Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problem removing Trend Micro Titanium Trial Version


  • Please log in to reply
13 replies to this topic

#1 Verve

Verve

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 24 November 2012 - 11:18 AM

I'm running Windows 7 on a laptop. The trial version of Trend Micro Internet Security won't run on startup or update. I also can't uninstall it. I'd been using McAfee on my desktop and tried to install it on the laptop. It detected that I have threats that won't allow it to install.

Please help with this quandary of virus protection programs.

Thanks,

BC AdBot (Login to Remove)

 


#2 Sightless

Sightless

  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Up in the Clouds
  • Local time:12:11 AM

Posted 24 November 2012 - 12:54 PM

Hi, follow the instructions here to remove Trend Micro: http://esupport.trendmicro.com/solution/en-us/1036064.aspx

Download TDSSkiller
  • Right Click it Run as Admin.
  • Click on Change parameters
  • Select TDLFS file system
  • Click the Scan button
  • Post the LOG In your next reply

    Do not change the default options on scan results

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it.

  • Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first

    Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

    If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..
  • Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys.



Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here or here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
For a complete visual tutorial of MBAM, see http://thespykiller.co.uk/index.php/topic,5946.0.html

Please include the following in your reply:
MBAM log
TDSSKiller Log

#3 Verve

Verve
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 24 November 2012 - 04:43 PM

Here is MBAM log

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.24.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Memphis :: MEMPHIS-LAPTOP [administrator]

11/24/2012 4:11:09 PM
mbam-log-2012-11-24 (16-11-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202667
Time elapsed: 2 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)


TDSSKiller Log

16:01:25.0136 3452 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:01:25.0822 3452 ============================================================
16:01:25.0822 3452 Current date / time: 2012/11/24 16:01:25.0822
16:01:25.0822 3452 SystemInfo:
16:01:25.0822 3452
16:01:25.0822 3452 OS Version: 6.1.7601 ServicePack: 1.0
16:01:25.0822 3452 Product type: Workstation
16:01:25.0822 3452 ComputerName: MEMPHIS-LAPTOP
16:01:25.0822 3452 UserName: Memphis
16:01:25.0822 3452 Windows directory: C:\Windows
16:01:25.0822 3452 System windows directory: C:\Windows
16:01:25.0822 3452 Running under WOW64
16:01:25.0822 3452 Processor architecture: Intel x64
16:01:25.0822 3452 Number of processors: 4
16:01:25.0822 3452 Page size: 0x1000
16:01:25.0822 3452 Boot type: Normal boot
16:01:25.0822 3452 ============================================================
16:01:35.0054 3452 BG loaded
16:01:36.0255 3452 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:01:36.0255 3452 ============================================================
16:01:36.0255 3452 \Device\Harddisk0\DR0:
16:01:36.0255 3452 MBR partitions:
16:01:36.0255 3452 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x22EE8800
16:01:36.0255 3452 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x260E9000, BlocksNum 0x3145C800
16:01:36.0255 3452 ============================================================
16:01:36.0411 3452 C: <-> \Device\Harddisk0\DR0\Partition1
16:01:37.0379 3452 D: <-> \Device\Harddisk0\DR0\Partition2
16:01:37.0379 3452 ============================================================
16:01:37.0379 3452 Initialize success
16:01:37.0379 3452 ============================================================
16:02:34.0381 3200 ============================================================
16:02:34.0381 3200 Scan started
16:02:34.0381 3200 Mode: Manual;
16:02:34.0381 3200 ============================================================
16:02:35.0317 3200 ================ Scan system memory ========================
16:02:35.0317 3200 System memory - ok
16:02:35.0317 3200 ================ Scan services =============================
16:02:35.0582 3200 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:02:35.0598 3200 1394ohci - ok
16:02:35.0645 3200 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:02:35.0645 3200 ACPI - ok
16:02:35.0676 3200 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:02:35.0676 3200 AcpiPmi - ok
16:02:35.0738 3200 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:02:35.0738 3200 adp94xx - ok
16:02:35.0785 3200 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:02:35.0801 3200 adpahci - ok
16:02:35.0816 3200 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:02:35.0832 3200 adpu320 - ok
16:02:35.0879 3200 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:02:35.0879 3200 AeLookupSvc - ok
16:02:35.0926 3200 [ 6E79A119B0CE418FE44E0C824BF3F039 ] AFBAgent C:\Windows\system32\FBAgent.exe
16:02:35.0926 3200 AFBAgent - ok
16:02:35.0941 3200 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:02:35.0957 3200 AFD - ok
16:02:36.0004 3200 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:02:36.0004 3200 agp440 - ok
16:02:36.0035 3200 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:02:36.0035 3200 ALG - ok
16:02:36.0082 3200 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:02:36.0082 3200 aliide - ok
16:02:36.0113 3200 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:02:36.0113 3200 amdide - ok
16:02:36.0160 3200 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:02:36.0160 3200 AmdK8 - ok
16:02:36.0175 3200 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
16:02:36.0175 3200 AmdPPM - ok
16:02:36.0222 3200 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:02:36.0222 3200 amdsata - ok
16:02:36.0253 3200 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:02:36.0253 3200 amdsbs - ok
16:02:36.0269 3200 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:02:36.0269 3200 amdxata - ok
16:02:36.0316 3200 [ 8C290FD44F687C1799B55823FFCF553D ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
16:02:36.0316 3200 AMPPAL - ok
16:02:36.0331 3200 [ 8C290FD44F687C1799B55823FFCF553D ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
16:02:36.0331 3200 AMPPALP - ok
16:02:36.0425 3200 [ 4977534658CDBCD8F376BA276A115F66 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
16:02:36.0425 3200 AMPPALR3 - ok
16:02:36.0487 3200 [ E8494519BCB9E3B1B72E5604993A76E3 ] Amsp C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
16:02:36.0487 3200 Amsp - ok
16:02:36.0534 3200 [ 92A848F962DA91C631147D566414BB7E ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
16:02:36.0534 3200 AmUStor - ok
16:02:36.0581 3200 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:02:36.0581 3200 AppID - ok
16:02:36.0612 3200 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:02:36.0612 3200 AppIDSvc - ok
16:02:36.0643 3200 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:02:36.0643 3200 Appinfo - ok
16:02:36.0784 3200 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:02:36.0784 3200 Apple Mobile Device - ok
16:02:36.0830 3200 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
16:02:36.0830 3200 arc - ok
16:02:36.0846 3200 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:02:36.0846 3200 arcsas - ok
16:02:36.0924 3200 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
16:02:36.0924 3200 ASLDRService - ok
16:02:36.0940 3200 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
16:02:36.0940 3200 ASMMAP64 - ok
16:02:36.0971 3200 [ 718692FFF22D6AF47EBA0A741A924921 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
16:02:36.0971 3200 asmthub3 - ok
16:02:36.0986 3200 [ BAD70A5AC534C108F680A33C654BC626 ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
16:02:37.0002 3200 asmtxhci - ok
16:02:37.0033 3200 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:02:37.0033 3200 AsyncMac - ok
16:02:37.0080 3200 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:02:37.0080 3200 atapi - ok
16:02:37.0127 3200 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
16:02:37.0142 3200 athr - ok
16:02:37.0174 3200 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
16:02:37.0174 3200 ATKGFNEXSrv - ok
16:02:37.0236 3200 [ 1F7238A37389ED92E9D8EEE975CABD54 ] ATKWMIACPIIO C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
16:02:37.0236 3200 ATKWMIACPIIO - ok
16:02:37.0283 3200 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:02:37.0283 3200 AudioEndpointBuilder - ok
16:02:37.0283 3200 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:02:37.0298 3200 AudioSrv - ok
16:02:37.0330 3200 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:02:37.0330 3200 AxInstSV - ok
16:02:37.0376 3200 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
16:02:37.0376 3200 b06bdrv - ok
16:02:37.0408 3200 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:02:37.0408 3200 b57nd60a - ok
16:02:37.0517 3200 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
16:02:37.0517 3200 BBSvc - ok
16:02:37.0548 3200 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
16:02:37.0548 3200 BBUpdate - ok
16:02:37.0564 3200 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:02:37.0564 3200 BDESVC - ok
16:02:37.0595 3200 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:02:37.0595 3200 Beep - ok
16:02:37.0657 3200 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:02:37.0657 3200 BFE - ok
16:02:37.0704 3200 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
16:02:37.0704 3200 BITS - ok
16:02:37.0751 3200 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:02:37.0751 3200 blbdrive - ok
16:02:37.0844 3200 [ 832314A5AC804DEE429A009A3D41B99B ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
16:02:37.0860 3200 Bluetooth Device Monitor - ok
16:02:37.0907 3200 [ 35C701C5A286543973F0FC8BC195515E ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
16:02:37.0922 3200 Bluetooth Media Service - ok
16:02:37.0969 3200 [ A475D68B03FEBF6C371F0D9644C2E12D ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
16:02:37.0969 3200 Bluetooth OBEX Service - ok
16:02:38.0032 3200 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:02:38.0032 3200 Bonjour Service - ok
16:02:38.0047 3200 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:02:38.0047 3200 bowser - ok
16:02:38.0094 3200 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:02:38.0094 3200 BrFiltLo - ok
16:02:38.0094 3200 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:02:38.0094 3200 BrFiltUp - ok
16:02:38.0125 3200 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:02:38.0125 3200 Browser - ok
16:02:38.0141 3200 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:02:38.0141 3200 Brserid - ok
16:02:38.0156 3200 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:02:38.0156 3200 BrSerWdm - ok
16:02:38.0156 3200 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:02:38.0156 3200 BrUsbMdm - ok
16:02:38.0156 3200 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:02:38.0156 3200 BrUsbSer - ok
16:02:38.0203 3200 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
16:02:38.0203 3200 BthEnum - ok
16:02:38.0234 3200 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:02:38.0234 3200 BTHMODEM - ok
16:02:38.0250 3200 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:02:38.0250 3200 BthPan - ok
16:02:38.0266 3200 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
16:02:38.0266 3200 BTHPORT - ok
16:02:38.0312 3200 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:02:38.0312 3200 bthserv - ok
16:02:38.0344 3200 [ 377AD2480462A72371BA7322352D19EC ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
16:02:38.0344 3200 BTHSSecurityMgr - ok
16:02:38.0359 3200 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
16:02:38.0359 3200 BTHUSB - ok
16:02:38.0375 3200 [ BA554BFCBF21201D310738A42C9C19E1 ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
16:02:38.0375 3200 btmaux - ok
16:02:38.0422 3200 [ 0010A54571F525A97EED8C091E96EAA9 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
16:02:38.0422 3200 btmhsf - ok
16:02:38.0437 3200 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:02:38.0437 3200 cdfs - ok
16:02:38.0484 3200 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:02:38.0484 3200 cdrom - ok
16:02:38.0531 3200 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:02:38.0531 3200 CertPropSvc - ok
16:02:38.0546 3200 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
16:02:38.0546 3200 circlass - ok
16:02:38.0578 3200 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:02:38.0578 3200 CLFS - ok
16:02:38.0671 3200 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:02:38.0671 3200 clr_optimization_v2.0.50727_32 - ok
16:02:38.0702 3200 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:02:38.0702 3200 clr_optimization_v2.0.50727_64 - ok
16:02:38.0765 3200 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:02:38.0796 3200 clr_optimization_v4.0.30319_32 - ok
16:02:38.0827 3200 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:02:38.0827 3200 clr_optimization_v4.0.30319_64 - ok
16:02:38.0858 3200 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:02:38.0858 3200 CmBatt - ok
16:02:38.0874 3200 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:02:38.0874 3200 cmdide - ok
16:02:38.0921 3200 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
16:02:38.0921 3200 CNG - ok
16:02:38.0952 3200 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
16:02:38.0952 3200 Compbatt - ok
16:02:38.0999 3200 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:02:38.0999 3200 CompositeBus - ok
16:02:39.0014 3200 COMSysApp - ok
16:02:39.0030 3200 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:02:39.0030 3200 crcdisk - ok
16:02:39.0077 3200 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:02:39.0077 3200 CryptSvc - ok
16:02:39.0108 3200 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:02:39.0108 3200 DcomLaunch - ok
16:02:39.0139 3200 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:02:39.0139 3200 defragsvc - ok
16:02:39.0186 3200 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:02:39.0186 3200 DfsC - ok
16:02:39.0217 3200 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:02:39.0217 3200 Dhcp - ok
16:02:39.0233 3200 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:02:39.0233 3200 discache - ok
16:02:39.0248 3200 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
16:02:39.0248 3200 Disk - ok
16:02:39.0295 3200 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:02:39.0295 3200 Dnscache - ok
16:02:39.0326 3200 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:02:39.0326 3200 dot3svc - ok
16:02:39.0326 3200 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:02:39.0326 3200 DPS - ok
16:02:39.0358 3200 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:02:39.0358 3200 drmkaud - ok
16:02:39.0389 3200 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:02:39.0389 3200 DXGKrnl - ok
16:02:39.0420 3200 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:02:39.0420 3200 EapHost - ok
16:02:39.0482 3200 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
16:02:39.0514 3200 ebdrv - ok
16:02:39.0560 3200 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:02:39.0560 3200 EFS - ok
16:02:39.0592 3200 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:02:39.0607 3200 ehRecvr - ok
16:02:39.0607 3200 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:02:39.0607 3200 ehSched - ok
16:02:39.0670 3200 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:02:39.0685 3200 elxstor - ok
16:02:39.0701 3200 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:02:39.0701 3200 ErrDev - ok
16:02:39.0748 3200 [ 4C120D2B2EA269EAE7A5744794EB6DB1 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
16:02:39.0748 3200 ETD - ok
16:02:39.0779 3200 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:02:39.0794 3200 EventSystem - ok
16:02:39.0872 3200 [ 23E539016FB73C9A095270CDB9451BED ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
16:02:39.0872 3200 EvtEng - ok
16:02:39.0904 3200 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:02:39.0904 3200 exfat - ok
16:02:39.0919 3200 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:02:39.0919 3200 fastfat - ok
16:02:39.0966 3200 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:02:39.0966 3200 Fax - ok
16:02:39.0997 3200 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
16:02:39.0997 3200 fdc - ok
16:02:40.0013 3200 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:02:40.0028 3200 fdPHost - ok
16:02:40.0044 3200 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:02:40.0044 3200 FDResPub - ok
16:02:40.0075 3200 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:02:40.0075 3200 FileInfo - ok
16:02:40.0075 3200 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:02:40.0091 3200 Filetrace - ok
16:02:40.0106 3200 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
16:02:40.0106 3200 flpydisk - ok
16:02:40.0106 3200 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:02:40.0106 3200 FltMgr - ok
16:02:40.0153 3200 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
16:02:40.0153 3200 FontCache - ok
16:02:40.0216 3200 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:02:40.0216 3200 FontCache3.0.0.0 - ok
16:02:40.0231 3200 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:02:40.0247 3200 FsDepends - ok
16:02:40.0294 3200 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
16:02:40.0294 3200 fssfltr - ok
16:02:40.0387 3200 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
16:02:40.0403 3200 fsssvc - ok
16:02:40.0418 3200 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:02:40.0418 3200 Fs_Rec - ok
16:02:40.0450 3200 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:02:40.0450 3200 fvevol - ok
16:02:40.0481 3200 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:02:40.0481 3200 gagp30kx - ok
16:02:40.0512 3200 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:02:40.0512 3200 GEARAspiWDM - ok
16:02:40.0543 3200 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:02:40.0543 3200 gpsvc - ok
16:02:40.0621 3200 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:02:40.0621 3200 gupdate - ok
16:02:40.0621 3200 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:02:40.0621 3200 gupdatem - ok
16:02:40.0637 3200 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:02:40.0652 3200 hcw85cir - ok
16:02:40.0684 3200 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:02:40.0684 3200 HdAudAddService - ok
16:02:40.0715 3200 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:02:40.0730 3200 HDAudBus - ok
16:02:40.0730 3200 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
16:02:40.0730 3200 HidBatt - ok
16:02:40.0730 3200 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:02:40.0746 3200 HidBth - ok
16:02:40.0762 3200 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
16:02:40.0762 3200 HidIr - ok
16:02:40.0777 3200 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
16:02:40.0793 3200 hidserv - ok
16:02:40.0793 3200 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:02:40.0793 3200 HidUsb - ok
16:02:40.0808 3200 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:02:40.0824 3200 hkmsvc - ok
16:02:40.0824 3200 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:02:40.0840 3200 HomeGroupListener - ok
16:02:40.0871 3200 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:02:40.0871 3200 HomeGroupProvider - ok
16:02:40.0886 3200 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:02:40.0886 3200 HpSAMD - ok
16:02:40.0933 3200 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:02:40.0933 3200 HTTP - ok
16:02:40.0949 3200 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:02:40.0949 3200 hwpolicy - ok
16:02:40.0964 3200 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:02:40.0964 3200 i8042prt - ok
16:02:40.0996 3200 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
16:02:40.0996 3200 iaStor - ok
16:02:41.0042 3200 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:02:41.0058 3200 iaStorV - ok
16:02:41.0089 3200 [ 50B8AB6013EF9970AC85FDBA0F622300 ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
16:02:41.0089 3200 iBtFltCoex - ok
16:02:41.0136 3200 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:02:41.0152 3200 idsvc - ok
16:02:41.0386 3200 [ 66DC0CE2D1867B8178EAA0E11930DBD7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
16:02:41.0448 3200 igfx - ok
16:02:41.0479 3200 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:02:41.0479 3200 iirsp - ok
16:02:41.0526 3200 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:02:41.0526 3200 IKEEXT - ok
16:02:41.0573 3200 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
16:02:41.0573 3200 intaud_WaveExtensible - ok
16:02:41.0651 3200 [ 02C93EBAA4421418411448FE7FDFD815 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:02:41.0666 3200 IntcAzAudAddService - ok
16:02:41.0713 3200 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
16:02:41.0713 3200 IntcDAud - ok
16:02:41.0744 3200 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:02:41.0744 3200 intelide - ok
16:02:41.0791 3200 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:02:41.0791 3200 intelppm - ok
16:02:41.0807 3200 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:02:41.0807 3200 IPBusEnum - ok
16:02:41.0822 3200 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:02:41.0822 3200 IpFilterDriver - ok
16:02:41.0885 3200 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:02:41.0900 3200 iphlpsvc - ok
16:02:41.0900 3200 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:02:41.0900 3200 IPMIDRV - ok
16:02:41.0916 3200 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:02:41.0916 3200 IPNAT - ok
16:02:41.0963 3200 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:02:41.0978 3200 iPod Service - ok
16:02:42.0010 3200 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:02:42.0010 3200 IRENUM - ok
16:02:42.0072 3200 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:02:42.0072 3200 isapnp - ok
16:02:42.0088 3200 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:02:42.0088 3200 iScsiPrt - ok
16:02:42.0119 3200 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys
16:02:42.0119 3200 iwdbus - ok
16:02:42.0181 3200 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:02:42.0181 3200 kbdclass - ok
16:02:42.0228 3200 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:02:42.0228 3200 kbdhid - ok
16:02:42.0259 3200 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
16:02:42.0259 3200 kbfiltr - ok
16:02:42.0259 3200 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:02:42.0275 3200 KeyIso - ok
16:02:42.0290 3200 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:02:42.0290 3200 KSecDD - ok
16:02:42.0306 3200 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:02:42.0306 3200 KSecPkg - ok
16:02:42.0368 3200 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:02:42.0368 3200 ksthunk - ok
16:02:42.0384 3200 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:02:42.0400 3200 KtmRm - ok
16:02:42.0478 3200 [ A4A9CA24E54E81C6C3E469EAEB4B3F42 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
16:02:42.0478 3200 L1C - ok
16:02:42.0509 3200 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:02:42.0524 3200 LanmanServer - ok
16:02:42.0540 3200 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:02:42.0540 3200 LanmanWorkstation - ok
16:02:42.0571 3200 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:02:42.0571 3200 lltdio - ok
16:02:42.0602 3200 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:02:42.0602 3200 lltdsvc - ok
16:02:42.0649 3200 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:02:42.0649 3200 lmhosts - ok
16:02:42.0743 3200 [ 98B16E756243BEA9410E32025B19C06F ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
16:02:42.0743 3200 LMS - ok
16:02:42.0790 3200 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:02:42.0790 3200 LSI_FC - ok
16:02:42.0805 3200 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:02:42.0805 3200 LSI_SAS - ok
16:02:42.0836 3200 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:02:42.0836 3200 LSI_SAS2 - ok
16:02:42.0852 3200 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:02:42.0852 3200 LSI_SCSI - ok
16:02:42.0868 3200 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:02:42.0868 3200 luafv - ok
16:02:42.0930 3200 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:02:42.0930 3200 Mcx2Svc - ok
16:02:42.0946 3200 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
16:02:42.0946 3200 megasas - ok
16:02:42.0977 3200 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:02:42.0977 3200 MegaSR - ok
16:02:43.0024 3200 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
16:02:43.0024 3200 MEIx64 - ok
16:02:43.0055 3200 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:02:43.0055 3200 MMCSS - ok
16:02:43.0102 3200 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:02:43.0102 3200 Modem - ok
16:02:43.0133 3200 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:02:43.0133 3200 monitor - ok
16:02:43.0164 3200 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:02:43.0164 3200 mouclass - ok
16:02:43.0195 3200 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:02:43.0195 3200 mouhid - ok
16:02:43.0211 3200 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:02:43.0211 3200 mountmgr - ok
16:02:43.0258 3200 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:02:43.0258 3200 MozillaMaintenance - ok
16:02:43.0289 3200 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:02:43.0289 3200 mpio - ok
16:02:43.0382 3200 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:02:43.0382 3200 mpsdrv - ok
16:02:43.0429 3200 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:02:43.0429 3200 MpsSvc - ok
16:02:43.0460 3200 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:02:43.0460 3200 MRxDAV - ok
16:02:43.0492 3200 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:02:43.0492 3200 mrxsmb - ok
16:02:43.0523 3200 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:02:43.0523 3200 mrxsmb10 - ok
16:02:43.0538 3200 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:02:43.0538 3200 mrxsmb20 - ok
16:02:43.0554 3200 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:02:43.0554 3200 msahci - ok
16:02:43.0632 3200 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:02:43.0632 3200 msdsm - ok
16:02:43.0694 3200 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:02:43.0694 3200 MSDTC - ok
16:02:43.0710 3200 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:02:43.0710 3200 Msfs - ok
16:02:43.0741 3200 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:02:43.0741 3200 mshidkmdf - ok
16:02:43.0741 3200 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:02:43.0757 3200 msisadrv - ok
16:02:43.0788 3200 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:02:43.0788 3200 MSiSCSI - ok
16:02:43.0788 3200 msiserver - ok
16:02:43.0819 3200 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:02:43.0819 3200 MSKSSRV - ok
16:02:43.0866 3200 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:02:43.0866 3200 MSPCLOCK - ok
16:02:43.0882 3200 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:02:43.0882 3200 MSPQM - ok
16:02:43.0897 3200 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:02:43.0897 3200 MsRPC - ok
16:02:43.0913 3200 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:02:43.0913 3200 mssmbios - ok
16:02:43.0913 3200 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:02:43.0913 3200 MSTEE - ok
16:02:43.0928 3200 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
16:02:43.0928 3200 MTConfig - ok
16:02:43.0928 3200 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:02:43.0928 3200 Mup - ok
16:02:43.0960 3200 [ 1571E40EE767B28DF9A94B68D69C9605 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
16:02:43.0960 3200 MyWiFiDHCPDNS - ok
16:02:44.0006 3200 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:02:44.0006 3200 napagent - ok
16:02:44.0053 3200 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:02:44.0053 3200 NativeWifiP - ok
16:02:44.0147 3200 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:02:44.0162 3200 NDIS - ok
16:02:44.0225 3200 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:02:44.0225 3200 NdisCap - ok
16:02:44.0272 3200 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:02:44.0272 3200 NdisTapi - ok
16:02:44.0272 3200 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:02:44.0272 3200 Ndisuio - ok
16:02:44.0287 3200 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:02:44.0287 3200 NdisWan - ok
16:02:44.0287 3200 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:02:44.0287 3200 NDProxy - ok
16:02:44.0303 3200 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:02:44.0303 3200 NetBIOS - ok
16:02:44.0303 3200 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:02:44.0318 3200 NetBT - ok
16:02:44.0334 3200 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:02:44.0334 3200 Netlogon - ok
16:02:44.0381 3200 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:02:44.0381 3200 Netman - ok
16:02:44.0428 3200 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:02:44.0428 3200 netprofm - ok
16:02:44.0490 3200 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:02:44.0490 3200 NetTcpPortSharing - ok
16:02:44.0786 3200 [ 2B26C8A6B4FB519E1849101A10E6C68D ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
16:02:44.0833 3200 NETwNs64 - ok
16:02:44.0911 3200 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:02:44.0911 3200 nfrd960 - ok
16:02:44.0974 3200 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:02:44.0974 3200 NlaSvc - ok
16:02:45.0020 3200 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:02:45.0020 3200 Npfs - ok
16:02:45.0067 3200 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:02:45.0067 3200 nsi - ok
16:02:45.0067 3200 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:02:45.0067 3200 nsiproxy - ok
16:02:45.0161 3200 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:02:45.0176 3200 Ntfs - ok
16:02:45.0208 3200 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:02:45.0208 3200 Null - ok
16:02:45.0239 3200 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:02:45.0239 3200 nvraid - ok
16:02:45.0301 3200 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:02:45.0301 3200 nvstor - ok
16:02:45.0332 3200 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:02:45.0332 3200 nv_agp - ok
16:02:45.0348 3200 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:02:45.0348 3200 ohci1394 - ok
16:02:45.0379 3200 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:02:45.0379 3200 p2pimsvc - ok
16:02:45.0395 3200 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:02:45.0395 3200 p2psvc - ok
16:02:45.0410 3200 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
16:02:45.0426 3200 Parport - ok
16:02:45.0442 3200 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:02:45.0442 3200 partmgr - ok
16:02:45.0473 3200 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:02:45.0473 3200 PcaSvc - ok
16:02:45.0488 3200 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:02:45.0488 3200 pci - ok
16:02:45.0535 3200 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:02:45.0535 3200 pciide - ok
16:02:45.0551 3200 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:02:45.0566 3200 pcmcia - ok
16:02:45.0566 3200 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:02:45.0566 3200 pcw - ok
16:02:45.0613 3200 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:02:45.0613 3200 PEAUTH - ok
16:02:45.0707 3200 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:02:45.0707 3200 PerfHost - ok
16:02:45.0847 3200 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:02:45.0863 3200 pla - ok
16:02:45.0910 3200 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:02:45.0925 3200 PlugPlay - ok
16:02:45.0956 3200 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:02:45.0972 3200 PNRPAutoReg - ok
16:02:46.0003 3200 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:02:46.0003 3200 PNRPsvc - ok
16:02:46.0050 3200 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:02:46.0066 3200 PolicyAgent - ok
16:02:46.0097 3200 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:02:46.0097 3200 Power - ok
16:02:46.0144 3200 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:02:46.0144 3200 PptpMiniport - ok
16:02:46.0175 3200 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
16:02:46.0175 3200 Processor - ok
16:02:46.0206 3200 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:02:46.0206 3200 ProfSvc - ok
16:02:46.0237 3200 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:02:46.0237 3200 ProtectedStorage - ok
16:02:46.0268 3200 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:02:46.0268 3200 Psched - ok
16:02:46.0315 3200 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:02:46.0331 3200 ql2300 - ok
16:02:46.0362 3200 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:02:46.0362 3200 ql40xx - ok
16:02:46.0409 3200 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:02:46.0424 3200 QWAVE - ok
16:02:46.0440 3200 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:02:46.0440 3200 QWAVEdrv - ok
16:02:46.0456 3200 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:02:46.0456 3200 RasAcd - ok
16:02:46.0534 3200 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:02:46.0534 3200 RasAgileVpn - ok
16:02:46.0565 3200 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:02:46.0565 3200 RasAuto - ok
16:02:46.0596 3200 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:02:46.0596 3200 Rasl2tp - ok
16:02:46.0612 3200 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:02:46.0627 3200 RasMan - ok
16:02:46.0643 3200 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:02:46.0643 3200 RasPppoe - ok
16:02:46.0658 3200 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:02:46.0658 3200 RasSstp - ok
16:02:46.0658 3200 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:02:46.0658 3200 rdbss - ok
16:02:46.0690 3200 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
16:02:46.0690 3200 rdpbus - ok
16:02:46.0690 3200 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:02:46.0690 3200 RDPCDD - ok
16:02:46.0721 3200 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:02:46.0721 3200 RDPENCDD - ok
16:02:46.0721 3200 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:02:46.0721 3200 RDPREFMP - ok
16:02:46.0752 3200 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:02:46.0752 3200 RDPWD - ok
16:02:46.0799 3200 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:02:46.0799 3200 rdyboost - ok
16:02:46.0892 3200 [ 156757A092B9350F475D24353239E78E ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
16:02:46.0892 3200 RegSrvc - ok
16:02:46.0924 3200 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:02:46.0924 3200 RemoteAccess - ok
16:02:46.0970 3200 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:02:46.0970 3200 RemoteRegistry - ok
16:02:47.0080 3200 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
16:02:47.0080 3200 RFCOMM - ok
16:02:47.0158 3200 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:02:47.0158 3200 RpcEptMapper - ok
16:02:47.0189 3200 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:02:47.0189 3200 RpcLocator - ok
16:02:47.0267 3200 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:02:47.0267 3200 RpcSs - ok
16:02:47.0314 3200 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:02:47.0314 3200 rspndr - ok
16:02:47.0345 3200 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:02:47.0345 3200 SamSs - ok
16:02:47.0376 3200 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:02:47.0376 3200 sbp2port - ok
16:02:47.0423 3200 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:02:47.0438 3200 SCardSvr - ok
16:02:47.0454 3200 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:02:47.0454 3200 scfilter - ok
16:02:47.0532 3200 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:02:47.0532 3200 Schedule - ok
16:02:47.0610 3200 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:02:47.0610 3200 SCPolicySvc - ok
16:02:47.0672 3200 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:02:47.0672 3200 SDRSVC - ok
16:02:47.0750 3200 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:02:47.0750 3200 secdrv - ok
16:02:47.0766 3200 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:02:47.0766 3200 seclogon - ok
16:02:47.0860 3200 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
16:02:47.0860 3200 SENS - ok
16:02:47.0969 3200 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:02:47.0969 3200 SensrSvc - ok
16:02:48.0031 3200 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
16:02:48.0031 3200 Serenum - ok
16:02:48.0094 3200 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
16:02:48.0094 3200 Serial - ok
16:02:48.0109 3200 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:02:48.0109 3200 sermouse - ok
16:02:48.0172 3200 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:02:48.0172 3200 SessionEnv - ok
16:02:48.0172 3200 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:02:48.0172 3200 sffdisk - ok
16:02:48.0187 3200 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:02:48.0203 3200 sffp_mmc - ok
16:02:48.0203 3200 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:02:48.0203 3200 sffp_sd - ok
16:02:48.0250 3200 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:02:48.0265 3200 sfloppy - ok
16:02:48.0328 3200 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:02:48.0343 3200 SharedAccess - ok
16:02:48.0421 3200 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:02:48.0421 3200 ShellHWDetection - ok
16:02:48.0484 3200 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
16:02:48.0484 3200 SiSGbeLH - ok
16:02:48.0530 3200 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:02:48.0530 3200 SiSRaid2 - ok
16:02:48.0562 3200 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:02:48.0562 3200 SiSRaid4 - ok
16:02:48.0608 3200 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:02:48.0608 3200 Smb - ok
16:02:48.0702 3200 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:02:48.0702 3200 SNMPTRAP - ok
16:02:48.0733 3200 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:02:48.0733 3200 spldr - ok
16:02:48.0858 3200 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:02:48.0858 3200 Spooler - ok
16:02:49.0045 3200 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:02:49.0076 3200 sppsvc - ok
16:02:49.0076 3200 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:02:49.0076 3200 sppuinotify - ok
16:02:49.0108 3200 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:02:49.0108 3200 srv - ok
16:02:49.0123 3200 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:02:49.0123 3200 srv2 - ok
16:02:49.0154 3200 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:02:49.0154 3200 srvnet - ok
16:02:49.0201 3200 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:02:49.0201 3200 SSDPSRV - ok
16:02:49.0232 3200 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:02:49.0232 3200 SstpSvc - ok
16:02:49.0264 3200 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:02:49.0264 3200 stexstor - ok
16:02:49.0310 3200 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:02:49.0326 3200 stisvc - ok
16:02:49.0342 3200 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:02:49.0342 3200 swenum - ok
16:02:49.0373 3200 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:02:49.0388 3200 swprv - ok
16:02:49.0482 3200 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:02:49.0498 3200 SysMain - ok
16:02:49.0529 3200 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:02:49.0529 3200 TabletInputService - ok
16:02:49.0544 3200 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:02:49.0544 3200 TapiSrv - ok
16:02:49.0560 3200 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:02:49.0560 3200 TBS - ok
16:02:49.0685 3200 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:02:49.0700 3200 Tcpip - ok
16:02:49.0794 3200 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:02:49.0794 3200 TCPIP6 - ok
16:02:49.0903 3200 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:02:49.0903 3200 tcpipreg - ok
16:02:49.0950 3200 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:02:49.0950 3200 TDPIPE - ok
16:02:49.0981 3200 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:02:49.0981 3200 TDTCP - ok
16:02:50.0028 3200 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:02:50.0028 3200 tdx - ok
16:02:50.0059 3200 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:02:50.0059 3200 TermDD - ok
16:02:50.0106 3200 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:02:50.0106 3200 TermService - ok
16:02:50.0137 3200 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:02:50.0137 3200 Themes - ok
16:02:50.0168 3200 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:02:50.0168 3200 THREADORDER - ok
16:02:50.0215 3200 [ 69D76CE06BB629B69165C81D83A4B03E ] TiMiniService C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
16:02:50.0215 3200 TiMiniService - ok
16:02:50.0262 3200 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:02:50.0278 3200 TrkWks - ok
16:02:50.0324 3200 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:02:50.0324 3200 TrustedInstaller - ok
16:02:50.0340 3200 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:02:50.0340 3200 tssecsrv - ok
16:02:50.0371 3200 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:02:50.0371 3200 TsUsbFlt - ok
16:02:50.0387 3200 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
16:02:50.0387 3200 TsUsbGD - ok
16:02:50.0418 3200 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:02:50.0418 3200 tunnel - ok
16:02:50.0418 3200 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:02:50.0418 3200 uagp35 - ok
16:02:50.0434 3200 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:02:50.0434 3200 udfs - ok
16:02:50.0480 3200 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:02:50.0480 3200 UI0Detect - ok
16:02:50.0496 3200 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:02:50.0496 3200 uliagpkx - ok
16:02:50.0527 3200 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:02:50.0527 3200 umbus - ok
16:02:50.0558 3200 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
16:02:50.0558 3200 UmPass - ok
16:02:50.0668 3200 [ 7A78ED1088890114DFDE2C4AB038D6B6 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
16:02:50.0683 3200 UNS - ok
16:02:50.0699 3200 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:02:50.0714 3200 upnphost - ok
16:02:50.0761 3200 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:02:50.0761 3200 usbccgp - ok
16:02:50.0792 3200 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:02:50.0792 3200 usbcir - ok
16:02:50.0839 3200 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
16:02:50.0839 3200 usbehci - ok
16:02:50.0870 3200 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:02:50.0870 3200 usbhub - ok
16:02:50.0902 3200 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:02:50.0902 3200 usbohci - ok
16:02:50.0917 3200 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
16:02:50.0933 3200 usbprint - ok
16:02:50.0948 3200 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:02:50.0948 3200 USBSTOR - ok
16:02:50.0980 3200 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:02:50.0980 3200 usbuhci - ok
16:02:51.0011 3200 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
16:02:51.0011 3200 usbvideo - ok
16:02:51.0026 3200 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:02:51.0042 3200 UxSms - ok
16:02:51.0073 3200 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:02:51.0073 3200 VaultSvc - ok
16:02:51.0120 3200 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:02:51.0120 3200 vdrvroot - ok
16:02:51.0151 3200 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:02:51.0151 3200 vds - ok
16:02:51.0198 3200 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:02:51.0198 3200 vga - ok
16:02:51.0214 3200 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:02:51.0214 3200 VgaSave - ok
16:02:51.0229 3200 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:02:51.0229 3200 vhdmp - ok
16:02:51.0261 3200 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:02:51.0261 3200 viaide - ok
16:02:51.0261 3200 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:02:51.0277 3200 volmgr - ok
16:02:51.0293 3200 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:02:51.0293 3200 volmgrx - ok
16:02:51.0308 3200 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:02:51.0308 3200 volsnap - ok
16:02:51.0324 3200 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:02:51.0324 3200 vsmraid - ok
16:02:51.0371 3200 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:02:51.0371 3200 VSS - ok
16:02:51.0402 3200 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:02:51.0402 3200 vwifibus - ok
16:02:51.0417 3200 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:02:51.0417 3200 vwififlt - ok
16:02:51.0480 3200 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
16:02:51.0480 3200 vwifimp - ok
16:02:51.0495 3200 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:02:51.0511 3200 W32Time - ok
16:02:51.0527 3200 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:02:51.0527 3200 WacomPen - ok
16:02:51.0573 3200 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:02:51.0573 3200 WANARP - ok
16:02:51.0589 3200 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:02:51.0589 3200 Wanarpv6 - ok
16:02:51.0636 3200 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:02:51.0651 3200 WatAdminSvc - ok
16:02:51.0761 3200 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:02:51.0761 3200 wbengine - ok
16:02:51.0776 3200 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:02:51.0792 3200 WbioSrvc - ok
16:02:51.0807 3200 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:02:51.0823 3200 wcncsvc - ok
16:02:51.0823 3200 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:02:51.0823 3200 WcsPlugInService - ok
16:02:51.0854 3200 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
16:02:51.0854 3200 Wd - ok
16:02:51.0885 3200 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:02:51.0901 3200 Wdf01000 - ok
16:02:51.0901 3200 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:02:51.0901 3200 WdiServiceHost - ok
16:02:51.0901 3200 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:02:51.0917 3200 WdiSystemHost - ok
16:02:51.0948 3200 [ 63CE387483E74A0BD79EE4E5EBA1FD2E ] wdkmd C:\Windows\system32\DRIVERS\WDKMD.sys
16:02:51.0948 3200 wdkmd - ok
16:02:51.0995 3200 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:02:51.0995 3200 WebClient - ok
16:02:52.0026 3200 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:02:52.0026 3200 Wecsvc - ok
16:02:52.0041 3200 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:02:52.0041 3200 wercplsupport - ok
16:02:52.0073 3200 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:02:52.0073 3200 WerSvc - ok
16:02:52.0119 3200 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:02:52.0119 3200 WfpLwf - ok
16:02:52.0151 3200 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
16:02:52.0151 3200 WimFltr - ok
16:02:52.0166 3200 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:02:52.0166 3200 WIMMount - ok
16:02:52.0182 3200 WinDefend - ok
16:02:52.0197 3200 WinHttpAutoProxySvc - ok
16:02:52.0276 3200 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:02:52.0276 3200 Winmgmt - ok
16:02:52.0448 3200 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:02:52.0479 3200 WinRM - ok
16:02:52.0542 3200 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:02:52.0542 3200 Wlansvc - ok
16:02:52.0604 3200 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:02:52.0604 3200 wlcrasvc - ok
16:02:52.0713 3200 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:02:52.0729 3200 wlidsvc - ok
16:02:52.0760 3200 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:02:52.0760 3200 WmiAcpi - ok
16:02:52.0791 3200 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:02:52.0807 3200 wmiApSrv - ok
16:02:52.0854 3200 WMPNetworkSvc - ok
16:02:52.0885 3200 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:02:52.0900 3200 WPCSvc - ok
16:02:52.0932 3200 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:02:52.0932 3200 WPDBusEnum - ok
16:02:52.0947 3200 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:02:52.0947 3200 ws2ifsl - ok
16:02:52.0963 3200 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
16:02:52.0963 3200 wscsvc - ok
16:02:52.0963 3200 WSearch - ok
16:02:53.0041 3200 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:02:53.0056 3200 wuauserv - ok
16:02:53.0103 3200 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:02:53.0103 3200 WudfPf - ok
16:02:53.0150 3200 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:02:53.0166 3200 WUDFRd - ok
16:02:53.0181 3200 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:02:53.0181 3200 wudfsvc - ok
16:02:53.0212 3200 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:02:53.0212 3200 WwanSvc - ok
16:02:53.0244 3200 ================ Scan global ===============================
16:02:53.0275 3200 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:02:53.0322 3200 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
16:02:53.0337 3200 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
16:02:53.0353 3200 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:02:53.0384 3200 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:02:53.0400 3200 [Global] - ok
16:02:53.0400 3200 ================ Scan MBR ==================================
16:02:53.0415 3200 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:02:53.0618 3200 \Device\Harddisk0\DR0 - ok
16:02:53.0618 3200 ================ Scan VBR ==================================
16:02:53.0634 3200 [ 6529203816F6377A41EB33FC3D756331 ] \Device\Harddisk0\DR0\Partition1
16:02:53.0634 3200 \Device\Harddisk0\DR0\Partition1 - ok
16:02:53.0665 3200 [ 11932BAEC408269B27EC9A0A91C551CE ] \Device\Harddisk0\DR0\Partition2
16:02:53.0665 3200 \Device\Harddisk0\DR0\Partition2 - ok
16:02:53.0665 3200 ============================================================
16:02:53.0665 3200 Scan finished
16:02:53.0665 3200 ============================================================
16:02:53.0665 2304 Detected object count: 0
16:02:53.0665 2304 Actual detected object count: 0

#4 Verve

Verve
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 24 November 2012 - 04:46 PM

It doesn't appear that the link to remove Trend Micro worked. It is still there.

#5 Sightless

Sightless

  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Up in the Clouds
  • Local time:12:11 AM

Posted 24 November 2012 - 05:07 PM

Let's try an ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications (If given the option, choose "Quarantine" instead of delete.)
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Please include the following in your reply
ESET log
Any questions/comments you may have

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:11 AM

Posted 24 November 2012 - 11:43 PM

You may also try a manual unistall
Manually Uninstall Trend Micro Internet Security Pro
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Verve

Verve
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 25 November 2012 - 10:55 AM

Here are results of the ESET Scan. I also used the link provided by boopme to manually remove Trend Micro. It did successfully remove it. However, when I tried to load the McAfee Virus software, it stopped because it still found threats.

Did the ESET Scan get everything? Is there something else to try to remove the threats that McAfee is enountering?

Thanks,

C:\ProgramData\Microsoft\Windows\DRM\7C6C.tmp Win64/Olmarik.AO trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\7C6D.tmp Win64/Olmarik.AO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\24.11.2012_15.57.25\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\24.11.2012_15.57.25\mbr0000\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\24.11.2012_15.57.25\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\24.11.2012_15.57.25\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\24.11.2012_15.57.25\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\24.11.2012_15.57.25\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\Users\Memphis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\78161fca-1c71d49d multiple threats deleted - quarantined
C:\Users\Memphis\AppData\Roaming\Mozilla\Firefox\Profiles\lo2zm9nu.default\extensions\cwflyvjwbg@cwflyvjwbg.org.xpi JS/Redirector.NCI trojan deleted - quarantined
C:\Users\Memphis\Documents\temp\administrator\index3.php_infect HTML/Iframe.gen trojan cleaned by deleting - quarantined
C:\Users\Memphis\Documents\temp\includes\acp\acp_main.php_infect HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\Memphis\Documents\temp\includes\acp\info\acp_main.php_infect HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\Memphis\Documents\temp\styles\black_pearl\templates\index_body.html_infect HTML/Iframe.gen trojan cleaned by deleting - quarantined

#8 Sightless

Sightless

  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Up in the Clouds
  • Local time:12:11 AM

Posted 25 November 2012 - 12:50 PM

Hi, I haven't used McAfee in years. Does it state where the threats are found, or just that there are some on the computer?

Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on drweb-cureit.exe to start the program.
  • Cancel any prompts to download the latest CureIt version and click Start.
  • At the prompt to "Start scan now", click Ok. Allow the setup.exe/driver to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
  • When complete, click Select All, then choose Cure > Move incurable.
    (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • Now put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
  • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)


#9 Verve

Verve
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 25 November 2012 - 02:49 PM

Sightless, I tried installing McAfee again before I saw your latest post and that time it worked. I think my problem has been solved.

Since you mentioned not using McAfee, do you have a recommended virus protection program? I've continued to use McAfee since that's what I started with several years ago.


Thanks to both of you for your assistance.

#10 Sightless

Sightless

  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Up in the Clouds
  • Local time:12:11 AM

Posted 25 November 2012 - 05:58 PM

Hi, I recommend either Avast, Avira or Microsoft Security Essentials. All are free or have free versions.

Go ahead and run the Dr. Web scan (it may take a while to complete) and post the log.

Also, be sure to uninstall McAfee before installing any new antivirus program

#11 Verve

Verve
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 30 November 2012 - 06:04 PM

Here are the results from the Dr.Web scan:

cvp[1].js;C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1CTWFIY4;Probably SCRIPT.Virus;Moved.;
mcinst.exe;C:\Users\Noname\AppData\Local\Temp\McTemp (2)\10135\Download_Files\mobk;Probably BACKDOOR.Trojan;Moved.;
McInst.exe;C:\Users\Noname\AppData\Local\Temp\McTemp (2)\10135\Download_Files\mpf;Probably BACKDOOR.Trojan;Moved.;
McInst.exe;C:\Users\Noname\AppData\Local\Temp\McTemp (2)\10135\Download_Files\mps;Probably BACKDOOR.Trojan;Moved.;
McInst.exe;C:\Users\Noname\AppData\Local\Temp\McTemp (2)\10135\Download_Files\mqs;Probably BACKDOOR.Trojan;Moved.;
McInst.exe;C:\Users\Noname\AppData\Local\Temp\McTemp (2)\10135\Download_Files\msad;Probably BACKDOOR.Trojan;Moved.;
McInst.exe;C:\Users\Noname\AppData\Local\Temp\McTemp (2)\10135\Download_Files\msc;Probably BACKDOOR.Trojan;Moved.;
McInst.exe;C:\Users\Noname\AppData\Local\Temp\McTemp (2)\10135\Download_Files\msk;Probably BACKDOOR.Trojan;Moved.;
McInst.exe;C:\Users\Noname\AppData\Local\Temp\McTemp (2)\10135\Download_Files\vso;Probably BACKDOOR.Trojan;Moved.;
McInst.exe;C:\Users\Noname\AppData\Local\Temp\McTemp (2)\10135\Download_Files\vul;Probably BACKDOOR.Trojan;Moved.;
index.php_bak\JSTAG_1[134a][62e];C:\Users\Noname\Documents\temp\index.php_bak;Probably SCRIPT.Virus;;
index.php_bak;C:\Users\Noname\Documents\temp;Container contains infected objects;Moved.;
index.php_bak;C:\Users\Noname\Documents\temp;Probably SCRIPT.Virus;Invalid path to file ;
index.htm\JSTAG_1[ca][62e];C:\Users\Noname\Documents\temp\adm\index.htm;Probably SCRIPT.Virus;;
index.htm;C:\Users\Noname\Documents\temp\adm;Container contains infected objects;Moved.;
index.htm;C:\Users\Noname\Documents\temp\adm;Probably SCRIPT.Virus;Invalid path to file ;
index.html\JSTAG_1[50][62e];C:\Users\Noname\Documents\temp\adm\index.html;Probably SCRIPT.Virus;;
index.html;C:\Users\Noname\Documents\temp\adm;Container contains infected objects;Moved.;
index.html;C:\Users\Noname\Documents\temp\adm;Probably SCRIPT.Virus;Invalid path to file ;
index.php_infected\JSTAG_2[5448][62e];C:\Users\Noname\Documents\temp\adm\index.php_infected;Probably SCRIPT.Virus;;
index.php_infected\JSWrite_4[1db];C:\Users\Noname\Documents\temp\adm\index.php_infected;Probably SCRIPT.Virus;;
index.php_infected;C:\Users\Noname\Documents\temp\adm;Container contains infected objects;Moved.;
index.php_infected;C:\Users\Noname\Documents\temp\adm;Probably SCRIPT.Virus;Invalid path to file ;
index.php_infect\JSTAG_2[206e][62e];C:\Users\Noname\Documents\temp\administrator\index.php_infect;Probably SCRIPT.Virus;;
index.php_infect;C:\Users\Noname\Documents\temp\administrator;Container contains infected objects;Moved.;
index.php_infect;C:\Users\Noname\Documents\temp\administrator;Probably SCRIPT.Virus;Invalid path to file ;
auth.php_infect\JSTAG_1[8c9][62e];C:\Users\Noname\Documents\temp\administrator\includes\auth.php_infect;Probably SCRIPT.Virus;;
auth.php_infect;C:\Users\Noname\Documents\temp\administrator\includes;Container contains infected objects;Moved.;
auth.php_infect;C:\Users\Noname\Documents\temp\administrator\includes;Probably SCRIPT.Virus;Invalid path to file ;
index.html_infect\JSTAG_1[4d][62e];C:\Users\Noname\Documents\temp\administrator\includes\index.html_infect;Probably SCRIPT.Virus;;
index.html_infect;C:\Users\Noname\Documents\temp\administrator\includes;Container contains infected objects;Moved.;
index.html_infect;C:\Users\Noname\Documents\temp\administrator\includes;Probably SCRIPT.Virus;Invalid path to file ;
index.html_infect\JSTAG_1[4d][62e];C:\Users\Noname\Documents\temp\administrator\modules\index.html_infect;Probably SCRIPT.Virus;;
index.html_infect;C:\Users\Noname\Documents\temp\administrator\modules;Container contains infected objects;Moved.;
index.html_infect;C:\Users\Noname\Documents\temp\administrator\modules;Probably SCRIPT.Virus;Invalid path to file ;
auth.php_infect\JSTAG_1[93c8][62e];C:\Users\Noname\Documents\temp\includes\acp\auth.php_infect;Probably SCRIPT.Virus;;
auth.php_infect;C:\Users\Noname\Documents\temp\includes\acp;Container contains infected objects;Moved.;
auth.php_infect;C:\Users\Noname\Documents\temp\includes\acp;Probably SCRIPT.Virus;Invalid path to file ;
index_infect.html\JSTAG_1[c9][62d];C:\Users\Noname\Documents\temp\language\en\index_infect.html;Probably SCRIPT.Virus;;
index_infect.html\JSTAG_2[71f][62d];C:\Users\Noname\Documents\temp\language\en\index_infect.html;Probably SCRIPT.Virus;;
index_infect.html\JSTAG_3[d76][62e];C:\Users\Noname\Documents\temp\language\en\index_infect.html;Probably SCRIPT.Virus;;
index_infect.html;C:\Users\Noname\Documents\temp\language\en;Container contains infected objects;Moved.;
index_infect.html;C:\Users\Noname\Documents\temp\language\en;Probably SCRIPT.Virus;Invalid path to file ;
index.htm_infect\JSTAG_1[21d][62e];C:\Users\Noname\Documents\temp\styles\black_pearl\templates\index.htm_infect;Probably SCRIPT.Virus;;
index.htm_infect;C:\Users\Noname\Documents\temp\styles\black_pearl\templates;Container contains infected objects;Moved.;
index.htm_infect;C:\Users\Noname\Documents\temp\styles\black_pearl\templates;Probably SCRIPT.Virus;Invalid path to file ;
tsk0000.dta;C:\TDSSKiller_Quarantine\24.11.2012_15.57.25\mbr0000\mbr0000;Trojan.Tdlphaze.1;Incurable.Moved.;
tsk0006.dta;C:\TDSSKiller_Quarantine\24.11.2012_15.57.25\mbr0000\tdlfs0000;Trojan.Tdlphaze.15;Deleted.;

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:11 AM

Posted 30 November 2012 - 08:40 PM

Hi Verve,I will carry this along as Sightless will be unavailable for a bit.

Let me ask you if you have Uninstalled Trend?
We still have steps to do to clean this.. But I felt it is important that you decide this first.



One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Verve

Verve
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 30 November 2012 - 08:55 PM

I do have Windows 7 Recovery disks created. If I do the reformat and reinstall, are those the disks I will need?

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:11 AM

Posted 30 November 2012 - 09:10 PM

Yes.. If you have more particular questions on it after these ask in WIN7 as they are more up to date on R&R in Win 7 than I.
If you're not sure how to reformat and reinstall Windows, please review:How to format a computer and Reinstall Windows 7

These links include specific step-by-step instructions with screenshots:
Windows 7 users can refer to these instructions:
You can back up all your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup any executable files (*.exe), screensavers (*.scr), dynamic link library (*.dll), autorun (.ini) or script files (.php, .asp, .htm, .html, .xml ) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executables inside them as some types of malware can penetrate compressed files and infect the .exe files within them.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users