Page 3 of 16 FirstFirst 1234513 ... LastLast
Results 21 to 30 of 151

Thread: Desperately need help! My firewall will not turn on.

  1. #21
    Join Date
    Jun 2012
    Posts
    113
    Here is the Cpmbofix log:
    ComboFix 12-06-27.01 - Frances 06/27/2012 17:15:33.1.2 - x64 MINIMAL
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.3241 [GMT -4:00]
    Running from: c:\users\Frances\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\CouponAlert_2pEI
    c:\users\Frances\GoToAssistDownloadHelper.exe
    c:\windows\assembly\tmp\U
    c:\windows\Installer\{e441ce7e-349f-bf8b-ecee-2afcda9520f2}\@
    c:\windows\Installer\{e441ce7e-349f-bf8b-ecee-2afcda9520f2}\U\00000001.@
    c:\windows\Installer\{e441ce7e-349f-bf8b-ecee-2afcda9520f2}\U\80000000.@
    c:\windows\Installer\{e441ce7e-349f-bf8b-ecee-2afcda9520f2}\U\800000cb.@
    .
    Infected copy of c:\windows\system32\services.exe was found and disinfected
    Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy6_!Window s!System32!services.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-27 21:19 . 2012-06-27 21:19 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-06-27 19:20 . 2012-06-27 19:20 -------- d-s---w- c:\windows\SysWow64\Microsoft
    2012-06-27 18:09 . 2012-06-27 18:09 -------- d-----w- c:\program files (x86)\ESET
    2012-06-26 04:58 . 2012-06-27 17:57 -------- d-----w- c:\programdata\AVAST Software
    2012-06-26 04:58 . 2012-06-26 04:58 -------- d-----w- c:\program files\AVAST Software
    2012-06-26 01:50 . 2012-06-26 01:50 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-06-25 23:17 . 2012-06-25 23:17 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-23 18:23 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-23 18:23 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-23 18:23 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-23 18:23 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-23 18:23 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-23 18:23 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-23 18:23 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-23 18:23 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-23 18:23 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-18 15:10 . 2012-06-18 15:10 -------- d-----w- c:\program files\Microsoft Silverlight
    2012-06-18 15:10 . 2012-06-18 15:10 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
    2012-06-18 15:05 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-06-18 15:05 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-06-16 23:29 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-06-16 23:29 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-16 23:29 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-05-30 23:13 . 2000-05-22 05:00 244416 ----a-w- c:\windows\SysWow64\Msflxgrd.ocx
    2012-05-30 23:13 . 2000-05-22 05:00 203976 ----a-w- c:\windows\SysWow64\RICHTX32.OCX
    2012-05-30 23:13 . 1998-06-24 04:00 209192 ----a-w- c:\windows\SysWow64\TABCTL32.OCX
    2012-05-30 23:12 . 2012-06-04 22:12 -------- d-----w- c:\users\Frances\AppData\Roaming\pchc
    2012-05-30 22:49 . 2012-05-30 22:49 -------- d-----w- c:\program files (x86)\ATT
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2012-06-25 23:17 . 2011-05-15 01:36 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-04-04 19:56 . 2011-07-10 21:14 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-30 11:35 . 2012-05-12 14:10 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-24 4786048]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
    "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-19 136176]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
    R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-19 136176]
    R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [2010-11-20 59392]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-10 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHl pa64.sys [2010-03-19 55856]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
    S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-04-30 517632]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 138752]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
    2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-27 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
    - c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2012-04-06 18:24]
    .
    2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-19 15:55]
    .
    2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-19 15:55]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "Persistence"="c:\windows\system32\igfxpers.ex e" [2011-02-11 417304]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 192.168.1.254
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
    FF - ProfilePath - c:\users\Frances\AppData\Roaming\Mozilla\Firefox\P rofiles\h5zou2lk.default\
    FF - prefs.js: browser.startup.homepage - hxxp://g.msn.com/USCON/1
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - (no file)
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    WebBrowser-{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    c:\program files (x86)\Common Files\Motive\McciCMService.exe
    .
    ************************************************** ************************
    .
    Completion time: 2012-06-27 17:23:03 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-06-27 21:23
    .
    Pre-Run: 446,673,424,384 bytes free
    Post-Run: 446,304,514,048 bytes free
    .
    - - End Of File - - 3DF9998A315E15B788D990F68E5149E7

  2. #22
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    71
    Posts
    4,079
    Now run this program: NORMAL mode if at all possible.

    Please read carefully and follow these steps.

    • Download TDSSKiller and save it to your Desktop.
    • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    After that run this one:

    Please download aswMBR to your desktop.

    • Double click the aswMBR.exe icon to run it
    • it will ask to download extra definitions - ALLOW IT
    • Click the Scan button to start the scan
    • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



    If you have any problems running either one come back and let me know

    please reply with the reports from TDSSKiller and aswMBR

  3. #23
    Join Date
    Jun 2012
    Posts
    113
    Here are the requested logs:
    17:50:17.0892 4008 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
    17:50:18.0173 4008 ================================================== ==========
    17:50:18.0173 4008 Current date / time: 2012/06/27 17:50:18.0173
    17:50:18.0173 4008 SystemInfo:
    17:50:18.0173 4008
    17:50:18.0173 4008 OS Version: 6.1.7601 ServicePack: 1.0
    17:50:18.0173 4008 Product type: Workstation
    17:50:18.0173 4008 ComputerName: FRANCES-PC
    17:50:18.0173 4008 UserName: Frances
    17:50:18.0173 4008 Windows directory: C:\Windows
    17:50:18.0173 4008 System windows directory: C:\Windows
    17:50:18.0173 4008 Running under WOW64
    17:50:18.0173 4008 Processor architecture: Intel x64
    17:50:18.0173 4008 Number of processors: 2
    17:50:18.0173 4008 Page size: 0x1000
    17:50:18.0173 4008 Boot type: Normal boot
    17:50:18.0173 4008 ================================================== ==========
    17:50:18.0422 4008 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    17:50:18.0438 4008 ================================================== ==========
    17:50:18.0438 4008 \Device\Harddisk0\DR0:
    17:50:18.0438 4008 MBR partitions:
    17:50:18.0438 4008 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1B9F000
    17:50:18.0438 4008 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BB3000, BlocksNum 0x387D2800
    17:50:18.0438 4008 ================================================== ==========
    17:50:18.0469 4008 C: <-> \Device\Harddisk0\DR0\Partition1
    17:50:18.0469 4008 ================================================== ==========
    17:50:18.0469 4008 Initialize success
    17:50:18.0469 4008 ================================================== ==========
    17:50:22.0213 2068 ================================================== ==========
    17:50:22.0213 2068 Scan started
    17:50:22.0213 2068 Mode: Manual;
    17:50:22.0213 2068 ================================================== ==========
    17:50:22.0509 2068 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    17:50:22.0509 2068 !SASCORE - ok
    17:50:22.0650 2068 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    17:50:22.0650 2068 1394ohci - ok
    17:50:22.0712 2068 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    17:50:22.0712 2068 ACDaemon - ok
    17:50:22.0743 2068 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    17:50:22.0743 2068 ACPI - ok
    17:50:22.0759 2068 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    17:50:22.0759 2068 AcpiPmi - ok
    17:50:22.0806 2068 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    17:50:22.0821 2068 adp94xx - ok
    17:50:22.0853 2068 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    17:50:22.0853 2068 adpahci - ok
    17:50:22.0868 2068 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    17:50:22.0868 2068 adpu320 - ok
    17:50:22.0899 2068 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    17:50:22.0899 2068 AeLookupSvc - ok
    17:50:22.0962 2068 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    17:50:22.0977 2068 AFD - ok
    17:50:23.0009 2068 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    17:50:23.0009 2068 agp440 - ok
    17:50:23.0024 2068 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    17:50:23.0040 2068 ALG - ok
    17:50:23.0071 2068 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    17:50:23.0071 2068 aliide - ok
    17:50:23.0087 2068 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    17:50:23.0087 2068 amdide - ok
    17:50:23.0102 2068 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    17:50:23.0118 2068 AmdK8 - ok
    17:50:23.0133 2068 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    17:50:23.0133 2068 AmdPPM - ok
    17:50:23.0149 2068 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    17:50:23.0165 2068 amdsata - ok
    17:50:23.0180 2068 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    17:50:23.0180 2068 amdsbs - ok
    17:50:23.0196 2068 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    17:50:23.0196 2068 amdxata - ok
    17:50:23.0243 2068 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    17:50:23.0243 2068 AppID - ok
    17:50:23.0258 2068 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    17:50:23.0274 2068 AppIDSvc - ok
    17:50:23.0321 2068 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    17:50:23.0321 2068 Appinfo - ok
    17:50:23.0383 2068 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    17:50:23.0383 2068 arc - ok
    17:50:23.0399 2068 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    17:50:23.0414 2068 arcsas - ok
    17:50:23.0430 2068 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    17:50:23.0430 2068 AsyncMac - ok
    17:50:23.0477 2068 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    17:50:23.0477 2068 atapi - ok
    17:50:23.0539 2068 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    17:50:23.0555 2068 AudioEndpointBuilder - ok
    17:50:23.0555 2068 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    17:50:23.0570 2068 AudioSrv - ok
    17:50:23.0617 2068 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    17:50:23.0617 2068 AxInstSV - ok
    17:50:23.0679 2068 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    17:50:23.0695 2068 b06bdrv - ok
    17:50:23.0742 2068 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    17:50:23.0742 2068 b57nd60a - ok
    17:50:23.0773 2068 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    17:50:23.0773 2068 BDESVC - ok
    17:50:23.0789 2068 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    17:50:23.0789 2068 Beep - ok
    17:50:23.0851 2068 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
    17:50:23.0867 2068 BFE - ok
    17:50:23.0929 2068 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
    17:50:23.0945 2068 BITS - ok
    17:50:23.0991 2068 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    17:50:23.0991 2068 blbdrive - ok
    17:50:24.0023 2068 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    17:50:24.0023 2068 bowser - ok
    17:50:24.0054 2068 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    17:50:24.0054 2068 BrFiltLo - ok
    17:50:24.0069 2068 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    17:50:24.0069 2068 BrFiltUp - ok
    17:50:24.0085 2068 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
    17:50:24.0085 2068 BridgeMP - ok
    17:50:24.0116 2068 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    17:50:24.0116 2068 Browser - ok
    17:50:24.0147 2068 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    17:50:24.0147 2068 Brserid - ok
    17:50:24.0163 2068 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    17:50:24.0163 2068 BrSerWdm - ok
    17:50:24.0179 2068 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    17:50:24.0179 2068 BrUsbMdm - ok
    17:50:24.0179 2068 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    17:50:24.0179 2068 BrUsbSer - ok
    17:50:24.0194 2068 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    17:50:24.0194 2068 BTHMODEM - ok
    17:50:24.0241 2068 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    17:50:24.0241 2068 bthserv - ok
    17:50:24.0257 2068 catchme - ok
    17:50:24.0272 2068 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    17:50:24.0272 2068 cdfs - ok
    17:50:24.0303 2068 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    17:50:24.0303 2068 cdrom - ok
    17:50:24.0335 2068 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    17:50:24.0335 2068 CertPropSvc - ok
    17:50:24.0350 2068 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    17:50:24.0350 2068 circlass - ok
    17:50:24.0397 2068 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    17:50:24.0397 2068 CLFS - ok
    17:50:24.0444 2068 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe
    17:50:24.0444 2068 clr_optimization_v2.0.50727_32 - ok
    17:50:24.0459 2068 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ms corsvw.exe
    17:50:24.0459 2068 clr_optimization_v2.0.50727_64 - ok
    17:50:24.0522 2068 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe
    17:50:24.0522 2068 clr_optimization_v4.0.30319_32 - ok
    17:50:24.0553 2068 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ms corsvw.exe
    17:50:24.0553 2068 clr_optimization_v4.0.30319_64 - ok
    17:50:24.0584 2068 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    17:50:24.0584 2068 CmBatt - ok
    17:50:24.0600 2068 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    17:50:24.0600 2068 cmdide - ok
    17:50:24.0647 2068 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    17:50:24.0662 2068 CNG - ok
    17:50:24.0662 2068 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    17:50:24.0678 2068 Compbatt - ok
    17:50:24.0693 2068 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    17:50:24.0693 2068 CompositeBus - ok
    17:50:24.0709 2068 COMSysApp - ok
    17:50:24.0725 2068 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    17:50:24.0725 2068 crcdisk - ok
    17:50:24.0756 2068 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
    17:50:24.0756 2068 CryptSvc - ok
    17:50:24.0803 2068 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    17:50:24.0803 2068 DcomLaunch - ok
    17:50:24.0849 2068 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    17:50:24.0849 2068 defragsvc - ok
    17:50:24.0881 2068 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    17:50:24.0896 2068 DfsC - ok
    17:50:24.0927 2068 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    17:50:24.0943 2068 Dhcp - ok
    17:50:24.0959 2068 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    17:50:24.0959 2068 discache - ok
    17:50:24.0974 2068 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    17:50:24.0974 2068 Disk - ok
    17:50:25.0005 2068 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    17:50:25.0005 2068 Dnscache - ok
    17:50:25.0037 2068 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    17:50:25.0037 2068 dot3svc - ok
    17:50:25.0068 2068 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
    17:50:25.0083 2068 Dot4 - ok
    17:50:25.0099 2068 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    17:50:25.0099 2068 Dot4Print - ok
    17:50:25.0115 2068 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
    17:50:25.0115 2068 dot4usb - ok
    17:50:25.0146 2068 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    17:50:25.0161 2068 DPS - ok
    17:50:25.0177 2068 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    17:50:25.0177 2068 drmkaud - ok
    17:50:25.0239 2068 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    17:50:25.0255 2068 DXGKrnl - ok
    17:50:25.0271 2068 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    17:50:25.0271 2068 EapHost - ok
    17:50:25.0427 2068 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    17:50:25.0489 2068 ebdrv - ok
    17:50:25.0583 2068 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    17:50:25.0583 2068 EFS - ok
    17:50:25.0645 2068 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    17:50:25.0661 2068 ehRecvr - ok
    17:50:25.0676 2068 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    17:50:25.0692 2068 ehSched - ok
    17:50:25.0754 2068 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    17:50:25.0770 2068 elxstor - ok
    17:50:25.0801 2068 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    17:50:25.0801 2068 ErrDev - ok
    17:50:25.0848 2068 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    17:50:25.0863 2068 EventSystem - ok
    17:50:25.0895 2068 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    17:50:25.0895 2068 exfat - ok
    17:50:25.0910 2068 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    17:50:25.0926 2068 fastfat - ok
    17:50:25.0988 2068 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    17:50:26.0004 2068 Fax - ok
    17:50:26.0019 2068 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    17:50:26.0019 2068 fdc - ok
    17:50:26.0035 2068 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    17:50:26.0035 2068 fdPHost - ok
    17:50:26.0051 2068 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    17:50:26.0051 2068 FDResPub - ok
    17:50:26.0066 2068 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    17:50:26.0066 2068 FileInfo - ok
    17:50:26.0082 2068 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    17:50:26.0082 2068 Filetrace - ok
    17:50:26.0097 2068 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    17:50:26.0097 2068 flpydisk - ok
    17:50:26.0129 2068 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    17:50:26.0144 2068 FltMgr - ok
    17:50:26.0207 2068 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    17:50:26.0222 2068 FontCache - ok
    17:50:26.0269 2068 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\Pres entationFontCache.exe
    17:50:26.0269 2068 FontCache3.0.0.0 - ok
    17:50:26.0285 2068 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    17:50:26.0285 2068 FsDepends - ok
    17:50:26.0316 2068 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
    17:50:26.0316 2068 Fs_Rec - ok
    17:50:26.0347 2068 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    17:50:26.0347 2068 fvevol - ok
    17:50:26.0378 2068 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    17:50:26.0378 2068 gagp30kx - ok
    17:50:26.0456 2068 GoToAssist (8f6ae606eb0cc884ee12c41948424422) C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe
    17:50:26.0456 2068 GoToAssist - ok
    17:50:26.0519 2068 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    17:50:26.0519 2068 gpsvc - ok
    17:50:26.0581 2068 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    17:50:26.0597 2068 gupdate - ok
    17:50:26.0597 2068 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    17:50:26.0612 2068 gupdatem - ok
    17:50:26.0628 2068 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    17:50:26.0628 2068 hcw85cir - ok
    17:50:26.0659 2068 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    17:50:26.0659 2068 HDAudBus - ok
    17:50:26.0675 2068 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    17:50:26.0675 2068 HidBatt - ok
    17:50:26.0706 2068 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    17:50:26.0706 2068 HidBth - ok
    17:50:26.0721 2068 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    17:50:26.0721 2068 HidIr - ok
    17:50:26.0737 2068 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
    17:50:26.0737 2068 hidserv - ok
    17:50:26.0768 2068 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    17:50:26.0784 2068 HidUsb - ok
    17:50:26.0799 2068 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    17:50:26.0799 2068 hkmsvc - ok
    17:50:26.0831 2068 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    17:50:26.0846 2068 HomeGroupListener - ok
    17:50:26.0877 2068 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    17:50:26.0877 2068 HomeGroupProvider - ok
    17:50:26.0955 2068 hpqcxs08 (97aac45a375168c6a2297beeb9692e31) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
    17:50:26.0955 2068 hpqcxs08 - ok
    17:50:26.0987 2068 hpqddsvc (19a4fb67b1c97ea18edff44340973cd9) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
    17:50:26.0987 2068 hpqddsvc - ok
    17:50:27.0033 2068 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    17:50:27.0033 2068 HpSAMD - ok
    17:50:27.0096 2068 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    17:50:27.0127 2068 HTTP - ok
    17:50:27.0143 2068 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    17:50:27.0143 2068 hwpolicy - ok
    17:50:27.0174 2068 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    17:50:27.0174 2068 i8042prt - ok
    17:50:27.0221 2068 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
    17:50:27.0236 2068 iaStor - ok
    17:50:27.0299 2068 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    17:50:27.0299 2068 IAStorDataMgrSvc - ok
    17:50:27.0330 2068 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    17:50:27.0345 2068 iaStorV - ok
    17:50:27.0377 2068 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    17:50:27.0377 2068 IDriverT - ok
    17:50:27.0470 2068 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    17:50:27.0486 2068 idsvc - ok
    17:50:27.0876 2068 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
    17:50:28.0032 2068 igfx - ok
    17:50:28.0110 2068 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    17:50:28.0125 2068 iirsp - ok
    17:50:28.0188 2068 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    17:50:28.0188 2068 IKEEXT - ok
    17:50:28.0313 2068 IntcAzAudAddService (492cd3a94913d753b4591cd9e29ec843) C:\Windows\system32\drivers\RTKVHD64.sys
    17:50:28.0313 2068 IntcAzAudAddService - ok
    17:50:28.0359 2068 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys
    17:50:28.0375 2068 IntcHdmiAddService - ok
    17:50:28.0406 2068 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    17:50:28.0406 2068 intelide - ok
    17:50:28.0437 2068 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    17:50:28.0437 2068 intelppm - ok
    17:50:28.0453 2068 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    17:50:28.0469 2068 IPBusEnum - ok
    17:50:28.0500 2068 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    17:50:28.0500 2068 IpFilterDriver - ok
    17:50:28.0562 2068 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
    17:50:28.0578 2068 iphlpsvc - ok
    17:50:28.0625 2068 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    17:50:28.0625 2068 IPMIDRV - ok
    17:50:28.0656 2068 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    17:50:28.0656 2068 IPNAT - ok
    17:50:28.0671 2068 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    17:50:28.0671 2068 IRENUM - ok
    17:50:28.0687 2068 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    17:50:28.0687 2068 isapnp - ok
    17:50:28.0734 2068 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    17:50:28.0734 2068 iScsiPrt - ok
    17:50:28.0765 2068 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    17:50:28.0765 2068 kbdclass - ok
    17:50:28.0781 2068 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    17:50:28.0781 2068 kbdhid - ok
    17:50:28.0812 2068 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:50:28.0812 2068 KeyIso - ok
    17:50:28.0843 2068 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    17:50:28.0843 2068 KSecDD - ok
    17:50:28.0859 2068 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    17:50:28.0859 2068 KSecPkg - ok
    17:50:28.0874 2068 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    17:50:28.0874 2068 ksthunk - ok
    17:50:28.0905 2068 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    17:50:28.0921 2068 KtmRm - ok
    17:50:28.0968 2068 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
    17:50:28.0968 2068 LanmanServer - ok
    17:50:28.0999 2068 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    17:50:28.0999 2068 LanmanWorkstation - ok
    17:50:29.0030 2068 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    17:50:29.0030 2068 lltdio - ok
    17:50:29.0061 2068 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    17:50:29.0061 2068 lltdsvc - ok
    17:50:29.0093 2068 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    17:50:29.0093 2068 lmhosts - ok
    17:50:29.0108 2068 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    17:50:29.0108 2068 LSI_FC - ok
    17:50:29.0124 2068 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    17:50:29.0124 2068 LSI_SAS - ok
    17:50:29.0124 2068 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    17:50:29.0139 2068 LSI_SAS2 - ok
    17:50:29.0139 2068 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    17:50:29.0139 2068 LSI_SCSI - ok
    17:50:29.0171 2068 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    17:50:29.0171 2068 luafv - ok
    17:50:29.0217 2068 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
    17:50:29.0217 2068 McciCMService - ok
    17:50:29.0295 2068 McciCMService64 (be3d584d7c021eb7d89166eecb83c341) C:\Program Files\Common Files\Motive\McciCMService.exe
    17:50:29.0295 2068 McciCMService64 - ok
    17:50:29.0311 2068 McMPFSvc - ok
    17:50:29.0342 2068 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    17:50:29.0342 2068 Mcx2Svc - ok
    17:50:29.0342 2068 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    17:50:29.0342 2068 megasas - ok
    17:50:29.0358 2068 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    17:50:29.0373 2068 MegaSR - ok
    17:50:29.0373 2068 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    17:50:29.0373 2068 MMCSS - ok
    17:50:29.0389 2068 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    17:50:29.0389 2068 Modem - ok
    17:50:29.0405 2068 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    17:50:29.0405 2068 monitor - ok
    17:50:29.0436 2068 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    17:50:29.0436 2068 mouclass - ok
    17:50:29.0451 2068 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    17:50:29.0467 2068 mouhid - ok
    17:50:29.0483 2068 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    17:50:29.0483 2068 mountmgr - ok
    17:50:29.0514 2068 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    17:50:29.0514 2068 mpio - ok
    17:50:29.0545 2068 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    17:50:29.0545 2068 mpsdrv - ok
    17:50:29.0576 2068 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
    17:50:29.0592 2068 MREMP50 - ok
    17:50:29.0592 2068 MREMP50a64 - ok
    17:50:29.0592 2068 MREMPR5 - ok
    17:50:29.0607 2068 MRENDIS5 - ok
    17:50:29.0639 2068 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
    17:50:29.0639 2068 MRESP50 - ok
    17:50:29.0639 2068 MRESP50a64 - ok
    17:50:29.0670 2068 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    17:50:29.0670 2068 MRxDAV - ok
    17:50:29.0701 2068 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    17:50:29.0701 2068 mrxsmb - ok
    17:50:29.0732 2068 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    17:50:29.0732 2068 mrxsmb10 - ok
    17:50:29.0748 2068 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    17:50:29.0748 2068 mrxsmb20 - ok
    17:50:29.0763 2068 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    17:50:29.0763 2068 msahci - ok
    17:50:29.0795 2068 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    17:50:29.0795 2068 msdsm - ok
    17:50:29.0826 2068 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    17:50:29.0826 2068 MSDTC - ok
    17:50:29.0857 2068 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    17:50:29.0857 2068 Msfs - ok
    17:50:29.0873 2068 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    17:50:29.0873 2068 mshidkmdf - ok
    17:50:29.0888 2068 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    17:50:29.0888 2068 msisadrv - ok
    17:50:29.0935 2068 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    17:50:29.0935 2068 MSiSCSI - ok
    17:50:29.0951 2068 msiserver - ok
    17:50:29.0966 2068 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    17:50:29.0966 2068 MSKSSRV - ok
    17:50:29.0982 2068 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    17:50:29.0997 2068 MSPCLOCK - ok
    17:50:29.0997 2068 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    17:50:29.0997 2068 MSPQM - ok
    17:50:30.0044 2068 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    17:50:30.0044 2068 MsRPC - ok
    17:50:30.0060 2068 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    17:50:30.0060 2068 mssmbios - ok
    17:50:30.0075 2068 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    17:50:30.0075 2068 MSTEE - ok
    17:50:30.0075 2068 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    17:50:30.0075 2068 MTConfig - ok
    17:50:30.0091 2068 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    17:50:30.0091 2068 Mup - ok
    17:50:30.0138 2068 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    17:50:30.0153 2068 napagent - ok
    17:50:30.0185 2068 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    17:50:30.0185 2068 NativeWifiP - ok
    17:50:30.0247 2068 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    17:50:30.0263 2068 NDIS - ok
    17:50:30.0263 2068 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    17:50:30.0263 2068 NdisCap - ok
    17:50:30.0294 2068 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    17:50:30.0294 2068 NdisTapi - ok
    17:50:30.0309 2068 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    17:50:30.0309 2068 Ndisuio - ok
    17:50:30.0341 2068 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    17:50:30.0341 2068 NdisWan - ok
    17:50:30.0372 2068 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    17:50:30.0372 2068 NDProxy - ok
    17:50:30.0419 2068 Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll
    17:50:30.0419 2068 Net Driver HPZ12 - ok
    17:50:30.0450 2068 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    17:50:30.0450 2068 NetBIOS - ok
    17:50:30.0481 2068 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    17:50:30.0497 2068 NetBT - ok
    17:50:30.0512 2068 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:50:30.0512 2068 Netlogon - ok
    17:50:30.0559 2068 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    17:50:30.0559 2068 Netman - ok
    17:50:30.0590 2068 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    17:50:30.0590 2068 netprofm - ok
    17:50:30.0637 2068 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    17:50:30.0637 2068 NetTcpPortSharing - ok
    17:50:30.0668 2068 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    17:50:30.0668 2068 nfrd960 - ok
    17:50:30.0715 2068 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    17:50:30.0715 2068 NlaSvc - ok
    17:50:30.0731 2068 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    17:50:30.0746 2068 Npfs - ok
    17:50:30.0746 2068 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    17:50:30.0746 2068 nsi - ok
    17:50:30.0762 2068 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    17:50:30.0762 2068 nsiproxy - ok
    17:50:30.0840 2068 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    17:50:30.0871 2068 Ntfs - ok
    17:50:30.0918 2068 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    17:50:30.0918 2068 Null - ok
    17:50:30.0965 2068 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    17:50:30.0965 2068 nvraid - ok
    17:50:30.0980 2068 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    17:50:30.0996 2068 nvstor - ok
    17:50:31.0011 2068 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    17:50:31.0011 2068 nv_agp - ok
    17:50:31.0043 2068 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    17:50:31.0058 2068 ohci1394 - ok
    17:50:31.0074 2068 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    17:50:31.0074 2068 p2pimsvc - ok
    17:50:31.0105 2068 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    17:50:31.0121 2068 p2psvc - ok
    17:50:31.0136 2068 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    17:50:31.0136 2068 Parport - ok
    17:50:31.0152 2068 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
    17:50:31.0152 2068 partmgr - ok
    17:50:31.0183 2068 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    17:50:31.0183 2068 PcaSvc - ok
    17:50:31.0214 2068 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    17:50:31.0214 2068 pci - ok
    17:50:31.0230 2068 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    17:50:31.0230 2068 pciide - ok
    17:50:31.0245 2068 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    17:50:31.0245 2068 pcmcia - ok
    17:50:31.0261 2068 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    17:50:31.0261 2068 pcw - ok
    17:50:31.0292 2068 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    17:50:31.0308 2068 PEAUTH - ok
    17:50:31.0355 2068 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    17:50:31.0355 2068 PerfHost - ok
    17:50:31.0448 2068 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    17:50:31.0464 2068 pla - ok
    17:50:31.0511 2068 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    17:50:31.0511 2068 PlugPlay - ok
    17:50:31.0557 2068 Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll
    17:50:31.0557 2068 Pml Driver HPZ12 - ok
    17:50:31.0573 2068 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    17:50:31.0573 2068 PNRPAutoReg - ok
    17:50:31.0604 2068 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    17:50:31.0604 2068 PNRPsvc - ok
    17:50:31.0651 2068 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    17:50:31.0667 2068 PolicyAgent - ok
    17:50:31.0698 2068 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    17:50:31.0698 2068 Power - ok
    17:50:31.0745 2068 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    17:50:31.0745 2068 PptpMiniport - ok
    17:50:31.0776 2068 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    17:50:31.0776 2068 Processor - ok
    17:50:31.0807 2068 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
    17:50:31.0807 2068 ProfSvc - ok
    17:50:31.0838 2068 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:50:31.0838 2068 ProtectedStorage - ok
    17:50:31.0869 2068 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    17:50:31.0869 2068 Psched - ok
    17:50:31.0901 2068 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
    17:50:31.0901 2068 PxHlpa64 - ok
    17:50:31.0979 2068 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    17:50:31.0994 2068 ql2300 - ok
    17:50:32.0057 2068 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    17:50:32.0057 2068 ql40xx - ok
    17:50:32.0072 2068 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    17:50:32.0088 2068 QWAVE - ok
    17:50:32.0103 2068 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    17:50:32.0103 2068 QWAVEdrv - ok
    17:50:32.0103 2068 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    17:50:32.0103 2068 RasAcd - ok
    17:50:32.0135 2068 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    17:50:32.0135 2068 RasAgileVpn - ok
    17:50:32.0150 2068 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    17:50:32.0150 2068 RasAuto - ok
    17:50:32.0181 2068 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    17:50:32.0181 2068 Rasl2tp - ok
    17:50:32.0213 2068 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    17:50:32.0228 2068 RasMan - ok
    17:50:32.0244 2068 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    17:50:32.0259 2068 RasPppoe - ok
    17:50:32.0275 2068 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    17:50:32.0275 2068 RasSstp - ok
    17:50:32.0306 2068 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    17:50:32.0322 2068 rdbss - ok
    17:50:32.0337 2068 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    17:50:32.0337 2068 rdpbus - ok
    17:50:32.0353 2068 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    17:50:32.0353 2068 RDPCDD - ok
    17:50:32.0369 2068 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    17:50:32.0369 2068 RDPENCDD - ok
    17:50:32.0384 2068 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    17:50:32.0384 2068 RDPREFMP - ok
    17:50:32.0415 2068 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
    17:50:32.0415 2068 RDPWD - ok
    17:50:32.0447 2068 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    17:50:32.0462 2068 rdyboost - ok
    17:50:32.0493 2068 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    17:50:32.0493 2068 RemoteAccess - ok
    17:50:32.0525 2068 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    17:50:32.0525 2068 RemoteRegistry - ok
    17:50:32.0665 2068 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
    17:50:32.0681 2068 RoxMediaDB12OEM - ok
    17:50:32.0696 2068 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
    17:50:32.0696 2068 RoxWatch12 - ok
    17:50:32.0759 2068 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    17:50:32.0759 2068 RpcEptMapper - ok
    17:50:32.0774 2068 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    17:50:32.0774 2068 RpcLocator - ok
    17:50:32.0821 2068 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    17:50:32.0821 2068 RpcSs - ok
    17:50:32.0852 2068 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    17:50:32.0852 2068 rspndr - ok
    17:50:32.0915 2068 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
    17:50:32.0915 2068 RTL8167 - ok
    17:50:32.0946 2068 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:50:32.0946 2068 SamSs - ok
    17:50:33.0008 2068 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    17:50:33.0008 2068 SASDIFSV - ok
    17:50:33.0039 2068 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    17:50:33.0039 2068 SASKUTIL - ok
    17:50:33.0055 2068 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    17:50:33.0071 2068 sbp2port - ok
    17:50:33.0086 2068 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    17:50:33.0086 2068 SCardSvr - ok
    17:50:33.0117 2068 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    17:50:33.0117 2068 scfilter - ok
    17:50:33.0180 2068 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    17:50:33.0195 2068 Schedule - ok
    17:50:33.0211 2068 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    17:50:33.0211 2068 SCPolicySvc - ok
    17:50:33.0242 2068 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    17:50:33.0242 2068 SDRSVC - ok
    17:50:33.0289 2068 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    17:50:33.0289 2068 secdrv - ok
    17:50:33.0320 2068 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    17:50:33.0320 2068 seclogon - ok
    17:50:33.0336 2068 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
    17:50:33.0336 2068 SENS - ok
    17:50:33.0367 2068 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    17:50:33.0367 2068 SensrSvc - ok
    17:50:33.0383 2068 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    17:50:33.0398 2068 Serenum - ok
    17:50:33.0398 2068 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    17:50:33.0398 2068 Serial - ok
    17:50:33.0414 2068 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    17:50:33.0414 2068 sermouse - ok
    17:50:33.0445 2068 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    17:50:33.0445 2068 SessionEnv - ok
    17:50:33.0461 2068 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    17:50:33.0461 2068 sffdisk - ok
    17:50:33.0476 2068 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    17:50:33.0476 2068 sffp_mmc - ok
    17:50:33.0492 2068 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    17:50:33.0492 2068 sffp_sd - ok
    17:50:33.0492 2068 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    17:50:33.0492 2068 sfloppy - ok
    17:50:33.0554 2068 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    17:50:33.0570 2068 SharedAccess - ok
    17:50:33.0617 2068 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    17:50:33.0617 2068 ShellHWDetection - ok
    17:50:33.0632 2068 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    17:50:33.0632 2068 SiSRaid2 - ok
    17:50:33.0632 2068 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    17:50:33.0648 2068 SiSRaid4 - ok
    17:50:33.0648 2068 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    17:50:33.0663 2068 Smb - ok
    17:50:33.0695 2068 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    17:50:33.0695 2068 SNMPTRAP - ok
    17:50:33.0695 2068 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    17:50:33.0695 2068 spldr - ok
    17:50:33.0741 2068 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    17:50:33.0757 2068 Spooler - ok
    17:50:33.0929 2068 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    17:50:33.0944 2068 sppsvc - ok
    17:50:34.0022 2068 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    17:50:34.0022 2068 sppuinotify - ok
    17:50:34.0085 2068 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    17:50:34.0085 2068 srv - ok
    17:50:34.0116 2068 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    17:50:34.0116 2068 srv2 - ok
    17:50:34.0131 2068 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    17:50:34.0147 2068 srvnet - ok
    17:50:34.0163 2068 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    17:50:34.0163 2068 SSDPSRV - ok
    17:50:34.0178 2068 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    17:50:34.0178 2068 SstpSvc - ok
    17:50:34.0194 2068 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    17:50:34.0194 2068 stexstor - ok
    17:50:34.0241 2068 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    17:50:34.0256 2068 stisvc - ok
    17:50:34.0287 2068 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    17:50:34.0287 2068 stllssvr - ok
    17:50:34.0319 2068 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    17:50:34.0319 2068 swenum - ok
    17:50:34.0365 2068 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    17:50:34.0381 2068 swprv - ok
    17:50:34.0490 2068 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    17:50:34.0506 2068 SysMain - ok
    17:50:34.0584 2068 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    17:50:34.0599 2068 TabletInputService - ok
    17:50:34.0631 2068 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    17:50:34.0646 2068 TapiSrv - ok
    17:50:34.0662 2068 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    17:50:34.0662 2068 TBS - ok
    17:50:34.0755 2068 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
    17:50:34.0787 2068 Tcpip - ok
    17:50:34.0911 2068 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
    17:50:34.0927 2068 TCPIP6 - ok
    17:50:34.0974 2068 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    17:50:34.0974 2068 tcpipreg - ok
    17:50:35.0021 2068 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    17:50:35.0021 2068 TDPIPE - ok
    17:50:35.0036 2068 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    17:50:35.0036 2068 TDTCP - ok
    17:50:35.0067 2068 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    17:50:35.0083 2068 tdx - ok
    17:50:35.0083 2068 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    17:50:35.0083 2068 TermDD - ok
    17:50:35.0130 2068 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    17:50:35.0145 2068 TermService - ok
    17:50:35.0145 2068 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    17:50:35.0161 2068 Themes - ok
    17:50:35.0192 2068 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    17:50:35.0192 2068 THREADORDER - ok
    17:50:35.0208 2068 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    17:50:35.0208 2068 TrkWks - ok
    17:50:35.0239 2068 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    17:50:35.0239 2068 TrustedInstaller - ok
    17:50:35.0270 2068 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    17:50:35.0270 2068 tssecsrv - ok
    17:50:35.0333 2068 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    17:50:35.0333 2068 TsUsbFlt - ok
    17:50:35.0364 2068 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    17:50:35.0364 2068 tunnel - ok
    17:50:35.0364 2068 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    17:50:35.0364 2068 uagp35 - ok
    17:50:35.0411 2068 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    17:50:35.0411 2068 udfs - ok
    17:50:35.0426 2068 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    17:50:35.0426 2068 UI0Detect - ok
    17:50:35.0457 2068 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    17:50:35.0457 2068 uliagpkx - ok
    17:50:35.0489 2068 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    17:50:35.0489 2068 umbus - ok
    17:50:35.0504 2068 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    17:50:35.0504 2068 UmPass - ok
    17:50:35.0520 2068 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    17:50:35.0535 2068 upnphost - ok
    17:50:35.0551 2068 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    17:50:35.0551 2068 usbccgp - ok
    17:50:35.0598 2068 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    17:50:35.0598 2068 usbcir - ok
    17:50:35.0598 2068 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    17:50:35.0613 2068 usbehci - ok
    17:50:35.0645 2068 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    17:50:35.0645 2068 usbhub - ok
    17:50:35.0660 2068 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    17:50:35.0660 2068 usbohci - ok
    17:50:35.0676 2068 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    17:50:35.0691 2068 usbprint - ok
    17:50:35.0707 2068 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    17:50:35.0707 2068 usbscan - ok
    17:50:35.0723 2068 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    17:50:35.0723 2068 USBSTOR - ok
    17:50:35.0738 2068 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
    17:50:35.0738 2068 usbuhci - ok
    17:50:35.0754 2068 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    17:50:35.0754 2068 UxSms - ok
    17:50:35.0769 2068 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:50:35.0769 2068 VaultSvc - ok
    17:50:35.0785 2068 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    17:50:35.0785 2068 vdrvroot - ok
    17:50:35.0847 2068 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    17:50:35.0863 2068 vds - ok
    17:50:35.0879 2068 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    17:50:35.0879 2068 vga - ok
    17:50:35.0879 2068 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    17:50:35.0894 2068 VgaSave - ok
    17:50:35.0910 2068 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    17:50:35.0910 2068 vhdmp - ok
    17:50:35.0941 2068 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    17:50:35.0941 2068 viaide - ok
    17:50:35.0941 2068 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    17:50:35.0957 2068 volmgr - ok
    17:50:35.0988 2068 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    17:50:36.0003 2068 volmgrx - ok
    17:50:36.0019 2068 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    17:50:36.0019 2068 volsnap - ok
    17:50:36.0050 2068 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    17:50:36.0050 2068 vsmraid - ok
    17:50:36.0144 2068 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    17:50:36.0159 2068 VSS - ok
    17:50:36.0222 2068 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    17:50:36.0222 2068 vwifibus - ok
    17:50:36.0269 2068 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    17:50:36.0269 2068 W32Time - ok
    17:50:36.0284 2068 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    17:50:36.0300 2068 WacomPen - ok
    17:50:36.0315 2068 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    17:50:36.0315 2068 WANARP - ok
    17:50:36.0331 2068 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    17:50:36.0331 2068 Wanarpv6 - ok
    17:50:36.0409 2068 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    17:50:36.0440 2068 WatAdminSvc - ok
    17:50:36.0534 2068 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    17:50:36.0549 2068 wbengine - ok
    17:50:36.0596 2068 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    17:50:36.0596 2068 WbioSrvc - ok
    17:50:36.0643 2068 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    17:50:36.0659 2068 wcncsvc - ok
    17:50:36.0659 2068 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    17:50:36.0659 2068 WcsPlugInService - ok
    17:50:36.0674 2068 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    17:50:36.0674 2068 Wd - ok
    17:50:36.0705 2068 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    17:50:36.0721 2068 Wdf01000 - ok
    17:50:36.0737 2068 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    17:50:36.0737 2068 WdiServiceHost - ok
    17:50:36.0737 2068 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    17:50:36.0737 2068 WdiSystemHost - ok
    17:50:36.0768 2068 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    17:50:36.0783 2068 WebClient - ok
    17:50:36.0799 2068 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    17:50:36.0799 2068 Wecsvc - ok
    17:50:36.0815 2068 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    17:50:36.0815 2068 wercplsupport - ok
    17:50:36.0846 2068 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    17:50:36.0846 2068 WerSvc - ok
    17:50:36.0861 2068 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    17:50:36.0861 2068 WfpLwf - ok
    17:50:36.0893 2068 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
    17:50:36.0893 2068 WimFltr - ok
    17:50:36.0908 2068 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    17:50:36.0908 2068 WIMMount - ok
    17:50:36.0939 2068 WinDefend - ok
    17:50:36.0939 2068 WinHttpAutoProxySvc - ok
    17:50:36.0986 2068 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    17:50:36.0986 2068 Winmgmt - ok
    17:50:37.0080 2068 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    17:50:37.0111 2068 WinRM - ok
    17:50:37.0220 2068 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    17:50:37.0236 2068 Wlansvc - ok
    17:50:37.0298 2068 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    17:50:37.0298 2068 wlcrasvc - ok
    17:50:37.0423 2068 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    17:50:37.0454 2068 wlidsvc - ok
    17:50:37.0501 2068 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    17:50:37.0501 2068 WmiAcpi - ok
    17:50:37.0532 2068 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    17:50:37.0532 2068 wmiApSrv - ok
    17:50:37.0548 2068 WMPNetworkSvc - ok
    17:50:37.0563 2068 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    17:50:37.0563 2068 WPCSvc - ok
    17:50:37.0595 2068 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    17:50:37.0595 2068 WPDBusEnum - ok
    17:50:37.0626 2068 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    17:50:37.0626 2068 ws2ifsl - ok
    17:50:37.0641 2068 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
    17:50:37.0641 2068 wscsvc - ok
    17:50:37.0657 2068 WSearch - ok
    17:50:37.0766 2068 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
    17:50:37.0782 2068 wuauserv - ok
    17:50:37.0844 2068 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    17:50:37.0844 2068 WudfPf - ok
    17:50:37.0875 2068 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    17:50:37.0875 2068 WUDFRd - ok
    17:50:37.0907 2068 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    17:50:37.0907 2068 wudfsvc - ok
    17:50:37.0922 2068 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    17:50:37.0938 2068 WwanSvc - ok
    17:50:37.0953 2068 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
    17:50:38.0141 2068 \Device\Harddisk0\DR0 - ok
    17:50:38.0141 2068 Boot (0x1200) (b1dbda75056f54095d7fa1a50a31486f) \Device\Harddisk0\DR0\Partition0
    17:50:38.0141 2068 \Device\Harddisk0\DR0\Partition0 - ok
    17:50:38.0172 2068 Boot (0x1200) (b372786da8243c9e7144a8ed13e01d83) \Device\Harddisk0\DR0\Partition1
    17:50:38.0172 2068 \Device\Harddisk0\DR0\Partition1 - ok
    17:50:38.0172 2068 ================================================== ==========
    17:50:38.0172 2068 Scan finished
    17:50:38.0172 2068 ================================================== ==========
    17:50:38.0187 3804 Detected object count: 0
    17:50:38.0187 3804 Actual detected object count: 0
    And
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-06-27 17:53:02
    -----------------------------
    17:53:02.188 OS Version: Windows x64 6.1.7601 Service Pack 1
    17:53:02.188 Number of processors: 2 586 0x170A
    17:53:02.188 ComputerName: FRANCES-PC UserName: Frances
    17:53:02.921 Initialize success
    17:53:27.368 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    17:53:27.368 Disk 0 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 3
    17:53:27.383 Disk 0 MBR read successfully
    17:53:27.399 Disk 0 MBR scan
    17:53:27.399 Disk 0 Windows VISTA default MBR code
    17:53:27.399 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
    17:53:27.415 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 14142 MB offset 81920
    17:53:27.430 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 462757 MB offset 29044736
    17:53:27.446 Disk 0 scanning C:\Windows\system32\drivers
    17:53:31.486 Service scanning
    17:53:40.082 Modules scanning
    17:53:40.082 Disk 0 trace - called modules:
    17:53:40.097 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    17:53:40.113 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048f3060]
    17:53:40.113 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80044f8050]
    17:53:40.129 Scan finished successfully
    17:53:56.165 Disk 0 MBR has been saved successfully to "C:\Users\Frances\Desktop\MBR.dat"
    17:53:56.165 The log file has been saved successfully to "C:\Users\Frances\Desktop\aswMBR.txt"

  4. #24
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    71
    Posts
    4,079
    Ok, want you to uninstall a couple programs:
    Java(TM) 6 Update 24 >>>way, way, WAY out of date. You need to keep Java up to date, this is one way infections can come onto a computer, by exploiting out of date Java. DO NOT download new Java yet, I will have you do that shortly.
    Another one to uninstall is this one
    FreeFileViewer 2011. This program used the InstallIQ installer, very well known to bring in spyware, adware. Uninstall the FreeFileviewer.

    Also get a brand new copy of MBA-M.

    Uninstall it FIRST using Add/Remove and then use this cleaner from MBA-M to be sure it is totally removed.

    http://downloads.malwarebytes.org/file/mbam_clean

    When you run it then it will ask to restart your computer, please allow it to do so.

    Then download a brand new copy following these instructions:

    http://majorgeeks.com/downloadget.ph...d909666f809b26

    Save it to your desktop.

    DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
    * Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version if one is available. There are always new updates to the definitions.

    * Once the program has loaded, select Perform full scan, then choose the drive(s) then click Scan.

    You know how to use the program so do the scan, have it remove whatever found and then post back with the new log.


    Then we will try to determine where heck that McAfee might be located.

  5. #25
    Join Date
    Jun 2012
    Posts
    113
    I deleted the programs and here is the results of the Malwarebytes scan:
    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.27.13

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Frances :: FRANCES-PC [administrator]

    6/27/2012 7:48:10 PM
    mbam-log-2012-06-27 (19-48-10).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 318116
    Time elapsed: 21 minute(s), 21 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Qoobox\Quarantine\C\Windows\Installer\{e441ce7e-349f-bf8b-ecee-2afcda9520f2}\U\800000cb.@.vir (Rootkit.0Access) -> Quarantined and deleted successfully.

    (end)

  6. #26
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    71
    Posts
    4,079
    Very good. What it found was the Quarantined file from Combofix.

    Now I want you to do the following:
    Open the Start Menu.
    In the search line, type services.msc and press Enter
    If prompted, click on Continue in the UAC prompt, or provide the administrator password to approve.

    Windows services will open. It is an alphabetical list.
    You need to go through the list and look for anything related to McAfee. I am not certain how many there will be but they all will be listed together and of course would likely begin with Mc
    These are the ones you should definitely look for:
    McMPFSvc
    McNaiAnn
    McProxy
    There "could be" more besides those so be sure to scan through the list very carefully.
    On each one that you find what you need to do is Right click on the service you want to disable or start and click on Properties.
    Then when the Properties of each one opens you need to do the following:
    A) Click on the Stop button (if it shows as running) and wait a sec for the service to stop.

    B) Next to Startup type, click on the drop down menu and select Disable.

    C) Click on the Apply button.

    Do this for ALL McAfee listings you might find. Then, reboot the computer.

    Delete the original DDS scanner, you can just delete it because it isn't installed, then download a brand new copy from the earlier link I gave you and run a brand new scan with it.
    Post back with the logs.

  7. #27
    Join Date
    Jun 2012
    Posts
    113
    I have run into a problem, I found McAfee personal on the list and when I clicked on properties this is the firewall. It was already stopped but the startup type is light colored and will not let me change it. It is set on automatic.

  8. #28
    Join Date
    Jun 2012
    Posts
    113
    I found two others McciCMService and McciCMService64 both of these I was able to disable. I looked carefully down the whole list and these were the only ones that I see that begins with Mc. Still unable to change McAfee Personal.
    Last edited by the.avon.lady1; 06-29-2012 at 12:12 AM. Reason: misspelled word

  9. #29
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    71
    Posts
    4,079
    Run that McAfee tool, but run it in Safe Mode.

  10. #30
    Join Date
    Jun 2012
    Posts
    113
    Okay, I have run into another problem. Tried running the McAfee tool in Safe Mode and got a message "Incomplete Uninstallation" Error obtaining full permission for cleanup. Then a note that says to see log file and I got a note that said it was being used by another program.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •