Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

livesearchnow hijacking Google results in Firefox


  • Please log in to reply
5 replies to this topic

#1 Jen526

Jen526

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 26 November 2012 - 02:42 PM

I'm sorry to be repetitive... I see this same issue discussed elsewhere, but it's not clear whether some of the preliminary checks are safe for anyone or if I should start fresh. Erring on the side of not muddying the waters by running stuff I shouldn't. :)

I use I.E. as my day-to-day browser. About six weeks ago, I had a situation where my google results were skipping to "livesearchnow" pages. I was able to make it stop by returning to an older System Restore point.

I've recently started using Firefox, and am seeing the same problem. No idea if it's left over from the previous incident or something new, but my most recent restore point isn't helping. Malwarebytes said it cleaned up a few things, but doesn't seem to have found whatever this issue is.

Help?

BC AdBot (Login to Remove)

 


#2 Sightless

Sightless

  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Up in the Clouds
  • Local time:06:03 AM

Posted 26 November 2012 - 04:04 PM

Download TDSSkiller
  • Right Click it Run as Admin.
  • Click on Change parameters
  • Select TDLFS file system
  • Click the Scan button
  • Post the LOG In your next reply

    Do not change the default options on scan results


Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it.

  • Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first

    Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

    If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..
  • Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys.



Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here or here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
For a complete visual tutorial of MBAM, see http://thespykiller.co.uk/index.php/topic,5946.0.html

Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Please include the following in your reply:
MBAM log
TDSSKiller log
MiniToolbox log

#3 Jen526

Jen526
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 27 November 2012 - 08:00 AM

Here you go. (I believe the "Happili" item that MalwareBytes quarantined is the same one I saw when I was fixing the issue in I.E. a while ago. MB's deletion of it doesn't seem to have impacted the Firefox redirect behavior.)

(I've replaced my last name and company name with placeholders in a few places, fyi. It's a work computer.)

=========================
MB Results
=========================
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.26.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
smith :: JENNY [administrator]

11/26/2012 4:21:46 PM
mbam-log-2012-11-26 (16-21-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 298200
Time elapsed: 6 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\smith.MSIDOMAIN\AppData\Local\Temp\0.7131434521789198 (Trojan.Happili) -> Quarantined and deleted successfully.

(end)

=========================
TDSKiller Log
=========================
16:19:03.0644 5320 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:19:03.0987 5320 ============================================================
16:19:03.0987 5320 Current date / time: 2012/11/26 16:19:03.0987
16:19:03.0987 5320 SystemInfo:
16:19:03.0987 5320
16:19:03.0987 5320 OS Version: 6.1.7601 ServicePack: 1.0
16:19:03.0987 5320 Product type: Workstation
16:19:03.0987 5320 ComputerName: JENNY
16:19:03.0987 5320 UserName: smith
16:19:03.0987 5320 Windows directory: C:\Windows
16:19:03.0987 5320 System windows directory: C:\Windows
16:19:03.0987 5320 Running under WOW64
16:19:03.0987 5320 Processor architecture: Intel x64
16:19:03.0987 5320 Number of processors: 8
16:19:03.0987 5320 Page size: 0x1000
16:19:03.0987 5320 Boot type: Normal boot
16:19:03.0987 5320 ============================================================
16:19:04.0845 5320 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:19:04.0845 5320 Drive \Device\Harddisk1\DR1 - Size: 0xE8DED00000 (931.48 Gb), SectorSize: 0x200, Cylinders: 0x1DAFD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:19:04.0861 5320 ============================================================
16:19:04.0861 5320 \Device\Harddisk0\DR0:
16:19:04.0861 5320 MBR partitions:
16:19:04.0861 5320 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:19:04.0861 5320 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAEA54800
16:19:04.0861 5320 \Device\Harddisk1\DR1:
16:19:04.0861 5320 MBR partitions:
16:19:04.0861 5320 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x746F6000
16:19:04.0861 5320 ============================================================
16:19:04.0892 5320 C: <-> \Device\Harddisk0\DR0\Partition2
16:19:04.0892 5320 G: <-> \Device\Harddisk1\DR1\Partition1
16:19:04.0892 5320 ============================================================
16:19:04.0892 5320 Initialize success
16:19:04.0892 5320 ============================================================
16:19:21.0191 6868 ============================================================
16:19:21.0191 6868 Scan started
16:19:21.0191 6868 Mode: Manual; TDLFS;
16:19:21.0191 6868 ============================================================
16:19:21.0799 6868 ================ Scan system memory ========================
16:19:21.0799 6868 System memory - ok
16:19:21.0799 6868 ================ Scan services =============================
16:19:21.0924 6868 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:19:21.0939 6868 1394ohci - ok
16:19:21.0955 6868 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:19:21.0955 6868 ACPI - ok
16:19:22.0002 6868 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:19:22.0002 6868 AcpiPmi - ok
16:19:22.0049 6868 [ 0EC911D24F14C969E980E92E4371464D ] acsock C:\Windows\system32\DRIVERS\acsock64.sys
16:19:22.0049 6868 acsock - ok
16:19:22.0158 6868 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:19:22.0173 6868 AdobeARMservice - ok
16:19:22.0283 6868 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:19:22.0283 6868 AdobeFlashPlayerUpdateSvc - ok
16:19:22.0329 6868 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:19:22.0329 6868 adp94xx - ok
16:19:22.0361 6868 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:19:22.0361 6868 adpahci - ok
16:19:22.0376 6868 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:19:22.0376 6868 adpu320 - ok
16:19:22.0407 6868 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:19:22.0407 6868 AeLookupSvc - ok
16:19:22.0470 6868 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:19:22.0470 6868 AFD - ok
16:19:22.0516 6868 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:19:22.0516 6868 agp440 - ok
16:19:22.0532 6868 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:19:22.0532 6868 ALG - ok
16:19:22.0548 6868 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:19:22.0548 6868 aliide - ok
16:19:22.0594 6868 [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:19:22.0594 6868 AMD External Events Utility - ok
16:19:22.0610 6868 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:19:22.0610 6868 amdide - ok
16:19:22.0626 6868 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:19:22.0626 6868 AmdK8 - ok
16:19:22.0828 6868 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:19:22.0875 6868 amdkmdag - ok
16:19:22.0984 6868 [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
16:19:22.0984 6868 amdkmdap - ok
16:19:23.0000 6868 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:19:23.0000 6868 AmdPPM - ok
16:19:23.0031 6868 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:19:23.0031 6868 amdsata - ok
16:19:23.0047 6868 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:19:23.0047 6868 amdsbs - ok
16:19:23.0062 6868 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:19:23.0062 6868 amdxata - ok
16:19:23.0109 6868 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:19:23.0109 6868 AppID - ok
16:19:23.0109 6868 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:19:23.0109 6868 AppIDSvc - ok
16:19:23.0140 6868 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:19:23.0140 6868 Appinfo - ok
16:19:23.0203 6868 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:19:23.0203 6868 Apple Mobile Device - ok
16:19:23.0234 6868 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
16:19:23.0250 6868 AppMgmt - ok
16:19:23.0265 6868 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
16:19:23.0265 6868 arc - ok
16:19:23.0281 6868 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:19:23.0281 6868 arcsas - ok
16:19:23.0390 6868 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:19:23.0390 6868 aspnet_state - ok
16:19:23.0421 6868 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:19:23.0421 6868 AsyncMac - ok
16:19:23.0421 6868 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:19:23.0437 6868 atapi - ok
16:19:23.0484 6868 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:19:23.0499 6868 AudioEndpointBuilder - ok
16:19:23.0515 6868 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:19:23.0515 6868 AudioSrv - ok
16:19:23.0686 6868 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
16:19:23.0702 6868 AVGIDSAgent - ok
16:19:23.0749 6868 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
16:19:23.0764 6868 AVGIDSDriver - ok
16:19:23.0811 6868 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
16:19:23.0827 6868 AVGIDSFilter - ok
16:19:23.0873 6868 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
16:19:23.0873 6868 AVGIDSHA - ok
16:19:23.0920 6868 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
16:19:23.0920 6868 Avgldx64 - ok
16:19:23.0951 6868 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
16:19:23.0951 6868 Avgmfx64 - ok
16:19:23.0998 6868 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
16:19:24.0014 6868 Avgrkx64 - ok
16:19:24.0014 6868 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
16:19:24.0029 6868 Avgtdia - ok
16:19:24.0061 6868 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
16:19:24.0061 6868 avgwd - ok
16:19:24.0107 6868 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:19:24.0123 6868 AxInstSV - ok
16:19:24.0154 6868 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
16:19:24.0154 6868 b06bdrv - ok
16:19:24.0185 6868 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:19:24.0201 6868 b57nd60a - ok
16:19:24.0310 6868 [ 43AD3D3E7674833FCA9A7C4E7180AD54 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
16:19:24.0326 6868 BCM43XX - ok
16:19:24.0357 6868 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:19:24.0357 6868 BDESVC - ok
16:19:24.0357 6868 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:19:24.0357 6868 Beep - ok
16:19:24.0419 6868 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:19:24.0435 6868 BFE - ok
16:19:24.0451 6868 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
16:19:24.0451 6868 BITS - ok
16:19:24.0466 6868 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:19:24.0466 6868 blbdrive - ok
16:19:24.0544 6868 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:19:24.0544 6868 Bonjour Service - ok
16:19:24.0575 6868 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:19:24.0591 6868 bowser - ok
16:19:24.0607 6868 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:19:24.0607 6868 BrFiltLo - ok
16:19:24.0607 6868 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:19:24.0607 6868 BrFiltUp - ok
16:19:24.0669 6868 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:19:24.0669 6868 Browser - ok
16:19:24.0684 6868 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:19:24.0684 6868 Brserid - ok
16:19:24.0700 6868 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:19:24.0700 6868 BrSerWdm - ok
16:19:24.0716 6868 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:19:24.0716 6868 BrUsbMdm - ok
16:19:24.0716 6868 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:19:24.0716 6868 BrUsbSer - ok
16:19:24.0731 6868 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:19:24.0731 6868 BTHMODEM - ok
16:19:24.0762 6868 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:19:24.0762 6868 bthserv - ok
16:19:24.0794 6868 [ 3D461E1EE3D0C773377301A31217C5AD ] cdfdrv C:\Windows\system32\DRIVERS\cdfdrv.sys
16:19:24.0794 6868 cdfdrv - ok
16:19:24.0809 6868 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:19:24.0809 6868 cdfs - ok
16:19:24.0840 6868 [ 3270D51D394FEB222E3F60CF32B82FCE ] CdfSvc C:\Program Files (x86)\Common Files\Citrix\System32\CdfSvc.exe
16:19:24.0840 6868 CdfSvc - ok
16:19:24.0887 6868 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
16:19:24.0887 6868 cdrom - ok
16:19:24.0934 6868 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:19:24.0934 6868 CertPropSvc - ok
16:19:24.0950 6868 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:19:24.0950 6868 circlass - ok
16:19:24.0981 6868 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:19:24.0981 6868 CLFS - ok
16:19:25.0028 6868 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:19:25.0028 6868 clr_optimization_v2.0.50727_32 - ok
16:19:25.0059 6868 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:19:25.0059 6868 clr_optimization_v2.0.50727_64 - ok
16:19:25.0106 6868 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:19:25.0106 6868 clr_optimization_v4.0.30319_32 - ok
16:19:25.0121 6868 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:19:25.0121 6868 clr_optimization_v4.0.30319_64 - ok
16:19:25.0137 6868 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:19:25.0152 6868 CmBatt - ok
16:19:25.0184 6868 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:19:25.0184 6868 cmdide - ok
16:19:25.0215 6868 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
16:19:25.0230 6868 CNG - ok
16:19:25.0246 6868 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:19:25.0246 6868 Compbatt - ok
16:19:25.0293 6868 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:19:25.0293 6868 CompositeBus - ok
16:19:25.0293 6868 COMSysApp - ok
16:19:25.0308 6868 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:19:25.0308 6868 crcdisk - ok
16:19:25.0355 6868 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:19:25.0355 6868 CryptSvc - ok
16:19:25.0402 6868 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
16:19:25.0418 6868 CSC - ok
16:19:25.0464 6868 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
16:19:25.0464 6868 CscService - ok
16:19:25.0511 6868 [ 004440A43522E20278959269F7477A12 ] ctxpidmn C:\Windows\system32\DRIVERS\ctxpidmn.sys
16:19:25.0511 6868 ctxpidmn - ok
16:19:25.0527 6868 [ 84B5B28751232E935F9562E9BA5840D1 ] CtxSbx C:\Windows\system32\DRIVERS\CtxSbx.sys
16:19:25.0527 6868 CtxSbx - ok
16:19:25.0574 6868 [ BA8E5B2291C01EF71CA80E25F0C79D55 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
16:19:25.0574 6868 ctxusbm - ok
16:19:25.0620 6868 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
16:19:25.0620 6868 CVirtA - ok
16:19:25.0698 6868 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
16:19:25.0714 6868 CVPND - ok
16:19:25.0729 6868 [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
16:19:25.0745 6868 CVPNDRVA - ok
16:19:25.0761 6868 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:19:25.0761 6868 DcomLaunch - ok
16:19:25.0792 6868 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:19:25.0792 6868 defragsvc - ok
16:19:25.0839 6868 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:19:25.0839 6868 DfsC - ok
16:19:25.0854 6868 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:19:25.0854 6868 Dhcp - ok
16:19:25.0870 6868 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:19:25.0870 6868 discache - ok
16:19:25.0932 6868 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:19:25.0932 6868 Disk - ok
16:19:25.0963 6868 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
16:19:25.0979 6868 DNE - ok
16:19:25.0995 6868 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:19:25.0995 6868 Dnscache - ok
16:19:26.0041 6868 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:19:26.0041 6868 dot3svc - ok
16:19:26.0057 6868 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:19:26.0057 6868 DPS - ok
16:19:26.0104 6868 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:19:26.0104 6868 drmkaud - ok
16:19:26.0135 6868 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:19:26.0135 6868 DXGKrnl - ok
16:19:26.0151 6868 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:19:26.0151 6868 EapHost - ok
16:19:26.0229 6868 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
16:19:26.0244 6868 ebdrv - ok
16:19:26.0307 6868 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:19:26.0307 6868 EFS - ok
16:19:26.0353 6868 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:19:26.0353 6868 ehRecvr - ok
16:19:26.0385 6868 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:19:26.0385 6868 ehSched - ok
16:19:26.0416 6868 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:19:26.0416 6868 elxstor - ok
16:19:26.0431 6868 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:19:26.0431 6868 ErrDev - ok
16:19:26.0447 6868 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:19:26.0463 6868 EventSystem - ok
16:19:26.0478 6868 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:19:26.0478 6868 exfat - ok
16:19:26.0494 6868 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:19:26.0509 6868 fastfat - ok
16:19:26.0541 6868 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:19:26.0556 6868 Fax - ok
16:19:26.0572 6868 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:19:26.0572 6868 fdc - ok
16:19:26.0572 6868 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:19:26.0572 6868 fdPHost - ok
16:19:26.0587 6868 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:19:26.0587 6868 FDResPub - ok
16:19:26.0603 6868 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:19:26.0603 6868 FileInfo - ok
16:19:26.0619 6868 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:19:26.0619 6868 Filetrace - ok
16:19:26.0634 6868 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:19:26.0634 6868 flpydisk - ok
16:19:26.0650 6868 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:19:26.0665 6868 FltMgr - ok
16:19:26.0712 6868 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
16:19:26.0728 6868 FontCache - ok
16:19:26.0775 6868 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:19:26.0775 6868 FontCache3.0.0.0 - ok
16:19:26.0790 6868 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:19:26.0790 6868 FsDepends - ok
16:19:26.0821 6868 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:19:26.0821 6868 Fs_Rec - ok
16:19:26.0837 6868 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:19:26.0837 6868 fvevol - ok
16:19:26.0852 6868 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:19:26.0852 6868 gagp30kx - ok
16:19:26.0884 6868 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:19:26.0884 6868 GEARAspiWDM - ok
16:19:26.0930 6868 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:19:26.0930 6868 gpsvc - ok
16:19:26.0946 6868 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:19:26.0946 6868 hcw85cir - ok
16:19:27.0008 6868 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:19:27.0008 6868 HdAudAddService - ok
16:19:27.0055 6868 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:19:27.0055 6868 HDAudBus - ok
16:19:27.0071 6868 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:19:27.0071 6868 HidBatt - ok
16:19:27.0086 6868 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:19:27.0086 6868 HidBth - ok
16:19:27.0102 6868 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:19:27.0102 6868 HidIr - ok
16:19:27.0118 6868 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
16:19:27.0118 6868 hidserv - ok
16:19:27.0149 6868 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:19:27.0149 6868 HidUsb - ok
16:19:27.0180 6868 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:19:27.0196 6868 hkmsvc - ok
16:19:27.0227 6868 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:19:27.0227 6868 HomeGroupListener - ok
16:19:27.0274 6868 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:19:27.0274 6868 HomeGroupProvider - ok
16:19:27.0289 6868 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:19:27.0289 6868 HpSAMD - ok
16:19:27.0336 6868 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:19:27.0336 6868 HTTP - ok
16:19:27.0352 6868 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:19:27.0352 6868 hwpolicy - ok
16:19:27.0383 6868 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:19:27.0383 6868 i8042prt - ok
16:19:27.0430 6868 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:19:27.0430 6868 iaStorV - ok
16:19:27.0461 6868 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:19:27.0476 6868 idsvc - ok
16:19:27.0492 6868 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:19:27.0492 6868 iirsp - ok
16:19:27.0508 6868 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:19:27.0523 6868 IKEEXT - ok
16:19:27.0523 6868 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:19:27.0523 6868 intelide - ok
16:19:27.0539 6868 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:19:27.0539 6868 intelppm - ok
16:19:27.0570 6868 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:19:27.0570 6868 IPBusEnum - ok
16:19:27.0586 6868 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:19:27.0586 6868 IpFilterDriver - ok
16:19:27.0601 6868 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:19:27.0601 6868 iphlpsvc - ok
16:19:27.0617 6868 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:19:27.0617 6868 IPMIDRV - ok
16:19:27.0632 6868 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:19:27.0632 6868 IPNAT - ok
16:19:27.0679 6868 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:19:27.0679 6868 iPod Service - ok
16:19:27.0695 6868 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:19:27.0695 6868 IRENUM - ok
16:19:27.0726 6868 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:19:27.0726 6868 isapnp - ok
16:19:27.0742 6868 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:19:27.0757 6868 iScsiPrt - ok
16:19:27.0788 6868 [ 12E27942DBB7C91880163634B0D8A776 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
16:19:27.0788 6868 k57nd60a - ok
16:19:27.0804 6868 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
16:19:27.0804 6868 kbdclass - ok
16:19:27.0820 6868 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
16:19:27.0820 6868 kbdhid - ok
16:19:27.0820 6868 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:19:27.0820 6868 KeyIso - ok
16:19:27.0866 6868 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:19:27.0866 6868 KSecDD - ok
16:19:27.0866 6868 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:19:27.0882 6868 KSecPkg - ok
16:19:27.0882 6868 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:19:27.0882 6868 ksthunk - ok
16:19:27.0913 6868 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:19:27.0913 6868 KtmRm - ok
16:19:27.0929 6868 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:19:27.0929 6868 LanmanServer - ok
16:19:27.0975 6868 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:19:27.0975 6868 LanmanWorkstation - ok
16:19:28.0069 6868 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:19:28.0069 6868 lltdio - ok
16:19:28.0085 6868 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:19:28.0085 6868 lltdsvc - ok
16:19:28.0085 6868 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:19:28.0085 6868 lmhosts - ok
16:19:28.0116 6868 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:19:28.0131 6868 LSI_FC - ok
16:19:28.0131 6868 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:19:28.0131 6868 LSI_SAS - ok
16:19:28.0147 6868 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:19:28.0147 6868 LSI_SAS2 - ok
16:19:28.0163 6868 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:19:28.0163 6868 LSI_SCSI - ok
16:19:28.0178 6868 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:19:28.0178 6868 luafv - ok
16:19:28.0225 6868 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:19:28.0225 6868 Mcx2Svc - ok
16:19:28.0241 6868 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:19:28.0241 6868 megasas - ok
16:19:28.0256 6868 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:19:28.0256 6868 MegaSR - ok
16:19:28.0319 6868 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
16:19:28.0319 6868 MEIx64 - ok
16:19:28.0412 6868 Microsoft SharePoint Workspace Audit Service - ok
16:19:28.0412 6868 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:19:28.0412 6868 MMCSS - ok
16:19:28.0443 6868 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:19:28.0443 6868 Modem - ok
16:19:28.0443 6868 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:19:28.0459 6868 monitor - ok
16:19:28.0490 6868 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:19:28.0490 6868 mouclass - ok
16:19:28.0506 6868 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:19:28.0506 6868 mouhid - ok
16:19:28.0537 6868 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:19:28.0537 6868 mountmgr - ok
16:19:28.0584 6868 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:19:28.0599 6868 MozillaMaintenance - ok
16:19:28.0631 6868 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:19:28.0631 6868 mpio - ok
16:19:28.0646 6868 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:19:28.0646 6868 mpsdrv - ok
16:19:28.0709 6868 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:19:28.0709 6868 MpsSvc - ok
16:19:28.0755 6868 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:19:28.0755 6868 MRxDAV - ok
16:19:28.0771 6868 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:19:28.0771 6868 mrxsmb - ok
16:19:28.0818 6868 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:19:28.0818 6868 mrxsmb10 - ok
16:19:28.0833 6868 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:19:28.0833 6868 mrxsmb20 - ok
16:19:28.0849 6868 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:19:28.0849 6868 msahci - ok
16:19:28.0865 6868 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:19:28.0865 6868 msdsm - ok
16:19:28.0896 6868 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:19:28.0896 6868 MSDTC - ok
16:19:29.0020 6868 [ 7D0AC2859EEACCC5BD038B8CDDCAFF62 ] MsDtsServer100 C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
16:19:29.0020 6868 MsDtsServer100 - ok
16:19:29.0036 6868 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:19:29.0036 6868 Msfs - ok
16:19:29.0052 6868 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:19:29.0052 6868 mshidkmdf - ok
16:19:29.0067 6868 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:19:29.0067 6868 msisadrv - ok
16:19:29.0083 6868 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:19:29.0083 6868 MSiSCSI - ok
16:19:29.0083 6868 msiserver - ok
16:19:29.0098 6868 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:19:29.0098 6868 MSKSSRV - ok
16:19:29.0145 6868 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:19:29.0145 6868 MSPCLOCK - ok
16:19:29.0161 6868 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:19:29.0161 6868 MSPQM - ok
16:19:29.0208 6868 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:19:29.0208 6868 MsRPC - ok
16:19:29.0223 6868 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:19:29.0223 6868 mssmbios - ok
16:19:29.0286 6868 MSSQL$SQLEXPRESS - ok
16:19:29.0332 6868 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
16:19:29.0332 6868 MSSQLServerADHelper100 - ok
16:19:29.0332 6868 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:19:29.0332 6868 MSTEE - ok
16:19:29.0442 6868 [ 95DC808A9A177F575DE9FD49F7D97312 ] msvsmon80 C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe
16:19:29.0457 6868 msvsmon80 - ok
16:19:29.0582 6868 [ 0F4DD44765A7D23E0CD9965EE900558F ] msvsmon90 C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
16:19:29.0613 6868 msvsmon90 - ok
16:19:29.0629 6868 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:19:29.0629 6868 MTConfig - ok
16:19:29.0629 6868 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:19:29.0629 6868 Mup - ok
16:19:29.0660 6868 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:19:29.0660 6868 napagent - ok
16:19:29.0691 6868 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:19:29.0691 6868 NativeWifiP - ok
16:19:29.0722 6868 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
16:19:29.0738 6868 NDIS - ok
16:19:29.0738 6868 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:19:29.0738 6868 NdisCap - ok
16:19:29.0785 6868 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:19:29.0785 6868 NdisTapi - ok
16:19:29.0816 6868 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:19:29.0816 6868 Ndisuio - ok
16:19:29.0863 6868 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:19:29.0863 6868 NdisWan - ok
16:19:29.0910 6868 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:19:29.0910 6868 NDProxy - ok
16:19:29.0910 6868 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:19:29.0910 6868 NetBIOS - ok
16:19:29.0925 6868 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:19:29.0941 6868 NetBT - ok
16:19:29.0941 6868 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:19:29.0941 6868 Netlogon - ok
16:19:29.0988 6868 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:19:29.0988 6868 Netman - ok
16:19:30.0034 6868 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:19:30.0034 6868 NetMsmqActivator - ok
16:19:30.0034 6868 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:19:30.0050 6868 NetPipeActivator - ok
16:19:30.0050 6868 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:19:30.0050 6868 netprofm - ok
16:19:30.0065 6868 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:19:30.0065 6868 NetTcpActivator - ok
16:19:30.0065 6868 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:19:30.0065 6868 NetTcpPortSharing - ok
16:19:30.0097 6868 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:19:30.0097 6868 nfrd960 - ok
16:19:30.0112 6868 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:19:30.0112 6868 NlaSvc - ok
16:19:30.0128 6868 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:19:30.0128 6868 Npfs - ok
16:19:30.0128 6868 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:19:30.0143 6868 nsi - ok
16:19:30.0143 6868 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:19:30.0143 6868 nsiproxy - ok
16:19:30.0206 6868 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:19:30.0221 6868 Ntfs - ok
16:19:30.0237 6868 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:19:30.0237 6868 Null - ok
16:19:30.0284 6868 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:19:30.0284 6868 nvraid - ok
16:19:30.0299 6868 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:19:30.0299 6868 nvstor - ok
16:19:30.0331 6868 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:19:30.0331 6868 nv_agp - ok
16:19:30.0362 6868 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:19:30.0362 6868 ohci1394 - ok
16:19:30.0440 6868 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:19:30.0440 6868 ose - ok
16:19:30.0565 6868 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:19:30.0580 6868 osppsvc - ok
16:19:30.0596 6868 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:19:30.0596 6868 p2pimsvc - ok
16:19:30.0611 6868 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:19:30.0611 6868 p2psvc - ok
16:19:30.0627 6868 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:19:30.0627 6868 Parport - ok
16:19:30.0658 6868 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:19:30.0658 6868 partmgr - ok
16:19:30.0674 6868 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:19:30.0674 6868 PcaSvc - ok
16:19:30.0689 6868 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:19:30.0689 6868 pci - ok
16:19:30.0705 6868 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:19:30.0705 6868 pciide - ok
16:19:30.0721 6868 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:19:30.0721 6868 pcmcia - ok
16:19:30.0736 6868 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:19:30.0736 6868 pcw - ok
16:19:30.0767 6868 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:19:30.0767 6868 PEAUTH - ok
16:19:30.0799 6868 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:19:30.0814 6868 PeerDistSvc - ok
16:19:30.0877 6868 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:19:30.0877 6868 PerfHost - ok
16:19:30.0939 6868 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:19:30.0955 6868 pla - ok
16:19:31.0001 6868 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:19:31.0001 6868 PlugPlay - ok
16:19:31.0017 6868 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:19:31.0017 6868 PNRPAutoReg - ok
16:19:31.0033 6868 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:19:31.0033 6868 PNRPsvc - ok
16:19:31.0048 6868 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:19:31.0064 6868 PolicyAgent - ok
16:19:31.0079 6868 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:19:31.0079 6868 Power - ok
16:19:31.0126 6868 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:19:31.0126 6868 PptpMiniport - ok
16:19:31.0142 6868 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:19:31.0142 6868 Processor - ok
16:19:31.0188 6868 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:19:31.0188 6868 ProfSvc - ok
16:19:31.0204 6868 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:19:31.0204 6868 ProtectedStorage - ok
16:19:31.0251 6868 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:19:31.0251 6868 Psched - ok
16:19:31.0298 6868 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:19:31.0298 6868 ql2300 - ok
16:19:31.0329 6868 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:19:31.0329 6868 ql40xx - ok
16:19:31.0376 6868 [ A3AB8625C0C7C72A174D448FD21E03D3 ] QVCSEnterpriseServer C:\qvcse\EnterpriseService.exe
16:19:31.0376 6868 QVCSEnterpriseServer - ok
16:19:31.0407 6868 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:19:31.0407 6868 QWAVE - ok
16:19:31.0422 6868 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:19:31.0422 6868 QWAVEdrv - ok
16:19:31.0469 6868 [ 488EAB595BFB39A42CB1004CAF59ABFD ] RadeHlprSvc C:\Program Files (x86)\Citrix\Streaming Client\RadeHlprSvc.exe
16:19:31.0469 6868 RadeHlprSvc - ok
16:19:31.0500 6868 [ 10401096FD68ED42CE0B504AC8A6F0EE ] RadeSvc C:\Program Files (x86)\Citrix\Streaming Client\RadeSvc.exe
16:19:31.0500 6868 RadeSvc - ok
16:19:31.0516 6868 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:19:31.0516 6868 RasAcd - ok
16:19:31.0547 6868 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:19:31.0547 6868 RasAgileVpn - ok
16:19:31.0547 6868 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:19:31.0563 6868 RasAuto - ok
16:19:31.0594 6868 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:19:31.0594 6868 Rasl2tp - ok
16:19:31.0625 6868 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:19:31.0625 6868 RasMan - ok
16:19:31.0641 6868 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:19:31.0641 6868 RasPppoe - ok
16:19:31.0656 6868 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:19:31.0656 6868 RasSstp - ok
16:19:31.0672 6868 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:19:31.0672 6868 rdbss - ok
16:19:31.0688 6868 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:19:31.0688 6868 rdpbus - ok
16:19:31.0688 6868 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:19:31.0688 6868 RDPCDD - ok
16:19:31.0734 6868 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:19:31.0734 6868 RDPDR - ok
16:19:31.0750 6868 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:19:31.0750 6868 RDPENCDD - ok
16:19:31.0781 6868 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:19:31.0781 6868 RDPREFMP - ok
16:19:31.0844 6868 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:19:31.0844 6868 RdpVideoMiniport - ok
16:19:31.0875 6868 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:19:31.0875 6868 RDPWD - ok
16:19:31.0906 6868 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:19:31.0906 6868 rdyboost - ok
16:19:31.0937 6868 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:19:31.0937 6868 RemoteAccess - ok
16:19:31.0937 6868 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:19:31.0953 6868 RemoteRegistry - ok
16:19:31.0953 6868 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:19:31.0953 6868 RpcEptMapper - ok
16:19:31.0984 6868 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:19:31.0984 6868 RpcLocator - ok
16:19:32.0000 6868 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:19:32.0000 6868 RpcSs - ok
16:19:32.0046 6868 [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys
16:19:32.0046 6868 RsFx0103 - ok
16:19:32.0062 6868 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:19:32.0062 6868 rspndr - ok
16:19:32.0109 6868 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
16:19:32.0109 6868 s3cap - ok
16:19:32.0109 6868 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:19:32.0109 6868 SamSs - ok
16:19:32.0156 6868 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:19:32.0156 6868 sbp2port - ok
16:19:32.0171 6868 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:19:32.0171 6868 SCardSvr - ok
16:19:32.0202 6868 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:19:32.0202 6868 scfilter - ok
16:19:32.0249 6868 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:19:32.0265 6868 Schedule - ok
16:19:32.0296 6868 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:19:32.0311 6868 SCPolicySvc - ok
16:19:32.0343 6868 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:19:32.0343 6868 SDRSVC - ok
16:19:32.0358 6868 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:19:32.0358 6868 secdrv - ok
16:19:32.0405 6868 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:19:32.0405 6868 seclogon - ok
16:19:32.0421 6868 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
16:19:32.0421 6868 SENS - ok
16:19:32.0436 6868 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:19:32.0436 6868 SensrSvc - ok
16:19:32.0452 6868 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:19:32.0452 6868 Serenum - ok
16:19:32.0483 6868 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:19:32.0499 6868 Serial - ok
16:19:32.0514 6868 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:19:32.0514 6868 sermouse - ok
16:19:32.0561 6868 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:19:32.0561 6868 SessionEnv - ok
16:19:32.0592 6868 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:19:32.0592 6868 sffdisk - ok
16:19:32.0608 6868 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:19:32.0608 6868 sffp_mmc - ok
16:19:32.0608 6868 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:19:32.0608 6868 sffp_sd - ok
16:19:32.0623 6868 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:19:32.0623 6868 sfloppy - ok
16:19:32.0655 6868 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:19:32.0655 6868 SharedAccess - ok
16:19:32.0686 6868 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:19:32.0701 6868 ShellHWDetection - ok
16:19:32.0717 6868 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:19:32.0717 6868 SiSRaid2 - ok
16:19:32.0733 6868 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:19:32.0733 6868 SiSRaid4 - ok
16:19:32.0764 6868 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:19:32.0764 6868 Smb - ok
16:19:32.0795 6868 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:19:32.0795 6868 SNMPTRAP - ok
16:19:32.0795 6868 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:19:32.0795 6868 spldr - ok
16:19:32.0842 6868 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:19:32.0857 6868 Spooler - ok
16:19:32.0951 6868 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:19:32.0967 6868 sppsvc - ok
16:19:32.0982 6868 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:19:32.0982 6868 sppuinotify - ok
16:19:33.0138 6868 [ 14A89414949ECB1D45E3FF0332AE8EFB ] SprintSTI C:\Source\Crossform\VB.Net v3\Sprint-WindowsService\SprintSTI\SprintSTI\bin\Debug\sprintsti.exe
16:19:33.0154 6868 SprintSTI - ok
16:19:33.0247 6868 [ C55F8128397BD58E32A5A540BFB4C6F7 ] SprintSTIServiceInstaller C:\SPRINTTEST\InstallFolder\SprintSTI.exe
16:19:33.0247 6868 SprintSTIServiceInstaller - ok
16:19:33.0356 6868 [ 12E6D95CDE974B131DEFAA44BAB8B056 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
16:19:33.0356 6868 SQLAgent$SQLEXPRESS - ok
16:19:33.0419 6868 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
16:19:33.0419 6868 SQLBrowser - ok
16:19:33.0481 6868 [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
16:19:33.0481 6868 SQLWriter - ok
16:19:33.0497 6868 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:19:33.0512 6868 srv - ok
16:19:33.0528 6868 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:19:33.0528 6868 srv2 - ok
16:19:33.0544 6868 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:19:33.0544 6868 srvnet - ok
16:19:33.0575 6868 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:19:33.0575 6868 SSDPSRV - ok
16:19:33.0590 6868 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:19:33.0590 6868 SstpSvc - ok
16:19:33.0606 6868 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:19:33.0622 6868 stexstor - ok
16:19:33.0653 6868 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:19:33.0668 6868 stisvc - ok
16:19:33.0700 6868 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
16:19:33.0700 6868 storflt - ok
16:19:33.0715 6868 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
16:19:33.0715 6868 storvsc - ok
16:19:33.0731 6868 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
16:19:33.0746 6868 swenum - ok
16:19:33.0762 6868 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:19:33.0762 6868 swprv - ok
16:19:33.0778 6868 Synth3dVsc - ok
16:19:33.0840 6868 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:19:33.0856 6868 SysMain - ok
16:19:33.0902 6868 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:19:33.0902 6868 TabletInputService - ok
16:19:33.0949 6868 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:19:33.0949 6868 TapiSrv - ok
16:19:33.0965 6868 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:19:33.0965 6868 TBS - ok
16:19:34.0043 6868 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:19:34.0058 6868 Tcpip - ok
16:19:34.0105 6868 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:19:34.0121 6868 TCPIP6 - ok
16:19:34.0152 6868 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:19:34.0152 6868 tcpipreg - ok
16:19:34.0168 6868 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:19:34.0168 6868 TDPIPE - ok
16:19:34.0199 6868 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:19:34.0199 6868 TDTCP - ok
16:19:34.0214 6868 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:19:34.0214 6868 tdx - ok
16:19:34.0230 6868 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:19:34.0246 6868 TermDD - ok
16:19:34.0277 6868 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:19:34.0292 6868 TermService - ok
16:19:34.0292 6868 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:19:34.0292 6868 Themes - ok
16:19:34.0323 6868 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:19:34.0323 6868 THREADORDER - ok
16:19:34.0323 6868 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:19:34.0323 6868 TrkWks - ok
16:19:34.0355 6868 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:19:34.0355 6868 TrustedInstaller - ok
16:19:34.0401 6868 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:19:34.0401 6868 tssecsrv - ok
16:19:34.0448 6868 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:19:34.0448 6868 TsUsbFlt - ok
16:19:34.0448 6868 tsusbhub - ok
16:19:34.0511 6868 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:19:34.0511 6868 tunnel - ok
16:19:34.0526 6868 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:19:34.0526 6868 uagp35 - ok
16:19:34.0542 6868 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:19:34.0557 6868 udfs - ok
16:19:34.0573 6868 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:19:34.0573 6868 UI0Detect - ok
16:19:34.0589 6868 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:19:34.0589 6868 uliagpkx - ok
16:19:34.0604 6868 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
16:19:34.0604 6868 umbus - ok
16:19:34.0620 6868 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:19:34.0620 6868 UmPass - ok
16:19:34.0651 6868 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
16:19:34.0651 6868 UmRdpService - ok
16:19:34.0667 6868 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:19:34.0667 6868 upnphost - ok
16:19:34.0698 6868 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
16:19:34.0698 6868 USBAAPL64 - ok
16:19:34.0713 6868 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:19:34.0729 6868 usbccgp - ok
16:19:34.0760 6868 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:19:34.0760 6868 usbcir - ok
16:19:34.0760 6868 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:19:34.0776 6868 usbehci - ok
16:19:34.0791 6868 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:19:34.0791 6868 usbhub - ok
16:19:34.0807 6868 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:19:34.0807 6868 usbohci - ok
16:19:34.0823 6868 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:19:34.0823 6868 usbprint - ok
16:19:34.0854 6868 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:19:34.0869 6868 USBSTOR - ok
16:19:34.0869 6868 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:19:34.0869 6868 usbuhci - ok
16:19:34.0901 6868 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:19:34.0901 6868 UxSms - ok
16:19:34.0916 6868 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:19:34.0916 6868 VaultSvc - ok
16:19:35.0010 6868 [ 9DA04432FA510CF59864C6F6D047A722 ] VAWS Invoice Import - Initial C:\Program Files (x86)\Microsoft\VAWS-InvoiceImport-Setup\VAWS-InvoiceImport.exe
16:19:35.0010 6868 VAWS Invoice Import - Initial - ok
16:19:35.0057 6868 [ 18DB46BB0B9F05568E71A28F7481C9F5 ] VAWS Invoice Import - NEW C:\Program Files (x86)\Microsoft\VAWS-InvoiceImport-NEW\VAWS-InvoiceImport.exe
16:19:35.0057 6868 VAWS Invoice Import - NEW - ok
16:19:35.0088 6868 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:19:35.0088 6868 vdrvroot - ok
16:19:35.0119 6868 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:19:35.0135 6868 vds - ok
16:19:35.0150 6868 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:19:35.0150 6868 vga - ok
16:19:35.0181 6868 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:19:35.0181 6868 VgaSave - ok
16:19:35.0181 6868 VGPU - ok
16:19:35.0197 6868 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:19:35.0213 6868 vhdmp - ok
16:19:35.0228 6868 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:19:35.0228 6868 viaide - ok
16:19:35.0244 6868 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
16:19:35.0244 6868 vmbus - ok
16:19:35.0244 6868 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
16:19:35.0244 6868 VMBusHID - ok
16:19:35.0275 6868 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:19:35.0275 6868 volmgr - ok
16:19:35.0322 6868 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:19:35.0322 6868 volmgrx - ok
16:19:35.0337 6868 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:19:35.0337 6868 volsnap - ok
16:19:35.0369 6868 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
16:19:35.0369 6868 vpcbus - ok
16:19:35.0384 6868 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
16:19:35.0384 6868 vpcnfltr - ok
16:19:35.0400 6868 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
16:19:35.0400 6868 vpcusb - ok
16:19:35.0431 6868 [ 63F4E10873BEB4124028C6D1A66B0968 ] vpcuxd C:\Windows\system32\DRIVERS\vpcuxd.sys
16:19:35.0431 6868 vpcuxd - ok
16:19:35.0478 6868 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
16:19:35.0478 6868 vpcvmm - ok
16:19:35.0524 6868 [ 67DC9F0A01ED020B6AB3B41C18485038 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
16:19:35.0524 6868 vpnagent - ok
16:19:35.0571 6868 [ E526A69D932538AE8BC96B3F4A5A90B1 ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
16:19:35.0587 6868 vpnva - ok
16:19:35.0618 6868 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:19:35.0618 6868 vsmraid - ok
16:19:35.0665 6868 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:19:35.0680 6868 VSS - ok
16:19:35.0712 6868 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:19:35.0712 6868 vwifibus - ok
16:19:35.0727 6868 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:19:35.0727 6868 vwififlt - ok
16:19:35.0758 6868 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:19:35.0758 6868 W32Time - ok
16:19:35.0774 6868 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:19:35.0774 6868 WacomPen - ok
16:19:35.0836 6868 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:19:35.0836 6868 WANARP - ok
16:19:35.0852 6868 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:19:35.0852 6868 Wanarpv6 - ok
16:19:35.0899 6868 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:19:35.0914 6868 WatAdminSvc - ok
16:19:35.0977 6868 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:19:35.0977 6868 wbengine - ok
16:19:35.0992 6868 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:19:36.0008 6868 WbioSrvc - ok
16:19:36.0039 6868 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:19:36.0055 6868 wcncsvc - ok
16:19:36.0055 6868 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:19:36.0055 6868 WcsPlugInService - ok
16:19:36.0086 6868 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:19:36.0086 6868 Wd - ok
16:19:36.0117 6868 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
16:19:36.0117 6868 WDC_SAM - ok
16:19:36.0133 6868 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:19:36.0133 6868 Wdf01000 - ok
16:19:36.0148 6868 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:19:36.0148 6868 WdiServiceHost - ok
16:19:36.0148 6868 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:19:36.0164 6868 WdiSystemHost - ok
16:19:36.0164 6868 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:19:36.0180 6868 WebClient - ok
16:19:36.0180 6868 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:19:36.0180 6868 Wecsvc - ok
16:19:36.0195 6868 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:19:36.0195 6868 wercplsupport - ok
16:19:36.0226 6868 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:19:36.0226 6868 WerSvc - ok
16:19:36.0226 6868 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:19:36.0226 6868 WfpLwf - ok
16:19:36.0242 6868 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:19:36.0242 6868 WIMMount - ok
16:19:36.0273 6868 WinDefend - ok
16:19:36.0289 6868 WinHttpAutoProxySvc - ok
16:19:36.0320 6868 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:19:36.0320 6868 Winmgmt - ok
16:19:36.0398 6868 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:19:36.0414 6868 WinRM - ok
16:19:36.0429 6868 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:19:36.0445 6868 Wlansvc - ok
16:19:36.0476 6868 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:19:36.0476 6868 WmiAcpi - ok
16:19:36.0491 6868 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:19:36.0491 6868 wmiApSrv - ok
16:19:36.0507 6868 WMPNetworkSvc - ok
16:19:36.0507 6868 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:19:36.0507 6868 WPCSvc - ok
16:19:36.0523 6868 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:19:36.0523 6868 WPDBusEnum - ok
16:19:36.0523 6868 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:19:36.0523 6868 ws2ifsl - ok
16:19:36.0538 6868 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
16:19:36.0538 6868 wscsvc - ok
16:19:36.0538 6868 WSearch - ok
16:19:36.0616 6868 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:19:36.0647 6868 wuauserv - ok
16:19:36.0663 6868 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:19:36.0663 6868 WudfPf - ok
16:19:36.0679 6868 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:19:36.0694 6868 WUDFRd - ok
16:19:36.0694 6868 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:19:36.0694 6868 wudfsvc - ok
16:19:36.0710 6868 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:19:36.0710 6868 WwanSvc - ok
16:19:36.0741 6868 ================ Scan global ===============================
16:19:36.0741 6868 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:19:36.0788 6868 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
16:19:36.0788 6868 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
16:19:36.0819 6868 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:19:36.0835 6868 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:19:36.0835 6868 [Global] - ok
16:19:36.0835 6868 ================ Scan MBR ==================================
16:19:36.0850 6868 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:19:37.0131 6868 \Device\Harddisk0\DR0 - ok
16:19:37.0131 6868 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
16:19:37.0209 6868 \Device\Harddisk1\DR1 - ok
16:19:37.0209 6868 ================ Scan VBR ==================================
16:19:37.0240 6868 [ 66E8813922A6F10752793C6240D6B9D5 ] \Device\Harddisk0\DR0\Partition1
16:19:37.0240 6868 \Device\Harddisk0\DR0\Partition1 - ok
16:19:37.0256 6868 [ 83FDA1CE11CA1C34CC58A5BCEEBAFCBA ] \Device\Harddisk0\DR0\Partition2
16:19:37.0256 6868 \Device\Harddisk0\DR0\Partition2 - ok
16:19:37.0256 6868 [ 1F0125D9E125DAAF15EEC61D85429C6C ] \Device\Harddisk1\DR1\Partition1
16:19:37.0256 6868 \Device\Harddisk1\DR1\Partition1 - ok
16:19:37.0256 6868 ============================================================
16:19:37.0256 6868 Scan finished
16:19:37.0256 6868 ============================================================
16:19:37.0271 6864 Detected object count: 0
16:19:37.0271 6864 Actual detected object count: 0

=========================
MiniToolbox Log
=========================
MiniToolBox by Farbar Version: 25-11-2012
Ran by smith(administrator) on 26-11-2012 at 16:34:54
Running from "C:\Users\smith.MSIDOMAIN\Desktop\MBWORK"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "*.local"
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


207.166.197.82 purple-out 207.166.197.83 blue-out 207.166.197.84 green-out 207.166.197.85 orange-out 207.166.197.91 panda-out
192.168.1.23 purple 192.168.1.24 blue
192.168.1.25 green


69.84.41.130 python 69.84.41.131 dog 69.84.41.132 lemur


127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Connected)
Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64 = Local Area Connection 2 (Hardware not present)
Cisco Systems VPN Adapter for 64-bit Windows = Local Area Connection 2 (Hardware not present)
DW1501 Wireless-N WLAN Half-Mini Card = Wireless Network Connection (Media disconnected)
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

**** End of log ****

#4 Sightless

Sightless

  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Up in the Clouds
  • Local time:06:03 AM

Posted 27 November 2012 - 12:40 PM

Hi, let's try this.

Let's try an ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications (If given the option, choose "Quarantine" instead of delete.)
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Please download AdwCleaner by Xplode to your desktop.
  • Make sure all programs are closed
  • Doubleclick adwcleaner.exe
  • Click Delete
  • Press OK when prompted
  • Restart your computer when asked
  • Copy and paste the contents of the text files that opens after your computer restarts to a reply to this thread. (The log is also saved to C:\AdwCleaner[S1].txt)

Please include the following in your reply
ESET log
ADWCleaner log
Any questions/comments you may have

#5 Jen526

Jen526
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 28 November 2012 - 01:48 PM

ESET seems to have fixed it. :) Thanks very much!

(FYI, AVG yelled at me that AdwCleaner was malware. I did it anyway, since you guys seem better at stopping malware than AVG anyway ;) but thought I should mention it.)

===========================
ESET LOG:
===========================
C:\Users\smith.msidomain\AppData\Local\Google\Chrome\User Data\Default\Default\aadfdfdddfdddcgcdbdidcdcdegcdddh\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\smith.msidomain\AppData\Local\Google\Chrome\User Data\Default\Default\aadidjdddcdidjgfgbdjgbdidegfdgdc\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\smith.msidomain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TQZT5QHX\i[1].htm JS/Kryptik.NX trojan cleaned by deleting - quarantined
C:\Users\smith.msidomain\AppData\Local\Temp\A717.tmp a variant of Win32/Kryptik.AEEM trojan cleaned by deleting - quarantined
C:\Users\smith.msidomain\AppData\Local\Temp\D39.tmp a variant of Win32/Kryptik.AEEM trojan cleaned by deleting - quarantined
C:\Users\smith.msidomain\AppData\Local\Temp\jar_cache6511799495294154664.tmp Java/Exploit.CVE-2011-3544.AT trojan deleted - quarantined
C:\Users\smith.msidomain\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\2c516359-5cdd80c9 multiple threats deleted - quarantined
C:\Users\smith.msidomain\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\469d6db6-64cc2544 a variant of Java/Exploit.CVE-2011-3544.AQ trojan deleted - quarantined
C:\Users\smith.msidomain\AppData\Roaming\Mozilla\Firefox\Profiles\lm7f1g22.default\extensions\mdnbzdmzsh@mdnbzdmzsh.org.xpi JS/Redirector.NCA trojan deleted - quarantined
C:\Users\smith.msidomain\Downloads\WinZip170.exe a variant of Win32/OpenInstall application cleaned by deleting - quarantined

==========================
AdwCleaner Log
==========================
# AdwCleaner v2.009 - Logfile created 11/28/2012 at 11:05:21
# Updated 24/11/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : smith - JENNY
# Boot Mode : Normal
# Running from : C:\Users\smith.msidomain\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****

Key Deleted : HKCU\Software\IGearSettings

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (en-US)

-\\ Google Chrome v23.0.1271.91

*************************

AdwCleaner[S1].txt - [730 octets] - [28/11/2012 11:05:21]

########## EOF - C:\AdwCleaner[S1].txt - [789 octets] ##########

#6 Sightless

Sightless

  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Up in the Clouds
  • Local time:06:03 AM

Posted 28 November 2012 - 03:07 PM

Great to hear :) :thumbup2:

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:? Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

? Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:

Edited by Sightless, 28 November 2012 - 03:08 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users