Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Wsmsvc.dll locked" found by TDSSKill


  • Please log in to reply
4 replies to this topic

#1 efamily

efamily

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 29 December 2012 - 06:51 PM

I have a Dell Inspiron N4010 laptop running Windows 7 Home Premium (but not up to date with Windows Update). In fact that a symptom of my problem. My start-up is very, very slow, laptop is mostly unresponsive to mouse/keyboard, starts programs very, very slowly and it fails to run any Windows update. No event comes to mind which triggered this state I'm in.

First tactic ... system tools. In Task Manager I see that CPU usage is negligible while the laptop is unresponsive to mouse/keyboard. I was also unable to change the Windows Firewall settings where a Windows pop-up notified me of an error. In MSCONFIG, I disabled all start-up programs other than the OS with no improvement. Start-up in Safe Mode is better, but not 100%. In Normal start-up, I can get into Windows Update and it says I have 31 Important Updates, but fails even I just try to download/install just one at a time. Every once and awhile during shutdown, it does install a few windows updates (usually 6 ... this is suspicious). I haven't ruled out a problem with Windows OS becoming corrupted NOT due to malware or a virus.

Second tactic ... cleansing. I started with what seems to be a common approach from the forums I've read here.

I choose to begin in Normal Startup mode:
1. Ran Rkill (which ran for 5 hours, had a long log of things it did, but after it finished, it did seem to make the rest of the process responsive)
2. Ran TDSSKill (which found a suspicious "Wsmsvc.dll locked" which it copied to quarantine)
3. Ran Malwarebytes (which is pausing often where it doesn't even update the "Time elapsed" value, and sometimes unresponsive to even moving the window on the screen). For example, it was unresponsive for 1 hr 6 mins 2 scanning "C:\Program Files (x86)\Adobe\Elements Organizer 8.0\QNetwork4.dll". After Malwarebytes completed in 4 hours, it found 16 issues. Repaired and shutdown.

I restarted the whole process again in Safe mode with networking:
1. Ran Rkill (which completed within seconds with no issues)
2. Ran TDSSKill (which again found a suspicious "Wsmsvc.dll locked" which it skipped)
3. Ran Malwarebytes After it completed in 4 hours, it found 8 issues. Repaired and shutdown.

The problem still persists to some degree. With the suspicious Wsmsvc.dll locked, I'm not sure I'm on a track to find/repair whatever is really at the root of the problem.

Any guidance or knowledge of similar situations?

Rod

Edited by hamluis, 30 December 2012 - 11:36 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 efamily

efamily
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 01 January 2013 - 07:46 PM

http://www.bleepingcomputer.com/forums/topic480065.html

Thanks
Rod

#3 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:11:54 AM

Posted 05 January 2013 - 05:56 AM

Hi, efamily! I'm going to try to help you out. :)

If you still have TDSSKiller, please delete it, as we're downloading it again.

TDSSKiller

I need you to run a scan using TDSSKiller.

  • Download TDSSKiller from here, and save it to your desktop.
  • Double click the file to launch the program. Once the program starts, click Start Scan. Don't change any default scan settings.
  • Once the scan is finished, you'll find a log in your root drive (usually C: ) that will start with TDSS in the file name, please copy and paste it into your reply.

Malwarebytes

I need you to run a scan with Malwarebytes Anti-Malware.

  • Download MBAM from here, and save it to your desktop.
  • Double-click the installer to run it. During the installation, simply follow the prompts and let the program install. However, if you do not want to start a trial of the full version, please decline, and if offered any external toolbars/programs, feel free to uncheck to install them, unless you want them.
  • Once the program is done installing and updating, select the Perform full scan option on the main interface. The click the Scan button, hit Scan, and let the scan run.
  • Once the scan is finished, a log will pop up. If any malware was found, click the Show Results button, and make sure everything present is checked and click Remove Selected. If MBAM asks you to reboot, do so immediately. Either way, please copy and paste the log into your reply. If your PC is rebooted, you can find the log by opening up MBAM and going to the Logs tab.

AdwCleaner

I need you to run AdwCleaner to see if it removes anything.

  • Download AdwCleaner from here, and save it to your desktop.
  • Close all open programs.
  • Open the file on your desktop, and click the Delete button. Confirm operations at every prompt. Your PC will be rebooted after the final prompt.
  • Once rebooted, a text file will open up. Please copy and paste it into your reply.

RogueKiller

I need you to run RogueKiller to see if it removes anything.

  • Download RogueKiller from here, and save it to your desktop.
  • Close all open programs.
  • Double click the file on your desktop. Once the automatic check completes, hit the Scan button.
  • Once the full scan has finished, click on the Delete button. Once it's done removing things, open the newest log on your desktop (should be called RKreport[2].txt) and copy and paste it into your reply.

Please tell me how the PC is running in your next reply.

Gunto

Edited by Gunto, 05 January 2013 - 10:13 AM.

Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#4 efamily

efamily
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 06 January 2013 - 08:55 AM

Thanks for your help. In general, my laptop is running well now although:
- Wsmsvc.dll locked is still found/skipped by TDSSKiller
- every once and a while, the keyboard is unresponsive (although I'm now sometimes getting a message that the Bluetooth service could not be started)

Here are the logs you asked for:

TDSSKiller

16:11:04.0839 2224 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:11:05.0155 2224 ============================================================
16:11:05.0155 2224 Current date / time: 2013/01/05 16:11:05.0155
16:11:05.0155 2224 SystemInfo:
16:11:05.0155 2224
16:11:05.0155 2224 OS Version: 6.1.7601 ServicePack: 1.0
16:11:05.0155 2224 Product type: Workstation
16:11:05.0155 2224 ComputerName: HUNTER-PC
16:11:05.0156 2224 UserName: Hunter
16:11:05.0156 2224 Windows directory: C:\Windows
16:11:05.0156 2224 System windows directory: C:\Windows
16:11:05.0156 2224 Running under WOW64
16:11:05.0156 2224 Processor architecture: Intel x64
16:11:05.0156 2224 Number of processors: 4
16:11:05.0156 2224 Page size: 0x1000
16:11:05.0156 2224 Boot type: Normal boot
16:11:05.0156 2224 ============================================================
16:11:05.0860 2224 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:11:05.0872 2224 ============================================================
16:11:05.0872 2224 \Device\Harddisk0\DR0:
16:11:05.0873 2224 MBR partitions:
16:11:05.0873 2224 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
16:11:05.0873 2224 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030
16:11:05.0873 2224 ============================================================
16:11:05.0911 2224 C: <-> \Device\Harddisk0\DR0\Partition2
16:11:05.0911 2224 ============================================================
16:11:05.0911 2224 Initialize success
16:11:05.0911 2224 ============================================================
16:11:18.0597 4072 ============================================================
16:11:18.0597 4072 Scan started
16:11:18.0597 4072 Mode: Manual;
16:11:18.0597 4072 ============================================================
16:11:18.0938 4072 ================ Scan system memory ========================
16:11:18.0938 4072 System memory - ok
16:11:18.0939 4072 ================ Scan services =============================
16:11:19.0142 4072 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:11:19.0151 4072 1394ohci - ok
16:11:19.0211 4072 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:11:19.0219 4072 ACPI - ok
16:11:19.0249 4072 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:11:19.0272 4072 AcpiPmi - ok
16:11:19.0449 4072 [ 765FE0463E711E5A68AC7B69538ED922 ] AdobeActiveFileMonitor8.0 C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
16:11:19.0471 4072 AdobeActiveFileMonitor8.0 - ok
16:11:19.0673 4072 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:11:19.0677 4072 AdobeFlashPlayerUpdateSvc - ok
16:11:19.0741 4072 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:11:19.0782 4072 adp94xx - ok
16:11:19.0820 4072 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:11:19.0850 4072 adpahci - ok
16:11:19.0871 4072 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:11:19.0878 4072 adpu320 - ok
16:11:19.0904 4072 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:11:19.0910 4072 AeLookupSvc - ok
16:11:19.0980 4072 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
16:11:19.0996 4072 AERTFilters - ok
16:11:20.0063 4072 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:11:20.0073 4072 AFD - ok
16:11:20.0176 4072 [ 91637684AFBC847A563654C9B39A642C ] AffinegyService C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
16:11:21.0661 4072 AffinegyService - ok
16:11:21.0714 4072 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:11:21.0719 4072 agp440 - ok
16:11:21.0759 4072 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:11:21.0764 4072 ALG - ok
16:11:21.0798 4072 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:11:21.0813 4072 aliide - ok
16:11:21.0832 4072 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:11:21.0856 4072 amdide - ok
16:11:21.0898 4072 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:11:21.0904 4072 AmdK8 - ok
16:11:21.0919 4072 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:11:21.0944 4072 AmdPPM - ok
16:11:22.0003 4072 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:11:22.0011 4072 amdsata - ok
16:11:22.0039 4072 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:11:22.0064 4072 amdsbs - ok
16:11:22.0088 4072 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:11:22.0108 4072 amdxata - ok
16:11:22.0155 4072 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:11:22.0161 4072 AppID - ok
16:11:22.0194 4072 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:11:22.0195 4072 AppIDSvc - ok
16:11:22.0242 4072 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:11:22.0247 4072 Appinfo - ok
16:11:22.0287 4072 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
16:11:22.0311 4072 arc - ok
16:11:22.0335 4072 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:11:22.0353 4072 arcsas - ok
16:11:22.0375 4072 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:11:22.0379 4072 AsyncMac - ok
16:11:22.0440 4072 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:11:22.0445 4072 atapi - ok
16:11:22.0516 4072 [ AEC505976EF01BBD8F57CBA912F39259 ] athrusb6 C:\Windows\system32\DRIVERS\athrxu6.sys
16:11:22.0571 4072 athrusb6 - ok
16:11:22.0641 4072 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:11:22.0675 4072 AudioEndpointBuilder - ok
16:11:22.0707 4072 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:11:22.0715 4072 AudioSrv - ok
16:11:22.0770 4072 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:11:22.0777 4072 AxInstSV - ok
16:11:22.0841 4072 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
16:11:22.0888 4072 b06bdrv - ok
16:11:22.0931 4072 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:11:22.0957 4072 b57nd60a - ok
16:11:23.0076 4072 [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
16:11:23.0085 4072 BBSvc - ok
16:11:23.0199 4072 [ 8B5D16D20774FC3727F44E161BE2C0AC ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
16:11:23.0224 4072 BCM43XX - ok
16:11:23.0267 4072 [ D224B2E6BB543F1D8F1177D57FEC2950 ] BcmVWL C:\Windows\system32\DRIVERS\bcmvwl64.sys
16:11:23.0292 4072 BcmVWL - ok
16:11:23.0333 4072 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:11:23.0338 4072 BDESVC - ok
16:11:23.0387 4072 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:11:23.0390 4072 Beep - ok
16:11:23.0461 4072 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:11:23.0490 4072 BFE - ok
16:11:23.0576 4072 [ 8DC837789BBF0E1BEF252A8F7C101F7B ] BingDesktopUpdate C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
16:11:23.0604 4072 BingDesktopUpdate - ok
16:11:23.0737 4072 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
16:11:23.0769 4072 BITS - ok
16:11:23.0812 4072 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:11:23.0838 4072 blbdrive - ok
16:11:23.0891 4072 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:11:23.0896 4072 bowser - ok
16:11:23.0923 4072 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:11:23.0944 4072 BrFiltLo - ok
16:11:23.0970 4072 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:11:23.0987 4072 BrFiltUp - ok
16:11:24.0033 4072 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:11:24.0039 4072 Browser - ok
16:11:24.0062 4072 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:11:24.0090 4072 Brserid - ok
16:11:24.0111 4072 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:11:24.0132 4072 BrSerWdm - ok
16:11:24.0157 4072 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:11:24.0178 4072 BrUsbMdm - ok
16:11:24.0195 4072 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:11:24.0217 4072 BrUsbSer - ok
16:11:24.0290 4072 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
16:11:24.0295 4072 BthEnum - ok
16:11:24.0327 4072 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:11:24.0355 4072 BTHMODEM - ok
16:11:24.0388 4072 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:11:24.0389 4072 BthPan - ok
16:11:24.0427 4072 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
16:11:24.0436 4072 BTHPORT - ok
16:11:24.0487 4072 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:11:24.0490 4072 bthserv - ok
16:11:24.0509 4072 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
16:11:24.0513 4072 BTHUSB - ok
16:11:24.0578 4072 [ 2641A3FE3D7B0646308F33B67F3B5300 ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
16:11:24.0594 4072 btusbflt - ok
16:11:24.0646 4072 [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
16:11:24.0664 4072 btwaudio - ok
16:11:24.0694 4072 [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
16:11:24.0712 4072 btwavdt - ok
16:11:24.0791 4072 [ D65AA164ACD0F6706DBCFBBCC9731584 ] btwdins c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
16:11:24.0822 4072 btwdins - ok
16:11:24.0877 4072 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
16:11:24.0897 4072 btwl2cap - ok
16:11:24.0925 4072 [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
16:11:24.0948 4072 btwrchid - ok
16:11:25.0009 4072 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:11:25.0014 4072 cdfs - ok
16:11:25.0081 4072 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:11:25.0088 4072 cdrom - ok
16:11:25.0138 4072 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:11:25.0143 4072 CertPropSvc - ok
16:11:25.0193 4072 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:11:25.0217 4072 circlass - ok
16:11:25.0259 4072 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:11:25.0267 4072 CLFS - ok
16:11:25.0357 4072 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:11:25.0376 4072 clr_optimization_v2.0.50727_32 - ok
16:11:25.0427 4072 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:11:25.0470 4072 clr_optimization_v2.0.50727_64 - ok
16:11:25.0560 4072 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:11:25.0562 4072 clr_optimization_v4.0.30319_32 - ok
16:11:25.0596 4072 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:11:25.0599 4072 clr_optimization_v4.0.30319_64 - ok
16:11:25.0643 4072 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:11:25.0647 4072 CmBatt - ok
16:11:25.0688 4072 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:11:25.0707 4072 cmdide - ok
16:11:25.0776 4072 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
16:11:25.0798 4072 CNG - ok
16:11:25.0853 4072 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:11:25.0877 4072 Compbatt - ok
16:11:25.0932 4072 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:11:25.0936 4072 CompositeBus - ok
16:11:25.0945 4072 COMSysApp - ok
16:11:25.0962 4072 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:11:25.0981 4072 crcdisk - ok
16:11:26.0035 4072 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:11:26.0043 4072 CryptSvc - ok
16:11:26.0086 4072 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
16:11:26.0111 4072 CtClsFlt - ok
16:11:26.0192 4072 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:11:26.0201 4072 DcomLaunch - ok
16:11:26.0362 4072 [ 34AE0DFA3EE3B5B9975042D87332D0B7 ] DefaultTabUpdate C:\Users\Hunter\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
16:11:26.0367 4072 DefaultTabUpdate - ok
16:11:26.0409 4072 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:11:26.0419 4072 defragsvc - ok
16:11:26.0474 4072 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:11:26.0479 4072 DfsC - ok
16:11:26.0533 4072 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:11:26.0543 4072 Dhcp - ok
16:11:26.0582 4072 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:11:26.0584 4072 discache - ok
16:11:26.0628 4072 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:11:26.0633 4072 Disk - ok
16:11:26.0672 4072 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:11:26.0680 4072 Dnscache - ok
16:11:26.0764 4072 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
16:11:26.0782 4072 DockLoginService - ok
16:11:26.0822 4072 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:11:26.0834 4072 dot3svc - ok
16:11:26.0886 4072 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:11:26.0891 4072 DPS - ok
16:11:26.0944 4072 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:11:26.0949 4072 drmkaud - ok
16:11:27.0012 4072 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:11:27.0026 4072 DXGKrnl - ok
16:11:27.0071 4072 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:11:27.0077 4072 EapHost - ok
16:11:27.0181 4072 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
16:11:27.0307 4072 ebdrv - ok
16:11:27.0349 4072 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:11:27.0354 4072 EFS - ok
16:11:27.0450 4072 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:11:27.0484 4072 ehRecvr - ok
16:11:27.0522 4072 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:11:27.0528 4072 ehSched - ok
16:11:27.0577 4072 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:11:27.0621 4072 elxstor - ok
16:11:27.0697 4072 [ 7DB097F4F6786307168C0DDDEC43A565 ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
16:11:27.0724 4072 EPSON_EB_RPCV4_04 - ok
16:11:27.0763 4072 [ 258AA65A0862E19B7DE6981FDA3758AD ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
16:11:27.0780 4072 EPSON_PM_RPCV4_04 - ok
16:11:27.0814 4072 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:11:27.0819 4072 ErrDev - ok
16:11:27.0861 4072 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:11:27.0883 4072 EventSystem - ok
16:11:27.0909 4072 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:11:27.0917 4072 exfat - ok
16:11:27.0974 4072 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:11:27.0981 4072 fastfat - ok
16:11:28.0047 4072 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:11:28.0080 4072 Fax - ok
16:11:28.0103 4072 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:11:28.0122 4072 fdc - ok
16:11:28.0154 4072 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:11:28.0159 4072 fdPHost - ok
16:11:28.0171 4072 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:11:28.0176 4072 FDResPub - ok
16:11:28.0222 4072 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:11:28.0227 4072 FileInfo - ok
16:11:28.0246 4072 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:11:28.0250 4072 Filetrace - ok
16:11:28.0320 4072 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:11:28.0370 4072 FLEXnet Licensing Service - ok
16:11:28.0401 4072 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:11:28.0423 4072 flpydisk - ok
16:11:28.0466 4072 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:11:28.0474 4072 FltMgr - ok
16:11:28.0537 4072 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
16:11:28.0583 4072 FontCache - ok
16:11:28.0632 4072 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:11:28.0650 4072 FontCache3.0.0.0 - ok
16:11:28.0682 4072 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:11:28.0687 4072 FsDepends - ok
16:11:28.0738 4072 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\drivers\fssfltr.sys
16:11:28.0771 4072 fssfltr - ok
16:11:28.0900 4072 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
16:11:29.0030 4072 fsssvc - ok
16:11:29.0075 4072 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:11:29.0078 4072 Fs_Rec - ok
16:11:29.0139 4072 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:11:29.0145 4072 fvevol - ok
16:11:29.0202 4072 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:11:29.0224 4072 gagp30kx - ok
16:11:29.0308 4072 [ 551D463E4CCEB5240234DA6718C93A44 ] GameConsoleService C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
16:11:29.0356 4072 GameConsoleService - ok
16:11:29.0441 4072 [ E80C14B9C6E5B57BB7710B356857A964 ] gfiark C:\Windows\system32\drivers\gfiark.sys
16:11:29.0457 4072 gfiark - ok
16:11:29.0656 4072 [ AD826942E10F8D18C29E365CE426A21B ] gfi_lanss10_attservice C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe
16:11:29.0663 4072 gfi_lanss10_attservice - ok
16:11:29.0722 4072 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
16:11:29.0749 4072 GoToAssist - ok
16:11:29.0805 4072 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:11:29.0839 4072 gpsvc - ok
16:11:29.0948 4072 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:11:29.0950 4072 gupdate - ok
16:11:30.0006 4072 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:11:30.0008 4072 gupdatem - ok
16:11:30.0073 4072 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:11:30.0102 4072 gusvc - ok
16:11:30.0145 4072 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:11:30.0151 4072 hcw85cir - ok
16:11:30.0208 4072 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:11:30.0211 4072 HDAudBus - ok
16:11:30.0260 4072 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
16:11:30.0278 4072 HECIx64 - ok
16:11:30.0303 4072 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:11:30.0325 4072 HidBatt - ok
16:11:30.0351 4072 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:11:30.0368 4072 HidBth - ok
16:11:30.0376 4072 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:11:30.0394 4072 HidIr - ok
16:11:30.0430 4072 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
16:11:30.0435 4072 hidserv - ok
16:11:30.0501 4072 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:11:30.0505 4072 HidUsb - ok
16:11:30.0541 4072 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:11:30.0548 4072 hkmsvc - ok
16:11:30.0604 4072 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:11:30.0614 4072 HomeGroupListener - ok
16:11:30.0633 4072 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:11:30.0640 4072 HomeGroupProvider - ok
16:11:30.0675 4072 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:11:30.0695 4072 HpSAMD - ok
16:11:30.0743 4072 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:11:30.0766 4072 HTTP - ok
16:11:30.0814 4072 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:11:30.0815 4072 hwpolicy - ok
16:11:30.0867 4072 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:11:30.0873 4072 i8042prt - ok
16:11:30.0921 4072 [ 42E00996DFC13C46366689C0EA8ABC5E ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
16:11:30.0927 4072 iaStor - ok
16:11:30.0975 4072 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:11:31.0012 4072 iaStorV - ok
16:11:31.0087 4072 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:11:31.0142 4072 idsvc - ok
16:11:31.0444 4072 [ F4F91789C7C7A159CE8215C1F69F2A85 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
16:11:32.0153 4072 igfx - ok
16:11:32.0206 4072 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:11:32.0230 4072 iirsp - ok
16:11:32.0314 4072 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:11:32.0348 4072 IKEEXT - ok
16:11:32.0393 4072 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
16:11:32.0414 4072 Impcd - ok
16:11:32.0496 4072 [ 697C927E0DE2ABAF1A5F455033F687CD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:11:32.0545 4072 IntcAzAudAddService - ok
16:11:32.0610 4072 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
16:11:32.0632 4072 IntcDAud - ok
16:11:32.0682 4072 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:11:32.0707 4072 intelide - ok
16:11:32.0757 4072 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:11:32.0758 4072 intelppm - ok
16:11:32.0794 4072 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:11:32.0800 4072 IPBusEnum - ok
16:11:32.0865 4072 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:11:32.0870 4072 IpFilterDriver - ok
16:11:32.0965 4072 [ 08C2957BB30058E663720C5606885653 ] IpHlpSvc C:\Windows\System32\iphlpsvc.dll
16:11:32.0987 4072 IpHlpSvc - ok
16:11:33.0028 4072 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:11:33.0052 4072 IPMIDRV - ok
16:11:33.0117 4072 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:11:33.0122 4072 IPNAT - ok
16:11:33.0154 4072 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:11:33.0158 4072 IRENUM - ok
16:11:33.0203 4072 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:11:33.0207 4072 isapnp - ok
16:11:33.0242 4072 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:11:33.0246 4072 iScsiPrt - ok
16:11:33.0271 4072 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
16:11:33.0274 4072 kbdclass - ok
16:11:33.0301 4072 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
16:11:33.0306 4072 kbdhid - ok
16:11:33.0325 4072 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:11:33.0328 4072 KeyIso - ok
16:11:33.0372 4072 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:11:33.0377 4072 KSecDD - ok
16:11:33.0419 4072 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:11:33.0425 4072 KSecPkg - ok
16:11:33.0478 4072 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:11:33.0482 4072 ksthunk - ok
16:11:33.0531 4072 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:11:33.0553 4072 KtmRm - ok
16:11:33.0577 4072 [ 39918DB0EFCF045A1CE6FABBF339F975 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
16:11:33.0602 4072 L1C - ok
16:11:33.0660 4072 [ 86F06574763A0E7CDCD57DD85632E44F ] LADF_BakerCOnly C:\Windows\system32\DRIVERS\ladfBakerCamd64.sys
16:11:33.0713 4072 LADF_BakerCOnly - ok
16:11:33.0787 4072 [ 89B4981F949A14148365DE8D98A310B5 ] LADF_BakerROnly C:\Windows\system32\DRIVERS\ladfBakerRamd64.sys
16:11:33.0834 4072 LADF_BakerROnly - ok
16:11:33.0903 4072 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:11:33.0914 4072 LanmanServer - ok
16:11:33.0959 4072 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:11:33.0968 4072 LanmanWorkstation - ok
16:11:34.0009 4072 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:11:34.0013 4072 lltdio - ok
16:11:34.0065 4072 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:11:34.0085 4072 lltdsvc - ok
16:11:34.0105 4072 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:11:34.0111 4072 lmhosts - ok
16:11:34.0183 4072 [ 7485FBCEF9136F530953575E2977859D ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
16:11:34.0207 4072 LMS - ok
16:11:34.0260 4072 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:11:34.0284 4072 LSI_FC - ok
16:11:34.0309 4072 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:11:34.0329 4072 LSI_SAS - ok
16:11:34.0353 4072 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:11:34.0379 4072 LSI_SAS2 - ok
16:11:34.0388 4072 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:11:34.0424 4072 LSI_SCSI - ok
16:11:34.0449 4072 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:11:34.0455 4072 luafv - ok
16:11:34.0505 4072 McAfee SiteAdvisor Service - ok
16:11:34.0533 4072 McMPFSvc - ok
16:11:34.0543 4072 mcmscsvc - ok
16:11:34.0556 4072 McNaiAnn - ok
16:11:34.0563 4072 McNASvc - ok
16:11:34.0598 4072 McODS - ok
16:11:34.0607 4072 McProxy - ok
16:11:34.0659 4072 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:11:34.0666 4072 Mcx2Svc - ok
16:11:34.0685 4072 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:11:34.0705 4072 megasas - ok
16:11:34.0741 4072 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:11:34.0767 4072 MegaSR - ok
16:11:34.0806 4072 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:11:34.0810 4072 MMCSS - ok
16:11:34.0829 4072 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:11:34.0834 4072 Modem - ok
16:11:34.0868 4072 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:11:34.0870 4072 monitor - ok
16:11:34.0919 4072 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
16:11:34.0922 4072 mouclass - ok
16:11:34.0961 4072 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:11:34.0965 4072 mouhid - ok
16:11:35.0005 4072 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:11:35.0008 4072 mountmgr - ok
16:11:35.0087 4072 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
16:11:35.0134 4072 MpFilter - ok
16:11:35.0163 4072 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:11:35.0170 4072 mpio - ok
16:11:35.0204 4072 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:11:35.0209 4072 mpsdrv - ok
16:11:35.0295 4072 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:11:35.0328 4072 MpsSvc - ok
16:11:35.0361 4072 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:11:35.0368 4072 MRxDAV - ok
16:11:35.0418 4072 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:11:35.0425 4072 mrxsmb - ok
16:11:35.0473 4072 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:11:35.0483 4072 mrxsmb10 - ok
16:11:35.0503 4072 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:11:35.0510 4072 mrxsmb20 - ok
16:11:35.0543 4072 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:11:35.0561 4072 msahci - ok
16:11:35.0593 4072 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:11:35.0600 4072 msdsm - ok
16:11:35.0638 4072 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:11:35.0647 4072 MSDTC - ok
16:11:35.0687 4072 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:11:35.0692 4072 Msfs - ok
16:11:35.0719 4072 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:11:35.0723 4072 mshidkmdf - ok
16:11:35.0749 4072 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:11:35.0752 4072 msisadrv - ok
16:11:35.0794 4072 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:11:35.0803 4072 MSiSCSI - ok
16:11:35.0809 4072 msiserver - ok
16:11:35.0829 4072 MSK80Service - ok
16:11:35.0874 4072 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:11:35.0878 4072 MSKSSRV - ok
16:11:35.0954 4072 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:11:35.0955 4072 MsMpSvc - ok
16:11:35.0971 4072 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:11:35.0975 4072 MSPCLOCK - ok
16:11:35.0981 4072 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:11:35.0985 4072 MSPQM - ok
16:11:36.0032 4072 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:11:36.0042 4072 MsRPC - ok
16:11:36.0084 4072 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:11:36.0085 4072 mssmbios - ok
16:11:36.0102 4072 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:11:36.0108 4072 MSTEE - ok
16:11:36.0127 4072 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:11:36.0146 4072 MTConfig - ok
16:11:36.0169 4072 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:11:36.0173 4072 Mup - ok
16:11:36.0230 4072 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:11:36.0253 4072 napagent - ok
16:11:36.0298 4072 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:11:36.0308 4072 NativeWifiP - ok
16:11:36.0371 4072 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:11:36.0403 4072 NDIS - ok
16:11:36.0427 4072 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:11:36.0432 4072 NdisCap - ok
16:11:36.0488 4072 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:11:36.0493 4072 NdisTapi - ok
16:11:36.0538 4072 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:11:36.0543 4072 Ndisuio - ok
16:11:36.0577 4072 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:11:36.0584 4072 NdisWan - ok
16:11:36.0633 4072 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:11:36.0638 4072 NDProxy - ok
16:11:36.0661 4072 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:11:36.0667 4072 NetBIOS - ok
16:11:36.0712 4072 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:11:36.0718 4072 NetBT - ok
16:11:36.0736 4072 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:11:36.0739 4072 Netlogon - ok
16:11:36.0784 4072 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:11:36.0807 4072 Netman - ok
16:11:36.0833 4072 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:11:36.0841 4072 netprofm - ok
16:11:36.0877 4072 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:11:36.0884 4072 NetTcpPortSharing - ok
16:11:36.0937 4072 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:11:36.0942 4072 nfrd960 - ok
16:11:36.0973 4072 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:11:36.0983 4072 NlaSvc - ok
16:11:36.0998 4072 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:11:37.0003 4072 Npfs - ok
16:11:37.0034 4072 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:11:37.0039 4072 nsi - ok
16:11:37.0047 4072 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:11:37.0048 4072 nsiproxy - ok
16:11:37.0128 4072 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:11:37.0207 4072 Ntfs - ok
16:11:37.0226 4072 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:11:37.0230 4072 Null - ok
16:11:37.0277 4072 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:11:37.0297 4072 nvraid - ok
16:11:37.0340 4072 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:11:37.0366 4072 nvstor - ok
16:11:37.0403 4072 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:11:37.0429 4072 nv_agp - ok
16:11:37.0466 4072 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:11:37.0470 4072 ohci1394 - ok
16:11:37.0563 4072 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:11:37.0585 4072 ose - ok
16:11:37.0778 4072 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:11:37.0957 4072 osppsvc - ok
16:11:37.0998 4072 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:11:38.0004 4072 p2pimsvc - ok
16:11:38.0047 4072 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:11:38.0070 4072 p2psvc - ok
16:11:38.0111 4072 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:11:38.0139 4072 Parport - ok
16:11:38.0175 4072 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:11:38.0180 4072 partmgr - ok
16:11:38.0197 4072 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:11:38.0207 4072 PcaSvc - ok
16:11:38.0259 4072 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:11:38.0265 4072 pci - ok
16:11:38.0295 4072 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:11:38.0300 4072 pciide - ok
16:11:38.0341 4072 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:11:38.0365 4072 pcmcia - ok
16:11:38.0480 4072 [ 4678535614BD147D1ED6F0830EA0E540 ] PCToolsSSDMonitorSvc C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
16:11:38.0515 4072 PCToolsSSDMonitorSvc - ok
16:11:38.0539 4072 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:11:38.0542 4072 pcw - ok
16:11:38.0597 4072 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:11:38.0620 4072 PEAUTH - ok
16:11:38.0728 4072 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:11:38.0735 4072 PerfHost - ok
16:11:38.0824 4072 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:11:38.0880 4072 pla - ok
16:11:38.0933 4072 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:11:38.0945 4072 PlugPlay - ok
16:11:38.0980 4072 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:11:38.0986 4072 PNRPAutoReg - ok
16:11:39.0011 4072 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:11:39.0016 4072 PNRPsvc - ok
16:11:39.0043 4072 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:11:39.0066 4072 PolicyAgent - ok
16:11:39.0109 4072 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:11:39.0116 4072 Power - ok
16:11:39.0162 4072 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:11:39.0168 4072 PptpMiniport - ok
16:11:39.0185 4072 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:11:39.0210 4072 Processor - ok
16:11:39.0260 4072 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:11:39.0271 4072 ProfSvc - ok
16:11:39.0290 4072 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:11:39.0292 4072 ProtectedStorage - ok
16:11:39.0349 4072 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:11:39.0353 4072 Psched - ok
16:11:39.0390 4072 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
16:11:39.0407 4072 PxHlpa64 - ok
16:11:39.0488 4072 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:11:39.0584 4072 ql2300 - ok
16:11:39.0629 4072 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:11:39.0649 4072 ql40xx - ok
16:11:39.0695 4072 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:11:39.0705 4072 QWAVE - ok
16:11:39.0718 4072 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:11:39.0720 4072 QWAVEdrv - ok
16:11:39.0753 4072 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:11:39.0757 4072 RasAcd - ok
16:11:39.0804 4072 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:11:39.0809 4072 RasAgileVpn - ok
16:11:39.0825 4072 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:11:39.0834 4072 RasAuto - ok
16:11:39.0880 4072 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:11:39.0887 4072 Rasl2tp - ok
16:11:39.0935 4072 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:11:39.0958 4072 RasMan - ok
16:11:40.0000 4072 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:11:40.0005 4072 RasPppoe - ok
16:11:40.0019 4072 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:11:40.0024 4072 RasSstp - ok
16:11:40.0071 4072 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:11:40.0081 4072 rdbss - ok
16:11:40.0100 4072 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:11:40.0120 4072 rdpbus - ok
16:11:40.0142 4072 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:11:40.0143 4072 RDPCDD - ok
16:11:40.0176 4072 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:11:40.0177 4072 RDPENCDD - ok
16:11:40.0187 4072 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:11:40.0188 4072 RDPREFMP - ok
16:11:40.0235 4072 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:11:40.0243 4072 RDPWD - ok
16:11:40.0304 4072 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:11:40.0312 4072 rdyboost - ok
16:11:40.0372 4072 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:11:40.0380 4072 RemoteAccess - ok
16:11:40.0411 4072 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:11:40.0421 4072 RemoteRegistry - ok
16:11:40.0470 4072 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
16:11:40.0477 4072 RFCOMM - ok
16:11:40.0494 4072 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:11:40.0502 4072 RpcEptMapper - ok
16:11:40.0535 4072 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:11:40.0541 4072 RpcLocator - ok
16:11:40.0588 4072 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:11:40.0597 4072 RpcSs - ok
16:11:40.0650 4072 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:11:40.0655 4072 rspndr - ok
16:11:40.0697 4072 [ 907C4464381B5EBDFDC60F6C7D0DEDFC ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
16:11:40.0705 4072 RSUSBSTOR - ok
16:11:40.0720 4072 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:11:40.0723 4072 SamSs - ok
16:11:40.0891 4072 [ 65EB0656904DC611A3FC86A2FF255A04 ] SBAMSvc C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe
16:11:40.0911 4072 SBAMSvc - ok
16:11:40.0940 4072 [ 8F19D62B04081C0BFF1E8D6F26220A28 ] sbapifs C:\Windows\system32\DRIVERS\sbapifs.sys
16:11:40.0964 4072 sbapifs - ok
16:11:41.0017 4072 [ D8E08D2D24E777894744B657EA78796A ] SbFw C:\Windows\system32\drivers\SbFw.sys
16:11:41.0044 4072 SbFw - ok
16:11:41.0098 4072 [ 9AEF0F267553FD9C900E9449B61586B7 ] SBFWIMCL C:\Windows\system32\DRIVERS\sbfwim.sys
16:11:41.0131 4072 SBFWIMCL - ok
16:11:41.0172 4072 [ 9AEF0F267553FD9C900E9449B61586B7 ] SBFWIMCLMP C:\Windows\system32\DRIVERS\SBFWIM.sys
16:11:41.0175 4072 SBFWIMCLMP - ok
16:11:41.0196 4072 [ 1490E7C7A22329BE5641D4C2E16B868E ] sbhips C:\Windows\system32\drivers\sbhips.sys
16:11:41.0218 4072 sbhips - ok
16:11:41.0269 4072 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:11:41.0298 4072 sbp2port - ok
16:11:41.0344 4072 [ 2F237D2248C7EA1B566AA106BB834A21 ] SBPIMSvc C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe
16:11:41.0382 4072 SBPIMSvc - ok
16:11:41.0448 4072 [ 051C35F5FF516398FFC806979C709A2F ] sbwtis C:\Windows\system32\DRIVERS\sbwtis.sys
16:11:41.0465 4072 sbwtis - ok
16:11:41.0506 4072 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:11:41.0518 4072 SCardSvr - ok
16:11:41.0563 4072 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:11:41.0568 4072 scfilter - ok
16:11:41.0630 4072 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:11:41.0676 4072 Schedule - ok
16:11:41.0713 4072 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:11:41.0714 4072 SCPolicySvc - ok
16:11:41.0751 4072 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:11:41.0761 4072 SDRSVC - ok
16:11:41.0867 4072 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
16:11:41.0886 4072 SeaPort - ok
16:11:41.0940 4072 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:11:41.0963 4072 secdrv - ok
16:11:41.0994 4072 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:11:42.0001 4072 seclogon - ok
16:11:42.0041 4072 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
16:11:42.0049 4072 SENS - ok
16:11:42.0066 4072 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:11:42.0073 4072 SensrSvc - ok
16:11:42.0112 4072 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:11:42.0133 4072 Serenum - ok
16:11:42.0170 4072 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:11:42.0192 4072 Serial - ok
16:11:42.0249 4072 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:11:42.0253 4072 sermouse - ok
16:11:42.0298 4072 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:11:42.0306 4072 SessionEnv - ok
16:11:42.0347 4072 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:11:42.0352 4072 sffdisk - ok
16:11:42.0372 4072 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:11:42.0377 4072 sffp_mmc - ok
16:11:42.0389 4072 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:11:42.0394 4072 sffp_sd - ok
16:11:42.0436 4072 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:11:42.0459 4072 sfloppy - ok
16:11:42.0547 4072 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
16:11:42.0580 4072 SftService - ok
16:11:42.0633 4072 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:11:42.0656 4072 SharedAccess - ok
16:11:42.0699 4072 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:11:42.0721 4072 ShellHWDetection - ok
16:11:42.0745 4072 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:11:42.0771 4072 SiSRaid2 - ok
16:11:42.0803 4072 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:11:42.0828 4072 SiSRaid4 - ok
16:11:43.0112 4072 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
16:11:43.0138 4072 SkypeUpdate - ok
16:11:43.0169 4072 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:11:43.0174 4072 Smb - ok
16:11:43.0204 4072 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:11:43.0210 4072 SNMPTRAP - ok
16:11:43.0240 4072 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:11:43.0241 4072 spldr - ok
16:11:43.0295 4072 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:11:43.0322 4072 Spooler - ok
16:11:43.0443 4072 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:11:43.0463 4072 sppsvc - ok
16:11:43.0502 4072 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:11:43.0506 4072 sppuinotify - ok
16:11:43.0599 4072 [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
16:11:43.0603 4072 sprtsvc_DellSupportCenter - ok
16:11:43.0683 4072 [ A15860E920B02C9A7CE8F3A6C2FF1E3A ] sptd C:\Windows\System32\Drivers\sptd.sys
16:11:43.0748 4072 sptd - ok
16:11:43.0812 4072 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:11:43.0834 4072 srv - ok
16:11:43.0849 4072 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:11:43.0860 4072 srv2 - ok
16:11:43.0878 4072 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:11:43.0885 4072 srvnet - ok
16:11:43.0934 4072 [ ED161B91FDF7EAA39469D72D463D5F4E ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
16:11:43.0954 4072 sscdbus - ok
16:11:43.0996 4072 [ 4CB09E77593DBD8D7AF33B37375CA715 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
16:11:44.0016 4072 sscdmdfl - ok
16:11:44.0036 4072 [ C7B4CF53497A6E5363F3439427663882 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
16:11:44.0063 4072 sscdmdm - ok
16:11:44.0098 4072 [ 05FFA552F578E27AB2D41B6828DB477F ] sscdserd C:\Windows\system32\DRIVERS\sscdserd.sys
16:11:44.0123 4072 sscdserd - ok
16:11:44.0184 4072 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:11:44.0195 4072 SSDPSRV - ok
16:11:44.0217 4072 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:11:44.0224 4072 SstpSvc - ok
16:11:44.0267 4072 Steam Client Service - ok
16:11:44.0301 4072 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:11:44.0327 4072 stexstor - ok
16:11:44.0382 4072 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:11:44.0412 4072 stisvc - ok
16:11:44.0451 4072 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
16:11:44.0471 4072 swenum - ok
16:11:44.0520 4072 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:11:44.0543 4072 swprv - ok
16:11:44.0553 4072 sxuptp - ok
16:11:44.0602 4072 [ 56F16A398AFFE40AFAB04BA0081CDC27 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
16:11:44.0629 4072 SynTP - ok
16:11:44.0703 4072 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:11:44.0760 4072 SysMain - ok
16:11:44.0808 4072 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:11:44.0817 4072 TabletInputService - ok
16:11:44.0858 4072 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:11:44.0880 4072 TapiSrv - ok
16:11:44.0916 4072 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:11:44.0921 4072 TBS - ok
16:11:44.0996 4072 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:11:45.0063 4072 Tcpip - ok
16:11:45.0150 4072 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:11:45.0170 4072 TCPIP6 - ok
16:11:45.0209 4072 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:11:45.0213 4072 tcpipreg - ok
16:11:45.0249 4072 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:11:45.0253 4072 TDPIPE - ok
16:11:45.0293 4072 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:11:45.0297 4072 TDTCP - ok
16:11:45.0340 4072 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:11:45.0345 4072 tdx - ok
16:11:45.0387 4072 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:11:45.0390 4072 TermDD - ok
16:11:45.0449 4072 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:11:45.0483 4072 TermService - ok
16:11:45.0524 4072 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:11:45.0531 4072 Themes - ok
16:11:45.0559 4072 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:11:45.0562 4072 THREADORDER - ok
16:11:45.0578 4072 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:11:45.0587 4072 TrkWks - ok
16:11:45.0641 4072 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:11:45.0645 4072 TrustedInstaller - ok
16:11:45.0700 4072 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:11:45.0704 4072 tssecsrv - ok
16:11:45.0783 4072 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:11:45.0788 4072 TsUsbFlt - ok
16:11:45.0842 4072 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:11:45.0849 4072 tunnel - ok
16:11:45.0897 4072 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:11:45.0935 4072 uagp35 - ok
16:11:45.0983 4072 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:11:45.0994 4072 udfs - ok
16:11:46.0041 4072 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:11:46.0048 4072 UI0Detect - ok
16:11:46.0102 4072 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:11:46.0119 4072 uliagpkx - ok
16:11:46.0168 4072 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:11:46.0173 4072 umbus - ok
16:11:46.0217 4072 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:11:46.0235 4072 UmPass - ok
16:11:46.0366 4072 [ 765F2DD351BA064F657751D8D75E58C0 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
16:11:46.0385 4072 UNS - ok
16:11:46.0438 4072 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:11:46.0447 4072 upnphost - ok
16:11:46.0498 4072 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
16:11:46.0504 4072 usbaudio - ok
16:11:46.0546 4072 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:11:46.0551 4072 usbccgp - ok
16:11:46.0599 4072 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:11:46.0623 4072 usbcir - ok
16:11:46.0648 4072 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
16:11:46.0652 4072 usbehci - ok
16:11:46.0684 4072 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:11:46.0694 4072 usbhub - ok
16:11:46.0719 4072 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:11:46.0731 4072 usbohci - ok
16:11:46.0784 4072 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:11:46.0789 4072 usbprint - ok
16:11:46.0828 4072 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:11:46.0845 4072 usbscan - ok
16:11:46.0882 4072 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:11:46.0899 4072 USBSTOR - ok
16:11:46.0931 4072 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:11:46.0937 4072 usbuhci - ok
16:11:46.0990 4072 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
16:11:46.0998 4072 usbvideo - ok
16:11:47.0031 4072 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:11:47.0039 4072 UxSms - ok
16:11:47.0049 4072 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:11:47.0052 4072 VaultSvc - ok
16:11:47.0079 4072 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:11:47.0083 4072 vdrvroot - ok
16:11:47.0131 4072 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:11:47.0161 4072 vds - ok
16:11:47.0193 4072 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:11:47.0212 4072 vga - ok
16:11:47.0253 4072 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:11:47.0257 4072 VgaSave - ok
16:11:47.0306 4072 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:11:47.0315 4072 vhdmp - ok
16:11:47.0358 4072 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:11:47.0380 4072 viaide - ok
16:11:47.0404 4072 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:11:47.0409 4072 volmgr - ok
16:11:47.0452 4072 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:11:47.0460 4072 volmgrx - ok
16:11:47.0473 4072 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:11:47.0483 4072 volsnap - ok
16:11:47.0564 4072 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:11:47.0590 4072 vsmraid - ok
16:11:47.0649 4072 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:11:47.0685 4072 VSS - ok
16:11:47.0710 4072 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:11:47.0714 4072 vwifibus - ok
16:11:47.0763 4072 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:11:47.0768 4072 vwififlt - ok
16:11:47.0802 4072 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:11:47.0824 4072 W32Time - ok
16:11:47.0843 4072 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:11:47.0864 4072 WacomPen - ok
16:11:47.0939 4072 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:11:47.0944 4072 WANARP - ok
16:11:47.0957 4072 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:11:47.0959 4072 Wanarpv6 - ok
16:11:48.0031 4072 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:11:48.0047 4072 WatAdminSvc - ok
16:11:48.0141 4072 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:11:48.0198 4072 wbengine - ok
16:11:48.0257 4072 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:11:48.0269 4072 WbioSrvc - ok
16:11:48.0323 4072 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:11:48.0346 4072 wcncsvc - ok
16:11:48.0367 4072 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:11:48.0374 4072 WcsPlugInService - ok
16:11:48.0408 4072 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:11:48.0423 4072 Wd - ok
16:11:48.0479 4072 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:11:48.0514 4072 Wdf01000 - ok
16:11:48.0554 4072 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:11:48.0562 4072 WdiServiceHost - ok
16:11:48.0568 4072 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:11:48.0573 4072 WdiSystemHost - ok
16:11:48.0638 4072 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:11:48.0660 4072 WebClient - ok
16:11:48.0679 4072 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:11:48.0690 4072 Wecsvc - ok
16:11:48.0707 4072 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:11:48.0713 4072 wercplsupport - ok
16:11:48.0733 4072 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:11:48.0742 4072 WerSvc - ok
16:11:48.0790 4072 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:11:48.0794 4072 WfpLwf - ok
16:11:48.0833 4072 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
16:11:48.0863 4072 WimFltr - ok
16:11:48.0879 4072 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:11:48.0884 4072 WIMMount - ok
16:11:48.0934 4072 WinDefend - ok
16:11:48.0941 4072 WinHttpAutoProxySvc - ok
16:11:49.0009 4072 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:11:49.0017 4072 Winmgmt - ok
16:11:51.0268 4072 [ 6B41F54D52A852D9E58151DCCF762C50 ] WinRM C:\Windows\system32\WsmSvc.dll
16:17:26.0968 4072 Suspicious file (NoAccess): C:\Windows\system32\WsmSvc.dll. md5: 6B41F54D52A852D9E58151DCCF762C50
16:17:26.0982 4072 WinRM ( LockedFile.Multi.Generic ) - warning
16:17:26.0982 4072 WinRM - detected LockedFile.Multi.Generic (1)
16:17:27.0329 4072 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:17:27.0333 4072 WinUsb - ok
16:17:27.0472 4072 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:17:27.0526 4072 Wlansvc - ok
16:17:28.0018 4072 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:17:28.0086 4072 wlidsvc - ok
16:17:28.0201 4072 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:17:28.0202 4072 WmiAcpi - ok
16:17:28.0277 4072 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:17:28.0283 4072 wmiApSrv - ok
16:17:28.0352 4072 WMPNetworkSvc - ok
16:17:28.0416 4072 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:17:28.0425 4072 WPCSvc - ok
16:17:28.0582 4072 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:17:28.0590 4072 WPDBusEnum - ok
16:17:28.0682 4072 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:17:28.0691 4072 ws2ifsl - ok
16:17:28.0805 4072 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
16:17:28.0815 4072 wscsvc - ok
16:17:28.0822 4072 WSearch - ok
16:17:29.0263 4072 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:17:29.0339 4072 wuauserv - ok
16:17:29.0387 4072 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:17:29.0392 4072 WudfPf - ok
16:17:29.0433 4072 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:17:29.0442 4072 WUDFRd - ok
16:17:29.0520 4072 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:17:29.0528 4072 wudfsvc - ok
16:17:29.0614 4072 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:17:29.0621 4072 WwanSvc - ok
16:17:29.0668 4072 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
16:17:29.0916 4072 xusb21 - ok
16:17:29.0970 4072 ================ Scan global ===============================
16:17:30.0011 4072 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:17:30.0071 4072 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
16:17:30.0101 4072 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
16:17:30.0148 4072 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:17:30.0230 4072 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:17:30.0251 4072 [Global] - ok
16:17:30.0251 4072 ================ Scan MBR ==================================
16:17:30.0269 4072 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:17:31.0868 4072 \Device\Harddisk0\DR0 - ok
16:17:31.0869 4072 ================ Scan VBR ==================================
16:17:31.0900 4072 [ ED75AB26FBAF686353F813AF6B1F0B6F ] \Device\Harddisk0\DR0\Partition1
16:17:31.0904 4072 \Device\Harddisk0\DR0\Partition1 - ok
16:17:31.0921 4072 [ BB14EE8745498D2317F6879F7F6031A2 ] \Device\Harddisk0\DR0\Partition2
16:17:31.0924 4072 \Device\Harddisk0\DR0\Partition2 - ok
16:17:31.0925 4072 ============================================================
16:17:31.0925 4072 Scan finished
16:17:31.0925 4072 ============================================================
16:17:31.0937 4696 Detected object count: 1
16:17:31.0937 4696 Actual detected object count: 1
16:17:37.0450 4696 WinRM ( LockedFile.Multi.Generic ) - skipped by user
16:17:37.0450 4696 WinRM ( LockedFile.Multi.Generic ) - User select action: Skip

Malwarebytes

Sorry, I couldn't find the log (after reboot),but it reported that it found no threats

AdwCleaner

# AdwCleaner v2.104 - Logfile created 01/05/2013 at 22:03:15
# Updated 29/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Hunter - HUNTER-PC
# Boot Mode : Normal
# Running from : C:\Users\Hunter\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : DefaultTabUpdate

***** [Files / Folders] *****

File Deleted : C:\user.js
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\Program Files (x86)\I Want This
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Hunter\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
Folder Deleted : C:\Users\Hunter\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Hunter\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Hunter\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\Hunter\Documents\ShopToWin

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1A93C934-025B-4C3A-B38E-9654A7003239}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Hunter\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.8] : homepage = "hxxp://search.babylon.com/?affID=113959&tt=2912_5&babsrc=HP_ss&mntrId=b4b799a8000[...]
Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=113959&tt=2912_5&babsrc=H[...]
Deleted [l.1636] : homepage = "hxxp://search.babylon.com/?affID=113959&tt=2912_5&babsrc=HP_ss&mntrId=b4b799a8000000[...]
Deleted [l.1999] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=113959&tt=2912_5&babsrc=HP_s[...]

*************************

AdwCleaner[S1].txt - [5679 octets] - [05/01/2013 22:03:15]

########## EOF - C:\AdwCleaner[S1].txt - [5739 octets] ##########

RogueKiller

RogueKiller V8.4.2 [Dec 31 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Hunter [Admin rights]
Mode : Scan -- Date : 01/05/2013 22:14:05

Bad processes : 0

Registry Entries : 10
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U --> FOUND
[ZeroAccess][FOLDER] U : C:\Users\Hunter\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L --> FOUND
[ZeroAccess][FOLDER] L : C:\Users\Hunter\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L --> FOUND

Driver : [NOT LOADED]

Infection : ZeroAccess

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts



MBR Check:

+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] 69cbe3a4238696e16816278c6d3b925d
[BSP] b7b3eb14adfd50ca04b936abaf85fbb5 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_01052013_02d2214.txt >>
RKreport[1]_S_01052013_02d2214.txt

#5 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:11:54 AM

Posted 06 January 2013 - 09:35 AM

Hi,

You seem to be infected with Zero Access, which can be a pretty nasty infection. You'll need some more advanced help.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Gunto

Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users