Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected or not?


  • Please log in to reply
17 replies to this topic

#1 russcart

russcart

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:53 AM

Posted 05 September 2012 - 02:25 AM

I just finished rebuilding this computer, all new components and installed new drives and a new OS, Windows 7, a clean install. Twice in the past week or so a window pops up at random saying that my computer is infected. I closed the window on each ocassion before it's "scan" was completed. It is called Windows Secure Kit 2012. How can I tell if this malware or whatever it is called has actually affected my computer? I have scanned my computer with the programs that I have installed and nothing is found. I am using Windows Security Essentials, Malwarebytes and also CCleaner. Is there a need for another AV program that may be able to catch this type of thing?

Thank you

BC AdBot (Login to Remove)

 


#2 russcart

russcart
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:53 AM

Posted 05 September 2012 - 02:31 AM

My mistake, I meant to say that I am using Microsoft Security Essentials.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:53 PM

Posted 12 September 2012 - 03:34 PM

Sorry you got lost ere. If you still need help please do these.


Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

Run RKill....


Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

>>>>


Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.



Next run Superantisypware (SAS):

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
    For instructions with screenshots, please refer to the How to use SUPERAntiSpyware to scan and remove malware from your computer Guide.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all other options as they are set):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the Control Center screen.
  • Back on the main screen, under "Select Scan Type" check the box for Complete Scan.
  • If your computer is badly infected, be sure to check the box next to Enable Rescue Scan (Highly Infected Systems ONLY).
  • Click the Scan your computer... button.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the scan log after reboot, launch SUPERAntiSpyware again.
  • Click the View Scan Logs button at the bottom.
  • This will open the Scanner Logs Window.
  • Click on the log to highlight it and then click on View Selected Log to open it.
  • Copy and paste the scan log results in your next reply.
-- Some types of malware will disable security tools. If SUPERAntiSpyware will not install, please refer to these instructions for using the SUPERAntiSpyware Installer. If SUPERAntiSpyware is already installed but will not run, then follow the instructions for using RUNSAS.EXE to launch the program.



Finally.........
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 russcart

russcart
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:53 AM

Posted 12 September 2012 - 10:32 PM

Thank you for the reply. I have Windows 7 on my computer and cannot access Safe Mode using the F8 key method. I can however access it if I run msconfig and change the option to boot in safe mode. When I do that however I cannot access the internet to download the programs that you are suggesting. Should all of these programs be downloaded while in Safe Mode?

#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:53 AM

Posted 12 September 2012 - 10:45 PM

Hi -
Sorry for a quick butt in on boopme's topic -

Can you load these programs to a USB Flash drive and transfer them to the problem computer ??
If you can please do this via a clean computer (I assume you are using one now) or use Safemode with Networking if accessable.

This is usually the most simple way -

I will leave this to boopme to clarify if there is a problem with this -

Thank You -

#6 russcart

russcart
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:53 AM

Posted 12 September 2012 - 11:21 PM

Thanks for the response. I can download to a usb device, I can also download from computer in question, just not in safe mode.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:53 PM

Posted 13 September 2012 - 11:03 AM

Let's go with normal than and get it done.. We may get rid of a malware disturbing safe mode.. Lets see what we get.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 russcart

russcart
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:53 AM

Posted 13 September 2012 - 01:41 PM

When I can access my computer later today, I will proceed as directed. Got a question though... how do I get into Safe Mode with Networking if I cannot use the F8 key to boot?

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:53 PM

Posted 13 September 2012 - 02:37 PM

Go with Normal mode for now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 russcart

russcart
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:53 AM

Posted 13 September 2012 - 07:38 PM

The F8 key did not work on my computer to allow me to start in the Safe Mode with Networking. However, the F5 key did work.

The RKill log:

Rkill 2.3.15 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/13/2012 04:26:23 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Russell\Desktop\rkill\rkill-09-13-2012-04-26-24.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Automatic

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/13/2012 04:26:27 PM
Execution time: 0 hours(s), 0 minute(s), and 3 seconds(s)

The TDDSKiller log:

16:28:22.0371 0968 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
16:28:22.0964 0968 ============================================================
16:28:22.0964 0968 Current date / time: 2012/09/13 16:28:22.0964
16:28:22.0964 0968 SystemInfo:
16:28:22.0964 0968
16:28:22.0964 0968 OS Version: 6.1.7601 ServicePack: 1.0
16:28:22.0964 0968 Product type: Workstation
16:28:22.0964 0968 ComputerName: RUSSELL-PC
16:28:22.0964 0968 UserName: Russell
16:28:22.0964 0968 Windows directory: C:\Windows
16:28:22.0964 0968 System windows directory: C:\Windows
16:28:22.0964 0968 Running under WOW64
16:28:22.0964 0968 Processor architecture: Intel x64
16:28:22.0964 0968 Number of processors: 4
16:28:22.0964 0968 Page size: 0x1000
16:28:22.0964 0968 Boot type: Safe boot with network
16:28:22.0964 0968 ============================================================
16:28:23.0104 0968 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:28:23.0104 0968 Drive \Device\Harddisk1\DR1 - Size: 0x2BAA1476000 (2794.52 Gb), SectorSize: 0x200, Cylinders: 0x59101, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:28:23.0135 0968 Drive \Device\Harddisk2\DR2 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:28:23.0167 0968 Drive \Device\Harddisk8\DR8 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:28:29.0407 0968 ============================================================
16:28:29.0407 0968 \Device\Harddisk0\DR0:
16:28:29.0407 0968 MBR partitions:
16:28:29.0407 0968 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:28:29.0407 0968 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
16:28:29.0407 0968 \Device\Harddisk1\DR1:
16:28:29.0407 0968 GPT partitions:
16:28:29.0407 0968 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {BF5AD252-321D-414C-904B-CF1CBBFCD1F7}, Name: , StartLBA 0x22, BlocksNum 0x40000
16:28:29.0407 0968 \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {2CD04A59-AA9E-4E31-AA0F-578A9545FA7A}, Name: , StartLBA 0x40800, BlocksNum 0x5D4C9800
16:28:29.0407 0968 MBR partitions:
16:28:29.0407 0968 \Device\Harddisk2\DR2:
16:28:29.0438 0968 MBR partitions:
16:28:29.0438 0968 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1749DD82
16:28:29.0438 0968 \Device\Harddisk8\DR8:
16:28:29.0438 0968 MBR partitions:
16:28:29.0438 0968 \Device\Harddisk8\DR8\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x575452C2
16:28:29.0438 0968 ============================================================
16:28:29.0438 0968 C: <-> \Device\Harddisk0\DR0\Partition2
16:28:29.0516 0968 E: <-> \Device\Harddisk2\DR2\Partition1
16:28:29.0531 0968 J: <-> \Device\Harddisk1\DR1\Partition2
16:28:29.0531 0968 L: <-> \Device\Harddisk8\DR8\Partition1
16:28:29.0531 0968 ============================================================
16:28:29.0531 0968 Initialize success
16:28:29.0531 0968 ============================================================
16:28:49.0671 2520 ============================================================
16:28:49.0671 2520 Scan started
16:28:49.0671 2520 Mode: Manual; TDLFS;
16:28:49.0671 2520 ============================================================
16:28:49.0749 2520 ================ Scan system memory ========================
16:28:49.0749 2520 System memory - ok
16:28:49.0749 2520 ================ Scan services =============================
16:28:49.0796 2520 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:28:49.0796 2520 1394ohci - ok
16:28:49.0812 2520 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:28:49.0812 2520 ACPI - ok
16:28:49.0812 2520 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:28:49.0812 2520 AcpiPmi - ok
16:28:49.0812 2520 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:28:49.0812 2520 AdobeARMservice - ok
16:28:49.0827 2520 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:28:49.0827 2520 AdobeFlashPlayerUpdateSvc - ok
16:28:49.0827 2520 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:28:49.0843 2520 adp94xx - ok
16:28:49.0843 2520 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:28:49.0843 2520 adpahci - ok
16:28:49.0843 2520 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:28:49.0843 2520 adpu320 - ok
16:28:49.0858 2520 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:28:49.0858 2520 AeLookupSvc - ok
16:28:49.0858 2520 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:28:49.0858 2520 AFD - ok
16:28:49.0858 2520 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:28:49.0858 2520 agp440 - ok
16:28:49.0858 2520 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:28:49.0858 2520 ALG - ok
16:28:49.0858 2520 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:28:49.0874 2520 aliide - ok
16:28:49.0874 2520 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:28:49.0874 2520 amdide - ok
16:28:49.0874 2520 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:28:49.0874 2520 AmdK8 - ok
16:28:49.0874 2520 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
16:28:49.0874 2520 AmdPPM - ok
16:28:49.0874 2520 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:28:49.0874 2520 amdsata - ok
16:28:49.0874 2520 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:28:49.0890 2520 amdsbs - ok
16:28:49.0890 2520 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:28:49.0890 2520 amdxata - ok
16:28:49.0890 2520 [ B5C0F65D6657C6ADD9ED75EC7583390B ] AnyDVD C:\Windows\system32\Drivers\AnyDVD.sys
16:28:49.0890 2520 AnyDVD - ok
16:28:49.0890 2520 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:28:49.0890 2520 AppID - ok
16:28:49.0905 2520 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:28:49.0905 2520 AppIDSvc - ok
16:28:49.0905 2520 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:28:49.0905 2520 Appinfo - ok
16:28:49.0905 2520 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:28:49.0905 2520 Apple Mobile Device - ok
16:28:49.0905 2520 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
16:28:49.0905 2520 arc - ok
16:28:49.0905 2520 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:28:49.0921 2520 arcsas - ok
16:28:49.0921 2520 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:28:49.0921 2520 AsyncMac - ok
16:28:49.0921 2520 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:28:49.0921 2520 atapi - ok
16:28:49.0921 2520 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:28:49.0921 2520 AudioEndpointBuilder - ok
16:28:49.0936 2520 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:28:49.0936 2520 AudioSrv - ok
16:28:49.0936 2520 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:28:49.0936 2520 AxInstSV - ok
16:28:49.0952 2520 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
16:28:49.0952 2520 b06bdrv - ok
16:28:49.0952 2520 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:28:49.0952 2520 b57nd60a - ok
16:28:49.0968 2520 [ E49110A58A32E9450356686A95DD7763 ] BCMH43XX C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
16:28:49.0968 2520 BCMH43XX - ok
16:28:49.0968 2520 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:28:49.0968 2520 BDESVC - ok
16:28:49.0968 2520 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:28:49.0968 2520 Beep - ok
16:28:49.0983 2520 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:28:49.0983 2520 BFE - ok
16:28:49.0983 2520 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
16:28:49.0999 2520 BITS - ok
16:28:49.0999 2520 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:28:49.0999 2520 blbdrive - ok
16:28:49.0999 2520 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:28:50.0014 2520 Bonjour Service - ok
16:28:50.0014 2520 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:28:50.0014 2520 bowser - ok
16:28:50.0014 2520 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:28:50.0014 2520 BrFiltLo - ok
16:28:50.0014 2520 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:28:50.0014 2520 BrFiltUp - ok
16:28:50.0030 2520 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:28:50.0030 2520 Browser - ok
16:28:50.0030 2520 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:28:50.0030 2520 Brserid - ok
16:28:50.0030 2520 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:28:50.0030 2520 BrSerWdm - ok
16:28:50.0030 2520 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:28:50.0030 2520 BrUsbMdm - ok
16:28:50.0030 2520 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:28:50.0030 2520 BrUsbSer - ok
16:28:50.0046 2520 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:28:50.0046 2520 BTHMODEM - ok
16:28:50.0046 2520 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:28:50.0046 2520 bthserv - ok
16:28:50.0046 2520 [ 9887CA12F407D7FBC7F48F3678F5F0B6 ] BVRPMPR5a64 C:\Windows\system32\drivers\BVRPMPR5a64.SYS
16:28:50.0046 2520 BVRPMPR5a64 - ok
16:28:50.0046 2520 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:28:50.0046 2520 cdfs - ok
16:28:50.0046 2520 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:28:50.0046 2520 cdrom - ok
16:28:50.0061 2520 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:28:50.0061 2520 CertPropSvc - ok
16:28:50.0061 2520 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
16:28:50.0061 2520 circlass - ok
16:28:50.0061 2520 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:28:50.0061 2520 CLFS - ok
16:28:50.0061 2520 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:28:50.0077 2520 clr_optimization_v2.0.50727_32 - ok
16:28:50.0077 2520 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:28:50.0077 2520 clr_optimization_v2.0.50727_64 - ok
16:28:50.0092 2520 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:28:50.0092 2520 clr_optimization_v4.0.30319_32 - ok
16:28:50.0092 2520 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:28:50.0092 2520 clr_optimization_v4.0.30319_64 - ok
16:28:50.0092 2520 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
16:28:50.0092 2520 CmBatt - ok
16:28:50.0108 2520 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:28:50.0108 2520 cmdide - ok
16:28:50.0108 2520 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
16:28:50.0108 2520 CNG - ok
16:28:50.0108 2520 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
16:28:50.0108 2520 Compbatt - ok
16:28:50.0108 2520 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:28:50.0108 2520 CompositeBus - ok
16:28:50.0108 2520 COMSysApp - ok
16:28:50.0139 2520 [ 474425A857CD259222F649922DB45870 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
16:28:50.0139 2520 cphs - ok
16:28:50.0139 2520 [ 3CA734CE373E5675FBC15CA2C45228E5 ] cpudrv64 C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
16:28:50.0139 2520 cpudrv64 - ok
16:28:50.0139 2520 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:28:50.0139 2520 crcdisk - ok
16:28:50.0139 2520 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:28:50.0155 2520 CryptSvc - ok
16:28:50.0155 2520 [ C7259495924D21F1AFA26467D9F4DAE0 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
16:28:50.0155 2520 dc3d - ok
16:28:50.0155 2520 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:28:50.0155 2520 DcomLaunch - ok
16:28:50.0155 2520 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:28:50.0170 2520 defragsvc - ok
16:28:50.0170 2520 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:28:50.0170 2520 DfsC - ok
16:28:50.0170 2520 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:28:50.0170 2520 Dhcp - ok
16:28:50.0170 2520 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:28:50.0170 2520 discache - ok
16:28:50.0170 2520 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
16:28:50.0170 2520 Disk - ok
16:28:50.0186 2520 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:28:50.0186 2520 Dnscache - ok
16:28:50.0186 2520 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:28:50.0186 2520 dot3svc - ok
16:28:50.0186 2520 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:28:50.0186 2520 DPS - ok
16:28:50.0186 2520 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:28:50.0186 2520 drmkaud - ok
16:28:50.0202 2520 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:28:50.0217 2520 DXGKrnl - ok
16:28:50.0217 2520 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:28:50.0217 2520 EapHost - ok
16:28:50.0233 2520 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
16:28:50.0264 2520 ebdrv - ok
16:28:50.0264 2520 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:28:50.0264 2520 EFS - ok
16:28:50.0264 2520 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:28:50.0280 2520 ehRecvr - ok
16:28:50.0280 2520 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:28:50.0280 2520 ehSched - ok
16:28:50.0280 2520 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
16:28:50.0280 2520 ElbyCDIO - ok
16:28:50.0280 2520 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:28:50.0280 2520 elxstor - ok
16:28:50.0295 2520 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:28:50.0295 2520 ErrDev - ok
16:28:50.0295 2520 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:28:50.0295 2520 EventSystem - ok
16:28:50.0295 2520 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:28:50.0295 2520 exfat - ok
16:28:50.0311 2520 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:28:50.0311 2520 fastfat - ok
16:28:50.0311 2520 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:28:50.0311 2520 Fax - ok
16:28:50.0311 2520 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
16:28:50.0311 2520 fdc - ok
16:28:50.0326 2520 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:28:50.0326 2520 fdPHost - ok
16:28:50.0326 2520 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:28:50.0326 2520 FDResPub - ok
16:28:50.0326 2520 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:28:50.0326 2520 FileInfo - ok
16:28:50.0326 2520 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:28:50.0326 2520 Filetrace - ok
16:28:50.0342 2520 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
16:28:50.0342 2520 flpydisk - ok
16:28:50.0342 2520 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:28:50.0342 2520 FltMgr - ok
16:28:50.0342 2520 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
16:28:50.0358 2520 FontCache - ok
16:28:50.0358 2520 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:28:50.0358 2520 FontCache3.0.0.0 - ok
16:28:50.0358 2520 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:28:50.0358 2520 FsDepends - ok
16:28:50.0358 2520 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:28:50.0373 2520 Fs_Rec - ok
16:28:50.0373 2520 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:28:50.0373 2520 fvevol - ok
16:28:50.0373 2520 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:28:50.0373 2520 gagp30kx - ok
16:28:50.0373 2520 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:28:50.0373 2520 GEARAspiWDM - ok
16:28:50.0389 2520 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:28:50.0389 2520 gpsvc - ok
16:28:50.0389 2520 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:28:50.0389 2520 gupdate - ok
16:28:50.0389 2520 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:28:50.0389 2520 gupdatem - ok
16:28:50.0404 2520 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:28:50.0404 2520 gusvc - ok
16:28:50.0404 2520 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:28:50.0404 2520 hcw85cir - ok
16:28:50.0404 2520 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:28:50.0404 2520 HdAudAddService - ok
16:28:50.0404 2520 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:28:50.0404 2520 HDAudBus - ok
16:28:50.0420 2520 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
16:28:50.0420 2520 HidBatt - ok
16:28:50.0420 2520 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:28:50.0420 2520 HidBth - ok
16:28:50.0420 2520 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
16:28:50.0420 2520 HidIr - ok
16:28:50.0420 2520 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
16:28:50.0420 2520 hidserv - ok
16:28:50.0420 2520 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:28:50.0420 2520 HidUsb - ok
16:28:50.0420 2520 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:28:50.0436 2520 hkmsvc - ok
16:28:50.0436 2520 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:28:50.0436 2520 HomeGroupListener - ok
16:28:50.0436 2520 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:28:50.0436 2520 HomeGroupProvider - ok
16:28:50.0436 2520 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:28:50.0436 2520 HpSAMD - ok
16:28:50.0451 2520 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:28:50.0451 2520 HTTP - ok
16:28:50.0451 2520 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:28:50.0451 2520 hwpolicy - ok
16:28:50.0451 2520 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:28:50.0451 2520 i8042prt - ok
16:28:50.0467 2520 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
16:28:50.0467 2520 iaStor - ok
16:28:50.0467 2520 [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
16:28:50.0467 2520 IAStorDataMgrSvc - ok
16:28:50.0467 2520 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:28:50.0467 2520 iaStorV - ok
16:28:50.0482 2520 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:28:50.0482 2520 IDriverT - ok
16:28:50.0482 2520 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:28:50.0498 2520 idsvc - ok
16:28:50.0592 2520 [ 72A89FFAB63239771DEE03C15AE7CAFD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
16:28:50.0670 2520 igfx - ok
16:28:50.0670 2520 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:28:50.0670 2520 iirsp - ok
16:28:50.0685 2520 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:28:50.0685 2520 IKEEXT - ok
16:28:50.0716 2520 [ 150AC23F21DBDBF8488408BA944B0D65 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:28:50.0748 2520 IntcAzAudAddService - ok
16:28:50.0748 2520 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
16:28:50.0748 2520 IntcDAud - ok
16:28:50.0748 2520 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
16:28:50.0763 2520 Intel® Capability Licensing Service Interface - ok
16:28:50.0763 2520 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:28:50.0763 2520 intelide - ok
16:28:50.0763 2520 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:28:50.0763 2520 intelppm - ok
16:28:50.0763 2520 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:28:50.0763 2520 IPBusEnum - ok
16:28:50.0779 2520 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:28:50.0779 2520 IpFilterDriver - ok
16:28:50.0779 2520 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:28:50.0779 2520 iphlpsvc - ok
16:28:50.0779 2520 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:28:50.0779 2520 IPMIDRV - ok
16:28:50.0779 2520 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:28:50.0794 2520 IPNAT - ok
16:28:50.0810 2520 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:28:50.0810 2520 iPod Service - ok
16:28:50.0810 2520 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:28:50.0810 2520 IRENUM - ok
16:28:50.0810 2520 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:28:50.0810 2520 isapnp - ok
16:28:50.0826 2520 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:28:50.0826 2520 iScsiPrt - ok
16:28:50.0826 2520 [ 6BCEF45131C8B8E1C558BE540B190B3C ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
16:28:50.0826 2520 iusb3hcs - ok
16:28:50.0826 2520 [ F080EADA8715F811B58BD35BB774F2F9 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
16:28:50.0826 2520 iusb3hub - ok
16:28:50.0841 2520 [ 0F1756D9396740F053221FA6260FCE66 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
16:28:50.0841 2520 iusb3xhc - ok
16:28:50.0841 2520 [ C44B44E24B929631D9D7368F5B2B40CF ] jhi_service C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
16:28:50.0841 2520 jhi_service - ok
16:28:50.0841 2520 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:28:50.0841 2520 kbdclass - ok
16:28:50.0857 2520 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:28:50.0857 2520 kbdhid - ok
16:28:50.0857 2520 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:28:50.0857 2520 KeyIso - ok
16:28:50.0857 2520 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:28:50.0857 2520 KSecDD - ok
16:28:50.0857 2520 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:28:50.0857 2520 KSecPkg - ok
16:28:50.0857 2520 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:28:50.0857 2520 ksthunk - ok
16:28:50.0872 2520 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:28:50.0872 2520 KtmRm - ok
16:28:50.0872 2520 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:28:50.0872 2520 LanmanServer - ok
16:28:50.0872 2520 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:28:50.0872 2520 LanmanWorkstation - ok
16:28:50.0888 2520 [ EE963D96BFD97E54BA6CE6D2AC58DE35 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
16:28:50.0888 2520 LightScribeService - ok
16:28:50.0888 2520 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:28:50.0888 2520 lltdio - ok
16:28:50.0888 2520 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:28:50.0904 2520 lltdsvc - ok
16:28:50.0904 2520 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:28:50.0904 2520 lmhosts - ok
16:28:50.0919 2520 [ 75F29D77B0540FCF47EE3BE000BBABDA ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
16:28:50.0919 2520 LMS - ok
16:28:50.0919 2520 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:28:50.0919 2520 LSI_FC - ok
16:28:50.0919 2520 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:28:50.0919 2520 LSI_SAS - ok
16:28:50.0919 2520 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:28:50.0919 2520 LSI_SAS2 - ok
16:28:50.0935 2520 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:28:50.0935 2520 LSI_SCSI - ok
16:28:50.0935 2520 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:28:50.0935 2520 luafv - ok
16:28:50.0935 2520 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
16:28:50.0935 2520 MBAMProtector - ok
16:28:50.0935 2520 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:28:50.0935 2520 MBAMScheduler - ok
16:28:50.0950 2520 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:28:50.0950 2520 MBAMService - ok
16:28:50.0966 2520 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:28:50.0966 2520 Mcx2Svc - ok
16:28:50.0966 2520 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
16:28:50.0966 2520 megasas - ok
16:28:50.0966 2520 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:28:50.0966 2520 MegaSR - ok
16:28:50.0966 2520 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
16:28:50.0966 2520 MEIx64 - ok
16:28:50.0982 2520 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:28:50.0982 2520 MMCSS - ok
16:28:50.0982 2520 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:28:50.0982 2520 Modem - ok
16:28:50.0982 2520 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:28:50.0982 2520 monitor - ok
16:28:50.0982 2520 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:28:50.0982 2520 mouclass - ok
16:28:50.0982 2520 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:28:50.0982 2520 mouhid - ok
16:28:50.0982 2520 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:28:50.0982 2520 mountmgr - ok
16:28:50.0997 2520 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
16:28:50.0997 2520 MpFilter - ok
16:28:50.0997 2520 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:28:50.0997 2520 mpio - ok
16:28:50.0997 2520 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:28:50.0997 2520 mpsdrv - ok
16:28:50.0997 2520 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:28:51.0013 2520 MpsSvc - ok
16:28:51.0013 2520 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:28:51.0013 2520 MRxDAV - ok
16:28:51.0013 2520 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:28:51.0013 2520 mrxsmb - ok
16:28:51.0028 2520 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:28:51.0028 2520 mrxsmb10 - ok
16:28:51.0028 2520 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:28:51.0028 2520 mrxsmb20 - ok
16:28:51.0044 2520 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:28:51.0044 2520 msahci - ok
16:28:51.0044 2520 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:28:51.0044 2520 msdsm - ok
16:28:51.0044 2520 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:28:51.0044 2520 MSDTC - ok
16:28:51.0044 2520 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:28:51.0044 2520 Msfs - ok
16:28:51.0044 2520 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:28:51.0044 2520 mshidkmdf - ok
16:28:51.0060 2520 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:28:51.0060 2520 msisadrv - ok
16:28:51.0060 2520 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:28:51.0060 2520 MSiSCSI - ok
16:28:51.0060 2520 msiserver - ok
16:28:51.0060 2520 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:28:51.0060 2520 MSKSSRV - ok
16:28:51.0060 2520 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
16:28:51.0060 2520 MsMpSvc - ok
16:28:51.0060 2520 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:28:51.0060 2520 MSPCLOCK - ok
16:28:51.0075 2520 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:28:51.0075 2520 MSPQM - ok
16:28:51.0075 2520 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:28:51.0075 2520 MsRPC - ok
16:28:51.0091 2520 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:28:51.0091 2520 mssmbios - ok
16:28:51.0091 2520 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:28:51.0091 2520 MSTEE - ok
16:28:51.0091 2520 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
16:28:51.0091 2520 MTConfig - ok
16:28:51.0091 2520 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:28:51.0091 2520 Mup - ok
16:28:51.0091 2520 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:28:51.0106 2520 napagent - ok
16:28:51.0106 2520 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:28:51.0106 2520 NativeWifiP - ok
16:28:51.0106 2520 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:28:51.0122 2520 NDIS - ok
16:28:51.0122 2520 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:28:51.0122 2520 NdisCap - ok
16:28:51.0122 2520 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:28:51.0122 2520 NdisTapi - ok
16:28:51.0122 2520 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:28:51.0122 2520 Ndisuio - ok
16:28:51.0122 2520 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:28:51.0122 2520 NdisWan - ok
16:28:51.0122 2520 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:28:51.0138 2520 NDProxy - ok
16:28:51.0138 2520 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:28:51.0138 2520 NetBIOS - ok
16:28:51.0138 2520 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:28:51.0138 2520 NetBT - ok
16:28:51.0138 2520 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:28:51.0138 2520 Netlogon - ok
16:28:51.0153 2520 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:28:51.0153 2520 Netman - ok
16:28:51.0169 2520 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:28:51.0169 2520 netprofm - ok
16:28:51.0169 2520 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:28:51.0169 2520 NetTcpPortSharing - ok
16:28:51.0169 2520 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:28:51.0169 2520 nfrd960 - ok
16:28:51.0169 2520 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:28:51.0169 2520 NisDrv - ok
16:28:51.0184 2520 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
16:28:51.0184 2520 NisSrv - ok
16:28:51.0184 2520 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:28:51.0184 2520 NlaSvc - ok
16:28:51.0184 2520 [ C31FA031335EFF434B2D94278E74BCCE ] NPF C:\Windows\system32\DRIVERS\npf.sys
16:28:51.0184 2520 NPF - ok
16:28:51.0184 2520 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:28:51.0200 2520 Npfs - ok
16:28:51.0200 2520 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:28:51.0200 2520 nsi - ok
16:28:51.0200 2520 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:28:51.0200 2520 nsiproxy - ok
16:28:51.0216 2520 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:28:51.0216 2520 Ntfs - ok
16:28:51.0231 2520 [ A2F750E416D1C628BDCDC2075AC33BC6 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
16:28:51.0231 2520 NuidFltr - ok
16:28:51.0231 2520 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:28:51.0231 2520 Null - ok
16:28:51.0231 2520 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:28:51.0231 2520 nvraid - ok
16:28:51.0231 2520 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:28:51.0231 2520 nvstor - ok
16:28:51.0231 2520 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:28:51.0247 2520 nv_agp - ok
16:28:51.0247 2520 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:28:51.0247 2520 odserv - ok
16:28:51.0247 2520 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:28:51.0247 2520 ohci1394 - ok
16:28:51.0247 2520 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:28:51.0247 2520 ose - ok
16:28:51.0278 2520 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:28:51.0278 2520 p2pimsvc - ok
16:28:51.0278 2520 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:28:51.0294 2520 p2psvc - ok
16:28:51.0294 2520 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:28:51.0294 2520 Parport - ok
16:28:51.0294 2520 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:28:51.0294 2520 partmgr - ok
16:28:51.0294 2520 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:28:51.0294 2520 PcaSvc - ok
16:28:51.0294 2520 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:28:51.0294 2520 pci - ok
16:28:51.0309 2520 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:28:51.0309 2520 pciide - ok
16:28:51.0309 2520 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:28:51.0309 2520 pcmcia - ok
16:28:51.0309 2520 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:28:51.0309 2520 pcw - ok
16:28:51.0309 2520 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:28:51.0325 2520 PEAUTH - ok
16:28:51.0340 2520 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:28:51.0340 2520 PerfHost - ok
16:28:51.0356 2520 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:28:51.0356 2520 pla - ok
16:28:51.0372 2520 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:28:51.0372 2520 PlugPlay - ok
16:28:51.0372 2520 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:28:51.0372 2520 PNRPAutoReg - ok
16:28:51.0372 2520 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:28:51.0372 2520 PNRPsvc - ok
16:28:51.0387 2520 [ 32D374C60778253B81FA76C2FE19E155 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
16:28:51.0387 2520 Point64 - ok
16:28:51.0387 2520 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:28:51.0387 2520 PolicyAgent - ok
16:28:51.0403 2520 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:28:51.0403 2520 Power - ok
16:28:51.0403 2520 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:28:51.0403 2520 PptpMiniport - ok
16:28:51.0418 2520 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
16:28:51.0418 2520 Processor - ok
16:28:51.0418 2520 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:28:51.0418 2520 ProfSvc - ok
16:28:51.0418 2520 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:28:51.0418 2520 ProtectedStorage - ok
16:28:51.0418 2520 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:28:51.0418 2520 Psched - ok
16:28:51.0434 2520 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:28:51.0450 2520 ql2300 - ok
16:28:51.0450 2520 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:28:51.0450 2520 ql40xx - ok
16:28:51.0450 2520 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:28:51.0450 2520 QWAVE - ok
16:28:51.0465 2520 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:28:51.0465 2520 QWAVEdrv - ok
16:28:51.0465 2520 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:28:51.0465 2520 RasAcd - ok
16:28:51.0465 2520 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:28:51.0465 2520 RasAgileVpn - ok
16:28:51.0465 2520 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:28:51.0465 2520 RasAuto - ok
16:28:51.0465 2520 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:28:51.0465 2520 Rasl2tp - ok
16:28:51.0481 2520 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:28:51.0481 2520 RasMan - ok
16:28:51.0481 2520 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:28:51.0481 2520 RasPppoe - ok
16:28:51.0481 2520 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:28:51.0481 2520 RasSstp - ok
16:28:51.0481 2520 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:28:51.0481 2520 rdbss - ok
16:28:51.0496 2520 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
16:28:51.0496 2520 rdpbus - ok
16:28:51.0496 2520 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:28:51.0496 2520 RDPCDD - ok
16:28:51.0496 2520 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:28:51.0496 2520 RDPENCDD - ok
16:28:51.0496 2520 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:28:51.0496 2520 RDPREFMP - ok
16:28:51.0496 2520 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:28:51.0496 2520 RDPWD - ok
16:28:51.0512 2520 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:28:51.0512 2520 rdyboost - ok
16:28:51.0512 2520 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:28:51.0512 2520 RemoteAccess - ok
16:28:51.0512 2520 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:28:51.0512 2520 RemoteRegistry - ok
16:28:51.0528 2520 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:28:51.0528 2520 RpcEptMapper - ok
16:28:51.0528 2520 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:28:51.0528 2520 RpcLocator - ok
16:28:51.0543 2520 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:28:51.0543 2520 RpcSs - ok
16:28:51.0543 2520 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:28:51.0543 2520 rspndr - ok
16:28:51.0543 2520 [ 7F4F11527AF5A7E4526CB6A146B3E40C ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
16:28:51.0559 2520 RTL8167 - ok
16:28:51.0559 2520 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:28:51.0559 2520 SamSs - ok
16:28:51.0559 2520 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:28:51.0559 2520 sbp2port - ok
16:28:51.0559 2520 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:28:51.0559 2520 SCardSvr - ok
16:28:51.0559 2520 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:28:51.0559 2520 scfilter - ok
16:28:51.0574 2520 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:28:51.0574 2520 Schedule - ok
16:28:51.0574 2520 [ 6011CDF54BB6F4C69F38FACCDAD73D7E ] SCMNdisP C:\Windows\system32\DRIVERS\scmndisp.sys
16:28:51.0574 2520 SCMNdisP - ok
16:28:51.0590 2520 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:28:51.0590 2520 SCPolicySvc - ok
16:28:51.0590 2520 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:28:51.0590 2520 SDRSVC - ok
16:28:51.0590 2520 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:28:51.0590 2520 secdrv - ok
16:28:51.0590 2520 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:28:51.0590 2520 seclogon - ok
16:28:51.0590 2520 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
16:28:51.0590 2520 SENS - ok
16:28:51.0606 2520 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:28:51.0606 2520 SensrSvc - ok
16:28:51.0606 2520 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:28:51.0606 2520 Serenum - ok
16:28:51.0606 2520 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:28:51.0606 2520 Serial - ok
16:28:51.0606 2520 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:28:51.0606 2520 sermouse - ok
16:28:51.0606 2520 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:28:51.0621 2520 SessionEnv - ok
16:28:51.0621 2520 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:28:51.0621 2520 sffdisk - ok
16:28:51.0621 2520 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:28:51.0621 2520 sffp_mmc - ok
16:28:51.0621 2520 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:28:51.0621 2520 sffp_sd - ok
16:28:51.0621 2520 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:28:51.0621 2520 sfloppy - ok
16:28:51.0637 2520 [ D85B7C7810D4FDE6DA341EF96DE13702 ] SgtSch2Svc C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
16:28:51.0637 2520 SgtSch2Svc - ok
16:28:51.0637 2520 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:28:51.0652 2520 SharedAccess - ok
16:28:51.0652 2520 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:28:51.0652 2520 ShellHWDetection - ok
16:28:51.0652 2520 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:28:51.0652 2520 SiSRaid2 - ok
16:28:51.0652 2520 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:28:51.0652 2520 SiSRaid4 - ok
16:28:51.0652 2520 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:28:51.0668 2520 Smb - ok
16:28:51.0668 2520 [ 32CDE417100C530964E79C53B4E994CA ] snapman C:\Windows\system32\DRIVERS\snapman.sys
16:28:51.0668 2520 snapman - ok
16:28:51.0668 2520 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:28:51.0668 2520 SNMPTRAP - ok
16:28:51.0668 2520 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:28:51.0668 2520 spldr - ok
16:28:51.0684 2520 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:28:51.0684 2520 Spooler - ok
16:28:51.0699 2520 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:28:51.0730 2520 sppsvc - ok
16:28:51.0730 2520 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:28:51.0730 2520 sppuinotify - ok
16:28:51.0730 2520 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:28:51.0730 2520 srv - ok
16:28:51.0746 2520 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:28:51.0746 2520 srv2 - ok
16:28:51.0746 2520 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:28:51.0746 2520 srvnet - ok
16:28:51.0746 2520 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:28:51.0746 2520 SSDPSRV - ok
16:28:51.0762 2520 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:28:51.0762 2520 SstpSvc - ok
16:28:51.0762 2520 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:28:51.0762 2520 stexstor - ok
16:28:51.0777 2520 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
16:28:51.0777 2520 StillCam - ok
16:28:51.0777 2520 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:28:51.0777 2520 stisvc - ok
16:28:51.0777 2520 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:28:51.0777 2520 swenum - ok
16:28:51.0793 2520 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:28:51.0793 2520 swprv - ok
16:28:51.0808 2520 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:28:51.0808 2520 SysMain - ok
16:28:51.0824 2520 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:28:51.0824 2520 TabletInputService - ok
16:28:51.0824 2520 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:28:51.0824 2520 TapiSrv - ok
16:28:51.0824 2520 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:28:51.0824 2520 TBS - ok
16:28:51.0840 2520 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:28:51.0855 2520 Tcpip - ok
16:28:51.0871 2520 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:28:51.0871 2520 TCPIP6 - ok
16:28:51.0871 2520 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:28:51.0871 2520 tcpipreg - ok
16:28:51.0886 2520 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:28:51.0886 2520 TDPIPE - ok
16:28:51.0886 2520 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:28:51.0886 2520 TDTCP - ok
16:28:51.0902 2520 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:28:51.0902 2520 tdx - ok
16:28:51.0902 2520 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:28:51.0902 2520 TermDD - ok
16:28:51.0902 2520 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:28:51.0902 2520 TermService - ok
16:28:51.0918 2520 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:28:51.0918 2520 Themes - ok
16:28:51.0918 2520 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:28:51.0918 2520 THREADORDER - ok
16:28:51.0918 2520 [ 6ADC063FD51F03EF0CAB3E716A725BD2 ] timounter C:\Windows\system32\DRIVERS\timntr.sys
16:28:51.0933 2520 timounter - ok
16:28:51.0933 2520 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:28:51.0933 2520 TrkWks - ok
16:28:51.0933 2520 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:28:51.0933 2520 TrustedInstaller - ok
16:28:51.0933 2520 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:28:51.0933 2520 tssecsrv - ok
16:28:51.0949 2520 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:28:51.0949 2520 TsUsbFlt - ok
16:28:51.0949 2520 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
16:28:51.0949 2520 TsUsbGD - ok
16:28:51.0949 2520 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:28:51.0949 2520 tunnel - ok
16:28:51.0964 2520 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:28:51.0964 2520 uagp35 - ok
16:28:51.0964 2520 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:28:51.0964 2520 udfs - ok
16:28:51.0964 2520 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:28:51.0964 2520 UI0Detect - ok
16:28:51.0964 2520 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:28:51.0964 2520 uliagpkx - ok
16:28:51.0964 2520 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:28:51.0980 2520 umbus - ok
16:28:51.0980 2520 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
16:28:51.0980 2520 UmPass - ok
16:28:51.0980 2520 [ 193AD338F2A64D17300AD640ADFA5D0A ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
16:28:51.0980 2520 UNS - ok
16:28:51.0980 2520 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:28:51.0996 2520 upnphost - ok
16:28:51.0996 2520 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:28:51.0996 2520 usbccgp - ok
16:28:51.0996 2520 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:28:51.0996 2520 usbcir - ok
16:28:51.0996 2520 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
16:28:51.0996 2520 usbehci - ok
16:28:51.0996 2520 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:28:51.0996 2520 usbhub - ok
16:28:52.0011 2520 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:28:52.0011 2520 usbohci - ok
16:28:52.0011 2520 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
16:28:52.0011 2520 usbprint - ok
16:28:52.0011 2520 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:28:52.0011 2520 USBSTOR - ok
16:28:52.0011 2520 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:28:52.0011 2520 usbuhci - ok
16:28:52.0027 2520 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:28:52.0027 2520 UxSms - ok
16:28:52.0027 2520 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:28:52.0027 2520 VaultSvc - ok
16:28:52.0027 2520 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:28:52.0027 2520 vdrvroot - ok
16:28:52.0027 2520 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:28:52.0042 2520 vds - ok
16:28:52.0042 2520 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:28:52.0042 2520 vga - ok
16:28:52.0042 2520 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:28:52.0042 2520 VgaSave - ok
16:28:52.0042 2520 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:28:52.0042 2520 vhdmp - ok
16:28:52.0042 2520 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:28:52.0042 2520 viaide - ok
16:28:52.0042 2520 [ 96A4F56CBBA3DCF5D90CDA1BC218D040 ] vididr C:\Windows\system32\DRIVERS\vididr.sys
16:28:52.0058 2520 vididr - ok
16:28:52.0058 2520 [ C69A784BEC737CD7460EBF3C3834D65E ] vidsflt53 C:\Windows\system32\DRIVERS\vsflt53.sys
16:28:52.0058 2520 vidsflt53 - ok
16:28:52.0058 2520 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:28:52.0058 2520 volmgr - ok
16:28:52.0058 2520 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:28:52.0058 2520 volmgrx - ok
16:28:52.0074 2520 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:28:52.0074 2520 volsnap - ok
16:28:52.0074 2520 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:28:52.0074 2520 vsmraid - ok
16:28:52.0089 2520 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:28:52.0105 2520 VSS - ok
16:28:52.0105 2520 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:28:52.0105 2520 vwifibus - ok
16:28:52.0105 2520 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:28:52.0105 2520 vwififlt - ok
16:28:52.0105 2520 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
16:28:52.0105 2520 vwifimp - ok
16:28:52.0105 2520 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:28:52.0105 2520 W32Time - ok
16:28:52.0120 2520 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:28:52.0120 2520 WacomPen - ok
16:28:52.0120 2520 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:28:52.0120 2520 WANARP - ok
16:28:52.0120 2520 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:28:52.0120 2520 Wanarpv6 - ok
16:28:52.0136 2520 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:28:52.0136 2520 WatAdminSvc - ok
16:28:52.0152 2520 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:28:52.0167 2520 wbengine - ok
16:28:52.0167 2520 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:28:52.0167 2520 WbioSrvc - ok
16:28:52.0167 2520 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:28:52.0167 2520 wcncsvc - ok
16:28:52.0167 2520 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:28:52.0183 2520 WcsPlugInService - ok
16:28:52.0183 2520 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
16:28:52.0183 2520 Wd - ok
16:28:52.0183 2520 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:28:52.0183 2520 Wdf01000 - ok
16:28:52.0183 2520 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:28:52.0198 2520 WdiServiceHost - ok
16:28:52.0198 2520 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:28:52.0198 2520 WdiSystemHost - ok
16:28:52.0198 2520 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:28:52.0198 2520 WebClient - ok
16:28:52.0214 2520 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:28:52.0214 2520 Wecsvc - ok
16:28:52.0214 2520 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:28:52.0214 2520 wercplsupport - ok
16:28:52.0214 2520 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:28:52.0214 2520 WerSvc - ok
16:28:52.0214 2520 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:28:52.0214 2520 WfpLwf - ok
16:28:52.0214 2520 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:28:52.0230 2520 WIMMount - ok
16:28:52.0230 2520 WinDefend - ok
16:28:52.0230 2520 WinHttpAutoProxySvc - ok
16:28:52.0230 2520 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:28:52.0230 2520 Winmgmt - ok
16:28:52.0245 2520 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:28:52.0261 2520 WinRM - ok
16:28:52.0276 2520 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:28:52.0276 2520 Wlansvc - ok
16:28:52.0276 2520 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:28:52.0276 2520 WmiAcpi - ok
16:28:52.0276 2520 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:28:52.0276 2520 wmiApSrv - ok
16:28:52.0276 2520 WMPNetworkSvc - ok
16:28:52.0292 2520 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:28:52.0292 2520 WPCSvc - ok
16:28:52.0292 2520 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:28:52.0292 2520 WPDBusEnum - ok
16:28:52.0292 2520 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:28:52.0292 2520 ws2ifsl - ok
16:28:52.0292 2520 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
16:28:52.0292 2520 wscsvc - ok
16:28:52.0292 2520 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
16:28:52.0308 2520 WSDPrintDevice - ok
16:28:52.0308 2520 WSearch - ok
16:28:52.0308 2520 [ 76FBEFAB6677AF9C498116F1AAEA8BDB ] WSWNA3100 C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
16:28:52.0308 2520 WSWNA3100 - ok
16:28:52.0323 2520 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:28:52.0339 2520 wuauserv - ok
16:28:52.0339 2520 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:28:52.0339 2520 WudfPf - ok
16:28:52.0354 2520 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:28:52.0354 2520 wudfsvc - ok
16:28:52.0354 2520 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:28:52.0354 2520 WwanSvc - ok
16:28:52.0354 2520 ================ Scan global ===============================
16:28:52.0354 2520 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:28:52.0354 2520 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
16:28:52.0370 2520 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
16:28:52.0370 2520 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:28:52.0386 2520 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:28:52.0386 2520 [Global] - ok
16:28:52.0386 2520 ================ Scan MBR ==================================
16:28:52.0386 2520 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:28:52.0448 2520 \Device\Harddisk0\DR0 - ok
16:28:52.0448 2520 [ 5F8B5082F3482CC06B72EC5806598AE9 ] \Device\Harddisk1\DR1
16:28:52.0713 2520 \Device\Harddisk1\DR1 - ok
16:28:52.0744 2520 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
16:28:54.0429 2520 \Device\Harddisk2\DR2 - ok
16:28:54.0429 2520 [ 8FF255184F078C9C04E6A2CE66117C5C ] \Device\Harddisk8\DR8
16:28:54.0882 2520 \Device\Harddisk8\DR8 - ok
16:28:54.0897 2520 ================ Scan VBR ==================================
16:28:54.0897 2520 [ 4BDAE75DFE7B599F56FFD31BCB79641B ] \Device\Harddisk0\DR0\Partition1
16:28:54.0897 2520 \Device\Harddisk0\DR0\Partition1 - ok
16:28:54.0897 2520 [ 62CB90A06785A0EFC33EF533E94C033A ] \Device\Harddisk0\DR0\Partition2
16:28:54.0897 2520 \Device\Harddisk0\DR0\Partition2 - ok
16:28:54.0897 2520 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition1
16:28:54.0897 2520 \Device\Harddisk1\DR1\Partition1 - ok
16:28:54.0897 2520 [ 28E1F5D9E1EA167BD14DC885D58FDBA4 ] \Device\Harddisk1\DR1\Partition2
16:28:54.0897 2520 \Device\Harddisk1\DR1\Partition2 - ok
16:28:54.0928 2520 [ DB9A461D9A7FD014E4C0C0CDFC4C029B ] \Device\Harddisk2\DR2\Partition1
16:28:54.0991 2520 \Device\Harddisk2\DR2\Partition1 - ok
16:28:54.0991 2520 [ 803217D990F45ACBA34D8555F50C920A ] \Device\Harddisk8\DR8\Partition1
16:28:55.0006 2520 \Device\Harddisk8\DR8\Partition1 - ok
16:28:55.0006 2520 ============================================================
16:28:55.0006 2520 Scan finished
16:28:55.0006 2520 ============================================================
16:28:55.0006 0208 Detected object count: 0
16:28:55.0006 0208 Actual detected object count: 0

SAS log:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/13/2012 at 05:12 PM

Application Version : 5.5.1016

Core Rules Database Version : 9225
Trace Rules Database Version: 7037

Scan type : Complete Scan
Total Scan Time : 00:37:04

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 413
Memory threats detected : 0
Registry items scanned : 65227
Registry threats detected : 22
File items scanned : 42536
File threats detected : 36

Adware.HBHelper
(x86) HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
(x86) HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32
(x86) HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID
(x86) HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TypeLib
(x86) HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID
(x86) HKLM\Software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
(x86) HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
(x86) HKCR\URLSearchHook.ToolbarURLSearchHook.1
(x86) HKCR\URLSearchHook.ToolbarURLSearchHook.1\CLSID
(x86) HKCR\URLSearchHook.ToolbarURLSearchHook
(x86) HKCR\URLSearchHook.ToolbarURLSearchHook\CLSID
(x86) HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
(x86) HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0
(x86) HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0
(x86) HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0\win32
(x86) HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\FLAGS
(x86) HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\HELPDIR
C:\PROGRAM FILES (X86)\COUPONS.COM COUPONBAR\TBHELPER.DLL

Browser Hijacker.Deskbar
(x86) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
(x86) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
(x86) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
(x86) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version

Adware.Tracking Cookie
C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Cookies\JIS6KPFP.txt [ /ad.yieldmanager.com ]
C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Cookies\HGA4Y7MR.txt [ /burstnet.com ]
C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Cookies\5K0C2S9A.txt [ /casalemedia.com ]
C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Cookies\7EB4TNKC.txt [ /ad.360yield.com ]
C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Cookies\MGWOB9CM.txt [ /mediaplex.com ]
C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Cookies\4RRVFVU8.txt [ /adbrite.com ]
C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Cookies\S89Z7CB9.txt [ /doubleclick.net ]
C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Cookies\LW9TD8JU.txt [ /apmebf.com ]
C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Cookies\MEQWBU5F.txt [ /invitemedia.com ]
C:\USERS\PAM\AppData\Roaming\Microsoft\Windows\Cookies\AB6S15V6.txt [ Cookie:pam@server.iad.liveperson.net/ ]
C:\USERS\PAM\AppData\Roaming\Microsoft\Windows\Cookies\KXF0RA72.txt [ Cookie:pam@interclick.com/ ]
C:\USERS\PAM\AppData\Roaming\Microsoft\Windows\Cookies\YPQD250V.txt [ Cookie:pam@liveperson.net/hc/30005563 ]
C:\USERS\PAM\AppData\Roaming\Microsoft\Windows\Cookies\QQ8KNJAH.txt [ Cookie:pam@ad.yieldmanager.com/ ]
C:\USERS\PAM\AppData\Roaming\Microsoft\Windows\Cookies\FVAARADP.txt [ Cookie:pam@at.atwola.com/ ]
C:\USERS\PAM\AppData\Roaming\Microsoft\Windows\Cookies\W647RGR0.txt [ Cookie:pam@kontera.com/ ]
C:\USERS\PAM\AppData\Roaming\Microsoft\Windows\Cookies\9QASXXJQ.txt [ Cookie:pam@www.googleadservices.com/pagead/conversion/1072728590/ ]
C:\USERS\PAM\AppData\Roaming\Microsoft\Windows\Cookies\YOAFHX23.txt [ Cookie:pam@tacoda.at.atwola.com/ ]
C:\USERS\PAM\AppData\Roaming\Microsoft\Windows\Cookies\R4OO2L6J.txt [ Cookie:pam@liveperson.net/ ]
C:\USERS\PAM\AppData\Roaming\Microsoft\Windows\Cookies\URO10NIT.txt [ Cookie:pam@sales.liveperson.net/ ]
C:\USERS\PAM\AppData\Roaming\Microsoft\Windows\Cookies\SUOORJEJ.txt [ Cookie:pam@imrworldwide.com/cgi-bin ]
C:\USERS\PAM\AppData\Roaming\Microsoft\Windows\Cookies\DAD5WDY4.txt [ Cookie:pam@advertising.com/ ]
C:\USERS\PAM\Cookies\AB6S15V6.txt [ Cookie:pam@server.iad.liveperson.net/ ]
C:\USERS\PAM\Cookies\KXF0RA72.txt [ Cookie:pam@interclick.com/ ]
C:\USERS\PAM\Cookies\YPQD250V.txt [ Cookie:pam@liveperson.net/hc/30005563 ]
C:\USERS\PAM\Cookies\QQ8KNJAH.txt [ Cookie:pam@ad.yieldmanager.com/ ]
C:\USERS\PAM\Cookies\FVAARADP.txt [ Cookie:pam@at.atwola.com/ ]
C:\USERS\PAM\Cookies\W647RGR0.txt [ Cookie:pam@kontera.com/ ]
C:\USERS\PAM\Cookies\9QASXXJQ.txt [ Cookie:pam@www.googleadservices.com/pagead/conversion/1072728590/ ]
C:\USERS\PAM\Cookies\YOAFHX23.txt [ Cookie:pam@tacoda.at.atwola.com/ ]
C:\USERS\PAM\Cookies\R4OO2L6J.txt [ Cookie:pam@liveperson.net/ ]
C:\USERS\PAM\Cookies\URO10NIT.txt [ Cookie:pam@sales.liveperson.net/ ]
C:\USERS\PAM\Cookies\SUOORJEJ.txt [ Cookie:pam@imrworldwide.com/cgi-bin ]
C:\USERS\PAM\Cookies\DAD5WDY4.txt [ Cookie:pam@advertising.com/ ]

Trojan.Agent/Gen-FakeTool
E:\FSX\UNINSTAL_CRJ_FSX_WILCO.EXE
C:\USERS\RUSSELL\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\WILCO PUBLISHING\CRJ (FSX)\UNINSTALL WILCO CRJ_FSX.LNK


Next, I will scan the computer with ESET and post the results.
Thanks

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:53 PM

Posted 13 September 2012 - 08:24 PM

OK, looks like another real ogly is removed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 russcart

russcart
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:53 AM

Posted 14 September 2012 - 01:04 AM

Here is the log from the ESET Scan:

C:\Windows\System32\flt1chk3.dll Win32/SuspLibLoad.B trojan cleaned - quarantined
L:\System Volume Information\_restore{7F4E8637-A0F1-4817-AA08-A90329908BA1}\RP1290\A0269190.exe Win32/Adware.Ascentive application cleaned by deleting - quarantined

Do I need to delete these quaratined files?

Waiting for further instructions...

Thanks

#13 russcart

russcart
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:53 AM

Posted 18 September 2012 - 12:21 PM

Waiting for a response...

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:53 PM

Posted 18 September 2012 - 02:14 PM

Sorry did not get prior reply.

Yes quarantine those ESET files.

Looks clean now,how is it running?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 russcart

russcart
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:53 AM

Posted 18 September 2012 - 03:38 PM

Thank you. I will delete the quaratined files. Should I remove/uninstall the programs used to clean the computer? All seem sto be in good working order now,I appreciate all of your assistance. Any way to determine how the computer was infected?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users