Sign in to follow this  
Followers 0
JRK5800

Anti-Malware not deleting viruses? Heuristic/Trojan/Backdoor.

5 posts in this topic

I have run the scans on my laptop multiple times and each time I get 17-22 different viruses. I get the Heuristic every time and the Trojan about 98% of the time. Then I get something called Backdoor.

Every time I quarantine the detected objects and then it says to reboot the system. When I reboot the system, it tells me all the viruses could not be deleted. I really don't know if it deleted ANY of them.

I run the scan again and it continues to show the viruses.

I don't know what else to do.

Here are the results from the scan reports EEK/OTL:

0

Share this post


Link to post
Share on other sites

Hello, and welcome to Emsisoft Support forum!

It looks like you have a rootkit infection. Also, could you please let me know if you can log on normally to your Windows userprofile?

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

0

Share this post


Link to post
Share on other sites

I do not have trouble logging into Windows from startup.

However, some window pops up when I get to the desktop that says RunDDL at the top. I don't have a clue what this means but I have never seen it until I began having issues with the viruses.

I am able to log into my windows but it runs very very slow.

Here are the results from the TDSSKiller:

15:11:16.0619 8828 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

15:11:18.0622 8828 ============================================================

15:11:18.0622 8828 Current date / time: 2012/08/01 15:11:18.0622

15:11:18.0622 8828 SystemInfo:

15:11:18.0622 8828

15:11:18.0622 8828 OS Version: 6.1.7601 ServicePack: 1.0

15:11:18.0622 8828 Product type: Workstation

15:11:18.0622 8828 ComputerName: LIVINGROOM-HP

15:11:18.0622 8828 UserName: Livingroom

15:11:18.0622 8828 Windows directory: C:\Windows

15:11:18.0622 8828 System windows directory: C:\Windows

15:11:18.0622 8828 Running under WOW64

15:11:18.0622 8828 Processor architecture: Intel x64

15:11:18.0622 8828 Number of processors: 4

15:11:18.0622 8828 Page size: 0x1000

15:11:18.0622 8828 Boot type: Normal boot

15:11:18.0622 8828 ============================================================

15:11:25.0535 8828 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

15:11:25.0540 8828 ============================================================

15:11:25.0540 8828 \Device\Harddisk0\DR0:

15:11:25.0540 8828 MBR partitions:

15:11:25.0540 8828 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

15:11:25.0540 8828 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x557F5800

15:11:25.0540 8828 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x55859800, BlocksNum 0x1CB9000

15:11:25.0540 8828 ============================================================

15:11:25.0759 8828 C: <-> \Device\Harddisk0\DR0\Partition1

15:11:27.0298 8828 D: <-> \Device\Harddisk0\DR0\Partition2

15:11:27.0298 8828 ============================================================

15:11:27.0298 8828 Initialize success

15:11:27.0298 8828 ============================================================

15:12:33.0923 4052 ============================================================

15:12:33.0923 4052 Scan started

15:12:33.0923 4052 Mode: Manual;

15:12:33.0923 4052 ============================================================

15:12:39.0720 4052 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

15:12:39.0775 4052 !SASCORE - ok

15:12:40.0659 4052 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

15:12:40.0712 4052 1394ohci - ok

15:12:40.0989 4052 a2acc (2d6434e957f7cfa0035c20890f77bbc6) C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys

15:12:40.0990 4052 a2acc - ok

15:12:43.0021 4052 a2AntiMalware (0d050186cf421131b43d00024bd9b8bb) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe

15:12:43.0036 4052 a2AntiMalware - ok

15:12:43.0267 4052 A2DDA (3044d0f3feb9ffe8bc953d8f34b5b504) C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys

15:12:43.0267 4052 A2DDA - ok

15:12:43.0944 4052 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys

15:12:43.0945 4052 Accelerometer - ok

15:12:44.0170 4052 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

15:12:44.0193 4052 ACPI - ok

15:12:44.0269 4052 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

15:12:44.0273 4052 AcpiPmi - ok

15:12:44.0457 4052 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

15:12:44.0472 4052 AdobeARMservice - ok

15:12:44.0923 4052 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

15:12:44.0925 4052 AdobeFlashPlayerUpdateSvc - ok

15:12:45.0184 4052 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

15:12:45.0200 4052 adp94xx - ok

15:12:45.0695 4052 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

15:12:45.0723 4052 adpahci - ok

15:12:45.0967 4052 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

15:12:45.0981 4052 adpu320 - ok

15:12:46.0078 4052 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

15:12:46.0100 4052 AeLookupSvc - ok

15:12:46.0458 4052 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe

15:12:46.0459 4052 AESTFilters - ok

15:12:46.0916 4052 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

15:12:47.0005 4052 AFD - ok

15:12:48.0019 4052 AffinegyService (7e077309910ce334c3b2b7b8665a55c4) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

15:12:48.0022 4052 AffinegyService - ok

15:12:48.0199 4052 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

15:12:48.0209 4052 agp440 - ok

15:12:48.0350 4052 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

15:12:48.0362 4052 ALG - ok

15:12:48.0603 4052 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

15:12:48.0610 4052 aliide - ok

15:12:48.0855 4052 AMD External Events Utility (1b4a3c8e429f1fab998eceea3ce3e0b8) C:\Windows\system32\atiesrxx.exe

15:12:48.0856 4052 AMD External Events Utility - ok

15:12:49.0005 4052 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

15:12:49.0006 4052 amdide - ok

15:12:49.0199 4052 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

15:12:49.0226 4052 AmdK8 - ok

15:12:53.0812 4052 amdkmdag (e08cf0ed91fcca0017776cff4a506012) C:\Windows\system32\DRIVERS\atikmdag.sys

15:12:54.0014 4052 amdkmdag - ok

15:12:54.0879 4052 amdkmdap (f072f317e430925c7d88c766db7da86e) C:\Windows\system32\DRIVERS\atikmpag.sys

15:12:54.0885 4052 amdkmdap - ok

15:12:54.0949 4052 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

15:12:54.0965 4052 AmdPPM - ok

15:12:55.0166 4052 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

15:12:55.0174 4052 amdsata - ok

15:12:55.0556 4052 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

15:12:55.0572 4052 amdsbs - ok

15:12:55.0716 4052 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

15:12:55.0727 4052 amdxata - ok

15:12:55.0922 4052 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

15:12:55.0935 4052 AppID - ok

15:12:55.0978 4052 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

15:12:55.0994 4052 AppIDSvc - ok

15:12:56.0173 4052 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

15:12:56.0179 4052 Appinfo - ok

15:12:56.0393 4052 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

15:12:56.0398 4052 arc - ok

15:12:56.0572 4052 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

15:12:56.0573 4052 arcsas - ok

15:12:56.0770 4052 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

15:12:56.0788 4052 AsyncMac - ok

15:12:56.0842 4052 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

15:12:56.0855 4052 atapi - ok

15:12:57.0383 4052 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

15:12:57.0441 4052 AudioEndpointBuilder - ok

15:12:57.0458 4052 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

15:12:57.0465 4052 AudioSrv - ok

15:12:57.0835 4052 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

15:12:57.0867 4052 AxInstSV - ok

15:12:58.0298 4052 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

15:12:58.0324 4052 b06bdrv - ok

15:12:58.0667 4052 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

15:12:58.0705 4052 b57nd60a - ok

15:12:59.0690 4052 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys

15:12:59.0733 4052 BCM43XX - ok

15:12:59.0962 4052 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

15:12:59.0982 4052 BDESVC - ok

15:13:00.0124 4052 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

15:13:00.0133 4052 Beep - ok

15:13:00.0682 4052 Belkin Local Backup Service (299e54db3638a18e47bd3a2d2ef499f7) C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe

15:13:00.0683 4052 Belkin Local Backup Service - ok

15:13:00.0910 4052 Belkin Network USB Helper (e62a04d615a8cac83601e1f07c010d3c) C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe

15:13:00.0919 4052 Belkin Network USB Helper - ok

15:13:01.0542 4052 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

15:13:01.0591 4052 BFE - ok

15:13:02.0020 4052 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

15:13:02.0094 4052 BITS - ok

15:13:02.0343 4052 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

15:13:02.0351 4052 blbdrive - ok

15:13:02.0598 4052 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

15:13:02.0601 4052 bowser - ok

15:13:02.0715 4052 bpenum (0aa04e09c6b7cd806a64489c3078e6e1) C:\Windows\system32\DRIVERS\bpenum.sys

15:13:02.0731 4052 bpenum - ok

15:13:02.0985 4052 bpmp (960f860f4c3c469bae94b3e867116ae0) C:\Windows\system32\DRIVERS\bpmp.sys

15:13:02.0999 4052 bpmp - ok

15:13:03.0152 4052 bpusb (7959ec01d55b9d838c27d5153cf55858) C:\Windows\system32\Drivers\bpusb.sys

15:13:03.0163 4052 bpusb - ok

15:13:03.0334 4052 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

15:13:03.0345 4052 BrFiltLo - ok

15:13:03.0401 4052 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

15:13:03.0414 4052 BrFiltUp - ok

15:13:03.0646 4052 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

15:13:03.0656 4052 Browser - ok

15:13:03.0817 4052 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

15:13:03.0834 4052 Brserid - ok

15:13:03.0902 4052 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

15:13:03.0903 4052 BrSerWdm - ok

15:13:04.0053 4052 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

15:13:04.0057 4052 BrUsbMdm - ok

15:13:04.0078 4052 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

15:13:04.0088 4052 BrUsbSer - ok

15:13:04.0272 4052 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

15:13:04.0283 4052 BTHMODEM - ok

15:13:04.0876 4052 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

15:13:04.0890 4052 bthserv - ok

15:13:05.0110 4052 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

15:13:05.0111 4052 cdfs - ok

15:13:05.0930 4052 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

15:13:05.0948 4052 cdrom - ok

15:13:08.0192 4052 CDScheduler (94c0522584d0db4568e1e2c0e363f24e) C:\Program Files (x86)\CyberDefender\SchedulerService\SchedulerService.exe

15:13:08.0197 4052 CDScheduler - ok

15:13:08.0670 4052 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

15:13:08.0678 4052 CertPropSvc - ok

15:13:08.0778 4052 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

15:13:08.0791 4052 circlass - ok

15:13:08.0937 4052 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

15:13:08.0946 4052 CLFS - ok

15:13:09.0251 4052 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:13:09.0252 4052 clr_optimization_v2.0.50727_32 - ok

15:13:09.0977 4052 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

15:13:09.0978 4052 clr_optimization_v2.0.50727_64 - ok

15:13:10.0942 4052 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:13:10.0943 4052 clr_optimization_v4.0.30319_32 - ok

15:13:12.0399 4052 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

15:13:12.0400 4052 clr_optimization_v4.0.30319_64 - ok

15:13:12.0520 4052 clwvd - ok

15:13:12.0745 4052 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

15:13:12.0756 4052 CmBatt - ok

15:13:12.0844 4052 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

15:13:12.0855 4052 cmdide - ok

15:13:13.0028 4052 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys

15:13:13.0077 4052 CNG - ok

15:13:13.0536 4052 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

15:13:13.0537 4052 Compbatt - ok

15:13:13.0947 4052 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

15:13:13.0948 4052 CompositeBus - ok

15:13:14.0026 4052 COMSysApp - ok

15:13:14.0182 4052 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

15:13:14.0189 4052 crcdisk - ok

15:13:14.0603 4052 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

15:13:14.0639 4052 CryptSvc - ok

15:13:15.0761 4052 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

15:13:15.0765 4052 cvhsvc - ok

15:13:16.0206 4052 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

15:13:16.0270 4052 DcomLaunch - ok

15:13:16.0605 4052 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

15:13:16.0665 4052 defragsvc - ok

15:13:17.0568 4052 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

15:13:17.0580 4052 DfsC - ok

15:13:17.0806 4052 dg_ssudbus (bf4e72d6fa78fedc4b8577116eface7e) C:\Windows\system32\DRIVERS\ssudbus.sys

15:13:17.0819 4052 dg_ssudbus - ok

15:13:17.0957 4052 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

15:13:17.0976 4052 Dhcp - ok

15:13:18.0026 4052 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

15:13:18.0035 4052 discache - ok

15:13:18.0289 4052 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

15:13:18.0304 4052 Disk - ok

15:13:18.0922 4052 DMAgent (948e8b99bd47a53dcffbf07ec8a2cf58) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

15:13:18.0954 4052 DMAgent - ok

15:13:19.0093 4052 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

15:13:19.0096 4052 Dnscache - ok

15:13:19.0686 4052 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

15:13:19.0701 4052 dot3svc - ok

15:13:19.0926 4052 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

15:13:19.0936 4052 DPS - ok

15:13:20.0483 4052 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

15:13:20.0489 4052 drmkaud - ok

15:13:21.0089 4052 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

15:13:21.0129 4052 DXGKrnl - ok

15:13:21.0399 4052 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

15:13:21.0399 4052 EapHost - ok

15:13:22.0219 4052 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

15:13:22.0309 4052 ebdrv - ok

15:13:22.0649 4052 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

15:13:22.0649 4052 EFS - ok

15:13:23.0059 4052 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

15:13:23.0059 4052 ehRecvr - ok

15:13:23.0399 4052 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

15:13:23.0399 4052 ehSched - ok

15:13:23.0919 4052 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

15:13:23.0969 4052 elxstor - ok

15:13:24.0049 4052 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

15:13:24.0059 4052 ErrDev - ok

15:13:24.0459 4052 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

15:13:24.0479 4052 EventSystem - ok

15:13:25.0359 4052 EvtEng (7ee9f35bc1dd0ce1a4976032f9ac5162) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

15:13:25.0389 4052 EvtEng - ok

15:13:26.0979 4052 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

15:13:26.0989 4052 exfat - ok

15:13:27.0289 4052 ezSharedSvc - ok

15:13:27.0689 4052 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

15:13:27.0699 4052 fastfat - ok

15:13:28.0519 4052 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

15:13:28.0569 4052 Fax - ok

15:13:28.0779 4052 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

15:13:28.0799 4052 fdc - ok

15:13:29.0119 4052 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

15:13:29.0139 4052 fdPHost - ok

15:13:29.0329 4052 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

15:13:29.0339 4052 FDResPub - ok

15:13:30.0739 4052 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

15:13:30.0739 4052 FileInfo - ok

15:13:30.0799 4052 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

15:13:30.0819 4052 Filetrace - ok

15:13:31.0009 4052 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

15:13:31.0019 4052 flpydisk - ok

15:13:31.0699 4052 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

15:13:31.0709 4052 FltMgr - ok

15:13:33.0059 4052 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

15:13:33.0139 4052 FontCache - ok

15:13:33.0579 4052 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

15:13:33.0579 4052 FontCache3.0.0.0 - ok

15:13:33.0929 4052 FPLService (2074a85a6b8f84a5a9c60b915b465faf) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

15:13:33.0929 4052 FPLService - ok

15:13:34.0569 4052 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

15:13:34.0579 4052 FsDepends - ok

15:13:34.0669 4052 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

15:13:34.0689 4052 Fs_Rec - ok

15:13:34.0859 4052 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

15:13:34.0869 4052 fvevol - ok

15:13:35.0159 4052 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

15:13:35.0169 4052 gagp30kx - ok

15:13:36.0049 4052 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

15:13:36.0049 4052 GamesAppService - ok

15:13:37.0439 4052 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

15:13:37.0559 4052 gpsvc - ok

15:13:37.0939 4052 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

15:13:37.0939 4052 gupdate - ok

15:13:37.0939 4052 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

15:13:37.0949 4052 gupdatem - ok

15:13:37.0979 4052 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

15:13:37.0979 4052 hcw85cir - ok

15:13:38.0529 4052 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

15:13:38.0569 4052 HdAudAddService - ok

15:13:38.0859 4052 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

15:13:38.0869 4052 HDAudBus - ok

15:13:38.0919 4052 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

15:13:38.0929 4052 HidBatt - ok

15:13:39.0049 4052 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

15:13:39.0069 4052 HidBth - ok

15:13:39.0139 4052 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

15:13:39.0169 4052 HidIr - ok

15:13:39.0269 4052 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

15:13:39.0269 4052 hidserv - ok

15:13:39.0609 4052 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

15:13:39.0619 4052 HidUsb - ok

15:13:39.0769 4052 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

15:13:39.0779 4052 hkmsvc - ok

15:13:39.0879 4052 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

15:13:39.0889 4052 HomeGroupListener - ok

15:13:40.0009 4052 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

15:13:40.0019 4052 HomeGroupProvider - ok

15:13:40.0349 4052 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

15:13:40.0349 4052 HP Support Assistant Service - ok

15:13:40.0799 4052 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

15:13:40.0869 4052 HPClientSvc - ok

15:13:41.0639 4052 hpCMSrv (e040f0064d39f73bb4995d494f3dcbb8) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

15:13:41.0649 4052 hpCMSrv - ok

15:13:41.0979 4052 HPDrvMntSvc.exe (b19ff523b533a3f198b9239e1749c940) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

15:13:41.0989 4052 HPDrvMntSvc.exe - ok

15:13:42.0829 4052 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys

15:13:42.0849 4052 hpdskflt - ok

15:13:43.0779 4052 hpqwmiex (01091b900e15878b4434f9c726c4541d) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

15:13:43.0819 4052 hpqwmiex - ok

15:13:44.0079 4052 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

15:13:44.0099 4052 HpSAMD - ok

15:13:44.0369 4052 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe

15:13:44.0369 4052 hpsrv - ok

15:13:44.0549 4052 HPWMISVC (491ce9b6321fb74e4b37af2c47f98434) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

15:13:44.0569 4052 HPWMISVC - ok

15:13:44.0919 4052 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

15:13:44.0959 4052 HTTP - ok

15:13:44.0979 4052 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

15:13:44.0989 4052 hwpolicy - ok

15:13:45.0229 4052 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

15:13:45.0229 4052 i8042prt - ok

15:13:45.0699 4052 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\DRIVERS\iaStor.sys

15:13:45.0699 4052 iaStor - ok

15:13:46.0009 4052 IAStorDataMgrSvc (d41861e56e7552c13674d7f147a02464) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

15:13:46.0009 4052 IAStorDataMgrSvc - ok

15:13:46.0459 4052 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

15:13:46.0479 4052 iaStorV - ok

15:13:47.0699 4052 IconMan_R (d72bf0ae484f88399e8343e821c10d6a) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

15:13:47.0759 4052 IconMan_R - ok

15:13:48.0409 4052 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

15:13:48.0409 4052 idsvc - ok

15:13:48.0939 4052 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

15:13:48.0949 4052 iirsp - ok

15:13:49.0249 4052 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

15:13:49.0389 4052 IKEEXT - ok

15:13:50.0139 4052 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys

15:13:50.0149 4052 IntcDAud - ok

15:13:50.0219 4052 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

15:13:50.0229 4052 intelide - ok

15:14:02.0039 4052 intelkmd (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdpmd64.sys

15:14:02.0429 4052 intelkmd - ok

15:14:03.0999 4052 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

15:14:04.0019 4052 intelppm - ok

15:14:04.0559 4052 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

15:14:04.0559 4052 IntuitUpdateServiceV4 - ok

15:14:05.0279 4052 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

15:14:05.0299 4052 IPBusEnum - ok

15:14:05.0369 4052 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:14:05.0369 4052 IpFilterDriver - ok

15:14:05.0649 4052 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

15:14:05.0699 4052 iphlpsvc - ok

15:14:05.0859 4052 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

15:14:05.0919 4052 IPMIDRV - ok

15:14:06.0109 4052 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

15:14:06.0129 4052 IPNAT - ok

15:14:06.0309 4052 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

15:14:06.0309 4052 IRENUM - ok

15:14:06.0399 4052 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

15:14:06.0409 4052 isapnp - ok

15:14:06.0579 4052 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

15:14:06.0589 4052 iScsiPrt - ok

15:14:06.0859 4052 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

15:14:06.0869 4052 kbdclass - ok

15:14:07.0039 4052 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

15:14:07.0049 4052 kbdhid - ok

15:14:07.0109 4052 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:14:07.0109 4052 KeyIso - ok

15:14:07.0429 4052 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys

15:14:07.0439 4052 KSecDD - ok

15:14:07.0679 4052 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys

15:14:07.0679 4052 KSecPkg - ok

15:14:07.0989 4052 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

15:14:07.0989 4052 ksthunk - ok

15:14:08.0319 4052 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

15:14:08.0359 4052 KtmRm - ok

15:14:08.0859 4052 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

15:14:08.0869 4052 LanmanServer - ok

15:14:09.0559 4052 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

15:14:09.0569 4052 LanmanWorkstation - ok

15:14:10.0039 4052 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

15:14:10.0059 4052 lltdio - ok

15:14:10.0379 4052 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

15:14:10.0409 4052 lltdsvc - ok

15:14:10.0429 4052 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

15:14:10.0449 4052 lmhosts - ok

15:14:11.0719 4052 LMS (d7e0bed3ea21d7bddd410ade51708d90) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

15:14:11.0719 4052 LMS - ok

15:14:12.0019 4052 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

15:14:12.0039 4052 LSI_FC - ok

15:14:12.0179 4052 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

15:14:12.0189 4052 LSI_SAS - ok

15:14:12.0299 4052 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

15:14:12.0299 4052 LSI_SAS2 - ok

15:14:12.0629 4052 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

15:14:12.0639 4052 LSI_SCSI - ok

15:14:12.0759 4052 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

15:14:12.0769 4052 luafv - ok

15:14:12.0839 4052 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

15:14:12.0839 4052 Mcx2Svc - ok

15:14:12.0899 4052 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

15:14:12.0919 4052 megasas - ok

15:14:13.0369 4052 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

15:14:13.0379 4052 MegaSR - ok

15:14:13.0809 4052 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

15:14:13.0829 4052 MEIx64 - ok

15:14:14.0229 4052 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe

15:14:14.0229 4052 Microsoft Office Groove Audit Service - ok

15:14:14.0349 4052 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

15:14:14.0349 4052 MMCSS - ok

15:14:14.0409 4052 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

15:14:14.0419 4052 Modem - ok

15:14:14.0569 4052 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

15:14:14.0569 4052 monitor - ok

15:14:14.0799 4052 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

15:14:14.0799 4052 mouclass - ok

15:14:14.0889 4052 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys

15:14:14.0889 4052 mouhid - ok

15:14:15.0059 4052 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

15:14:15.0069 4052 mountmgr - ok

15:14:15.0269 4052 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

15:14:15.0289 4052 mpio - ok

15:14:15.0389 4052 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

15:14:15.0389 4052 mpsdrv - ok

15:14:16.0099 4052 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

15:14:16.0139 4052 MpsSvc - ok

15:14:16.0399 4052 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

15:14:16.0409 4052 MRxDAV - ok

15:14:16.0519 4052 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

15:14:16.0529 4052 mrxsmb - ok

15:14:16.0809 4052 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:14:16.0819 4052 mrxsmb10 - ok

15:14:16.0939 4052 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:14:16.0949 4052 mrxsmb20 - ok

15:14:17.0029 4052 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

15:14:17.0039 4052 msahci - ok

15:14:17.0379 4052 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

15:14:17.0399 4052 msdsm - ok

15:14:17.0469 4052 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

15:14:17.0479 4052 MSDTC - ok

15:14:17.0559 4052 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

15:14:17.0559 4052 Msfs - ok

15:14:17.0709 4052 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

15:14:17.0709 4052 mshidkmdf - ok

15:14:17.0749 4052 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

15:14:17.0759 4052 msisadrv - ok

15:14:18.0019 4052 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

15:14:18.0029 4052 MSiSCSI - ok

15:14:18.0039 4052 msiserver - ok

15:14:18.0199 4052 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

15:14:18.0219 4052 MSKSSRV - ok

15:14:18.0279 4052 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

15:14:18.0289 4052 MSPCLOCK - ok

15:14:18.0329 4052 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

15:14:18.0329 4052 MSPQM - ok

15:14:18.0499 4052 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

15:14:18.0539 4052 MsRPC - ok

15:14:18.0639 4052 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

15:14:18.0639 4052 mssmbios - ok

15:14:18.0999 4052 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

15:14:19.0009 4052 MSTEE - ok

15:14:19.0049 4052 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

15:14:19.0059 4052 MTConfig - ok

15:14:19.0289 4052 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

15:14:19.0289 4052 Mup - ok

15:14:19.0769 4052 MyWiFiDHCPDNS (0cf5580f27918ffd2e165ecafa734103) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

15:14:19.0809 4052 MyWiFiDHCPDNS - ok

15:14:20.0189 4052 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

15:14:20.0209 4052 napagent - ok

15:14:20.0819 4052 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

15:14:20.0839 4052 NativeWifiP - ok

15:14:21.0619 4052 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys

15:14:21.0659 4052 NDIS - ok

15:14:21.0749 4052 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

15:14:21.0749 4052 NdisCap - ok

15:14:21.0989 4052 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

15:14:21.0989 4052 NdisTapi - ok

15:14:22.0079 4052 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

15:14:22.0079 4052 Ndisuio - ok

15:14:22.0299 4052 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

15:14:22.0309 4052 NdisWan - ok

15:14:22.0499 4052 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

15:14:22.0499 4052 NDProxy - ok

15:14:22.0659 4052 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

15:14:22.0659 4052 NetBIOS - ok

15:14:22.0929 4052 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

15:14:22.0959 4052 NetBT - ok

15:14:23.0029 4052 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:14:23.0029 4052 Netlogon - ok

15:14:23.0379 4052 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

15:14:23.0409 4052 Netman - ok

15:14:23.0959 4052 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

15:14:23.0989 4052 netprofm - ok

15:14:24.0559 4052 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

15:14:24.0559 4052 NetTcpPortSharing - ok

15:14:34.0529 4052 NETwNs64 (50ad7f7040c22bb7caa59a0880875a21) C:\Windows\system32\DRIVERS\NETwNs64.sys

15:14:34.0729 4052 NETwNs64 - ok

15:14:35.0789 4052 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

15:14:35.0799 4052 nfrd960 - ok

15:14:36.0349 4052 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

15:14:36.0369 4052 NlaSvc - ok

15:14:36.0429 4052 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

15:14:36.0439 4052 Npfs - ok

15:14:36.0489 4052 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

15:14:36.0499 4052 nsi - ok

15:14:36.0529 4052 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

15:14:36.0539 4052 nsiproxy - ok

15:14:38.0309 4052 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

15:14:38.0349 4052 Ntfs - ok

15:14:39.0129 4052 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

15:14:39.0259 4052 Null - ok

15:14:39.0989 4052 nusb3hub (9a33100ac62a0463c49e47ee8e77083a) C:\Windows\system32\DRIVERS\nusb3hub.sys

15:14:39.0989 4052 nusb3hub - ok

15:14:40.0479 4052 nusb3xhc (87c321f7bee646b7ec6eedd6eb725741) C:\Windows\system32\DRIVERS\nusb3xhc.sys

15:14:40.0499 4052 nusb3xhc - ok

15:14:41.0349 4052 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys

15:14:41.0389 4052 NVENETFD - ok

15:14:41.0699 4052 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

15:14:41.0729 4052 nvraid - ok

15:14:42.0159 4052 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

15:14:42.0199 4052 nvstor - ok

15:14:42.0469 4052 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

15:14:42.0489 4052 nv_agp - ok

15:14:43.0629 4052 OAcat (faef7b156e073f0450c5087f57696f0b) C:\Program Files (x86)\Online Armor\OAcat.exe

15:14:43.0629 4052 OAcat - ok

15:14:44.0789 4052 OADevice (9c78f13766ab2629e11fb0dfb162ee33) C:\Windows\SysWow64\Drivers\OADriver.sys

15:14:44.0789 4052 OADevice - ok

15:14:45.0079 4052 oahlpXX (6cdb036083ef969210d2f747c8ab5771) C:\Windows\syswow64\drivers\oahlp64.sys

15:14:45.0079 4052 oahlpXX - ok

15:14:45.0409 4052 OAmon (c2b6a1ccee9669119a7fc9dab2008b68) C:\Windows\SysWOW64\Drivers\OAmon.sys

15:14:45.0409 4052 OAmon - ok

15:14:47.0019 4052 OAnet (f99c170cf63de515c51bb11e76ea23ec) C:\Windows\system32\DRIVERS\oanet.sys

15:14:47.0029 4052 OAnet - ok

15:14:48.0339 4052 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

15:14:48.0389 4052 odserv - ok

15:14:48.0569 4052 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

15:14:48.0569 4052 ohci1394 - ok

15:14:48.0879 4052 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

15:14:48.0899 4052 ose - ok

15:14:53.0489 4052 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

15:14:53.0629 4052 osppsvc - ok

15:14:53.0949 4052 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

15:14:53.0969 4052 p2pimsvc - ok

15:14:54.0069 4052 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

15:14:54.0099 4052 p2psvc - ok

15:14:54.0239 4052 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

15:14:54.0259 4052 Parport - ok

15:14:54.0339 4052 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

15:14:54.0339 4052 partmgr - ok

15:14:54.0409 4052 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

15:14:54.0429 4052 PcaSvc - ok

15:14:54.0479 4052 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

15:14:54.0489 4052 pci - ok

15:14:54.0559 4052 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

15:14:54.0559 4052 pciide - ok

15:14:54.0609 4052 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

15:14:54.0629 4052 pcmcia - ok

15:14:54.0659 4052 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

15:14:54.0679 4052 pcw - ok

15:14:54.0749 4052 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

15:14:54.0759 4052 PEAUTH - ok

15:14:54.0909 4052 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

15:14:54.0919 4052 PerfHost - ok

15:14:56.0179 4052 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

15:14:56.0219 4052 pla - ok

15:14:56.0839 4052 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

15:14:56.0869 4052 PlugPlay - ok

15:14:56.0939 4052 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

15:14:56.0949 4052 PNRPAutoReg - ok

15:14:57.0789 4052 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

15:14:57.0799 4052 PNRPsvc - ok

15:14:58.0649 4052 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

15:14:58.0699 4052 PolicyAgent - ok

15:14:58.0929 4052 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

15:14:58.0939 4052 Power - ok

15:14:59.0249 4052 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

15:14:59.0269 4052 PptpMiniport - ok

15:14:59.0449 4052 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

15:14:59.0499 4052 Processor - ok

15:14:59.0949 4052 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

15:14:59.0959 4052 ProfSvc - ok

15:15:00.0059 4052 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:15:00.0099 4052 ProtectedStorage - ok

15:15:00.0319 4052 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

15:15:00.0349 4052 Psched - ok

15:15:01.0679 4052 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

15:15:01.0729 4052 ql2300 - ok

15:15:03.0839 4052 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

15:15:03.0869 4052 ql40xx - ok

15:15:04.0319 4052 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

15:15:04.0349 4052 QWAVE - ok

15:15:04.0459 4052 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

15:15:04.0469 4052 QWAVEdrv - ok

15:15:04.0529 4052 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

15:15:04.0549 4052 RasAcd - ok

15:15:04.0769 4052 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

15:15:04.0779 4052 RasAgileVpn - ok

15:15:04.0989 4052 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

15:15:05.0009 4052 RasAuto - ok

15:15:05.0349 4052 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

15:15:05.0369 4052 Rasl2tp - ok

15:15:06.0109 4052 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

15:15:06.0149 4052 RasMan - ok

15:15:06.0479 4052 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

15:15:06.0519 4052 RasPppoe - ok

15:15:06.0739 4052 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

15:15:06.0739 4052 RasSstp - ok

15:15:07.0209 4052 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

15:15:07.0229 4052 rdbss - ok

15:15:07.0369 4052 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

15:15:07.0379 4052 rdpbus - ok

15:15:07.0539 4052 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

15:15:07.0559 4052 RDPCDD - ok

15:15:07.0679 4052 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

15:15:07.0689 4052 RDPENCDD - ok

15:15:07.0739 4052 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

15:15:07.0749 4052 RDPREFMP - ok

15:15:08.0289 4052 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

15:15:08.0379 4052 RDPWD - ok

15:15:09.0069 4052 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

15:15:09.0079 4052 rdyboost - ok

15:15:09.0999 4052 RegSrvc (aa9fd849c028ccb441a78061b57db734) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

15:15:10.0049 4052 RegSrvc - ok

15:15:10.0209 4052 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

15:15:10.0219 4052 RemoteAccess - ok

15:15:10.0359 4052 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

15:15:10.0369 4052 RemoteRegistry - ok

15:15:10.0789 4052 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

15:15:10.0789 4052 RoxioNow Service - ok

15:15:10.0959 4052 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

15:15:10.0969 4052 RpcEptMapper - ok

15:15:11.0019 4052 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

15:15:11.0029 4052 RpcLocator - ok

15:15:11.0379 4052 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

15:15:11.0389 4052 RpcSs - ok

15:15:11.0849 4052 RSPCIESTOR (1f5e7af59b390261a85f5bedb1bb88b3) C:\Windows\system32\DRIVERS\RtsPStor.sys

15:15:11.0869 4052 RSPCIESTOR - ok

15:15:11.0999 4052 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

15:15:12.0009 4052 rspndr - ok

15:15:12.0229 4052 RTL8167 (ed5873f7dfb2f96d37f13322211b6bdc) C:\Windows\system32\DRIVERS\Rt64win7.sys

15:15:12.0279 4052 RTL8167 - ok

15:15:12.0919 4052 RTL8192su (3c85058541d55bfcefd9177a68a507c6) C:\Windows\system32\DRIVERS\RTL8192su.sys

15:15:12.0959 4052 RTL8192su - ok

15:15:13.0019 4052 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:15:13.0019 4052 SamSs - ok

15:15:13.0189 4052 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

15:15:13.0199 4052 SASDIFSV - ok

15:15:13.0289 4052 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

15:15:13.0289 4052 SASKUTIL - ok

15:15:13.0379 4052 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

15:15:13.0399 4052 sbp2port - ok

15:15:13.0549 4052 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

15:15:13.0579 4052 SCardSvr - ok

15:15:13.0659 4052 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

15:15:13.0669 4052 scfilter - ok

15:15:14.0609 4052 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

15:15:14.0639 4052 Schedule - ok

15:15:14.0709 4052 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

15:15:14.0709 4052 SCPolicySvc - ok

15:15:14.0909 4052 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys

15:15:14.0929 4052 sdbus - ok

15:15:15.0059 4052 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

15:15:15.0079 4052 SDRSVC - ok

15:15:15.0179 4052 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

15:15:15.0189 4052 secdrv - ok

15:15:15.0329 4052 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

15:15:15.0329 4052 seclogon - ok

15:15:15.0509 4052 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

15:15:15.0519 4052 SENS - ok

15:15:15.0629 4052 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

15:15:15.0629 4052 SensrSvc - ok

15:15:15.0789 4052 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

15:15:15.0799 4052 Serenum - ok

15:15:15.0919 4052 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

15:15:15.0929 4052 Serial - ok

15:15:15.0989 4052 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

15:15:15.0999 4052 sermouse - ok

15:15:16.0149 4052 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

15:15:16.0159 4052 SessionEnv - ok

15:15:16.0229 4052 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

15:15:16.0239 4052 sffdisk - ok

15:15:16.0299 4052 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

15:15:16.0309 4052 sffp_mmc - ok

15:15:16.0329 4052 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

15:15:16.0339 4052 sffp_sd - ok

15:15:16.0409 4052 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

15:15:16.0419 4052 sfloppy - ok

15:15:17.0049 4052 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys

15:15:17.0099 4052 Sftfs - ok

15:15:17.0519 4052 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

15:15:17.0529 4052 sftlist - ok

15:15:17.0779 4052 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys

15:15:17.0869 4052 Sftplay - ok

15:15:18.0109 4052 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys

15:15:18.0119 4052 Sftredir - ok

15:15:18.0409 4052 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys

15:15:18.0409 4052 Sftvol - ok

15:15:18.0669 4052 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

15:15:18.0669 4052 sftvsa - ok

15:15:19.0069 4052 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

15:15:19.0079 4052 SharedAccess - ok

15:15:19.0339 4052 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

15:15:19.0399 4052 ShellHWDetection - ok

15:15:19.0579 4052 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

15:15:19.0579 4052 SiSRaid2 - ok

15:15:19.0709 4052 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

15:15:19.0719 4052 SiSRaid4 - ok

15:15:19.0859 4052 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

15:15:19.0859 4052 Smb - ok

15:15:20.0109 4052 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

15:15:20.0109 4052 SNMPTRAP - ok

15:15:20.0159 4052 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

15:15:20.0159 4052 spldr - ok

15:15:20.0639 4052 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

15:15:20.0669 4052 Spooler - ok

15:15:21.0909 4052 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

15:15:21.0979 4052 sppsvc - ok

15:15:22.0809 4052 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

15:15:22.0829 4052 sppuinotify - ok

15:15:23.0289 4052 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

15:15:23.0349 4052 srv - ok

15:15:23.0769 4052 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

15:15:23.0809 4052 srv2 - ok

15:15:24.0149 4052 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

15:15:24.0169 4052 SrvHsfHDA - ok

15:15:25.0379 4052 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

15:15:25.0419 4052 SrvHsfV92 - ok

15:15:26.0739 4052 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

15:15:26.0779 4052 SrvHsfWinac - ok

15:15:26.0949 4052 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

15:15:26.0949 4052 srvnet - ok

15:15:27.0329 4052 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

15:15:27.0349 4052 SSDPSRV - ok

15:15:27.0449 4052 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

15:15:27.0459 4052 SstpSvc - ok

15:15:27.0639 4052 ssudmdm (daa02a6e84a4f99b5b9cd3ef8d59d652) C:\Windows\system32\DRIVERS\ssudmdm.sys

15:15:27.0649 4052 ssudmdm - ok

15:15:28.0169 4052 STacSV (20e27aa5bcc01c2149830c05fe22f675) C:\Program Files\IDT\WDM\STacSV64.exe

15:15:28.0179 4052 STacSV - ok

15:15:28.0239 4052 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

15:15:28.0249 4052 stexstor - ok

15:15:28.0919 4052 STHDA (beb37ce4e7456f5efa52d783d1e06d8c) C:\Windows\system32\DRIVERS\stwrt64.sys

15:15:28.0949 4052 STHDA - ok

15:15:29.0589 4052 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

15:15:29.0629 4052 stisvc - ok

15:15:34.0829 4052 SvcOnlineArmor (578a7d52c4f7ca65e109b4e7c7ac5cb3) C:\Program Files (x86)\Online Armor\oasrv.exe

15:15:34.0939 4052 SvcOnlineArmor - ok

15:15:35.0309 4052 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

15:15:35.0319 4052 swenum - ok

15:15:35.0809 4052 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

15:15:35.0849 4052 swprv - ok

15:15:36.0119 4052 sxuptp (52eb25bd8ab4e331028c48b178441b36) C:\Windows\system32\DRIVERS\sxuptp.sys

15:15:36.0209 4052 sxuptp - ok

15:15:37.0599 4052 SynTP (c447977ed2a4ae9346fe3a0579a34d7c) C:\Windows\system32\DRIVERS\SynTP.sys

15:15:37.0649 4052 SynTP - ok

15:15:40.0159 4052 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

15:15:40.0219 4052 SysMain - ok

15:15:40.0809 4052 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

15:15:40.0809 4052 TabletInputService - ok

15:15:40.0929 4052 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32 apisrv.dll

15:15:40.0949 4052 TapiSrv - ok

15:15:40.0979 4052 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32 bssvc.dll

15:15:40.0999 4052 TBS - ok

15:15:41.0939 4052 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers cpip.sys

15:15:41.0989 4052 Tcpip - ok

15:15:44.0109 4052 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS cpip.sys

15:15:44.0119 4052 TCPIP6 - ok

15:15:44.0719 4052 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers cpipreg.sys

15:15:44.0719 4052 tcpipreg - ok

15:15:44.0779 4052 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers dpipe.sys

15:15:44.0789 4052 TDPIPE - ok

15:15:44.0889 4052 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers dtcp.sys

15:15:44.0889 4052 TDTCP - ok

15:15:45.0019 4052 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS dx.sys

15:15:45.0029 4052 tdx - ok

15:15:45.0109 4052 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers ermdd.sys

15:15:45.0129 4052 TermDD - ok

15:15:45.0929 4052 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32 ermsrv.dll

15:15:45.0969 4052 TermService - ok

15:15:46.0039 4052 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32 hemeservice.dll

15:15:46.0049 4052 Themes - ok

15:15:46.0129 4052 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

15:15:46.0139 4052 THREADORDER - ok

15:15:46.0309 4052 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32 rkwks.dll

15:15:46.0329 4052 TrkWks - ok

15:15:46.0629 4052 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

15:15:46.0639 4052 TrustedInstaller - ok

15:15:46.0749 4052 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS ssecsrv.sys

15:15:46.0759 4052 tssecsrv - ok

15:15:46.0889 4052 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers susbflt.sys

15:15:46.0899 4052 TsUsbFlt - ok

15:15:46.0969 4052 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

15:15:46.0979 4052 TsUsbGD - ok

15:15:47.0159 4052 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS unnel.sys

15:15:47.0159 4052 tunnel - ok

15:15:47.0329 4052 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

15:15:47.0339 4052 uagp35 - ok

15:15:47.0649 4052 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

15:15:47.0679 4052 udfs - ok

15:15:47.0799 4052 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

15:15:47.0799 4052 UI0Detect - ok

15:15:47.0949 4052 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

15:15:47.0949 4052 uliagpkx - ok

15:15:48.0159 4052 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

15:15:48.0159 4052 umbus - ok

15:15:48.0219 4052 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

15:15:48.0219 4052 UmPass - ok

15:15:52.0569 4052 UNS (a678e5ddd974903dd71f503bdcaca218) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

15:15:52.0659 4052 UNS - ok

15:15:53.0569 4052 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

15:15:53.0579 4052 upnphost - ok

15:15:53.0779 4052 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

15:15:53.0779 4052 usbccgp - ok

15:15:53.0999 4052 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

15:15:54.0019 4052 usbcir - ok

15:15:54.0129 4052 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

15:15:54.0149 4052 usbehci - ok

15:15:54.0479 4052 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

15:15:54.0509 4052 usbhub - ok

15:15:54.0579 4052 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

15:15:54.0589 4052 usbohci - ok

15:15:54.0709 4052 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

15:15:54.0729 4052 usbprint - ok

15:15:54.0889 4052 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

15:15:54.0899 4052 USBSTOR - ok

15:15:55.0419 4052 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

15:15:55.0439 4052 usbuhci - ok

15:15:55.0739 4052 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

15:15:55.0749 4052 usbvideo - ok

15:15:55.0799 4052 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

15:15:55.0809 4052 UxSms - ok

15:15:56.0049 4052 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:15:56.0049 4052 VaultSvc - ok

15:15:56.0159 4052 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

15:15:56.0169 4052 vdrvroot - ok

15:15:56.0839 4052 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

15:15:56.0869 4052 vds - ok

15:15:56.0959 4052 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

15:15:56.0969 4052 vga - ok

15:15:56.0999 4052 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

15:15:57.0009 4052 VgaSave - ok

15:15:57.0209 4052 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

15:15:57.0229 4052 vhdmp - ok

15:15:57.0319 4052 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

15:15:57.0329 4052 viaide - ok

15:15:57.0389 4052 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

15:15:57.0399 4052 volmgr - ok

15:15:57.0459 4052 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

15:15:57.0479 4052 volmgrx - ok

15:15:57.0569 4052 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

15:15:57.0579 4052 volsnap - ok

15:15:57.0709 4052 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

15:15:57.0729 4052 vsmraid - ok

15:15:59.0109 4052 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

15:15:59.0169 4052 VSS - ok

15:15:59.0929 4052 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

15:15:59.0939 4052 vwifibus - ok

15:16:00.0059 4052 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

15:16:00.0079 4052 vwififlt - ok

15:16:00.0159 4052 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

15:16:00.0169 4052 vwifimp - ok

15:16:00.0419 4052 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

15:16:00.0489 4052 W32Time - ok

15:16:00.0549 4052 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

15:16:00.0559 4052 WacomPen - ok

15:16:00.0769 4052 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

15:16:00.0789 4052 WANARP - ok

15:16:00.0829 4052 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

15:16:00.0829 4052 Wanarpv6 - ok

15:16:01.0339 4052 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

15:16:01.0409 4052 WatAdminSvc - ok

15:16:03.0219 4052 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

15:16:03.0309 4052 wbengine - ok

15:16:04.0519 4052 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

15:16:04.0539 4052 WbioSrvc - ok

15:16:05.0179 4052 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

15:16:05.0199 4052 wcncsvc - ok

15:16:05.0259 4052 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

15:16:05.0269 4052 WcsPlugInService - ok

15:16:05.0569 4052 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

15:16:05.0579 4052 Wd - ok

15:16:06.0649 4052 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

15:16:06.0699 4052 Wdf01000 - ok

15:16:06.0759 4052 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

15:16:06.0759 4052 WdiServiceHost - ok

15:16:06.0769 4052 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

15:16:06.0769 4052 WdiSystemHost - ok

15:16:06.0849 4052 wdkmd (5e1640435dd54d00451156ca5340b109) C:\Windows\system32\DRIVERS\WDKMD.sys

15:16:06.0859 4052 wdkmd - ok

15:16:07.0099 4052 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

15:16:07.0119 4052 WebClient - ok

15:16:07.0179 4052 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

15:16:07.0189 4052 Wecsvc - ok

15:16:07.0289 4052 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

15:16:07.0289 4052 wercplsupport - ok

15:16:07.0379 4052 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

15:16:07.0399 4052 WerSvc - ok

15:16:07.0529 4052 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

15:16:07.0559 4052 WfpLwf - ok

15:16:08.0779 4052 WiMAXAppSrv (81730f74eb47552f1ece857b2f491a31) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

15:16:08.0859 4052 WiMAXAppSrv - ok

15:16:08.0919 4052 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

15:16:08.0919 4052 WIMMount - ok

15:16:09.0019 4052 WinDefend - ok

15:16:09.0029 4052 WinHttpAutoProxySvc - ok

15:16:09.0499 4052 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

15:16:09.0529 4052 Winmgmt - ok

15:16:11.0239 4052 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

15:16:11.0319 4052 WinRM - ok

15:16:12.0669 4052 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys

15:16:12.0679 4052 WinUsb - ok

15:16:13.0389 4052 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

15:16:13.0429 4052 Wlansvc - ok

15:16:13.0749 4052 WlanWpsSvc (c71ee856c4f5b52e2d094f494cee4936) C:\Program Files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe

15:16:13.0759 4052 WlanWpsSvc - ok

15:16:14.0049 4052 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

15:16:14.0059 4052 wlcrasvc - ok

15:16:15.0209 4052 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

15:16:15.0289 4052 wlidsvc - ok

15:16:16.0449 4052 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

15:16:16.0449 4052 WmiAcpi - ok

15:16:16.0799 4052 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

15:16:16.0829 4052 wmiApSrv - ok

15:16:16.0979 4052 WMPNetworkSvc - ok

15:16:17.0049 4052 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

15:16:17.0059 4052 WPCSvc - ok

15:16:17.0149 4052 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

15:16:17.0159 4052 WPDBusEnum - ok

15:16:17.0229 4052 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

15:16:17.0239 4052 ws2ifsl - ok

15:16:17.0329 4052 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

15:16:17.0339 4052 wscsvc - ok

15:16:17.0399 4052 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys

15:16:17.0399 4052 WSDPrintDevice - ok

15:16:17.0419 4052 WSearch - ok

15:16:18.0139 4052 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

15:16:18.0189 4052 wuauserv - ok

15:16:18.0879 4052 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

15:16:18.0889 4052 WudfPf - ok

15:16:18.0959 4052 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

15:16:19.0039 4052 WUDFRd - ok

15:16:19.0189 4052 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

15:16:19.0189 4052 wudfsvc - ok

15:16:19.0319 4052 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

15:16:19.0329 4052 WwanSvc - ok

15:16:19.0559 4052 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

15:16:19.0659 4052 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

15:16:19.0659 4052 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

15:16:19.0659 4052 Boot (0x1200) (110af8a15294d0e2a71e48e8f3f652a6) \Device\Harddisk0\DR0\Partition0

15:16:19.0669 4052 \Device\Harddisk0\DR0\Partition0 - ok

15:16:19.0689 4052 Boot (0x1200) (9ad0506125925504563e17ced12c9cb7) \Device\Harddisk0\DR0\Partition1

15:16:19.0709 4052 \Device\Harddisk0\DR0\Partition1 - ok

15:16:19.0789 4052 Boot (0x1200) (30b9728de56e1dfb0b639e569cba0234) \Device\Harddisk0\DR0\Partition2

15:16:19.0819 4052 \Device\Harddisk0\DR0\Partition2 - ok

15:16:19.0819 4052 ============================================================

15:16:19.0819 4052 Scan finished

15:16:19.0819 4052 ============================================================

15:16:19.0849 7496 Detected object count: 1

15:16:19.0849 7496 Actual detected object count: 1

15:18:01.0183 7496 \Device\Harddisk0\DR0\# - copied to quarantine

15:18:01.0573 7496 \Device\Harddisk0\DR0 - copied to quarantine

15:18:02.0183 7496 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

15:18:02.0213 7496 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

15:18:02.0353 7496 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

15:18:02.0513 7496 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

15:18:02.0803 7496 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

15:18:03.0083 7496 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

15:18:03.0163 7496 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

15:18:03.0443 7496 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

15:18:03.0473 7496 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

15:18:03.0493 7496 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

15:18:03.0513 7496 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

15:18:03.0543 7496 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

15:18:03.0563 7496 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

15:18:03.0693 7496 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

15:18:03.0993 7496 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

15:18:04.0173 7496 \Device\Harddisk0\DR0 - ok

15:18:06.0503 7496 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

15:18:10.0656 3204 Deinitialize success

Hopefully I did this right. Thanks for the assistance.

0

Share this post


Link to post
Share on other sites

Unfortunately you had a nasty rootkit on board. Even though it is gone now, be sure to read the following information.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and cleaned, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

The rundll error is normal, given what I see in your logs and will be fixed in the next steps. :)

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

0

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Lack of Response

PM either ShadowPuterDude, Elise, or GT500 to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.

0

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.