Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browsers freeze up


  • Please log in to reply
16 replies to this topic

#1 James Oates

James Oates

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:25 PM

Posted 29 January 2013 - 12:43 PM

This is strange. I use Firefox and occasionally (regularly) my browser will freeze. Clicking on links will not work...clicking on tabs will not work. The circle on the top of the tab just spins continuously with not change or connect. Sometimes there will be a redirect when I click on a link, particularly if I have searched for something on Google. Any help is appreciated.

Warmly,
James

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:25 PM

Posted 29 January 2013 - 03:57 PM

Hello James,apeears you may be infected. I moved this to the Am I Infected forum to check.

MiniToolBox
Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

>>>

Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.



ADW Cleaner

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

>>>>

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 James Oates

James Oates
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:25 PM

Posted 29 January 2013 - 04:06 PM

Hi boop...thank you for your help again...here is the mini toolbox log...

MiniToolBox by Farbar Version:10-01-2013
Ran by James (administrator) on 29-01-2013 at 15:01:33
Running from "C:\Users\James\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

DW1501 Wireless-N WLAN Half-Mini Card = Wireless Network Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : James-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : DW1501 Wireless-N WLAN Half-Mini Card
Physical Address. . . . . . . . . : 7C-E9-D3-46-A4-01
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f8c9:87c5:2fae:946e%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, January 29, 2013 4:38:24 AM
Lease Expires . . . . . . . . . . : Wednesday, January 30, 2013 4:38:24 AM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 243067347
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-A2-6E-E4-7C-E9-D3-46-A4-01
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:3ced:18c9:93a1:874a(Preferred)
Link-local IPv6 Address . . . . . : fe80::3ced:18c9:93a1:874a%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{BF512042-2D7D-4EF2-AFAE-08594BFEA33B}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 2607:f8b0:4000:802::1000
173.194.46.8
173.194.46.9
173.194.46.14
173.194.46.0
173.194.46.1
173.194.46.2
173.194.46.3
173.194.46.4
173.194.46.5
173.194.46.6
173.194.46.7


Pinging google.com [74.125.227.135] with 32 bytes of data:
Reply from 74.125.227.135: bytes=32 time=185ms TTL=49
Request timed out.

Ping statistics for 74.125.227.135:
Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
Minimum = 185ms, Maximum = 185ms, Average = 185ms
Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 206.190.36.45
98.138.253.109
98.139.183.24


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Request timed out.
Reply from 98.138.253.109: bytes=32 time=90ms TTL=48

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
Minimum = 90ms, Maximum = 90ms, Average = 90ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...7c e9 d3 46 a4 01 ......DW1501 Wireless-N WLAN Half-Mini Card
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.2 281
192.168.0.2 255.255.255.255 On-link 192.168.0.2 281
192.168.0.255 255.255.255.255 On-link 192.168.0.2 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.2 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.2 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:9d38:6ab8:3ced:18c9:93a1:874a/128
On-link
11 281 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::3ced:18c9:93a1:874a/128
On-link
11 281 fe80::f8c9:87c5:2fae:946e/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/29/2013 01:16:39 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (01/29/2013 08:11:22 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2010":
Could not save User Value Cache. Hr = 80004005

Error: (01/29/2013 06:07:55 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (01/29/2013 06:07:55 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (01/29/2013 06:07:55 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (01/29/2013 04:39:45 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2013 06:12:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2013 05:52:48 PM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.70.0.9 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e24

Start Time: 01cdfdb1feee56bc

Termination Time: 0

Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

Report Id: c7e062e8-69a5-11e2-8bef-e1d0a8416b43

Error: (01/28/2013 05:48:33 PM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.70.0.9 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1260

Start Time: 01cdfdb1ca011ee1

Termination Time: 0

Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

Report Id: 2e16fe4e-69a5-11e2-8bef-e1d0a8416b43

Error: (01/28/2013 05:30:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/29/2013 04:38:18 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (01/28/2013 10:00:28 PM) (Source: Service Control Manager) (User: )
Description: The CSIScanner service failed to start due to the following error:
%%3

Error: (01/28/2013 10:00:17 PM) (Source: Service Control Manager) (User: )
Description: The CSIScanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/28/2013 06:10:32 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (01/28/2013 05:29:19 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (01/28/2013 04:44:23 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (01/28/2013 05:07:01 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (01/27/2013 09:22:13 PM) (Source: Service Control Manager) (User: )
Description: The CSIScanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/27/2013 07:51:10 PM) (Source: Service Control Manager) (User: )
Description: The RkPavproc1 service failed to start due to the following error:
%%1275

Error: (01/27/2013 07:51:10 PM) (Source: Application Popup) (User: )
Description: \??\C:\Windows\SysWow64\drivers\RkPavproc1.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


Microsoft Office Sessions:
=========================
Error: (01/29/2013 01:16:39 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (01/29/2013 08:11:22 AM) (Source: QuickBooks)(User: )
Description: QuickBooks Pro 2010Could not save User Value Cache. Hr = 80004005

Error: (01/29/2013 06:07:55 AM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (01/29/2013 06:07:55 AM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (01/29/2013 06:07:55 AM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (01/29/2013 04:39:45 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2013 06:12:04 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2013 05:52:48 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.70.0.9e2401cdfdb1feee56bc0C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exec7e062e8-69a5-11e2-8bef-e1d0a8416b43

Error: (01/28/2013 05:48:33 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.70.0.9126001cdfdb1ca011ee10C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe2e16fe4e-69a5-11e2-8bef-e1d0a8416b43

Error: (01/28/2013 05:30:55 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
Date: 2013-01-29 14:37:29.602
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-29 14:37:29.592
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-29 14:37:29.592
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-29 08:45:31.140
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-29 08:45:31.140
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-29 08:45:31.140
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-28 19:00:38.089
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-28 19:00:38.089
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-28 19:00:38.089
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-28 05:11:39.703
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

ABBYY FineReader 6.0 Sprint (Version: 6.00.2146.41621)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Flash Player 11 Plugin (Version: 11.5.502.146)
Adobe Reader X (10.1.5) (Version: 10.1.5)
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
CardWorks Business Card Software
CCleaner (Version: 3.27)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Crystal Reports Basic Runtime for Visual Studio 2008 (Version: 10.5.0.0)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell V310-V510 Series
DW WLAN Card Utility (Version: 5.60.48.35)
ESET Online Scanner v3
Garmin Communicator Plugin x64 (Version: 4.0.3)
Garmin Lifetime Updater (Version: 2.1.11)
Google Earth (Version: 6.2.2.6613)
Google Update Helper (Version: 1.3.21.123)
Intel® Management Engine Components (Version: 7.0.0.1118)
Intel® Rapid Storage Technology (Version: 10.0.0.1046)
iTunes (Version: 11.0.1.12)
Java 7 Update 11 (Version: 7.0.110)
Java Auto Updater (Version: 2.1.9.0)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access database engine 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MotoCast (Version: 2.0.31)
Motorola Device Manager (Version: 2.3.4)
Motorola Device Software Update (Version: 12.10.3002)
MOTOROLA MEDIA LINK (Version: 1.9.0002.0)
Motorola Mobile Drivers Installation 5.9.0 (Version: 5.9.0)
Mozilla Firefox 18.0.1 (x86 en-US) (Version: 18.0.1)
Mozilla Maintenance Service (Version: 18.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.17.0)
Panda ActiveScan 2.0 (Version: 01.04.01.0014)
Panda Cloud Cleaner (Version: 1.0.39)
PDFCreator (Version: 1.2.0)
PhotoPad Image Editor
PhotoScape
Pixillion Image Converter
Prevx (Version: 3.0.5.220)
QuickBooks (Version: 20.0.4016.807)
QuickBooks Pro 2010 (Version: 20.0.4016.807)
Realtek High Definition Audio Driver (Version: 6.0.1.6141)
Revo Uninstaller 1.94 (Version: 1.94)
Shared C Run-time for x64 (Version: 10.0.0)
TouchCopy 11 (Version: 11.26)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 8174.45 MB
Available physical RAM: 5961.32 MB
Total Pagefile: 16347.08 MB
Available Pagefile: 13705.42 MB
Total Virtual: 4095.88 MB
Available Virtual: 3961.15 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:881.61 GB) NTFS
3 Drive e: () (Removable) (Total:1.86 GB) (Free:1.67 GB) FAT

========================= Users: ========================================

User accounts for \\JAMES-PC

Administrator Guest James


**** End of log ****

#4 James Oates

James Oates
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:25 PM

Posted 29 January 2013 - 04:41 PM

Here is the TDSS log...

15:35:35.0840 3084 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:35:37.0026 3084 ============================================================
15:35:37.0026 3084 Current date / time: 2013/01/29 15:35:37.0026
15:35:37.0026 3084 SystemInfo:
15:35:37.0026 3084
15:35:37.0026 3084 OS Version: 6.1.7601 ServicePack: 1.0
15:35:37.0026 3084 Product type: Workstation
15:35:37.0026 3084 ComputerName: JAMES-PC
15:35:37.0041 3084 UserName: James
15:35:37.0041 3084 Windows directory: C:\Windows
15:35:37.0041 3084 System windows directory: C:\Windows
15:35:37.0041 3084 Running under WOW64
15:35:37.0041 3084 Processor architecture: Intel x64
15:35:37.0041 3084 Number of processors: 8
15:35:37.0041 3084 Page size: 0x1000
15:35:37.0041 3084 Boot type: Normal boot
15:35:37.0041 3084 ============================================================
15:35:37.0540 3084 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:35:37.0540 3084 Drive \Device\Harddisk1\DR1 - Size: 0x77600000 (1.87 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:35:37.0556 3084 ============================================================
15:35:37.0556 3084 \Device\Harddisk0\DR0:
15:35:37.0556 3084 MBR partitions:
15:35:37.0556 3084 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:35:37.0556 3084 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
15:35:37.0556 3084 \Device\Harddisk1\DR1:
15:35:37.0556 3084 MBR partitions:
15:35:37.0556 3084 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xE, StartLBA 0x1F80, BlocksNum 0x3B9080
15:35:37.0556 3084 ============================================================
15:35:37.0618 3084 C: <-> \Device\Harddisk0\DR0\Partition2
15:35:37.0618 3084 ============================================================
15:35:37.0618 3084 Initialize success
15:35:37.0618 3084 ============================================================
15:36:17.0024 6348 ============================================================
15:36:17.0024 6348 Scan started
15:36:17.0024 6348 Mode: Manual; TDLFS;
15:36:17.0024 6348 ============================================================
15:36:17.0695 6348 ================ Scan system memory ========================
15:36:17.0695 6348 System memory - ok
15:36:17.0695 6348 ================ Scan services =============================
15:36:17.0820 6348 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:36:17.0820 6348 1394ohci - ok
15:36:17.0835 6348 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:36:17.0835 6348 ACPI - ok
15:36:17.0867 6348 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:36:17.0867 6348 AcpiPmi - ok
15:36:17.0945 6348 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:36:17.0945 6348 AdobeARMservice - ok
15:36:18.0038 6348 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:36:18.0038 6348 AdobeFlashPlayerUpdateSvc - ok
15:36:18.0054 6348 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:36:18.0054 6348 adp94xx - ok
15:36:18.0069 6348 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:36:18.0085 6348 adpahci - ok
15:36:18.0101 6348 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:36:18.0101 6348 adpu320 - ok
15:36:18.0116 6348 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:36:18.0116 6348 AeLookupSvc - ok
15:36:18.0163 6348 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:36:18.0241 6348 AFD - ok
15:36:18.0241 6348 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:36:18.0241 6348 agp440 - ok
15:36:18.0257 6348 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:36:18.0257 6348 ALG - ok
15:36:18.0272 6348 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:36:18.0272 6348 aliide - ok
15:36:18.0303 6348 [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:36:18.0303 6348 AMD External Events Utility - ok
15:36:18.0319 6348 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:36:18.0319 6348 amdide - ok
15:36:18.0335 6348 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:36:18.0335 6348 AmdK8 - ok
15:36:18.0491 6348 [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:36:18.0709 6348 amdkmdag - ok
15:36:18.0740 6348 [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
15:36:18.0740 6348 amdkmdap - ok
15:36:18.0756 6348 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
15:36:18.0756 6348 AmdPPM - ok
15:36:18.0771 6348 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:36:18.0771 6348 amdsata - ok
15:36:18.0787 6348 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
15:36:18.0787 6348 amdsbs - ok
15:36:18.0803 6348 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:36:18.0803 6348 amdxata - ok
15:36:18.0803 6348 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:36:18.0818 6348 AppID - ok
15:36:18.0818 6348 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:36:18.0834 6348 AppIDSvc - ok
15:36:18.0834 6348 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:36:18.0834 6348 Appinfo - ok
15:36:18.0896 6348 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:36:18.0896 6348 Apple Mobile Device - ok
15:36:18.0912 6348 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
15:36:18.0912 6348 arc - ok
15:36:18.0927 6348 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:36:18.0927 6348 arcsas - ok
15:36:19.0005 6348 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:36:19.0005 6348 aspnet_state - ok
15:36:19.0021 6348 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:36:19.0021 6348 AsyncMac - ok
15:36:19.0052 6348 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:36:19.0052 6348 atapi - ok
15:36:19.0083 6348 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:36:19.0083 6348 AudioEndpointBuilder - ok
15:36:19.0099 6348 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:36:19.0099 6348 AudioSrv - ok
15:36:19.0146 6348 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:36:19.0146 6348 AxInstSV - ok
15:36:19.0177 6348 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
15:36:19.0177 6348 b06bdrv - ok
15:36:19.0193 6348 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:36:19.0208 6348 b57nd60a - ok
15:36:19.0271 6348 [ 8B5D16D20774FC3727F44E161BE2C0AC ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
15:36:19.0333 6348 BCM43XX - ok
15:36:19.0364 6348 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:36:19.0364 6348 BDESVC - ok
15:36:19.0364 6348 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:36:19.0364 6348 Beep - ok
15:36:19.0411 6348 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:36:19.0411 6348 BFE - ok
15:36:19.0458 6348 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
15:36:19.0458 6348 BITS - ok
15:36:19.0489 6348 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:36:19.0489 6348 blbdrive - ok
15:36:19.0551 6348 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:36:19.0551 6348 Bonjour Service - ok
15:36:19.0567 6348 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:36:19.0614 6348 bowser - ok
15:36:19.0645 6348 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
15:36:19.0645 6348 BrFiltLo - ok
15:36:19.0661 6348 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
15:36:19.0661 6348 BrFiltUp - ok
15:36:19.0676 6348 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
15:36:19.0676 6348 BridgeMP - ok
15:36:19.0707 6348 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:36:19.0707 6348 Browser - ok
15:36:19.0723 6348 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:36:19.0723 6348 Brserid - ok
15:36:19.0723 6348 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:36:19.0739 6348 BrSerWdm - ok
15:36:19.0739 6348 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:36:19.0739 6348 BrUsbMdm - ok
15:36:19.0754 6348 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:36:19.0754 6348 BrUsbSer - ok
15:36:19.0770 6348 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:36:19.0770 6348 BTHMODEM - ok
15:36:19.0785 6348 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:36:19.0785 6348 bthserv - ok
15:36:19.0785 6348 catchme - ok
15:36:19.0801 6348 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:36:19.0801 6348 cdfs - ok
15:36:19.0832 6348 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:36:19.0832 6348 cdrom - ok
15:36:19.0832 6348 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:36:19.0848 6348 CertPropSvc - ok
15:36:19.0863 6348 [ 7C6B5BE2696DFD2D0BF6C9EE20326EF8 ] cfwids C:\Windows\system32\drivers\cfwids.sys
15:36:19.0863 6348 cfwids - ok
15:36:19.0879 6348 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
15:36:19.0879 6348 circlass - ok
15:36:19.0895 6348 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:36:19.0910 6348 CLFS - ok
15:36:19.0941 6348 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:36:19.0941 6348 clr_optimization_v2.0.50727_32 - ok
15:36:19.0957 6348 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:36:19.0973 6348 clr_optimization_v2.0.50727_64 - ok
15:36:20.0051 6348 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:36:20.0066 6348 clr_optimization_v4.0.30319_32 - ok
15:36:20.0066 6348 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:36:20.0082 6348 clr_optimization_v4.0.30319_64 - ok
15:36:20.0097 6348 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
15:36:20.0097 6348 CmBatt - ok
15:36:20.0097 6348 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:36:20.0097 6348 cmdide - ok
15:36:20.0129 6348 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
15:36:20.0129 6348 CNG - ok
15:36:20.0144 6348 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
15:36:20.0144 6348 Compbatt - ok
15:36:20.0160 6348 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
15:36:20.0175 6348 CompositeBus - ok
15:36:20.0175 6348 COMSysApp - ok
15:36:20.0191 6348 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:36:20.0191 6348 crcdisk - ok
15:36:20.0222 6348 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:36:20.0238 6348 CryptSvc - ok
15:36:20.0347 6348 [ 5131D2469B6B19DC20B446EBE43EBB79 ] CSIScanner C:\Program Files\Prevx\prevx.exe
15:36:20.0456 6348 CSIScanner - ok
15:36:20.0487 6348 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:36:20.0487 6348 DcomLaunch - ok
15:36:20.0503 6348 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:36:20.0503 6348 defragsvc - ok
15:36:20.0550 6348 [ 59D90B6A7FBC4CC712DD7C5868618480 ] DeviceMonitorService C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
15:36:20.0565 6348 DeviceMonitorService - ok
15:36:20.0565 6348 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:36:20.0612 6348 DfsC - ok
15:36:20.0628 6348 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:36:20.0628 6348 Dhcp - ok
15:36:20.0643 6348 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:36:20.0643 6348 discache - ok
15:36:20.0659 6348 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
15:36:20.0659 6348 Disk - ok
15:36:20.0706 6348 [ 1017D70ABE5483F40C10B7774397D120 ] dleaCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe
15:36:20.0706 6348 dleaCATSCustConnectService - ok
15:36:20.0706 6348 dlea_device - ok
15:36:20.0737 6348 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:36:20.0737 6348 Dnscache - ok
15:36:20.0753 6348 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:36:20.0753 6348 dot3svc - ok
15:36:20.0768 6348 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:36:20.0768 6348 DPS - ok
15:36:20.0799 6348 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:36:20.0799 6348 drmkaud - ok
15:36:20.0831 6348 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:36:20.0831 6348 DXGKrnl - ok
15:36:20.0846 6348 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:36:20.0846 6348 EapHost - ok
15:36:20.0909 6348 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
15:36:20.0971 6348 ebdrv - ok
15:36:21.0002 6348 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:36:21.0002 6348 EFS - ok
15:36:21.0049 6348 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:36:21.0096 6348 ehRecvr - ok
15:36:21.0111 6348 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:36:21.0111 6348 ehSched - ok
15:36:21.0127 6348 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:36:21.0143 6348 elxstor - ok
15:36:21.0158 6348 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:36:21.0158 6348 ErrDev - ok
15:36:21.0174 6348 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:36:21.0189 6348 EventSystem - ok
15:36:21.0205 6348 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:36:21.0205 6348 exfat - ok
15:36:21.0221 6348 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:36:21.0221 6348 fastfat - ok
15:36:21.0252 6348 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:36:21.0267 6348 Fax - ok
15:36:21.0283 6348 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
15:36:21.0283 6348 fdc - ok
15:36:21.0299 6348 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:36:21.0299 6348 fdPHost - ok
15:36:21.0314 6348 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:36:21.0314 6348 FDResPub - ok
15:36:21.0314 6348 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:36:21.0330 6348 FileInfo - ok
15:36:21.0330 6348 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:36:21.0330 6348 Filetrace - ok
15:36:21.0345 6348 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
15:36:21.0345 6348 flpydisk - ok
15:36:21.0377 6348 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:36:21.0377 6348 FltMgr - ok
15:36:21.0439 6348 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:36:21.0455 6348 FontCache - ok
15:36:21.0501 6348 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:36:21.0501 6348 FontCache3.0.0.0 - ok
15:36:21.0517 6348 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:36:21.0517 6348 FsDepends - ok
15:36:21.0548 6348 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:36:21.0548 6348 Fs_Rec - ok
15:36:21.0564 6348 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:36:21.0564 6348 fvevol - ok
15:36:21.0579 6348 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:36:21.0595 6348 gagp30kx - ok
15:36:21.0657 6348 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:36:21.0657 6348 GEARAspiWDM - ok
15:36:21.0673 6348 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:36:21.0689 6348 gpsvc - ok
15:36:21.0735 6348 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:36:21.0751 6348 gupdate - ok
15:36:21.0751 6348 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:36:21.0751 6348 gupdatem - ok
15:36:21.0767 6348 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:36:21.0767 6348 hcw85cir - ok
15:36:21.0782 6348 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:36:21.0798 6348 HdAudAddService - ok
15:36:21.0813 6348 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:36:21.0829 6348 HDAudBus - ok
15:36:21.0829 6348 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
15:36:21.0829 6348 HidBatt - ok
15:36:21.0845 6348 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:36:21.0845 6348 HidBth - ok
15:36:21.0860 6348 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
15:36:21.0860 6348 HidIr - ok
15:36:21.0876 6348 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
15:36:21.0876 6348 hidserv - ok
15:36:21.0891 6348 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:36:21.0891 6348 HidUsb - ok
15:36:21.0954 6348 [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys
15:36:21.0985 6348 HipShieldK - ok
15:36:22.0016 6348 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:36:22.0016 6348 hkmsvc - ok
15:36:22.0032 6348 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:36:22.0032 6348 HomeGroupListener - ok
15:36:22.0047 6348 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:36:22.0063 6348 HomeGroupProvider - ok
15:36:22.0063 6348 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:36:22.0079 6348 HpSAMD - ok
15:36:22.0094 6348 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:36:22.0110 6348 HTTP - ok
15:36:22.0125 6348 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:36:22.0125 6348 hwpolicy - ok
15:36:22.0141 6348 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:36:22.0157 6348 i8042prt - ok
15:36:22.0172 6348 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
15:36:22.0172 6348 iaStor - ok
15:36:22.0219 6348 [ B25F192EA1F84A316EB7C19EFCCCF33D ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
15:36:22.0266 6348 IAStorDataMgrSvc - ok
15:36:22.0297 6348 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:36:22.0313 6348 iaStorV - ok
15:36:22.0344 6348 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:36:22.0359 6348 idsvc - ok
15:36:22.0375 6348 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:36:22.0375 6348 iirsp - ok
15:36:22.0391 6348 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:36:22.0406 6348 IKEEXT - ok
15:36:22.0469 6348 [ 235362D403D9D677514649D88DB31914 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:36:22.0515 6348 IntcAzAudAddService - ok
15:36:22.0531 6348 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:36:22.0531 6348 intelide - ok
15:36:22.0562 6348 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:36:22.0562 6348 intelppm - ok
15:36:22.0578 6348 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:36:22.0578 6348 IPBusEnum - ok
15:36:22.0593 6348 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:36:22.0625 6348 IpFilterDriver - ok
15:36:22.0671 6348 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:36:22.0671 6348 iphlpsvc - ok
15:36:22.0687 6348 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:36:22.0687 6348 IPMIDRV - ok
15:36:22.0703 6348 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:36:22.0703 6348 IPNAT - ok
15:36:22.0734 6348 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:36:22.0749 6348 iPod Service - ok
15:36:22.0749 6348 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:36:22.0749 6348 IRENUM - ok
15:36:22.0781 6348 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:36:22.0781 6348 isapnp - ok
15:36:22.0796 6348 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:36:22.0843 6348 iScsiPrt - ok
15:36:22.0859 6348 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:36:22.0859 6348 kbdclass - ok
15:36:22.0874 6348 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:36:22.0874 6348 kbdhid - ok
15:36:22.0874 6348 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:36:22.0874 6348 KeyIso - ok
15:36:22.0890 6348 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:36:22.0890 6348 KSecDD - ok
15:36:22.0905 6348 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:36:22.0905 6348 KSecPkg - ok
15:36:22.0921 6348 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:36:22.0921 6348 ksthunk - ok
15:36:22.0937 6348 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:36:22.0937 6348 KtmRm - ok
15:36:22.0968 6348 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
15:36:22.0968 6348 LanmanServer - ok
15:36:22.0983 6348 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:36:22.0983 6348 LanmanWorkstation - ok
15:36:23.0015 6348 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:36:23.0015 6348 lltdio - ok
15:36:23.0046 6348 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:36:23.0046 6348 lltdsvc - ok
15:36:23.0061 6348 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:36:23.0061 6348 lmhosts - ok
15:36:23.0093 6348 [ 926EBA26A8B49D1597751CED06B50862 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
15:36:23.0108 6348 LMS - ok
15:36:23.0124 6348 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:36:23.0124 6348 LSI_FC - ok
15:36:23.0124 6348 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:36:23.0139 6348 LSI_SAS - ok
15:36:23.0155 6348 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
15:36:23.0155 6348 LSI_SAS2 - ok
15:36:23.0171 6348 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:36:23.0171 6348 LSI_SCSI - ok
15:36:23.0202 6348 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:36:23.0202 6348 luafv - ok
15:36:23.0280 6348 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:36:23.0280 6348 McAfee SiteAdvisor Service - ok
15:36:23.0280 6348 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:36:23.0280 6348 McMPFSvc - ok
15:36:23.0295 6348 [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:36:23.0295 6348 mcmscsvc - ok
15:36:23.0311 6348 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:36:23.0311 6348 McNaiAnn - ok
15:36:23.0327 6348 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:36:23.0327 6348 McNASvc - ok
15:36:23.0405 6348 [ BE7C8C3F8FE52D8F7826E14CF11DE949 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
15:36:23.0405 6348 McODS - ok
15:36:23.0420 6348 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:36:23.0420 6348 McProxy - ok
15:36:23.0451 6348 [ D4F9C8CE2D7D5B9A1F739AADEBFFCA6F ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
15:36:23.0451 6348 McShield - ok
15:36:23.0483 6348 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:36:23.0483 6348 Mcx2Svc - ok
15:36:23.0498 6348 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
15:36:23.0498 6348 megasas - ok
15:36:23.0529 6348 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
15:36:23.0529 6348 MegaSR - ok
15:36:23.0561 6348 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
15:36:23.0561 6348 MEIx64 - ok
15:36:23.0592 6348 [ B574522827D94126C03975FD53F0B26B ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
15:36:23.0592 6348 mfeapfk - ok
15:36:23.0607 6348 [ 298C065BB9E09D5F14CCD9E8244DE4A0 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
15:36:23.0623 6348 mfeavfk - ok
15:36:23.0623 6348 mfeavfk01 - ok
15:36:23.0639 6348 [ AB66AF840EF1667AA73DDA6CE987D0E1 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
15:36:23.0639 6348 mfefire - ok
15:36:23.0654 6348 [ 4D604F0B85E98C5AD99B89AF72A4E28A ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
15:36:23.0670 6348 mfefirek - ok
15:36:23.0701 6348 [ 7092A6C6158FC4F5AA39EBEB9D5AF03D ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
15:36:23.0717 6348 mfehidk - ok
15:36:23.0732 6348 [ 1B08579938FD72626D92F3C2219903EA ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
15:36:23.0732 6348 mferkdet - ok
15:36:23.0763 6348 [ 04D48692EFF181DA46DD8EA8BE9FFB2B ] mfevtp C:\Windows\system32\mfevtps.exe
15:36:23.0763 6348 mfevtp - ok
15:36:23.0779 6348 [ 1631E2DA6C4B47D97ECA94842836592E ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
15:36:23.0826 6348 mfewfpk - ok
15:36:23.0888 6348 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:36:23.0888 6348 MMCSS - ok
15:36:23.0904 6348 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:36:23.0904 6348 Modem - ok
15:36:23.0919 6348 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:36:23.0919 6348 monitor - ok
15:36:23.0951 6348 [ AC9D6E3629E4388A9EA9B4172493AAEE ] Motorola Device Manager C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
15:36:23.0951 6348 Motorola Device Manager - ok
15:36:23.0982 6348 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:36:23.0982 6348 mouclass - ok
15:36:23.0997 6348 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:36:23.0997 6348 mouhid - ok
15:36:24.0013 6348 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:36:24.0013 6348 mountmgr - ok
15:36:24.0044 6348 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:36:24.0044 6348 MozillaMaintenance - ok
15:36:24.0060 6348 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:36:24.0060 6348 mpio - ok
15:36:24.0075 6348 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:36:24.0075 6348 mpsdrv - ok
15:36:24.0107 6348 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:36:24.0122 6348 MpsSvc - ok
15:36:24.0138 6348 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:36:24.0138 6348 MRxDAV - ok
15:36:24.0153 6348 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:36:24.0153 6348 mrxsmb - ok
15:36:24.0185 6348 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:36:24.0185 6348 mrxsmb10 - ok
15:36:24.0200 6348 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:36:24.0200 6348 mrxsmb20 - ok
15:36:24.0216 6348 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:36:24.0216 6348 msahci - ok
15:36:24.0247 6348 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:36:24.0247 6348 msdsm - ok
15:36:24.0263 6348 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:36:24.0263 6348 MSDTC - ok
15:36:24.0278 6348 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:36:24.0278 6348 Msfs - ok
15:36:24.0294 6348 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:36:24.0294 6348 mshidkmdf - ok
15:36:24.0309 6348 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:36:24.0309 6348 msisadrv - ok
15:36:24.0325 6348 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:36:24.0325 6348 MSiSCSI - ok
15:36:24.0341 6348 msiserver - ok
15:36:24.0341 6348 [ F928E5E72BBA15DD0CE9A26E0413D236 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:36:24.0341 6348 MSK80Service - ok
15:36:24.0372 6348 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:36:24.0372 6348 MSKSSRV - ok
15:36:24.0387 6348 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:36:24.0387 6348 MSPCLOCK - ok
15:36:24.0403 6348 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:36:24.0403 6348 MSPQM - ok
15:36:24.0419 6348 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:36:24.0419 6348 MsRPC - ok
15:36:24.0434 6348 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:36:24.0434 6348 mssmbios - ok
15:36:24.0434 6348 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:36:24.0434 6348 MSTEE - ok
15:36:24.0450 6348 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
15:36:24.0450 6348 MTConfig - ok
15:36:24.0465 6348 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:36:24.0465 6348 Mup - ok
15:36:24.0497 6348 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:36:24.0543 6348 napagent - ok
15:36:24.0575 6348 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:36:24.0575 6348 NativeWifiP - ok
15:36:24.0637 6348 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:36:24.0637 6348 NDIS - ok
15:36:24.0653 6348 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:36:24.0653 6348 NdisCap - ok
15:36:24.0668 6348 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:36:24.0668 6348 NdisTapi - ok
15:36:24.0684 6348 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:36:24.0746 6348 Ndisuio - ok
15:36:24.0762 6348 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:36:24.0762 6348 NdisWan - ok
15:36:24.0777 6348 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:36:24.0777 6348 NDProxy - ok
15:36:24.0793 6348 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:36:24.0793 6348 NetBIOS - ok
15:36:24.0793 6348 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:36:24.0824 6348 NetBT - ok
15:36:24.0840 6348 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:36:24.0840 6348 Netlogon - ok
15:36:24.0871 6348 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:36:24.0871 6348 Netman - ok
15:36:24.0918 6348 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:36:24.0949 6348 NetMsmqActivator - ok
15:36:24.0965 6348 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:36:24.0965 6348 NetPipeActivator - ok
15:36:24.0996 6348 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:36:25.0011 6348 netprofm - ok
15:36:25.0011 6348 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:36:25.0011 6348 NetTcpActivator - ok
15:36:25.0011 6348 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:36:25.0011 6348 NetTcpPortSharing - ok
15:36:25.0058 6348 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:36:25.0058 6348 nfrd960 - ok
15:36:25.0121 6348 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:36:25.0121 6348 NlaSvc - ok
15:36:25.0121 6348 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:36:25.0121 6348 Npfs - ok
15:36:25.0136 6348 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:36:25.0136 6348 nsi - ok
15:36:25.0183 6348 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:36:25.0183 6348 nsiproxy - ok
15:36:25.0230 6348 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:36:25.0245 6348 Ntfs - ok
15:36:25.0292 6348 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:36:25.0292 6348 Null - ok
15:36:25.0323 6348 [ 786DB821BFD57C0551DBBE4F75384A7D ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
15:36:25.0323 6348 nusb3hub - ok
15:36:25.0355 6348 [ DAA8005CAF745042BB427A1ED7433354 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
15:36:25.0355 6348 nusb3xhc - ok
15:36:25.0370 6348 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:36:25.0386 6348 nvraid - ok
15:36:25.0401 6348 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:36:25.0401 6348 nvstor - ok
15:36:25.0433 6348 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:36:25.0433 6348 nv_agp - ok
15:36:25.0433 6348 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:36:25.0448 6348 ohci1394 - ok
15:36:25.0495 6348 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:36:25.0511 6348 ose - ok
15:36:25.0604 6348 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:36:25.0698 6348 osppsvc - ok
15:36:25.0713 6348 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:36:25.0713 6348 p2pimsvc - ok
15:36:25.0729 6348 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:36:25.0729 6348 p2psvc - ok
15:36:25.0745 6348 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
15:36:25.0745 6348 Parport - ok
15:36:25.0776 6348 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:36:25.0776 6348 partmgr - ok
15:36:25.0823 6348 [ 8A0F8A9580D9F2FC512A35D5709088A9 ] pavboot C:\Windows\system32\drivers\pavboot64.sys
15:36:25.0854 6348 pavboot - ok
15:36:25.0869 6348 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:36:25.0885 6348 PcaSvc - ok
15:36:25.0885 6348 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:36:25.0885 6348 pci - ok
15:36:25.0901 6348 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:36:25.0901 6348 pciide - ok
15:36:25.0916 6348 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:36:25.0916 6348 pcmcia - ok
15:36:25.0932 6348 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:36:25.0932 6348 pcw - ok
15:36:25.0947 6348 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:36:25.0947 6348 PEAUTH - ok
15:36:26.0010 6348 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:36:26.0010 6348 PerfHost - ok
15:36:26.0041 6348 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:36:26.0088 6348 pla - ok
15:36:26.0119 6348 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:36:26.0119 6348 PlugPlay - ok
15:36:26.0135 6348 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:36:26.0135 6348 PNRPAutoReg - ok
15:36:26.0135 6348 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:36:26.0150 6348 PNRPsvc - ok
15:36:26.0197 6348 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:36:26.0197 6348 PolicyAgent - ok
15:36:26.0213 6348 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:36:26.0213 6348 Power - ok
15:36:26.0244 6348 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:36:26.0244 6348 PptpMiniport - ok
15:36:26.0259 6348 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
15:36:26.0259 6348 Processor - ok
15:36:26.0291 6348 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:36:26.0291 6348 ProfSvc - ok
15:36:26.0306 6348 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:36:26.0306 6348 ProtectedStorage - ok
15:36:26.0322 6348 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:36:26.0322 6348 Psched - ok
15:36:26.0384 6348 [ EA735BF6DF13A857A83C99BF27A422AD ] PST Service C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
15:36:26.0400 6348 PST Service - ok
15:36:26.0431 6348 [ BA5F7C107EACE67973B4B798832A74C7 ] pxkbf C:\Windows\system32\drivers\pxkbf.sys
15:36:26.0431 6348 pxkbf - ok
15:36:26.0431 6348 [ 007E57428802F587D0D6737AE7A9D989 ] pxrts C:\Windows\system32\drivers\pxrts.sys
15:36:26.0431 6348 pxrts - ok
15:36:26.0447 6348 [ 66D4D00C8908888A68B749D91F1E6789 ] pxscan C:\Windows\system32\drivers\pxscan.sys
15:36:26.0447 6348 pxscan - ok
15:36:26.0509 6348 [ 2631FC0676CC310B2E85FDE46B1560D9 ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
15:36:26.0509 6348 QBCFMonitorService - ok
15:36:26.0540 6348 [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
15:36:26.0540 6348 QBFCService - ok
15:36:26.0587 6348 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:36:26.0618 6348 ql2300 - ok
15:36:26.0618 6348 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:36:26.0634 6348 ql40xx - ok
15:36:26.0649 6348 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:36:26.0649 6348 QWAVE - ok
15:36:26.0665 6348 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:36:26.0665 6348 QWAVEdrv - ok
15:36:26.0665 6348 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:36:26.0665 6348 RasAcd - ok
15:36:26.0696 6348 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:36:26.0696 6348 RasAgileVpn - ok
15:36:26.0712 6348 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:36:26.0712 6348 RasAuto - ok
15:36:26.0727 6348 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:36:26.0727 6348 Rasl2tp - ok
15:36:26.0743 6348 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:36:26.0743 6348 RasMan - ok
15:36:26.0759 6348 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:36:26.0759 6348 RasPppoe - ok
15:36:26.0774 6348 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:36:26.0774 6348 RasSstp - ok
15:36:26.0790 6348 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:36:26.0790 6348 rdbss - ok
15:36:26.0790 6348 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
15:36:26.0790 6348 rdpbus - ok
15:36:26.0805 6348 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:36:26.0821 6348 RDPCDD - ok
15:36:26.0837 6348 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:36:26.0837 6348 RDPENCDD - ok
15:36:26.0837 6348 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:36:26.0837 6348 RDPREFMP - ok
15:36:26.0868 6348 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:36:26.0868 6348 RDPWD - ok
15:36:26.0883 6348 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:36:26.0883 6348 rdyboost - ok
15:36:26.0899 6348 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:36:26.0899 6348 RemoteAccess - ok
15:36:26.0915 6348 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:36:26.0915 6348 RemoteRegistry - ok
15:36:26.0930 6348 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:36:26.0930 6348 RpcEptMapper - ok
15:36:26.0961 6348 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:36:26.0961 6348 RpcLocator - ok
15:36:26.0977 6348 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:36:26.0977 6348 RpcSs - ok
15:36:26.0993 6348 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:36:26.0993 6348 rspndr - ok
15:36:27.0008 6348 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:36:27.0008 6348 SamSs - ok
15:36:27.0024 6348 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:36:27.0024 6348 sbp2port - ok
15:36:27.0071 6348 SBRE - ok
15:36:27.0086 6348 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:36:27.0086 6348 SCardSvr - ok
15:36:27.0102 6348 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:36:27.0102 6348 scfilter - ok
15:36:27.0149 6348 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:36:27.0180 6348 Schedule - ok
15:36:27.0211 6348 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:36:27.0211 6348 SCPolicySvc - ok
15:36:27.0227 6348 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:36:27.0227 6348 SDRSVC - ok
15:36:27.0242 6348 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:36:27.0242 6348 secdrv - ok
15:36:27.0258 6348 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:36:27.0258 6348 seclogon - ok
15:36:27.0258 6348 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
15:36:27.0258 6348 SENS - ok
15:36:27.0273 6348 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:36:27.0273 6348 SensrSvc - ok
15:36:27.0289 6348 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
15:36:27.0289 6348 Serenum - ok
15:36:27.0320 6348 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
15:36:27.0320 6348 Serial - ok
15:36:27.0351 6348 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:36:27.0351 6348 sermouse - ok
15:36:27.0367 6348 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:36:27.0367 6348 SessionEnv - ok
15:36:27.0383 6348 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:36:27.0383 6348 sffdisk - ok
15:36:27.0398 6348 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:36:27.0398 6348 sffp_mmc - ok
15:36:27.0414 6348 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:36:27.0414 6348 sffp_sd - ok
15:36:27.0429 6348 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:36:27.0429 6348 sfloppy - ok
15:36:27.0461 6348 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:36:27.0461 6348 SharedAccess - ok
15:36:27.0476 6348 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:36:27.0476 6348 ShellHWDetection - ok
15:36:27.0507 6348 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
15:36:27.0507 6348 SiSRaid2 - ok
15:36:27.0523 6348 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:36:27.0523 6348 SiSRaid4 - ok
15:36:27.0554 6348 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:36:27.0554 6348 Smb - ok
15:36:27.0585 6348 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:36:27.0585 6348 SNMPTRAP - ok
15:36:27.0585 6348 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:36:27.0585 6348 spldr - ok
15:36:27.0617 6348 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:36:27.0617 6348 Spooler - ok
15:36:27.0679 6348 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:36:27.0695 6348 sppsvc - ok
15:36:27.0710 6348 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:36:27.0710 6348 sppuinotify - ok
15:36:27.0726 6348 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:36:27.0726 6348 srv - ok
15:36:27.0741 6348 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:36:27.0741 6348 srv2 - ok
15:36:27.0757 6348 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:36:27.0757 6348 srvnet - ok
15:36:27.0788 6348 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:36:27.0788 6348 SSDPSRV - ok
15:36:27.0788 6348 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:36:27.0788 6348 SstpSvc - ok
15:36:27.0819 6348 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
15:36:27.0819 6348 stexstor - ok
15:36:27.0835 6348 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:36:27.0851 6348 stisvc - ok
15:36:27.0866 6348 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:36:27.0866 6348 swenum - ok
15:36:27.0882 6348 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:36:27.0882 6348 swprv - ok
15:36:27.0913 6348 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:36:27.0929 6348 SysMain - ok
15:36:27.0944 6348 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:36:27.0944 6348 TabletInputService - ok
15:36:27.0960 6348 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:36:27.0960 6348 TapiSrv - ok
15:36:27.0975 6348 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:36:27.0975 6348 TBS - ok
15:36:28.0038 6348 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:36:28.0053 6348 Tcpip - ok
15:36:28.0100 6348 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:36:28.0116 6348 TCPIP6 - ok
15:36:28.0163 6348 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:36:28.0163 6348 tcpipreg - ok
15:36:28.0178 6348 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:36:28.0178 6348 TDPIPE - ok
15:36:28.0194 6348 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:36:28.0194 6348 TDTCP - ok
15:36:28.0209 6348 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:36:28.0209 6348 tdx - ok
15:36:28.0225 6348 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:36:28.0225 6348 TermDD - ok
15:36:28.0256 6348 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:36:28.0256 6348 TermService - ok
15:36:28.0272 6348 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:36:28.0272 6348 Themes - ok
15:36:28.0303 6348 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:36:28.0303 6348 THREADORDER - ok
15:36:28.0319 6348 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:36:28.0319 6348 TrkWks - ok
15:36:28.0365 6348 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:36:28.0365 6348 TrustedInstaller - ok
15:36:28.0381 6348 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:36:28.0381 6348 tssecsrv - ok
15:36:28.0397 6348 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:36:28.0443 6348 TsUsbFlt - ok
15:36:28.0443 6348 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
15:36:28.0443 6348 TsUsbGD - ok
15:36:28.0459 6348 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:36:28.0459 6348 tunnel - ok
15:36:28.0475 6348 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:36:28.0475 6348 uagp35 - ok
15:36:28.0490 6348 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:36:28.0490 6348 udfs - ok
15:36:28.0506 6348 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:36:28.0506 6348 UI0Detect - ok
15:36:28.0537 6348 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:36:28.0537 6348 uliagpkx - ok
15:36:28.0553 6348 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:36:28.0553 6348 umbus - ok
15:36:28.0553 6348 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
15:36:28.0553 6348 UmPass - ok
15:36:28.0631 6348 [ FDF92EC84FECEE834FB10A2A0A19BCDA ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
15:36:28.0677 6348 UNS - ok
15:36:28.0693 6348 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:36:28.0709 6348 upnphost - ok
15:36:28.0740 6348 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
15:36:28.0740 6348 USBAAPL64 - ok
15:36:28.0755 6348 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:36:28.0755 6348 usbccgp - ok
15:36:28.0787 6348 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:36:28.0787 6348 usbcir - ok
15:36:28.0802 6348 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
15:36:28.0802 6348 usbehci - ok
15:36:28.0818 6348 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:36:28.0818 6348 usbhub - ok
15:36:28.0849 6348 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:36:28.0849 6348 usbohci - ok
15:36:28.0865 6348 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:36:28.0865 6348 usbprint - ok
15:36:28.0896 6348 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:36:28.0896 6348 usbscan - ok
15:36:28.0927 6348 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:36:28.0927 6348 USBSTOR - ok
15:36:28.0943 6348 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:36:28.0943 6348 usbuhci - ok
15:36:28.0958 6348 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:36:28.0958 6348 UxSms - ok
15:36:28.0974 6348 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:36:28.0974 6348 VaultSvc - ok
15:36:28.0989 6348 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:36:28.0989 6348 vdrvroot - ok
15:36:29.0005 6348 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:36:29.0021 6348 vds - ok
15:36:29.0036 6348 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:36:29.0036 6348 vga - ok
15:36:29.0052 6348 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:36:29.0052 6348 VgaSave - ok
15:36:29.0067 6348 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:36:29.0067 6348 vhdmp - ok
15:36:29.0083 6348 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:36:29.0083 6348 viaide - ok
15:36:29.0099 6348 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:36:29.0099 6348 volmgr - ok
15:36:29.0114 6348 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:36:29.0130 6348 volmgrx - ok
15:36:29.0130 6348 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:36:29.0145 6348 volsnap - ok
15:36:29.0145 6348 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:36:29.0161 6348 vsmraid - ok
15:36:29.0192 6348 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:36:29.0192 6348 VSS - ok
15:36:29.0208 6348 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:36:29.0208 6348 vwifibus - ok
15:36:29.0223 6348 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:36:29.0223 6348 vwififlt - ok
15:36:29.0255 6348 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:36:29.0255 6348 W32Time - ok
15:36:29.0270 6348 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:36:29.0270 6348 WacomPen - ok
15:36:29.0286 6348 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:36:29.0301 6348 WANARP - ok
15:36:29.0301 6348 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:36:29.0301 6348 Wanarpv6 - ok
15:36:29.0364 6348 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:36:29.0379 6348 WatAdminSvc - ok
15:36:29.0426 6348 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:36:29.0457 6348 wbengine - ok
15:36:29.0473 6348 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:36:29.0473 6348 WbioSrvc - ok
15:36:29.0489 6348 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:36:29.0504 6348 wcncsvc - ok
15:36:29.0504 6348 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:36:29.0504 6348 WcsPlugInService - ok
15:36:29.0520 6348 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
15:36:29.0535 6348 Wd - ok
15:36:29.0567 6348 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:36:29.0567 6348 Wdf01000 - ok
15:36:29.0582 6348 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:36:29.0582 6348 WdiServiceHost - ok
15:36:29.0582 6348 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:36:29.0582 6348 WdiSystemHost - ok
15:36:29.0598 6348 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:36:29.0629 6348 WebClient - ok
15:36:29.0660 6348 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:36:29.0660 6348 Wecsvc - ok
15:36:29.0676 6348 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:36:29.0676 6348 wercplsupport - ok
15:36:29.0691 6348 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:36:29.0691 6348 WerSvc - ok
15:36:29.0707 6348 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:36:29.0707 6348 WfpLwf - ok
15:36:29.0707 6348 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:36:29.0707 6348 WIMMount - ok
15:36:29.0723 6348 WinDefend - ok
15:36:29.0723 6348 WinHttpAutoProxySvc - ok
15:36:29.0754 6348 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:36:29.0769 6348 Winmgmt - ok
15:36:29.0816 6348 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:36:29.0832 6348 WinRM - ok
15:36:29.0894 6348 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:36:29.0941 6348 WinUsb - ok
15:36:29.0957 6348 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:36:29.0972 6348 Wlansvc - ok
15:36:30.0003 6348 [ DE816A0624D54D68E1FB8A9028DCF81A ] wltrysvc C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
15:36:30.0019 6348 wltrysvc - ok
15:36:30.0019 6348 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:36:30.0019 6348 WmiAcpi - ok
15:36:30.0035 6348 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:36:30.0035 6348 wmiApSrv - ok
15:36:30.0035 6348 WMPNetworkSvc - ok
15:36:30.0066 6348 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:36:30.0066 6348 WPCSvc - ok
15:36:30.0081 6348 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:36:30.0081 6348 WPDBusEnum - ok
15:36:30.0097 6348 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:36:30.0097 6348 ws2ifsl - ok
15:36:30.0113 6348 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
15:36:30.0113 6348 wscsvc - ok
15:36:30.0113 6348 WSearch - ok
15:36:30.0175 6348 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:36:30.0206 6348 wuauserv - ok
15:36:30.0237 6348 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:36:30.0237 6348 WudfPf - ok
15:36:30.0253 6348 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:36:30.0253 6348 WUDFRd - ok
15:36:30.0269 6348 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:36:30.0269 6348 wudfsvc - ok
15:36:30.0300 6348 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:36:30.0300 6348 WwanSvc - ok
15:36:30.0315 6348 ================ Scan global ===============================
15:36:30.0331 6348 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:36:30.0362 6348 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
15:36:30.0378 6348 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
15:36:30.0393 6348 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:36:30.0425 6348 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:36:30.0425 6348 [Global] - ok
15:36:30.0425 6348 ================ Scan MBR ==================================
15:36:30.0425 6348 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:36:30.0596 6348 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:36:30.0596 6348 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:36:30.0612 6348 [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk1\DR1
15:36:31.0189 6348 \Device\Harddisk1\DR1 - ok
15:36:31.0189 6348 ================ Scan VBR ==================================
15:36:31.0189 6348 [ 7B4871645273751F403A91930D49E6E6 ] \Device\Harddisk0\DR0\Partition1
15:36:31.0205 6348 \Device\Harddisk0\DR0\Partition1 - ok
15:36:31.0220 6348 [ B9E4EC77D05F672106C63E344F741800 ] \Device\Harddisk0\DR0\Partition2
15:36:31.0220 6348 \Device\Harddisk0\DR0\Partition2 - ok
15:36:31.0220 6348 [ FD0143305F7E1DC3D0AA0B0B7C4CFEC4 ] \Device\Harddisk1\DR1\Partition1
15:36:31.0220 6348 \Device\Harddisk1\DR1\Partition1 - ok
15:36:31.0220 6348 ============================================================
15:36:31.0220 6348 Scan finished
15:36:31.0220 6348 ============================================================
15:36:31.0236 7156 Detected object count: 1
15:36:31.0236 7156 Actual detected object count: 1
15:38:56.0191 7156 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
15:38:56.0207 7156 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
15:38:56.0207 7156 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
15:38:56.0207 7156 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
15:38:56.0222 7156 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
15:38:56.0238 7156 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
15:38:56.0238 7156 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
15:38:56.0238 7156 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
15:38:56.0238 7156 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
15:38:56.0238 7156 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
15:38:56.0238 7156 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
15:38:56.0238 7156 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
15:38:56.0254 7156 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
15:38:56.0254 7156 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Quarantine

#5 James Oates

James Oates
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:25 PM

Posted 29 January 2013 - 04:46 PM

here is the adw log...


# AdwCleaner v2.109 - Logfile created 01/29/2013 at 15:43:31
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : James - JAMES-PC
# Boot Mode : Normal
# Running from : C:\Users\James\Downloads\AdwCleaner(1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\1taxr2g3.default-1357344809387\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4959 octets] - [24/01/2013 10:45:18]
AdwCleaner[S1].txt - [5064 octets] - [24/01/2013 10:45:51]
AdwCleaner[S2].txt - [1164 octets] - [25/01/2013 12:40:54]
AdwCleaner[S3].txt - [868 octets] - [29/01/2013 15:43:31]

########## EOF - C:\AdwCleaner[S3].txt - [927 octets] ##########

#6 James Oates

James Oates
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:25 PM

Posted 29 January 2013 - 04:49 PM

eset will not update...says, "cannot get update, is proxy configured?"

#7 James Oates

James Oates
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:25 PM

Posted 29 January 2013 - 05:17 PM

finally got eset to start downloading the virus signature database...let's see if it completes the download...

#8 James Oates

James Oates
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:25 PM

Posted 29 January 2013 - 06:17 PM

here is the esetscan log...

C:\Qoobox\Quarantine\C\Users\James\AppData\Roaming\mptbi.dll.vir a variant of Win32/Medfos.IU trojan
C:\Qoobox\Quarantine\C\Users\James\AppData\Roaming\nmsec.dll.vir a variant of Win32/Medfos.IU trojan
C:\TDSSKiller_Quarantine\29.01.2013_15.35.37\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\29.01.2013_15.35.37\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan
C:\Users\James\AppData\Local\7ffedb10-1673-4ad5-a55e-c4510d234f4b.crx JS/Redirector.NCG trojan
C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\1taxr2g3.default-1357344809387\extensions\{7ffedb10-1673-4ad5-a55e-c4510d234f4b}.xpi JS/Redirector.NCL trojan
C:\Users\James\Documents\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\James\Downloads\Adaware_Installer(1).exe Win32/OpenCandy application
C:\Users\James\Downloads\Adaware_Installer.exe Win32/OpenCandy application
C:\Users\James\Downloads\Setup.exe a variant of Win32/Adware.iBryte.D application
C:\Users\James\Downloads\WinZipRegistryOptimizer.exe a variant of Win32/OpenInstall application

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:25 PM

Posted 29 January 2013 - 08:37 PM

Edit: how long ago did you run ComboFix?

My pleasure Jame,you had several downloaders and a pile of TDLFS removed.This is good and it should be a lot better now.

I would like to run a few more quick scans as these sometimes leave other things.

Please download TFC (Temp File Cleaner) by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • TFC will clear out all temp folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.



Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When the scan is complete, click OK, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).




Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Edited by boopme, 29 January 2013 - 08:40 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 James Oates

James Oates
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:25 PM

Posted 29 January 2013 - 08:56 PM

here is the MWB quickscan log...

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.29.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
James :: JAMES-PC [administrator]

1/29/2013 7:52:13 PM
mbam-log-2013-01-29 (19-52-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214206
Time elapsed: 2 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:25 PM

Posted 29 January 2013 - 08:59 PM

Edit: how long ago did you run ComboFix?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 James Oates

James Oates
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:25 PM

Posted 29 January 2013 - 09:07 PM

here is the asw log...

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-29 20:04:44
-----------------------------
20:04:44.812 OS Version: Windows x64 6.1.7601 Service Pack 1
20:04:44.812 Number of processors: 8 586 0x2A07
20:04:44.812 ComputerName: JAMES-PC UserName: James
20:04:49.942 Initialize success
20:06:02.248 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:06:02.248 Disk 0 Vendor: ST310005 JC4A Size: 953869MB BusType: 3
20:06:02.258 Disk 0 MBR read successfully
20:06:02.258 Disk 0 MBR scan
20:06:02.258 Disk 0 Windows 7 default MBR code
20:06:02.268 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:06:02.278 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
20:06:02.288 Disk 0 scanning C:\Windows\system32\drivers
20:06:09.029 Service scanning
20:06:15.779 Service pxkbf C:\Windows\System32\drivers\pxkbf.sys **LOCKED** 32
20:06:15.809 Service pxscan C:\Windows\System32\drivers\pxscan.sys **LOCKED** 32
20:06:19.950 Modules scanning
20:06:19.950 Disk 0 trace - called modules:
20:06:19.980 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
20:06:19.980 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009438060]
20:06:19.990 3 CLASSPNP.SYS[fffff88001baf43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800760d050]
20:06:19.990 Scan finished successfully
20:06:39.592 Disk 0 MBR has been saved successfully to "C:\Users\James\Desktop\MBR.dat"
20:06:39.592 The log file has been saved successfully to "C:\Users\James\Desktop\aswMBR.txt"

#13 James Oates

James Oates
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:25 PM

Posted 29 January 2013 - 09:10 PM

I ran combofix several days ago when you had me do it...

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:25 PM

Posted 29 January 2013 - 09:15 PM

Ok, CF is shutdown right now with an issue and I wanted to see if it would effect you. You're OK.

Reboot the machine... Any issues now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 James Oates

James Oates
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:25 PM

Posted 29 January 2013 - 09:26 PM

thank you very much...it seems better...I appreciate your help...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users