Jump to content

Exploit Help?

hemminza
 Share

Recommended Posts

hemminza

hemminza

Posted
Posted

Hi, recently my computer blue screened not long after installing a windows update and showed with STOP: 0x0000000A. It currently won't go but a minute or so without doing the same when running windows. Ran Mbam in safe mode which showed:

Memory Processes Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> 2012 -> Delete on reboot.

and

Files Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

Upon restart the Stop error happened again. Ran a full scan in safe mode again which showed the same results but I also ran Microsoft Safety Scanner and got seemingly different results to the tune of:

Exploit:JS/Pdfjsc.AH - Partially Removed

Exploit:Java/CVE-2010-0840.IE - Removed

Exploit:Java/CVE-2012-0507.HW - Removed

Exploit:Java/CVE-2012-0507.HX - Removed

Also Mcafee scan showed nothing <_< Security scanner apparently removed the bottom three but the Exploit:JS/Pdfjsc.AH keeps showing up and hasn't shown up at all on mbam. Can't find any advice on removing the exploit. Very confused as to the difference between the two scans and how this relates to the blue screen issue. :( Any help or advice would be greatly appreciated. Thanks for reading.

DDS.txt

Attach.txt

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello hemminza and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log

Link to post
Share on other sites
hemminza

hemminza

Posted
  • Author
Posted

Hey first I just want to say thanks for the help. The after running the tdsskiller the computer restarted normally without the stop error and I was able to run mbam successfully. Here are the two logs:

14:20:51.0822 1832 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

14:20:52.0142 1832 ============================================================

14:20:52.0142 1832 Current date / time: 2012/07/24 14:20:52.0142

14:20:52.0142 1832 SystemInfo:

14:20:52.0142 1832

14:20:52.0142 1832 OS Version: 6.1.7600 ServicePack: 0.0

14:20:52.0142 1832 Product type: Workstation

14:20:52.0142 1832 ComputerName: ZANE-PC

14:20:52.0142 1832 UserName: Zane

14:20:52.0142 1832 Windows directory: C:\Windows

14:20:52.0142 1832 System windows directory: C:\Windows

14:20:52.0142 1832 Running under WOW64

14:20:52.0142 1832 Processor architecture: Intel x64

14:20:52.0142 1832 Number of processors: 4

14:20:52.0142 1832 Page size: 0x1000

14:20:52.0142 1832 Boot type: Safe boot with network

14:20:52.0142 1832 ============================================================

14:20:52.0362 1832 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

14:20:52.0362 1832 ============================================================

14:20:52.0362 1832 \Device\Harddisk0\DR0:

14:20:52.0362 1832 MBR partitions:

14:20:52.0362 1832 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0xFA000

14:20:52.0362 1832 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x10E000, BlocksNum 0x1094E000

14:20:52.0362 1832 ============================================================

14:20:52.0392 1832 C: <-> \Device\Harddisk0\DR0\Partition1

14:20:52.0392 1832 ============================================================

14:20:52.0392 1832 Initialize success

14:20:52.0392 1832 ============================================================

14:20:58.0552 0716 ============================================================

14:20:58.0552 0716 Scan started

14:20:58.0552 0716 Mode: Manual; SigCheck; TDLFS;

14:20:58.0552 0716 ============================================================

14:20:59.0172 0716 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

14:20:59.0212 0716 1394ohci - ok

14:20:59.0292 0716 Acceler (627371b2d48f64cecc4d019114fb140d) C:\Windows\system32\DRIVERS\Accelern.sys

14:20:59.0302 0716 Acceler - ok

14:20:59.0372 0716 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

14:20:59.0382 0716 ACPI - ok

14:20:59.0432 0716 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

14:20:59.0442 0716 AcpiPmi - ok

14:20:59.0532 0716 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

14:20:59.0542 0716 adp94xx - ok

14:20:59.0612 0716 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

14:20:59.0632 0716 adpahci - ok

14:20:59.0662 0716 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

14:20:59.0672 0716 adpu320 - ok

14:20:59.0702 0716 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

14:20:59.0742 0716 AeLookupSvc - ok

14:20:59.0862 0716 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\AESTSr64.exe

14:20:59.0872 0716 AESTFilters - ok

14:20:59.0962 0716 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys

14:20:59.0982 0716 AFD - ok

14:21:00.0042 0716 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

14:21:00.0052 0716 agp440 - ok

14:21:00.0122 0716 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

14:21:00.0132 0716 ALG - ok

14:21:00.0192 0716 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

14:21:00.0202 0716 aliide - ok

14:21:00.0262 0716 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

14:21:00.0272 0716 amdide - ok

14:21:00.0352 0716 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

14:21:00.0362 0716 AmdK8 - ok

14:21:00.0372 0716 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

14:21:00.0382 0716 AmdPPM - ok

14:21:00.0442 0716 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys

14:21:00.0452 0716 amdsata - ok

14:21:00.0512 0716 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

14:21:00.0522 0716 amdsbs - ok

14:21:00.0592 0716 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys

14:21:00.0602 0716 amdxata - ok

14:21:00.0702 0716 ApfiltrService (7142aa0dbcd3a4960f01799309a737ff) C:\Windows\system32\DRIVERS\Apfiltr.sys

14:21:00.0712 0716 ApfiltrService - ok

14:21:00.0782 0716 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

14:21:00.0802 0716 AppID - ok

14:21:00.0842 0716 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

14:21:00.0872 0716 AppIDSvc - ok

14:21:00.0912 0716 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll

14:21:00.0922 0716 Appinfo - ok

14:21:01.0092 0716 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

14:21:01.0102 0716 Apple Mobile Device - ok

14:21:01.0182 0716 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

14:21:01.0192 0716 AppMgmt - ok

14:21:01.0242 0716 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

14:21:01.0252 0716 arc - ok

14:21:01.0282 0716 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

14:21:01.0292 0716 arcsas - ok

14:21:01.0372 0716 aspnet_state - ok

14:21:01.0422 0716 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

14:21:01.0452 0716 AsyncMac - ok

14:21:01.0492 0716 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

14:21:01.0502 0716 atapi - ok

14:21:01.0602 0716 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

14:21:01.0642 0716 AudioEndpointBuilder - ok

14:21:01.0652 0716 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

14:21:01.0692 0716 AudioSrv - ok

14:21:01.0752 0716 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll

14:21:01.0762 0716 AxInstSV - ok

14:21:01.0852 0716 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

14:21:01.0872 0716 b06bdrv - ok

14:21:01.0952 0716 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

14:21:01.0962 0716 b57nd60a - ok

14:21:02.0012 0716 BCM42RLY (50d45e314b13f70bf328d783868e6ea6) C:\Windows\system32\drivers\BCM42RLY.sys

14:21:02.0022 0716 BCM42RLY - ok

14:21:02.0202 0716 BCM43XX (487794becfe161a8e112d5a25d940b06) C:\Windows\system32\DRIVERS\bcmwl664.sys

14:21:02.0252 0716 BCM43XX - ok

14:21:02.0422 0716 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

14:21:02.0432 0716 BDESVC - ok

14:21:02.0542 0716 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

14:21:02.0572 0716 Beep - ok

14:21:02.0642 0716 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll

14:21:02.0682 0716 BITS - ok

14:21:02.0742 0716 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

14:21:02.0752 0716 blbdrive - ok

14:21:02.0882 0716 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

14:21:02.0892 0716 Bonjour Service - ok

14:21:02.0952 0716 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

14:21:02.0962 0716 bowser - ok

14:21:03.0012 0716 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

14:21:03.0032 0716 BrFiltLo - ok

14:21:03.0052 0716 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

14:21:03.0062 0716 BrFiltUp - ok

14:21:03.0102 0716 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll

14:21:03.0142 0716 Browser - ok

14:21:03.0182 0716 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

14:21:03.0202 0716 Brserid - ok

14:21:03.0232 0716 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

14:21:03.0242 0716 BrSerWdm - ok

14:21:03.0272 0716 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

14:21:03.0282 0716 BrUsbMdm - ok

14:21:03.0302 0716 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

14:21:03.0312 0716 BrUsbSer - ok

14:21:03.0392 0716 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys

14:21:03.0402 0716 BTCFilterService - ok

14:21:03.0472 0716 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

14:21:03.0482 0716 BTHMODEM - ok

14:21:03.0532 0716 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

14:21:03.0572 0716 bthserv - ok

14:21:03.0692 0716 buttonsvc64 (f9a6deac2776a85f23b55e044cd4bc10) C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe

14:21:03.0702 0716 buttonsvc64 - ok

14:21:03.0792 0716 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys

14:21:03.0802 0716 CAXHWAZL - ok

14:21:03.0872 0716 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

14:21:03.0912 0716 cdfs - ok

14:21:03.0972 0716 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

14:21:03.0982 0716 cdrom - ok

14:21:04.0042 0716 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

14:21:04.0082 0716 CertPropSvc - ok

14:21:04.0142 0716 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

14:21:04.0152 0716 circlass - ok

14:21:04.0182 0716 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

14:21:04.0202 0716 CLFS - ok

14:21:04.0272 0716 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

14:21:04.0282 0716 clr_optimization_v2.0.50727_32 - ok

14:21:04.0332 0716 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

14:21:04.0342 0716 clr_optimization_v2.0.50727_64 - ok

14:21:04.0462 0716 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

14:21:04.0472 0716 clr_optimization_v4.0.30319_32 - ok

14:21:04.0532 0716 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

14:21:04.0542 0716 clr_optimization_v4.0.30319_64 - ok

14:21:04.0592 0716 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

14:21:04.0602 0716 CmBatt - ok

14:21:04.0642 0716 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

14:21:04.0652 0716 cmdide - ok

14:21:04.0722 0716 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys

14:21:04.0742 0716 CNG - ok

14:21:04.0812 0716 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

14:21:04.0822 0716 Compbatt - ok

14:21:04.0872 0716 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

14:21:04.0882 0716 CompositeBus - ok

14:21:04.0912 0716 COMSysApp - ok

14:21:04.0942 0716 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

14:21:04.0952 0716 crcdisk - ok

14:21:05.0112 0716 Credential Vault Host Control Service (55a9081a7a6d0977a0b470ac88f37e6f) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

14:21:05.0132 0716 Credential Vault Host Control Service - ok

14:21:05.0142 0716 Credential Vault Host Storage (53371039d4027e1bb4ddcc83007d3a04) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

14:21:05.0152 0716 Credential Vault Host Storage - ok

14:21:05.0222 0716 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll

14:21:05.0232 0716 CryptSvc - ok

14:21:05.0292 0716 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys

14:21:05.0302 0716 CSC - ok

14:21:05.0352 0716 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll

14:21:05.0362 0716 CscService - ok

14:21:05.0432 0716 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys

14:21:05.0442 0716 CtClsFlt - ok

14:21:05.0512 0716 cvusbdrv (a84caae89b487931200b969d94018afa) C:\Windows\system32\Drivers\cvusbdrv.sys

14:21:05.0522 0716 cvusbdrv - ok

14:21:05.0602 0716 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

14:21:05.0642 0716 DcomLaunch - ok

14:21:05.0772 0716 dcpsysmgrsvc (c0aade6fc97f718b1e1b0d4452f2ada5) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe

14:21:05.0792 0716 dcpsysmgrsvc - ok

14:21:05.0872 0716 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

14:21:05.0912 0716 defragsvc - ok

14:21:06.0052 0716 DeviceMonitorService (b7f4475cb09213ca87dea867ac16151a) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe

14:21:06.0052 0716 DeviceMonitorService - ok

14:21:06.0162 0716 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

14:21:06.0172 0716 DfsC - ok

14:21:06.0242 0716 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll

14:21:06.0252 0716 Dhcp - ok

14:21:06.0282 0716 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

14:21:06.0342 0716 discache - ok

14:21:06.0402 0716 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

14:21:06.0412 0716 Disk - ok

14:21:06.0472 0716 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll

14:21:06.0482 0716 Dnscache - ok

14:21:06.0522 0716 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll

14:21:06.0562 0716 dot3svc - ok

14:21:06.0622 0716 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys

14:21:06.0642 0716 Dot4 - ok

14:21:06.0682 0716 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys

14:21:06.0692 0716 Dot4Print - ok

14:21:06.0732 0716 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys

14:21:06.0742 0716 dot4usb - ok

14:21:06.0782 0716 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll

14:21:06.0812 0716 DPS - ok

14:21:06.0852 0716 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

14:21:06.0872 0716 drmkaud - ok

14:21:06.0892 0716 DVMIO - ok

14:21:06.0902 0716 DvmMDES - ok

14:21:06.0992 0716 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

14:21:07.0012 0716 DXGKrnl - ok

14:21:07.0092 0716 e1kexpress (711405da1fbc40b820db5a2b4dd939f0) C:\Windows\system32\DRIVERS\e1k62x64.sys

14:21:07.0102 0716 e1kexpress - ok

14:21:07.0182 0716 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

14:21:07.0212 0716 EapHost - ok

14:21:07.0372 0716 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

14:21:07.0412 0716 ebdrv - ok

14:21:07.0542 0716 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe

14:21:07.0552 0716 EFS - ok

14:21:07.0682 0716 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe

14:21:07.0702 0716 ehRecvr - ok

14:21:07.0732 0716 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

14:21:07.0742 0716 ehSched - ok

14:21:07.0872 0716 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

14:21:07.0882 0716 elxstor - ok

14:21:07.0912 0716 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

14:21:07.0922 0716 ErrDev - ok

14:21:08.0022 0716 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

14:21:08.0052 0716 EventSystem - ok

14:21:08.0092 0716 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

14:21:08.0122 0716 exfat - ok

14:21:08.0152 0716 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

14:21:08.0182 0716 fastfat - ok

14:21:08.0262 0716 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe

14:21:08.0272 0716 Fax - ok

14:21:08.0332 0716 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

14:21:08.0342 0716 fdc - ok

14:21:08.0392 0716 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

14:21:08.0432 0716 fdPHost - ok

14:21:08.0442 0716 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

14:21:08.0472 0716 FDResPub - ok

14:21:08.0492 0716 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

14:21:08.0502 0716 FileInfo - ok

14:21:08.0522 0716 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

14:21:08.0552 0716 Filetrace - ok

14:21:08.0612 0716 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

14:21:08.0622 0716 flpydisk - ok

14:21:08.0652 0716 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

14:21:08.0662 0716 FltMgr - ok

14:21:08.0762 0716 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll

14:21:08.0782 0716 FontCache - ok

14:21:08.0882 0716 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

14:21:08.0892 0716 FontCache3.0.0.0 - ok

14:21:08.0952 0716 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

14:21:08.0962 0716 FsDepends - ok

14:21:08.0992 0716 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys

14:21:09.0002 0716 Fs_Rec - ok

14:21:09.0102 0716 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

14:21:09.0112 0716 fvevol - ok

14:21:09.0182 0716 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

14:21:09.0192 0716 gagp30kx - ok

14:21:09.0262 0716 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

14:21:09.0262 0716 GEARAspiWDM - ok

14:21:09.0332 0716 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll

14:21:09.0352 0716 gpsvc - ok

14:21:09.0522 0716 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

14:21:09.0532 0716 gupdate - ok

14:21:09.0562 0716 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

14:21:09.0572 0716 gupdatem - ok

14:21:09.0612 0716 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

14:21:09.0622 0716 hcw85cir - ok

14:21:09.0702 0716 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

14:21:09.0712 0716 HdAudAddService - ok

14:21:09.0762 0716 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

14:21:09.0782 0716 HDAudBus - ok

14:21:09.0812 0716 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

14:21:09.0822 0716 HidBatt - ok

14:21:09.0852 0716 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

14:21:09.0862 0716 HidBth - ok

14:21:09.0902 0716 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

14:21:09.0912 0716 HidIr - ok

14:21:09.0942 0716 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

14:21:09.0972 0716 hidserv - ok

14:21:10.0032 0716 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

14:21:10.0042 0716 HidUsb - ok

14:21:10.0102 0716 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll

14:21:10.0132 0716 hkmsvc - ok

14:21:10.0162 0716 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll

14:21:10.0172 0716 HomeGroupListener - ok

14:21:10.0222 0716 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll

14:21:10.0232 0716 HomeGroupProvider - ok

14:21:10.0502 0716 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

14:21:10.0512 0716 hpqcxs08 - ok

14:21:10.0562 0716 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll

14:21:10.0572 0716 hpqddsvc - ok

14:21:10.0622 0716 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

14:21:10.0632 0716 HpSAMD - ok

14:21:10.0762 0716 HPSLPSVC (d4f91cf4de215d6f14a06087d46725e4) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL

14:21:10.0772 0716 HPSLPSVC - ok

14:21:10.0912 0716 HsfXAudioService (447256d1c026654c5cd3cc17e7b20631) C:\Windows\SysWOW64\XAudio64.dll

14:21:10.0932 0716 HsfXAudioService - ok

14:21:11.0122 0716 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys

14:21:11.0142 0716 HSF_DPV - ok

14:21:11.0302 0716 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

14:21:11.0352 0716 HTTP - ok

14:21:11.0372 0716 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

14:21:11.0382 0716 hwpolicy - ok

14:21:11.0442 0716 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

14:21:11.0452 0716 i8042prt - ok

14:21:11.0522 0716 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys

14:21:11.0542 0716 iaStorV - ok

14:21:11.0702 0716 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

14:21:11.0722 0716 idsvc - ok

14:21:11.0762 0716 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

14:21:11.0772 0716 iirsp - ok

14:21:11.0872 0716 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll

14:21:11.0912 0716 IKEEXT - ok

14:21:11.0982 0716 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys

14:21:11.0992 0716 Impcd - ok

14:21:12.0072 0716 InstallFilterService (a4a87c2f228dd2ac93dae94e103792d3) C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe

14:21:12.0082 0716 InstallFilterService ( UnsignedFile.Multi.Generic ) - warning

14:21:12.0082 0716 InstallFilterService - detected UnsignedFile.Multi.Generic (1)

14:21:12.0112 0716 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

14:21:12.0122 0716 intelide - ok

14:21:12.0172 0716 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

14:21:12.0182 0716 intelppm - ok

14:21:12.0252 0716 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

14:21:12.0282 0716 IPBusEnum - ok

14:21:12.0312 0716 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:21:12.0342 0716 IpFilterDriver - ok

14:21:12.0402 0716 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

14:21:12.0412 0716 IPMIDRV - ok

14:21:12.0442 0716 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

14:21:12.0482 0716 IPNAT - ok

14:21:12.0652 0716 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe

14:21:12.0672 0716 iPod Service - ok

14:21:12.0762 0716 iPodDrv (02def37ab75e0032c50724646f708de8) C:\Windows\system32\drivers\iPodDrv.sys

14:21:12.0772 0716 iPodDrv - ok

14:21:12.0822 0716 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

14:21:12.0832 0716 IRENUM - ok

14:21:12.0872 0716 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

14:21:12.0882 0716 isapnp - ok

14:21:12.0932 0716 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

14:21:12.0942 0716 iScsiPrt - ok

14:21:13.0012 0716 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

14:21:13.0022 0716 kbdclass - ok

14:21:13.0092 0716 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

14:21:13.0102 0716 kbdhid - ok

14:21:13.0162 0716 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

14:21:13.0172 0716 KeyIso - ok

14:21:13.0222 0716 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys

14:21:13.0232 0716 KSecDD - ok

14:21:13.0282 0716 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys

14:21:13.0292 0716 KSecPkg - ok

14:21:13.0342 0716 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

14:21:13.0372 0716 ksthunk - ok

14:21:13.0452 0716 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

14:21:13.0492 0716 KtmRm - ok

14:21:13.0562 0716 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll

14:21:13.0582 0716 LanmanServer - ok

14:21:13.0642 0716 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll

14:21:13.0672 0716 LanmanWorkstation - ok

14:21:13.0762 0716 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

14:21:13.0792 0716 lltdio - ok

14:21:13.0872 0716 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

14:21:13.0912 0716 lltdsvc - ok

14:21:13.0932 0716 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

14:21:13.0972 0716 lmhosts - ok

14:21:14.0022 0716 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

14:21:14.0042 0716 LSI_FC - ok

14:21:14.0072 0716 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

14:21:14.0082 0716 LSI_SAS - ok

14:21:14.0112 0716 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

14:21:14.0122 0716 LSI_SAS2 - ok

14:21:14.0192 0716 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

14:21:14.0202 0716 LSI_SCSI - ok

14:21:14.0242 0716 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

14:21:14.0272 0716 luafv - ok

14:21:14.0472 0716 McAfee SiteAdvisor Service (b891e3920f24ff1a3bead6cd2b42ed99) c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe

14:21:14.0482 0716 McAfee SiteAdvisor Service - ok

14:21:14.0622 0716 McAfeeEngineService (74cab26399a9084373f16e496bb494ab) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe

14:21:14.0622 0716 McAfeeEngineService - ok

14:21:14.0722 0716 McAfeeFramework (5599c452ed3b4315b7a3c7142824a2eb) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

14:21:14.0732 0716 McAfeeFramework - ok

14:21:14.0852 0716 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe

14:21:14.0862 0716 McComponentHostService - ok

14:21:14.0892 0716 McShield (6346ef11804b8f15154245184f8e1bdc) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe

14:21:14.0902 0716 McShield - ok

14:21:14.0942 0716 McTaskManager (6192f69cc7c45715609e4aeb01550f58) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

14:21:14.0952 0716 McTaskManager - ok

14:21:14.0982 0716 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll

14:21:14.0992 0716 Mcx2Svc - ok

14:21:15.0022 0716 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys

14:21:15.0022 0716 mdmxsdk - ok

14:21:15.0052 0716 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

14:21:15.0062 0716 megasas - ok

14:21:15.0112 0716 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

14:21:15.0122 0716 MegaSR - ok

14:21:15.0152 0716 mfeapfk (dafcd79de863d9578dfad4ca63281625) C:\Windows\system32\drivers\mfeapfk.sys

14:21:15.0162 0716 mfeapfk - ok

14:21:15.0172 0716 mfeavfk (c6760a9e2fe74210dcab11133545f2bb) C:\Windows\system32\drivers\mfeavfk.sys

14:21:15.0182 0716 mfeavfk - ok

14:21:15.0222 0716 mfehidk (a6a44963d9803d98c292e7e702bbdfb6) C:\Windows\system32\drivers\mfehidk.sys

14:21:15.0232 0716 mfehidk - ok

14:21:15.0262 0716 mferkdet (8279de7186f987e030d87c29ea5c4e40) C:\Windows\system32\drivers\mferkdet.sys

14:21:15.0262 0716 mferkdet - ok

14:21:15.0292 0716 mfetdik (8cdcc0cabd7329284c1b8a139a5c52fd) C:\Windows\system32\drivers\mfetdik.sys

14:21:15.0292 0716 mfetdik - ok

14:21:15.0342 0716 mfevtp (d9ec7ee411f83e18e8d6fdb8259f2607) C:\Windows\system32\mfevtps.exe

14:21:15.0352 0716 mfevtp - ok

14:21:15.0392 0716 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

14:21:15.0432 0716 MMCSS - ok

14:21:15.0462 0716 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

14:21:15.0492 0716 Modem - ok

14:21:15.0512 0716 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

14:21:15.0522 0716 monitor - ok

14:21:15.0602 0716 motccgp (c94a2ea3fdfa5d650884926b710b7db1) C:\Windows\system32\DRIVERS\motccgp.sys

14:21:15.0622 0716 motccgp - ok

14:21:15.0642 0716 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys

14:21:15.0652 0716 motccgpfl - ok

14:21:15.0712 0716 motmodem (060f0ef84f430802df3788f3dcfd009c) C:\Windows\system32\DRIVERS\motmodem.sys

14:21:15.0722 0716 motmodem - ok

14:21:15.0822 0716 MotoHelper (19c3255c1e9eebcda181731d3f3ccf72) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

14:21:15.0832 0716 MotoHelper - ok

14:21:15.0842 0716 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys

14:21:15.0852 0716 MotoSwitchService - ok

14:21:15.0922 0716 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\Windows\system32\DRIVERS\Motousbnet.sys

14:21:15.0922 0716 Motousbnet - ok

14:21:15.0942 0716 motusbdevice (4244e427cda5f6485e74461b5b48a7b6) C:\Windows\system32\DRIVERS\motusbdevice.sys

14:21:15.0952 0716 motusbdevice - ok

14:21:16.0002 0716 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

14:21:16.0012 0716 mouclass - ok

14:21:16.0072 0716 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

14:21:16.0082 0716 mouhid - ok

14:21:16.0122 0716 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

14:21:16.0132 0716 mountmgr - ok

14:21:16.0262 0716 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

14:21:16.0262 0716 MozillaMaintenance - ok

14:21:16.0302 0716 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

14:21:16.0312 0716 mpio - ok

14:21:16.0332 0716 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

14:21:16.0362 0716 mpsdrv - ok

14:21:16.0382 0716 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

14:21:16.0402 0716 MRxDAV - ok

14:21:16.0452 0716 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

14:21:16.0462 0716 mrxsmb - ok

14:21:16.0522 0716 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:21:16.0542 0716 mrxsmb10 - ok

14:21:16.0552 0716 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:21:16.0562 0716 mrxsmb20 - ok

14:21:16.0582 0716 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys

14:21:16.0592 0716 msahci - ok

14:21:16.0642 0716 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

14:21:16.0652 0716 msdsm - ok

14:21:16.0682 0716 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

14:21:16.0702 0716 MSDTC - ok

14:21:16.0742 0716 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

14:21:16.0782 0716 Msfs - ok

14:21:16.0802 0716 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

14:21:16.0842 0716 mshidkmdf - ok

14:21:16.0882 0716 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

14:21:16.0882 0716 msisadrv - ok

14:21:16.0932 0716 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

14:21:16.0962 0716 MSiSCSI - ok

14:21:16.0962 0716 msiserver - ok

14:21:17.0002 0716 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

14:21:17.0032 0716 MSKSSRV - ok

14:21:17.0092 0716 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

14:21:17.0122 0716 MSPCLOCK - ok

14:21:17.0132 0716 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

14:21:17.0162 0716 MSPQM - ok

14:21:17.0202 0716 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

14:21:17.0222 0716 MsRPC - ok

14:21:17.0262 0716 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

14:21:17.0272 0716 mssmbios - ok

14:21:17.0312 0716 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

14:21:17.0352 0716 MSTEE - ok

14:21:17.0382 0716 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

14:21:17.0392 0716 MTConfig - ok

14:21:17.0442 0716 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

14:21:17.0452 0716 Mup - ok

14:21:17.0622 0716 NACAgent (386213897579fa296a56db1dfcb09650) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe

14:21:17.0632 0716 NACAgent - ok

14:21:17.0692 0716 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll

14:21:17.0732 0716 napagent - ok

14:21:17.0842 0716 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

14:21:17.0852 0716 NativeWifiP - ok

14:21:17.0972 0716 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

14:21:17.0992 0716 NDIS - ok

14:21:18.0032 0716 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

14:21:18.0072 0716 NdisCap - ok

14:21:18.0122 0716 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

14:21:18.0162 0716 NdisTapi - ok

14:21:18.0212 0716 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

14:21:18.0252 0716 Ndisuio - ok

14:21:18.0272 0716 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

14:21:18.0302 0716 NdisWan - ok

14:21:18.0312 0716 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

14:21:18.0352 0716 NDProxy - ok

14:21:18.0422 0716 Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll

14:21:18.0432 0716 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

14:21:18.0432 0716 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

14:21:18.0472 0716 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

14:21:18.0502 0716 NetBIOS - ok

14:21:18.0532 0716 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

14:21:18.0562 0716 NetBT - ok

14:21:18.0592 0716 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

14:21:18.0602 0716 Netlogon - ok

14:21:18.0682 0716 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

14:21:18.0722 0716 Netman - ok

14:21:18.0752 0716 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

14:21:18.0782 0716 netprofm - ok

14:21:18.0892 0716 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

14:21:18.0902 0716 NetTcpPortSharing - ok

14:21:18.0962 0716 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

14:21:18.0972 0716 nfrd960 - ok

14:21:19.0012 0716 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll

14:21:19.0052 0716 NlaSvc - ok

14:21:19.0072 0716 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

14:21:19.0102 0716 Npfs - ok

14:21:19.0122 0716 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

14:21:19.0152 0716 nsi - ok

14:21:19.0162 0716 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

14:21:19.0192 0716 nsiproxy - ok

14:21:19.0312 0716 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys

14:21:19.0352 0716 Ntfs - ok

14:21:19.0462 0716 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

14:21:19.0502 0716 Null - ok

14:21:19.0562 0716 NVHDA (cddd4478757288df4bb1494bfd084259) C:\Windows\system32\drivers\nvhda64v.sys

14:21:19.0572 0716 NVHDA - ok

14:21:20.0062 0716 nvlddmkm (056d8b45fd4869947045bdc25e8734df) C:\Windows\system32\DRIVERS\nvlddmkm.sys

14:21:20.0232 0716 nvlddmkm - ok

14:21:20.0392 0716 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys

14:21:20.0402 0716 nvraid - ok

14:21:20.0442 0716 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys

14:21:20.0452 0716 nvstor - ok

14:21:20.0522 0716 nvsvc (42948f6e17b7b27e77101926fb4b0b96) C:\Windows\system32\nvvsvc.exe

14:21:20.0532 0716 nvsvc - ok

14:21:20.0602 0716 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

14:21:20.0612 0716 nv_agp - ok

14:21:20.0712 0716 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

14:21:20.0732 0716 odserv - ok

14:21:20.0772 0716 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

14:21:20.0782 0716 ohci1394 - ok

14:21:20.0862 0716 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

14:21:20.0872 0716 ose - ok

14:21:20.0912 0716 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

14:21:20.0922 0716 p2pimsvc - ok

14:21:20.0962 0716 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

14:21:20.0972 0716 p2psvc - ok

14:21:21.0052 0716 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

14:21:21.0062 0716 Parport - ok

14:21:21.0092 0716 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys

14:21:21.0102 0716 partmgr - ok

14:21:21.0152 0716 PBADRV (363b3f857abee85767e01e3044c539cd) C:\Windows\system32\DRIVERS\PBADRV.sys

14:21:21.0162 0716 PBADRV - ok

14:21:21.0192 0716 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

14:21:21.0202 0716 PcaSvc - ok

14:21:21.0242 0716 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

14:21:21.0252 0716 pci - ok

14:21:21.0292 0716 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

14:21:21.0302 0716 pciide - ok

14:21:21.0372 0716 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

14:21:21.0382 0716 pcmcia - ok

14:21:21.0412 0716 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

14:21:21.0422 0716 pcw - ok

14:21:21.0462 0716 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

14:21:21.0502 0716 PEAUTH - ok

14:21:21.0612 0716 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll

14:21:21.0632 0716 PeerDistSvc - ok

14:21:21.0692 0716 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

14:21:21.0702 0716 PerfHost - ok

14:21:21.0882 0716 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll

14:21:21.0932 0716 pla - ok

14:21:22.0012 0716 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll

14:21:22.0022 0716 PlugPlay - ok

14:21:22.0092 0716 Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll

14:21:22.0102 0716 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

14:21:22.0102 0716 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

14:21:22.0112 0716 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

14:21:22.0122 0716 PNRPAutoReg - ok

14:21:22.0152 0716 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

14:21:22.0172 0716 PNRPsvc - ok

14:21:22.0222 0716 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll

14:21:22.0262 0716 PolicyAgent - ok

14:21:22.0302 0716 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

14:21:22.0342 0716 Power - ok

14:21:22.0432 0716 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

14:21:22.0472 0716 PptpMiniport - ok

14:21:22.0502 0716 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

14:21:22.0512 0716 Processor - ok

14:21:22.0572 0716 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll

14:21:22.0582 0716 ProfSvc - ok

14:21:22.0612 0716 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

14:21:22.0622 0716 ProtectedStorage - ok

14:21:22.0682 0716 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

14:21:22.0722 0716 Psched - ok

14:21:22.0782 0716 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys

14:21:22.0792 0716 PxHlpa64 - ok

14:21:22.0882 0716 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

14:21:22.0912 0716 ql2300 - ok

14:21:23.0052 0716 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

14:21:23.0062 0716 ql40xx - ok

14:21:23.0132 0716 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

14:21:23.0152 0716 QWAVE - ok

14:21:23.0192 0716 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

14:21:23.0202 0716 QWAVEdrv - ok

14:21:23.0232 0716 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

14:21:23.0262 0716 RasAcd - ok

14:21:23.0322 0716 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

14:21:23.0352 0716 RasAgileVpn - ok

14:21:23.0412 0716 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

14:21:23.0452 0716 RasAuto - ok

14:21:23.0462 0716 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

14:21:23.0502 0716 Rasl2tp - ok

14:21:23.0532 0716 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll

14:21:23.0562 0716 RasMan - ok

14:21:23.0572 0716 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

14:21:23.0612 0716 RasPppoe - ok

14:21:23.0652 0716 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

14:21:23.0682 0716 RasSstp - ok

14:21:23.0722 0716 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

14:21:23.0762 0716 rdbss - ok

14:21:23.0792 0716 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

14:21:23.0802 0716 rdpbus - ok

14:21:23.0822 0716 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

14:21:23.0852 0716 RDPCDD - ok

14:21:23.0892 0716 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys

14:21:23.0902 0716 RDPDR - ok

14:21:23.0932 0716 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

14:21:23.0962 0716 RDPENCDD - ok

14:21:23.0982 0716 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

14:21:24.0022 0716 RDPREFMP - ok

14:21:24.0082 0716 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys

14:21:24.0092 0716 RDPWD - ok

14:21:24.0152 0716 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

14:21:24.0162 0716 rdyboost - ok

14:21:24.0242 0716 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

14:21:24.0272 0716 RemoteAccess - ok

14:21:24.0332 0716 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

14:21:24.0372 0716 RemoteRegistry - ok

14:21:24.0432 0716 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys

14:21:24.0432 0716 rimmptsk - ok

14:21:24.0502 0716 rimspci (3dca561aaf776aa2e356fb5b142aa5f8) C:\Windows\system32\DRIVERS\rimspe64.sys

14:21:24.0512 0716 rimspci - ok

14:21:24.0542 0716 rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys

14:21:24.0552 0716 rimsptsk - ok

14:21:24.0612 0716 risdpcie (c4581f04aa130892555b821f1fbaa151) C:\Windows\system32\DRIVERS\risdpe64.sys

14:21:24.0622 0716 risdpcie - ok

14:21:25.0142 0716 rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys

14:21:25.0152 0716 rismxdp - ok

14:21:25.0442 0716 rixdpcie (a4579105a3c5b6290701ead0c153e07a) C:\Windows\system32\DRIVERS\rixdpe64.sys

14:21:25.0452 0716 rixdpcie - ok

14:21:25.0482 0716 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

14:21:25.0522 0716 RpcEptMapper - ok

14:21:25.0552 0716 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

14:21:25.0562 0716 RpcLocator - ok

14:21:25.0602 0716 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

14:21:25.0642 0716 RpcSs - ok

14:21:25.0712 0716 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

14:21:25.0742 0716 rspndr - ok

14:21:25.0792 0716 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys

14:21:25.0802 0716 s3cap - ok

14:21:25.0842 0716 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

14:21:25.0852 0716 SamSs - ok

14:21:25.0882 0716 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

14:21:25.0892 0716 sbp2port - ok

14:21:26.0002 0716 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

14:21:26.0052 0716 SCardSvr - ok

14:21:26.0132 0716 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

14:21:26.0162 0716 scfilter - ok

14:21:26.0332 0716 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll

14:21:26.0352 0716 Schedule - ok

14:21:26.0402 0716 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

14:21:26.0432 0716 SCPolicySvc - ok

14:21:26.0502 0716 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys

14:21:26.0512 0716 sdbus - ok

14:21:26.0562 0716 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll

14:21:26.0572 0716 SDRSVC - ok

14:21:26.0612 0716 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

14:21:26.0642 0716 secdrv - ok

14:21:26.0662 0716 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll

14:21:26.0692 0716 seclogon - ok

14:21:26.0882 0716 SecureStorageService (9c8580d9a5f3c08556d6eca31848dc89) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe

14:21:26.0892 0716 SecureStorageService ( UnsignedFile.Multi.Generic ) - warning

14:21:26.0902 0716 SecureStorageService - detected UnsignedFile.Multi.Generic (1)

14:21:27.0012 0716 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

14:21:27.0052 0716 SENS - ok

14:21:27.0092 0716 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

14:21:27.0102 0716 SensrSvc - ok

14:21:27.0172 0716 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

14:21:27.0172 0716 Serenum - ok

14:21:27.0242 0716 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

14:21:27.0252 0716 Serial - ok

14:21:27.0342 0716 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

14:21:27.0352 0716 sermouse - ok

14:21:27.0422 0716 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll

14:21:27.0452 0716 SessionEnv - ok

14:21:27.0512 0716 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

14:21:27.0522 0716 sffdisk - ok

14:21:27.0602 0716 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

14:21:27.0612 0716 sffp_mmc - ok

14:21:27.0632 0716 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys

14:21:27.0642 0716 sffp_sd - ok

14:21:27.0702 0716 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

14:21:27.0712 0716 sfloppy - ok

14:21:27.0792 0716 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

14:21:27.0842 0716 SharedAccess - ok

14:21:27.0902 0716 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll

14:21:27.0922 0716 ShellHWDetection - ok

14:21:28.0002 0716 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

14:21:28.0012 0716 SiSRaid2 - ok

14:21:28.0072 0716 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

14:21:28.0082 0716 SiSRaid4 - ok

14:21:28.0282 0716 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

14:21:28.0322 0716 Smb - ok

14:21:28.0422 0716 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

14:21:28.0432 0716 SNMPTRAP - ok

14:21:28.0502 0716 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

14:21:28.0512 0716 spldr - ok

14:21:28.0602 0716 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe

14:21:28.0622 0716 Spooler - ok

14:21:28.0992 0716 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe

14:21:29.0042 0716 sppsvc - ok

14:21:29.0162 0716 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

14:21:29.0202 0716 sppuinotify - ok

14:21:29.0382 0716 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

14:21:29.0392 0716 srv - ok

14:21:29.0552 0716 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

14:21:29.0572 0716 srv2 - ok

14:21:29.0902 0716 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

14:21:29.0912 0716 SrvHsfHDA - ok

14:21:30.0302 0716 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

14:21:30.0322 0716 SrvHsfV92 - ok

14:21:30.0592 0716 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

14:21:30.0602 0716 SrvHsfWinac - ok

14:21:30.0692 0716 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

14:21:30.0702 0716 srvnet - ok

14:21:30.0782 0716 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys

14:21:30.0792 0716 ssadbus - ok

14:21:30.0932 0716 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

14:21:30.0972 0716 SSDPSRV - ok

14:21:31.0122 0716 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

14:21:31.0152 0716 SstpSvc - ok

14:21:31.0322 0716 STacSV (dae7a8a33df0635e6299640395037765) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\STacSV64.exe

14:21:31.0332 0716 STacSV - ok

14:21:31.0422 0716 stdflt (c568fdb21ce77a44fd166f28f104ac46) C:\Windows\system32\DRIVERS\stdfltn.sys

14:21:31.0432 0716 stdflt - ok

14:21:31.0592 0716 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

14:21:31.0602 0716 stexstor - ok

14:21:31.0722 0716 STHDA (04906a6b1dd17d38795e28af4f4392f9) C:\Windows\system32\DRIVERS\stwrt64.sys

14:21:31.0732 0716 STHDA - ok

14:21:31.0852 0716 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll

14:21:31.0872 0716 stisvc - ok

14:21:32.0432 0716 stllssvr (e476c66713c842f58e61a95826ed1d57) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

14:21:32.0442 0716 stllssvr - ok

14:21:32.0472 0716 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys

14:21:32.0482 0716 storflt - ok

14:21:32.0522 0716 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll

14:21:32.0532 0716 StorSvc - ok

14:21:32.0602 0716 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys

14:21:32.0612 0716 storvsc - ok

14:21:32.0642 0716 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

14:21:32.0652 0716 swenum - ok

14:21:32.0712 0716 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

14:21:32.0752 0716 swprv - ok

14:21:33.0422 0716 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll

14:21:33.0452 0716 SysMain - ok

14:21:33.0602 0716 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll

14:21:33.0622 0716 TabletInputService - ok

14:21:33.0652 0716 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll

14:21:33.0682 0716 TapiSrv - ok

14:21:33.0722 0716 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

14:21:33.0752 0716 TBS - ok

14:21:33.0912 0716 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys

14:21:33.0952 0716 Tcpip - ok

14:21:34.0182 0716 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys

14:21:34.0222 0716 TCPIP6 - ok

14:21:34.0292 0716 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

14:21:34.0332 0716 tcpipreg - ok

14:21:34.0502 0716 tcsd_win32.exe (69f1a38a6dbfe682491cb61a596662e3) C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe

14:21:34.0522 0716 tcsd_win32.exe ( UnsignedFile.Multi.Generic ) - warning

14:21:34.0522 0716 tcsd_win32.exe - detected UnsignedFile.Multi.Generic (1)

14:21:34.0712 0716 TdmService (bf0f20805431965c47641847f33ee1a8) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

14:21:34.0752 0716 TdmService - ok

14:21:34.0802 0716 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

14:21:34.0812 0716 TDPIPE - ok

14:21:34.0852 0716 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys

14:21:34.0862 0716 TDTCP - ok

14:21:34.0882 0716 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

14:21:34.0922 0716 tdx - ok

14:21:34.0952 0716 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

14:21:34.0962 0716 TermDD - ok

14:21:35.0022 0716 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll

14:21:35.0062 0716 TermService - ok

14:21:35.0072 0716 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

14:21:35.0092 0716 Themes - ok

14:21:35.0112 0716 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

14:21:35.0152 0716 THREADORDER - ok

14:21:35.0172 0716 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

14:21:35.0202 0716 TrkWks - ok

14:21:35.0292 0716 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe

14:21:35.0302 0716 TrustedInstaller - ok

14:21:35.0322 0716 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

14:21:35.0362 0716 tssecsrv - ok

14:21:35.0412 0716 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

14:21:35.0452 0716 tunnel - ok

14:21:35.0472 0716 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

14:21:35.0482 0716 uagp35 - ok

14:21:35.0532 0716 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys

14:21:35.0542 0716 udfs - ok

14:21:35.0572 0716 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

14:21:35.0582 0716 UI0Detect - ok

14:21:35.0642 0716 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

14:21:35.0652 0716 uliagpkx - ok

14:21:35.0722 0716 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

14:21:35.0732 0716 umbus - ok

14:21:35.0772 0716 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

14:21:35.0772 0716 UmPass - ok

14:21:35.0812 0716 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll

14:21:35.0822 0716 UmRdpService - ok

14:21:35.0862 0716 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

14:21:35.0902 0716 upnphost - ok

14:21:36.0022 0716 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys

14:21:36.0032 0716 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning

14:21:36.0032 0716 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)

14:21:36.0072 0716 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys

14:21:36.0082 0716 usbccgp - ok

14:21:36.0142 0716 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

14:21:36.0152 0716 usbcir - ok

14:21:36.0182 0716 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys

14:21:36.0192 0716 usbehci - ok

14:21:36.0262 0716 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys

14:21:36.0272 0716 usbhub - ok

14:21:36.0312 0716 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys

14:21:36.0322 0716 usbohci - ok

14:21:36.0362 0716 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

14:21:36.0372 0716 usbprint - ok

14:21:36.0412 0716 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

14:21:36.0432 0716 usbscan - ok

14:21:36.0472 0716 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:21:36.0492 0716 USBSTOR - ok

14:21:36.0502 0716 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys

14:21:36.0512 0716 usbuhci - ok

14:21:36.0572 0716 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys

14:21:36.0582 0716 usbvideo - ok

14:21:36.0642 0716 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys

14:21:36.0652 0716 usb_rndisx - ok

14:21:36.0672 0716 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

14:21:36.0702 0716 UxSms - ok

14:21:36.0742 0716 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

14:21:36.0752 0716 VaultSvc - ok

14:21:36.0822 0716 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

14:21:36.0832 0716 vdrvroot - ok

14:21:36.0872 0716 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe

14:21:36.0892 0716 vds - ok

14:21:36.0982 0716 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

14:21:37.0002 0716 vga - ok

14:21:37.0022 0716 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

14:21:37.0062 0716 VgaSave - ok

14:21:37.0122 0716 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

14:21:37.0132 0716 vhdmp - ok

14:21:37.0182 0716 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

14:21:37.0192 0716 viaide - ok

14:21:37.0232 0716 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys

14:21:37.0242 0716 vmbus - ok

14:21:37.0272 0716 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys

14:21:37.0272 0716 VMBusHID - ok

14:21:37.0312 0716 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

14:21:37.0322 0716 volmgr - ok

14:21:37.0392 0716 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

14:21:37.0402 0716 volmgrx - ok

14:21:37.0462 0716 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

14:21:37.0472 0716 volsnap - ok

14:21:37.0602 0716 vpnagent (cb7859f7029ac19e9b9c76aa0e5e79d2) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

14:21:37.0622 0716 vpnagent - ok

14:21:37.0672 0716 vpnva (a6ca1c89eb232697ca6369eb55729e48) C:\Windows\system32\DRIVERS\vpnva64.sys

14:21:37.0672 0716 vpnva - ok

14:21:37.0732 0716 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

14:21:37.0742 0716 vsmraid - ok

14:21:37.0862 0716 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe

14:21:37.0882 0716 VSS - ok

14:21:38.0022 0716 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

14:21:38.0032 0716 vwifibus - ok

14:21:38.0052 0716 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

14:21:38.0072 0716 vwififlt - ok

14:21:38.0122 0716 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

14:21:38.0162 0716 W32Time - ok

14:21:38.0192 0716 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

14:21:38.0202 0716 WacomPen - ok

14:21:38.0272 0716 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

14:21:38.0302 0716 WANARP - ok

14:21:38.0352 0716 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

14:21:38.0382 0716 Wanarpv6 - ok

14:21:38.0612 0716 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

14:21:38.0642 0716 WatAdminSvc - ok

14:21:39.0122 0716 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe

14:21:39.0152 0716 wbengine - ok

14:21:39.0272 0716 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

14:21:39.0292 0716 WbioSrvc - ok

14:21:39.0472 0716 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll

14:21:39.0482 0716 wcncsvc - ok

14:21:39.0552 0716 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

14:21:39.0562 0716 WcsPlugInService - ok

14:21:39.0612 0716 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

14:21:39.0622 0716 Wd - ok

14:21:39.0812 0716 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

14:21:39.0832 0716 Wdf01000 - ok

14:21:39.0862 0716 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

14:21:39.0872 0716 WdiServiceHost - ok

14:21:39.0882 0716 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

14:21:39.0902 0716 WdiSystemHost - ok

14:21:39.0982 0716 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll

14:21:39.0992 0716 WebClient - ok

14:21:40.0032 0716 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

14:21:40.0072 0716 Wecsvc - ok

14:21:40.0142 0716 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

14:21:40.0172 0716 wercplsupport - ok

14:21:40.0212 0716 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

14:21:40.0262 0716 WerSvc - ok

14:21:40.0342 0716 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

14:21:40.0372 0716 WfpLwf - ok

14:21:40.0462 0716 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

14:21:40.0472 0716 WIMMount - ok

14:21:40.0542 0716 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys

14:21:40.0552 0716 winachsf - ok

14:21:40.0552 0716 WinHttpAutoProxySvc - ok

14:21:40.0642 0716 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

14:21:40.0672 0716 Winmgmt - ok

14:21:40.0802 0716 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll

14:21:40.0862 0716 WinRM - ok

14:21:41.0052 0716 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUSB.sys

14:21:41.0062 0716 WinUsb - ok

14:21:41.0152 0716 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

14:21:41.0172 0716 Wlansvc - ok

14:21:41.0282 0716 wltrysvc (8097878196efaa50a70b42aef8225a61) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

14:21:41.0292 0716 wltrysvc ( UnsignedFile.Multi.Generic ) - warning

14:21:41.0292 0716 wltrysvc - detected UnsignedFile.Multi.Generic (1)

14:21:41.0342 0716 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

14:21:41.0352 0716 WmiAcpi - ok

14:21:41.0422 0716 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

14:21:41.0432 0716 wmiApSrv - ok

14:21:41.0542 0716 WMPNetworkSvc - ok

14:21:41.0572 0716 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

14:21:41.0582 0716 WPCSvc - ok

14:21:41.0592 0716 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll

14:21:41.0612 0716 WPDBusEnum - ok

14:21:41.0662 0716 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

14:21:41.0692 0716 ws2ifsl - ok

14:21:41.0702 0716 WSearch - ok

14:21:41.0842 0716 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

14:21:41.0882 0716 wuauserv - ok

14:21:42.0022 0716 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

14:21:42.0062 0716 WudfPf - ok

14:21:42.0092 0716 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

14:21:42.0132 0716 WUDFRd - ok

14:21:42.0162 0716 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll

14:21:42.0202 0716 wudfsvc - ok

14:21:42.0242 0716 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

14:21:42.0252 0716 WwanSvc - ok

14:21:42.0272 0716 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys

14:21:42.0282 0716 XAudio - ok

14:21:42.0352 0716 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys

14:21:42.0362 0716 xusb21 - ok

14:21:42.0442 0716 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

14:21:42.0502 0716 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

14:21:42.0502 0716 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

14:21:42.0582 0716 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

14:21:42.0582 0716 \Device\Harddisk0\DR0 - detected TDSS File System (1)

14:21:42.0582 0716 Boot (0x1200) (6725d08030f066022dccb2a6ef4f62f9) \Device\Harddisk0\DR0\Partition0

14:21:42.0592 0716 \Device\Harddisk0\DR0\Partition0 - ok

14:21:42.0622 0716 Boot (0x1200) (eb356d92741a61fa8ac5df7519f51c95) \Device\Harddisk0\DR0\Partition1

14:21:42.0622 0716 \Device\Harddisk0\DR0\Partition1 - ok

14:21:42.0632 0716 ============================================================

14:21:42.0632 0716 Scan finished

14:21:42.0632 0716 ============================================================

14:21:42.0642 0972 Detected object count: 9

14:21:42.0642 0972 Actual detected object count: 9

14:22:50.0552 0972 InstallFilterService ( UnsignedFile.Multi.Generic ) - skipped by user

14:22:50.0552 0972 InstallFilterService ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:22:50.0552 0972 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

14:22:50.0552 0972 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:22:50.0562 0972 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

14:22:50.0562 0972 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:22:50.0572 0972 SecureStorageService ( UnsignedFile.Multi.Generic ) - skipped by user

14:22:50.0572 0972 SecureStorageService ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:22:50.0592 0972 tcsd_win32.exe ( UnsignedFile.Multi.Generic ) - skipped by user

14:22:50.0592 0972 tcsd_win32.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:22:50.0602 0972 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user

14:22:50.0602 0972 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:22:50.0612 0972 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user

14:22:50.0612 0972 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:22:51.0352 0972 \Device\Harddisk0\DR0\# - copied to quarantine

14:22:51.0352 0972 \Device\Harddisk0\DR0 - copied to quarantine

14:22:51.0382 0972 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

14:22:51.0392 0972 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

14:22:51.0392 0972 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

14:22:51.0392 0972 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

14:22:51.0412 0972 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

14:22:51.0412 0972 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

14:22:51.0412 0972 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

14:22:51.0412 0972 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

14:22:51.0422 0972 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

14:22:51.0422 0972 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

14:22:51.0422 0972 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

14:22:51.0422 0972 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

14:22:51.0422 0972 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

14:22:51.0422 0972 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

14:22:51.0432 0972 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

14:22:51.0432 0972 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

14:22:51.0462 0972 \Device\Harddisk0\DR0 - ok

14:22:51.0472 0972 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

14:22:51.0472 0972 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

14:22:51.0472 0972 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

14:23:33.0982 1216 Deinitialize success

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.24.10

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Zane :: ZANE-PC [administrator]

7/24/2012 2:39:51 PM

mbam-log-2012-07-24 (14-39-51).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 199393

Time elapsed: 14 minute(s), 19 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Step 1

Please re-run TDSSKiller and use Delete option for this entry:

14:22:51.0472 0972 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

14:22:51.0472 0972 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Step 2

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites
hemminza

hemminza

Posted
  • Author
Posted

I'm going to try Mcafee support and see if I can find a solution for the disabling issue. Sorry for the delay. Again I appreciate the help. I'll try to find a solution and run combofix. I bought the computer from my university and am considering asking them to reinstall the OS and start over as you suggested earlier if my support plan allows it. Thanks

Link to post
Share on other sites
hemminza

hemminza

Posted
  • Author
Posted

So after posting on the Mcafee support forum I learned that in short the program is installed in a way that I can't disable it. To quote:

"Your system is managed by ePolicy Orchestrator (ePO), meaning, the product has come with an "Agent" installed, and the agent is there to enforce the policy willed upon you by the ePO administrator.

Since you do not see how to remove it either, it suggests the admin has also hardened the product installation to hinder your efforts to remove it.

The "right" thing to do is to work with your admin to clean up your system.

If there is no such agreement in place, and you simply have to adhere to their policies because your system is at times on their network but maintanance of the system is entirely your responsibility, then that is quite the arrangement happy.gif... but you can get around the policy enforcement by stopping the McAfee Framework service. Please, only do so as a temporary measure; disabling it permanently would mean your next infection is right around the corner."

That being the case I think I'm just going to see if my university IT will re-image my machine when I start classes next month. With your help I can now start windows now without it shutting down so I can backup the few personal files I need and hopefully they're willing to help me out. I really appreciate your time and help. Thanks again.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.