12:49.0598 5648 LanmanServer - ok
16:12:50.0338 5648 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:12:50.0361 5648 LanmanWorkstation - ok
16:12:50.0658 5648 Live Updater Service (6bcee9c766815bfff89de7d81af34ce1) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
16:12:50.0721 5648 Live Updater Service - ok
16:12:50.0812 5648 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:12:50.0824 5648 lltdio - ok
16:12:50.0923 5648 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:12:51.0024 5648 lltdsvc - ok
16:12:51.0103 5648 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:12:51.0117 5648 lmhosts - ok
16:12:51.0502 5648 LMS (50c7ce53ef461870410355f1f2e7d515) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
16:12:51.0560 5648 LMS - ok
16:12:51.0630 5648 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
16:12:51.0634 5648 LSI_FC - ok
16:12:51.0695 5648 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
16:12:51.0700 5648 LSI_SAS - ok
16:12:51.0707 5648 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
16:12:51.0711 5648 LSI_SAS2 - ok
16:12:51.0806 5648 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
16:12:51.0814 5648 LSI_SCSI - ok
16:12:52.0028 5648 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:12:52.0035 5648 luafv - ok
16:12:52.0393 5648 McAfee SiteAdvisor Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:12:52.0425 5648 McAfee SiteAdvisor Service - ok
16:12:52.0641 5648 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
16:12:52.0733 5648 McComponentHostService - ok
16:12:52.0801 5648 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:12:52.0803 5648 McMPFSvc - ok
16:12:52.0832 5648 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
16:12:52.0834 5648 mcmscsvc - ok
16:12:52.0840 5648 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
16:12:52.0841 5648 McNaiAnn - ok
16:12:52.0847 5648 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
16:12:52.0849 5648 McNASvc - ok
16:12:53.0258 5648 McODS (07b89e7de2f7971cf7eef0262207c4de) C:\Program Files\mcafee\VirusScan\mcods.exe
16:12:53.0319 5648 McODS - ok
16:12:53.0325 5648 McOobeSv (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
16:12:53.0326 5648 McOobeSv - ok
16:12:53.0332 5648 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
16:12:53.0334 5648 McProxy - ok
16:12:53.0600 5648 McShield (fe2644bd69a1cd00dc0b9d36e7286592) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
16:12:53.0659 5648 McShield - ok
16:12:54.0322 5648 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:12:54.0354 5648 Mcx2Svc - ok
16:12:54.0689 5648 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
16:12:54.0762 5648 megasas - ok
16:12:55.0137 5648 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
16:12:55.0271 5648 MegaSR - ok
16:12:55.0754 5648 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys
16:12:55.0814 5648 MEIx64 - ok
16:12:56.0037 5648 mfeapfk (eac376dd77ec9e95d38108a27c261dca) C:\Windows\system32\drivers\mfeapfk.sys
16:12:56.0089 5648 mfeapfk - ok
16:12:56.0162 5648 mfeavfk (f55f50b11d635658f346db0457bb2b79) C:\Windows\system32\drivers\mfeavfk.sys
16:12:56.0217 5648 mfeavfk - ok
16:12:56.0381 5648 mfeavfk01 - ok
16:12:56.0583 5648 mfefire (c1bb6e71830e029aba38a2e34449d5e0) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
16:12:56.0635 5648 mfefire - ok
16:12:56.0833 5648 mfefirek (33b8e35c5839a83d6700aab3e464553b) C:\Windows\system32\drivers\mfefirek.sys
16:12:56.0900 5648 mfefirek - ok
16:12:57.0467 5648 mfehidk (ada8c105c8f9a61284c75157c170585b) C:\Windows\system32\drivers\mfehidk.sys
16:12:57.0551 5648 mfehidk - ok
16:12:57.0683 5648 mfenlfk (c52ee6d1e1e5a69c989acc478051964e) C:\Windows\system32\DRIVERS\mfenlfk.sys
16:12:57.0747 5648 mfenlfk - ok
16:12:57.0839 5648 mferkdet (b000720e19ef733f938a6269d630f5dd) C:\Windows\system32\drivers\mferkdet.sys
16:12:57.0871 5648 mferkdet - ok
16:12:58.0004 5648 mfevtp (6293c0c086f3c3efb663b3d1281df4b8) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
16:12:58.0039 5648 mfevtp - ok
16:12:58.0431 5648 mfewfpk (62717ab68b38efee54678b85e19b0538) C:\Windows\system32\drivers\mfewfpk.sys
16:12:58.0549 5648 mfewfpk - ok
16:12:58.0796 5648 Microsoft SharePoint Workspace Audit Service - ok
16:12:58.0906 5648 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:12:58.0909 5648 MMCSS - ok
16:12:59.0035 5648 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:12:59.0041 5648 Modem - ok
16:12:59.0353 5648 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:12:59.0359 5648 monitor - ok
16:12:59.0984 5648 MotioninJoyXFilter (eb03d4164e7f10b601d280413655ade4) C:\Windows\system32\DRIVERS\MijXfilt.sys
16:13:00.0105 5648 MotioninJoyXFilter - ok
16:13:00.0221 5648 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:13:00.0226 5648 mouclass - ok
16:13:00.0311 5648 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:13:00.0323 5648 mouhid - ok
16:13:00.0372 5648 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:13:00.0418 5648 mountmgr - ok
16:13:00.0579 5648 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
16:13:00.0649 5648 MpFilter - ok
16:13:00.0790 5648 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:13:00.0836 5648 mpio - ok
16:13:01.0469 5648 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
16:13:01.0517 5648 MpNWMon - ok
16:13:01.0607 5648 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:13:01.0618 5648 mpsdrv - ok
16:13:01.0861 5648 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:13:01.0910 5648 MpsSvc - ok
16:13:02.0072 5648 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:13:02.0140 5648 MRxDAV - ok
16:13:02.0329 5648 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:13:02.0368 5648 mrxsmb - ok
16:13:02.0658 5648 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:13:02.0719 5648 mrxsmb10 - ok
16:13:02.0762 5648 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:13:02.0793 5648 mrxsmb20 - ok
16:13:02.0913 5648 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:13:02.0961 5648 msahci - ok
16:13:02.0999 5648 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:13:03.0039 5648 msdsm - ok
16:13:03.0110 5648 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:13:03.0115 5648 MSDTC - ok
16:13:03.0186 5648 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:13:03.0192 5648 Msfs - ok
16:13:03.0257 5648 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:13:03.0264 5648 mshidkmdf - ok
16:13:03.0406 5648 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:13:03.0412 5648 msisadrv - ok
16:13:03.0591 5648 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:13:03.0602 5648 MSiSCSI - ok
16:13:03.0606 5648 msiserver - ok
16:13:04.0029 5648 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:13:04.0033 5648 MSK80Service - ok
16:13:04.0078 5648 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:13:04.0087 5648 MSKSSRV - ok
16:13:04.0407 5648 MsMpSvc (157e9e498206a3366baa7e4697bdd947) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
16:13:04.0456 5648 MsMpSvc - ok
16:13:04.0500 5648 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:13:04.0504 5648 MSPCLOCK - ok
16:13:04.0534 5648 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:13:04.0536 5648 MSPQM - ok
16:13:04.0704 5648 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:13:04.0764 5648 MsRPC - ok
16:13:04.0911 5648 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:13:04.0917 5648 mssmbios - ok
16:13:04.0975 5648 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:13:04.0981 5648 MSTEE - ok
16:13:04.0993 5648 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
16:13:04.0996 5648 MTConfig - ok
16:13:05.0214 5648 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:13:05.0219 5648 Mup - ok
16:13:05.0325 5648 mwlPSDFilter (9b1eac6faf6f37305e822f5588dc8056) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
16:13:05.0358 5648 mwlPSDFilter - ok
16:13:05.0420 5648 mwlPSDNServ (ad55c1524b296280ed9c6e0d730d35da) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
16:13:05.0480 5648 mwlPSDNServ - ok
16:13:05.0617 5648 mwlPSDVDisk (2b599e6ec8843637bdd62e7f8f3ba201) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
16:13:05.0681 5648 mwlPSDVDisk - ok
16:13:05.0928 5648 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:13:05.0973 5648 napagent - ok
16:13:06.0131 5648 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:13:06.0139 5648 NativeWifiP - ok
16:13:06.0297 5648 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
16:13:06.0340 5648 NDIS - ok
16:13:06.0510 5648 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:13:06.0519 5648 NdisCap - ok
16:13:06.0960 5648 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:13:06.0962 5648 NdisTapi - ok
16:13:07.0166 5648 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:13:07.0196 5648 Ndisuio - ok
16:13:07.0271 5648 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:13:07.0303 5648 NdisWan - ok
16:13:07.0519 5648 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:13:07.0661 5648 NDProxy - ok
16:13:07.0977 5648 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:13:08.0017 5648 NetBIOS - ok
16:13:08.0292 5648 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:13:08.0352 5648 NetBT - ok
16:13:08.0468 5648 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:13:08.0470 5648 Netlogon - ok
16:13:08.0690 5648 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:13:08.0698 5648 Netman - ok
16:13:08.0829 5648 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:13:08.0836 5648 netprofm - ok
16:13:09.0057 5648 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:13:09.0068 5648 NetTcpPortSharing - ok
16:13:09.0135 5648 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
16:13:09.0138 5648 nfrd960 - ok
16:13:09.0365 5648 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:13:09.0435 5648 NisDrv - ok
16:13:09.0872 5648 NisSrv (566ddd5d82520da01d75f81428ac4c38) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
16:13:09.0970 5648 NisSrv - ok
16:13:10.0541 5648 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:13:10.0577 5648 NlaSvc - ok
16:13:11.0138 5648 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
16:13:11.0761 5648 NOBU - ok
16:13:12.0941 5648 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:13:12.0948 5648 Npfs - ok
16:13:13.0043 5648 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:13:13.0047 5648 nsi - ok
16:13:13.0162 5648 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:13:13.0167 5648 nsiproxy - ok
16:13:13.0354 5648 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:13:13.0435 5648 Ntfs - ok
16:13:13.0810 5648 NTI IScheduleSvc (6cc09d2f0ba4a09babc3c41b8fd888f7) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
16:13:13.0858 5648 NTI IScheduleSvc - ok
16:13:14.0364 5648 NTIDrvr (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys
16:13:14.0420 5648 NTIDrvr - ok
16:13:14.0491 5648 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys
16:13:14.0521 5648 NuidFltr - ok
16:13:14.0592 5648 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:13:14.0604 5648 Null - ok
16:13:15.0350 5648 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:13:15.0427 5648 nvraid - ok
16:13:16.0193 5648 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:13:16.0358 5648 nvstor - ok
16:13:16.0617 5648 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:13:16.0678 5648 nv_agp - ok
16:13:17.0409 5648 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:13:17.0496 5648 ohci1394 - ok
16:13:17.0719 5648 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:13:17.0776 5648 ose - ok
16:13:18.0951 5648 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:13:19.0455 5648 osppsvc - ok
16:13:20.0012 5648 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:13:20.0022 5648 p2pimsvc - ok
16:13:20.0333 5648 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:13:20.0408 5648 p2psvc - ok
16:13:20.0716 5648 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
16:13:20.0726 5648 Parport - ok
16:13:20.0877 5648 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:13:20.0936 5648 partmgr - ok
16:13:21.0022 5648 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:13:21.0037 5648 PcaSvc - ok
16:13:21.0310 5648 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:13:21.0365 5648 pci - ok
16:13:21.0438 5648 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:13:21.0446 5648 pciide - ok
16:13:21.0514 5648 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
16:13:21.0522 5648 pcmcia - ok
16:13:21.0719 5648 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:13:21.0724 5648 pcw - ok
16:13:22.0083 5648 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:13:22.0163 5648 PEAUTH - ok
16:13:22.0302 5648 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:13:22.0305 5648 PerfHost - ok
16:13:22.0680 5648 pfc - ok
16:13:22.0833 5648 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:13:22.0964 5648 pla - ok
16:13:23.0202 5648 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:13:23.0259 5648 PlugPlay - ok
16:13:23.0840 5648 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:13:23.0845 5648 PNRPAutoReg - ok
16:13:23.0895 5648 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:13:23.0897 5648 PNRPsvc - ok
16:13:24.0368 5648 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
16:13:24.0426 5648 Point64 - ok
16:13:24.0597 5648 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:13:24.0627 5648 PolicyAgent - ok
16:13:24.0741 5648 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:13:24.0754 5648 Power - ok
16:13:24.0922 5648 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:13:24.0974 5648 PptpMiniport - ok
16:13:25.0048 5648 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
16:13:25.0051 5648 Processor - ok
16:13:25.0252 5648 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
16:13:25.0276 5648 ProfSvc - ok
16:13:25.0369 5648 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:13:25.0372 5648 ProtectedStorage - ok
16:13:25.0524 5648 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:13:25.0592 5648 Psched - ok
16:13:25.0785 5648 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
16:13:25.0826 5648 ql2300 - ok
16:13:26.0536 5648 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
16:13:26.0546 5648 ql40xx - ok
16:13:26.0747 5648 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:13:26.0765 5648 QWAVE - ok
16:13:26.0950 5648 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:13:26.0955 5648 QWAVEdrv - ok
16:13:26.0958 5648 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:13:26.0961 5648 RasAcd - ok
16:13:27.0244 5648 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:13:27.0323 5648 RasAgileVpn - ok
16:13:27.0511 5648 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:13:27.0528 5648 RasAuto - ok
16:13:27.0881 5648 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:13:27.0967 5648 Rasl2tp - ok
16:13:28.0121 5648 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:13:28.0174 5648 RasMan - ok
16:13:28.0288 5648 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:13:28.0297 5648 RasPppoe - ok
16:13:28.0408 5648 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:13:28.0415 5648 RasSstp - ok
16:13:28.0617 5648 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:13:28.0680 5648 rdbss - ok
16:13:28.0798 5648 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
16:13:28.0808 5648 rdpbus - ok
16:13:28.0867 5648 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:13:28.0869 5648 RDPCDD - ok
16:13:29.0131 5648 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:13:29.0146 5648 RDPENCDD - ok
16:13:29.0583 5648 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:13:29.0587 5648 RDPREFMP - ok
16:13:30.0035 5648 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
16:13:30.0138 5648 RDPWD - ok
16:13:30.0253 5648 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:13:30.0317 5648 rdyboost - ok
16:13:30.0830 5648 ReflectService.exe (3a60454a7f4615c49279c40b43621d26) C:\Program Files\Macrium\Reflect\ReflectService.exe
16:13:30.0895 5648 ReflectService.exe - ok
16:13:31.0156 5648 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:13:31.0198 5648 RemoteAccess - ok
16:13:31.0306 5648 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:13:31.0317 5648 RemoteRegistry - ok
16:13:31.0984 5648 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
16:13:32.0049 5648 RFCOMM - ok
16:13:32.0116 5648 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:13:32.0121 5648 RpcEptMapper - ok
16:13:32.0150 5648 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:13:32.0155 5648 RpcLocator - ok
16:13:32.0377 5648 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:13:32.0382 5648 RpcSs - ok
16:13:32.0552 5648 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:13:32.0556 5648 rspndr - ok
16:13:32.0655 5648 RSUSBSTOR (9beb5f18a418ff70659ce2e356829568) C:\Windows\System32\Drivers\RtsUStor.sys
16:13:32.0756 5648 RSUSBSTOR - ok
16:13:32.0856 5648 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:13:32.0858 5648 SamSs - ok
16:13:32.0895 5648 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:13:32.0940 5648 sbp2port - ok
16:13:33.0144 5648 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:13:33.0209 5648 SCardSvr - ok
16:13:33.0393 5648 SCDEmu (b2f50286dc82b93c013e3fc57ba1a956) C:\Windows\system32\drivers\SCDEmu.sys
16:13:33.0440 5648 SCDEmu - ok
16:13:33.0581 5648 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:13:33.0626 5648 scfilter - ok
16:13:33.0909 5648 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:13:33.0955 5648 Schedule - ok
16:13:34.0018 5648 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:13:34.0021 5648 SCPolicySvc - ok
16:13:34.0116 5648 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:13:34.0143 5648 SDRSVC - ok
16:13:34.0333 5648 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:13:34.0340 5648 secdrv - ok
16:13:34.0462 5648 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:13:34.0502 5648 seclogon - ok
16:13:34.0587 5648 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
16:13:34.0600 5648 SENS - ok
16:13:35.0089 5648 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:13:35.0096 5648 SensrSvc - ok
16:13:35.0115 5648 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
16:13:35.0118 5648 Serenum - ok
16:13:35.0142 5648 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
16:13:35.0145 5648 Serial - ok
16:13:35.0209 5648 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
16:13:35.0216 5648 sermouse - ok
16:13:35.0501 5648 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:13:35.0578 5648 SessionEnv - ok
16:13:35.0582 5648 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:13:35.0586 5648 sffdisk - ok
16:13:35.0589 5648 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:13:35.0593 5648 sffp_mmc - ok
16:13:35.0598 5648 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:13:35.0626 5648 sffp_sd - ok
16:13:35.0817 5648 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
16:13:35.0826 5648 sfloppy - ok
16:13:36.0003 5648 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:13:36.0012 5648 SharedAccess - ok
16:13:36.0209 5648 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:13:36.0239 5648 ShellHWDetection - ok
16:13:36.0301 5648 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
16:13:36.0312 5648 SiSRaid2 - ok
16:13:36.0371 5648 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
16:13:36.0380 5648 SiSRaid4 - ok
16:13:36.0697 5648 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe
16:13:50.0619 5648 SkypeUpdate - ok
16:13:50.0697 5648 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:13:50.0704 5648 Smb - ok
16:13:50.0844 5648 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:13:50.0849 5648 SNMPTRAP - ok
16:13:50.0978 5648 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:13:50.0984 5648 spldr - ok
16:13:51.0114 5648 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:13:51.0213 5648 Spooler - ok
16:13:51.0540 5648 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:13:51.0598 5648 sppsvc - ok
16:13:52.0344 5648 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:13:52.0354 5648 sppuinotify - ok
16:13:52.0999 5648 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:13:53.0093 5648 srv - ok
16:13:53.0298 5648 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:13:53.0359 5648 srv2 - ok
16:13:53.0529 5648 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:13:53.0565 5648 srvnet - ok
16:13:53.0675 5648 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:13:53.0687 5648 SSDPSRV - ok
16:13:53.0725 5648 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:13:53.0731 5648 SstpSvc - ok
16:13:54.0016 5648 Steam Client Service - ok
16:13:54.0135 5648 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
16:13:54.0140 5648 stexstor - ok
16:13:54.0394 5648 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:13:54.0451 5648 stisvc - ok
16:13:54.0581 5648 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:13:54.0591 5648 swenum - ok
16:13:55.0133 5648 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
16:13:55.0193 5648 SwitchBoard - ok
16:13:55.0359 5648 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:13:55.0379 5648 swprv - ok
16:13:55.0630 5648 SynTP (ef51b22706db03f0857fade127c804ec) C:\Windows\system32\DRIVERS\SynTP.sys
16:13:55.0666 5648 SynTP - ok
16:13:56.0473 5648 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:13:56.0509 5648 SysMain - ok
16:13:56.0837 5648 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:13:56.0893 5648 TabletInputService - ok
16:13:57.0148 5648 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:13:57.0195 5648 TapiSrv - ok
16:13:57.0653 5648 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:13:57.0657 5648 TBS - ok
16:13:58.0292 5648 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:13:58.0472 5648 Tcpip - ok
16:13:59.0373 5648 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:13:59.0383 5648 TCPIP6 - ok
16:13:59.0976 5648 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:14:00.0006 5648 tcpipreg - ok
16:14:00.0066 5648 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:14:00.0071 5648 TDPIPE - ok
16:14:00.0210 5648 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:14:00.0246 5648 TDTCP - ok
16:14:00.0318 5648 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:14:00.0425 5648 tdx - ok
16:14:00.0604 5648 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:14:00.0628 5648 TermDD - ok
16:14:00.0976 5648 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:14:01.0024 5648 TermService - ok
16:14:01.0168 5648 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:14:01.0176 5648 Themes - ok
16:14:01.0305 5648 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:14:01.0306 5648 THREADORDER - ok
16:14:01.0404 5648 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:14:01.0408 5648 TrkWks - ok
16:14:01.0819 5648 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:14:01.0934 5648 TrustedInstaller - ok
16:14:02.0040 5648 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:14:02.0075 5648 tssecsrv - ok
16:14:02.0198 5648 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:14:02.0265 5648 TsUsbFlt - ok
16:14:02.0269 5648 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
16:14:02.0301 5648 TsUsbGD - ok
16:14:02.0620 5648 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:14:02.0649 5648 tunnel - ok
16:14:02.0704 5648 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
16:14:02.0740 5648 TurboB - ok
16:14:03.0289 5648 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
16:14:03.0339 5648 TurboBoost - ok
16:14:03.0391 5648 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
16:14:03.0395 5648 uagp35 - ok
16:14:03.0530 5648 UBHelper (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys
16:14:03.0571 5648 UBHelper - ok
16:14:03.0659 5648 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:14:03.0718 5648 udfs - ok
16:14:03.0778 5648 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:14:03.0783 5648 UI0Detect - ok
16:14:03.0816 5648 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:14:03.0819 5648 uliagpkx - ok
16:14:03.0961 5648 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
16:14:04.0000 5648 umbus - ok
16:14:04.0064 5648 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
16:14:04.0066 5648 UmPass - ok
16:14:04.0602 5648 UNS (374ebda379a8f38e0cfc2211611e7167) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
16:14:04.0678 5648 UNS - ok
16:14:05.0044 5648 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:14:05.0051 5648 upnphost - ok
16:14:05.0314 5648 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
16:14:05.0364 5648 USBAAPL64 - ok
16:14:05.0499 5648 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:14:05.0537 5648 usbccgp - ok
16:14:05.0757 5648 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:14:05.0804 5648 usbcir - ok
16:14:06.0086 5648 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
16:14:06.0147 5648 usbehci - ok
16:14:06.0298 5648 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:14:06.0406 5648 usbhub - ok
16:14:06.0669 5648 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:14:06.0880 5648 usbohci - ok
16:14:06.0970 5648 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:14:06.0977 5648 usbprint - ok
16:14:07.0331 5648 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:14:07.0384 5648 usbscan - ok
16:14:07.0488 5648 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:14:07.0551 5648 USBSTOR - ok
16:14:07.0763 5648 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:14:08.0041 5648 usbuhci - ok
16:14:08.0380 5648 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
16:14:08.0619 5648 usbvideo - ok
16:14:09.0302 5648 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:14:09.0305 5648 UxSms - ok
16:14:09.0419 5648 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:14:09.0420 5648 VaultSvc - ok
16:14:09.0585 5648 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:14:09.0589 5648 vdrvroot - ok
16:14:09.0740 5648 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:14:09.0797 5648 vds - ok
16:14:09.0845 5648 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:14:09.0847 5648 vga - ok
16:14:09.0972 5648 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:14:09.0987 5648 VgaSave - ok
16:14:10.0061 5648 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:14:10.0161 5648 vhdmp - ok
16:14:10.0212 5648 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:14:10.0215 5648 viaide - ok
16:14:10.0294 5648 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:14:10.0325 5648 volmgr - ok
16:14:10.0444 5648 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:14:10.0478 5648 volmgrx - ok
16:14:10.0852 5648 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:14:10.0971 5648 volsnap - ok
16:14:11.0616 5648 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
16:14:11.0740 5648 vsmraid - ok
16:14:12.0155 5648 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:14:12.0527 5648 VSS - ok
16:14:12.0841 5648 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:14:12.0845 5648 vwifibus - ok
16:14:12.0867 5648 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:14:12.0871 5648 vwififlt - ok
16:14:12.0968 5648 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:14:13.0018 5648 W32Time - ok
16:14:13.0073 5648 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
16:14:13.0079 5648 WacomPen - ok
16:14:13.0184 5648 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:14:13.0237 5648 WANARP - ok
16:14:13.0278 5648 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:14:13.0280 5648 Wanarpv6 - ok
16:14:13.0736 5648 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
16:14:13.0975 5648 WatAdminSvc - ok
16:14:15.0159 5648 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:14:15.0470 5648 wbengine - ok
16:14:15.0807 5648 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:14:15.0816 5648 WbioSrvc - ok
16:14:15.0907 5648 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:14:15.0910 5648 wcncsvc - ok
16:14:15.0934 5648 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:14:15.0937 5648 WcsPlugInService - ok
16:14:16.0053 5648 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
16:14:16.0058 5648 Wd - ok
16:14:16.0165 5648 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:14:16.0177 5648 Wdf01000 - ok
16:14:16.0223 5648 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:14:16.0228 5648 WdiServiceHost - ok
16:14:16.0231 5648 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:14:16.0232 5648 WdiSystemHost - ok
16:14:16.0284 5648 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:14:16.0309 5648 WebClient - ok
16:14:16.0394 5648 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:14:16.0412 5648 Wecsvc - ok
16:14:16.0488 5648 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:14:16.0503 5648 wercplsupport - ok
16:14:16.0534 5648 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:14:16.0540 5648 WerSvc - ok
16:14:16.0646 5648 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:14:16.0649 5648 WfpLwf - ok
16:14:16.0683 5648 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:14:16.0688 5648 WIMMount - ok
16:14:16.0759 5648 WinDefend - ok
16:14:16.0763 5648 WinHttpAutoProxySvc - ok
16:14:16.0891 5648 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:14:16.0909 5648 Winmgmt - ok
16:14:17.0115 5648 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:14:17.0211 5648 WinRM - ok
16:14:17.0515 5648 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:14:17.0548 5648 WinUsb - ok
16:14:17.0814 5648 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:14:17.0831 5648 Wlansvc - ok
16:14:18.0131 5648 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:14:18.0187 5648 wlcrasvc - ok
16:14:18.0956 5648 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:14:18.0991 5648 wlidsvc - ok
16:14:19.0451 5648 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:14:19.0454 5648 WmiAcpi - ok
16:14:19.0816 5648 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:14:19.0840 5648 wmiApSrv - ok
16:14:20.0526 5648 WMPNetworkSvc - ok
16:14:20.0562 5648 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:14:20.0567 5648 WPCSvc - ok
16:14:20.0608 5648 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:14:20.0636 5648 WPDBusEnum - ok
16:14:20.0671 5648 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:14:20.0675 5648 ws2ifsl - ok
16:14:20.0956 5648 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
16:14:20.0966 5648 wscsvc - ok
16:14:20.0978 5648 WSearch - ok
16:14:21.0372 5648 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
16:14:21.0413 5648 wuauserv - ok
16:14:21.0828 5648 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:14:21.0886 5648 WudfPf - ok
16:14:21.0920 5648 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:14:21.0951 5648 WUDFRd - ok
16:14:21.0990 5648 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:14:22.0016 5648 wudfsvc - ok
16:14:22.0080 5648 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:14:22.0087 5648 WwanSvc - ok
16:14:22.0301 5648 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
16:14:22.0366 5648 xusb21 - ok
16:14:22.0413 5648 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:14:22.0934 5648 \Device\Harddisk0\DR0 - ok
16:14:26.0740 5648 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
16:14:27.0037 5648 \Device\Harddisk1\DR1 - ok
16:14:27.0051 5648 Boot (0x1200) (2f3ab07905fc4f57c6dc8564331650ea) \Device\Harddisk0\DR0\Partition0
16:14:27.0053 5648 \Device\Harddisk0\DR0\Partition0 - ok
16:14:27.0105 5648 Boot (0x1200) (426da11feb63a9bc296356dfa5013e39) \Device\Harddisk0\DR0\Partition1
16:14:27.0109 5648 \Device\Harddisk0\DR0\Partition1 - ok
16:14:27.0115 5648 Boot (0x1200) (7f9c363c19b89ec08832e808e29be220) \Device\Harddisk1\DR1\Partition0
16:14:27.0118 5648 \Device\Harddisk1\DR1\Partition0 - ok
16:14:27.0121 5648 ============================================================
16:14:27.0121 5648 Scan finished
16:14:27.0121 5648 ============================================================
16:14:27.0141 6800 Detected object count: 0
16:14:27.0141 6800 Actual detected object count: 0


This is the result of the avast scan

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-03 15:31:14
-----------------------------
15:31:14.101 OS Version: Windows x64 6.1.7601 Service Pack 1
15:31:14.101 Number of processors: 4 586 0x2A07
15:31:14.102 ComputerName: KENNY-PC UserName: Kenny
15:31:15.208 Initialize success
15:33:50.362 AVAST engine defs: 12060301
15:34:37.570 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:34:37.575 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
15:34:37.583 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
15:34:37.587 Disk 1 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
15:34:37.606 Disk 0 MBR read successfully
15:34:37.611 Disk 0 MBR scan
15:34:37.622 Disk 0 Windows 7 default MBR code
15:34:37.629 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 16384 MB offset 2048
15:34:37.654 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 33556480
15:34:37.675 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 460454 MB offset 33761280
15:34:37.692 Disk 0 scanning C:\Windows\system32\drivers
15:34:47.209 Service scanning
15:35:18.822 Modules scanning
15:35:19.167 Disk 0 trace - called modules:
15:35:19.182 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:35:19.190 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009cc5060]
15:35:19.195 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007dfd050]
15:35:21.499 AVAST engine scan C:\Windows
15:35:25.054 AVAST engine scan C:\Windows\system32
15:40:43.418 AVAST engine scan C:\Windows\system32\drivers
15:40:55.933 AVAST engine scan C:\Users\Kenny
15:59:55.359 Disk 0 MBR has been saved successfully to "C:\Users\Kenny\Desktop\MBR.dat"
15:59:55.371 The log file has been saved successfully to "C:\Users\Kenny\Desktop\aswMBR.txt"

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:13 PM

Posted 04 June 2012 - 07:51 AM

Please run these tools and submit the logs

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

#9 RedSnow4

RedSnow4
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 05 June 2012 - 04:33 PM

I tried running Combofix and after the extraction, a pop up comes up saying that I shouldn't run Combofix in compatibility mode since it can damage the machine. I click ok since it is the only option and then nothing happens after. I checked and the compatibility settings for combo fix are not on

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:13 PM

Posted 06 June 2012 - 08:48 AM

Right click on the ComboFix.exe run it as an Administrator.

#11 RedSnow4

RedSnow4
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 08 June 2012 - 01:56 PM

I still get the same message when I run as admin

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:13 PM

Posted 08 June 2012 - 03:02 PM

  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===

#13 RedSnow4

RedSnow4
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 09 June 2012 - 08:58 AM

I get these two messages when I try running it as admin or just regular double click

Posted Image


Posted Image

Edited by RedSnow4, 09 June 2012 - 08:58 AM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:13 PM

Posted 10 June 2012 - 07:20 AM

Basically, I got a BSOD and as a result, I had to revalidate my windows 7.


Exactly what did you do here.
===

msscript.ocx

Browse to your command prompt shortcut via Start-->All Programs-->Accessories-->Command Prompt. Right click on that Command Prompt icon and choose to Run as administrator. Click Yes to tell UAC you really want to run it.

When the black window opens with your command prompt, type this in:

cd<push spacebar>C:\Windows\SysWOW64 <push Enter key>

The prompt should change to: C:\Windows\SysWOW64

Then type:

regsvr32<push spacebar>msscript.ocx <push Enter key>

If you get a Window that pops up and says, "DllRegisterServer in mscomctl.ocx succeeded" then click OK.

If still at the DOS prompt type EXIT hit the enter key.

Restart the computer normally.

Can you now run the OTL tool?

#15 RedSnow4

RedSnow4
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 10 June 2012 - 09:56 AM

It was a while ago so I don't remember the exact details.

But when I restarted my computer after the initial BSOD, a window came up saying I had to revalidate/activate windows 7 for it to be genuine. It said I needed the product key so I found that on the bottom of my laptop and I entered that in. It said that Windows verified the product key and everything seemed normal at the time.

When I enter everything in command prompt, I get this message:
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users