Page 1 of 3 123 LastLast
Results 1 to 10 of 24

Thread: Smitfraud-C.generic--Help w/ removal!

  1. #1
    Junior Member
    Join Date
    Jun 2012
    Posts
    13

    Exclamation Smitfraud-C.generic--Help w/ removal!

    This virus refuses to leave my computer. I run spybot and the program claims the virus is fixed, but I can literally scan it a minute later and the Smitfraud-C.generic is back. Please help me remove this trojan from my pc permanently.

    I have Windows 7, 64 on a Dell Inspiron
    I also have Mcaffe, if that matters.

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Shelby at 18:29:50 on 2012-06-19
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4056.2186 [GMT -4:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Windows\system32\mfevtps.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    -netsvcs
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    C:\Program Files\McAfee\VirusScan\mcods.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
    mWinlogon: Userinit=userinit.exe
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120611170811.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    StartupFolder: C:\Users\Shelby\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{23ABA2C2-32B0-4CD4-A2A1-593D5A68FE43} : DhcpNameServer = 192.168.1.1
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120611170811.dll
    BHO-X64: scriptproxy - No File
    BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
    TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
    mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-9 249936]
    R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-9 249936]
    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-9 249936]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
    R3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-9 257224]
    .
    =============== Created Last 30 ================
    .
    2012-06-13 21:14:55 -------- d-----w- C:\Users\Shelby\AppData\Local\Adobe
    2012-06-11 21:56:51 20480 ----a-w- C:\Windows\svchost.exe
    2012-06-11 19:29:29 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2012-06-11 19:29:28 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2012-06-11 19:29:28 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
    2012-06-11 19:29:28 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
    2012-06-11 19:29:27 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
    2012-06-11 19:29:27 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
    2012-06-11 19:29:27 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
    2012-06-11 19:25:26 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2012-06-11 19:25:25 2566144 ----a-w- C:\Windows\System32\esent.dll
    2012-06-11 19:25:25 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
    2012-06-11 19:25:25 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
    2012-06-11 19:25:25 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
    2012-06-11 19:25:24 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
    2012-06-11 19:25:24 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
    2012-06-11 19:25:24 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
    2012-06-11 19:25:23 96768 ----a-w- C:\Windows\System32\fsutil.exe
    2012-06-11 19:25:23 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
    2012-06-11 19:25:22 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
    2012-06-11 18:55:04 -------- d-----w- C:\Windows\SysWow64\Wat
    2012-06-11 18:55:04 -------- d-----w- C:\Windows\System32\Wat
    2012-06-10 20:36:57 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
    2012-06-10 20:36:57 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
    2012-06-10 20:12:12 311808 ----a-w- C:\Windows\System32\msv1_0.dll
    2012-06-10 20:12:12 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
    2012-06-10 19:52:54 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
    2012-06-10 19:52:54 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
    2012-06-10 19:52:54 48960 ----a-w- C:\Windows\System32\netfxperf.dll
    2012-06-10 19:52:54 444752 ----a-w- C:\Windows\System32\mscoree.dll
    2012-06-10 19:52:54 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
    2012-06-10 19:52:54 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
    2012-06-10 19:52:54 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
    2012-06-10 19:52:54 1942856 ----a-w- C:\Windows\System32\dfshim.dll
    2012-06-10 19:52:54 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
    2012-06-10 19:52:54 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
    2012-06-10 19:27:45 80896 ----a-w- C:\Windows\System32\imagehlp.dll
    2012-06-10 19:27:45 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2012-06-10 19:27:45 5120 ----a-w- C:\Windows\System32\wmi.dll
    2012-06-10 19:27:45 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2012-06-10 19:27:45 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2012-06-10 19:27:45 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-06-10 19:27:45 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2012-06-10 18:55:20 -------- d-----w- C:\Windows\PCHEALTH
    2012-06-10 18:52:02 -------- d-----w- C:\Users\Shelby\AppData\Local\Microsoft Help
    2012-06-10 17:48:56 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
    2012-06-10 17:46:44 1572864 ----a-w- C:\Windows\System32\quartz.dll
    2012-06-10 17:46:44 1328640 ----a-w- C:\Windows\SysWow64\quartz.dll
    2012-06-10 17:46:43 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-06-10 17:46:43 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-06-10 17:46:31 509952 ----a-w- C:\Windows\System32\ntshrui.dll
    2012-06-10 17:46:31 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
    2012-06-10 17:46:26 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
    2012-06-10 17:46:25 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
    2012-06-10 17:46:25 2085376 ----a-w- C:\Windows\System32\ole32.dll
    2012-06-10 17:46:24 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll
    2012-06-10 17:46:00 2228224 ----a-w- C:\Windows\System32\mssrch.dll
    2012-06-10 17:44:39 422912 ----a-w- C:\Windows\System32\secproc_isv.dll
    2012-06-10 17:43:54 515584 ----a-w- C:\Windows\System32\timedate.cpl
    2012-06-10 17:42:57 52224 ----a-w- C:\Windows\System32\rtutils.dll
    2012-06-10 17:41:44 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    2012-06-10 17:40:14 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
    2012-06-10 17:40:11 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys
    2012-06-10 17:40:09 236032 ----a-w- C:\Windows\System32\srvsvc.dll
    2012-06-10 17:40:08 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
    2012-06-10 17:40:06 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
    2012-06-10 17:40:06 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe
    2012-06-10 17:40:06 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll
    2012-06-10 17:40:01 613888 ----a-w- C:\Windows\System32\psisdecd.dll
    2012-06-10 17:40:01 288256 ----a-w- C:\Windows\System32\MSNP.ax
    2012-06-10 17:40:00 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
    2012-06-10 17:40:00 108032 ----a-w- C:\Windows\System32\psisrndr.ax
    2012-06-10 17:38:59 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-06-10 17:37:55 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
    2012-06-10 17:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
    2012-06-10 17:37:54 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
    2012-06-10 17:37:53 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
    2012-06-10 17:37:53 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
    2012-06-10 17:37:44 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
    2012-06-10 17:25:41 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2012-06-10 17:25:40 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2012-06-10 17:25:37 634368 ----a-w- C:\Windows\System32\msvcrt.dll
    2012-06-10 17:25:36 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
    2012-06-10 17:25:33 112000 ----a-w- C:\Windows\System32\consent.exe
    2012-06-10 17:25:30 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
    2012-06-10 17:25:24 861184 ----a-w- C:\Windows\System32\oleaut32.dll
    2012-06-10 17:25:24 331776 ----a-w- C:\Windows\System32\oleacc.dll
    2012-06-10 17:25:23 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2012-06-10 17:25:23 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
    2012-06-10 17:25:16 723456 ----a-w- C:\Windows\System32\EncDec.dll
    2012-06-10 17:25:15 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
    2012-06-10 17:24:55 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-06-10 17:24:55 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-06-10 17:24:13 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-06-10 17:24:05 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
    2012-06-10 17:24:05 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
    2012-06-10 17:24:04 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-06-10 17:24:04 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
    2012-06-10 17:24:03 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
    2012-06-10 17:23:57 720896 ----a-w- C:\Windows\System32\odbc32.dll
    2012-06-10 17:23:56 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
    2012-06-10 17:23:56 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
    2012-06-10 17:23:55 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
    2012-06-10 17:23:55 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
    2012-06-10 17:23:55 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
    2012-06-10 17:23:54 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
    2012-06-10 17:23:53 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
    2012-06-10 17:23:53 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
    2012-06-10 17:23:53 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
    2012-06-10 17:23:34 1739160 ----a-w- C:\Windows\System32\ntdll.dll
    2012-06-10 17:23:33 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2012-06-10 17:19:56 77312 ----a-w- C:\Windows\System32\packager.dll
    2012-06-10 17:19:55 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2012-06-10 13:05:44 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
    2012-06-10 13:05:44 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
    2012-06-10 07:15:54 -------- d-----w- C:\Windows\Panther
    2012-06-10 07:15:25 -------- d-----w- C:\Windows\System32\oem
    2012-06-10 06:49:54 -------- d-----w- C:\Windows.old
    2012-06-10 03:12:00 -------- d-----w- C:\Users\Shelby\AppData\Local\Microsoft Games
    2012-06-10 02:33:09 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-10 02:33:09 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-06-10 01:29:43 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2012-06-10 01:29:43 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2012-06-10 01:17:50 -------- d-----w- C:\Program Files (x86)\McAfee.com
    2012-06-10 01:17:38 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
    2012-06-10 01:17:38 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
    2012-06-10 01:16:44 75936 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
    2012-06-10 01:16:44 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys
    2012-06-10 01:16:44 487296 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
    2012-06-10 01:16:44 289664 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
    2012-06-10 01:16:44 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
    2012-06-10 01:16:44 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
    2012-06-10 01:16:32 -------- d-----w- C:\Program Files\McAfee.com
    2012-06-10 01:16:32 -------- d-----w- C:\Program Files\McAfee
    2012-06-10 01:16:32 -------- d-----w- C:\Program Files\Common Files\McAfee
    2012-06-10 01:16:29 -------- d-----w- C:\Program Files (x86)\McAfee
    2012-06-10 01:07:34 162192 ----a-w- C:\Windows\System32\mfevtps.exe
    2012-06-10 00:35:54 -------- d-----w- C:\Users\Shelby\AppData\Local\Diagnostics
    2012-06-10 00:27:50 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7250C547-3BEC-4613-AECF-28596846A027}\mpengine.dll
    2012-06-10 00:27:49 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-06-10 00:04:13 45056 ----a-r- C:\Users\Shelby\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
    2012-06-10 00:04:12 -------- d-----w- C:\Windows\SysWow64\vmm32
    2012-06-10 00:04:12 -------- d-----w- C:\Program Files (x86)\Dell
    2012-06-10 00:03:44 -------- d-sh--w- C:\Windows\Installer
    2012-06-09 23:58:08 89088 ----a-w- C:\Windows\SysWow64\atl71.dll
    2012-06-09 23:58:08 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2012-06-09 23:58:08 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2012-06-09 23:58:08 1060864 ----a-w- C:\Windows\SysWow64\MFC71.dll
    2012-06-09 23:58:08 1047552 ----a-w- C:\Windows\SysWow64\MFC71u.dll
    2012-06-09 23:56:07 139264 ----a-w- C:\Windows\System32\cabview.dll
    2012-06-09 23:56:07 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
    2012-06-09 23:56:06 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-06-09 23:56:06 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-06-09 23:56:06 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-06-09 23:56:05 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-06-09 23:56:05 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-06-09 23:56:05 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-06-09 23:56:05 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-06-09 23:52:56 -------- d-sh--w- C:\Recovery
    .
    ==================== Find3M ====================
    .
    2012-04-02 05:34:04 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-04-02 04:46:44 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-04-02 04:46:44 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-04-02 03:01:19 3143680 ----a-w- C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 18:32:10.84 ===============
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Shelby at 18:29:50 on 2012-06-19
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4056.2186 [GMT -4:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Windows\system32\mfevtps.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    -netsvcs
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    C:\Program Files\McAfee\VirusScan\mcods.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
    mWinlogon: Userinit=userinit.exe
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120611170811.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    StartupFolder: C:\Users\Shelby\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{23ABA2C2-32B0-4CD4-A2A1-593D5A68FE43} : DhcpNameServer = 192.168.1.1
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120611170811.dll
    BHO-X64: scriptproxy - No File
    BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
    TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
    mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-9 249936]
    R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-9 249936]
    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-9 249936]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
    R3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-9 257224]
    .
    =============== Created Last 30 ================
    .
    2012-06-13 21:14:55 -------- d-----w- C:\Users\Shelby\AppData\Local\Adobe
    2012-06-11 21:56:51 20480 ----a-w- C:\Windows\svchost.exe
    2012-06-11 19:29:29 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2012-06-11 19:29:28 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2012-06-11 19:29:28 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
    2012-06-11 19:29:28 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
    2012-06-11 19:29:27 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
    2012-06-11 19:29:27 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
    2012-06-11 19:29:27 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
    2012-06-11 19:25:26 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2012-06-11 19:25:25 2566144 ----a-w- C:\Windows\System32\esent.dll
    2012-06-11 19:25:25 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
    2012-06-11 19:25:25 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
    2012-06-11 19:25:25 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
    2012-06-11 19:25:24 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
    2012-06-11 19:25:24 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
    2012-06-11 19:25:24 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
    2012-06-11 19:25:23 96768 ----a-w- C:\Windows\System32\fsutil.exe
    2012-06-11 19:25:23 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
    2012-06-11 19:25:22 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
    2012-06-11 18:55:04 -------- d-----w- C:\Windows\SysWow64\Wat
    2012-06-11 18:55:04 -------- d-----w- C:\Windows\System32\Wat
    2012-06-10 20:36:57 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
    2012-06-10 20:36:57 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
    2012-06-10 20:12:12 311808 ----a-w- C:\Windows\System32\msv1_0.dll
    2012-06-10 20:12:12 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
    2012-06-10 19:52:54 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
    2012-06-10 19:52:54 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
    2012-06-10 19:52:54 48960 ----a-w- C:\Windows\System32\netfxperf.dll
    2012-06-10 19:52:54 444752 ----a-w- C:\Windows\System32\mscoree.dll
    2012-06-10 19:52:54 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
    2012-06-10 19:52:54 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
    2012-06-10 19:52:54 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
    2012-06-10 19:52:54 1942856 ----a-w- C:\Windows\System32\dfshim.dll
    2012-06-10 19:52:54 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
    2012-06-10 19:52:54 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
    2012-06-10 19:27:45 80896 ----a-w- C:\Windows\System32\imagehlp.dll
    2012-06-10 19:27:45 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2012-06-10 19:27:45 5120 ----a-w- C:\Windows\System32\wmi.dll
    2012-06-10 19:27:45 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2012-06-10 19:27:45 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2012-06-10 19:27:45 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-06-10 19:27:45 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2012-06-10 18:55:20 -------- d-----w- C:\Windows\PCHEALTH
    2012-06-10 18:52:02 -------- d-----w- C:\Users\Shelby\AppData\Local\Microsoft Help
    2012-06-10 17:48:56 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
    2012-06-10 17:46:44 1572864 ----a-w- C:\Windows\System32\quartz.dll
    2012-06-10 17:46:44 1328640 ----a-w- C:\Windows\SysWow64\quartz.dll
    2012-06-10 17:46:43 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-06-10 17:46:43 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-06-10 17:46:31 509952 ----a-w- C:\Windows\System32\ntshrui.dll
    2012-06-10 17:46:31 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
    2012-06-10 17:46:26 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
    2012-06-10 17:46:25 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
    2012-06-10 17:46:25 2085376 ----a-w- C:\Windows\System32\ole32.dll
    2012-06-10 17:46:24 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll
    2012-06-10 17:46:00 2228224 ----a-w- C:\Windows\System32\mssrch.dll
    2012-06-10 17:44:39 422912 ----a-w- C:\Windows\System32\secproc_isv.dll
    2012-06-10 17:43:54 515584 ----a-w- C:\Windows\System32\timedate.cpl
    2012-06-10 17:42:57 52224 ----a-w- C:\Windows\System32\rtutils.dll
    2012-06-10 17:41:44 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    2012-06-10 17:40:14 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
    2012-06-10 17:40:11 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys
    2012-06-10 17:40:09 236032 ----a-w- C:\Windows\System32\srvsvc.dll
    2012-06-10 17:40:08 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
    2012-06-10 17:40:06 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
    2012-06-10 17:40:06 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe
    2012-06-10 17:40:06 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll
    2012-06-10 17:40:01 613888 ----a-w- C:\Windows\System32\psisdecd.dll
    2012-06-10 17:40:01 288256 ----a-w- C:\Windows\System32\MSNP.ax
    2012-06-10 17:40:00 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
    2012-06-10 17:40:00 108032 ----a-w- C:\Windows\System32\psisrndr.ax
    2012-06-10 17:38:59 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-06-10 17:37:55 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
    2012-06-10 17:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
    2012-06-10 17:37:54 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
    2012-06-10 17:37:53 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
    2012-06-10 17:37:53 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
    2012-06-10 17:37:44 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
    2012-06-10 17:25:41 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2012-06-10 17:25:40 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2012-06-10 17:25:37 634368 ----a-w- C:\Windows\System32\msvcrt.dll
    2012-06-10 17:25:36 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
    2012-06-10 17:25:33 112000 ----a-w- C:\Windows\System32\consent.exe
    2012-06-10 17:25:30 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
    2012-06-10 17:25:24 861184 ----a-w- C:\Windows\System32\oleaut32.dll
    2012-06-10 17:25:24 331776 ----a-w- C:\Windows\System32\oleacc.dll
    2012-06-10 17:25:23 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2012-06-10 17:25:23 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
    2012-06-10 17:25:16 723456 ----a-w- C:\Windows\System32\EncDec.dll
    2012-06-10 17:25:15 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
    2012-06-10 17:24:55 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-06-10 17:24:55 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-06-10 17:24:13 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-06-10 17:24:05 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
    2012-06-10 17:24:05 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
    2012-06-10 17:24:04 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-06-10 17:24:04 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
    2012-06-10 17:24:03 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
    2012-06-10 17:23:57 720896 ----a-w- C:\Windows\System32\odbc32.dll
    2012-06-10 17:23:56 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
    2012-06-10 17:23:56 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
    2012-06-10 17:23:55 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
    2012-06-10 17:23:55 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
    2012-06-10 17:23:55 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
    2012-06-10 17:23:54 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
    2012-06-10 17:23:53 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
    2012-06-10 17:23:53 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
    2012-06-10 17:23:53 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
    2012-06-10 17:23:34 1739160 ----a-w- C:\Windows\System32\ntdll.dll
    2012-06-10 17:23:33 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2012-06-10 17:19:56 77312 ----a-w- C:\Windows\System32\packager.dll
    2012-06-10 17:19:55 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2012-06-10 13:05:44 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
    2012-06-10 13:05:44 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
    2012-06-10 07:15:54 -------- d-----w- C:\Windows\Panther
    2012-06-10 07:15:25 -------- d-----w- C:\Windows\System32\oem
    2012-06-10 06:49:54 -------- d-----w- C:\Windows.old
    2012-06-10 03:12:00 -------- d-----w- C:\Users\Shelby\AppData\Local\Microsoft Games
    2012-06-10 02:33:09 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-10 02:33:09 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-06-10 01:29:43 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2012-06-10 01:29:43 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2012-06-10 01:17:50 -------- d-----w- C:\Program Files (x86)\McAfee.com
    2012-06-10 01:17:38 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
    2012-06-10 01:17:38 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
    2012-06-10 01:16:44 75936 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
    2012-06-10 01:16:44 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys
    2012-06-10 01:16:44 487296 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
    2012-06-10 01:16:44 289664 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
    2012-06-10 01:16:44 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
    2012-06-10 01:16:44 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
    2012-06-10 01:16:32 -------- d-----w- C:\Program Files\McAfee.com
    2012-06-10 01:16:32 -------- d-----w- C:\Program Files\McAfee
    2012-06-10 01:16:32 -------- d-----w- C:\Program Files\Common Files\McAfee
    2012-06-10 01:16:29 -------- d-----w- C:\Program Files (x86)\McAfee
    2012-06-10 01:07:34 162192 ----a-w- C:\Windows\System32\mfevtps.exe
    2012-06-10 00:35:54 -------- d-----w- C:\Users\Shelby\AppData\Local\Diagnostics
    2012-06-10 00:27:50 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7250C547-3BEC-4613-AECF-28596846A027}\mpengine.dll
    2012-06-10 00:27:49 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-06-10 00:04:13 45056 ----a-r- C:\Users\Shelby\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
    2012-06-10 00:04:12 -------- d-----w- C:\Windows\SysWow64\vmm32
    2012-06-10 00:04:12 -------- d-----w- C:\Program Files (x86)\Dell
    2012-06-10 00:03:44 -------- d-sh--w- C:\Windows\Installer
    2012-06-09 23:58:08 89088 ----a-w- C:\Windows\SysWow64\atl71.dll
    2012-06-09 23:58:08 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2012-06-09 23:58:08 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2012-06-09 23:58:08 1060864 ----a-w- C:\Windows\SysWow64\MFC71.dll
    2012-06-09 23:58:08 1047552 ----a-w- C:\Windows\SysWow64\MFC71u.dll
    2012-06-09 23:56:07 139264 ----a-w- C:\Windows\System32\cabview.dll
    2012-06-09 23:56:07 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
    2012-06-09 23:56:06 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-06-09 23:56:06 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-06-09 23:56:06 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-06-09 23:56:05 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-06-09 23:56:05 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-06-09 23:56:05 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-06-09 23:56:05 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-06-09 23:52:56 -------- d-sh--w- C:\Recovery
    .
    ==================== Find3M ====================
    .
    2012-04-02 05:34:04 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-04-02 04:46:44 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-04-02 04:46:44 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-04-02 03:01:19 3143680 ----a-w- C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 18:32:10.84 ===============



    I have the other DDS log also; if it is needed.

    Thanks for your help in advance!
    Last edited by tashi; 2012-06-20 at 08:19. Reason: Moved from Spybot-S&D support as DDS log posted.

  2. #2
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Download aswMBR to your desktop. Double click the aswMBR.exe to run it
    Click the Scan button to start scan

    On completion of the scan click save log, save it to your desktop and post in your next reply. Post attach.txt contents of DDS too.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Junior Member
    Join Date
    Jun 2012
    Posts
    13

    Smile

    Thanks for the speedy reply!

    Here is the AVAST scan:

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-06-20 12:02:08
    -----------------------------
    12:02:08.978 OS Version: Windows x64 6.1.7600
    12:02:08.978 Number of processors: 2 586 0x170A
    12:02:08.978 ComputerName: SHELBY-PC UserName: Shelby
    12:02:16.432 Initialize success
    12:05:57.992 AVAST engine defs: 12062001
    12:13:09.485 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    12:13:09.485 Disk 0 Vendor: SAMSUNG_HM250HI 2AC101C4 Size: 238475MB BusType: 11
    12:13:09.495 Device \Driver\atapi -> MajorFunction fffffa80049e55e8
    12:13:09.495 Disk 0 MBR read successfully
    12:13:09.495 Disk 0 MBR scan
    12:13:09.555 Disk 0 Windows 7 default MBR code
    12:13:09.555 Disk 0 MBR hidden
    12:13:09.575 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
    12:13:09.585 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
    12:13:09.605 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 223434 MB offset 30801920
    12:13:09.645 Disk 0 scanning C:\Windows\system32\drivers
    12:13:18.807 Service scanning
    12:13:45.525 Modules scanning
    12:13:45.535 Disk 0 trace - called modules:
    12:13:45.535 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80049e55e8]<<
    12:13:45.545 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800449c060]
    12:13:45.555 3 CLASSPNP.SYS[fffff880019aa43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80040fd1f0]
    12:13:45.565 \Driver\atapi[0xfffffa80049e0550] -> IRP_MJ_CREATE -> 0xfffffa80049e55e8
    12:13:51.357 AVAST engine scan C:\Windows
    12:13:54.169 AVAST engine scan C:\Windows\system32
    12:18:05.778 AVAST engine scan C:\Windows\system32\drivers
    12:18:18.390 AVAST engine scan C:\Users\Shelby
    12:19:18.360 Disk 0 MBR has been saved successfully to "C:\Users\Shelby\Desktop\MBR.dat"
    12:19:18.442 The log file has been saved successfully to "C:\Users\Shelby\Desktop\aswMBR.txt"


    I am assuming that this is what you need DDS wise, but if not I can do another scan.

    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 6/9/2012 7:53:05 PM
    System Uptime: 6/19/2012 5:48:59 PM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0G848F
    Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz | Microprocessor | 2100/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 218 GiB total, 139.151 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP9: 6/11/2012 9:39:41 PM - Windows Update
    RP10: 6/13/2012 3:13:23 PM - Windows Update
    RP11: 6/14/2012 12:11:30 PM - Windows Update
    RP12: 6/15/2012 10:24:29 AM - Windows Update
    RP13: 6/17/2012 4:48:41 PM - Windows Update
    RP14: 6/17/2012 5:39:52 PM - Windows Update
    RP15: 6/17/2012 7:29:00 PM - Windows Update
    RP16: 6/17/2012 7:57:02 PM - Windows Update
    RP17: 6/17/2012 8:33:52 PM - Windows Update
    RP18: 6/17/2012 10:29:34 PM - Windows Update
    RP19: 6/19/2012 4:43:23 PM - Windows Update
    RP20: 6/19/2012 5:57:08 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe Flash Player 11 ActiveX
    Dell Resource CD
    ERUNT 1.1j
    McAfee SecurityCenter
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    PowerDVD DX
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Spybot - Search & Destroy
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/19/2012 6:16:30 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2709715).
    6/19/2012 5:51:34 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
    6/19/2012 5:51:25 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    6/19/2012 5:49:51 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147014847
    6/19/2012 5:49:46 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
    6/19/2012 5:35:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    6/19/2012 5:28:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
    6/19/2012 5:24:34 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    6/19/2012 5:24:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    6/19/2012 5:24:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    6/19/2012 5:24:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    6/19/2012 5:24:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    6/19/2012 5:24:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    6/19/2012 5:24:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    6/19/2012 5:24:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mfehidk mfenlfk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
    6/19/2012 5:24:05 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
    6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
    6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    6/19/2012 5:24:04 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    6/19/2012 5:24:02 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000044ab, 0x0000000000000002, 0x0000000000000001, 0xfffff80002a53995). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 061912-25240-01.
    6/19/2012 5:21:02 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x000000007fefed85, 0x0000000000000002, 0x0000000000000001, 0xfffff80002a53995). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 061912-25740-01.
    6/19/2012 4:39:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
    6/17/2012 7:48:59 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
    6/17/2012 7:48:59 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/17/2012 7:48:24 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x0000000000000020, 0xfffffa80036929b0, 0xfffffa8003692a30, 0x0000000004080001). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 061712-48937-01.
    6/17/2012 4:55:03 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002dc4fea, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 061712-57517-01.
    6/15/2012 6:36:53 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer CYNTHIA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{23ABA2C2-32B0-4CD4-A2A1-593D5A68FE43}. The master browser is stopping or an election is being forced.
    6/15/2012 10:41:43 AM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    6/15/2012 10:41:43 AM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    6/15/2012 10:41:43 AM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
    6/15/2012 10:41:43 AM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
    .
    ==== End Of File ===========================


    Thanks again for all of your help!

  4. #4
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Yes, that was attach.txt log from DDS. Let's continue


    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    Please ensure you read this guide carefully first.

    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.


    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New dds log.


    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  5. #5
    Junior Member
    Join Date
    Jun 2012
    Posts
    13

    Default

    Unfortunately, we have run into our first bump in the road. I have ran the combofix 3 times now, once as an administrator. Each time, my computer turns off and reloads, I sign in, and then the program says to wait until the log is produced. However, my computer always crashes (blue screen of death) before I can copy down a log to send to you. Any suggestions?...

    Thanks again.

  6. #6
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default Let's try something else

    Hi,

    1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
    2. Execute the file TDSSKiller.exe.
    3. Click Start Scan. If threats are found, select skip and click Continue (tool may prompt for a reboot).
    4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  7. #7
    Junior Member
    Join Date
    Jun 2012
    Posts
    13

    Default I think this is the log...

    11:21:47.0396 3476 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
    11:21:48.0511 3476 ============================================================
    11:21:48.0511 3476 Current date / time: 2012/06/21 11:21:48.0511
    11:21:48.0511 3476 SystemInfo:
    11:21:48.0511 3476
    11:21:48.0511 3476 OS Version: 6.1.7600 ServicePack: 0.0
    11:21:48.0511 3476 Product type: Workstation
    11:21:48.0511 3476 ComputerName: SHELBY-PC
    11:21:48.0511 3476 UserName: Shelby
    11:21:48.0511 3476 Windows directory: C:\Windows
    11:21:48.0511 3476 System windows directory: C:\Windows
    11:21:48.0511 3476 Running under WOW64
    11:21:48.0511 3476 Processor architecture: Intel x64
    11:21:48.0511 3476 Number of processors: 2
    11:21:48.0511 3476 Page size: 0x1000
    11:21:48.0511 3476 Boot type: Normal boot
    11:21:48.0512 3476 ============================================================
    11:21:51.0030 3476 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    11:21:51.0050 3476 ============================================================
    11:21:51.0050 3476 \Device\Harddisk0\DR0:
    11:21:51.0050 3476 MBR partitions:
    11:21:51.0050 3476 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
    11:21:51.0050 3476 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B465170
    11:21:51.0050 3476 ============================================================
    11:21:51.0410 3476 C: <-> \Device\Harddisk0\DR0\Partition1
    11:21:51.0410 3476 ============================================================
    11:21:51.0410 3476 Initialize success
    11:21:51.0410 3476 ============================================================
    11:21:53.0814 3668 ============================================================
    11:21:53.0814 3668 Scan started
    11:21:53.0814 3668 Mode: Manual;
    11:21:53.0814 3668 ============================================================
    11:21:58.0240 3668 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
    11:21:58.0240 3668 1394ohci - ok
    11:21:58.0300 3668 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    11:21:58.0300 3668 ACPI - ok
    11:21:58.0360 3668 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    11:21:58.0370 3668 AcpiPmi - ok
    11:21:58.0690 3668 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    11:21:58.0757 3668 AdobeFlashPlayerUpdateSvc - ok
    11:21:58.0832 3668 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    11:21:58.0842 3668 adp94xx - ok
    11:21:58.0902 3668 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    11:21:58.0922 3668 adpahci - ok
    11:21:58.0960 3668 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    11:21:58.0969 3668 adpu320 - ok
    11:21:59.0034 3668 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    11:21:59.0034 3668 AeLookupSvc - ok
    11:21:59.0134 3668 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
    11:21:59.0144 3668 AFD - ok
    11:21:59.0204 3668 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    11:21:59.0204 3668 agp440 - ok
    11:21:59.0244 3668 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    11:21:59.0244 3668 ALG - ok
    11:21:59.0274 3668 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    11:21:59.0274 3668 aliide - ok
    11:21:59.0284 3668 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    11:21:59.0294 3668 amdide - ok
    11:21:59.0334 3668 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    11:21:59.0344 3668 AmdK8 - ok
    11:21:59.0344 3668 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    11:21:59.0354 3668 AmdPPM - ok
    11:21:59.0426 3668 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
    11:21:59.0488 3668 amdsata - ok
    11:21:59.0501 3668 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    11:21:59.0508 3668 amdsbs - ok
    11:21:59.0588 3668 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
    11:21:59.0644 3668 amdxata - ok
    11:21:59.0700 3668 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    11:21:59.0700 3668 AppID - ok
    11:21:59.0740 3668 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    11:21:59.0740 3668 AppIDSvc - ok
    11:21:59.0750 3668 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
    11:21:59.0760 3668 Appinfo - ok
    11:21:59.0780 3668 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    11:21:59.0790 3668 arc - ok
    11:21:59.0800 3668 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    11:21:59.0810 3668 arcsas - ok
    11:21:59.0820 3668 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    11:21:59.0830 3668 AsyncMac - ok
    11:21:59.0830 3668 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    11:21:59.0830 3668 atapi - ok
    11:21:59.0892 3668 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
    11:21:59.0912 3668 AudioEndpointBuilder - ok
    11:21:59.0922 3668 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
    11:21:59.0932 3668 AudioSrv - ok
    11:22:00.0004 3668 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
    11:22:00.0014 3668 AxInstSV - ok
    11:22:00.0084 3668 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    11:22:00.0104 3668 b06bdrv - ok
    11:22:00.0166 3668 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    11:22:00.0176 3668 b57nd60a - ok
    11:22:00.0318 3668 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
    11:22:00.0328 3668 BCM43XX - ok
    11:22:00.0380 3668 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    11:22:00.0390 3668 BDESVC - ok
    11:22:00.0600 3668 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    11:22:00.0610 3668 Beep - ok
    11:22:00.0712 3668 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
    11:22:00.0722 3668 BFE - ok
    11:22:00.0832 3668 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
    11:22:00.0851 3668 BITS - ok
    11:22:01.0024 3668 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    11:22:01.0034 3668 blbdrive - ok
    11:22:01.0114 3668 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
    11:22:01.0168 3668 bowser - ok
    11:22:01.0175 3668 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    11:22:01.0183 3668 BrFiltLo - ok
    11:22:01.0197 3668 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    11:22:01.0204 3668 BrFiltUp - ok
    11:22:01.0235 3668 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
    11:22:01.0242 3668 BridgeMP - ok
    11:22:01.0276 3668 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
    11:22:01.0292 3668 Browser - ok
    11:22:01.0314 3668 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    11:22:01.0325 3668 Brserid - ok
    11:22:01.0368 3668 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    11:22:01.0378 3668 BrSerWdm - ok
    11:22:01.0398 3668 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    11:22:01.0398 3668 BrUsbMdm - ok
    11:22:01.0408 3668 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    11:22:01.0408 3668 BrUsbSer - ok
    11:22:01.0418 3668 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    11:22:01.0418 3668 BTHMODEM - ok
    11:22:01.0520 3668 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    11:22:01.0520 3668 bthserv - ok
    11:22:01.0712 3668 catchme - ok
    11:22:01.0782 3668 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    11:22:01.0782 3668 cdfs - ok
    11:22:01.0822 3668 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    11:22:01.0832 3668 cdrom - ok
    11:22:01.0912 3668 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
    11:22:01.0922 3668 CertPropSvc - ok
    11:22:01.0972 3668 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys
    11:22:02.0022 3668 cfwids - ok
    11:22:02.0074 3668 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    11:22:02.0084 3668 circlass - ok
    11:22:02.0124 3668 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    11:22:02.0124 3668 CLFS - ok
    11:22:02.0364 3668 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    11:22:02.0364 3668 clr_optimization_v2.0.50727_32 - ok
    11:22:02.0584 3668 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    11:22:02.0594 3668 clr_optimization_v2.0.50727_64 - ok
    11:22:02.0986 3668 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    11:22:03.0049 3668 clr_optimization_v4.0.30319_32 - ok
    11:22:03.0188 3668 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    11:22:03.0257 3668 clr_optimization_v4.0.30319_64 - ok
    11:22:03.0325 3668 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    11:22:03.0335 3668 CmBatt - ok
    11:22:03.0335 3668 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    11:22:03.0345 3668 cmdide - ok
    11:22:03.0415 3668 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
    11:22:03.0465 3668 CNG - ok
    11:22:03.0547 3668 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    11:22:03.0557 3668 Compbatt - ok
    11:22:03.0597 3668 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    11:22:03.0597 3668 CompositeBus - ok
    11:22:03.0607 3668 COMSysApp - ok
    11:22:03.0617 3668 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    11:22:03.0627 3668 crcdisk - ok
    11:22:03.0689 3668 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
    11:22:03.0729 3668 CryptSvc - ok
    11:22:03.0811 3668 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
    11:22:03.0811 3668 DcomLaunch - ok
    11:22:03.0891 3668 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    11:22:03.0901 3668 defragsvc - ok
    11:22:03.0981 3668 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
    11:22:04.0043 3668 DfsC - ok
    11:22:04.0153 3668 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
    11:22:04.0163 3668 Dhcp - ok
    11:22:04.0223 3668 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    11:22:04.0223 3668 discache - ok
    11:22:04.0313 3668 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    11:22:04.0323 3668 Disk - ok
    11:22:04.0373 3668 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
    11:22:04.0425 3668 Dnscache - ok
    11:22:04.0503 3668 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
    11:22:04.0533 3668 dot3svc - ok
    11:22:04.0553 3668 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
    11:22:04.0570 3668 DPS - ok
    11:22:04.0645 3668 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    11:22:04.0645 3668 drmkaud - ok
    11:22:04.0745 3668 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
    11:22:04.0828 3668 DXGKrnl - ok
    11:22:04.0867 3668 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    11:22:04.0877 3668 EapHost - ok
    11:22:05.0927 3668 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    11:22:06.0097 3668 ebdrv - ok
    11:22:06.0497 3668 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
    11:22:06.0561 3668 EFS - ok
    11:22:06.0749 3668 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
    11:22:06.0816 3668 ehRecvr - ok
    11:22:06.0851 3668 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    11:22:06.0851 3668 ehSched - ok
    11:22:07.0041 3668 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    11:22:07.0051 3668 elxstor - ok
    11:22:07.0051 3668 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    11:22:07.0071 3668 ErrDev - ok
    11:22:07.0133 3668 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    11:22:07.0143 3668 EventSystem - ok
    11:22:07.0183 3668 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    11:22:07.0193 3668 exfat - ok
    11:22:07.0203 3668 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    11:22:07.0213 3668 fastfat - ok
    11:22:07.0283 3668 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
    11:22:07.0303 3668 Fax - ok
    11:22:07.0303 3668 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    11:22:07.0313 3668 fdc - ok
    11:22:07.0343 3668 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    11:22:07.0353 3668 fdPHost - ok
    11:22:07.0353 3668 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    11:22:07.0363 3668 FDResPub - ok
    11:22:07.0373 3668 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    11:22:07.0373 3668 FileInfo - ok
    11:22:07.0413 3668 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    11:22:07.0423 3668 Filetrace - ok
    11:22:07.0433 3668 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    11:22:07.0443 3668 flpydisk - ok
    11:22:07.0473 3668 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    11:22:07.0483 3668 FltMgr - ok
    11:22:07.0630 3668 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
    11:22:07.0740 3668 FontCache - ok
    11:22:07.0863 3668 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    11:22:07.0873 3668 FontCache3.0.0.0 - ok
    11:22:08.0023 3668 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    11:22:08.0033 3668 FsDepends - ok
    11:22:08.0183 3668 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
    11:22:08.0274 3668 Fs_Rec - ok
    11:22:08.0445 3668 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
    11:22:08.0445 3668 fvevol - ok
    11:22:08.0475 3668 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    11:22:08.0485 3668 gagp30kx - ok
    11:22:08.0575 3668 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
    11:22:08.0585 3668 gpsvc - ok
    11:22:08.0645 3668 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    11:22:08.0645 3668 hcw85cir - ok
    11:22:08.0725 3668 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    11:22:08.0735 3668 HdAudAddService - ok
    11:22:08.0765 3668 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    11:22:08.0765 3668 HDAudBus - ok
    11:22:08.0775 3668 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    11:22:08.0785 3668 HidBatt - ok
    11:22:08.0795 3668 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    11:22:08.0805 3668 HidBth - ok
    11:22:08.0855 3668 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    11:22:08.0855 3668 HidIr - ok
    11:22:08.0905 3668 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
    11:22:08.0905 3668 hidserv - ok
    11:22:08.0935 3668 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    11:22:08.0935 3668 HidUsb - ok
    11:22:08.0955 3668 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
    11:22:08.0965 3668 hkmsvc - ok
    11:22:08.0995 3668 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
    11:22:09.0005 3668 HomeGroupListener - ok
    11:22:09.0075 3668 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
    11:22:09.0075 3668 HomeGroupProvider - ok
    11:22:09.0115 3668 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    11:22:09.0125 3668 HpSAMD - ok
    11:22:09.0185 3668 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    11:22:09.0195 3668 HTTP - ok
    11:22:09.0205 3668 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    11:22:09.0205 3668 hwpolicy - ok
    11:22:09.0305 3668 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    11:22:09.0315 3668 i8042prt - ok
    11:22:09.0385 3668 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
    11:22:09.0450 3668 iaStorV - ok
    11:22:09.0727 3668 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    11:22:09.0747 3668 idsvc - ok
    11:22:10.0127 3668 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
    11:22:10.0269 3668 igfx - ok
    11:22:10.0841 3668 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    11:22:10.0841 3668 iirsp - ok
    11:22:10.0933 3668 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
    11:22:10.0953 3668 IKEEXT - ok
    11:22:11.0013 3668 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    11:22:11.0013 3668 intelide - ok
    11:22:11.0053 3668 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    11:22:11.0053 3668 intelppm - ok
    11:22:11.0113 3668 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    11:22:11.0123 3668 IPBusEnum - ok
    11:22:11.0133 3668 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    11:22:11.0143 3668 IpFilterDriver - ok
    11:22:11.0193 3668 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
    11:22:11.0213 3668 iphlpsvc - ok
    11:22:11.0223 3668 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    11:22:11.0233 3668 IPMIDRV - ok
    11:22:11.0303 3668 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    11:22:11.0313 3668 IPNAT - ok
    11:22:11.0353 3668 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    11:22:11.0363 3668 IRENUM - ok
    11:22:11.0373 3668 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    11:22:11.0373 3668 isapnp - ok
    11:22:11.0403 3668 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    11:22:11.0413 3668 iScsiPrt - ok
    11:22:11.0443 3668 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    11:22:11.0453 3668 kbdclass - ok
    11:22:11.0463 3668 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    11:22:11.0463 3668 kbdhid - ok
    11:22:11.0513 3668 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    11:22:11.0513 3668 KeyIso - ok
    11:22:11.0563 3668 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
    11:22:11.0603 3668 KSecDD - ok
    11:22:11.0646 3668 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
    11:22:11.0704 3668 KSecPkg - ok
    11:22:11.0757 3668 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    11:22:11.0767 3668 ksthunk - ok
    11:22:11.0847 3668 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    11:22:11.0857 3668 KtmRm - ok
    11:22:11.0927 3668 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
    11:22:11.0977 3668 LanmanServer - ok
    11:22:12.0009 3668 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
    11:22:12.0019 3668 LanmanWorkstation - ok
    11:22:12.0089 3668 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    11:22:12.0089 3668 lltdio - ok
    11:22:12.0189 3668 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    11:22:12.0199 3668 lltdsvc - ok
    11:22:12.0219 3668 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    11:22:12.0219 3668 lmhosts - ok
    11:22:12.0269 3668 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    11:22:12.0279 3668 LSI_FC - ok
    11:22:12.0289 3668 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    11:22:12.0289 3668 LSI_SAS - ok
    11:22:12.0309 3668 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    11:22:12.0309 3668 LSI_SAS2 - ok
    11:22:12.0329 3668 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    11:22:12.0339 3668 LSI_SCSI - ok
    11:22:12.0349 3668 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    11:22:12.0359 3668 luafv - ok
    11:22:12.0529 3668 McAfee SiteAdvisor Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    11:22:12.0529 3668 McAfee SiteAdvisor Service - ok
    11:22:12.0539 3668 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    11:22:12.0549 3668 McMPFSvc - ok
    11:22:12.0579 3668 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    11:22:12.0579 3668 mcmscsvc - ok
    11:22:12.0599 3668 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    11:22:12.0599 3668 McNaiAnn - ok
    11:22:12.0609 3668 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    11:22:12.0619 3668 McNASvc - ok
    11:22:12.0811 3668 McODS (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\McAfee\VirusScan\mcods.exe
    11:22:12.0882 3668 McODS - ok
    11:22:12.0888 3668 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    11:22:12.0891 3668 McProxy - ok
    11:22:12.0983 3668 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    11:22:13.0037 3668 McShield - ok
    11:22:13.0075 3668 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
    11:22:13.0075 3668 Mcx2Svc - ok
    11:22:13.0115 3668 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    11:22:13.0121 3668 megasas - ok
    11:22:13.0137 3668 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    11:22:13.0147 3668 MegaSR - ok
    11:22:13.0207 3668 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys
    11:22:13.0262 3668 mfeapfk - ok
    11:22:13.0359 3668 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys
    11:22:13.0415 3668 mfeavfk - ok
    11:22:13.0531 3668 mfeavfk01 - ok
    11:22:13.0581 3668 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    11:22:13.0645 3668 mfefire - ok
    11:22:13.0743 3668 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys
    11:22:13.0810 3668 mfefirek - ok
    11:22:13.0895 3668 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys
    11:22:13.0969 3668 mfehidk - ok
    11:22:13.0997 3668 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys
    11:22:14.0054 3668 mfenlfk - ok
    11:22:14.0109 3668 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys
    11:22:14.0166 3668 mferkdet - ok
    11:22:14.0211 3668 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe
    11:22:14.0273 3668 mfevtp - ok
    11:22:14.0323 3668 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys
    11:22:14.0391 3668 mfewfpk - ok
    11:22:14.0435 3668 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    11:22:14.0435 3668 MMCSS - ok
    11:22:14.0495 3668 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    11:22:14.0495 3668 Modem - ok
    11:22:14.0535 3668 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    11:22:14.0535 3668 monitor - ok
    11:22:14.0555 3668 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    11:22:14.0565 3668 mouclass - ok
    11:22:14.0575 3668 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    11:22:14.0585 3668 mouhid - ok
    11:22:14.0585 3668 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    11:22:14.0595 3668 mountmgr - ok
    11:22:14.0636 3668 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    11:22:14.0642 3668 mpio - ok
    11:22:14.0647 3668 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    11:22:14.0657 3668 mpsdrv - ok
    11:22:14.0727 3668 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
    11:22:14.0747 3668 MpsSvc - ok
    11:22:14.0777 3668 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    11:22:14.0787 3668 MRxDAV - ok
    11:22:14.0827 3668 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    11:22:14.0884 3668 mrxsmb - ok
    11:22:14.0939 3668 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    11:22:14.0997 3668 mrxsmb10 - ok
    11:22:15.0041 3668 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    11:22:15.0096 3668 mrxsmb20 - ok
    11:22:15.0133 3668 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
    11:22:15.0133 3668 msahci - ok
    11:22:15.0143 3668 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    11:22:15.0153 3668 msdsm - ok
    11:22:15.0213 3668 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    11:22:15.0213 3668 MSDTC - ok
    11:22:15.0243 3668 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    11:22:15.0243 3668 Msfs - ok
    11:22:15.0263 3668 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    11:22:15.0263 3668 mshidkmdf - ok
    11:22:15.0273 3668 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    11:22:15.0273 3668 msisadrv - ok
    11:22:15.0323 3668 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    11:22:15.0333 3668 MSiSCSI - ok
    11:22:15.0333 3668 msiserver - ok
    11:22:15.0485 3668 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    11:22:15.0485 3668 MSK80Service - ok
    11:22:15.0545 3668 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    11:22:15.0545 3668 MSKSSRV - ok
    11:22:15.0565 3668 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    11:22:15.0575 3668 MSPCLOCK - ok
    11:22:15.0585 3668 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    11:22:15.0585 3668 MSPQM - ok
    11:22:15.0635 3668 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    11:22:15.0645 3668 MsRPC - ok
    11:22:15.0655 3668 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    11:22:15.0655 3668 mssmbios - ok
    11:22:15.0655 3668 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    11:22:15.0665 3668 MSTEE - ok
    11:22:15.0665 3668 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    11:22:15.0675 3668 MTConfig - ok
    11:22:15.0712 3668 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    11:22:15.0717 3668 Mup - ok
    11:22:15.0837 3668 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
    11:22:15.0837 3668 napagent - ok
    11:22:15.0927 3668 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    11:22:15.0937 3668 NativeWifiP - ok
    11:22:16.0037 3668 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    11:22:16.0047 3668 NDIS - ok
    11:22:16.0097 3668 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    11:22:16.0097 3668 NdisCap - ok
    11:22:16.0117 3668 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    11:22:16.0127 3668 NdisTapi - ok
    11:22:16.0147 3668 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    11:22:16.0147 3668 Ndisuio - ok
    11:22:16.0167 3668 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    11:22:16.0167 3668 NdisWan - ok
    11:22:16.0187 3668 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    11:22:16.0187 3668 NDProxy - ok
    11:22:16.0197 3668 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    11:22:16.0207 3668 NetBIOS - ok
    11:22:16.0217 3668 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    11:22:16.0217 3668 NetBT - ok
    11:22:16.0267 3668 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    11:22:16.0267 3668 Netlogon - ok
    11:22:16.0357 3668 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    11:22:16.0367 3668 Netman - ok
    11:22:16.0397 3668 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    11:22:16.0407 3668 netprofm - ok
    11:22:16.0587 3668 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    11:22:16.0597 3668 NetTcpPortSharing - ok
    11:22:16.0637 3668 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    11:22:16.0647 3668 nfrd960 - ok
    11:22:16.0727 3668 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
    11:22:16.0727 3668 NlaSvc - ok
    11:22:16.0737 3668 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    11:22:16.0747 3668 Npfs - ok
    11:22:16.0767 3668 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    11:22:16.0777 3668 nsi - ok
    11:22:16.0777 3668 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    11:22:16.0787 3668 nsiproxy - ok
    11:22:16.0937 3668 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
    11:22:17.0007 3668 Ntfs - ok
    11:22:17.0537 3668 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    11:22:17.0547 3668 Null - ok
    11:22:17.0627 3668 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
    11:22:17.0677 3668 nvraid - ok
    11:22:17.0737 3668 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
    11:22:17.0787 3668 nvstor - ok
    11:22:17.0849 3668 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    11:22:17.0859 3668 nv_agp - ok
    11:22:18.0079 3668 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    11:22:18.0149 3668 odserv - ok
    11:22:18.0181 3668 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    11:22:18.0191 3668 ohci1394 - ok
    11:22:18.0321 3668 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    11:22:18.0383 3668 ose - ok
    11:22:18.0454 3668 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    11:22:18.0464 3668 p2pimsvc - ok
    11:22:18.0494 3668 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    11:22:18.0504 3668 p2psvc - ok
    11:22:18.0784 3668 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    11:22:18.0794 3668 Parport - ok
    11:22:18.0824 3668 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
    11:22:18.0886 3668 partmgr - ok
    11:22:18.0900 3668 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    11:22:18.0906 3668 PcaSvc - ok
    11:22:18.0926 3668 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    11:22:18.0936 3668 pci - ok
    11:22:18.0946 3668 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    11:22:18.0956 3668 pciide - ok
    11:22:18.0976 3668 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    11:22:18.0976 3668 pcmcia - ok
    11:22:18.0996 3668 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    11:22:18.0996 3668 pcw - ok
    11:22:19.0036 3668 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    11:22:19.0046 3668 PEAUTH - ok
    11:22:19.0336 3668 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    11:22:19.0346 3668 PerfHost - ok
    11:22:19.0488 3668 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
    11:22:19.0518 3668 pla - ok
    11:22:19.0598 3668 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
    11:22:19.0638 3668 PlugPlay - ok
    11:22:19.0690 3668 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    11:22:19.0700 3668 PNRPAutoReg - ok
    11:22:19.0720 3668 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    11:22:19.0720 3668 PNRPsvc - ok
    11:22:19.0790 3668 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
    11:22:19.0810 3668 PolicyAgent - ok
    11:22:19.0880 3668 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    11:22:19.0890 3668 Power - ok
    11:22:20.0060 3668 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    11:22:20.0070 3668 PptpMiniport - ok
    11:22:20.0090 3668 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    11:22:20.0090 3668 Processor - ok
    11:22:20.0130 3668 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
    11:22:20.0170 3668 ProfSvc - ok
    11:22:20.0210 3668 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    11:22:20.0210 3668 ProtectedStorage - ok
    11:22:20.0290 3668 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    11:22:20.0290 3668 Psched - ok
    11:22:20.0420 3668 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    11:22:20.0440 3668 ql2300 - ok
    11:22:21.0030 3668 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    11:22:21.0040 3668 ql40xx - ok
    11:22:21.0090 3668 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    11:22:21.0100 3668 QWAVE - ok
    11:22:21.0110 3668 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    11:22:21.0110 3668 QWAVEdrv - ok
    11:22:21.0120 3668 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    11:22:21.0130 3668 RasAcd - ok
    11:22:21.0230 3668 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    11:22:21.0230 3668 RasAgileVpn - ok
    11:22:21.0260 3668 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    11:22:21.0270 3668 RasAuto - ok
    11:22:21.0300 3668 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    11:22:21.0310 3668 Rasl2tp - ok
    11:22:21.0350 3668 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
    11:22:21.0360 3668 RasMan - ok
    11:22:21.0370 3668 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    11:22:21.0380 3668 RasPppoe - ok
    11:22:21.0430 3668 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    11:22:21.0440 3668 RasSstp - ok
    11:22:21.0480 3668 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    11:22:21.0490 3668 rdbss - ok
    11:22:21.0500 3668 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    11:22:21.0500 3668 rdpbus - ok
    11:22:21.0510 3668 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    11:22:21.0510 3668 RDPCDD - ok
    11:22:21.0540 3668 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    11:22:21.0540 3668 RDPENCDD - ok
    11:22:21.0550 3668 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    11:22:21.0550 3668 RDPREFMP - ok
    11:22:21.0610 3668 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
    11:22:21.0660 3668 RDPWD - ok
    11:22:21.0712 3668 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    11:22:21.0722 3668 rdyboost - ok
    11:22:21.0792 3668 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    11:22:21.0802 3668 RemoteAccess - ok
    11:22:21.0862 3668 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    11:22:21.0862 3668 RemoteRegistry - ok
    11:22:21.0922 3668 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    11:22:21.0932 3668 RpcEptMapper - ok
    11:22:21.0982 3668 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    11:22:21.0992 3668 RpcLocator - ok
    11:22:22.0032 3668 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
    11:22:22.0032 3668 RpcSs - ok
    11:22:22.0072 3668 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    11:22:22.0082 3668 rspndr - ok
    11:22:22.0112 3668 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    11:22:22.0112 3668 SamSs - ok
    11:22:22.0122 3668 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    11:22:22.0132 3668 sbp2port - ok
    11:22:22.0312 3668 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    11:22:22.0412 3668 SBSDWSCService - ok
    11:22:22.0462 3668 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    11:22:22.0472 3668 SCardSvr - ok
    11:22:22.0622 3668 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    11:22:22.0622 3668 scfilter - ok
    11:22:22.0722 3668 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
    11:22:22.0783 3668 Schedule - ok
    11:22:22.0824 3668 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
    11:22:22.0824 3668 SCPolicySvc - ok
    11:22:22.0884 3668 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
    11:22:22.0893 3668 SDRSVC - ok
    11:22:23.0096 3668 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    11:22:23.0096 3668 secdrv - ok
    11:22:23.0126 3668 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
    11:22:23.0136 3668 seclogon - ok
    11:22:23.0186 3668 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
    11:22:23.0186 3668 SENS - ok
    11:22:23.0216 3668 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    11:22:23.0226 3668 SensrSvc - ok
    11:22:23.0236 3668 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    11:22:23.0236 3668 Serenum - ok
    11:22:23.0286 3668 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    11:22:23.0296 3668 Serial - ok
    11:22:23.0296 3668 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    11:22:23.0306 3668 sermouse - ok
    11:22:23.0352 3668 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
    11:22:23.0358 3668 SessionEnv - ok
    11:22:23.0358 3668 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    11:22:23.0368 3668 sffdisk - ok
    11:22:23.0378 3668 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    11:22:23.0378 3668 sffp_mmc - ok
    11:22:23.0388 3668 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
    11:22:23.0398 3668 sffp_sd - ok
    11:22:23.0398 3668 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    11:22:23.0408 3668 sfloppy - ok
    11:22:23.0508 3668 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    11:22:23.0518 3668 SharedAccess - ok
    11:22:23.0558 3668 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
    11:22:23.0568 3668 ShellHWDetection - ok
    11:22:23.0598 3668 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    11:22:23.0608 3668 SiSRaid2 - ok
    11:22:23.0618 3668 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    11:22:23.0618 3668 SiSRaid4 - ok
    11:22:23.0628 3668 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    11:22:23.0638 3668 Smb - ok
    11:22:23.0708 3668 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    11:22:23.0718 3668 SNMPTRAP - ok
    11:22:23.0718 3668 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    11:22:23.0728 3668 spldr - ok
    11:22:24.0008 3668 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
    11:22:24.0072 3668 Spooler - ok
    11:22:24.0280 3668 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
    11:22:24.0300 3668 sppsvc - ok
    11:22:24.0723 3668 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    11:22:24.0733 3668 sppuinotify - ok
    11:22:24.0903 3668 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
    11:22:24.0961 3668 srv - ok
    11:22:24.0995 3668 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
    11:22:25.0057 3668 srv2 - ok
    11:22:25.0097 3668 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
    11:22:25.0147 3668 srvnet - ok
    11:22:25.0217 3668 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    11:22:25.0227 3668 SSDPSRV - ok
    11:22:25.0247 3668 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    11:22:25.0247 3668 SstpSvc - ok
    11:22:25.0297 3668 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    11:22:25.0297 3668 stexstor - ok
    11:22:25.0367 3668 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
    11:22:25.0387 3668 stisvc - ok
    11:22:25.0407 3668 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    11:22:25.0417 3668 swenum - ok
    11:22:25.0487 3668 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    11:22:25.0487 3668 swprv - ok
    11:22:25.0617 3668 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
    11:22:25.0627 3668 SysMain - ok
    11:22:26.0119 3668 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
    11:22:26.0119 3668 TabletInputService - ok
    11:22:26.0149 3668 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
    11:22:26.0159 3668 TapiSrv - ok
    11:22:26.0189 3668 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    11:22:26.0189 3668 TBS - ok
    11:22:26.0469 3668 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
    11:22:26.0549 3668 Tcpip - ok
    11:22:27.0249 3668 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
    11:22:27.0259 3668 TCPIP6 - ok
    11:22:27.0825 3668 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    11:22:27.0835 3668 tcpipreg - ok
    11:22:27.0865 3668 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    11:22:27.0875 3668 TDPIPE - ok
    11:22:27.0925 3668 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
    11:22:27.0982 3668 TDTCP - ok
    11:22:28.0007 3668 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    11:22:28.0017 3668 tdx - ok
    11:22:28.0017 3668 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    11:22:28.0027 3668 TermDD - ok
    11:22:28.0107 3668 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
    11:22:28.0127 3668 TermService - ok
    11:22:28.0157 3668 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    11:22:28.0167 3668 Themes - ok
    11:22:28.0207 3668 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    11:22:28.0207 3668 THREADORDER - ok
    11:22:28.0237 3668 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    11:22:28.0247 3668 TrkWks - ok
    11:22:28.0327 3668 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
    11:22:28.0327 3668 TrustedInstaller - ok
    11:22:28.0367 3668 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    11:22:28.0367 3668 tssecsrv - ok
    11:22:28.0407 3668 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    11:22:28.0407 3668 tunnel - ok
    11:22:28.0417 3668 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    11:22:28.0427 3668 uagp35 - ok
    11:22:28.0477 3668 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
    11:22:28.0487 3668 udfs - ok
    11:22:28.0547 3668 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    11:22:28.0557 3668 UI0Detect - ok
    11:22:28.0567 3668 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    11:22:28.0567 3668 uliagpkx - ok
    11:22:28.0577 3668 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    11:22:28.0587 3668 umbus - ok
    11:22:28.0587 3668 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    11:22:28.0587 3668 UmPass - ok
    11:22:28.0639 3668 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    11:22:28.0649 3668 upnphost - ok
    11:22:28.0679 3668 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
    11:22:28.0736 3668 usbccgp - ok
    11:22:28.0781 3668 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    11:22:28.0781 3668 usbcir - ok
    11:22:28.0801 3668 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
    11:22:28.0858 3668 usbehci - ok
    11:22:28.0933 3668 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
    11:22:28.0989 3668 usbhub - ok
    11:22:29.0005 3668 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
    11:22:29.0064 3668 usbohci - ok
    11:22:29.0297 3668 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    11:22:29.0297 3668 usbprint - ok
    11:22:29.0337 3668 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    11:22:29.0397 3668 USBSTOR - ok
    11:22:29.0429 3668 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
    11:22:29.0485 3668 usbuhci - ok
    11:22:29.0541 3668 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
    11:22:29.0601 3668 usbvideo - ok
    11:22:29.0631 3668 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    11:22:29.0631 3668 UxSms - ok
    11:22:29.0661 3668 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    11:22:29.0661 3668 VaultSvc - ok
    11:22:29.0701 3668 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    11:22:29.0711 3668 vdrvroot - ok
    11:22:29.0761 3668 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
    11:22:29.0771 3668 vds - ok
    11:22:29.0801 3668 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    11:22:29.0801 3668 vga - ok
    11:22:29.0811 3668 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    11:22:29.0821 3668 VgaSave - ok
    11:22:29.0831 3668 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    11:22:29.0846 3668 vhdmp - ok
    11:22:29.0853 3668 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    11:22:29.0859 3668 viaide - ok
    11:22:29.0883 3668 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    11:22:29.0883 3668 volmgr - ok
    11:22:29.0913 3668 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    11:22:29.0913 3668 volmgrx - ok
    11:22:29.0963 3668 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    11:22:29.0973 3668 volsnap - ok
    11:22:29.0993 3668 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    11:22:29.0993 3668 vsmraid - ok
    11:22:30.0153 3668 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
    11:22:30.0163 3668 VSS - ok
    11:22:30.0685 3668 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    11:22:30.0695 3668 vwifibus - ok
    11:22:30.0725 3668 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    11:22:30.0725 3668 vwififlt - ok
    11:22:30.0785 3668 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    11:22:30.0795 3668 W32Time - ok
    11:22:30.0805 3668 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    11:22:30.0815 3668 WacomPen - ok
    11:22:30.0845 3668 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    11:22:30.0845 3668 WANARP - ok
    11:22:30.0855 3668 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    11:22:30.0855 3668 Wanarpv6 - ok
    11:22:30.0985 3668 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    11:22:31.0095 3668 WatAdminSvc - ok
    11:22:31.0205 3668 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
    11:22:31.0235 3668 wbengine - ok
    11:22:31.0657 3668 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    11:22:31.0667 3668 WbioSrvc - ok
    11:22:31.0737 3668 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
    11:22:31.0777 3668 wcncsvc - ok
    11:22:31.0817 3668 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    11:22:31.0817 3668 WcsPlugInService - ok
    11:22:31.0977 3668 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    11:22:31.0977 3668 Wd - ok
    11:22:32.0027 3668 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    11:22:32.0037 3668 Wdf01000 - ok
    11:22:32.0087 3668 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    11:22:32.0097 3668 WdiServiceHost - ok
    11:22:32.0107 3668 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    11:22:32.0107 3668 WdiSystemHost - ok
    11:22:32.0199 3668 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
    11:22:32.0239 3668 WebClient - ok
    11:22:32.0301 3668 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    11:22:32.0311 3668 Wecsvc - ok
    11:22:32.0331 3668 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    11:22:32.0341 3668 wercplsupport - ok
    11:22:32.0381 3668 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    11:22:32.0391 3668 WerSvc - ok
    11:22:32.0623 3668 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    11:22:32.0623 3668 WfpLwf - ok
    11:22:32.0633 3668 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    11:22:32.0637 3668 WIMMount - ok
    11:22:32.0715 3668 WinDefend - ok
    11:22:32.0725 3668 WinHttpAutoProxySvc - ok
    11:22:32.0927 3668 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    11:22:32.0927 3668 Winmgmt - ok
    11:22:33.0207 3668 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
    11:22:33.0237 3668 WinRM - ok
    11:22:33.0799 3668 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    11:22:33.0819 3668 Wlansvc - ok
    11:22:34.0029 3668 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    11:22:34.0029 3668 WmiAcpi - ok
    11:22:34.0231 3668 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    11:22:34.0241 3668 wmiApSrv - ok
    11:22:34.0661 3668 WMPNetworkSvc - ok
    11:22:34.0761 3668 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    11:22:34.0801 3668 WPCSvc - ok
    11:22:34.0961 3668 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
    11:22:34.0961 3668 WPDBusEnum - ok
    11:22:35.0071 3668 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    11:22:35.0071 3668 ws2ifsl - ok
    11:22:35.0191 3668 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
    11:22:35.0231 3668 wscsvc - ok
    11:22:35.0244 3668 WSearch - ok
    11:22:35.0443 3668 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
    11:22:35.0463 3668 wuauserv - ok
    11:22:36.0057 3668 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    11:22:36.0067 3668 WudfPf - ok
    11:22:36.0117 3668 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    11:22:36.0127 3668 WUDFRd - ok
    11:22:36.0229 3668 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
    11:22:36.0238 3668 wudfsvc - ok
    11:22:36.0309 3668 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    11:22:36.0329 3668 WwanSvc - ok
    11:22:36.0409 3668 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
    11:22:36.0409 3668 yukonw7 - ok
    11:22:36.0473 3668 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    11:22:36.0511 3668 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    11:22:36.0511 3668 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    11:22:36.0551 3668 Boot (0x1200) (e9898696208d9272da9533ade414211f) \Device\Harddisk0\DR0\Partition0
    11:22:36.0551 3668 \Device\Harddisk0\DR0\Partition0 - ok
    11:22:36.0601 3668 Boot (0x1200) (3f759e083daa0bfc53855744e15a6d5a) \Device\Harddisk0\DR0\Partition1
    11:22:36.0611 3668 \Device\Harddisk0\DR0\Partition1 - ok
    11:22:36.0621 3668 ============================================================
    11:22:36.0621 3668 Scan finished
    11:22:36.0621 3668 ============================================================
    11:22:36.0631 4936 Detected object count: 1
    11:22:36.0631 4936 Actual detected object count: 1
    11:22:53.0959 4936 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - skipped by user
    11:22:53.0959 4936 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Skip


    The scan itself lasted for less than a minute, so I am not sure if it captured everything you need. Let me know, if you need something else.

    Thanks!

  8. #8
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Please run TDSSKiller again and this time select cure. Post back the log.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  9. #9
    Junior Member
    Join Date
    Jun 2012
    Posts
    13

    Default Hopefully gone? Part 1

    After the program cured the error it prompted me to reboot my system. Upon restarting my computer, the program was no longer pulled up so I ran it again. The second scan came up with no errors; here is the log from the second scan.

    15:50:09.0272 4452 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
    15:50:09.0818 4452 ============================================================
    15:50:09.0818 4452 Current date / time: 2012/06/21 15:50:09.0818
    15:50:09.0818 4452 SystemInfo:
    15:50:09.0818 4452
    15:50:09.0818 4452 OS Version: 6.1.7600 ServicePack: 0.0
    15:50:09.0818 4452 Product type: Workstation
    15:50:09.0818 4452 ComputerName: SHELBY-PC
    15:50:09.0818 4452 UserName: Shelby
    15:50:09.0818 4452 Windows directory: C:\Windows
    15:50:09.0818 4452 System windows directory: C:\Windows
    15:50:09.0818 4452 Running under WOW64
    15:50:09.0818 4452 Processor architecture: Intel x64
    15:50:09.0818 4452 Number of processors: 2
    15:50:09.0818 4452 Page size: 0x1000
    15:50:09.0818 4452 Boot type: Normal boot
    15:50:09.0818 4452 ============================================================
    15:50:11.0424 4452 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    15:50:11.0440 4452 ============================================================
    15:50:11.0440 4452 \Device\Harddisk0\DR0:
    15:50:11.0456 4452 MBR partitions:
    15:50:11.0456 4452 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
    15:50:11.0456 4452 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B465170
    15:50:11.0456 4452 ============================================================
    15:50:11.0580 4452 C: <-> \Device\Harddisk0\DR0\Partition1
    15:50:11.0580 4452 ============================================================
    15:50:11.0580 4452 Initialize success
    15:50:11.0580 4452 ============================================================
    15:50:13.0265 4748 ============================================================
    15:50:13.0265 4748 Scan started
    15:50:13.0265 4748 Mode: Manual;
    15:50:13.0265 4748 ============================================================
    15:50:16.0214 4748 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
    15:50:16.0214 4748 1394ohci - ok
    15:50:16.0276 4748 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    15:50:16.0276 4748 ACPI - ok
    15:50:16.0292 4748 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    15:50:16.0292 4748 AcpiPmi - ok
    15:50:16.0541 4748 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    15:50:16.0541 4748 AdobeARMservice - ok
    15:50:16.0916 4748 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    15:50:16.0916 4748 AdobeFlashPlayerUpdateSvc - ok
    15:50:17.0009 4748 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    15:50:17.0009 4748 adp94xx - ok
    15:50:17.0150 4748 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    15:50:17.0150 4748 adpahci - ok
    15:50:17.0165 4748 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    15:50:17.0181 4748 adpu320 - ok
    15:50:17.0243 4748 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    15:50:17.0243 4748 AeLookupSvc - ok
    15:50:17.0477 4748 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
    15:50:17.0524 4748 AFD - ok
    15:50:17.0664 4748 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    15:50:17.0664 4748 agp440 - ok
    15:50:17.0774 4748 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    15:50:17.0774 4748 ALG - ok
    15:50:17.0789 4748 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    15:50:17.0789 4748 aliide - ok
    15:50:17.0805 4748 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    15:50:17.0805 4748 amdide - ok
    15:50:17.0836 4748 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    15:50:17.0836 4748 AmdK8 - ok
    15:50:17.0852 4748 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    15:50:17.0852 4748 AmdPPM - ok
    15:50:17.0930 4748 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
    15:50:17.0930 4748 amdsata - ok
    15:50:17.0961 4748 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    15:50:17.0961 4748 amdsbs - ok
    15:50:18.0008 4748 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
    15:50:18.0023 4748 amdxata - ok
    15:50:18.0054 4748 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    15:50:18.0054 4748 AppID - ok
    15:50:18.0101 4748 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    15:50:18.0101 4748 AppIDSvc - ok
    15:50:18.0117 4748 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
    15:50:18.0117 4748 Appinfo - ok
    15:50:18.0148 4748 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    15:50:18.0148 4748 arc - ok
    15:50:18.0164 4748 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    15:50:18.0164 4748 arcsas - ok
    15:50:18.0179 4748 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    15:50:18.0179 4748 AsyncMac - ok
    15:50:18.0195 4748 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    15:50:18.0195 4748 atapi - ok
    15:50:18.0242 4748 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
    15:50:18.0257 4748 AudioEndpointBuilder - ok
    15:50:18.0273 4748 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
    15:50:18.0273 4748 AudioSrv - ok
    15:50:18.0382 4748 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
    15:50:18.0398 4748 AxInstSV - ok
    15:50:18.0741 4748 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    15:50:18.0803 4748 b06bdrv - ok
    15:50:18.0975 4748 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    15:50:18.0990 4748 b57nd60a - ok
    15:50:19.0162 4748 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
    15:50:19.0178 4748 BCM43XX - ok
    15:50:19.0240 4748 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    15:50:19.0240 4748 BDESVC - ok
    15:50:19.0458 4748 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    15:50:19.0458 4748 Beep - ok
    15:50:19.0568 4748 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
    15:50:19.0583 4748 BFE - ok
    15:50:19.0708 4748 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
    15:50:19.0724 4748 BITS - ok
    15:50:19.0958 4748 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    15:50:19.0958 4748 blbdrive - ok
    15:50:20.0004 4748 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
    15:50:20.0004 4748 bowser - ok
    15:50:20.0020 4748 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    15:50:20.0020 4748 BrFiltLo - ok
    15:50:20.0036 4748 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    15:50:20.0036 4748 BrFiltUp - ok
    15:50:20.0051 4748 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
    15:50:20.0051 4748 BridgeMP - ok
    15:50:20.0098 4748 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
    15:50:20.0098 4748 Browser - ok
    15:50:20.0145 4748 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    15:50:20.0145 4748 Brserid - ok
    15:50:20.0223 4748 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    15:50:20.0223 4748 BrSerWdm - ok
    15:50:20.0238 4748 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    15:50:20.0238 4748 BrUsbMdm - ok
    15:50:20.0238 4748 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    15:50:20.0238 4748 BrUsbSer - ok
    15:50:20.0254 4748 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    15:50:20.0254 4748 BTHMODEM - ok
    15:50:20.0285 4748 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    15:50:20.0285 4748 bthserv - ok
    15:50:20.0566 4748 catchme - ok
    15:50:20.0660 4748 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    15:50:20.0660 4748 cdfs - ok
    15:50:20.0706 4748 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    15:50:20.0706 4748 cdrom - ok
    15:50:20.0784 4748 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
    15:50:20.0800 4748 CertPropSvc - ok
    15:50:20.0847 4748 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys
    15:50:20.0847 4748 cfwids - ok
    15:50:20.0862 4748 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    15:50:20.0862 4748 circlass - ok
    15:50:20.0925 4748 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    15:50:20.0925 4748 CLFS - ok
    15:50:21.0330 4748 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    15:50:21.0346 4748 clr_optimization_v2.0.50727_32 - ok
    15:50:21.0642 4748 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    15:50:21.0658 4748 clr_optimization_v2.0.50727_64 - ok
    15:50:22.0017 4748 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    15:50:22.0032 4748 clr_optimization_v4.0.30319_32 - ok
    15:50:22.0204 4748 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    15:50:22.0204 4748 clr_optimization_v4.0.30319_64 - ok
    15:50:22.0298 4748 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    15:50:22.0298 4748 CmBatt - ok
    15:50:22.0313 4748 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    15:50:22.0313 4748 cmdide - ok
    15:50:22.0391 4748 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
    15:50:22.0391 4748 CNG - ok
    15:50:22.0454 4748 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    15:50:22.0454 4748 Compbatt - ok
    15:50:22.0469 4748 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    15:50:22.0485 4748 CompositeBus - ok
    15:50:22.0500 4748 COMSysApp - ok
    15:50:22.0500 4748 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    15:50:22.0516 4748 crcdisk - ok
    15:50:22.0610 4748 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
    15:50:22.0610 4748 CryptSvc - ok
    15:50:22.0719 4748 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
    15:50:22.0734 4748 DcomLaunch - ok
    15:50:22.0844 4748 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    15:50:22.0859 4748 defragsvc - ok
    15:50:22.0906 4748 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
    15:50:22.0906 4748 DfsC - ok
    15:50:22.0984 4748 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
    15:50:22.0984 4748 Dhcp - ok
    15:50:23.0062 4748 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    15:50:23.0062 4748 discache - ok
    15:50:23.0140 4748 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    15:50:23.0140 4748 Disk - ok
    15:50:23.0187 4748 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
    15:50:23.0187 4748 Dnscache - ok
    15:50:23.0249 4748 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
    15:50:23.0249 4748 dot3svc - ok
    15:50:23.0312 4748 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
    15:50:23.0312 4748 DPS - ok
    15:50:23.0390 4748 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    15:50:23.0390 4748 drmkaud - ok
    15:50:23.0468 4748 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
    15:50:23.0483 4748 DXGKrnl - ok
    15:50:23.0514 4748 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    15:50:23.0514 4748 EapHost - ok
    15:50:23.0764 4748 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    15:50:23.0826 4748 ebdrv - ok
    15:50:24.0404 4748 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
    15:50:24.0419 4748 EFS - ok
    15:50:24.0653 4748 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
    15:50:24.0669 4748 ehRecvr - ok
    15:50:24.0716 4748 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    15:50:24.0716 4748 ehSched - ok
    15:50:24.0996 4748 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    15:50:24.0996 4748 elxstor - ok
    15:50:25.0012 4748 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    15:50:25.0012 4748 ErrDev - ok
    15:50:25.0121 4748 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    15:50:25.0137 4748 EventSystem - ok
    15:50:25.0168 4748 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    15:50:25.0168 4748 exfat - ok
    15:50:25.0184 4748 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    15:50:25.0199 4748 fastfat - ok
    15:50:25.0293 4748 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
    15:50:25.0308 4748 Fax - ok
    15:50:25.0308 4748 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    15:50:25.0324 4748 fdc - ok
    15:50:25.0340 4748 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    15:50:25.0340 4748 fdPHost - ok
    15:50:25.0355 4748 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    15:50:25.0355 4748 FDResPub - ok
    15:50:25.0386 4748 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    15:50:25.0386 4748 FileInfo - ok
    15:50:25.0386 4748 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    15:50:25.0386 4748 Filetrace - ok
    15:50:25.0402 4748 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    15:50:25.0402 4748 flpydisk - ok
    15:50:25.0418 4748 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    15:50:25.0418 4748 FltMgr - ok
    15:50:25.0542 4748 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
    15:50:25.0558 4748 FontCache - ok
    15:50:25.0730 4748 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    15:50:25.0730 4748 FontCache3.0.0.0 - ok
    15:50:25.0917 4748 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    15:50:25.0917 4748 FsDepends - ok
    15:50:25.0964 4748 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
    15:50:25.0979 4748 Fs_Rec - ok
    15:50:26.0026 4748 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
    15:50:26.0042 4748 fvevol - ok
    15:50:26.0120 4748 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    15:50:26.0120 4748 gagp30kx - ok
    15:50:26.0213 4748 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
    15:50:26.0213 4748 gpsvc - ok
    15:50:26.0276 4748 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    15:50:26.0276 4748 hcw85cir - ok
    15:50:26.0338 4748 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    15:50:26.0354 4748 HdAudAddService - ok
    15:50:26.0400 4748 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    15:50:26.0400 4748 HDAudBus - ok
    15:50:26.0447 4748 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    15:50:26.0463 4748 HidBatt - ok
    15:50:26.0463 4748 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    15:50:26.0463 4748 HidBth - ok
    15:50:26.0510 4748 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    15:50:26.0510 4748 HidIr - ok
    15:50:26.0619 4748 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
    15:50:26.0619 4748 hidserv - ok
    15:50:26.0634 4748 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    15:50:26.0650 4748 HidUsb - ok
    15:50:26.0697 4748 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
    15:50:26.0697 4748 hkmsvc - ok
    15:50:26.0790 4748 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
    15:50:26.0790 4748 HomeGroupListener - ok
    15:50:26.0853 4748 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
    15:50:26.0853 4748 HomeGroupProvider - ok
    15:50:26.0884 4748 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    15:50:26.0884 4748 HpSAMD - ok
    15:50:26.0978 4748 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    15:50:26.0978 4748 HTTP - ok
    15:50:27.0024 4748 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    15:50:27.0024 4748 hwpolicy - ok
    15:50:27.0071 4748 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    15:50:27.0071 4748 i8042prt - ok
    15:50:27.0243 4748 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
    15:50:27.0243 4748 iaStorV - ok
    15:50:27.0492 4748 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    15:50:27.0508 4748 idsvc - ok
    15:50:27.0960 4748 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
    15:50:28.0116 4748 igfx - ok
    15:50:28.0896 4748 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    15:50:28.0912 4748 iirsp - ok
    15:50:29.0021 4748 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
    15:50:29.0021 4748 IKEEXT - ok
    15:50:29.0052 4748 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    15:50:29.0052 4748 intelide - ok
    15:50:29.0052 4748 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    15:50:29.0052 4748 intelppm - ok
    15:50:29.0115 4748 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    15:50:29.0115 4748 IPBusEnum - ok
    15:50:29.0115 4748 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    15:50:29.0115 4748 IpFilterDriver - ok
    15:50:29.0208 4748 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
    15:50:29.0224 4748 iphlpsvc - ok
    15:50:29.0271 4748 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    15:50:29.0271 4748 IPMIDRV - ok
    15:50:29.0302 4748 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    15:50:29.0302 4748 IPNAT - ok
    15:50:29.0380 4748 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    15:50:29.0380 4748 IRENUM - ok
    15:50:29.0380 4748 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    15:50:29.0380 4748 isapnp - ok
    15:50:29.0442 4748 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    15:50:29.0442 4748 iScsiPrt - ok
    15:50:29.0474 4748 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    15:50:29.0474 4748 kbdclass - ok
    15:50:29.0520 4748 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    15:50:29.0520 4748 kbdhid - ok
    15:50:29.0583 4748 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    15:50:29.0583 4748 KeyIso - ok
    15:50:29.0630 4748 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
    15:50:29.0630 4748 KSecDD - ok
    15:50:29.0661 4748 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
    15:50:29.0661 4748 KSecPkg - ok
    15:50:29.0708 4748 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    15:50:29.0723 4748 ksthunk - ok
    15:50:29.0801 4748 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    15:50:29.0817 4748 KtmRm - ok
    15:50:29.0910 4748 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
    15:50:29.0910 4748 LanmanServer - ok
    15:50:29.0942 4748 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
    15:50:29.0957 4748 LanmanWorkstation - ok
    15:50:30.0098 4748 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    15:50:30.0098 4748 lltdio - ok
    15:50:30.0176 4748 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    15:50:30.0191 4748 lltdsvc - ok
    15:50:30.0191 4748 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    15:50:30.0191 4748 lmhosts - ok
    15:50:30.0254 4748 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    15:50:30.0254 4748 LSI_FC - ok
    15:50:30.0269 4748 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    15:50:30.0269 4748 LSI_SAS - ok
    15:50:30.0332 4748 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    15:50:30.0332 4748 LSI_SAS2 - ok
    15:50:30.0347 4748 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    15:50:30.0347 4748 LSI_SCSI - ok
    15:50:30.0378 4748 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    15:50:30.0394 4748 luafv - ok
    15:50:30.0566 4748 McAfee SiteAdvisor Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    15:50:30.0566 4748 McAfee SiteAdvisor Service - ok
    15:50:30.0581 4748 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    15:50:30.0581 4748 McMPFSvc - ok
    15:50:30.0597 4748 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    15:50:30.0612 4748 mcmscsvc - ok
    15:50:30.0659 4748 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    15:50:30.0659 4748 McNaiAnn - ok
    15:50:30.0706 4748 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    15:50:30.0706 4748 McNASvc - ok
    15:50:30.0893 4748 McODS (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\McAfee\VirusScan\mcods.exe
    15:50:30.0893 4748 McODS - ok
    15:50:30.0909 4748 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    15:50:30.0909 4748 McProxy - ok
    15:50:30.0987 4748 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    15:50:30.0987 4748 McShield - ok
    15:50:31.0034 4748 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
    15:50:31.0034 4748 Mcx2Svc - ok
    15:50:31.0080 4748 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    15:50:31.0080 4748 megasas - ok
    15:50:31.0096 4748 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    15:50:31.0112 4748 MegaSR - ok
    15:50:31.0158 4748 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys
    15:50:31.0158 4748 mfeapfk - ok
    15:50:31.0236 4748 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys
    15:50:31.0236 4748 mfeavfk - ok
    15:50:31.0283 4748 mfeavfk01 - ok
    15:50:31.0330 4748 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    15:50:31.0330 4748 mfefire - ok
    15:50:31.0377 4748 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys
    15:50:31.0392 4748 mfefirek - ok
    15:50:31.0502 4748 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys
    15:50:31.0502 4748 mfehidk - ok
    15:50:31.0533 4748 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys
    15:50:31.0533 4748 mfenlfk - ok
    15:50:31.0595 4748 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys
    15:50:31.0595 4748 mferkdet - ok
    15:50:31.0642 4748 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe
    15:50:31.0642 4748 mfevtp - ok
    15:50:31.0704 4748 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys
    15:50:31.0704 4748 mfewfpk - ok
    15:50:31.0782 4748 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    15:50:31.0782 4748 MMCSS - ok
    15:50:31.0829 4748 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    15:50:31.0829 4748 Modem - ok
    15:50:31.0860 4748 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    15:50:31.0860 4748 monitor - ok
    15:50:31.0876 4748 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    15:50:31.0876 4748 mouclass - ok
    15:50:31.0892 4748 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    15:50:31.0892 4748 mouhid - ok
    15:50:31.0923 4748 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    15:50:31.0923 4748 mountmgr - ok
    15:50:31.0938 4748 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    15:50:31.0938 4748 mpio - ok
    15:50:31.0954 4748 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    15:50:31.0954 4748 mpsdrv - ok
    15:50:32.0032 4748 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
    15:50:32.0032 4748 MpsSvc - ok
    15:50:32.0048 4748 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    15:50:32.0048 4748 MRxDAV - ok
    15:50:32.0094 4748 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    15:50:32.0094 4748 mrxsmb - ok
    15:50:32.0141 4748 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    15:50:32.0157 4748 mrxsmb10 - ok
    15:50:32.0204 4748 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    15:50:32.0204 4748 mrxsmb20 - ok
    15:50:32.0235 4748 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
    15:50:32.0235 4748 msahci - ok
    15:50:32.0250 4748 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    15:50:32.0250 4748 msdsm - ok
    15:50:32.0313 4748 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    15:50:32.0313 4748 MSDTC - ok
    15:50:32.0344 4748 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    15:50:32.0344 4748 Msfs - ok
    15:50:32.0344 4748 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    15:50:32.0344 4748 mshidkmdf - ok
    15:50:32.0360 4748 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    15:50:32.0360 4748 msisadrv - ok
    15:50:32.0406 4748 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    15:50:32.0422 4748 MSiSCSI - ok
    15:50:32.0422 4748 msiserver - ok
    15:50:32.0578 4748 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    15:50:32.0578 4748 MSK80Service - ok
    15:50:32.0625 4748 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    15:50:32.0625 4748 MSKSSRV - ok
    15:50:32.0640 4748 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    15:50:32.0640 4748 MSPCLOCK - ok
    15:50:32.0656 4748 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    15:50:32.0656 4748 MSPQM - ok
    15:50:32.0703 4748 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    15:50:32.0718 4748 MsRPC - ok
    15:50:32.0718 4748 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    15:50:32.0734 4748 mssmbios - ok
    15:50:32.0734 4748 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    15:50:32.0734 4748 MSTEE - ok
    15:50:32.0750 4748 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    15:50:32.0750 4748 MTConfig - ok
    15:50:32.0781 4748 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    15:50:32.0781 4748 Mup - ok
    15:50:32.0859 4748 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
    15:50:32.0859 4748 napagent - ok
    15:50:32.0937 4748 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    15:50:32.0952 4748 NativeWifiP - ok
    15:50:33.0046 4748 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    15:50:33.0062 4748 NDIS - ok
    15:50:33.0108 4748 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    15:50:33.0108 4748 NdisCap - ok
    15:50:33.0155 4748 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    15:50:33.0155 4748 NdisTapi - ok
    15:50:33.0186 4748 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    15:50:33.0186 4748 Ndisuio - ok
    15:50:33.0202 4748 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    15:50:33.0202 4748 NdisWan - ok
    15:50:33.0218 4748 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    15:50:33.0218 4748 NDProxy - ok
    15:50:33.0249 4748 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    15:50:33.0249 4748 NetBIOS - ok
    15:50:33.0264 4748 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    15:50:33.0264 4748 NetBT - ok
    15:50:33.0311 4748 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    15:50:33.0311 4748 Netlogon - ok
    15:50:33.0405 4748 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    15:50:33.0405 4748 Netman - ok
    15:50:33.0452 4748 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    15:50:33.0452 4748 netprofm - ok
    15:50:33.0639 4748 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    15:50:33.0654 4748 NetTcpPortSharing - ok
    15:50:33.0732 4748 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    15:50:33.0732 4748 nfrd960 - ok
    15:50:33.0826 4748 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
    15:50:33.0826 4748 NlaSvc - ok
    15:50:33.0842 4748 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    15:50:33.0842 4748 Npfs - ok
    15:50:33.0873 4748 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    15:50:33.0873 4748 nsi - ok
    15:50:33.0873 4748 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    15:50:33.0873 4748 nsiproxy - ok
    15:50:33.0998 4748 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
    15:50:34.0013 4748 Ntfs - ok
    15:50:34.0544 4748 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    15:50:34.0544 4748 Null - ok
    15:50:34.0606 4748 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
    15:50:34.0606 4748 nvraid - ok
    15:50:34.0668 4748 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
    15:50:34.0668 4748 nvstor - ok
    15:50:34.0700 4748 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    15:50:34.0715 4748 nv_agp - ok
    15:50:34.0934 4748 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    15:50:34.0949 4748 odserv - ok
    15:50:34.0965 4748 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    15:50:34.0965 4748 ohci1394 - ok
    15:50:35.0012 4748 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    15:50:35.0012 4748 ose - ok
    15:50:35.0074 4748 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    15:50:35.0074 4748 p2pimsvc - ok
    15:50:35.0199 4748 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    15:50:35.0199 4748 p2psvc - ok
    15:50:35.0261 4748 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    15:50:35.0261 4748 Parport - ok
    15:50:35.0308 4748 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
    15:50:35.0308 4748 partmgr - ok
    15:50:35.0324 4748 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    15:50:35.0324 4748 PcaSvc - ok
    15:50:35.0339 4748 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    15:50:35.0339 4748 pci - ok
    15:50:35.0339 4748 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    15:50:35.0339 4748 pciide - ok
    15:50:35.0402 4748 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    15:50:35.0402 4748 pcmcia - ok
    15:50:35.0417 4748 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    15:50:35.0417 4748 pcw - ok
    15:50:35.0464 4748 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    15:50:35.0464 4748 PEAUTH - ok
    15:50:35.0745 4748 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    15:50:35.0760 4748 PerfHost - ok
    15:50:35.0916 4748 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
    15:50:35.0932 4748 pla - ok
    15:50:36.0010 4748 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
    15:50:36.0026 4748 PlugPlay - ok
    15:50:36.0072 4748 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    15:50:36.0072 4748 PNRPAutoReg - ok
    15:50:36.0104 4748 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    15:50:36.0104 4748 PNRPsvc - ok
    15:50:36.0197 4748 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
    15:50:36.0197 4748 PolicyAgent - ok
    15:50:36.0244 4748 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    15:50:36.0260 4748 Power - ok
    15:50:36.0431 4748 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    15:50:36.0431 4748 PptpMiniport - ok
    15:50:36.0447 4748 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    15:50:36.0462 4748 Processor - ok
    15:50:36.0509 4748 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
    15:50:36.0509 4748 ProfSvc - ok
    15:50:36.0556 4748 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    15:50:36.0556 4748 ProtectedStorage - ok
    15:50:36.0603 4748 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    15:50:36.0603 4748 Psched - ok

  10. #10
    Junior Member
    Join Date
    Jun 2012
    Posts
    13

    Default Hopefully gone? Part 2

    15:51:57.0957 4312 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    15:51:57.0957 4312 ql2300 - ok
    15:51:58.0487 4312 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    15:51:58.0503 4312 ql40xx - ok
    15:51:58.0550 4312 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    15:51:58.0565 4312 QWAVE - ok
    15:51:58.0565 4312 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    15:51:58.0565 4312 QWAVEdrv - ok
    15:51:58.0581 4312 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    15:51:58.0581 4312 RasAcd - ok
    15:51:58.0628 4312 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    15:51:58.0628 4312 RasAgileVpn - ok
    15:51:58.0659 4312 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    15:51:58.0659 4312 RasAuto - ok
    15:51:58.0706 4312 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    15:51:58.0706 4312 Rasl2tp - ok
    15:51:58.0753 4312 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
    15:51:58.0768 4312 RasMan - ok
    15:51:58.0768 4312 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    15:51:58.0784 4312 RasPppoe - ok
    15:51:58.0799 4312 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    15:51:58.0815 4312 RasSstp - ok
    15:51:58.0831 4312 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    15:51:58.0831 4312 rdbss - ok
    15:51:58.0831 4312 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    15:51:58.0831 4312 rdpbus - ok
    15:51:58.0846 4312 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    15:51:58.0846 4312 RDPCDD - ok
    15:51:58.0862 4312 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    15:51:58.0862 4312 RDPENCDD - ok
    15:51:58.0877 4312 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    15:51:58.0877 4312 RDPREFMP - ok
    15:51:58.0924 4312 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
    15:51:58.0924 4312 RDPWD - ok
    15:51:58.0940 4312 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    15:51:58.0955 4312 rdyboost - ok
    15:51:59.0002 4312 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    15:51:59.0002 4312 RemoteAccess - ok
    15:51:59.0065 4312 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    15:51:59.0065 4312 RemoteRegistry - ok
    15:51:59.0080 4312 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    15:51:59.0080 4312 RpcEptMapper - ok
    15:51:59.0189 4312 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    15:51:59.0189 4312 RpcLocator - ok
    15:51:59.0252 4312 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
    15:51:59.0252 4312 RpcSs - ok
    15:51:59.0299 4312 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    15:51:59.0299 4312 rspndr - ok
    15:51:59.0330 4312 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    15:51:59.0345 4312 SamSs - ok
    15:51:59.0345 4312 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    15:51:59.0361 4312 sbp2port - ok
    15:51:59.0579 4312 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    15:51:59.0579 4312 SBSDWSCService - ok
    15:51:59.0657 4312 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    15:51:59.0657 4312 SCardSvr - ok
    15:51:59.0798 4312 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    15:51:59.0798 4312 scfilter - ok
    15:51:59.0891 4312 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
    15:51:59.0907 4312 Schedule - ok
    15:51:59.0954 4312 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
    15:51:59.0954 4312 SCPolicySvc - ok
    15:52:00.0016 4312 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
    15:52:00.0016 4312 SDRSVC - ok
    15:52:00.0188 4312 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    15:52:00.0188 4312 secdrv - ok
    15:52:00.0219 4312 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
    15:52:00.0219 4312 seclogon - ok
    15:52:00.0235 4312 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
    15:52:00.0235 4312 SENS - ok
    15:52:00.0266 4312 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    15:52:00.0266 4312 SensrSvc - ok
    15:52:00.0266 4312 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    15:52:00.0266 4312 Serenum - ok
    15:52:00.0281 4312 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    15:52:00.0281 4312 Serial - ok
    15:52:00.0297 4312 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    15:52:00.0297 4312 sermouse - ok
    15:52:00.0328 4312 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
    15:52:00.0328 4312 SessionEnv - ok
    15:52:00.0344 4312 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    15:52:00.0344 4312 sffdisk - ok
    15:52:00.0344 4312 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    15:52:00.0344 4312 sffp_mmc - ok
    15:52:00.0359 4312 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
    15:52:00.0359 4312 sffp_sd - ok
    15:52:00.0359 4312 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    15:52:00.0359 4312 sfloppy - ok
    15:52:00.0437 4312 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    15:52:00.0437 4312 SharedAccess - ok
    15:52:00.0469 4312 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
    15:52:00.0484 4312 ShellHWDetection - ok
    15:52:00.0515 4312 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    15:52:00.0515 4312 SiSRaid2 - ok
    15:52:00.0531 4312 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    15:52:00.0531 4312 SiSRaid4 - ok
    15:52:00.0547 4312 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    15:52:00.0547 4312 Smb - ok
    15:52:00.0593 4312 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    15:52:00.0593 4312 SNMPTRAP - ok
    15:52:00.0593 4312 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    15:52:00.0593 4312 spldr - ok
    15:52:00.0656 4312 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
    15:52:00.0671 4312 Spooler - ok
    15:52:00.0874 4312 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
    15:52:00.0890 4312 sppsvc - ok
    15:52:01.0311 4312 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    15:52:01.0311 4312 sppuinotify - ok
    15:52:01.0498 4312 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
    15:52:01.0498 4312 srv - ok
    15:52:01.0561 4312 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
    15:52:01.0561 4312 srv2 - ok
    15:52:01.0592 4312 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
    15:52:01.0592 4312 srvnet - ok
    15:52:01.0654 4312 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    15:52:01.0654 4312 SSDPSRV - ok
    15:52:01.0670 4312 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    15:52:01.0670 4312 SstpSvc - ok
    15:52:01.0748 4312 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    15:52:01.0748 4312 stexstor - ok
    15:52:01.0810 4312 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
    15:52:01.0810 4312 stisvc - ok
    15:52:01.0826 4312 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    15:52:01.0826 4312 swenum - ok
    15:52:01.0888 4312 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    15:52:01.0888 4312 swprv - ok
    15:52:02.0044 4312 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
    15:52:02.0060 4312 SysMain - ok
    15:52:02.0481 4312 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
    15:52:02.0481 4312 TabletInputService - ok
    15:52:02.0512 4312 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
    15:52:02.0512 4312 TapiSrv - ok
    15:52:02.0528 4312 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    15:52:02.0543 4312 TBS - ok
    15:52:02.0793 4312 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
    15:52:02.0824 4312 Tcpip - ok
    15:52:03.0495 4312 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
    15:52:03.0511 4312 TCPIP6 - ok
    15:52:04.0041 4312 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    15:52:04.0041 4312 tcpipreg - ok
    15:52:04.0057 4312 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    15:52:04.0057 4312 TDPIPE - ok
    15:52:04.0103 4312 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
    15:52:04.0103 4312 TDTCP - ok
    15:52:04.0103 4312 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    15:52:04.0103 4312 tdx - ok
    15:52:04.0119 4312 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    15:52:04.0119 4312 TermDD - ok
    15:52:04.0213 4312 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
    15:52:04.0228 4312 TermService - ok
    15:52:04.0259 4312 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    15:52:04.0259 4312 Themes - ok
    15:52:04.0322 4312 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    15:52:04.0322 4312 THREADORDER - ok
    15:52:04.0353 4312 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    15:52:04.0353 4312 TrkWks - ok
    15:52:04.0447 4312 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
    15:52:04.0447 4312 TrustedInstaller - ok
    15:52:04.0493 4312 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    15:52:04.0493 4312 tssecsrv - ok
    15:52:04.0509 4312 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    15:52:04.0509 4312 tunnel - ok
    15:52:04.0525 4312 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    15:52:04.0525 4312 uagp35 - ok
    15:52:04.0556 4312 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
    15:52:04.0556 4312 udfs - ok
    15:52:04.0618 4312 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    15:52:04.0618 4312 UI0Detect - ok
    15:52:04.0634 4312 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    15:52:04.0634 4312 uliagpkx - ok
    15:52:04.0649 4312 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    15:52:04.0649 4312 umbus - ok
    15:52:04.0649 4312 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    15:52:04.0649 4312 UmPass - ok
    15:52:04.0696 4312 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    15:52:04.0696 4312 upnphost - ok
    15:52:04.0743 4312 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
    15:52:04.0759 4312 usbccgp - ok
    15:52:04.0790 4312 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    15:52:04.0790 4312 usbcir - ok
    15:52:04.0805 4312 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
    15:52:04.0805 4312 usbehci - ok
    15:52:04.0837 4312 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
    15:52:04.0852 4312 usbhub - ok
    15:52:04.0899 4312 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
    15:52:04.0899 4312 usbohci - ok
    15:52:04.0930 4312 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    15:52:04.0930 4312 usbprint - ok
    15:52:04.0977 4312 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    15:52:04.0977 4312 USBSTOR - ok
    15:52:05.0024 4312 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
    15:52:05.0024 4312 usbuhci - ok
    15:52:05.0055 4312 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
    15:52:05.0071 4312 usbvideo - ok
    15:52:05.0086 4312 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    15:52:05.0086 4312 UxSms - ok
    15:52:05.0117 4312 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    15:52:05.0133 4312 VaultSvc - ok
    15:52:05.0164 4312 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    15:52:05.0164 4312 vdrvroot - ok
    15:52:05.0227 4312 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
    15:52:05.0242 4312 vds - ok
    15:52:05.0258 4312 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    15:52:05.0258 4312 vga - ok
    15:52:05.0258 4312 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    15:52:05.0258 4312 VgaSave - ok
    15:52:05.0273 4312 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    15:52:05.0273 4312 vhdmp - ok
    15:52:05.0289 4312 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    15:52:05.0289 4312 viaide - ok
    15:52:05.0289 4312 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    15:52:05.0305 4312 volmgr - ok
    15:52:05.0336 4312 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    15:52:05.0336 4312 volmgrx - ok
    15:52:05.0383 4312 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    15:52:05.0383 4312 volsnap - ok
    15:52:05.0398 4312 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    15:52:05.0398 4312 vsmraid - ok
    15:52:05.0523 4312 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
    15:52:05.0554 4312 VSS - ok
    15:52:06.0069 4312 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    15:52:06.0069 4312 vwifibus - ok
    15:52:06.0085 4312 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    15:52:06.0085 4312 vwififlt - ok
    15:52:06.0147 4312 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    15:52:06.0147 4312 W32Time - ok
    15:52:06.0163 4312 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    15:52:06.0163 4312 WacomPen - ok
    15:52:06.0178 4312 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    15:52:06.0178 4312 WANARP - ok
    15:52:06.0178 4312 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    15:52:06.0178 4312 Wanarpv6 - ok
    15:52:06.0303 4312 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    15:52:06.0303 4312 WatAdminSvc - ok
    15:52:06.0428 4312 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
    15:52:06.0459 4312 wbengine - ok
    15:52:06.0865 4312 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    15:52:06.0880 4312 WbioSrvc - ok
    15:52:06.0927 4312 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
    15:52:06.0943 4312 wcncsvc - ok
    15:52:06.0974 4312 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    15:52:06.0974 4312 WcsPlugInService - ok
    15:52:07.0114 4312 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    15:52:07.0114 4312 Wd - ok
    15:52:07.0161 4312 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    15:52:07.0177 4312 Wdf01000 - ok
    15:52:07.0208 4312 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    15:52:07.0223 4312 WdiServiceHost - ok
    15:52:07.0223 4312 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    15:52:07.0223 4312 WdiSystemHost - ok
    15:52:07.0286 4312 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
    15:52:07.0286 4312 WebClient - ok
    15:52:07.0333 4312 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    15:52:07.0348 4312 Wecsvc - ok
    15:52:07.0364 4312 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    15:52:07.0364 4312 wercplsupport - ok
    15:52:07.0379 4312 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    15:52:07.0379 4312 WerSvc - ok
    15:52:07.0520 4312 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    15:52:07.0520 4312 WfpLwf - ok
    15:52:07.0535 4312 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    15:52:07.0535 4312 WIMMount - ok
    15:52:07.0645 4312 WinDefend - ok
    15:52:07.0660 4312 WinHttpAutoProxySvc - ok
    15:52:07.0847 4312 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    15:52:07.0863 4312 Winmgmt - ok
    15:52:08.0003 4312 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
    15:52:08.0019 4312 WinRM - ok
    15:52:08.0487 4312 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    15:52:08.0503 4312 Wlansvc - ok
    15:52:08.0643 4312 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    15:52:08.0643 4312 WmiAcpi - ok
    15:52:08.0830 4312 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    15:52:08.0846 4312 wmiApSrv - ok
    15:52:08.0939 4312 WMPNetworkSvc - ok
    15:52:09.0002 4312 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    15:52:09.0002 4312 WPCSvc - ok
    15:52:09.0033 4312 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
    15:52:09.0033 4312 WPDBusEnum - ok
    15:52:09.0064 4312 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    15:52:09.0064 4312 ws2ifsl - ok
    15:52:09.0111 4312 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
    15:52:09.0111 4312 wscsvc - ok
    15:52:09.0111 4312 WSearch - ok
    15:52:09.0298 4312 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
    15:52:09.0329 4312 wuauserv - ok
    15:52:09.0860 4312 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    15:52:09.0860 4312 WudfPf - ok
    15:52:09.0891 4312 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    15:52:09.0891 4312 WUDFRd - ok
    15:52:09.0922 4312 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
    15:52:09.0922 4312 wudfsvc - ok
    15:52:09.0953 4312 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    15:52:09.0953 4312 WwanSvc - ok
    15:52:10.0000 4312 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
    15:52:10.0000 4312 yukonw7 - ok
    15:52:10.0078 4312 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
    15:52:10.0297 4312 \Device\Harddisk0\DR0 - ok
    15:52:10.0312 4312 Boot (0x1200) (e9898696208d9272da9533ade414211f) \Device\Harddisk0\DR0\Partition0
    15:52:10.0312 4312 \Device\Harddisk0\DR0\Partition0 - ok
    15:52:10.0328 4312 Boot (0x1200) (3f759e083daa0bfc53855744e15a6d5a) \Device\Harddisk0\DR0\Partition1
    15:52:10.0328 4312 \Device\Harddisk0\DR0\Partition1 - ok
    15:52:10.0328 4312 ============================================================
    15:52:10.0328 4312 Scan finished
    15:52:10.0328 4312 ============================================================
    15:52:10.0343 4264 Detected object count: 0
    15:52:10.0343 4264 Actual detected object count: 0


    On a side note, my computer has been running ads or something of the sort when no application is pulled up. This happens about every 15 mintues, whether I am on the internet or just looking at a blank screen. Could this have anything to do with the smitfraud?

    Thanks again!

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •