Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with trojan.0access.


  • This topic is locked This topic is locked
30 replies to this topic

#1 dgore37

dgore37

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 18 August 2012 - 11:53 AM

A few days ago a flash player update appeared on my girlfriend's laptop that would not go away. I ran MBAM and it detected several infected objects. I selected each item and attempted to remove them with MBAM but the Trojan.0access remained after rebooting the pc. I followed the Preparation guide posted on this forum to collect DDS and GMER logs for this computer, but i found i was unable to activate or in any way alter the windows firewall. I have attached the attach and ark files as directed. Thank you for your help :)

Here is the DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_22
Run by Jeanne at 9:51:44 on 2012-08-18
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3262.2583 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [clpcpi] "c:\windows\system32\rundll32.exe" "c:\users\jeanne\appdata\roaming\clpcpi.dll",_Contains
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [hpqSRMon]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "D:\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vongot~1.lnk - c:\windows\installer\{8c3ae2d1-854d-4650-a73d-c7cc7ee36b80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{3CDC75F1-22DD-4F6A-949C-89E953DDB26D} : DhcpNameServer = 10.0.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jeanne\appdata\roaming\mozilla\firefox\profiles\7cja0yx7.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\jeanne\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\jeanne\appdata\roaming\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\users\jeanne\appdata\roaming\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\users\jeanne\appdata\roaming\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\jeanne\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\jeanne\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: search.clsid - {A782A111-3A4F-479B-887D-9FCD4CDF5227}
FF - user.js: search.sid - 15001053100
FF - user.js: extensions.newAddons - false
============= SERVICES / DRIVERS ===============
.
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-11 250056]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120]
.
=============== Created Last 30 ================
.
2012-08-16 12:56:44 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{87f7ae02-0f75-4588-8328-dd8aa23621f9}\mpengine.dll
2012-08-09 15:15:11 -------- d-----w- c:\users\jeanne\appdata\local\{FF8561DC-E234-11E1-8270-B8AC6F996F26}
2012-08-09 15:15:08 433152 ----a-w- c:\users\jeanne\appdata\roaming\clpcpi.dll
.
==================== Find3M ====================
.
2012-08-18 02:34:46 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-18 02:34:46 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-31 16:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 9:53:29.66 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:47 AM

Posted 20 August 2012 - 03:20 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 dgore37

dgore37
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 20 August 2012 - 09:56 AM

Thank you for your response Gringo. I've done as you requested and security check went smoothly, but I am having some troubles with combofix. I have never used it before and I'm unsure if I am doing something wrong. The first time i ran it nothing happened after that it was stopped halfway. The last time I ran it windows gave popped up a window saying it disabled a program trying to alter files.

Other things that may be important:
-I could not disable windows defender or windows firewall because I have no access to either
-I currently have defogger running as instructed in the preparation thread

Here is my security check log:
Results of screen317's Security Check version 0.99.46

Windows Vista x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 22
Java™ 6 Update 2
Java version out of Date!
Adobe Flash Player 11.3.300.271
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbam.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 8 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

#4 dgore37

dgore37
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 20 August 2012 - 10:01 AM

Also the message said Data Execution Prevention was what stopped combofix should i entirely disable this or just for the combofix?

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:47 AM

Posted 20 August 2012 - 10:56 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 dgore37

dgore37
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 20 August 2012 - 03:45 PM

Hello again Gringo,

Here is the tdsskiller log:

15:31:10.0108 7560 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
15:31:10.0794 7560 ============================================================
15:31:10.0794 7560 Current date / time: 2012/08/20 15:31:10.0794
15:31:10.0794 7560 SystemInfo:
15:31:10.0794 7560
15:31:10.0794 7560 OS Version: 6.0.6000 ServicePack: 0.0
15:31:10.0794 7560 Product type: Workstation
15:31:10.0794 7560 ComputerName: JEANNE-PC
15:31:10.0810 7560 UserName: Jeanne
15:31:10.0810 7560 Windows directory: C:\Windows
15:31:10.0810 7560 System windows directory: C:\Windows
15:31:10.0810 7560 Processor architecture: Intel x86
15:31:10.0810 7560 Number of processors: 2
15:31:10.0810 7560 Page size: 0x1000
15:31:10.0810 7560 Boot type: Normal boot
15:31:10.0810 7560 ============================================================
15:31:12.0698 7560 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:31:12.0698 7560 ============================================================
15:31:12.0698 7560 \Device\Harddisk0\DR0:
15:31:12.0854 7560 MBR partitions:
15:31:12.0854 7560 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A8AD31
15:31:12.0854 7560 ============================================================
15:31:13.0150 7560 C: <-> \Device\Harddisk0\DR0\Partition1
15:31:13.0150 7560 ============================================================
15:31:13.0150 7560 Initialize success
15:31:13.0150 7560 ============================================================
15:31:19.0842 8992 ============================================================
15:31:19.0842 8992 Scan started
15:31:19.0842 8992 Mode: Manual;
15:31:19.0842 8992 ============================================================
15:31:22.0385 8992 ================ Scan system memory ========================
15:31:22.0385 8992 System memory - ok
15:31:22.0385 8992 ================ Scan services =============================
15:31:22.0619 8992 [ 84FC6DF81212D16BE5C4F441682FECCC ] ACPI C:\Windows\system32\drivers\acpi.sys
15:31:22.0619 8992 ACPI - ok
15:31:22.0853 8992 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:31:22.0853 8992 AdobeFlashPlayerUpdateSvc - ok
15:31:22.0916 8992 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:31:22.0931 8992 adp94xx - ok
15:31:22.0978 8992 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:31:22.0994 8992 adpahci - ok
15:31:23.0040 8992 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
15:31:23.0040 8992 adpu160m - ok
15:31:23.0087 8992 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:31:23.0087 8992 adpu320 - ok
15:31:23.0150 8992 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:31:23.0165 8992 AeLookupSvc - ok
15:31:23.0196 8992 [ 5D24CAF8EFD924A875698FF28384DB8B ] AFD C:\Windows\system32\drivers\afd.sys
15:31:23.0212 8992 AFD - ok
15:31:23.0243 8992 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:31:23.0243 8992 agp440 - ok
15:31:23.0290 8992 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
15:31:23.0306 8992 aic78xx - ok
15:31:23.0321 8992 [ E69FB0E3112C40FDC0EF7D21A52DC951 ] ALG C:\Windows\System32\alg.exe
15:31:23.0321 8992 ALG - ok
15:31:23.0368 8992 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
15:31:23.0368 8992 aliide - ok
15:31:23.0399 8992 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
15:31:23.0399 8992 amdagp - ok
15:31:23.0430 8992 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
15:31:23.0430 8992 amdide - ok
15:31:23.0462 8992 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
15:31:23.0462 8992 AmdK7 - ok
15:31:23.0508 8992 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:31:23.0508 8992 AmdK8 - ok
15:31:23.0555 8992 [ EDBD73CCF2EF7DE8BD119036D85D1487 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
15:31:23.0555 8992 ApfiltrService - ok
15:31:23.0618 8992 [ CFA455816879F06F1C4E5BBF9E8AEF7D ] Appinfo C:\Windows\System32\appinfo.dll
15:31:23.0618 8992 Appinfo - ok
15:31:23.0789 8992 [ 4B5AE15E5C73EB4DC8DBEC2788230D41 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
15:31:23.0789 8992 Apple Mobile Device - ok
15:31:23.0852 8992 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
15:31:23.0852 8992 arc - ok
15:31:23.0898 8992 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:31:23.0914 8992 arcsas - ok
15:31:23.0961 8992 [ E86CF7CE67D5DE898F27EF884DC357D8 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:31:23.0961 8992 AsyncMac - ok
15:31:24.0008 8992 [ B35CFCEF838382AB6490B321C87EDF17 ] atapi C:\Windows\system32\drivers\atapi.sys
15:31:24.0008 8992 atapi - ok
15:31:24.0070 8992 [ E760FC1BD68F7F6F1B17EB4E8D9480B0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:31:24.0086 8992 AudioEndpointBuilder - ok
15:31:24.0117 8992 [ E760FC1BD68F7F6F1B17EB4E8D9480B0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
15:31:24.0132 8992 Audiosrv - ok
15:31:24.0226 8992 [ 58DA4A879DAEDC2EF91C0694415417D9 ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl6.sys
15:31:24.0257 8992 BCM43XV - ok
15:31:24.0351 8992 [ 58DA4A879DAEDC2EF91C0694415417D9 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
15:31:24.0366 8992 BCM43XX - ok
15:31:24.0398 8992 [ AC3DD1708B22761EBD7CBE14DCC3B5D7 ] Beep C:\Windows\system32\drivers\Beep.sys
15:31:24.0398 8992 Beep - ok
15:31:24.0444 8992 [ 98EBDFFB824A7C265337D68DD480E45C ] BFE C:\Windows\System32\bfe.dll
15:31:24.0460 8992 BFE - ok
15:31:24.0491 8992 blbdrive - ok
15:31:24.0538 8992 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:31:24.0569 8992 Bonjour Service - ok
15:31:24.0600 8992 [ 913CD06FBE9105CE6077E90FD4418561 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:31:24.0600 8992 bowser - ok
15:31:24.0663 8992 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
15:31:24.0663 8992 BrFiltLo - ok
15:31:24.0678 8992 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
15:31:24.0694 8992 BrFiltUp - ok
15:31:24.0725 8992 [ BEB6470532B7461D7BB426E3FACB424F ] Browser C:\Windows\System32\browser.dll
15:31:24.0741 8992 Browser - ok
15:31:24.0772 8992 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
15:31:24.0788 8992 Brserid - ok
15:31:24.0803 8992 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
15:31:24.0819 8992 BrSerWdm - ok
15:31:24.0850 8992 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
15:31:24.0850 8992 BrUsbMdm - ok
15:31:24.0897 8992 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
15:31:24.0912 8992 BrUsbSer - ok
15:31:24.0944 8992 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:31:24.0944 8992 BTHMODEM - ok
15:31:24.0975 8992 [ 6C3A437FC873C6F6A4FC620B6888CB86 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:31:24.0975 8992 cdfs - ok
15:31:25.0006 8992 [ 8D1866E61AF096AE8B582454F5E4D303 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:31:25.0006 8992 cdrom - ok
15:31:25.0053 8992 [ 0600E04315FE543802A379D5D23C8BE0 ] CertPropSvc C:\Windows\System32\certprop.dll
15:31:25.0053 8992 CertPropSvc - ok
15:31:25.0084 8992 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
15:31:25.0100 8992 circlass - ok
15:31:25.0146 8992 [ 1B84FD0937D3B99AF9BA38DDFF3DAF54 ] CLFS C:\Windows\system32\CLFS.sys
15:31:25.0162 8992 CLFS - ok
15:31:25.0287 8992 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:31:25.0287 8992 clr_optimization_v2.0.50727_32 - ok
15:31:25.0349 8992 [ ED97AD3DF1B9005989EAF149BF06C821 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:31:25.0349 8992 CmBatt - ok
15:31:25.0396 8992 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:31:25.0396 8992 cmdide - ok
15:31:25.0536 8992 [ D8774ACE03B46C9B01A49818055F9AD4 ] Com4Qlb C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
15:31:25.0536 8992 Com4Qlb - ok
15:31:25.0568 8992 [ 722936AFB75A7F509662B69B5632F48A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:31:25.0583 8992 Compbatt - ok
15:31:25.0614 8992 COMSysApp - ok
15:31:25.0646 8992 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:31:25.0646 8992 crcdisk - ok
15:31:25.0692 8992 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
15:31:25.0692 8992 Crusoe - ok
15:31:25.0755 8992 [ 1C26FB097170A2A91066D1E3A24366E3 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:31:25.0770 8992 CryptSvc - ok
15:31:25.0848 8992 [ 7B981222A257D076885BFFB66F19B7CE ] DcomLaunch C:\Windows\system32\rpcss.dll
15:31:25.0880 8992 DcomLaunch - ok
15:31:25.0911 8992 [ A7179DE59AE269AB70345527894CCD7C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:31:25.0911 8992 DfsC - ok
15:31:26.0082 8992 [ E0D584AA76C7D845BA9F3A788260528F ] DFSR C:\Windows\system32\DFSR.exe
15:31:26.0129 8992 DFSR - ok
15:31:26.0192 8992 [ DC45739BC22D528D2B3E50D3F6761750 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
15:31:26.0207 8992 Dhcp - ok
15:31:26.0254 8992 [ 841AF4C4D41D3E3B2F244E976B0F7963 ] disk C:\Windows\system32\drivers\disk.sys
15:31:26.0270 8992 disk - ok
15:31:26.0332 8992 [ EECBA1DD142BF8693C476BE8F32FE253 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:31:26.0348 8992 Dnscache - ok
15:31:26.0379 8992 [ 1F795D214820E496BF1124434A6DB546 ] dot3svc C:\Windows\System32\dot3svc.dll
15:31:26.0394 8992 dot3svc - ok
15:31:26.0457 8992 [ 032C90AD677BF7B7A8013D6087C7A921 ] DPS C:\Windows\system32\dps.dll
15:31:26.0457 8992 DPS - ok
15:31:26.0488 8992 [ EE472CD2C01F6F8E8AA1FA06FFEF61B6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:31:26.0488 8992 drmkaud - ok
15:31:26.0660 8992 [ 334988883DE69ADB27E2CF9F9715BBDB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:31:26.0675 8992 DXGKrnl - ok
15:31:26.0722 8992 [ C0B00E55CF82D122D25983C7A6A53DEA ] E100B C:\Windows\system32\DRIVERS\e100b325.sys
15:31:26.0722 8992 E100B - ok
15:31:26.0769 8992 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
15:31:26.0769 8992 E1G60 - ok
15:31:26.0862 8992 [ 90A0A875642E18618010645311B4E89E ] EapHost C:\Windows\System32\eapsvc.dll
15:31:26.0862 8992 EapHost - ok
15:31:26.0909 8992 [ 0EFC7531B936EE57FDB4E837664C509F ] Ecache C:\Windows\system32\drivers\ecache.sys
15:31:26.0909 8992 Ecache - ok
15:31:26.0987 8992 [ B4580122B0A7B263B6EE9ACBA69C8013 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:31:27.0003 8992 ehRecvr - ok
15:31:27.0018 8992 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
15:31:27.0034 8992 ehSched - ok
15:31:27.0050 8992 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
15:31:27.0065 8992 ehstart - ok
15:31:27.0112 8992 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:31:27.0128 8992 elxstor - ok
15:31:27.0190 8992 [ 3226FDA08988526E819E364E8CCE4CEE ] EMDMgmt C:\Windows\system32\emdmgmt.dll
15:31:27.0206 8992 EMDMgmt - ok
15:31:27.0268 8992 [ 7B4971C3D43525175A4EA0D143E0412E ] EventSystem C:\Windows\system32\es.dll
15:31:27.0284 8992 EventSystem - ok
15:31:27.0330 8992 [ 84A317CB0B3954D3768CDCD018DBF670 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:31:27.0346 8992 fastfat - ok
15:31:27.0377 8992 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:31:27.0393 8992 fdc - ok
15:31:27.0424 8992 [ E43BCE1A77D6FD4ED5F8E0482B9E7DF1 ] fdPHost C:\Windows\system32\fdPHost.dll
15:31:27.0424 8992 fdPHost - ok
15:31:27.0471 8992 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
15:31:27.0471 8992 FDResPub - ok
15:31:27.0502 8992 [ 65773D6115C037FFD7EF8280AE85EB9D ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:31:27.0502 8992 FileInfo - ok
15:31:27.0533 8992 [ C226DD0DE060745F3E042F58DCF78402 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:31:27.0533 8992 Filetrace - ok
15:31:27.0564 8992 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:31:27.0564 8992 flpydisk - ok
15:31:27.0596 8992 [ A6A8DA7AE4D53394AB22AC3AB6D3F5D3 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:31:27.0596 8992 FltMgr - ok
15:31:27.0674 8992 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:31:27.0674 8992 FontCache3.0.0.0 - ok
15:31:27.0736 8992 [ 66A078591208BAA210C7634B11EB392C ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:31:27.0736 8992 Fs_Rec - ok
15:31:27.0767 8992 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:31:27.0767 8992 gagp30kx - ok
15:31:27.0830 8992 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:31:27.0830 8992 GEARAspiWDM - ok
15:31:27.0923 8992 [ BCF6589C42D8F6A20F33EF133FFE0524 ] gpsvc C:\Windows\System32\gpsvc.dll
15:31:27.0939 8992 gpsvc - ok
15:31:28.0001 8992 [ 4487DA7BD384CAAFA0C620B19FEA540A ] HdAudAddService C:\Windows\system32\drivers\CHDART.sys
15:31:28.0017 8992 HdAudAddService - ok
15:31:28.0032 8992 [ 0DB613A7E427B5663563677796FD5258 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:31:28.0032 8992 HDAudBus - ok
15:31:28.0064 8992 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:31:28.0064 8992 HidBth - ok
15:31:28.0095 8992 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
15:31:28.0095 8992 HidIr - ok
15:31:28.0142 8992 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\System32\hidserv.dll
15:31:28.0157 8992 hidserv - ok
15:31:28.0188 8992 [ 3C64042B95E583B366BA4E5D2450235E ] HidUsb C:\Windows\system32\drivers\hidusb.sys
15:31:28.0188 8992 HidUsb - ok
15:31:28.0235 8992 [ D40AA05E29BF6ED29B139F044B461E9B ] hkmsvc C:\Windows\system32\kmsvc.dll
15:31:28.0251 8992 hkmsvc - ok
15:31:28.0298 8992 [ 0D26C438E2938A3E6BDD91173BC96FF0 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
15:31:28.0298 8992 HP Health Check Service - ok
15:31:28.0344 8992 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
15:31:28.0360 8992 HpCISSs - ok
15:31:28.0407 8992 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
15:31:28.0407 8992 HpqKbFiltr - ok
15:31:28.0454 8992 [ 115C0933B3ED51DFBEC4449348C8065B ] HpqRemHid C:\Windows\system32\DRIVERS\HpqRemHid.sys
15:31:28.0454 8992 HpqRemHid - ok
15:31:28.0516 8992 [ 04C1DCBB226C6AE647B794833CE3CEB6 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
15:31:28.0516 8992 hpqwmiex - ok
15:31:28.0578 8992 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
15:31:28.0594 8992 HSFHWAZL - ok
15:31:28.0688 8992 [ 1882827F41DEE51C70E24C567C35BFB5 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
15:31:28.0703 8992 HSF_DPV - ok
15:31:28.0750 8992 [ A44DDF3BA83E4664BF4DE9220097578C ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
15:31:28.0750 8992 HSXHWAZL - ok
15:31:28.0812 8992 [ EA24FE637D974A8A31BC650F478E3533 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:31:28.0828 8992 HTTP - ok
15:31:28.0859 8992 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
15:31:28.0859 8992 i2omp - ok
15:31:28.0922 8992 [ 1C9EE072BAA3ABB460B91D7EE9152660 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:31:28.0922 8992 i8042prt - ok
15:31:29.0031 8992 [ 496DB78E6A0C4C44023D9A92B4A7AC31 ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys
15:31:29.0062 8992 ialm - ok
15:31:29.0109 8992 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
15:31:29.0109 8992 iaStorV - ok
15:31:29.0187 8992 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:31:29.0187 8992 IDriverT - ok
15:31:29.0296 8992 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:31:29.0327 8992 idsvc - ok
15:31:29.0358 8992 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:31:29.0374 8992 iirsp - ok
15:31:29.0421 8992 [ 35662FE4D8622F667AA5A5568F7F1B40 ] IKEEXT C:\Windows\System32\ikeext.dll
15:31:29.0436 8992 IKEEXT - ok
15:31:29.0499 8992 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
15:31:29.0499 8992 intelide - ok
15:31:29.0530 8992 [ CE44CC04262F28216DD4341E9E36A16F ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:31:29.0546 8992 intelppm - ok
15:31:29.0592 8992 [ 88CF5281ED9880D74DC9011CF8B5262D ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:31:29.0592 8992 IPBusEnum - ok
15:31:29.0655 8992 [ 880C6F86CC3F551B8FEA2C11141268C0 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:31:29.0655 8992 IpFilterDriver - ok
15:31:29.0748 8992 [ ECC9AD72CFC4AB41CF6A9BCC11F9FEF6 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:31:29.0764 8992 iphlpsvc - ok
15:31:29.0780 8992 IpInIp - ok
15:31:29.0811 8992 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
15:31:29.0811 8992 IPMIDRV - ok
15:31:29.0858 8992 [ 10077C35845101548037DF04FD1A420B ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
15:31:29.0858 8992 IPNAT - ok
15:31:29.0936 8992 [ 7A3611564FCE7C8BE50B03F58CB3EB7D ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:31:29.0967 8992 iPod Service - ok
15:31:30.0029 8992 [ A82F328F4792304184642D6D397BB1E3 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:31:30.0029 8992 IRENUM - ok
15:31:30.0060 8992 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:31:30.0060 8992 isapnp - ok
15:31:30.0107 8992 [ 4DCA456D4D5723F8FA9C6760D240B0DF ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
15:31:30.0107 8992 iScsiPrt - ok
15:31:30.0201 8992 [ 2F03CEB28307983F3B36216D35FFA5AA ] ISODrive C:\Program Files\UltraISO\drivers\ISODrive.sys
15:31:30.0216 8992 ISODrive - ok
15:31:30.0232 8992 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
15:31:30.0248 8992 iteatapi - ok
15:31:30.0294 8992 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
15:31:30.0294 8992 iteraid - ok
15:31:30.0326 8992 [ B076B2AB806B3F696DAB21375389101C ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:31:30.0326 8992 kbdclass - ok
15:31:30.0357 8992 [ ED61DBC6603F612B7338283EDBACBC4B ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:31:30.0357 8992 kbdhid - ok
15:31:30.0404 8992 [ C731B1FE449D4E9CEA358C9D55B69BE9 ] KeyIso C:\Windows\system32\lsass.exe
15:31:30.0404 8992 KeyIso - ok
15:31:30.0450 8992 [ 0A829977B078DEA11641FC2AF87CEADE ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:31:30.0466 8992 KSecDD - ok
15:31:30.0528 8992 [ 45C537FE5DDE9A0146AEFF76E615737D ] KtmRm C:\Windows\system32\msdtckrm.dll
15:31:30.0544 8992 KtmRm - ok
15:31:30.0606 8992 [ 53D1482FC1AA36AC015A85E6CF2146BD ] LanmanServer C:\Windows\System32\srvsvc.dll
15:31:30.0622 8992 LanmanServer - ok
15:31:30.0684 8992 [ 435F0F6DC87A4B5DA78F1FA309884189 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:31:30.0684 8992 LanmanWorkstation - ok
15:31:30.0809 8992 [ 53710476495886D9961BE46983A6A33F ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
15:31:30.0825 8992 LightScribeService - ok
15:31:30.0856 8992 [ FD015B4F95DAA2B712F0E372A116FBAD ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:31:30.0856 8992 lltdio - ok
15:31:30.0918 8992 [ 7450DBCF754391DD6363FFFD5EF0E789 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:31:30.0918 8992 lltdsvc - ok
15:31:30.0950 8992 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:31:30.0950 8992 lmhosts - ok
15:31:30.0996 8992 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:31:31.0012 8992 LSI_FC - ok
15:31:31.0043 8992 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:31:31.0043 8992 LSI_SAS - ok
15:31:31.0074 8992 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:31:31.0074 8992 LSI_SCSI - ok
15:31:31.0106 8992 [ 42885BB44B6E065B8575A8DD6C430C52 ] luafv C:\Windows\system32\drivers\luafv.sys
15:31:31.0106 8992 luafv - ok
15:31:31.0137 8992 [ E93C1AD58E88A0846EAEE10671C2A8F3 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:31:31.0152 8992 Mcx2Svc - ok
15:31:31.0184 8992 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:31:31.0184 8992 mdmxsdk - ok
15:31:31.0230 8992 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
15:31:31.0230 8992 megasas - ok
15:31:31.0262 8992 [ 9DFA3A459AF0954AA85B4F7622AD87BB ] MMCSS C:\Windows\system32\mmcss.dll
15:31:31.0277 8992 MMCSS - ok
15:31:31.0293 8992 [ 21755967298A46FB6ADFEC9DB6012211 ] Modem C:\Windows\system32\drivers\modem.sys
15:31:31.0293 8992 Modem - ok
15:31:31.0355 8992 [ 7446E104A5FE5987CA9E4983FBAC4F97 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:31:31.0355 8992 monitor - ok
15:31:31.0371 8992 [ 5FBA13C1A1841B0885D316ED3589489D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:31:31.0371 8992 mouclass - ok
15:31:31.0449 8992 [ A3A6DFF7E9E757DB3DF51A833BC28885 ] mouhid C:\Windows\system32\drivers\mouhid.sys
15:31:31.0449 8992 mouhid - ok
15:31:31.0511 8992 [ 01F1E5A3E4877C931CBB31613FEC16A6 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
15:31:31.0511 8992 MountMgr - ok
15:31:31.0589 8992 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:31:31.0605 8992 MozillaMaintenance - ok
15:31:31.0667 8992 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
15:31:31.0667 8992 mpio - ok
15:31:31.0714 8992 [ 6E7A7F0C1193EE5648443FE2D4B789EC ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:31:31.0714 8992 mpsdrv - ok
15:31:31.0730 8992 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
15:31:31.0730 8992 Mraid35x - ok
15:31:31.0761 8992 [ 1D8828B98EE309D65E006F0829E280E5 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:31:31.0761 8992 MRxDAV - ok
15:31:31.0839 8992 [ 8AF705CE1BB907932157FAB821170F27 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:31:31.0839 8992 mrxsmb - ok
15:31:31.0901 8992 [ 47E13AB23371BE3279EEF22BBFA2C1BE ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:31:31.0917 8992 mrxsmb10 - ok
15:31:31.0932 8992 [ 90B3FC7BD6B3D7EE7635DEBBA2187F66 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:31:31.0932 8992 mrxsmb20 - ok
15:31:32.0010 8992 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
15:31:32.0010 8992 msahci - ok
15:31:32.0042 8992 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:31:32.0057 8992 msdsm - ok
15:31:32.0073 8992 [ BC64A92D821EFEA8BAB8E8CAF1B668BC ] MSDTC C:\Windows\System32\msdtc.exe
15:31:32.0088 8992 MSDTC - ok
15:31:32.0135 8992 [ 729EAFEFD4E7417165F353A18DBE947D ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:31:32.0135 8992 Msfs - ok
15:31:32.0182 8992 [ 2C3F1983CD3629573CB9E9658247847A ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:31:32.0182 8992 msisadrv - ok
15:31:32.0229 8992 [ 8ACF956D9154E893E789881430C12632 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:31:32.0229 8992 MSiSCSI - ok
15:31:32.0244 8992 msiserver - ok
15:31:32.0291 8992 [ 892CEDEFA7E0FFE7BE8DA651B651D047 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:31:32.0291 8992 MSKSSRV - ok
15:31:32.0338 8992 [ AE2CB1DA69B2676B4CEE2A501AF5871C ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:31:32.0338 8992 MSPCLOCK - ok
15:31:32.0369 8992 [ F910DA84FA90C44A3ADDB7CD874463FD ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:31:32.0369 8992 MSPQM - ok
15:31:32.0478 8992 [ 84571C0AE07647BA38D493F5F0015DF7 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:31:32.0478 8992 MsRPC - ok
15:31:32.0541 8992 [ 1F6F7159C75E4B27D138B5225808860F ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:31:32.0541 8992 mssmbios - ok
15:31:32.0588 8992 [ C826DD1373F38AFD9CA46EC3C436A14E ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:31:32.0588 8992 MSTEE - ok
15:31:32.0619 8992 [ FA7AA70050CF5E2D15DE00941E5665E5 ] Mup C:\Windows\system32\Drivers\mup.sys
15:31:32.0634 8992 Mup - ok
15:31:32.0681 8992 [ 1CDBB5D002FE2BC5300AA20550D8A52E ] napagent C:\Windows\system32\qagentRT.dll
15:31:32.0697 8992 napagent - ok
15:31:32.0744 8992 [ 6DA4A0FC7C0E83DF0CB3CFD0A514C3BC ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:31:32.0759 8992 NativeWifiP - ok
15:31:32.0822 8992 [ 227C11E1E7CF6EF8AFB2A238D209760C ] NDIS C:\Windows\system32\drivers\ndis.sys
15:31:32.0837 8992 NDIS - ok
15:31:32.0868 8992 [ 81659CDCBD0F9A9E07E6878AD8C78D3F ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:31:32.0868 8992 NdisTapi - ok
15:31:32.0900 8992 [ 5DE5EE546BF40838EBE0E01CB629DF64 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:31:32.0900 8992 Ndisuio - ok
15:31:32.0931 8992 [ 397402ADCBB8946223A1950101F6CD94 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:31:32.0931 8992 NdisWan - ok
15:31:32.0946 8992 [ 1B24FA907AF283199A81B3BB37E5E526 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:31:32.0962 8992 NDProxy - ok
15:31:33.0009 8992 [ 356DBB9F98E8DC1028DD3092FCEEB877 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:31:33.0024 8992 NetBIOS - ok
15:31:33.0040 8992 [ E3A168912E7EEFC3BD3B814720D68B41 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
15:31:33.0056 8992 netbt - ok
15:31:33.0118 8992 [ C731B1FE449D4E9CEA358C9D55B69BE9 ] Netlogon C:\Windows\system32\lsass.exe
15:31:33.0118 8992 Netlogon - ok
15:31:33.0165 8992 [ 90A4DAE28B94497F83BEA0F2A3B77092 ] Netman C:\Windows\System32\netman.dll
15:31:33.0180 8992 Netman - ok
15:31:33.0212 8992 [ 7C5C3D9CEEE838856B828AB6F98A2857 ] netprofm C:\Windows\System32\netprofm.dll
15:31:33.0227 8992 netprofm - ok
15:31:33.0274 8992 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:31:33.0274 8992 NetTcpPortSharing - ok
15:31:33.0305 8992 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:31:33.0305 8992 nfrd960 - ok
15:31:33.0352 8992 [ C424117A562F2DE37A42266894C79AEB ] NlaSvc C:\Windows\System32\nlasvc.dll
15:31:33.0352 8992 NlaSvc - ok
15:31:33.0383 8992 [ 4F9832BEB9FAFD8CEB0E541F1323B26E ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:31:33.0383 8992 Npfs - ok
15:31:33.0414 8992 [ 23B8201A363DE0E649FC75EE9874DEE2 ] nsi C:\Windows\system32\nsisvc.dll
15:31:33.0430 8992 nsi - ok
15:31:33.0446 8992 [ B488DFEC274DE1FC9D653870EF2587BE ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:31:33.0446 8992 nsiproxy - ok
15:31:33.0570 8992 [ 37430AA7A66D7A63407ADC2C0D05E9F6 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:31:33.0602 8992 Ntfs - ok
15:31:33.0680 8992 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
15:31:33.0680 8992 ntrigdigi - ok
15:31:33.0726 8992 [ EC5EFB3C60F1B624648344A328BCE596 ] Null C:\Windows\system32\drivers\Null.sys
15:31:33.0726 8992 Null - ok
15:31:33.0820 8992 [ 19055A1C1076EF48E738D26EA7FB8017 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys
15:31:33.0836 8992 NVENETFD - ok
15:31:34.0241 8992 [ 442EAC1B12ACF1BAD6F1224167E034C8 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:31:34.0382 8992 nvlddmkm - ok
15:31:34.0413 8992 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:31:34.0428 8992 nvraid - ok
15:31:34.0475 8992 [ 9AEBC32F9D6E02EBEE0369AB296FE7C8 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
15:31:34.0475 8992 nvsmu - ok
15:31:34.0522 8992 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:31:34.0522 8992 nvstor - ok
15:31:34.0553 8992 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:31:34.0553 8992 nv_agp - ok
15:31:34.0584 8992 NwlnkFlt - ok
15:31:34.0616 8992 NwlnkFwd - ok
15:31:34.0725 8992 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:31:34.0772 8992 odserv - ok
15:31:34.0834 8992 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
15:31:34.0834 8992 ohci1394 - ok
15:31:34.0896 8992 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:31:34.0896 8992 ose - ok
15:31:34.0990 8992 [ 016D01D3B8FB976A193C7434BED8DCCF ] p2pimsvc C:\Windows\system32\p2psvc.dll
15:31:35.0021 8992 p2pimsvc - ok
15:31:35.0084 8992 [ 016D01D3B8FB976A193C7434BED8DCCF ] p2psvc C:\Windows\system32\p2psvc.dll
15:31:35.0099 8992 p2psvc - ok
15:31:35.0130 8992 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
15:31:35.0130 8992 Parport - ok
15:31:35.0162 8992 [ 555A5B2C8022983BC7467BC925B222EE ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:31:35.0162 8992 partmgr - ok
15:31:35.0208 8992 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
15:31:35.0208 8992 Parvdm - ok
15:31:35.0255 8992 [ D8C5C215C932233A4F1D7F368F4E4E65 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:31:35.0255 8992 PcaSvc - ok
15:31:35.0286 8992 [ 5BEDD5E1416DA009C4F24ADF8DA13773 ] pci C:\Windows\system32\drivers\pci.sys
15:31:35.0302 8992 pci - ok
15:31:35.0349 8992 [ CABA65E9C41CD2900D4C92D4F825C5F8 ] pciide C:\Windows\system32\drivers\pciide.sys
15:31:35.0349 8992 pciide - ok
15:31:35.0396 8992 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:31:35.0396 8992 pcmcia - ok
15:31:35.0474 8992 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:31:35.0489 8992 PEAUTH - ok
15:31:35.0630 8992 [ CD05A38D166BEADE18030BAFC0C0A939 ] pla C:\Windows\system32\pla.dll
15:31:35.0723 8992 pla - ok
15:31:35.0770 8992 [ 747BB4C31F3B6E8D1B5ED0AD61518CB5 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:31:35.0786 8992 PlugPlay - ok
15:31:35.0832 8992 [ 016D01D3B8FB976A193C7434BED8DCCF ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
15:31:35.0848 8992 PNRPAutoReg - ok
15:31:35.0910 8992 [ 016D01D3B8FB976A193C7434BED8DCCF ] PNRPsvc C:\Windows\system32\p2psvc.dll
15:31:35.0926 8992 PNRPsvc - ok
15:31:35.0973 8992 [ 5EBDEC613BD377CE9A85382BE5C6B83B ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:31:35.0973 8992 PolicyAgent - ok
15:31:36.0020 8992 [ C04DEC5ACE67C5247B150C4223970BB7 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:31:36.0020 8992 PptpMiniport - ok
15:31:36.0066 8992 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
15:31:36.0066 8992 Processor - ok
15:31:36.0113 8992 [ 213112E152E68F0E4705E36F052A2880 ] ProfSvc C:\Windows\system32\profsvc.dll
15:31:36.0113 8992 ProfSvc - ok
15:31:36.0144 8992 [ C731B1FE449D4E9CEA358C9D55B69BE9 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:31:36.0144 8992 ProtectedStorage - ok
15:31:36.0176 8992 [ 2C8BAE55247C4E09352E870292E4D1AB ] PSched C:\Windows\system32\DRIVERS\pacer.sys
15:31:36.0176 8992 PSched - ok
15:31:36.0269 8992 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:31:36.0285 8992 ql2300 - ok
15:31:36.0316 8992 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:31:36.0316 8992 ql40xx - ok
15:31:36.0441 8992 [ 599FF0B96561CA4F0899FE7F1C4CCE9A ] QPCapSvc C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
15:31:36.0456 8992 QPCapSvc - ok
15:31:36.0488 8992 [ 8FF5CAD74C3C5E692E1610E861609A3B ] QPSched C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
15:31:36.0488 8992 QPSched - ok
15:31:36.0539 8992 [ CA61BDFD3713A7CE75F2812AFC431594 ] QWAVE C:\Windows\system32\qwave.dll
15:31:36.0559 8992 QWAVE - ok
15:31:36.0579 8992 [ D2B3E2B7426DC23E185FBC73C8936C12 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:31:36.0579 8992 QWAVEdrv - ok
15:31:36.0609 8992 [ BD7B30F55B3649506DD8B3D38F571D2A ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:31:36.0619 8992 RasAcd - ok
15:31:36.0649 8992 [ F14F4AAB9F54D099FE99192BDB100AC9 ] RasAuto C:\Windows\System32\rasauto.dll
15:31:36.0659 8992 RasAuto - ok
15:31:36.0689 8992 [ 68B0019FEE429EC49D29017AF937E482 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:31:36.0699 8992 Rasl2tp - ok
15:31:36.0739 8992 [ 11D65E29BC9D1E4114D18FE68194394C ] RasMan C:\Windows\System32\rasmans.dll
15:31:36.0749 8992 RasMan - ok
15:31:36.0799 8992 [ CCF4E9C6CBBAC81437F88CB2AE0B6C96 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:31:36.0799 8992 RasPppoe - ok
15:31:36.0869 8992 [ 54129C5D9581BBEC8BD1EBD3BA813F47 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:31:36.0879 8992 rdbss - ok
15:31:36.0909 8992 [ 794585276B5D7FCA9F3FC15543F9F0B9 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:31:36.0909 8992 RDPCDD - ok
15:31:36.0989 8992 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
15:31:36.0999 8992 rdpdr - ok
15:31:37.0009 8992 [ 980B56E2E273E19D3A9D72D5C420F008 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:31:37.0019 8992 RDPENCDD - ok
15:31:37.0089 8992 [ 8830E790A74A96605FABA74F9665BB3C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:31:37.0099 8992 RDPWD - ok
15:31:37.0149 8992 [ 6C1A43C589EE8011A1EBFD51C01B77CE ] RemoteAccess C:\Windows\System32\mprdim.dll
15:31:37.0159 8992 RemoteAccess - ok
15:31:37.0209 8992 [ 9A043808667C8C1893DA7275AF373F0E ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:31:37.0219 8992 RemoteRegistry - ok
15:31:37.0319 8992 [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
15:31:37.0329 8992 RichVideo - ok
15:31:37.0379 8992 [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
15:31:37.0379 8992 rimmptsk - ok
15:31:37.0439 8992 [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
15:31:37.0439 8992 rimsptsk - ok
15:31:37.0459 8992 [ D231B577024AA324AF13A42F3A807D10 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
15:31:37.0459 8992 rismxdp - ok
15:31:37.0489 8992 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
15:31:37.0489 8992 RpcLocator - ok
15:31:37.0549 8992 [ 7B981222A257D076885BFFB66F19B7CE ] RpcSs C:\Windows\system32\rpcss.dll
15:31:37.0559 8992 RpcSs - ok
15:31:37.0609 8992 [ 97E939D2128FEC5D5A3E6E79B290A2F4 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:31:37.0609 8992 rspndr - ok
15:31:37.0639 8992 [ C731B1FE449D4E9CEA358C9D55B69BE9 ] SamSs C:\Windows\system32\lsass.exe
15:31:37.0649 8992 SamSs - ok
15:31:37.0689 8992 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:31:37.0689 8992 sbp2port - ok
15:31:37.0729 8992 [ 565B4B9E5AD2F2F18A4F8AAFA6C06BBB ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:31:37.0739 8992 SCardSvr - ok
15:31:37.0809 8992 [ 886CEC884B5BE29AB9828B8AB46B11F7 ] Schedule C:\Windows\system32\schedsvc.dll
15:31:37.0829 8992 Schedule - ok
15:31:37.0869 8992 [ 0600E04315FE543802A379D5D23C8BE0 ] SCPolicySvc C:\Windows\System32\certprop.dll
15:31:37.0869 8992 SCPolicySvc - ok
15:31:37.0899 8992 [ 7B3973CC28B8AA3E9E2E5D53E720E2C9 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
15:31:37.0909 8992 sdbus - ok
15:31:37.0929 8992 [ 56AA904311B3BACC67DBA8679AFF73D4 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:31:37.0939 8992 SDRSVC - ok
15:31:37.0959 8992 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:31:37.0959 8992 secdrv - ok
15:31:37.0989 8992 [ 8388C4133DDBE62AD7BC3EC9F14271ED ] seclogon C:\Windows\system32\seclogon.dll
15:31:37.0989 8992 seclogon - ok
15:31:38.0029 8992 [ 34350AE2C1D33D21C7305F861BD8DAD8 ] SENS C:\Windows\System32\sens.dll
15:31:38.0039 8992 SENS - ok
15:31:38.0069 8992 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
15:31:38.0069 8992 Serenum - ok
15:31:38.0109 8992 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
15:31:38.0109 8992 Serial - ok
15:31:38.0149 8992 [ 450ACCD77EC5CEA720C1CDB9E26B953B ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:31:38.0149 8992 sermouse - ok
15:31:38.0239 8992 [ 78878235DA4DF0D116E86837A0A21DF8 ] SessionEnv C:\Windows\system32\sessenv.dll
15:31:38.0239 8992 SessionEnv - ok
15:31:38.0299 8992 [ 51CF56AA8BCC241F134B420B8F850406 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
15:31:38.0299 8992 sffdisk - ok
15:31:38.0359 8992 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:31:38.0359 8992 sffp_mmc - ok
15:31:38.0389 8992 [ 8B08CAB1267B2C377883FC9E56981F90 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
15:31:38.0389 8992 sffp_sd - ok
15:31:38.0429 8992 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:31:38.0429 8992 sfloppy - ok
15:31:38.0489 8992 [ B264DFA21677728613267FE63802B332 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:31:38.0499 8992 ShellHWDetection - ok
15:31:38.0539 8992 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
15:31:38.0539 8992 sisagp - ok
15:31:38.0579 8992 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
15:31:38.0579 8992 SiSRaid2 - ok
15:31:38.0619 8992 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:31:38.0619 8992 SiSRaid4 - ok
15:31:38.0799 8992 [ A1DCD30534835CB67733AD00175125A6 ] slsvc C:\Windows\system32\SLsvc.exe
15:31:38.0849 8992 slsvc - ok
15:31:38.0889 8992 [ 56DA296E7B376A727E7BDC5AC7FBEE02 ] SLUINotify C:\Windows\system32\SLUINotify.dll
15:31:38.0899 8992 SLUINotify - ok
15:31:38.0939 8992 [ AC0D90738ADB51A6FD12FF00874A2162 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:31:38.0939 8992 Smb - ok
15:31:38.0969 8992 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:31:38.0979 8992 SNMPTRAP - ok
15:31:39.0009 8992 [ 426F9B029AA9162CECCF65369457D046 ] spldr C:\Windows\system32\drivers\spldr.sys
15:31:39.0009 8992 spldr - ok
15:31:39.0039 8992 [ DA612EF2556776DF2630B68BF2D48935 ] Spooler C:\Windows\System32\spoolsv.exe
15:31:39.0049 8992 Spooler - ok
15:31:39.0099 8992 [ 038579C35F7CAD4A4BBF735DBF83277D ] srv C:\Windows\system32\DRIVERS\srv.sys
15:31:39.0109 8992 srv - ok
15:31:39.0159 8992 [ 6971A757AF8CB5E2CBCBB76CC530DB6C ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:31:39.0159 8992 srv2 - ok
15:31:39.0189 8992 [ 9E1A4603B874EEBCE0298113951ABEFB ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:31:39.0189 8992 srvnet - ok
15:31:39.0229 8992 [ 8D3E4BAFF8B3997138C38EB1B600519A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:31:39.0239 8992 SSDPSRV - ok
15:31:39.0279 8992 Steam Client Service - ok
15:31:39.0369 8992 [ A941E099EF46E3CC12F898CBE1C39910 ] stisvc C:\Windows\System32\wiaservc.dll
15:31:39.0379 8992 stisvc - ok
15:31:39.0429 8992 [ 92894DD7FDD62AF808B1409B73AF9C73 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:31:39.0429 8992 swenum - ok
15:31:39.0479 8992 [ 749ADA8D6C18A08ADFEDE69CBF5DB2E0 ] swprv C:\Windows\System32\swprv.dll
15:31:39.0489 8992 swprv - ok
15:31:39.0539 8992 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
15:31:39.0539 8992 Symc8xx - ok
15:31:39.0559 8992 SymIMMP - ok
15:31:39.0600 8992 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
15:31:39.0600 8992 Sym_hi - ok
15:31:39.0631 8992 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
15:31:39.0631 8992 Sym_u3 - ok
15:31:39.0709 8992 [ 8F2B5FEDE18BD3C4C926CBF88E6F1264 ] SysMain C:\Windows\system32\sysmain.dll
15:31:39.0725 8992 SysMain - ok
15:31:39.0756 8992 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:31:39.0756 8992 TabletInputService - ok
15:31:39.0787 8992 [ EF3DD33C740FC2F82E7E4622F1C49289 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:31:39.0787 8992 TapiSrv - ok
15:31:39.0818 8992 [ 68FA52794AE9ACC61BDE16FE0956B414 ] TBS C:\Windows\System32\tbssvc.dll
15:31:39.0834 8992 TBS - ok
15:31:39.0928 8992 [ 4A82FA8F0DF67AA354580C3FAAF8BDE3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:31:39.0943 8992 Tcpip - ok
15:31:40.0006 8992 [ 4A82FA8F0DF67AA354580C3FAAF8BDE3 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
15:31:40.0021 8992 Tcpip6 - ok
15:31:40.0068 8992 [ 5CE0C4A7B12D0067DAD527D72B68C726 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:31:40.0068 8992 tcpipreg - ok
15:31:40.0115 8992 [ 964248AEF49C31FA6A93201A73FFAF50 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:31:40.0115 8992 TDPIPE - ok
15:31:40.0162 8992 [ 7D2C1AE1648A60FCE4AA0F7982E419D3 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:31:40.0162 8992 TDTCP - ok
15:31:40.0193 8992 [ AB4FDE8AF4A0270A46A001C08CBCE1C2 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:31:40.0193 8992 tdx - ok
15:31:40.0224 8992 [ 85908DA29AF0AB835048107AD2AD07D1 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:31:40.0224 8992 TermDD - ok
15:31:40.0286 8992 [ FAD71C1E8E4047B154E899AE31EB8CAA ] TermService C:\Windows\System32\termsrv.dll
15:31:40.0302 8992 TermService - ok
15:31:40.0349 8992 [ B264DFA21677728613267FE63802B332 ] Themes C:\Windows\system32\shsvcs.dll
15:31:40.0349 8992 Themes - ok
15:31:40.0380 8992 [ 9DFA3A459AF0954AA85B4F7622AD87BB ] THREADORDER C:\Windows\system32\mmcss.dll
15:31:40.0380 8992 THREADORDER - ok
15:31:40.0411 8992 [ 6BBA0582C0025D43729A1112D3B57897 ] TrkWks C:\Windows\System32\trkwks.dll
15:31:40.0427 8992 TrkWks - ok
15:31:40.0489 8992 [ 34E388A395FEDBA1D0511ED39BBF4074 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:31:40.0489 8992 TrustedInstaller - ok
15:31:40.0530 8992 [ 29F0ECA726F0D51F7E048BDB0B372F29 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:31:40.0530 8992 tssecsrv - ok
15:31:40.0590 8992 [ 65E953BC0084D44498B51F59784D2A82 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
15:31:40.0590 8992 tunmp - ok
15:31:40.0610 8992 [ 4A39BDA5E0FD30BDF4884F9D33AE6105 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:31:40.0610 8992 tunnel - ok
15:31:40.0680 8992 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:31:40.0680 8992 uagp35 - ok
15:31:40.0720 8992 [ 6348DA98707CEDA8A0DFB05820E17732 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:31:40.0720 8992 udfs - ok
15:31:40.0800 8992 [ 24A333F4F14DCFB6FF6D5A1B9E5D79DD ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:31:40.0810 8992 UI0Detect - ok
15:31:40.0840 8992 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:31:40.0850 8992 uliagpkx - ok
15:31:40.0890 8992 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
15:31:40.0900 8992 uliahci - ok
15:31:40.0960 8992 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
15:31:40.0960 8992 UlSata - ok
15:31:41.0010 8992 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
15:31:41.0010 8992 ulsata2 - ok
15:31:41.0050 8992 [ 3FB78F1D1DD86D87BECECD9DFFA24DD9 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:31:41.0060 8992 umbus - ok
15:31:41.0100 8992 [ 8EB871A3DEB6B3D5A85EB6DDFC390B59 ] upnphost C:\Windows\System32\upnphost.dll
15:31:41.0110 8992 upnphost - ok
15:31:41.0180 8992 [ 03B01E8DBD2DA2B49157B7E51912AAF2 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:31:41.0180 8992 usbccgp - ok
15:31:41.0240 8992 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:31:41.0240 8992 usbcir - ok
15:31:41.0280 8992 [ 2F83363F98484F8EDAF49F9B41520D14 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:31:41.0280 8992 usbehci - ok
15:31:41.0310 8992 [ 14D2A4DCD92C0B3368667AED6893463D ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:31:41.0320 8992 usbhub - ok
15:31:41.0350 8992 [ 51DC36722172D45F2F935CE5CC18A812 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:31:41.0350 8992 usbohci - ok
15:31:41.0370 8992 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
15:31:41.0380 8992 usbprint - ok
15:31:41.0450 8992 [ 7887CE56934E7F104E98C975F47353C5 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:31:41.0450 8992 USBSTOR - ok
15:31:41.0480 8992 [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:31:41.0490 8992 usbuhci - ok
15:31:41.0540 8992 [ 46F3A2912EF88CD8E87D4F9B304CD949 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
15:31:41.0550 8992 usbvideo - ok
15:31:41.0590 8992 [ F79D0D7C9004474CB42746D9B2C30A2B ] UxSms C:\Windows\System32\uxsms.dll
15:31:41.0600 8992 UxSms - ok
15:31:41.0640 8992 [ C9D0BAFEE0D0A2681F048CA61BC0DA96 ] vds C:\Windows\System32\vds.exe
15:31:41.0670 8992 vds - ok
15:31:41.0710 8992 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:31:41.0710 8992 vga - ok
15:31:41.0770 8992 [ 17A8F877314E4067F8C8172CC6D9101C ] VgaSave C:\Windows\System32\drivers\vga.sys
15:31:41.0780 8992 VgaSave - ok
15:31:41.0810 8992 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
15:31:41.0810 8992 viaagp - ok
15:31:41.0870 8992 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
15:31:41.0870 8992 ViaC7 - ok
15:31:41.0880 8992 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
15:31:41.0890 8992 viaide - ok
15:31:41.0920 8992 [ D9E9490C960624C416FBDE080DEEB7FE ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:31:41.0930 8992 volmgr - ok
15:31:41.0970 8992 [ 294DA8D3F965F6A8DB934A83C7B461FF ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:31:41.0970 8992 volmgrx - ok
15:31:42.0010 8992 [ 80DC0C9BCB579ED9815001A4D37CBFD5 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:31:42.0010 8992 volsnap - ok
15:31:42.0120 8992 [ 4B7F8CABBF7261796F12780E911D5F34 ] Vongo Service C:\Program Files\Vongo\VongoService.exe
15:31:42.0130 8992 Vongo Service - ok
15:31:42.0180 8992 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:31:42.0180 8992 vsmraid - ok
15:31:42.0270 8992 [ E0E29D9EF2524ABD11749C7C2FD7F607 ] VSS C:\Windows\system32\vssvc.exe
15:31:42.0320 8992 VSS - ok
15:31:42.0360 8992 [ 62B0D0F6F5580D9D0DFA5E0B466FF2ED ] W32Time C:\Windows\system32\w32time.dll
15:31:42.0370 8992 W32Time - ok
15:31:42.0430 8992 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:31:42.0430 8992 WacomPen - ok
15:31:42.0470 8992 [ 6798C1209A53B5A0DED8D437C45145FF ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
15:31:42.0480 8992 Wanarp - ok
15:31:42.0490 8992 [ 6798C1209A53B5A0DED8D437C45145FF ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:31:42.0490 8992 Wanarpv6 - ok
15:31:42.0530 8992 [ C1B19162E0509CEAB4CDF664E139D956 ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:31:42.0550 8992 wcncsvc - ok
15:31:42.0580 8992 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:31:42.0590 8992 WcsPlugInService - ok
15:31:42.0620 8992 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
15:31:42.0620 8992 Wd - ok
15:31:42.0690 8992 [ 7B5F66E4A2219C7D9DAF9E738480E534 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:31:42.0700 8992 Wdf01000 - ok
15:31:42.0730 8992 [ 2A424B89B14EF17A3D06BCB5A8F79601 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:31:42.0740 8992 WdiServiceHost - ok
15:31:42.0750 8992 [ 2A424B89B14EF17A3D06BCB5A8F79601 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:31:42.0760 8992 WdiSystemHost - ok
15:31:42.0800 8992 [ 01E41C264EEDCB827820A1909162579F ] WebClient C:\Windows\System32\webclnt.dll
15:31:42.0810 8992 WebClient - ok
15:31:42.0852 8992 [ 9CF67FF7F8D34CBF115D0C278B9F74AA ] Wecsvc C:\Windows\system32\wecsvc.dll
15:31:42.0867 8992 Wecsvc - ok
15:31:42.0898 8992 [ B68CAB45DB1DAB59D92ACADFAD6364A8 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:31:42.0898 8992 wercplsupport - ok
15:31:42.0930 8992 [ 36BA0707680EF4236FD752BEE982CC25 ] WerSvc C:\Windows\System32\WerSvc.dll
15:31:42.0945 8992 WerSvc - ok
15:31:43.0039 8992 [ E096FFB754F1E45AE1BDDAC1275AE2C5 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
15:31:43.0054 8992 winachsf - ok
15:31:43.0132 8992 [ 0D5AD0E71FF5DDAC5DD2F443B499ABD0 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
15:31:43.0132 8992 WinDefend - ok
15:31:43.0164 8992 WinHttpAutoProxySvc - ok
15:31:43.0226 8992 [ 38A7B89DE4E3417C122317949667FDD8 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:31:43.0242 8992 Winmgmt - ok
15:31:43.0288 8992 [ 3F6823040030C3E4DA1CF11CD40B7534 ] WinRM C:\Windows\system32\WsmSvc.dll
15:31:43.0335 8992 WinRM - ok
15:31:43.0413 8992 [ B410476A00961BF3FC368A346D8EA6A7 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:31:43.0429 8992 Wlansvc - ok
15:31:43.0444 8992 [ 17EAC0D023A65FA9B02114CC2BAACAD5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
15:31:43.0444 8992 WmiAcpi - ok
15:31:43.0507 8992 [ A279323BEE5FFFAFDA222910BCE92132 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:31:43.0522 8992 wmiApSrv - ok
15:31:43.0600 8992 [ ACB2E63D50157E3EA7140F29D9E76A48 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
15:31:43.0678 8992 WMPNetworkSvc - ok
15:31:43.0694 8992 [ 3D3B3B80C12ABE506F56930C46422C28 ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:31:43.0710 8992 WPCSvc - ok
15:31:43.0741 8992 [ C24844A1D0D9528B19D5BC266B8CD572 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:31:43.0741 8992 WPDBusEnum - ok
15:31:43.0803 8992 [ 2D27171B16A577EF14C1273668753485 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
15:31:43.0803 8992 WpdUsb - ok
15:31:43.0850 8992 [ 84620AECDCFD2A7A14E6263927D8C0ED ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:31:43.0850 8992 ws2ifsl - ok
15:31:43.0897 8992 [ F97CBB919AF6D0A6643D1A59C15014D1 ] wscsvc C:\Windows\system32\wscsvc.dll
15:31:43.0912 8992 wscsvc - ok
15:31:43.0912 8992 WSearch - ok
15:31:44.0068 8992 [ 6298277B73C77FA99106B271A7525163 ] wuauserv C:\Windows\system32\wuaueng.dll
15:31:44.0115 8992 wuauserv - ok
15:31:44.0162 8992 [ A2AAFCC8A204736296D937C7C545B53F ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:31:44.0162 8992 WUDFRd - ok
15:31:44.0193 8992 [ DB5BF5AAB72B1B99B5331231D09EBB26 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:31:44.0209 8992 wudfsvc - ok
15:31:44.0256 8992 [ 19E7C173B6242AD7521E537AE54768BF ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
15:31:44.0256 8992 XAudio - ok
15:31:44.0302 8992 [ CDA0BC78672B50C43649FF34E1FD0FF8 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
15:31:44.0318 8992 XAudioService - ok
15:31:44.0349 8992 ================ Scan global ===============================
15:31:44.0365 8992 [ 8CD98A8EC9CADAF4E051CDCAC15C96C4 ] C:\Windows\system32\basesrv.dll
15:31:44.0427 8992 [ E3F137ADC0A9D7F3A2E4F557272FE6B3 ] C:\Windows\system32\winsrv.dll
15:31:44.0474 8992 [ E3F137ADC0A9D7F3A2E4F557272FE6B3 ] C:\Windows\system32\winsrv.dll
15:31:44.0521 8992 [ 329CF3C97CE4C19375C8ABCABAE258B0 ] C:\Windows\system32\services.exe
15:31:44.0536 8992 [Global] - ok
15:31:44.0536 8992 ================ Scan MBR ==================================
15:31:44.0568 8992 [ 5DDBB521C11CEAE1B0FB24F37471D2C7 ] \Device\Harddisk0\DR0
15:31:44.0864 8992 \Device\Harddisk0\DR0 - ok
15:31:44.0864 8992 ================ Scan VBR ==================================
15:31:44.0864 8992 [ 4BEFC8B2A1AE909FAAC8DA72167EB40D ] \Device\Harddisk0\DR0\Partition1
15:31:44.0880 8992 \Device\Harddisk0\DR0\Partition1 - ok
15:31:44.0880 8992 ============================================================
15:31:44.0880 8992 Scan finished
15:31:44.0880 8992 ============================================================
15:31:44.0911 8532 Detected object count: 0
15:31:44.0911 8532 Actual detected object count: 0





And here is aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-20 15:36:58
-----------------------------
15:36:58.135 OS Version: Windows 6.0.6000
15:36:58.136 Number of processors: 2 586 0x6802
15:36:58.138 ComputerName: JEANNE-PC UserName: Jeanne
15:36:59.861 Initialize success
15:41:22.394 AVAST engine defs: 12082000
15:41:33.878 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
15:41:33.888 Disk 0 Vendor: FUJITSU_MHV2040BH 892C Size: 38166MB BusType: 3
15:41:34.878 Disk 0 MBR read successfully
15:41:34.888 Disk 0 MBR scan
15:41:34.908 Disk 0 unknown MBR code
15:41:35.068 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38165 MB offset 63
15:41:35.708 Disk 0 scanning sectors +78163312
15:41:36.978 Disk 0 scanning C:\Windows\system32\drivers
15:45:09.170 Service scanning
15:45:45.815 Modules scanning
15:50:32.660 Disk 0 trace - called modules:
15:50:32.842 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys HSX_CNXT.sys
15:50:32.862 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84eab440]
15:50:33.278 3 ntkrnlpa.exe[81cb07e2] -> nt!IofCallDriver -> [0x844df8b8]
15:50:33.305 5 acpi.sys[8022432a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x844cfbb0]
15:50:36.480 AVAST engine scan C:\Windows
15:52:20.399 AVAST engine scan C:\Windows\system32
16:14:35.837 File: C:\Windows\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
16:19:41.207 AVAST engine scan C:\Windows\system32\drivers
16:20:55.213 AVAST engine scan C:\Users\Jeanne
16:21:51.442 File: C:\Users\Jeanne\AppData\Local\Temp\1DBE.tmp **INFECTED** Win32:MalOb-IK [Cryp]
16:24:00.200 File: C:\Users\Jeanne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\17e629a5-3709ec29 **INFECTED** Win32:MalOb-EL [Cryp]
16:24:09.881 File: C:\Users\Jeanne\AppData\Roaming\clpcpi.dll **INFECTED** Win32:Medfos [Trj]
16:28:07.002 AVAST engine scan C:\ProgramData
16:36:59.430 Scan finished successfully
16:37:08.603 Disk 0 MBR has been saved successfully to "C:\Users\Jeanne\Desktop\MBR.dat"
16:37:08.619 The log file has been saved successfully to "C:\Users\Jeanne\Desktop\aswMBR.txt"

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:47 AM

Posted 21 August 2012 - 07:10 AM

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 dgore37

dgore37
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 21 August 2012 - 02:54 PM

Hello Gringo,

I have run the application you linked. Should I be removing or fixing any files/registry keys with any of the tools you have directed me to? Thus far I have just been running them and posting the logs.
This is the log it generated by rogue killer:

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6000 ) 32 bits version
Started in : Normal mode
User: Jeanne [Admin rights]
Mode: Scan -- Date: 08/21/2012 15:46:01

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤
[BLACKLIST DLL] HKCU\[...]\Run : clpcpi ("C:\WINDOWS\System32\rundll32.exe" "C:\Users\Jeanne\AppData\Roaming\clpcpi.dll",_Contains) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-966422761-1105785007-1344661994-1000[...]\Run : clpcpi ("C:\WINDOWS\System32\rundll32.exe" "C:\Users\Jeanne\AppData\Roaming\clpcpi.dll",_Contains) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : c:\windows\installer\{ebba699c-e4cf-54d5-02cd-4a259be5e472}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{ebba699c-e4cf-54d5-02cd-4a259be5e472}\L --> FOUND
[ZeroAccess][FOLDER] U : c:\users\jeanne\appdata\local\{ebba699c-e4cf-54d5-02cd-4a259be5e472}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\users\jeanne\appdata\local\{ebba699c-e4cf-54d5-02cd-4a259be5e472}\L --> FOUND

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHV2040BH ATA Device +++++
--- User ---
[MBR] 9f652c47e509a9125c9edc461d1f413f
[BSP] af87a773cd4280c6f6befb4e920cdbef : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38165 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:47 AM

Posted 21 August 2012 - 04:59 PM

Greetings

Don't worry If there is something to fix in each program I will give you instructions on what I want done


--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 dgore37

dgore37
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 21 August 2012 - 05:26 PM

Ok cool, just wanted to make sure i was doing it properly.

Here is the second rogue killer log:

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6000 ) 32 bits version
Started in : Normal mode
User: Jeanne [Admin rights]
Mode: Scan -- Date: 08/21/2012 18:23:48

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤
[BLACKLIST DLL] HKCU\[...]\Run : clpcpi ("C:\WINDOWS\System32\rundll32.exe" "C:\Users\Jeanne\AppData\Roaming\clpcpi.dll",_Contains) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-966422761-1105785007-1344661994-1000[...]\Run : clpcpi ("C:\WINDOWS\System32\rundll32.exe" "C:\Users\Jeanne\AppData\Roaming\clpcpi.dll",_Contains) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : c:\windows\installer\{ebba699c-e4cf-54d5-02cd-4a259be5e472}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{ebba699c-e4cf-54d5-02cd-4a259be5e472}\L --> FOUND
[ZeroAccess][FOLDER] U : c:\users\jeanne\appdata\local\{ebba699c-e4cf-54d5-02cd-4a259be5e472}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\users\jeanne\appdata\local\{ebba699c-e4cf-54d5-02cd-4a259be5e472}\L --> FOUND

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHV2040BH ATA Device +++++
--- User ---
[MBR] 9f652c47e509a9125c9edc461d1f413f
[BSP] af87a773cd4280c6f6befb4e920cdbef : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38165 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:47 AM

Posted 21 August 2012 - 05:45 PM

Greetings


How is the computer doing now



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 dgore37

dgore37
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 21 August 2012 - 06:27 PM

Much better thanks,

I haven't seen any popups yet and MBAM no longer detects any infected objects. I still cannot use windows firewall, windows update, or windows defender though.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:47 AM

Posted 21 August 2012 - 07:17 PM

--Run RogueKiller--

  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator" to start
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 dgore37

dgore37
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 21 August 2012 - 07:26 PM

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6000 ) 32 bits version
Started in : Normal mode
User: Jeanne [Admin rights]
Mode: Scan -- Date: 08/21/2012 20:22:02

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : c:\windows\installer\{ebba699c-e4cf-54d5-02cd-4a259be5e472}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{ebba699c-e4cf-54d5-02cd-4a259be5e472}\L --> FOUND
[ZeroAccess][FOLDER] U : c:\users\jeanne\appdata\local\{ebba699c-e4cf-54d5-02cd-4a259be5e472}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\users\jeanne\appdata\local\{ebba699c-e4cf-54d5-02cd-4a259be5e472}\L --> FOUND

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHV2040BH ATA Device +++++
--- User ---
[MBR] 9f652c47e509a9125c9edc461d1f413f
[BSP] af87a773cd4280c6f6befb4e920cdbef : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38165 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:47 AM

Posted 21 August 2012 - 07:42 PM

did you click the delete button after the scan ?
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users