Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus disguised as flash player update


  • Please log in to reply
10 replies to this topic

#1 TheOverheater

TheOverheater

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 06 July 2012 - 05:12 PM

Hello everyone. Today, I was using google, and after reading an article in one of the search results, a security notice from windows 7 popped up saying that adobe flash player wanted to update. I pressed "no", and it came back up less than a second later. I finally gave in and let it do it's thing; and when it did, malewarebytes came up with a notice to quarentine a trojan. I did that, and checked the task manager. I saw an unfamiliar process running, and ended it. I then performed a full scan with Malewarebytes, and it found 7 items. It told me to restart my PC, so I did. When it came back on, I saw that an update to adobe flash was available, and all of my desktop icons were organized completely differently. I clicked on remind me later (as if I'd update flash after what I just encountered). Everything seems to be in order, but my computer feels a wee mite sluggish, and I'd like to be sure I got rid of everything. Here is the log for what was removed, maybe you guys could work off that? I can provide more info if needed. Again, I just would like your opinion(s) on if I have this all removed, if my computer is ok,an answer to the moved desktop icons if possible, and maybe a guide for the removal of this virus if it is still in my PC if any of you know what this virus is. All help is appreciated!

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.29.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: NICK2 [administrator]

Protection: Enabled

7/6/2012 4:04:36 PM
mbam-log-2012-07-06 (16-04-36).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 388834
Time elapsed: 48 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DATD6A0.tmp.exe (Trojan.FakeAlert) -> Data: C:\Users\User\AppData\Local\Temp\DATD6A0.tmp.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Users\User\AppData\Local\{a0c39018-6653-7865-a557-faa816a5f6c8}\n (Trojan.Sirefef) -> Quarantined and deleted successfully.
C:\Windows\Installer\{a0c39018-6653-7865-a557-faa816a5f6c8}\n (Trojan.Sirefef) -> Quarantined and deleted successfully.
C:\Windows\Installer\{a0c39018-6653-7865-a557-faa816a5f6c8}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\DATD6A0.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\str.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\drivers\str.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

(end)

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:00 PM

Posted 06 July 2012 - 08:07 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)



Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 TheOverheater

TheOverheater
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 07 July 2012 - 05:08 PM

Thanks for the quick reply! I appreciate your help. I see that tdsskiller didn't have to stop any malicious processes, I can only imagine that that is a good sign of the virus no longer being in my PC.

TDSSKILLER Log: 17:42:49.0255 9980 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
17:42:49.0584 9980 ============================================================
17:42:49.0584 9980 Current date / time: 2012/07/07 17:42:49.0584
17:42:49.0584 9980 SystemInfo:
17:42:49.0584 9980
17:42:49.0585 9980 OS Version: 6.1.7601 ServicePack: 1.0
17:42:49.0585 9980 Product type: Workstation
17:42:49.0585 9980 ComputerName: NICK2
17:42:49.0585 9980 UserName: User
17:42:49.0585 9980 Windows directory: C:\Windows
17:42:49.0585 9980 System windows directory: C:\Windows
17:42:49.0585 9980 Running under WOW64
17:42:49.0585 9980 Processor architecture: Intel x64
17:42:49.0585 9980 Number of processors: 8
17:42:49.0585 9980 Page size: 0x1000
17:42:49.0585 9980 Boot type: Normal boot
17:42:49.0585 9980 ============================================================
17:42:50.0407 9980 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:42:50.0412 9980 ============================================================
17:42:50.0412 9980 \Device\Harddisk0\DR0:
17:42:50.0413 9980 MBR partitions:
17:42:50.0413 9980 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
17:42:50.0413 9980 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x552A6800
17:42:50.0413 9980 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x5530A800, BlocksNum 0x2208000
17:42:50.0413 9980 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x57512800, BlocksNum 0x336F0
17:42:50.0413 9980 ============================================================
17:42:50.0436 9980 C: <-> \Device\Harddisk0\DR0\Partition1
17:42:50.0494 9980 D: <-> \Device\Harddisk0\DR0\Partition2
17:42:50.0494 9980 ============================================================
17:42:50.0494 9980 Initialize success
17:42:50.0494 9980 ============================================================
17:43:34.0625 1068 ============================================================
17:43:34.0625 1068 Scan started
17:43:34.0625 1068 Mode: Manual; TDLFS;
17:43:34.0625 1068 ============================================================
17:43:38.0137 1068 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:43:38.0150 1068 1394ohci - ok
17:43:38.0198 1068 Accelerometer (7a330a42870eb1fa81f88be514d2d566) C:\Windows\system32\DRIVERS\Accelerometer.sys
17:43:38.0206 1068 Accelerometer - ok
17:43:38.0320 1068 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:43:38.0334 1068 ACPI - ok
17:43:38.0381 1068 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:43:38.0386 1068 AcpiPmi - ok
17:43:38.0586 1068 Ad-Aware Service (09e61047b0cef21559cfcedf4f14d216) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
17:43:38.0616 1068 Ad-Aware Service - ok
17:43:38.0787 1068 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
17:43:38.0805 1068 adp94xx - ok
17:43:38.0860 1068 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
17:43:38.0873 1068 adpahci - ok
17:43:38.0906 1068 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
17:43:38.0914 1068 adpu320 - ok
17:43:38.0944 1068 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:43:38.0946 1068 AeLookupSvc - ok
17:43:39.0025 1068 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
17:43:39.0030 1068 AESTFilters - ok
17:43:39.0091 1068 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:43:39.0108 1068 AFD - ok
17:43:39.0137 1068 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:43:39.0142 1068 agp440 - ok
17:43:39.0185 1068 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:43:39.0191 1068 ALG - ok
17:43:39.0232 1068 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:43:39.0237 1068 aliide - ok
17:43:39.0300 1068 AMD External Events Utility (c53d784d7303c463d004c0d5782917b4) C:\Windows\system32\atiesrxx.exe
17:43:39.0811 1068 AMD External Events Utility - ok
17:43:39.0857 1068 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:43:39.0861 1068 amdide - ok
17:43:39.0881 1068 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
17:43:39.0890 1068 AmdK8 - ok
17:43:40.0511 1068 amdkmdag (06778049a44c316e8d016039b9d14667) C:\Windows\system32\DRIVERS\atikmdag.sys
17:43:41.0051 1068 amdkmdag - ok
17:43:41.0281 1068 amdkmdap (94b4028f0eea1f166d78186a254676b5) C:\Windows\system32\DRIVERS\atikmpag.sys
17:43:41.0432 1068 amdkmdap - ok
17:43:41.0454 1068 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
17:43:41.0457 1068 AmdPPM - ok
17:43:41.0489 1068 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:43:41.0493 1068 amdsata - ok
17:43:41.0520 1068 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
17:43:41.0525 1068 amdsbs - ok
17:43:41.0543 1068 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:43:41.0548 1068 amdxata - ok
17:43:41.0581 1068 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:43:41.0587 1068 AppID - ok
17:43:41.0605 1068 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:43:41.0608 1068 AppIDSvc - ok
17:43:41.0642 1068 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:43:41.0644 1068 Appinfo - ok
17:43:41.0681 1068 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
17:43:41.0688 1068 arc - ok
17:43:41.0712 1068 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
17:43:41.0718 1068 arcsas - ok
17:43:41.0816 1068 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:43:41.0820 1068 aspnet_state - ok
17:43:41.0848 1068 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:43:41.0851 1068 AsyncMac - ok
17:43:41.0869 1068 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:43:41.0872 1068 atapi - ok
17:43:41.0953 1068 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:43:41.0961 1068 AudioEndpointBuilder - ok
17:43:41.0967 1068 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:43:41.0972 1068 AudioSrv - ok
17:43:42.0009 1068 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:43:42.0013 1068 AxInstSV - ok
17:43:42.0075 1068 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
17:43:42.0092 1068 b06bdrv - ok
17:43:42.0140 1068 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:43:42.0151 1068 b57nd60a - ok
17:43:42.0272 1068 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
17:43:42.0308 1068 BCM43XX - ok
17:43:42.0432 1068 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:43:42.0440 1068 BDESVC - ok
17:43:42.0480 1068 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:43:42.0483 1068 Beep - ok
17:43:42.0520 1068 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
17:43:42.0524 1068 blbdrive - ok
17:43:42.0563 1068 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:43:42.0568 1068 bowser - ok
17:43:42.0590 1068 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
17:43:42.0594 1068 BrFiltLo - ok
17:43:42.0618 1068 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
17:43:42.0621 1068 BrFiltUp - ok
17:43:42.0681 1068 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:43:42.0685 1068 Browser - ok
17:43:42.0720 1068 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:43:42.0732 1068 Brserid - ok
17:43:42.0762 1068 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:43:42.0768 1068 BrSerWdm - ok
17:43:42.0783 1068 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:43:42.0786 1068 BrUsbMdm - ok
17:43:42.0789 1068 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:43:42.0792 1068 BrUsbSer - ok
17:43:42.0812 1068 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
17:43:42.0816 1068 BTHMODEM - ok
17:43:42.0849 1068 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:43:42.0854 1068 bthserv - ok
17:43:42.0899 1068 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:43:42.0906 1068 cdfs - ok
17:43:42.0950 1068 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:43:42.0966 1068 cdrom - ok
17:43:43.0006 1068 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:43:43.0007 1068 CertPropSvc - ok
17:43:43.0038 1068 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:43:43.0044 1068 circlass - ok
17:43:43.0098 1068 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:43:43.0102 1068 CLFS - ok
17:43:43.0174 1068 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:43:43.0181 1068 clr_optimization_v2.0.50727_32 - ok
17:43:43.0235 1068 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:43:43.0256 1068 clr_optimization_v2.0.50727_64 - ok
17:43:43.0328 1068 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:43:43.0381 1068 clr_optimization_v4.0.30319_32 - ok
17:43:43.0436 1068 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:43:43.0453 1068 clr_optimization_v4.0.30319_64 - ok
17:43:43.0507 1068 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
17:43:43.0513 1068 clwvd - ok
17:43:43.0539 1068 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
17:43:43.0541 1068 CmBatt - ok
17:43:43.0550 1068 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:43:43.0553 1068 cmdide - ok
17:43:43.0606 1068 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:43:43.0617 1068 CNG - ok
17:43:43.0644 1068 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
17:43:43.0647 1068 Compbatt - ok
17:43:43.0671 1068 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:43:43.0675 1068 CompositeBus - ok
17:43:43.0685 1068 COMSysApp - ok
17:43:43.0703 1068 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
17:43:43.0707 1068 crcdisk - ok
17:43:43.0749 1068 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
17:43:43.0751 1068 CryptSvc - ok
17:43:43.0915 1068 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:43:43.0935 1068 cvhsvc - ok
17:43:43.0968 1068 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
17:43:43.0989 1068 dc3d - ok
17:43:44.0054 1068 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:43:44.0095 1068 DcomLaunch - ok
17:43:44.0129 1068 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:43:44.0143 1068 defragsvc - ok
17:43:44.0185 1068 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:43:44.0193 1068 DfsC - ok
17:43:44.0282 1068 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:43:44.0285 1068 Dhcp - ok
17:43:44.0297 1068 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:43:44.0300 1068 discache - ok
17:43:44.0340 1068 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
17:43:44.0349 1068 Disk - ok
17:43:44.0423 1068 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:43:44.0428 1068 Dnscache - ok
17:43:44.0466 1068 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:43:44.0477 1068 dot3svc - ok
17:43:44.0497 1068 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:43:44.0499 1068 DPS - ok
17:43:44.0530 1068 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:43:44.0533 1068 drmkaud - ok
17:43:44.0607 1068 DXGKrnl (a4f408ad1065c7ad2ed332c68025b435) C:\Windows\System32\drivers\dxgkrnl.sys
17:43:44.0666 1068 DXGKrnl - ok
17:43:44.0745 1068 Dyyno Launcher (90fa588298a1e2212da273a5c276bbc6) C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe
17:43:45.0180 1068 Dyyno Launcher - ok
17:43:45.0318 1068 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:43:45.0320 1068 EapHost - ok
17:43:45.0571 1068 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
17:43:45.0640 1068 ebdrv - ok
17:43:45.0768 1068 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:43:45.0770 1068 EFS - ok
17:43:45.0859 1068 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:43:45.0865 1068 ehRecvr - ok
17:43:45.0884 1068 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:43:45.0886 1068 ehSched - ok
17:43:45.0962 1068 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
17:43:45.0973 1068 elxstor - ok
17:43:46.0004 1068 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:43:46.0007 1068 ErrDev - ok
17:43:46.0082 1068 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:43:46.0085 1068 EventSystem - ok
17:43:46.0267 1068 EvtEng (7ee9f35bc1dd0ce1a4976032f9ac5162) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
17:43:46.0310 1068 EvtEng - ok
17:43:46.0494 1068 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:43:46.0510 1068 exfat - ok
17:43:46.0525 1068 ezSharedSvc - ok
17:43:46.0558 1068 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:43:46.0563 1068 fastfat - ok
17:43:46.0637 1068 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:43:46.0643 1068 Fax - ok
17:43:46.0664 1068 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
17:43:46.0667 1068 fdc - ok
17:43:46.0696 1068 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:43:46.0698 1068 fdPHost - ok
17:43:46.0716 1068 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:43:46.0718 1068 FDResPub - ok
17:43:46.0752 1068 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:43:46.0756 1068 FileInfo - ok
17:43:46.0774 1068 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:43:46.0780 1068 Filetrace - ok
17:43:46.0802 1068 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
17:43:46.0809 1068 flpydisk - ok
17:43:46.0852 1068 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:43:46.0860 1068 FltMgr - ok
17:43:46.0944 1068 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:43:46.0965 1068 FontCache - ok
17:43:47.0029 1068 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:43:47.0033 1068 FontCache3.0.0.0 - ok
17:43:47.0122 1068 FPLService (6aa4e6b4ea50620ab622a048394c4aa2) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
17:43:47.0149 1068 FPLService - ok
17:43:47.0281 1068 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:43:47.0284 1068 FsDepends - ok
17:43:47.0426 1068 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
17:43:47.0432 1068 Fs_Rec - ok
17:43:47.0479 1068 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:43:47.0484 1068 fvevol - ok
17:43:47.0507 1068 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
17:43:47.0510 1068 gagp30kx - ok
17:43:47.0571 1068 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
17:43:47.0577 1068 GamesAppService - ok
17:43:47.0662 1068 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:43:47.0680 1068 gpsvc - ok
17:43:47.0709 1068 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:43:47.0711 1068 hcw85cir - ok
17:43:47.0761 1068 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:43:47.0771 1068 HdAudAddService - ok
17:43:47.0813 1068 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:43:47.0817 1068 HDAudBus - ok
17:43:47.0833 1068 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
17:43:47.0835 1068 HidBatt - ok
17:43:47.0849 1068 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
17:43:47.0853 1068 HidBth - ok
17:43:47.0891 1068 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
17:43:47.0895 1068 HidIr - ok
17:43:47.0924 1068 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
17:43:47.0925 1068 hidserv - ok
17:43:47.0969 1068 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:43:47.0975 1068 HidUsb - ok
17:43:48.0009 1068 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:43:48.0013 1068 hkmsvc - ok
17:43:48.0038 1068 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:43:48.0045 1068 HomeGroupListener - ok
17:43:48.0080 1068 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:43:48.0087 1068 HomeGroupProvider - ok
17:43:48.0199 1068 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
17:43:48.0218 1068 HP Support Assistant Service - ok
17:43:48.0285 1068 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
17:43:48.0291 1068 HPClientSvc - ok
17:43:48.0414 1068 hpCMSrv (e040f0064d39f73bb4995d494f3dcbb8) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
17:43:48.0458 1068 hpCMSrv - ok
17:43:48.0519 1068 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
17:43:48.0526 1068 HPDrvMntSvc.exe - ok
17:43:48.0698 1068 hpdskflt (a4be23c451adeb252cd17a0532cae220) C:\Windows\system32\DRIVERS\hpdskflt.sys
17:43:48.0704 1068 hpdskflt - ok
17:43:48.0822 1068 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
17:43:48.0827 1068 hpqcxs08 - ok
17:43:48.0851 1068 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
17:43:48.0858 1068 hpqddsvc - ok
17:43:48.0948 1068 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
17:43:48.0958 1068 hpqwmiex - ok
17:43:49.0120 1068 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:43:49.0124 1068 HpSAMD - ok
17:43:49.0208 1068 HPSLPSVC (7f57926169c1b8aba9274ea7d4b70f18) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
17:43:49.0215 1068 HPSLPSVC - ok
17:43:49.0337 1068 hpsrv (a88a45e82bc54bffb49c63973010226a) C:\Windows\system32\Hpservice.exe
17:43:49.0342 1068 hpsrv - ok
17:43:49.0419 1068 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
17:43:49.0425 1068 HPWMISVC - ok
17:43:49.0524 1068 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:43:49.0543 1068 HTTP - ok
17:43:49.0571 1068 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:43:49.0575 1068 hwpolicy - ok
17:43:49.0612 1068 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
17:43:49.0616 1068 i8042prt - ok
17:43:49.0669 1068 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys
17:43:49.0674 1068 iaStor - ok
17:43:49.0757 1068 IAStorDataMgrSvc (983fc69644ddf0486c8dfea262948d1a) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
17:43:49.0769 1068 IAStorDataMgrSvc - ok
17:43:49.0816 1068 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:43:49.0827 1068 iaStorV - ok
17:43:49.0949 1068 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:43:49.0957 1068 idsvc - ok
17:43:50.0084 1068 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
17:43:50.0090 1068 iirsp - ok
17:43:50.0194 1068 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:43:50.0208 1068 IKEEXT - ok
17:43:50.0248 1068 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\Windows\system32\drivers\intelaud.sys
17:43:50.0251 1068 intaud_WaveExtensible - ok
17:43:50.0294 1068 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
17:43:50.0307 1068 IntcDAud - ok
17:43:50.0332 1068 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:43:50.0336 1068 intelide - ok
17:43:51.0090 1068 intelkmd (33faa40b288002c89529dbd14f3ab72c) C:\Windows\system32\DRIVERS\igdpmd64.sys
17:43:51.0542 1068 intelkmd - ok
17:43:51.0711 1068 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:43:51.0723 1068 intelppm - ok
17:43:51.0746 1068 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:43:51.0751 1068 IPBusEnum - ok
17:43:51.0779 1068 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:43:51.0783 1068 IpFilterDriver - ok
17:43:51.0805 1068 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:43:51.0809 1068 IPMIDRV - ok
17:43:51.0827 1068 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:43:51.0831 1068 IPNAT - ok
17:43:51.0850 1068 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:43:51.0852 1068 IRENUM - ok
17:43:51.0889 1068 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:43:51.0895 1068 isapnp - ok
17:43:51.0925 1068 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:43:51.0934 1068 iScsiPrt - ok
17:43:51.0966 1068 iwdbus (716f66336f10885d935b08174dc54242) C:\Windows\system32\DRIVERS\iwdbus.sys
17:43:51.0969 1068 iwdbus - ok
17:43:51.0997 1068 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:43:52.0004 1068 kbdclass - ok
17:43:52.0030 1068 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
17:43:52.0041 1068 kbdhid - ok
17:43:52.0079 1068 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:43:52.0081 1068 KeyIso - ok
17:43:52.0095 1068 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:43:52.0100 1068 KSecDD - ok
17:43:52.0118 1068 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:43:52.0123 1068 KSecPkg - ok
17:43:52.0159 1068 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:43:52.0162 1068 ksthunk - ok
17:43:52.0228 1068 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:43:52.0249 1068 KtmRm - ok
17:43:52.0320 1068 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
17:43:52.0328 1068 LanmanServer - ok
17:43:52.0367 1068 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:43:52.0374 1068 LanmanWorkstation - ok
17:43:52.0434 1068 LEqdUsb (ed7ec050cd6c20e1a93a4dafb7efd14d) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
17:43:52.0457 1068 LEqdUsb - ok
17:43:52.0493 1068 LHidEqd (3267bc698e29474a8381e68904eb0390) C:\Windows\system32\DRIVERS\LHidEqd.Sys
17:43:52.0502 1068 LHidEqd - ok
17:43:52.0515 1068 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
17:43:52.0525 1068 LHidFilt - ok
17:43:52.0550 1068 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:43:52.0553 1068 lltdio - ok
17:43:52.0605 1068 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:43:52.0613 1068 lltdsvc - ok
17:43:52.0623 1068 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:43:52.0626 1068 lmhosts - ok
17:43:52.0635 1068 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
17:43:52.0643 1068 LMouFilt - ok
17:43:52.0744 1068 LMS (d7e0bed3ea21d7bddd410ade51708d90) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
17:43:52.0757 1068 LMS - ok
17:43:52.0799 1068 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
17:43:52.0805 1068 LSI_FC - ok
17:43:52.0814 1068 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
17:43:52.0818 1068 LSI_SAS - ok
17:43:52.0832 1068 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
17:43:52.0835 1068 LSI_SAS2 - ok
17:43:52.0866 1068 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
17:43:52.0870 1068 LSI_SCSI - ok
17:43:52.0899 1068 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:43:52.0903 1068 luafv - ok
17:43:52.0954 1068 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
17:43:53.0388 1068 MBAMProtector - ok
17:43:53.0510 1068 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:43:53.0519 1068 MBAMService - ok
17:43:53.0563 1068 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
17:43:53.0569 1068 McComponentHostService - ok
17:43:53.0604 1068 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:43:53.0609 1068 Mcx2Svc - ok
17:43:53.0627 1068 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
17:43:53.0630 1068 megasas - ok
17:43:53.0659 1068 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
17:43:53.0669 1068 MegaSR - ok
17:43:53.0706 1068 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
17:43:53.0709 1068 MEIx64 - ok
17:43:53.0737 1068 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:43:53.0738 1068 MMCSS - ok
17:43:53.0768 1068 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:43:53.0770 1068 Modem - ok
17:43:53.0794 1068 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:43:53.0797 1068 monitor - ok
17:43:53.0827 1068 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:43:53.0830 1068 mouclass - ok
17:43:53.0862 1068 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:43:53.0865 1068 mouhid - ok
17:43:53.0909 1068 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:43:53.0915 1068 mountmgr - ok
17:43:53.0942 1068 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:43:53.0949 1068 mpio - ok
17:43:53.0968 1068 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:43:53.0972 1068 mpsdrv - ok
17:43:53.0986 1068 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:43:53.0990 1068 MRxDAV - ok
17:43:54.0022 1068 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:43:54.0027 1068 mrxsmb - ok
17:43:54.0061 1068 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:43:54.0068 1068 mrxsmb10 - ok
17:43:54.0084 1068 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:43:54.0088 1068 mrxsmb20 - ok
17:43:54.0097 1068 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:43:54.0100 1068 msahci - ok
17:43:54.0124 1068 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:43:54.0129 1068 msdsm - ok
17:43:54.0166 1068 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:43:54.0171 1068 MSDTC - ok
17:43:54.0188 1068 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:43:54.0190 1068 Msfs - ok
17:43:54.0214 1068 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:43:54.0217 1068 mshidkmdf - ok
17:43:54.0242 1068 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:43:54.0244 1068 msisadrv - ok
17:43:54.0279 1068 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:43:54.0285 1068 MSiSCSI - ok
17:43:54.0288 1068 msiserver - ok
17:43:54.0311 1068 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:43:54.0316 1068 MSKSSRV - ok
17:43:54.0328 1068 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:43:54.0330 1068 MSPCLOCK - ok
17:43:54.0357 1068 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:43:54.0359 1068 MSPQM - ok
17:43:54.0394 1068 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:43:54.0420 1068 MsRPC - ok
17:43:54.0447 1068 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:43:54.0450 1068 mssmbios - ok
17:43:54.0492 1068 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:43:54.0495 1068 MSTEE - ok
17:43:54.0525 1068 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
17:43:54.0528 1068 MTConfig - ok
17:43:54.0547 1068 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:43:54.0550 1068 Mup - ok
17:43:54.0649 1068 MyWiFiDHCPDNS (0cf5580f27918ffd2e165ecafa734103) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
17:43:54.0656 1068 MyWiFiDHCPDNS - ok
17:43:54.0706 1068 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:43:54.0711 1068 napagent - ok
17:43:54.0762 1068 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:43:54.0770 1068 NativeWifiP - ok
17:43:54.0843 1068 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:43:54.0862 1068 NDIS - ok
17:43:54.0888 1068 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:43:54.0891 1068 NdisCap - ok
17:43:54.0924 1068 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:43:54.0927 1068 NdisTapi - ok
17:43:54.0945 1068 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:43:54.0951 1068 Ndisuio - ok
17:43:54.0974 1068 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:43:54.0979 1068 NdisWan - ok
17:43:55.0008 1068 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:43:55.0011 1068 NDProxy - ok
17:43:55.0051 1068 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
17:43:55.0054 1068 Net Driver HPZ12 - ok
17:43:55.0076 1068 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:43:55.0081 1068 NetBIOS - ok
17:43:55.0108 1068 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:43:55.0117 1068 NetBT - ok
17:43:55.0146 1068 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:43:55.0148 1068 Netlogon - ok
17:43:55.0193 1068 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:43:55.0196 1068 Netman - ok
17:43:55.0304 1068 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:43:55.0354 1068 NetMsmqActivator - ok
17:43:55.0369 1068 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:43:55.0371 1068 NetPipeActivator - ok
17:43:55.0416 1068 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:43:55.0421 1068 netprofm - ok
17:43:55.0424 1068 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:43:55.0425 1068 NetTcpActivator - ok
17:43:55.0428 1068 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:43:55.0430 1068 NetTcpPortSharing - ok
17:43:55.0925 1068 NETwNs64 (b9c587bdaa61a689883439d5ae6fe7f3) C:\Windows\system32\DRIVERS\NETwNs64.sys
17:43:56.0090 1068 NETwNs64 - ok
17:43:56.0251 1068 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
17:43:56.0255 1068 nfrd960 - ok
17:43:56.0292 1068 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:43:56.0296 1068 NlaSvc - ok
17:43:56.0322 1068 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:43:56.0326 1068 Npfs - ok
17:43:56.0350 1068 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:43:56.0352 1068 nsi - ok
17:43:56.0363 1068 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:43:56.0365 1068 nsiproxy - ok
17:43:56.0491 1068 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:43:56.0522 1068 Ntfs - ok
17:43:56.0652 1068 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:43:56.0655 1068 Null - ok
17:43:56.0703 1068 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
17:43:56.0707 1068 nusb3hub - ok
17:43:56.0727 1068 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
17:43:56.0733 1068 nusb3xhc - ok
17:43:56.0793 1068 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
17:43:56.0802 1068 NVENETFD - ok
17:43:56.0827 1068 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:43:56.0832 1068 nvraid - ok
17:43:56.0854 1068 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:43:56.0859 1068 nvstor - ok
17:43:56.0871 1068 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:43:56.0875 1068 nv_agp - ok
17:43:56.0904 1068 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:43:56.0908 1068 ohci1394 - ok
17:43:57.0033 1068 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:43:57.0037 1068 ose - ok
17:43:57.0417 1068 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:43:57.0456 1068 osppsvc - ok
17:43:57.0634 1068 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:43:57.0641 1068 p2pimsvc - ok
17:43:57.0736 1068 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:43:57.0748 1068 p2psvc - ok
17:43:57.0811 1068 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
17:43:57.0816 1068 Parport - ok
17:43:57.0856 1068 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:43:57.0860 1068 partmgr - ok
17:43:57.0899 1068 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:43:57.0902 1068 PcaSvc - ok
17:43:57.0926 1068 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:43:57.0930 1068 pci - ok
17:43:57.0946 1068 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:43:57.0949 1068 pciide - ok
17:43:57.0991 1068 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
17:43:57.0997 1068 pcmcia - ok
17:43:58.0011 1068 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:43:58.0015 1068 pcw - ok
17:43:58.0066 1068 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:43:58.0080 1068 PEAUTH - ok
17:43:58.0179 1068 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:43:58.0183 1068 PerfHost - ok
17:43:58.0345 1068 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:43:58.0377 1068 pla - ok
17:43:58.0573 1068 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:43:58.0579 1068 PlugPlay - ok
17:43:58.0633 1068 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
17:43:58.0637 1068 Pml Driver HPZ12 - ok
17:43:58.0661 1068 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:43:58.0666 1068 PNRPAutoReg - ok
17:43:58.0696 1068 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:43:58.0702 1068 PNRPsvc - ok
17:43:58.0755 1068 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
17:43:58.0767 1068 Point64 - ok
17:43:58.0817 1068 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:43:58.0826 1068 PolicyAgent - ok
17:43:58.0867 1068 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:43:58.0872 1068 Power - ok
17:43:58.0910 1068 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:43:58.0917 1068 PptpMiniport - ok
17:43:58.0929 1068 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
17:43:58.0933 1068 Processor - ok
17:43:58.0969 1068 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
17:43:58.0972 1068 ProfSvc - ok
17:43:58.0991 1068 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:43:58.0993 1068 ProtectedStorage - ok
17:43:59.0037 1068 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:43:59.0042 1068 Psched - ok
17:43:59.0142 1068 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
17:43:59.0169 1068 ql2300 - ok
17:43:59.0334 1068 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
17:43:59.0339 1068 ql40xx - ok
17:43:59.0377 1068 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:43:59.0384 1068 QWAVE - ok
17:43:59.0397 1068 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:43:59.0400 1068 QWAVEdrv - ok
17:43:59.0419 1068 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:43:59.0422 1068 RasAcd - ok
17:43:59.0451 1068 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:43:59.0455 1068 RasAgileVpn - ok
17:43:59.0485 1068 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:43:59.0490 1068 RasAuto - ok
17:43:59.0515 1068 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:43:59.0520 1068 Rasl2tp - ok
17:43:59.0564 1068 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:43:59.0569 1068 RasMan - ok
17:43:59.0592 1068 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:43:59.0595 1068 RasPppoe - ok
17:43:59.0628 1068 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:43:59.0632 1068 RasSstp - ok
17:43:59.0662 1068 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:43:59.0671 1068 rdbss - ok
17:43:59.0690 1068 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
17:43:59.0692 1068 rdpbus - ok
17:43:59.0714 1068 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:43:59.0717 1068 RDPCDD - ok
17:43:59.0735 1068 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:43:59.0737 1068 RDPENCDD - ok
17:43:59.0761 1068 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:43:59.0763 1068 RDPREFMP - ok
17:43:59.0809 1068 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
17:43:59.0816 1068 RDPWD - ok
17:43:59.0852 1068 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:43:59.0857 1068 rdyboost - ok
17:43:59.0993 1068 RegSrvc (aa9fd849c028ccb441a78061b57db734) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
17:44:00.0000 1068 RegSrvc - ok
17:44:00.0038 1068 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:44:00.0043 1068 RemoteAccess - ok
17:44:00.0084 1068 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:44:00.0089 1068 RemoteRegistry - ok
17:44:00.0167 1068 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
17:44:00.0172 1068 RoxioNow Service - ok
17:44:00.0198 1068 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:44:00.0201 1068 RpcEptMapper - ok
17:44:00.0223 1068 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:44:00.0227 1068 RpcLocator - ok
17:44:00.0272 1068 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:44:00.0278 1068 RpcSs - ok
17:44:00.0356 1068 RSPCIESTOR (d5c3e1629a3f7f0857d27949252b94ce) C:\Windows\system32\DRIVERS\RtsPStor.sys
17:44:00.0373 1068 RSPCIESTOR - ok
17:44:00.0411 1068 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:44:00.0416 1068 rspndr - ok
17:44:00.0503 1068 RTL8167 (ed5873f7dfb2f96d37f13322211b6bdc) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:44:00.0513 1068 RTL8167 - ok
17:44:00.0535 1068 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:44:00.0537 1068 SamSs - ok
17:44:00.0779 1068 SBAMSvc (bce943896289a91ad75cc5652620b1c6) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
17:44:00.0853 1068 SBAMSvc - ok
17:44:01.0011 1068 sbapifs (6e342316e72f4b6fa39c99e06373a1a3) C:\Windows\system32\DRIVERS\sbapifs.sys
17:44:01.0016 1068 sbapifs - ok
17:44:01.0058 1068 SbFw (19954328dda3d656f8a879b3a46ffed6) C:\Windows\system32\drivers\SbFw.sys
17:44:01.0065 1068 SbFw - ok
17:44:01.0108 1068 SBFWIMCL (513b3bfcd3c465b9820c2d05fa94e630) C:\Windows\system32\DRIVERS\sbfwim.sys
17:44:01.0111 1068 SBFWIMCL - ok
17:44:01.0115 1068 SBFWIMCLMP (513b3bfcd3c465b9820c2d05fa94e630) C:\Windows\system32\DRIVERS\SBFWIM.sys
17:44:01.0116 1068 SBFWIMCLMP - ok
17:44:01.0140 1068 sbhips (b671eef468d13016b9286f5835a06ae1) C:\Windows\system32\drivers\sbhips.sys
17:44:01.0143 1068 sbhips - ok
17:44:01.0176 1068 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:44:01.0181 1068 sbp2port - ok
17:44:01.0221 1068 SBRE (9aceb2a2362fc87a3825963e61ba9076) C:\Windows\system32\drivers\SBREdrv.sys
17:44:01.0224 1068 SBRE - ok
17:44:01.0257 1068 sbwtis (eab54adcceca64b2f38cd859fb494895) C:\Windows\system32\DRIVERS\sbwtis.sys
17:44:01.0259 1068 sbwtis - ok
17:44:01.0289 1068 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:44:01.0296 1068 SCardSvr - ok
17:44:01.0307 1068 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:44:01.0309 1068 scfilter - ok
17:44:01.0378 1068 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:44:01.0389 1068 Schedule - ok
17:44:01.0416 1068 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:44:01.0417 1068 SCPolicySvc - ok
17:44:01.0478 1068 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
17:44:01.0482 1068 sdbus - ok
17:44:01.0522 1068 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:44:01.0526 1068 SDRSVC - ok
17:44:01.0553 1068 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:44:01.0556 1068 secdrv - ok
17:44:01.0581 1068 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:44:01.0586 1068 seclogon - ok
17:44:01.0613 1068 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
17:44:01.0615 1068 SENS - ok
17:44:01.0650 1068 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:44:01.0654 1068 SensrSvc - ok
17:44:01.0669 1068 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
17:44:01.0672 1068 Serenum - ok
17:44:01.0687 1068 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
17:44:01.0691 1068 Serial - ok
17:44:01.0717 1068 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
17:44:01.0719 1068 sermouse - ok
17:44:01.0751 1068 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:44:01.0754 1068 SessionEnv - ok
17:44:01.0784 1068 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:44:01.0786 1068 sffdisk - ok
17:44:01.0790 1068 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:44:01.0793 1068 sffp_mmc - ok
17:44:01.0802 1068 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:44:01.0805 1068 sffp_sd - ok
17:44:01.0834 1068 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
17:44:01.0837 1068 sfloppy - ok
17:44:01.0923 1068 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
17:44:01.0938 1068 Sftfs - ok
17:44:02.0030 1068 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:44:02.0036 1068 sftlist - ok
17:44:02.0191 1068 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:44:02.0199 1068 Sftplay - ok
17:44:02.0210 1068 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:44:02.0213 1068 Sftredir - ok
17:44:02.0235 1068 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
17:44:02.0238 1068 Sftvol - ok
17:44:02.0275 1068 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:44:02.0281 1068 sftvsa - ok
17:44:02.0327 1068 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:44:02.0331 1068 ShellHWDetection - ok
17:44:02.0364 1068 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
17:44:02.0367 1068 SiSRaid2 - ok
17:44:02.0388 1068 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
17:44:02.0392 1068 SiSRaid4 - ok
17:44:02.0441 1068 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:44:02.0445 1068 Smb - ok
17:44:02.0478 1068 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:44:02.0482 1068 SNMPTRAP - ok
17:44:02.0498 1068 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:44:02.0501 1068 spldr - ok
17:44:02.0578 1068 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:44:02.0585 1068 Spooler - ok
17:44:02.0867 1068 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:44:02.0893 1068 sppsvc - ok
17:44:03.0023 1068 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:44:03.0028 1068 sppuinotify - ok
17:44:03.0107 1068 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:44:03.0119 1068 srv - ok
17:44:03.0159 1068 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:44:03.0169 1068 srv2 - ok
17:44:03.0215 1068 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
17:44:03.0222 1068 SrvHsfHDA - ok
17:44:03.0313 1068 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
17:44:03.0341 1068 SrvHsfV92 - ok
17:44:03.0521 1068 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
17:44:03.0537 1068 SrvHsfWinac - ok
17:44:03.0556 1068 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:44:03.0562 1068 srvnet - ok
17:44:03.0601 1068 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:44:03.0606 1068 SSDPSRV - ok
17:44:03.0622 1068 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:44:03.0626 1068 SstpSvc - ok
17:44:03.0712 1068 STacSV (86678c2f5081fea3517d78e92230b5ff) C:\Program Files\IDT\WDM\STacSV64.exe
17:44:03.0942 1068 STacSV - ok
17:44:04.0002 1068 Steam Client Service - ok
17:44:04.0017 1068 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
17:44:04.0019 1068 stexstor - ok
17:44:04.0075 1068 STHDA (74387b34b43f94e380608888c56a5ccd) C:\Windows\system32\DRIVERS\stwrt64.sys
17:44:04.0498 1068 STHDA - ok
17:44:04.0542 1068 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
17:44:04.0544 1068 StillCam - ok
17:44:04.0603 1068 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:44:04.0611 1068 stisvc - ok
17:44:04.0635 1068 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:44:04.0637 1068 swenum - ok
17:44:04.0693 1068 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:44:04.0707 1068 swprv - ok
17:44:04.0805 1068 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
17:44:04.0857 1068 SynTP - ok
17:44:05.0063 1068 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:44:05.0078 1068 SysMain - ok
17:44:05.0196 1068 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:44:05.0201 1068 TabletInputService - ok
17:44:05.0231 1068 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:44:05.0237 1068 TapiSrv - ok
17:44:05.0255 1068 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:44:05.0260 1068 TBS - ok
17:44:05.0422 1068 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
17:44:05.0456 1068 Tcpip - ok
17:44:05.0738 1068 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
17:44:05.0750 1068 TCPIP6 - ok
17:44:05.0890 1068 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:44:05.0895 1068 tcpipreg - ok
17:44:05.0909 1068 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:44:05.0912 1068 TDPIPE - ok
17:44:05.0936 1068 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:44:05.0939 1068 TDTCP - ok
17:44:05.0958 1068 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:44:05.0964 1068 tdx - ok
17:44:05.0998 1068 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:44:06.0001 1068 TermDD - ok
17:44:06.0081 1068 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:44:06.0087 1068 TermService - ok
17:44:06.0105 1068 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:44:06.0107 1068 Themes - ok
17:44:06.0136 1068 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:44:06.0138 1068 THREADORDER - ok
17:44:06.0170 1068 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:44:06.0173 1068 TrkWks - ok
17:44:06.0226 1068 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:44:06.0231 1068 TrustedInstaller - ok
17:44:06.0276 1068 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:44:06.0279 1068 tssecsrv - ok
17:44:06.0311 1068 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:44:06.0315 1068 TsUsbFlt - ok
17:44:06.0323 1068 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
17:44:06.0325 1068 TsUsbGD - ok
17:44:06.0395 1068 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:44:06.0399 1068 tunnel - ok
17:44:06.0427 1068 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
17:44:06.0431 1068 uagp35 - ok
17:44:06.0461 1068 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:44:06.0469 1068 udfs - ok
17:44:06.0494 1068 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:44:06.0498 1068 UI0Detect - ok
17:44:06.0511 1068 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:44:06.0515 1068 uliagpkx - ok
17:44:06.0547 1068 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
17:44:06.0550 1068 umbus - ok
17:44:06.0562 1068 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
17:44:06.0565 1068 UmPass - ok
17:44:06.0793 1068 UNS (a678e5ddd974903dd71f503bdcaca218) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
17:44:06.0863 1068 UNS - ok
17:44:06.0999 1068 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:44:07.0005 1068 upnphost - ok
17:44:07.0064 1068 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
17:44:07.0068 1068 usbaudio - ok
17:44:07.0102 1068 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:44:07.0106 1068 usbccgp - ok
17:44:07.0123 1068 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:44:07.0128 1068 usbcir - ok
17:44:07.0142 1068 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
17:44:07.0146 1068 usbehci - ok
17:44:07.0207 1068 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:44:07.0220 1068 usbhub - ok
17:44:07.0233 1068 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
17:44:07.0237 1068 usbohci - ok
17:44:07.0251 1068 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
17:44:07.0254 1068 usbprint - ok
17:44:07.0290 1068 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:44:07.0295 1068 USBSTOR - ok
17:44:07.0306 1068 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:44:07.0309 1068 usbuhci - ok
17:44:07.0340 1068 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
17:44:07.0346 1068 usbvideo - ok
17:44:07.0374 1068 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:44:07.0376 1068 UxSms - ok
17:44:07.0402 1068 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:44:07.0404 1068 VaultSvc - ok
17:44:07.0425 1068 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:44:07.0430 1068 vdrvroot - ok
17:44:07.0494 1068 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:44:07.0506 1068 vds - ok
17:44:07.0531 1068 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:44:07.0533 1068 vga - ok
17:44:07.0541 1068 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:44:07.0543 1068 VgaSave - ok
17:44:07.0568 1068 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:44:07.0574 1068 vhdmp - ok
17:44:07.0598 1068 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:44:07.0600 1068 viaide - ok
17:44:07.0627 1068 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:44:07.0632 1068 volmgr - ok
17:44:07.0668 1068 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:44:07.0675 1068 volmgrx - ok
17:44:07.0720 1068 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:44:07.0727 1068 volsnap - ok
17:44:07.0753 1068 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
17:44:07.0757 1068 vsmraid - ok
17:44:07.0870 1068 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:44:07.0899 1068 VSS - ok
17:44:08.0038 1068 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:44:08.0040 1068 vwifibus - ok
17:44:08.0061 1068 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:44:08.0065 1068 vwififlt - ok
17:44:08.0112 1068 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
17:44:08.0115 1068 vwifimp - ok
17:44:08.0173 1068 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:44:08.0177 1068 W32Time - ok
17:44:08.0194 1068 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
17:44:08.0198 1068 WacomPen - ok
17:44:08.0231 1068 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:44:08.0235 1068 WANARP - ok
17:44:08.0237 1068 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:44:08.0238 1068 Wanarpv6 - ok
17:44:08.0340 1068 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:44:08.0364 1068 WatAdminSvc - ok
17:44:08.0465 1068 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:44:08.0493 1068 wbengine - ok
17:44:08.0633 1068 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:44:08.0638 1068 WbioSrvc - ok
17:44:08.0671 1068 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:44:08.0681 1068 wcncsvc - ok
17:44:08.0711 1068 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:44:08.0716 1068 WcsPlugInService - ok
17:44:08.0771 1068 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
17:44:08.0774 1068 Wd - ok
17:44:08.0822 1068 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:44:08.0837 1068 Wdf01000 - ok
17:44:08.0869 1068 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:44:08.0871 1068 WdiServiceHost - ok
17:44:08.0874 1068 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:44:08.0876 1068 WdiSystemHost - ok
17:44:08.0907 1068 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:44:08.0915 1068 WebClient - ok
17:44:08.0936 1068 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:44:08.0943 1068 Wecsvc - ok
17:44:08.0967 1068 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:44:08.0970 1068 wercplsupport - ok
17:44:08.0995 1068 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:44:08.0998 1068 WerSvc - ok
17:44:09.0056 1068 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:44:09.0058 1068 WfpLwf - ok
17:44:09.0068 1068 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:44:09.0071 1068 WIMMount - ok
17:44:09.0076 1068 WinHttpAutoProxySvc - ok
17:44:09.0136 1068 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:44:09.0142 1068 Winmgmt - ok
17:44:09.0290 1068 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:44:09.0335 1068 WinRM - ok
17:44:09.0499 1068 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
17:44:09.0502 1068 WinUsb - ok
17:44:09.0569 1068 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:44:09.0579 1068 Wlansvc - ok
17:44:09.0625 1068 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:44:09.0630 1068 wlcrasvc - ok
17:44:09.0830 1068 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:44:09.0869 1068 wlidsvc - ok
17:44:10.0028 1068 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:44:10.0031 1068 WmiAcpi - ok
17:44:10.0093 1068 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:44:10.0100 1068 wmiApSrv - ok
17:44:10.0148 1068 WMPNetworkSvc - ok
17:44:10.0174 1068 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:44:10.0179 1068 WPCSvc - ok
17:44:10.0199 1068 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:44:10.0205 1068 WPDBusEnum - ok
17:44:10.0223 1068 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:44:10.0225 1068 ws2ifsl - ok
17:44:10.0229 1068 WSearch - ok
17:44:10.0259 1068 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:44:10.0266 1068 WudfPf - ok
17:44:10.0285 1068 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:44:10.0291 1068 WUDFRd - ok
17:44:10.0323 1068 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:44:10.0328 1068 wudfsvc - ok
17:44:10.0355 1068 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:44:10.0363 1068 WwanSvc - ok
17:44:10.0423 1068 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:44:10.0757 1068 \Device\Harddisk0\DR0 - ok
17:44:10.0766 1068 Boot (0x1200) (cfe4479ff3ba558fcecd645d9e1fbb14) \Device\Harddisk0\DR0\Partition0
17:44:10.0768 1068 \Device\Harddisk0\DR0\Partition0 - ok
17:44:10.0779 1068 Boot (0x1200) (2e81555cacb1499e3ff454d07fa2a996) \Device\Harddisk0\DR0\Partition1
17:44:10.0781 1068 \Device\Harddisk0\DR0\Partition1 - ok
17:44:10.0807 1068 Boot (0x1200) (3484518e9d045482b26ee3e242b970f1) \Device\Harddisk0\DR0\Partition2
17:44:10.0809 1068 \Device\Harddisk0\DR0\Partition2 - ok
17:44:10.0830 1068 Boot (0x1200) (7c0a3c720744a5478f4cbf71bd459add) \Device\Harddisk0\DR0\Partition3
17:44:10.0831 1068 \Device\Harddisk0\DR0\Partition3 - ok
17:44:10.0831 1068 ============================================================
17:44:10.0831 1068 Scan finished
17:44:10.0831 1068 ============================================================
17:44:10.0841 7148 Detected object count: 0
17:44:10.0841 7148 Actual detected object count: 0
17:44:30.0618 3136 Deinitialize success



aswMBR Log: aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-07 17:49:40
-----------------------------
17:49:40.795 OS Version: Windows x64 6.1.7601 Service Pack 1
17:49:40.796 Number of processors: 8 586 0x2A07
17:49:40.796 ComputerName: NICK2 UserName: User
17:49:42.643 Initialize success
17:50:37.593 AVAST engine defs: 12070701
17:50:48.026 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:50:48.031 Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3
17:50:48.043 Disk 0 MBR read successfully
17:50:48.048 Disk 0 MBR scan
17:50:48.058 Disk 0 Windows 7 default MBR code
17:50:48.064 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
17:50:48.086 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 697677 MB offset 409600
17:50:48.115 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17424 MB offset 1429252096
17:50:48.137 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 102 MB offset 1464936448
17:50:48.186 Disk 0 scanning C:\Windows\system32\drivers
17:50:58.815 Service scanning
17:51:34.254 Modules scanning
17:51:34.262 Disk 0 trace - called modules:
17:51:34.301 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
17:51:34.306 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006bae790]
17:51:34.312 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8006abcb10]
17:51:34.317 5 hpdskflt.sys[fffff88001bdf361] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80068d7050]
17:51:35.985 AVAST engine scan C:\Windows
17:51:39.419 AVAST engine scan C:\Windows\system32
17:55:33.448 AVAST engine scan C:\Windows\system32\drivers
17:55:45.593 AVAST engine scan C:\Users\User
18:00:29.814 AVAST engine scan C:\ProgramData
18:01:59.415 Scan finished successfully
18:02:10.146 Disk 0 MBR has been saved successfully to "C:\Users\User\Documents\MBR.dat"
18:02:10.151 The log file has been saved successfully to "C:\Users\User\Documents\aswMBR.txt"


Thanks again!

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:00 PM

Posted 07 July 2012 - 05:16 PM

ESET log?

#5 TheOverheater

TheOverheater
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 07 July 2012 - 09:04 PM

My apologies, I forgot that. It found one item, don't know if it deleted it or not (I told it to delete all quarantined items.) Here's the log.



C:\Windows\Installer\{a0c39018-6653-7865-a557-faa816a5f6c8}\U\80000000.@ Win64/Sirefef.AL trojan cleaned by deleting - quarantined

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:00 PM

Posted 08 July 2012 - 01:24 AM

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe
:folderfind
{a0c39018-6653-7865-a557-faa816a5f6c8}

Click on LOOK,post the generated log

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#7 TheOverheater

TheOverheater
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 08 July 2012 - 02:17 PM

Here's the systemlook log.

SystemLook 30.07.11 by jpshortstuff
Log created at 15:11 on 08/07/2012 by User
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 014A9CB92514E27C0107614DF764BC06
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== folderfind ==========

Searching for "{a0c39018-6653-7865-a557-faa816a5f6c8}"
C:\Documents and Settings\User\AppData\Local\{a0c39018-6653-7865-a557-faa816a5f6c8} d--hs-- [19:05 05/03/2012]
C:\Users\User\AppData\Local\{a0c39018-6653-7865-a557-faa816a5f6c8} d--hs-- [19:05 05/03/2012]
C:\Windows\Installer\{a0c39018-6653-7865-a557-faa816a5f6c8} d--hs-- [19:05 05/03/2012]

-= EOF =-



I'm gonna scan with malewarebytes now

#8 TheOverheater

TheOverheater
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 08 July 2012 - 03:44 PM

Well, it didn't find anything on a full scan. However, seeing as I have Malewarebytes Pro, it detected something trying to activate its self on my pc during the scan. I appreciate all the time you are putting in!

EDIT: Just did a qickscan, found 1 object. Files Detected: 1
C:\Windows\Installer\{a0c39018-6653-7865-a557-faa816a5f6c8}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully. I've deleted this before, but it seems to come back, I think.
EDIT 2: Found the same file again, I don't know if it's just coming back, or if it's not being deleted. The file has been narrowed down to the Rootkit.0Access file located in my C:\Windows\Installer Folder. Do you know how to remove this? Luckily, seeing as it is being contained by Malewarebytes, it can't do any damage, but it can't be removed.

Edited by TheOverheater, 08 July 2012 - 05:20 PM.


#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:00 PM

Posted 08 July 2012 - 10:59 PM

Restart the PC

Open your C drive

On top,click on Organize-folder and search options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files


Click ok,now go to

C:\Documents and Settings\User\AppData\Local\{a0c39018-6653-7865-a557-faa816a5f6c8}
C:\Users\User\AppData\Local\{a0c39018-6653-7865-a557-faa816a5f6c8}
C:\Windows\Installer\{a0c39018-6653-7865-a557-faa816a5f6c8}

delete the folders


Press Windows+R key and type

notepad and click ok

copy this script and paste in notepad
@echo off
cd c:\windows\system32
takeown /a /f services.exe
cacls services.exe /g administrators:f
ren services.exe services.exe.old
COPY /Y C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\WINDOWS\system32
DEL %0

Click on FILE>> save as

filename:sevices.bat
Save as type:All types

Now right click on the services.bat file and select run as administrator and run it,click Y and press ENTER

Post the new system look log

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

#10 TheOverheater

TheOverheater
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 09 July 2012 - 01:29 PM

I've run into a couple problems here, there appears to be no folder in C:\Users\User\AppData\Local\{a0c39018-6653-7865-a557-faa816a5f6c8}, but it is in the other two locations, I was able to delete the one in C:\Documents and Settings\User\AppData\Local, but the one in C:\Windows\Installer\{a0c39018-6653-7865-a557-faa816a5f6c8} gives me the message saying "this program is already in use, close the program and click try again" I can't even delete it in safe mode. Could you help me out on this?

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:00 PM

Posted 09 July 2012 - 10:28 PM

Run MBAM once again,remove it,restart the PC and delete the folder.If you still have issues we have other ways to delete it :thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users