Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

McAfee found trojans, became disabled midscan -Now everything says no infections


  • Please log in to reply
12 replies to this topic

#1 Dwapook

Dwapook

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 03 August 2013 - 10:29 PM

So.. There are two computers involved in this, a laptop and a desktop.. (both using Windows 7 32 bit desktop, 64 laptop) My laptop is a Lenova with a one key recovery feature that is supposed to erase everything restore it to it's original backup..

 

I was having virus problems with the laptop that was keeping me from using antivirus programs, wasn't able to fix it, and so I left it alone for a long time, only using the laptop for web browsing occasionly.. Recently I wanted to start using it for work again! So I started transporting all my important files off it over to our desktop, using a USB drive which I had McAfee scan each transport.. UHM.. After that I started the one key recovery feature of the laptop, and everything was fine for a week or so..

 

On Wednesday, I started to transport my old laptop files back on to the laptop over our network.. somewhere in the middle of it, McAfee started popping up saying it was stopping trojans on both the laptop and the desktop.. I did McAfee virus scans on both, the laptop came up with three things that had the name Artemis in them.. On the desktop, McAfee crashed midscan and stopped working after that.. it had shown to have found atleast 6 things prior to that happening though.. I did another one key recovery with the laptop and things seem fine with it..

 

I installed norton on the desktop, scanned and it found nothing.. I found this website, used a usb to transport Malware Bytes, TDSS Killer, AdwCleaner, and RKill over to the desktop.. used them all in safemode on the desktop and nothing came up.. I uninstalled Norton and McAfee to try ComboFix but it was acting as though they were still active and warned me not to proceed..

 

After that I checked this forums, saw all the warnings about using ComboFix and not sure how to proceed.. I'm not very experienced with this kind of stuff..

 

Thanks! Hope that wasn't written too confusingly!!


Edited by Dwapook, 03 August 2013 - 11:46 PM.


BC AdBot (Login to Remove)

 


#2 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:09 PM

Posted 04 August 2013 - 03:10 AM

:welcome:

 

Let's have a look...

 

* Don't use Combofix without a trained expert.

 

:step1: Provide the log of MBAM and  RKill.

 

:step2:  Running TDSSKiller to obtain log

 

Note: Don't cure or delete a threat, but choose skip for all instead.

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

tds2.jpg

  • In the Additional options: Check Detect TDLFS file system
  • Click Start Scan and allow the scan process to run

tds4-1.jpg

  • Choose for all threats to Skip for all of them.
  • Click Continue
  • Please post the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)

===================================================

 

:step3: ESET Online Scanner

==================

Note: If your AV is blocking Eset online scanner, please temporarily disable your AV.

 

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and » UNCHECK "Remove found threats" <== Important
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. (If no malware was found you will not be presented with a log).
  • Click the Back button.
  • Click the Finish button.

===================================================


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#3 Dwapook

Dwapook
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 04 August 2013 - 09:37 PM

Thanks for the welcome and the reply!!

 

 I didn't know where the log was so I updated malware bytes and did another scan and it found something this time.. uhm.. ESET found something too, posting logs below!

 

______________________________________________________________________

 

Rkill 2.5.9 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/04/2013 01:51:36 PM in x86 mode. (Safe Mode)
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * Base Filtering Engine (BFE) is not Running.
   Startup Type set to: Automatic

 * DHCP Client (Dhcp) is not Running.
   Startup Type set to: Automatic

 * DNS Client (Dnscache) is not Running.
   Startup Type set to: Automatic

 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Automatic

 * Windows Firewall (MpsSvc) is not Running.
   Startup Type set to: Automatic

 * Network Connections (Netman) is not Running.
   Startup Type set to: Manual

 * Network Store Interface Service (nsi) is not Running.
   Startup Type set to: Automatic

 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic (Delayed Start)

 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Automatic (Delayed Start)

 * Ancillary Function Driver for Winsock (AFD) is not Running.
   Startup Type set to: System

 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual

 * NetBT (NetBT) is not Running.
   Startup Type set to: System

 * NSI proxy service driver. (nsiproxy) is not Running.
   Startup Type set to: System

 * NetIO Legacy TDI Support Driver (tdx) is not Running.
   Startup Type set to: System

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost
  ::1             localhost

Program finished at: 08/04/2013 01:51:41 PM
Execution time: 0 hours(s), 0 minute(s), and 5 seconds(s)

______________________________________________________________________

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.04.05

Windows 7 Service Pack 1 x86 NTFS (Safe Mode)
Internet Explorer 10.0.9200.16635
User :: EMPI [administrator]

8/4/2013 1:51:56 PM
MBAM-log-2013-08-04 (15-54-32).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 664397
Time elapsed: 1 hour(s), 30 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files\NCSoft\Aion\bin32\game.dll (Malware.Packer.T) -> No action taken.

(end)
 

______________________________________________________________________

 

16:02:13.0828 1828  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:02:13.0859 1828  ============================================================
16:02:13.0859 1828  Current date / time: 2013/08/04 16:02:13.0859
16:02:13.0859 1828  SystemInfo:
16:02:13.0859 1828  
16:02:13.0859 1828  OS Version: 6.1.7601 ServicePack: 1.0
16:02:13.0859 1828  Product type: Workstation
16:02:13.0859 1828  ComputerName: EMPI
16:02:13.0859 1828  UserName: User
16:02:13.0859 1828  Windows directory: C:\Windows
16:02:13.0859 1828  System windows directory: C:\Windows
16:02:13.0859 1828  Processor architecture: Intel x86
16:02:13.0859 1828  Number of processors: 2
16:02:13.0859 1828  Page size: 0x1000
16:02:13.0859 1828  Boot type: Safe boot
16:02:13.0859 1828  ============================================================
16:02:14.0717 1828  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:02:14.0717 1828  Drive \Device\Harddisk1\DR1 - Size: 0x3BE6E0000 (14.98 Gb), SectorSize: 0x200, Cylinders: 0x7A2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:02:14.0717 1828  ============================================================
16:02:14.0717 1828  \Device\Harddisk0\DR0:
16:02:14.0717 1828  MBR partitions:
16:02:14.0717 1828  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
16:02:14.0717 1828  \Device\Harddisk1\DR1:
16:02:14.0717 1828  MBR partitions:
16:02:14.0717 1828  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x70, BlocksNum 0x1DF3690
16:02:14.0717 1828  ============================================================
16:02:14.0779 1828  C: <-> \Device\Harddisk0\DR0\Partition1
16:02:14.0779 1828  ============================================================
16:02:14.0779 1828  Initialize success
16:02:14.0779 1828  ============================================================
16:03:16.0072 1980  ============================================================
16:03:16.0072 1980  Scan started
16:03:16.0072 1980  Mode: Manual; TDLFS;
16:03:16.0072 1980  ============================================================
16:03:16.0743 1980  ================ Scan system memory ========================
16:03:16.0743 1980  System memory - ok
16:03:16.0743 1980  ================ Scan services =============================
16:03:16.0867 1980  0260261375508096mcinstcleanup - ok
16:03:16.0977 1980  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:03:16.0977 1980  1394ohci - ok
16:03:17.0023 1980  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:03:17.0023 1980  ACPI - ok
16:03:17.0039 1980  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:03:17.0039 1980  AcpiPmi - ok
16:03:17.0101 1980  [ 0D4C486A24A711A45FD83ACDF4D18506 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:03:17.0101 1980  AdobeFlashPlayerUpdateSvc - ok
16:03:17.0133 1980  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
16:03:17.0148 1980  adp94xx - ok
16:03:17.0164 1980  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
16:03:17.0164 1980  adpahci - ok
16:03:17.0179 1980  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
16:03:17.0179 1980  adpu320 - ok
16:03:17.0211 1980  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:03:17.0211 1980  AeLookupSvc - ok
16:03:17.0242 1980  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
16:03:17.0242 1980  AFD - ok
16:03:17.0257 1980  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
16:03:17.0257 1980  agp440 - ok
16:03:17.0289 1980  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
16:03:17.0289 1980  aic78xx - ok
16:03:17.0304 1980  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
16:03:17.0304 1980  ALG - ok
16:03:17.0335 1980  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:03:17.0335 1980  aliide - ok
16:03:17.0367 1980  [ 89DD6104E542552DAF25F42A30F75E08 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:03:17.0367 1980  AMD External Events Utility - ok
16:03:17.0398 1980  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
16:03:17.0398 1980  amdagp - ok
16:03:17.0413 1980  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
16:03:17.0413 1980  amdide - ok
16:03:17.0445 1980  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
16:03:17.0445 1980  AmdK8 - ok
16:03:17.0585 1980  [ 03AC6735672F15CEAAB502E4349286E0 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
16:03:17.0694 1980  amdkmdag - ok
16:03:17.0710 1980  [ F566C90E4BBE387E905130B6E490DCCD ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
16:03:17.0710 1980  amdkmdap - ok
16:03:17.0741 1980  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:03:17.0741 1980  AmdPPM - ok
16:03:17.0757 1980  [ E7F4D42D8076EC60E21715CD11743A0D ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:03:17.0757 1980  amdsata - ok
16:03:17.0772 1980  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
16:03:17.0772 1980  amdsbs - ok
16:03:17.0803 1980  [ 146459D2B08BFDCBFA856D9947043C81 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:03:17.0803 1980  amdxata - ok
16:03:17.0835 1980  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
16:03:17.0835 1980  AppID - ok
16:03:17.0866 1980  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:03:17.0866 1980  AppIDSvc - ok
16:03:17.0897 1980  [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo         C:\Windows\System32\appinfo.dll
16:03:17.0897 1980  Appinfo - ok
16:03:17.0975 1980  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:03:17.0975 1980  Apple Mobile Device - ok
16:03:18.0006 1980  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
16:03:18.0022 1980  arc - ok
16:03:18.0037 1980  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
16:03:18.0037 1980  arcsas - ok
16:03:18.0115 1980  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:03:18.0131 1980  aspnet_state - ok
16:03:18.0131 1980  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:03:18.0131 1980  AsyncMac - ok
16:03:18.0162 1980  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
16:03:18.0162 1980  atapi - ok
16:03:18.0209 1980  [ 30F8648437230ABE8C7EFE025194B0FC ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
16:03:18.0209 1980  AtiHdmiService - ok
16:03:18.0240 1980  [ 6E996CF8459A2594E0E9609D0E34D41F ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
16:03:18.0240 1980  atksgt - ok
16:03:18.0287 1980  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:03:18.0287 1980  AudioEndpointBuilder - ok
16:03:18.0287 1980  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
16:03:18.0287 1980  Audiosrv - ok
16:03:18.0334 1980  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:03:18.0334 1980  AxInstSV - ok
16:03:18.0381 1980  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
16:03:18.0396 1980  b06bdrv - ok
16:03:18.0412 1980  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
16:03:18.0412 1980  b57nd60x - ok
16:03:18.0443 1980  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:03:18.0443 1980  BDESVC - ok
16:03:18.0459 1980  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:03:18.0459 1980  Beep - ok
16:03:18.0505 1980  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
16:03:18.0505 1980  BFE - ok
16:03:18.0521 1980  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
16:03:18.0521 1980  BITS - ok
16:03:18.0537 1980  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:03:18.0537 1980  blbdrive - ok
16:03:18.0599 1980  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:03:18.0599 1980  Bonjour Service - ok
16:03:18.0630 1980  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:03:18.0630 1980  bowser - ok
16:03:18.0646 1980  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:03:18.0646 1980  BrFiltLo - ok
16:03:18.0661 1980  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:03:18.0661 1980  BrFiltUp - ok
16:03:18.0677 1980  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
16:03:18.0677 1980  BridgeMP - ok
16:03:18.0708 1980  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
16:03:18.0708 1980  Browser - ok
16:03:18.0724 1980  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:03:18.0739 1980  Brserid - ok
16:03:18.0739 1980  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:03:18.0739 1980  BrSerWdm - ok
16:03:18.0771 1980  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:03:18.0771 1980  BrUsbMdm - ok
16:03:18.0771 1980  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:03:18.0786 1980  BrUsbSer - ok
16:03:18.0786 1980  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:03:18.0786 1980  BTHMODEM - ok
16:03:18.0833 1980  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
16:03:18.0833 1980  bthserv - ok
16:03:18.0849 1980  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:03:18.0849 1980  cdfs - ok
16:03:18.0880 1980  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
16:03:18.0880 1980  cdrom - ok
16:03:18.0927 1980  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
16:03:18.0927 1980  CertPropSvc - ok
16:03:18.0942 1980  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:03:18.0942 1980  circlass - ok
16:03:18.0958 1980  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
16:03:18.0958 1980  CLFS - ok
16:03:19.0005 1980  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:03:19.0005 1980  clr_optimization_v2.0.50727_32 - ok
16:03:19.0051 1980  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:03:19.0051 1980  clr_optimization_v4.0.30319_32 - ok
16:03:19.0083 1980  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:03:19.0083 1980  CmBatt - ok
16:03:19.0098 1980  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:03:19.0098 1980  cmdide - ok
16:03:19.0129 1980  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
16:03:19.0129 1980  CNG - ok
16:03:19.0145 1980  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:03:19.0145 1980  Compbatt - ok
16:03:19.0176 1980  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
16:03:19.0176 1980  CompositeBus - ok
16:03:19.0192 1980  COMSysApp - ok
16:03:19.0207 1980  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
16:03:19.0207 1980  crcdisk - ok
16:03:19.0223 1980  [ 3897DFF247D9ED0006190349DE264E14 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:03:19.0239 1980  CryptSvc - ok
16:03:19.0270 1980  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:03:19.0270 1980  DcomLaunch - ok
16:03:19.0301 1980  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
16:03:19.0301 1980  defragsvc - ok
16:03:19.0332 1980  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:03:19.0332 1980  DfsC - ok
16:03:19.0363 1980  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:03:19.0363 1980  Dhcp - ok
16:03:19.0379 1980  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
16:03:19.0379 1980  discache - ok
16:03:19.0426 1980  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
16:03:19.0426 1980  Disk - ok
16:03:19.0441 1980  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:03:19.0441 1980  Dnscache - ok
16:03:19.0473 1980  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:03:19.0473 1980  dot3svc - ok
16:03:19.0504 1980  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
16:03:19.0504 1980  DPS - ok
16:03:19.0535 1980  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:03:19.0535 1980  drmkaud - ok
16:03:19.0551 1980  [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:03:19.0566 1980  DXGKrnl - ok
16:03:19.0597 1980  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
16:03:19.0597 1980  EapHost - ok
16:03:19.0675 1980  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
16:03:19.0738 1980  ebdrv - ok
16:03:19.0753 1980  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
16:03:19.0753 1980  EFS - ok
16:03:19.0831 1980  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:03:19.0831 1980  ehRecvr - ok
16:03:19.0863 1980  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
16:03:19.0863 1980  ehSched - ok
16:03:19.0894 1980  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
16:03:19.0894 1980  elxstor - ok
16:03:19.0956 1980  [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
16:03:19.0956 1980  EpsonBidirectionalService - ok
16:03:19.0987 1980  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:03:20.0003 1980  ErrDev - ok
16:03:20.0034 1980  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
16:03:20.0034 1980  EventSystem - ok
16:03:20.0050 1980  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
16:03:20.0050 1980  exfat - ok
16:03:20.0065 1980  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:03:20.0065 1980  fastfat - ok
16:03:20.0112 1980  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
16:03:20.0112 1980  Fax - ok
16:03:20.0159 1980  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:03:20.0159 1980  fdc - ok
16:03:20.0159 1980  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
16:03:20.0159 1980  fdPHost - ok
16:03:20.0175 1980  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
16:03:20.0175 1980  FDResPub - ok
16:03:20.0175 1980  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:03:20.0175 1980  FileInfo - ok
16:03:20.0190 1980  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:03:20.0190 1980  Filetrace - ok
16:03:20.0206 1980  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:03:20.0206 1980  flpydisk - ok
16:03:20.0221 1980  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:03:20.0221 1980  FltMgr - ok
16:03:20.0268 1980  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
16:03:20.0268 1980  FontCache - ok
16:03:20.0331 1980  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:03:20.0331 1980  FontCache3.0.0.0 - ok
16:03:20.0346 1980  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:03:20.0346 1980  FsDepends - ok
16:03:20.0362 1980  [ D909075FA72C090F27AA926C32CB4612 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
16:03:20.0362 1980  fssfltr - ok
16:03:20.0424 1980  [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
16:03:20.0455 1980  fsssvc - ok
16:03:20.0471 1980  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:03:20.0471 1980  Fs_Rec - ok
16:03:20.0502 1980  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:03:20.0502 1980  fvevol - ok
16:03:20.0533 1980  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
16:03:20.0533 1980  gagp30kx - ok
16:03:20.0580 1980  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:03:20.0580 1980  GEARAspiWDM - ok
16:03:20.0611 1980  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
16:03:20.0627 1980  gpsvc - ok
16:03:20.0643 1980  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:03:20.0643 1980  hcw85cir - ok
16:03:20.0689 1980  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
16:03:20.0689 1980  HDAudBus - ok
16:03:20.0705 1980  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
16:03:20.0705 1980  HidBatt - ok
16:03:20.0721 1980  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
16:03:20.0721 1980  HidBth - ok
16:03:20.0752 1980  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
16:03:20.0752 1980  HidIr - ok
16:03:20.0783 1980  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\System32\hidserv.dll
16:03:20.0783 1980  hidserv - ok
16:03:20.0783 1980  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:03:20.0783 1980  HidUsb - ok
16:03:20.0814 1980  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:03:20.0814 1980  hkmsvc - ok
16:03:20.0830 1980  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:03:20.0830 1980  HomeGroupListener - ok
16:03:20.0861 1980  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:03:20.0861 1980  HomeGroupProvider - ok
16:03:20.0877 1980  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:03:20.0877 1980  HpSAMD - ok
16:03:20.0923 1980  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:03:20.0923 1980  HTTP - ok
16:03:20.0955 1980  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:03:20.0955 1980  hwpolicy - ok
16:03:21.0001 1980  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
16:03:21.0001 1980  i8042prt - ok
16:03:21.0017 1980  [ A3CAE5D281DB4CFF7CFF8233507EE5AD ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:03:21.0017 1980  iaStorV - ok
16:03:21.0095 1980  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:03:21.0095 1980  idsvc - ok
16:03:21.0126 1980  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
16:03:21.0126 1980  iirsp - ok
16:03:21.0173 1980  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
16:03:21.0189 1980  IKEEXT - ok
16:03:21.0235 1980  [ 43F5535AA4D6C75A37F70FB9C561CC9B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
16:03:21.0298 1980  IntcAzAudAddService - ok
16:03:21.0329 1980  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:03:21.0329 1980  intelide - ok
16:03:21.0345 1980  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:03:21.0345 1980  intelppm - ok
16:03:21.0407 1980  [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
16:03:21.0407 1980  IntuitUpdateServiceV4 - ok
16:03:21.0438 1980  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:03:21.0438 1980  IPBusEnum - ok
16:03:21.0454 1980  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:03:21.0454 1980  IpFilterDriver - ok
16:03:21.0501 1980  [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:03:21.0501 1980  iphlpsvc - ok
16:03:21.0532 1980  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:03:21.0532 1980  IPMIDRV - ok
16:03:21.0563 1980  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:03:21.0563 1980  IPNAT - ok
16:03:21.0594 1980  [ E46B17060D3962A384AE484094614788 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
16:03:21.0594 1980  iPod Service - ok
16:03:21.0610 1980  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:03:21.0610 1980  IRENUM - ok
16:03:21.0625 1980  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:03:21.0625 1980  isapnp - ok
16:03:21.0641 1980  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:03:21.0641 1980  iScsiPrt - ok
16:03:21.0688 1980  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
16:03:21.0688 1980  kbdclass - ok
16:03:21.0703 1980  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
16:03:21.0703 1980  kbdhid - ok
16:03:21.0719 1980  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
16:03:21.0719 1980  KeyIso - ok
16:03:21.0735 1980  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:03:21.0735 1980  KSecDD - ok
16:03:21.0750 1980  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:03:21.0750 1980  KSecPkg - ok
16:03:21.0781 1980  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:03:21.0781 1980  KtmRm - ok
16:03:21.0828 1980  [ 24ABDDEB766C8459F9D562EB083B6CB8 ] L1E             C:\Windows\system32\DRIVERS\L1E60x86.sys
16:03:21.0828 1980  L1E - ok
16:03:21.0875 1980  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\System32\srvsvc.dll
16:03:21.0875 1980  LanmanServer - ok
16:03:21.0875 1980  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:03:21.0891 1980  LanmanWorkstation - ok
16:03:21.0891 1980  [ 975B6CF65F44E95883F3855BAE8CECAF ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
16:03:21.0906 1980  lirsgt - ok
16:03:21.0937 1980  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:03:21.0937 1980  lltdio - ok
16:03:21.0969 1980  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:03:21.0969 1980  lltdsvc - ok
16:03:21.0984 1980  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:03:21.0984 1980  lmhosts - ok
16:03:22.0015 1980  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
16:03:22.0015 1980  LSI_FC - ok
16:03:22.0015 1980  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
16:03:22.0031 1980  LSI_SAS - ok
16:03:22.0047 1980  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:03:22.0047 1980  LSI_SAS2 - ok
16:03:22.0062 1980  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:03:22.0062 1980  LSI_SCSI - ok
16:03:22.0078 1980  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
16:03:22.0078 1980  luafv - ok
16:03:22.0109 1980  [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy   C:\Windows\system32\drivers\mbamswissarmy.sys
16:03:22.0109 1980  MBAMSwissArmy - ok
16:03:22.0171 1980  [ E6CB119EF2E148EAA1A247343550756E ] McciCMService   C:\Program Files\Common Files\Motive\McciCMService.exe
16:03:22.0171 1980  McciCMService - ok
16:03:22.0203 1980  [ EEE1EA23C4777ADB268A36196A631200 ] McciServiceHost C:\Program Files\Common Files\Motive\McciServiceHost.exe
16:03:22.0203 1980  McciServiceHost - ok
16:03:22.0218 1980  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:03:22.0234 1980  Mcx2Svc - ok
16:03:22.0249 1980  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
16:03:22.0249 1980  megasas - ok
16:03:22.0281 1980  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
16:03:22.0281 1980  MegaSR - ok
16:03:22.0312 1980  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
16:03:22.0327 1980  MMCSS - ok
16:03:22.0343 1980  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
16:03:22.0343 1980  Modem - ok
16:03:22.0359 1980  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:03:22.0359 1980  monitor - ok
16:03:22.0405 1980  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:03:22.0405 1980  mouclass - ok
16:03:22.0405 1980  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:03:22.0405 1980  mouhid - ok
16:03:22.0437 1980  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:03:22.0437 1980  mountmgr - ok
16:03:22.0468 1980  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:03:22.0468 1980  mpio - ok
16:03:22.0483 1980  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:03:22.0483 1980  mpsdrv - ok
16:03:22.0515 1980  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:03:22.0530 1980  MpsSvc - ok
16:03:22.0546 1980  [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50         C:\Program Files\Common Files\Motive\MREMP50.sys
16:03:22.0546 1980  MREMP50 - ok
16:03:22.0561 1980  [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50         C:\Program Files\Common Files\Motive\MRESP50.sys
16:03:22.0561 1980  MRESP50 - ok
16:03:22.0593 1980  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:03:22.0593 1980  MRxDAV - ok
16:03:22.0624 1980  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:03:22.0624 1980  mrxsmb - ok
16:03:22.0639 1980  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:03:22.0639 1980  mrxsmb10 - ok
16:03:22.0639 1980  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:03:22.0639 1980  mrxsmb20 - ok
16:03:22.0671 1980  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
16:03:22.0671 1980  msahci - ok
16:03:22.0686 1980  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:03:22.0702 1980  msdsm - ok
16:03:22.0717 1980  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
16:03:22.0717 1980  MSDTC - ok
16:03:22.0780 1980  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:03:22.0780 1980  Msfs - ok
16:03:22.0780 1980  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:03:22.0780 1980  mshidkmdf - ok
16:03:22.0795 1980  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:03:22.0795 1980  msisadrv - ok
16:03:22.0827 1980  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:03:22.0827 1980  MSiSCSI - ok
16:03:22.0827 1980  msiserver - ok
16:03:22.0858 1980  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:03:22.0858 1980  MSKSSRV - ok
16:03:22.0873 1980  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:03:22.0873 1980  MSPCLOCK - ok
16:03:22.0889 1980  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:03:22.0889 1980  MSPQM - ok
16:03:22.0905 1980  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:03:22.0905 1980  MsRPC - ok
16:03:22.0951 1980  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
16:03:22.0951 1980  mssmbios - ok
16:03:22.0951 1980  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:03:22.0951 1980  MSTEE - ok
16:03:22.0967 1980  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
16:03:22.0967 1980  MTConfig - ok
16:03:23.0014 1980  [ DCDAAB8697A47894A554050CE18D0B56 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
16:03:23.0014 1980  MTsensor - ok
16:03:23.0014 1980  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:03:23.0029 1980  Mup - ok
16:03:23.0061 1980  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
16:03:23.0061 1980  napagent - ok
16:03:23.0092 1980  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:03:23.0092 1980  NativeWifiP - ok
16:03:23.0107 1980  [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:03:23.0123 1980  NDIS - ok
16:03:23.0139 1980  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:03:23.0139 1980  NdisCap - ok
16:03:23.0154 1980  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:03:23.0154 1980  NdisTapi - ok
16:03:23.0185 1980  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:03:23.0185 1980  Ndisuio - ok
16:03:23.0217 1980  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:03:23.0217 1980  NdisWan - ok
16:03:23.0232 1980  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:03:23.0232 1980  NDProxy - ok
16:03:23.0248 1980  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:03:23.0248 1980  NetBIOS - ok
16:03:23.0279 1980  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:03:23.0279 1980  NetBT - ok
16:03:23.0295 1980  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
16:03:23.0295 1980  Netlogon - ok
16:03:23.0326 1980  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
16:03:23.0326 1980  Netman - ok
16:03:23.0357 1980  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:03:23.0357 1980  NetMsmqActivator - ok
16:03:23.0373 1980  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:03:23.0373 1980  NetPipeActivator - ok
16:03:23.0404 1980  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
16:03:23.0404 1980  netprofm - ok
16:03:23.0451 1980  [ 0B6C6682882652E480332E92C320D3F4 ] netr28          C:\Windows\system32\DRIVERS\Dnetr28.sys
16:03:23.0466 1980  netr28 - ok
16:03:23.0466 1980  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:03:23.0466 1980  NetTcpActivator - ok
16:03:23.0466 1980  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:03:23.0466 1980  NetTcpPortSharing - ok
16:03:23.0513 1980  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
16:03:23.0513 1980  nfrd960 - ok
16:03:23.0544 1980  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:03:23.0544 1980  NlaSvc - ok
16:03:23.0560 1980  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:03:23.0560 1980  Npfs - ok
16:03:23.0560 1980  npggsvc - ok
16:03:23.0591 1980  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
16:03:23.0591 1980  nsi - ok
16:03:23.0607 1980  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:03:23.0607 1980  nsiproxy - ok
16:03:23.0638 1980  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:03:23.0653 1980  Ntfs - ok
16:03:23.0653 1980  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
16:03:23.0653 1980  Null - ok
16:03:23.0700 1980  [ AF2EEC9580C1D32FB7EAF105D9784061 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:03:23.0700 1980  nvraid - ok
16:03:23.0700 1980  [ 9283C58EBAA2618F93482EB5DABCEC82 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:03:23.0716 1980  nvstor - ok
16:03:23.0747 1980  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:03:23.0747 1980  nv_agp - ok
16:03:23.0763 1980  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:03:23.0763 1980  ohci1394 - ok
16:03:23.0778 1980  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:03:23.0778 1980  p2pimsvc - ok
16:03:23.0794 1980  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:03:23.0794 1980  p2psvc - ok
16:03:23.0809 1980  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
16:03:23.0809 1980  Parport - ok
16:03:23.0825 1980  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:03:23.0825 1980  partmgr - ok
16:03:23.0841 1980  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
16:03:23.0841 1980  Parvdm - ok
16:03:23.0856 1980  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:03:23.0856 1980  PcaSvc - ok
16:03:23.0887 1980  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
16:03:23.0887 1980  pci - ok
16:03:23.0903 1980  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
16:03:23.0903 1980  pciide - ok
16:03:23.0919 1980  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
16:03:23.0934 1980  pcmcia - ok
16:03:23.0950 1980  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
16:03:23.0950 1980  pcw - ok
16:03:23.0965 1980  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:03:23.0981 1980  PEAUTH - ok
16:03:24.0043 1980  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
16:03:24.0059 1980  pla - ok
16:03:24.0090 1980  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:03:24.0090 1980  PlugPlay - ok
16:03:24.0121 1980  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:03:24.0121 1980  PNRPAutoReg - ok
16:03:24.0137 1980  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:03:24.0137 1980  PNRPsvc - ok
16:03:24.0168 1980  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:03:24.0168 1980  PolicyAgent - ok
16:03:24.0184 1980  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
16:03:24.0184 1980  Power - ok
16:03:24.0215 1980  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:03:24.0215 1980  PptpMiniport - ok
16:03:24.0231 1980  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
16:03:24.0231 1980  Processor - ok
16:03:24.0246 1980  [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:03:24.0246 1980  ProfSvc - ok
16:03:24.0277 1980  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:03:24.0277 1980  ProtectedStorage - ok
16:03:24.0277 1980  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:03:24.0277 1980  Psched - ok
16:03:24.0309 1980  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
16:03:24.0340 1980  ql2300 - ok
16:03:24.0355 1980  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
16:03:24.0355 1980  ql40xx - ok
16:03:24.0387 1980  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
16:03:24.0387 1980  QWAVE - ok
16:03:24.0402 1980  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:03:24.0402 1980  QWAVEdrv - ok
16:03:24.0418 1980  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:03:24.0418 1980  RasAcd - ok
16:03:24.0449 1980  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:03:24.0449 1980  RasAgileVpn - ok
16:03:24.0465 1980  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
16:03:24.0465 1980  RasAuto - ok
16:03:24.0480 1980  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:03:24.0480 1980  Rasl2tp - ok
16:03:24.0527 1980  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
16:03:24.0527 1980  RasMan - ok
16:03:24.0543 1980  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:03:24.0543 1980  RasPppoe - ok
16:03:24.0558 1980  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:03:24.0558 1980  RasSstp - ok
16:03:24.0574 1980  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:03:24.0574 1980  rdbss - ok
16:03:24.0589 1980  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
16:03:24.0589 1980  rdpbus - ok
16:03:24.0621 1980  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:03:24.0621 1980  RDPCDD - ok
16:03:24.0636 1980  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:03:24.0636 1980  RDPENCDD - ok
16:03:24.0636 1980  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:03:24.0636 1980  RDPREFMP - ok
16:03:24.0667 1980  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:03:24.0667 1980  RDPWD - ok
16:03:24.0667 1980  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:03:24.0667 1980  rdyboost - ok
16:03:24.0699 1980  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:03:24.0699 1980  RemoteAccess - ok
16:03:24.0730 1980  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:03:24.0730 1980  RemoteRegistry - ok
16:03:24.0745 1980  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:03:24.0745 1980  RpcEptMapper - ok
16:03:24.0777 1980  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
16:03:24.0777 1980  RpcLocator - ok
16:03:24.0777 1980  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
16:03:24.0792 1980  RpcSs - ok
16:03:24.0823 1980  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:03:24.0823 1980  rspndr - ok
16:03:24.0823 1980  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
16:03:24.0823 1980  SamSs - ok
16:03:24.0870 1980  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:03:24.0870 1980  sbp2port - ok
16:03:24.0933 1980  [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService  C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
16:03:24.0948 1980  SBSDWSCService - ok
16:03:24.0979 1980  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:03:24.0979 1980  SCardSvr - ok
16:03:24.0995 1980  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:03:24.0995 1980  scfilter - ok
16:03:25.0026 1980  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
16:03:25.0026 1980  Schedule - ok
16:03:25.0042 1980  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:03:25.0042 1980  SCPolicySvc - ok
16:03:25.0073 1980  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:03:25.0073 1980  SDRSVC - ok
16:03:25.0104 1980  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:03:25.0104 1980  secdrv - ok
16:03:25.0104 1980  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
16:03:25.0104 1980  seclogon - ok
16:03:25.0135 1980  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
16:03:25.0135 1980  SENS - ok
16:03:25.0151 1980  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:03:25.0151 1980  SensrSvc - ok
16:03:25.0182 1980  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
16:03:25.0182 1980  Serenum - ok
16:03:25.0213 1980  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:03:25.0213 1980  Serial - ok
16:03:25.0229 1980  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
16:03:25.0229 1980  sermouse - ok
16:03:25.0276 1980  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:03:25.0276 1980  SessionEnv - ok
16:03:25.0307 1980  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:03:25.0307 1980  sffdisk - ok
16:03:25.0307 1980  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:03:25.0307 1980  sffp_mmc - ok
16:03:25.0323 1980  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:03:25.0323 1980  sffp_sd - ok
16:03:25.0338 1980  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
16:03:25.0338 1980  sfloppy - ok
16:03:25.0354 1980  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:03:25.0369 1980  SharedAccess - ok
16:03:25.0385 1980  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:03:25.0385 1980  ShellHWDetection - ok
16:03:25.0416 1980  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
16:03:25.0416 1980  sisagp - ok
16:03:25.0447 1980  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:03:25.0447 1980  SiSRaid2 - ok
16:03:25.0463 1980  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
16:03:25.0463 1980  SiSRaid4 - ok
16:03:25.0494 1980  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
16:03:25.0494 1980  SkypeUpdate - ok
16:03:25.0525 1980  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:03:25.0525 1980  Smb - ok
16:03:25.0557 1980  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:03:25.0557 1980  SNMPTRAP - ok
16:03:25.0557 1980  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:03:25.0557 1980  spldr - ok
16:03:25.0603 1980  [ 866A43013535DC8587C258E43579C764 ] Spooler         C:\Windows\System32\spoolsv.exe
16:03:25.0603 1980  Spooler - ok
16:03:25.0650 1980  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
16:03:25.0666 1980  sppsvc - ok
16:03:25.0713 1980  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:03:25.0713 1980  sppuinotify - ok
16:03:25.0744 1980  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:03:25.0744 1980  srv - ok
16:03:25.0759 1980  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:03:25.0759 1980  srv2 - ok
16:03:25.0775 1980  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:03:25.0775 1980  srvnet - ok
16:03:25.0806 1980  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:03:25.0806 1980  SSDPSRV - ok
16:03:25.0822 1980  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:03:25.0822 1980  SstpSvc - ok
16:03:25.0853 1980  Steam Client Service - ok
16:03:25.0869 1980  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
16:03:25.0869 1980  stexstor - ok
16:03:25.0900 1980  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
16:03:25.0900 1980  StiSvc - ok
16:03:25.0931 1980  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
16:03:25.0931 1980  swenum - ok
16:03:25.0947 1980  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
16:03:25.0947 1980  swprv - ok
16:03:25.0978 1980  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
16:03:25.0993 1980  SysMain - ok
16:03:25.0993 1980  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:03:25.0993 1980  TabletInputService - ok
16:03:26.0134 1980  [ 12C4A1FD9494118C7DB8B70E6A4AD03B ] TabletServicePen C:\Program Files\Tablet\Pen\Pen_Tablet.exe
16:03:26.0212 1980  TabletServicePen - ok
16:03:26.0243 1980  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:03:26.0243 1980  TapiSrv - ok
16:03:26.0259 1980  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
16:03:26.0259 1980  TBS - ok
16:03:26.0305 1980  [ D32FDAC73FCD76B85389C39BC1087F2A ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:03:26.0321 1980  Tcpip - ok
16:03:26.0337 1980  [ D32FDAC73FCD76B85389C39BC1087F2A ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:03:26.0352 1980  TCPIP6 - ok
16:03:26.0368 1980  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:03:26.0368 1980  tcpipreg - ok
16:03:26.0399 1980  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:03:26.0399 1980  TDPIPE - ok
16:03:26.0415 1980  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:03:26.0415 1980  TDTCP - ok
16:03:26.0430 1980  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:03:26.0430 1980  tdx - ok
16:03:26.0430 1980  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
16:03:26.0430 1980  TermDD - ok
16:03:26.0461 1980  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
16:03:26.0477 1980  TermService - ok
16:03:26.0477 1980  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
16:03:26.0477 1980  Themes - ok
16:03:26.0493 1980  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
16:03:26.0493 1980  THREADORDER - ok
16:03:26.0539 1980  [ 8D83C60DE67C2DB212452D8EBE7CA196 ] TouchServicePen C:\Program Files\Tablet\Pen\Pen_TouchService.exe
16:03:26.0539 1980  TouchServicePen - ok
16:03:26.0555 1980  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
16:03:26.0555 1980  TrkWks - ok
16:03:26.0602 1980  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:03:26.0617 1980  TrustedInstaller - ok
16:03:26.0617 1980  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:03:26.0617 1980  tssecsrv - ok
16:03:26.0664 1980  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:03:26.0664 1980  TsUsbFlt - ok
16:03:26.0711 1980  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:03:26.0711 1980  tunnel - ok
16:03:26.0727 1980  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
16:03:26.0742 1980  uagp35 - ok
16:03:26.0758 1980  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:03:26.0758 1980  udfs - ok
16:03:26.0789 1980  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:03:26.0789 1980  UI0Detect - ok
16:03:26.0820 1980  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:03:26.0820 1980  uliagpkx - ok
16:03:26.0867 1980  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:03:26.0867 1980  umbus - ok
16:03:26.0883 1980  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
16:03:26.0883 1980  UmPass - ok
16:03:26.0914 1980  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
16:03:26.0914 1980  upnphost - ok
16:03:26.0929 1980  [ 7E72E7D7E0757D59481D530FD2B0BFAE ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:03:26.0929 1980  usbccgp - ok
16:03:26.0929 1980  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:03:26.0945 1980  usbcir - ok
16:03:26.0961 1980  [ CFBCE999C057D78979A181C9C60F208E ] usbehci         C:\Windows\system32\drivers\usbehci.sys
16:03:26.0961 1980  usbehci - ok
16:03:26.0976 1980  [ 9D22AAD9AC6A07C691A1113E5F860868 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
16:03:26.0976 1980  usbhub - ok
16:03:26.0992 1980  [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
16:03:26.0992 1980  usbohci - ok
16:03:27.0007 1980  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:03:27.0007 1980  usbprint - ok
16:03:27.0023 1980  [ BF63EBFC6979FEFB2BC03DF7989A0C1A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:03:27.0023 1980  USBSTOR - ok
16:03:27.0023 1980  [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
16:03:27.0023 1980  usbuhci - ok
16:03:27.0039 1980  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
16:03:27.0039 1980  UxSms - ok
16:03:27.0039 1980  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
16:03:27.0039 1980  VaultSvc - ok
16:03:27.0054 1980  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:03:27.0054 1980  vdrvroot - ok
16:03:27.0085 1980  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
16:03:27.0085 1980  vds - ok
16:03:27.0101 1980  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:03:27.0101 1980  vga - ok
16:03:27.0101 1980  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:03:27.0101 1980  VgaSave - ok
16:03:27.0117 1980  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:03:27.0117 1980  vhdmp - ok
16:03:27.0148 1980  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
16:03:27.0148 1980  viaagp - ok
16:03:27.0163 1980  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
16:03:27.0163 1980  ViaC7 - ok
16:03:27.0179 1980  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
16:03:27.0179 1980  viaide - ok
16:03:27.0179 1980  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:03:27.0179 1980  volmgr - ok
16:03:27.0195 1980  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:03:27.0195 1980  volmgrx - ok
16:03:27.0210 1980  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:03:27.0210 1980  volsnap - ok
16:03:27.0241 1980  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
16:03:27.0241 1980  vsmraid - ok
16:03:27.0273 1980  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
16:03:27.0288 1980  VSS - ok
16:03:27.0288 1980  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
16:03:27.0288 1980  vwifibus - ok
16:03:27.0319 1980  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
16:03:27.0319 1980  W32Time - ok
16:03:27.0351 1980  [ F24EE97511FB901189E11CBBD51605BA ] wacmoumonitor   C:\Windows\system32\DRIVERS\wacmoumonitor.sys
16:03:27.0351 1980  wacmoumonitor - ok
16:03:27.0366 1980  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
16:03:27.0366 1980  WacomPen - ok
16:03:27.0397 1980  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:03:27.0397 1980  WANARP - ok
16:03:27.0397 1980  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:03:27.0397 1980  Wanarpv6 - ok
16:03:27.0460 1980  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
16:03:27.0491 1980  WatAdminSvc - ok
16:03:27.0522 1980  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
16:03:27.0553 1980  wbengine - ok
16:03:27.0585 1980  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:03:27.0585 1980  WbioSrvc - ok
16:03:27.0616 1980  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:03:27.0616 1980  wcncsvc - ok
16:03:27.0631 1980  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:03:27.0631 1980  WcsPlugInService - ok
16:03:27.0647 1980  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
16:03:27.0647 1980  Wd - ok
16:03:27.0663 1980  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:03:27.0678 1980  Wdf01000 - ok
16:03:27.0678 1980  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:03:27.0678 1980  WdiServiceHost - ok
16:03:27.0678 1980  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:03:27.0694 1980  WdiSystemHost - ok
16:03:27.0709 1980  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
16:03:27.0725 1980  WebClient - ok
16:03:27.0741 1980  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:03:27.0741 1980  Wecsvc - ok
16:03:27.0756 1980  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:03:27.0756 1980  wercplsupport - ok
16:03:27.0772 1980  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:03:27.0772 1980  WerSvc - ok
16:03:27.0787 1980  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:03:27.0787 1980  WfpLwf - ok
16:03:27.0803 1980  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:03:27.0803 1980  WIMMount - ok
16:03:27.0850 1980  [ 082CF481F659FAE0DE51AD060881EB47 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
16:03:27.0850 1980  WinDefend - ok
16:03:27.0865 1980  WinHttpAutoProxySvc - ok
16:03:27.0928 1980  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:03:27.0928 1980  Winmgmt - ok
16:03:27.0975 1980  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
16:03:27.0990 1980  WinRM - ok
16:03:28.0037 1980  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:03:28.0053 1980  Wlansvc - ok
16:03:28.0115 1980  [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:03:28.0115 1980  wlcrasvc - ok
16:03:28.0193 1980  [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:03:28.0224 1980  wlidsvc - ok
16:03:28.0255 1980  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
16:03:28.0255 1980  WmiAcpi - ok
16:03:28.0271 1980  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:03:28.0271 1980  wmiApSrv - ok
16:03:28.0333 1980  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
16:03:28.0349 1980  WMPNetworkSvc - ok
16:03:28.0365 1980  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:03:28.0365 1980  WPCSvc - ok
16:03:28.0396 1980  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:03:28.0396 1980  WPDBusEnum - ok
16:03:28.0427 1980  WPFFontCache_v0400 - ok
16:03:28.0458 1980  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:03:28.0458 1980  ws2ifsl - ok
16:03:28.0458 1980  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\system32\wscsvc.dll
16:03:28.0458 1980  wscsvc - ok
16:03:28.0474 1980  WSearch - ok
16:03:28.0505 1980  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
16:03:28.0521 1980  wuauserv - ok
16:03:28.0552 1980  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:03:28.0552 1980  WudfPf - ok
16:03:28.0567 1980  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:03:28.0583 1980  wudfsvc - ok
16:03:28.0599 1980  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:03:28.0614 1980  WwanSvc - ok
16:03:28.0645 1980  [ A640C90B007762939507C28A021BE3B3 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
16:03:28.0645 1980  xusb21 - ok
16:03:28.0645 1980  ================ Scan global ===============================
16:03:28.0677 1980  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
16:03:28.0692 1980  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
16:03:28.0692 1980  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
16:03:28.0723 1980  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
16:03:28.0755 1980  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
16:03:28.0755 1980  [Global] - ok
16:03:28.0755 1980  ================ Scan MBR ==================================
16:03:28.0755 1980  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:03:28.0957 1980  \Device\Harddisk0\DR0 - ok
16:03:28.0957 1980  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
16:03:29.0035 1980  \Device\Harddisk1\DR1 - ok
16:03:29.0035 1980  ================ Scan VBR ==================================
16:03:29.0035 1980  [ 3CC8CA1F05CD991854F5DAE75CCDB9D4 ] \Device\Harddisk0\DR0\Partition1
16:03:29.0035 1980  \Device\Harddisk0\DR0\Partition1 - ok
16:03:29.0035 1980  [ C9B13BA56C0EA5EA657B7F5B04F40276 ] \Device\Harddisk1\DR1\Partition1
16:03:29.0035 1980  \Device\Harddisk1\DR1\Partition1 - ok
16:03:29.0035 1980  ============================================================
16:03:29.0035 1980  Scan finished
16:03:29.0035 1980  ============================================================
16:03:29.0051 0692  Detected object count: 0
16:03:29.0051 0692  Actual detected object count: 0
16:04:01.0951 1976  Deinitialize success
______________________________________________________________________

 

ESET

 

C:\Users\User\Downloads\AIM_Install.exe    Win32/OpenCandy application
 

 

 

 

 

 

 

 



#4 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:09 PM

Posted 05 August 2013 - 02:34 PM

Do you still got the messages from your AV (McAfee)?


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#5 Dwapook

Dwapook
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 05 August 2013 - 03:34 PM

Unfortunately not.. x.X!



#6 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:09 PM

Posted 05 August 2013 - 03:49 PM

One more test:

 

Download Malwarebytes Anti-Rootkit from HERE to your Desktop.

  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

 

===

 

:step1: My advice is to keep your computer up to date with Windows Updates, Java and Adobe Reader and Flash Player.

 

:step2: Use WOT to inspect sites if they are safe or not :http://www.mywot.com/

 

:step3: A good working AntiVirus is also important. I personally advice Avast free or Avira. MSE it's detection is not so great.

 

:step4: Let's check how good your security is:

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#7 Dwapook

Dwapook
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 06 August 2013 - 02:01 AM

Thanks for all the help so far, and the advice! Been having a lot of trouble figuring out a good antivirus programs to use.. Posted logs below!

 

______________________________________________________________________

 

mbar-log-2013-08-05 (23-20-01)

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.08.06.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16635
User :: EMPI [administrator]

8/5/2013 11:20:01 PM
mbar-log-2013-08-05 (23-20-01).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 273448
Time elapsed: 10 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

 

 

 

______________________________________________________________________

 

system-log (MBAR)

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 10.0.9200.16635

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.997000 GHz
Memory total: 3488735232, free: 2986287104

Downloaded database version: v2013.08.06.01
Downloaded database version: v2013.07.29.01
Initializing...
DDA Driver installation error.
Driver installed on boot. Reboot required.

System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 10.0.9200.16635

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.997000 GHz
Memory total: 3488735232, free: 2727362560

Initializing...
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff85d70ac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006c\
Lower Device Object: 0xffffffff87e36878
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86b16860
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\
Lower Device Object: 0xffffffff86a80908
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86b16860, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86b16498, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86b16860, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86698918, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff86a80908, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F6453545

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 976769024
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff85d70ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85d6fd10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85d70ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff87e36878, DeviceName: \Device\0000006c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C3072E18

Partition information:

    Partition 0 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 112  Numsec = 31405712

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 16079781888 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...
Removal finished
 

 

 

______________________________________________________________________

 

checkup (Security Check)

 

 Results of screen317's Security Check version 0.99.71  
 Windows 7 Service Pack 1 x86 (UAC is disabled!)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Flash Player     11.1.102.55  
 Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 


Edited by Dwapook, 06 August 2013 - 02:04 AM.


#8 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:09 PM

Posted 06 August 2013 - 03:30 AM

:step1: Update Adobe Reader ==> http://get.adobe.com/reader/

 

:step2: I would remove Spybot (no longer recommend by his low detection ratio), MBAM is good replacement.

 

:step3: Activate UAC (in the Control panel somewhere), it's a strong risk if it's disabled.

 

:step4: You must reinstall McAfee, it think it has been damaged.


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#9 Dwapook

Dwapook
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 06 August 2013 - 10:38 PM

Uhm.. Steps completed! Is there anything left for me to do?



#10 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:09 PM

Posted 07 August 2013 - 02:27 AM

Just one more scan to check your services:

 

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#11 Dwapook

Dwapook
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 07 August 2013 - 06:42 PM

Just did it.. Log is below! Danke!

 

_____________________________________________________________________________

 

Farbar Service Scanner Version: 04-08-2013
Ran by User (administrator) on 07-08-2013 at 16:41:36
Running from "C:\Users\User\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-09 19:11] - [2013-05-26 21:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47

C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****



#12 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:09 PM

Posted 08 August 2013 - 02:53 AM

It's OK, still issues left?


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#13 Dwapook

Dwapook
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 08 August 2013 - 03:58 AM

None have popped up, though haven't been using the computer much lately aside from following the steps you outlined..  Eh hopefully whatever happened was just a fluke.. Thanks for all your help!!


Edited by Dwapook, 08 August 2013 - 09:02 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users