Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: Ransom Virus and many others

  1. #1
    Junior Member
    Join Date
    Feb 2010
    Posts
    20

    Default Ransom Virus and many others

    Hello,

    I have several viruses including the ransom. I have managed to get on the desktop with a lot of use of malwarebytes and Spybot. I also shut down the internet connection and this slows down the regeneration of the virus. I also keep the taskmanager up and kill ipseygu.exe everytime it generates and this appears to slow it down. Appreciate your assistance

    IE will not allow mw toi post attachment on to this website. When I hit the button it brings up a browser to a bogus page and will not allow the selection of a file. I can cut and paste the contents of the Attach file if you request.



    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16483 BrowserJavaVersion: 10.7.2
    Run by Matt at 20:52:33 on 2013-05-15
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.1381 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\AERTSrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Users\Matt\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
    C:\Windows\system32\dldocoms.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\PSIService.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Windows\Explorer.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Dell 968 AIO Printer\dldomon.exe
    C:\Program Files\Dell 968 AIO Printer\memcard.exe
    C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Users\Matt\AppData\Roaming\Axhaehi\ipseygu.exe
    C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe
    C:\Windows\spoolsvc.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
    C:\Users\Matt\AppData\Roaming\Axhaehi\ipseygu.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: Qwiklinx: {3E7C8B5A-96AB-438F-BF9B-782400655440} - c:\users\matt\appdata\roaming\qwiklinx\Qwiklinx.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\matt\appdata\roaming\defaulttab\defaulttab\DefaultTabBHO.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    uRun: [Adobe CSx Manager] c:\users\matt\appdata\roaming\d6eca8fa-bdd5-4019-991b-982afaa6a1e0ad\decafabddbafaaaead.exe
    uRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
    uRun: [msocpc] "c:\windows\system32\rundll32.exe" "c:\users\matt\appdata\roaming\msocpc.dll",WriteString
    uRun: [ashlp] "c:\windows\system32\rundll32.exe" "c:\users\matt\appdata\roaming\ashlp.dll",InPlaceAnd
    uRun: [miurtew] rundll32 "c:\users\matt\appdata\local\miurtew.dll",miurtew
    uRun: [Soqeaddivii] c:\users\matt\appdata\roaming\axhaehi\ipseygu.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [dldomon.exe] "c:\program files\dell 968 aio printer\dldomon.exe"
    mRun: [MemoryCardManager] "c:\program files\dell 968 aio printer\memcard.exe"
    mRun: [Dell 968 AIO Printer Fax Server] "c:\program files\dell 968 aio printer\fm3032.exe" /s
    mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire plus\Corel Photo Downloader.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
    mRun: [MSC] "c:\program files\microsoft security client\mssecex.exe" -hide -runkey
    mRun: [MRT] "c:\windows\system32\MRT.exe" /R
    dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\camera~1.lnk - c:\program files\pixela\everio mediabrowser\MBCameraMonitor.exe
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
    TCP: NameServer = 75.75.75.75 75.75.76.76 192.168.1.1
    TCP: Interfaces\{4EF6EFA6-64CD-49AF-A1CD-823511F6E664} : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
    TCP: Interfaces\{64169AB7-D8F3-421A-BBBB-26BFF19CF8A6} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
    Notify: SDWinLogon - SDWinLogon.dll
    SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
    R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
    R2 DefaultTabUpdate;DefaultTabUpdate;c:\users\matt\appdata\roaming\defaulttab\defaulttab\DTUpdate.exe [2012-11-6 107520]
    R2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe -service --> c:\windows\system32\dldocoms.exe -service [?]
    R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 100328]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-5-14 1103392]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-5-14 1369624]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-5-14 168384]
    R2 SpoolerCache;SpoolerCache;c:\windows\spoolsvc.exe [2013-5-3 229520]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldoserv.exe [2007-10-5 99568]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-8-18 52224]
    .
    =============== Created Last 30 ================
    .
    2013-05-16 00:51:01 60872 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{39624408-596e-459a-857a-06483f94b9bd}\offreg.dll
    2013-05-16 00:02:46 309760 ----a-w- c:\users\matt\acrobatreader53868.exe
    2013-05-16 00:02:46 0 ----a-w- c:\users\matt\acrobatreader55286.exe
    2013-05-16 00:02:42 35328 ----a-w- c:\users\matt\alg48478.exe
    2013-05-16 00:02:38 24447 ----a-w- c:\users\matt\alg588646.exe
    2013-05-15 23:59:56 7016152 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{39624408-596e-459a-857a-06483f94b9bd}\mpengine.dll
    2013-05-15 23:51:30 -------- d-----w- c:\users\matt\appdata\roaming\Axhaehi
    2013-05-15 19:52:39 21317 ----a-w- c:\users\matt\jqs828680.exe
    2013-05-15 18:37:40 17920 ----a-w- c:\users\matt\appdata\local\miurtew.dll
    2013-05-15 18:37:22 309760 ----a-w- c:\users\matt\acrobat590578.exe
    2013-05-15 18:37:22 0 ----a-w- c:\users\matt\acrobat850950.exe
    2013-05-15 18:37:19 50688 ----a-w- c:\users\matt\msconfig701709.exe
    2013-05-15 18:37:19 35328 ----a-w- c:\users\matt\notepad582814.exe
    2013-05-15 07:35:09 405504 ----a-w- c:\users\matt\appdata\roaming\ashlp.dll
    2013-05-15 07:35:01 634880 ----a-w- c:\users\matt\appdata\roaming\msocpc.dll
    2013-05-15 07:34:21 309760 ----a-w- c:\users\matt\java647518.exe
    2013-05-15 07:34:21 0 ----a-w- c:\users\matt\iexplore956429.exe
    2013-05-15 07:34:20 50688 ----a-w- c:\users\matt\spoolsv734849.exe
    2013-05-15 07:31:44 292613 ----a-w- c:\users\matt\icq442766.exe
    2013-05-15 07:31:43 50688 ----a-w- c:\users\matt\rundll32.exe
    2013-05-15 07:31:43 193536 ----a-w- c:\users\matt\chrome125524.exe
    2013-05-15 07:31:43 0 ----a-w- c:\users\matt\windowsupdate357826.exe
    2013-05-15 07:03:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2013-05-15 00:37:54 880128 ----a-w- c:\users\matt\appdata\roaming\F18E.tmp
    2013-05-15 00:37:54 880128 ----a-w- c:\users\matt\appdata\roaming\DB51.tmp
    2013-05-15 00:36:39 309760 ----a-w- c:\users\matt\csrss.exe
    2013-05-15 00:36:38 0 ----a-w- c:\users\matt\firefox.exe
    2013-05-15 00:23:48 388096 ----a-r- c:\users\matt\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2013-05-15 00:23:41 -------- d-----w- c:\program files\Trend Micro
    2013-05-15 00:08:12 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
    2013-05-15 00:08:12 2347520 ----a-w- c:\windows\system32\win32k.sys
    2013-05-15 00:08:12 186368 ----a-w- c:\windows\system32\wwansvc.dll
    2013-05-15 00:08:06 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2013-05-15 00:08:05 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2013-05-15 00:08:01 1796096 ----a-w- c:\windows\system32\authui.dll
    2013-05-15 00:08:01 101720 ----a-w- c:\windows\system32\consent.exe
    2013-05-15 00:08:00 47104 ----a-w- c:\windows\system32\appinfo.dll
    2013-05-15 00:04:49 -------- d-----w- c:\users\matt\appdata\local\Diagnostics
    2013-05-14 22:12:59 0 ----a-w- c:\users\matt\jucheck.exe
    2013-05-14 22:12:52 15224 ----a-w- c:\windows\system32\sdnclean.exe
    2013-05-14 22:12:40 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
    2013-05-14 21:38:17 309760 ----a-w- c:\users\matt\teamviewer.exe
    2013-05-14 21:38:16 0 ----a-w- c:\users\matt\icq.exe
    2013-05-14 21:21:45 49152 ----a-w- c:\users\matt\googleupdate.exe
    2013-05-14 21:20:11 7016152 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2013-05-14 20:55:47 -------- d-----w- c:\users\matt\appdata\roaming\Fiiwso
    2013-05-13 19:22:32 0 ----a-w- c:\users\matt\java.exe
    2013-05-13 17:59:27 0 ----a-w- c:\users\matt\opera.exe
    2013-05-13 17:58:29 247808 ----a-w- c:\users\matt\alg.exe
    2013-05-13 17:58:19 0 ----a-w- c:\users\matt\skype.exe
    2013-05-13 17:52:37 0 ----a-w- c:\users\matt\jqs.exe
    2013-05-13 17:37:05 247808 ----a-w- c:\users\matt\windowsupdate.exe
    2013-05-13 17:37:02 0 ----a-w- c:\users\matt\flashplayer.exe
    2013-05-08 18:15:45 -------- d--h--w- c:\programdata\Common Files
    2013-05-08 18:15:45 -------- d-----w- c:\users\matt\appdata\local\MFAData
    2013-05-08 18:15:45 -------- d-----w- c:\users\matt\appdata\local\Avg2013
    2013-05-08 18:15:45 -------- d-----w- c:\programdata\MFAData
    2013-05-08 17:48:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2013-05-08 11:48:07 -------- d-----w- c:\program files\CCleaner
    2013-05-08 10:39:24 -------- d-----w- c:\users\matt\appdata\local\ElevatedDiagnostics
    2013-05-07 10:57:15 -------- d-----w- c:\users\matt\appdata\roaming\Malwarebytes
    2013-05-07 10:56:55 -------- d-----w- c:\programdata\Malwarebytes
    2013-05-07 10:56:53 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-05-07 10:56:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-05-07 10:56:35 -------- d-----w- c:\users\matt\appdata\local\Programs
    2013-05-06 04:53:46 0 ----a-w- c:\users\matt\mstsc.exe
    2013-05-04 17:56:32 -------- d-----w- c:\users\matt\appdata\roaming\Obhobumu
    2013-05-03 12:13:46 229520 ----a-w- c:\windows\spoolsvc.exe
    2013-05-03 12:11:19 -------- d-----w- c:\users\matt\appdata\roaming\d6eca8fa-bdd5-4019-991b-982afaa6a1e0ad
    2013-05-03 12:10:48 0 ----a-w- c:\users\matt\msconfig.exe
    2013-05-01 11:42:09 706640 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ba549731-1f90-4c52-89a7-edc1a9bea50f}\gapaengine.dll
    2013-05-01 11:18:21 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2013-04-20 12:35:53 -------- d-----w- c:\users\matt\appdata\roaming\Xaruocfe
    .
    ==================== Find3M ====================
    .
    2013-05-09 12:23:07 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2013-05-09 12:21:29 88 --sh--r- c:\windows\system32\E141A877EE.sys
    2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
    2013-04-13 04:45:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
    2013-04-04 22:11:34 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2013-04-04 22:02:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-04-04 22:02:17 1129472 ----a-w- c:\windows\system32\wininet.dll
    2013-04-04 21:58:51 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2013-04-04 21:57:45 420864 ----a-w- c:\windows\system32\vbscript.dll
    2013-03-21 07:20:30 152576 ----a-w- c:\windows\system32\msclmd.dll
    2013-03-19 05:04:13 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-03-19 05:04:10 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-03-19 04:48:45 38912 ----a-w- c:\windows\system32\csrsrv.dll
    2013-03-19 02:49:16 69632 ----a-w- c:\windows\system32\smss.exe
    2013-02-15 04:37:10 3217408 ----a-w- c:\windows\system32\mstscax.dll
    2013-02-15 04:34:10 131584 ----a-w- c:\windows\system32\aaclient.dll
    2013-02-15 03:25:51 36864 ----a-w- c:\windows\system32\tsgqec.dll
    .
    ============= FINISH: 21:07:03.73 ===============






    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-05-15 21:05:35
    -----------------------------
    21:05:35.769 OS Version: Windows 6.1.7601 Service Pack 1
    21:05:35.769 Number of processors: 4 586 0xF0B
    21:05:35.770 ComputerName: MATT-DESKTOP UserName: Matt
    21:05:56.612 Initialize success
    21:28:40.406 AVAST engine defs: 13051501
    21:28:47.738 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    21:28:47.738 Disk 0 Vendor: SAMSUNG_HD501LJ CR100-13 Size: 476940MB BusType: 3
    21:28:47.879 Disk 0 MBR read successfully
    21:28:47.879 Disk 0 MBR scan
    21:28:47.988 Disk 0 Windows 7 default MBR code
    21:28:47.988 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
    21:28:48.019 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 112640
    21:28:48.035 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 466644 MB offset 21084160
    21:28:48.082 Disk 0 scanning sectors +976771072
    21:28:48.191 Disk 0 scanning C:\Windows\system32\drivers
    21:29:05.145 Service scanning
    21:29:18.465 Service FastUserSwitchingCompatibility C:\Windows\C:\Windows\system32\FastUserSwitchingCompatibilityex.dll **LOCKED** 123
    21:29:24.452 Service MpKslc91f6fc3 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{39624408-596E-459A-857A-06483F94B9BD}\MpKslc91f6fc3.sys **LOCKED** 32
    21:29:44.311 Modules scanning
    21:29:48.751 Disk 0 trace - called modules:
    21:29:48.761
    21:29:51.181 AVAST engine scan C:\Windows
    21:29:55.393 AVAST engine scan C:\Windows\system32
    21:33:40.008 AVAST engine scan C:\Windows\system32\drivers
    21:34:05.186 AVAST engine scan C:\Users\Matt
    21:40:15.648 File: C:\Users\Matt\msconfig701709.exe **INFECTED** Win32:Dropper-gen [Drp]
    21:44:46.424 File: C:\Users\Matt\rundll32.exe **INFECTED** Win32:Dropper-gen [Drp]
    21:44:47.173 File: C:\Users\Matt\spoolsv734849.exe **INFECTED** Win32:Dropper-gen [Drp]
    21:44:49.794 AVAST engine scan C:\ProgramData
    21:45:23.537 Scan finished successfully
    21:49:19.635 Disk 0 MBR has been saved successfully to "C:\Users\Matt\Desktop\MBR.dat"
    21:49:19.729 The log file has been saved successfully to "C:\Users\Matt\Desktop\aswMBR.txt"

  2. #2
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi fujymo,

    Thanks for your patience.

    =========================

    1. RogueKiller

    Download to your desktop RogueKiller (by tigzy)

    Right click and select "Run as Administrator"
    • Quit all programs
    • Wait until Prescan has finished ...
    • Click on Scan, Do Not Fix Anything at this point.
    • Click the Report button, save the report to your desktop

    =========================

    In your next post please provide the following:

    • RKreport[1].txt
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  3. #3
    Junior Member
    Join Date
    Feb 2010
    Posts
    20

    Default

    OCD,

    Thanks for getting back to me. Here is the information you requested. I am coping the information to a data stick and transferring it to another computer. I hope only the information is being transferred. Also, using this other computer I was able to upload the attach file that I ws not able to upload via the infected computer.

    Thanks,

    Fujymo

    RKreport[1]_S_05222013_02d1701.txt Attach1.txt

  4. #4
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi fujymo,

    1. Logs

    Please copy & paste all requested logs directly into your reply, do not attach them unless specifically asked to do so. Doing so requires us to download the file to view it which takes extra time. I appreciate your cooperation.

    =========================

    2. TDSSKiller

    Please download TDSSKiller.zip
    • Extract it to your desktop
    • TDSSKiller.exe - Right click and select "Run as Administrator".
    • Press Start Scan
      • Only if Malicious objects are found then ensure Cure is selected
      • Then click Continue > Reboot now
    • Copy and paste the log in your next reply
      • A copy of the log will be saved automatically to the root of the drive (typically C:\)

    =========================

    3. ComboFix

    Refer to the ComboFix User's Guide

    • Download ComboFix from the following location:

      Link

      * IMPORTANT !!! Place ComboFix.exe on your Desktop
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
      You can get help on disabling your protection programs here
    • Double click on ComboFix.exe & follow the prompts.
    • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
    • When finished, it shall produce a log for you. Post that log in your next reply

      Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

      ---------------------------------------------------------------------------------------------
    • Ensure your AntiVirus and AntiSpyware applications are re-enabled.
      ---------------------------------------------------------------------------------------------

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

    =========================

    4. Re-run RogueKiller

    Right click and select "Run as Administrator"
    • Quit all programs
    • Wait until Prescan has finished ...
    • Click on Scan.
    • After the scan has completed click on the Registry tab
    • Wait until the Status box shows "Scan Finished"
    • Click the Delete button
    • Wait until the Status box shows "Deleting Finished"
    • Click the Report button, save the report to your desktop

    =========================

    In your next post please provide the following:

    • TDSSKiller log
    • ComboFix.txt
    • RKreport.txt
    • How is the computer running?
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  5. #5
    Junior Member
    Join Date
    Feb 2010
    Posts
    20

    Default

    OCD,

    I performed the scans and restarted the internet on the computer. It was only a few minutes and "Internet Security 2013" started and shut off Internet explorer and all other programs running and gave an error when trying to restart. I did notice on task manager ohmui.exe started to download as soon as the internet was restarted. I turned the internet back off so it could not download anything else. I had to do the files in three post due to length. Here are the files you requested.

    Thanks again,

    Fujymo

    TDSS LOG

    19:19:44.0182 4240 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
    19:19:44.0307 4240 ============================================================
    19:19:44.0307 4240 Current date / time: 2013/05/22 19:19:44.0307
    19:19:44.0307 4240 SystemInfo:
    19:19:44.0307 4240
    19:19:44.0307 4240 OS Version: 6.1.7601 ServicePack: 1.0
    19:19:44.0307 4240 Product type: Workstation
    19:19:44.0307 4240 ComputerName: MATT-DESKTOP
    19:19:44.0307 4240 UserName: Matt
    19:19:44.0307 4240 Windows directory: C:\Windows
    19:19:44.0307 4240 System windows directory: C:\Windows
    19:19:44.0307 4240 Processor architecture: Intel x86
    19:19:44.0307 4240 Number of processors: 4
    19:19:44.0307 4240 Page size: 0x1000
    19:19:44.0307 4240 Boot type: Normal boot
    19:19:44.0307 4240 ============================================================
    19:19:46.0054 4240 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    19:19:48.0191 4240 Drive \Device\Harddisk1\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    19:19:48.0191 4240 ============================================================
    19:19:48.0191 4240 \Device\Harddisk0\DR0:
    19:19:48.0207 4240 MBR partitions:
    19:19:48.0207 4240 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1400000
    19:19:48.0207 4240 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x141B800, BlocksNum 0x38F6A000
    19:19:48.0207 4240 \Device\Harddisk1\DR3:
    19:19:48.0207 4240 MBR partitions:
    19:19:48.0207 4240 \Device\Harddisk1\DR3\Partition1: MBR, Type 0x7, StartLBA 0x40, BlocksNum 0x74705980
    19:19:48.0207 4240 ============================================================
    19:19:48.0222 4240 C: <-> \Device\Harddisk0\DR0\Partition2
    19:19:48.0300 4240 D: <-> \Device\Harddisk0\DR0\Partition1
    19:19:48.0363 4240 F: <-> \Device\Harddisk1\DR3\Partition1
    19:19:48.0363 4240 ============================================================
    19:19:48.0363 4240 Initialize success
    19:19:48.0363 4240 ============================================================
    19:20:03.0573 5260 ============================================================
    19:20:03.0573 5260 Scan started
    19:20:03.0573 5260 Mode: Manual;
    19:20:03.0573 5260 ============================================================
    19:20:03.0947 5260 ================ Scan system memory ========================
    19:20:03.0947 5260 System memory - ok
    19:20:03.0963 5260 ================ Scan services =============================
    19:20:04.0852 5260 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    19:20:04.0868 5260 1394ohci - ok
    19:20:04.0930 5260 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    19:20:04.0946 5260 ACPI - ok
    19:20:04.0977 5260 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    19:20:04.0977 5260 AcpiPmi - ok
    19:20:05.0039 5260 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    19:20:05.0055 5260 AdobeFlashPlayerUpdateSvc - ok
    19:20:05.0117 5260 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    19:20:05.0117 5260 adp94xx - ok
    19:20:05.0148 5260 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    19:20:05.0164 5260 adpahci - ok
    19:20:05.0195 5260 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    19:20:05.0211 5260 adpu320 - ok
    19:20:05.0289 5260 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    19:20:05.0320 5260 AeLookupSvc - ok
    19:20:05.0367 5260 [ 330A1E4DF07C2E29949ED8631CD8828E ] AERTFilters C:\Windows\system32\AERTSrv.exe
    19:20:05.0367 5260 AERTFilters - ok
    19:20:05.0429 5260 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
    19:20:05.0429 5260 AFD - ok
    19:20:05.0476 5260 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
    19:20:05.0507 5260 agp440 - ok
    19:20:05.0538 5260 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
    19:20:05.0538 5260 aic78xx - ok
    19:20:05.0570 5260 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
    19:20:05.0570 5260 ALG - ok
    19:20:05.0601 5260 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
    19:20:05.0601 5260 aliide - ok
    19:20:05.0663 5260 [ F970EA885AEFEB1B9EB97CA7F1EB226D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    19:20:05.0663 5260 AMD External Events Utility - ok
    19:20:05.0694 5260 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
    19:20:05.0694 5260 amdagp - ok
    19:20:05.0726 5260 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
    19:20:05.0726 5260 amdide - ok
    19:20:05.0741 5260 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    19:20:05.0741 5260 AmdK8 - ok
    19:20:06.0755 5260 [ AB70F110143892EB41AA46500AA5CF00 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    19:20:06.0942 5260 amdkmdag - ok
    19:20:07.0083 5260 [ 32D68D05B871EED5572D0C2C764EA4EC ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
    19:20:07.0114 5260 amdkmdap - ok
    19:20:07.0161 5260 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    19:20:07.0161 5260 AmdPPM - ok
    19:20:07.0192 5260 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
    19:20:07.0192 5260 amdsata - ok
    19:20:07.0223 5260 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    19:20:07.0223 5260 amdsbs - ok
    19:20:07.0223 5260 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    19:20:07.0223 5260 amdxata - ok
    19:20:07.0286 5260 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
    19:20:07.0301 5260 AppID - ok
    19:20:07.0348 5260 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    19:20:07.0364 5260 AppIDSvc - ok
    19:20:07.0395 5260 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
    19:20:07.0410 5260 Appinfo - ok
    19:20:07.0551 5260 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    19:20:07.0566 5260 Apple Mobile Device - ok
    19:20:07.0582 5260 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
    19:20:07.0582 5260 arc - ok
    19:20:07.0598 5260 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    19:20:07.0598 5260 arcsas - ok
    19:20:07.0629 5260 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    19:20:07.0629 5260 AsyncMac - ok
    19:20:07.0676 5260 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
    19:20:07.0676 5260 atapi - ok
    19:20:07.0863 5260 [ B01751CC563AECAC09BBE36AAA21FBEF ] athr C:\Windows\system32\DRIVERS\athr.sys
    19:20:07.0910 5260 athr - ok
    19:20:09.0236 5260 [ AB70F110143892EB41AA46500AA5CF00 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    19:20:09.0282 5260 atikmdag - ok
    19:20:09.0501 5260 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    19:20:09.0532 5260 AudioEndpointBuilder - ok
    19:20:09.0548 5260 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
    19:20:09.0548 5260 Audiosrv - ok
    19:20:09.0579 5260 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
    19:20:09.0579 5260 AxInstSV - ok
    19:20:09.0641 5260 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
    19:20:09.0641 5260 b06bdrv - ok
    19:20:09.0672 5260 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
    19:20:09.0672 5260 b57nd60x - ok
    19:20:09.0750 5260 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
    19:20:09.0766 5260 BDESVC - ok
    19:20:09.0797 5260 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
    19:20:09.0813 5260 Beep - ok
    19:20:09.0844 5260 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
    19:20:09.0875 5260 BFE - ok
    19:20:09.0922 5260 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
    19:20:09.0938 5260 BITS - ok
    19:20:09.0969 5260 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    19:20:10.0000 5260 blbdrive - ok
    19:20:10.0156 5260 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    19:20:10.0203 5260 Bonjour Service - ok
    19:20:10.0218 5260 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    19:20:10.0265 5260 bowser - ok
    19:20:10.0281 5260 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    19:20:10.0281 5260 BrFiltLo - ok
    19:20:10.0296 5260 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    19:20:10.0296 5260 BrFiltUp - ok
    19:20:10.0343 5260 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
    19:20:10.0343 5260 Browser - ok
    19:20:10.0359 5260 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    19:20:10.0374 5260 Brserid - ok
    19:20:10.0390 5260 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    19:20:10.0390 5260 BrSerWdm - ok
    19:20:10.0406 5260 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    19:20:10.0406 5260 BrUsbMdm - ok
    19:20:10.0421 5260 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    19:20:10.0421 5260 BrUsbSer - ok
    19:20:10.0421 5260 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    19:20:10.0437 5260 BTHMODEM - ok
    19:20:10.0484 5260 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
    19:20:10.0499 5260 bthserv - ok
    19:20:10.0530 5260 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    19:20:10.0530 5260 cdfs - ok
    19:20:10.0593 5260 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    19:20:10.0593 5260 cdrom - ok
    19:20:10.0655 5260 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
    19:20:10.0655 5260 CertPropSvc - ok
    19:20:10.0686 5260 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    19:20:10.0686 5260 circlass - ok
    19:20:10.0733 5260 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
    19:20:10.0749 5260 CLFS - ok
    19:20:10.0827 5260 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    19:20:10.0842 5260 clr_optimization_v2.0.50727_32 - ok
    19:20:10.0905 5260 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    19:20:10.0920 5260 clr_optimization_v4.0.30319_32 - ok
    19:20:10.0936 5260 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    19:20:10.0952 5260 CmBatt - ok
    19:20:10.0967 5260 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
    19:20:10.0967 5260 cmdide - ok
    19:20:11.0014 5260 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
    19:20:11.0030 5260 CNG - ok
    19:20:11.0061 5260 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    19:20:11.0061 5260 Compbatt - ok
    19:20:11.0108 5260 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    19:20:11.0108 5260 CompositeBus - ok
    19:20:11.0123 5260 COMSysApp - ok
    19:20:11.0139 5260 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    19:20:11.0139 5260 crcdisk - ok
    19:20:11.0201 5260 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
    19:20:11.0217 5260 CryptSvc - ok
    19:20:11.0279 5260 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
    19:20:11.0326 5260 DcomLaunch - ok
    19:20:11.0856 5260 [ 34AE0DFA3EE3B5B9975042D87332D0B7 ] DefaultTabUpdate C:\Users\Matt\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
    19:20:11.0888 5260 DefaultTabUpdate - ok
    19:20:11.0934 5260 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
    19:20:11.0934 5260 defragsvc - ok
    19:20:11.0981 5260 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    19:20:11.0997 5260 DfsC - ok
    19:20:12.0028 5260 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
    19:20:12.0044 5260 Dhcp - ok
    19:20:12.0090 5260 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
    19:20:12.0090 5260 discache - ok
    19:20:12.0122 5260 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
    19:20:12.0122 5260 Disk - ok
    19:20:12.0278 5260 [ EAF0EEA0687BEB6A6B0287F6E84C5435 ] dldoCATSCustConnectService C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldoserv.exe
    19:20:12.0324 5260 dldoCATSCustConnectService - ok
    19:20:12.0340 5260 dldo_device - ok
    19:20:12.0371 5260 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    19:20:12.0418 5260 Dnscache - ok
    19:20:12.0480 5260 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
    19:20:12.0512 5260 dot3svc - ok
    19:20:12.0558 5260 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
    19:20:12.0558 5260 DPS - ok
    19:20:12.0605 5260 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    19:20:12.0605 5260 drmkaud - ok
    19:20:12.0652 5260 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    19:20:12.0668 5260 DXGKrnl - ok
    19:20:12.0683 5260 [ CF0A6015F437161698C5B2A0A12CF052 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
    19:20:12.0699 5260 e1express - ok
    19:20:12.0730 5260 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
    19:20:12.0746 5260 EapHost - ok
    19:20:13.0198 5260 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
    19:20:13.0292 5260 ebdrv - ok
    19:20:13.0323 5260 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
    19:20:13.0338 5260 EFS - ok
    19:20:13.0713 5260 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    19:20:13.0728 5260 ehRecvr - ok
    19:20:13.0775 5260 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
    19:20:13.0791 5260 ehSched - ok
    19:20:13.0853 5260 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    19:20:13.0869 5260 elxstor - ok
    19:20:13.0900 5260 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
    19:20:13.0900 5260 ErrDev - ok
    19:20:13.0962 5260 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
    19:20:13.0978 5260 EventSystem - ok
    19:20:13.0994 5260 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
    19:20:13.0994 5260 exfat - ok
    19:20:14.0009 5260 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    19:20:14.0025 5260 fastfat - ok
    19:20:14.0040 5260 FastUserSwitchingCompatibility - ok
    19:20:14.0087 5260 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
    19:20:14.0103 5260 Fax - ok
    19:20:14.0118 5260 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    19:20:14.0118 5260 fdc - ok
    19:20:14.0134 5260 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
    19:20:14.0150 5260 fdPHost - ok
    19:20:14.0181 5260 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
    19:20:14.0181 5260 FDResPub - ok
    19:20:14.0196 5260 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    19:20:14.0196 5260 FileInfo - ok
    19:20:14.0212 5260 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    19:20:14.0212 5260 Filetrace - ok
    19:20:14.0212 5260 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    19:20:14.0228 5260 flpydisk - ok
    19:20:14.0243 5260 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    19:20:14.0243 5260 FltMgr - ok
    19:20:14.0337 5260 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
    19:20:14.0368 5260 FontCache - ok
    19:20:14.0555 5260 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    19:20:14.0555 5260 FontCache3.0.0.0 - ok
    19:20:14.0586 5260 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    19:20:14.0586 5260 FsDepends - ok
    19:20:14.0618 5260 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    19:20:14.0618 5260 Fs_Rec - ok
    19:20:14.0664 5260 [ 5502FF5AE50FDFA3D37367418D9E0EF9 ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys
    19:20:14.0664 5260 FTDIBUS - ok
    19:20:14.0680 5260 [ 8086BE20DB3D4EF8638A7A9983D30F9E ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys
    19:20:14.0680 5260 FTSER2K - ok
    19:20:14.0774 5260 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    19:20:14.0789 5260 fvevol - ok
    19:20:14.0836 5260 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    19:20:14.0852 5260 gagp30kx - ok
    19:20:14.0883 5260 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    19:20:14.0898 5260 GEARAspiWDM - ok
    19:20:14.0945 5260 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
    19:20:14.0976 5260 gpsvc - ok
    19:20:14.0992 5260 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    19:20:14.0992 5260 hcw85cir - ok
    19:20:15.0054 5260 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    19:20:15.0054 5260 HdAudAddService - ok
    19:20:15.0117 5260 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    19:20:15.0117 5260 HDAudBus - ok
    19:20:15.0132 5260 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    19:20:15.0132 5260 HidBatt - ok
    19:20:15.0164 5260 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    19:20:15.0164 5260 HidBth - ok
    19:20:15.0179 5260 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    19:20:15.0195 5260 HidIr - ok
    19:20:15.0226 5260 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
    19:20:15.0257 5260 hidserv - ok
    19:20:15.0304 5260 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    19:20:15.0320 5260 HidUsb - ok
    19:20:15.0366 5260 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
    19:20:15.0382 5260 hkmsvc - ok
    19:20:15.0444 5260 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    19:20:15.0460 5260 HomeGroupListener - ok
    19:20:15.0491 5260 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    19:20:15.0491 5260 HomeGroupProvider - ok
    19:20:15.0538 5260 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    19:20:15.0554 5260 HpSAMD - ok
    19:20:15.0616 5260 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    19:20:15.0632 5260 HTTP - ok
    19:20:15.0663 5260 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    19:20:15.0663 5260 hwpolicy - ok
    19:20:15.0710 5260 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    19:20:15.0710 5260 i8042prt - ok
    19:20:15.0725 5260 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    19:20:15.0725 5260 iaStorV - ok
    19:20:15.0959 5260 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    19:20:15.0990 5260 idsvc - ok
    19:20:16.0037 5260 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    19:20:16.0053 5260 iirsp - ok
    19:20:16.0084 5260 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
    19:20:16.0115 5260 IKEEXT - ok
    19:20:16.0630 5260 [ F8F53C5449F15B23D4C61D51D2701DA8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
    19:20:16.0677 5260 IntcAzAudAddService - ok
    19:20:16.0724 5260 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
    19:20:16.0739 5260 intelide - ok
    19:20:16.0802 5260 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    19:20:16.0802 5260 intelppm - ok
    19:20:16.0864 5260 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    19:20:16.0880 5260 IPBusEnum - ok
    19:20:16.0895 5260 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    19:20:16.0895 5260 IpFilterDriver - ok
    19:20:17.0004 5260 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    19:20:17.0036 5260 iphlpsvc - ok
    19:20:17.0082 5260 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    19:20:17.0098 5260 IPMIDRV - ok
    19:20:17.0129 5260 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    19:20:17.0129 5260 IPNAT - ok
    19:20:17.0223 5260 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    19:20:17.0254 5260 iPod Service - ok
    19:20:17.0270 5260 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
    19:20:17.0285 5260 IRENUM - ok
    19:20:17.0301 5260 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    19:20:17.0301 5260 isapnp - ok
    19:20:17.0363 5260 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    19:20:17.0379 5260 iScsiPrt - ok
    19:20:17.0394 5260 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    19:20:17.0394 5260 kbdclass - ok
    19:20:17.0426 5260 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    19:20:17.0426 5260 kbdhid - ok
    19:20:17.0441 5260 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
    19:20:17.0441 5260 KeyIso - ok
    19:20:17.0488 5260 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    19:20:17.0519 5260 KSecDD - ok
    19:20:17.0550 5260 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    19:20:17.0582 5260 KSecPkg - ok
    19:20:17.0644 5260 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
    19:20:17.0644 5260 KtmRm - ok
    19:20:17.0675 5260 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
    19:20:17.0675 5260 LanmanServer - ok
    19:20:17.0691 5260 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    19:20:17.0722 5260 LanmanWorkstation - ok
    19:20:17.0784 5260 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    19:20:17.0784 5260 lltdio - ok
    19:20:17.0847 5260 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    19:20:17.0862 5260 lltdsvc - ok
    19:20:17.0894 5260 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
    19:20:17.0894 5260 lmhosts - ok
    19:20:17.0909 5260 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    19:20:17.0909 5260 LSI_FC - ok
    19:20:17.0940 5260 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    19:20:17.0940 5260 LSI_SAS - ok
    19:20:17.0956 5260 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    19:20:17.0956 5260 LSI_SAS2 - ok
    19:20:17.0972 5260 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    19:20:17.0972 5260 LSI_SCSI - ok
    19:20:18.0003 5260 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
    19:20:18.0003 5260 luafv - ok
    19:20:18.0050 5260 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    19:20:18.0065 5260 Mcx2Svc - ok
    19:20:18.0081 5260 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    19:20:18.0096 5260 megasas - ok
    19:20:18.0112 5260 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    19:20:18.0128 5260 MegaSR - ok
    19:20:18.0143 5260 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
    19:20:18.0143 5260 MMCSS - ok
    19:20:18.0174 5260 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
    19:20:18.0174 5260 Modem - ok
    19:20:18.0206 5260 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    19:20:18.0221 5260 monitor - ok
    19:20:18.0252 5260 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    19:20:18.0252 5260 mouclass - ok
    19:20:18.0252 5260 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    19:20:18.0252 5260 mouhid - ok
    19:20:18.0299 5260 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    19:20:18.0299 5260 mountmgr - ok
    19:20:18.0377 5260 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    19:20:18.0393 5260 MpFilter - ok
    19:20:18.0440 5260 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
    19:20:18.0471 5260 mpio - ok
    19:20:18.0798 5260 [ A69630D039C38018689190234F866D77 ] MpKslc832e0a3 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CFCD9E9D-55A8-410D-AA1E-0EC1A02B4CAB}\MpKslc832e0a3.sys
    19:20:18.0830 5260 MpKslc832e0a3 - ok
    19:20:18.0876 5260 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    19:20:18.0892 5260 mpsdrv - ok
    19:20:18.0923 5260 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
    19:20:18.0954 5260 MpsSvc - ok
    19:20:19.0001 5260 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    19:20:19.0017 5260 MRxDAV - ok
    19:20:19.0064 5260 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    19:20:19.0064 5260 mrxsmb - ok
    19:20:19.0079 5260 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    19:20:19.0079 5260 mrxsmb10 - ok
    19:20:19.0095 5260 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    19:20:19.0095 5260 mrxsmb20 - ok
    19:20:19.0110 5260 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
    19:20:19.0110 5260 msahci - ok
    19:20:19.0157 5260 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    19:20:19.0157 5260 msdsm - ok
    19:20:19.0173 5260 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
    19:20:19.0204 5260 MSDTC - ok
    19:20:19.0220 5260 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
    19:20:19.0220 5260 Msfs - ok
    19:20:19.0235 5260 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    19:20:19.0235 5260 mshidkmdf - ok
    19:20:19.0282 5260 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    19:20:19.0298 5260 msisadrv - ok
    19:20:19.0344 5260 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    19:20:19.0360 5260 MSiSCSI - ok
    19:20:19.0360 5260 msiserver - ok
    19:20:19.0376 5260 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    19:20:19.0376 5260 MSKSSRV - ok
    19:20:19.0469 5260 [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
    19:20:19.0469 5260 MsMpSvc - ok
    19:20:19.0500 5260 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    19:20:19.0516 5260 MSPCLOCK - ok
    19:20:19.0532 5260 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    19:20:19.0532 5260 MSPQM - ok
    19:20:19.0547 5260 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    19:20:19.0547 5260 MsRPC - ok
    19:20:19.0563 5260 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    19:20:19.0578 5260 mssmbios - ok
    19:20:19.0578 5260 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    19:20:19.0578 5260 MSTEE - ok
    19:20:19.0594 5260 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    19:20:19.0594 5260 MTConfig - ok
    19:20:19.0610 5260 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
    19:20:19.0610 5260 Mup - ok
    19:20:19.0672 5260 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
    19:20:19.0672 5260 napagent - ok
    19:20:19.0750 5260 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    19:20:19.0766 5260 NativeWifiP - ok
    19:20:19.0812 5260 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
    19:20:19.0828 5260 NDIS - ok
    19:20:19.0844 5260 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    19:20:19.0844 5260 NdisCap - ok
    19:20:19.0875 5260 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    19:20:19.0875 5260 NdisTapi - ok
    19:20:19.0906 5260 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    19:20:19.0906 5260 Ndisuio - ok
    19:20:19.0953 5260 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    19:20:19.0968 5260 NdisWan - ok
    19:20:20.0015 5260 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    19:20:20.0031 5260 NDProxy - ok
    19:20:20.0046 5260 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    19:20:20.0046 5260 NetBIOS - ok
    19:20:20.0078 5260 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    19:20:20.0078 5260 NetBT - ok
    19:20:20.0109 5260 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
    19:20:20.0109 5260 Netlogon - ok
    19:20:20.0171 5260 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
    19:20:20.0187 5260 Netman - ok
    19:20:20.0202 5260 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
    19:20:20.0218 5260 netprofm - ok
    19:20:20.0312 5260 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    19:20:20.0327 5260 NetTcpPortSharing - ok
    19:20:20.0358 5260 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    19:20:20.0358 5260 nfrd960 - ok
    19:20:20.0405 5260 [ 832E098BCA8235436FE2D8AE50AC3718 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    19:20:20.0405 5260 NisDrv - ok
    19:20:20.0499 5260 [ E570ECA850F30EB740C2E9699DF3D2BD ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
    19:20:20.0514 5260 NisSrv - ok
    19:20:20.0546 5260 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
    19:20:20.0561 5260 NlaSvc - ok
    19:20:20.0577 5260 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
    19:20:20.0577 5260 Npfs - ok
    19:20:20.0608 5260 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
    19:20:20.0624 5260 nsi - ok
    19:20:20.0655 5260 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    19:20:20.0655 5260 nsiproxy - ok
    19:20:20.0702 5260 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    19:20:20.0733 5260 Ntfs - ok
    19:20:20.0748 5260 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
    19:20:20.0748 5260 Null - ok
    19:20:20.0811 5260 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    19:20:20.0811 5260 nvraid - ok
    19:20:20.0826 5260 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    19:20:20.0826 5260 nvstor - ok
    19:20:20.0842 5260 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    19:20:20.0842 5260 nv_agp - ok
    19:20:20.0920 5260 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    19:20:20.0936 5260 odserv - ok
    19:20:20.0967 5260 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    19:20:20.0982 5260 ohci1394 - ok
    19:20:21.0045 5260 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    19:20:21.0076 5260 ose - ok
    19:20:21.0138 5260 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    19:20:21.0154 5260 p2pimsvc - ok
    19:20:21.0201 5260 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
    19:20:21.0216 5260 p2psvc - ok
    19:20:21.0248 5260 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    19:20:21.0248 5260 Parport - ok
    19:20:21.0294 5260 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
    19:20:21.0310 5260 partmgr - ok
    19:20:21.0326 5260 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
    19:20:21.0326 5260 Parvdm - ok
    19:20:21.0372 5260 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
    19:20:21.0388 5260 PcaSvc - ok
    19:20:21.0404 5260 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
    19:20:21.0404 5260 pci - ok
    19:20:21.0450 5260 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
    19:20:21.0450 5260 pciide - ok
    19:20:21.0482 5260 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    19:20:21.0482 5260 pcmcia - ok
    19:20:21.0497 5260 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
    19:20:21.0497 5260 pcw - ok
    19:20:21.0528 5260 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    19:20:21.0544 5260 PEAUTH - ok
    19:20:21.0622 5260 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
    19:20:21.0653 5260 pla - ok
    19:20:21.0731 5260 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    19:20:21.0762 5260 PlugPlay - ok
    19:20:21.0809 5260 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    19:20:21.0825 5260 PNRPAutoReg - ok
    19:20:21.0856 5260 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    19:20:21.0856 5260 PNRPsvc - ok
    19:20:21.0872 5260 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    19:20:21.0903 5260 PolicyAgent - ok
    19:20:21.0918 5260 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
    19:20:21.0934 5260 Power - ok
    19:20:21.0981 5260 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    19:20:21.0996 5260 PptpMiniport - ok
    19:20:22.0012 5260 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
    19:20:22.0012 5260 Processor - ok
    19:20:22.0059 5260 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
    19:20:22.0059 5260 ProfSvc - ok
    19:20:22.0074 5260 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
    19:20:22.0074 5260 ProtectedStorage - ok
    19:20:22.0137 5260 [ 64E413BA0C529AA40C3924BBCC4153DB ] ProtexisLicensing C:\Windows\system32\PSIService.exe
    19:20:22.0168 5260 ProtexisLicensing - ok
    19:20:22.0184 5260 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    19:20:22.0184 5260 Psched - ok
    19:20:22.0340 5260 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    19:20:22.0386 5260 ql2300 - ok
    19:20:22.0402 5260 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    19:20:22.0402 5260 ql40xx - ok
    19:20:22.0449 5260 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
    19:20:22.0496 5260 QWAVE - ok
    19:20:22.0511 5260 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    19:20:22.0511 5260 QWAVEdrv - ok
    19:20:22.0527 5260 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    19:20:22.0527 5260 RasAcd - ok
    19:20:22.0589 5260 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    19:20:22.0605 5260 RasAgileVpn - ok
    19:20:22.0620 5260 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
    19:20:22.0620 5260 RasAuto - ok
    19:20:22.0636 5260 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    19:20:22.0652 5260 Rasl2tp - ok
    19:20:22.0714 5260 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
    19:20:22.0714 5260 RasMan - ok
    19:20:22.0745 5260 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    19:20:22.0745 5260 RasPppoe - ok
    19:20:22.0745 5260 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    19:20:22.0761 5260 RasSstp - ok
    19:20:22.0839 5260 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    19:20:22.0901 5260 rdbss - ok
    19:20:22.0948 5260 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    19:20:22.0948 5260 rdpbus - ok
    19:20:22.0995 5260 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    19:20:22.0995 5260 RDPCDD - ok
    19:20:23.0026 5260 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    19:20:23.0026 5260 RDPENCDD - ok
    19:20:23.0042 5260 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    19:20:23.0042 5260 RDPREFMP - ok
    19:20:23.0104 5260 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    19:20:23.0104 5260 RDPWD - ok
    19:20:23.0151 5260 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    19:20:23.0166 5260 rdyboost - ok
    19:20:23.0198 5260 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
    19:20:23.0244 5260 RemoteAccess - ok
    19:20:23.0276 5260 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    19:20:23.0291 5260 RemoteRegistry - ok
    19:20:23.0322 5260 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    19:20:23.0338 5260 RpcEptMapper - ok
    19:20:23.0369 5260 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
    19:20:23.0369 5260 RpcLocator - ok
    19:20:23.0385 5260 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
    19:20:23.0400 5260 RpcSs - ok
    19:20:23.0416 5260 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    19:20:23.0432 5260 rspndr - ok
    19:20:23.0463 5260 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
    19:20:23.0463 5260 SamSs - ok
    19:20:23.0494 5260 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    19:20:23.0494 5260 sbp2port - ok
    19:20:23.0541 5260 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    19:20:23.0556 5260 SCardSvr - ok
    19:20:23.0588 5260 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    19:20:23.0588 5260 scfilter - ok
    19:20:23.0790 5260 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
    19:20:23.0822 5260 Schedule - ok
    19:20:23.0837 5260 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
    19:20:23.0837 5260 SCPolicySvc - ok
    19:20:23.0900 5260 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    19:20:23.0931 5260 SDRSVC - ok
    19:20:24.0118 5260 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    19:20:24.0165 5260 SDScannerService - ok
    19:20:24.0212 5260 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    19:20:24.0227 5260 SDUpdateService - ok
    19:20:24.0258 5260 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    19:20:24.0258 5260 SDWSCService - ok
    19:20:24.0321 5260 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    19:20:24.0336 5260 secdrv - ok
    19:20:24.0368 5260 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
    19:20:24.0383 5260 seclogon - ok
    19:20:24.0414 5260 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
    19:20:24.0414 5260 SENS - ok
    19:20:24.0446 5260 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
    19:20:24.0477 5260 SensrSvc - ok
    19:20:24.0508 5260 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    19:20:24.0508 5260 Serenum - ok
    19:20:24.0524 5260 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    19:20:24.0524 5260 Serial - ok
    19:20:24.0555 5260 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    19:20:24.0555 5260 sermouse - ok
    19:20:24.0602 5260 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
    19:20:24.0617 5260 SessionEnv - ok
    19:20:24.0664 5260 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    19:20:24.0680 5260 sffdisk - ok
    19:20:24.0695 5260 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    19:20:24.0695 5260 sffp_mmc - ok
    19:20:24.0711 5260 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    19:20:24.0711 5260 sffp_sd - ok
    19:20:24.0726 5260 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    19:20:24.0726 5260 sfloppy - ok
    19:20:24.0820 5260 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
    19:20:24.0836 5260 SharedAccess - ok
    19:20:24.0867 5260 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    19:20:24.0882 5260 ShellHWDetection - ok
    19:20:24.0898 5260 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
    19:20:24.0898 5260 sisagp - ok
    19:20:24.0929 5260 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    19:20:24.0929 5260 SiSRaid2 - ok
    19:20:24.0945 5260 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    19:20:24.0945 5260 SiSRaid4 - ok
    19:20:24.0976 5260 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
    19:20:24.0992 5260 Smb - ok
    19:20:25.0038 5260 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    19:20:25.0038 5260 SNMPTRAP - ok
    19:20:25.0054 5260 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
    19:20:25.0054 5260 spldr - ok
    19:20:25.0116 5260 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
    19:20:25.0116 5260 Spooler - ok
    19:20:25.0179 5260 [ B6EEE5B77579BD2C6F847CF807821B47 ] SpoolerCache C:\Windows\spoolsvc.exe
    19:20:25.0194 5260 SpoolerCache - ok
    19:20:25.0943 5260 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
    19:20:26.0006 5260 sppsvc - ok
    19:20:26.0084 5260 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    19:20:26.0099 5260 sppuinotify - ok
    19:20:26.0208 5260 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
    19:20:26.0224 5260 srv - ok
    19:20:26.0255 5260 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    19:20:26.0271 5260 srv2 - ok
    19:20:26.0286 5260 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    19:20:26.0286 5260 srvnet - ok
    19:20:26.0333 5260 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    19:20:26.0333 5260 SSDPSRV - ok
    19:20:26.0364 5260 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
    19:20:26.0364 5260 SstpSvc - ok
    19:20:26.0396 5260 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    19:20:26.0396 5260 stexstor - ok
    19:20:26.0458 5260 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
    19:20:26.0474 5260 StiSvc - ok
    19:20:26.0520 5260 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
    19:20:26.0520 5260 swenum - ok
    19:20:26.0552 5260 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
    19:20:26.0552 5260 swprv - ok
    19:20:26.0645 5260 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
    19:20:26.0676 5260 SysMain - ok
    19:20:26.0708 5260 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
    19:20:26.0723 5260 TabletInputService - ok
    19:20:26.0770 5260 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
    19:20:26.0770 5260 TapiSrv - ok
    19:20:26.0817 5260 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
    19:20:26.0848 5260 TBS - ok
    19:20:27.0066 5260 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    19:20:27.0113 5260 Tcpip - ok
    19:20:27.0160 5260 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    19:20:27.0160 5260 TCPIP6 - ok
    19:20:27.0207 5260 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    19:20:27.0207 5260 tcpipreg - ok
    19:20:27.0269 5260 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    19:20:27.0285 5260 TDPIPE - ok
    19:20:27.0300 5260 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    19:20:27.0300 5260 TDTCP - ok
    19:20:27.0332 5260 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    19:20:27.0332 5260 tdx - ok
    19:20:27.0363 5260 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
    19:20:27.0378 5260 TermDD - ok
    19:20:27.0425 5260 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
    19:20:27.0441 5260 TermService - ok
    19:20:27.0472 5260 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
    19:20:27.0488 5260 Themes - ok
    19:20:27.0503 5260 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
    19:20:27.0519 5260 THREADORDER - ok
    19:20:27.0519 5260 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
    19:20:27.0550 5260 TrkWks - ok
    19:20:27.0628 5260 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    19:20:27.0644 5260 TrustedInstaller - ok
    19:20:27.0659 5260 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    19:20:27.0675 5260 tssecsrv - ok
    19:20:27.0722 5260 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    19:20:27.0722 5260 TsUsbFlt - ok
    19:20:27.0784 5260 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    19:20:27.0784 5260 tunnel - ok
    19:20:27.0831 5260 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    19:20:27.0831 5260 uagp35 - ok
    19:20:27.0846 5260 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    19:20:27.0846 5260 udfs - ok
    19:20:27.0893 5260 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    19:20:27.0893 5260 UI0Detect - ok
    19:20:27.0924 5260 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    19:20:27.0924 5260 uliagpkx - ok
    19:20:27.0971 5260 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
    19:20:27.0987 5260 umbus - ok
    19:20:28.0002 5260 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    19:20:28.0002 5260 UmPass - ok
    19:20:28.0034 5260 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
    19:20:28.0034 5260 upnphost - ok
    19:20:28.0080 5260 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
    19:20:28.0080 5260 USBAAPL - ok
    19:20:28.0143 5260 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    19:20:28.0158 5260 usbccgp - ok
    19:20:28.0174 5260 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    19:20:28.0174 5260 usbcir - ok
    19:20:28.0221 5260 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    19:20:28.0236 5260 usbehci - ok
    19:20:28.0314 5260 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    19:20:28.0314 5260 usbhub - ok
    19:20:28.0346 5260 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    19:20:28.0346 5260 usbohci - ok
    19:20:28.0377 5260 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    19:20:28.0377 5260 usbprint - ok
    19:20:28.0408 5260 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    19:20:28.0408 5260 usbscan - ok
    19:20:28.0455 5260 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    19:20:28.0470 5260 USBSTOR - ok
    19:20:28.0517 5260 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    19:20:28.0517 5260 usbuhci - ok
    19:20:28.0564 5260 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
    19:20:28.0580 5260 UxSms - ok
    19:20:28.0595 5260 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
    19:20:28.0595 5260 VaultSvc - ok
    19:20:28.0626 5260 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    19:20:28.0626 5260 vdrvroot - ok
    19:20:28.0689 5260 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
    19:20:28.0704 5260 vds - ok
    19:20:28.0704 5260 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    19:20:28.0720 5260 vga - ok
    19:20:28.0736 5260 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
    19:20:28.0736 5260 VgaSave - ok
    19:20:28.0767 5260 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    19:20:28.0782 5260 vhdmp - ok
    19:20:28.0814 5260 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
    19:20:28.0814 5260 viaagp - ok
    19:20:28.0829 5260 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
    19:20:28.0829 5260 ViaC7 - ok
    19:20:28.0845 5260 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
    19:20:28.0845 5260 viaide - ok
    19:20:28.0860 5260 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    19:20:28.0860 5260 volmgr - ok
    19:20:28.0876 5260 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    19:20:28.0892 5260 volmgrx - ok
    19:20:28.0907 5260 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    19:20:28.0907 5260 volsnap - ok
    19:20:28.0938 5260 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    19:20:28.0954 5260 vsmraid - ok
    19:20:29.0110 5260 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
    19:20:29.0126 5260 VSS - ok
    19:20:29.0141 5260 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    19:20:29.0157 5260 vwifibus - ok
    19:20:29.0172 5260 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    19:20:29.0172 5260 vwififlt - ok
    19:20:29.0219 5260 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
    19:20:29.0235 5260 W32Time - ok
    19:20:29.0266 5260 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    19:20:29.0282 5260 WacomPen - ok
    19:20:29.0344 5260 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    19:20:29.0344 5260 WANARP - ok
    19:20:29.0344 5260 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    19:20:29.0344 5260 Wanarpv6 - ok
    19:20:29.0672 5260 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    19:20:29.0734 5260 WatAdminSvc - ok
    19:20:29.0796 5260 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
    19:20:29.0843 5260 wbengine - ok
    19:20:29.0874 5260 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    19:20:29.0890 5260 WbioSrvc - ok
    19:20:29.0937 5260 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
    19:20:29.0937 5260 wcncsvc - ok
    19:20:29.0952 5260 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    19:20:29.0968 5260 WcsPlugInService - ok
    19:20:29.0999 5260 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
    19:20:30.0015 5260 Wd - ok
    19:20:30.0062 5260 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    19:20:30.0077 5260 Wdf01000 - ok
    19:20:30.0093 5260 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
    19:20:30.0108 5260 WdiServiceHost - ok
    19:20:30.0108 5260 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
    19:20:30.0108 5260 WdiSystemHost - ok
    19:20:30.0155 5260 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
    19:20:30.0171 5260 WebClient - ok
    19:20:30.0186 5260 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
    19:20:30.0202 5260 Wecsvc - ok
    19:20:30.0218 5260 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
    19:20:30.0218 5260 wercplsupport - ok
    19:20:30.0264 5260 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
    19:20:30.0264 5260 WerSvc - ok
    19:20:30.0296 5260 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    19:20:30.0296 5260 WfpLwf - ok
    19:20:30.0311 5260 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    19:20:30.0311 5260 WIMMount - ok
    19:20:30.0561 5260 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
    19:20:30.0592 5260 WinDefend - ok
    19:20:30.0608 5260 WinHttpAutoProxySvc - ok
    19:20:31.0154 5260 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    19:20:31.0154 5260 Winmgmt - ok
    19:20:31.0310 5260 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
    19:20:31.0356 5260 WinRM - ok
    19:20:31.0434 5260 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    19:20:31.0450 5260 WinUsb - ok
    19:20:31.0668 5260 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
    19:20:31.0700 5260 Wlansvc - ok
    19:20:31.0715 5260 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    19:20:31.0731 5260 WmiAcpi - ok
    19:20:31.0762 5260 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    19:20:31.0778 5260 wmiApSrv - ok
    19:20:31.0934 5260 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
    19:20:31.0949 5260 WMPNetworkSvc - ok
    19:20:31.0965 5260 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
    19:20:31.0965 5260 WPCSvc - ok
    19:20:32.0012 5260 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    19:20:32.0027 5260 WPDBusEnum - ok
    19:20:32.0074 5260 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    19:20:32.0090 5260 ws2ifsl - ok
    19:20:32.0105 5260 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
    19:20:32.0105 5260 wscsvc - ok
    19:20:32.0121 5260 WSearch - ok
    19:20:32.0433 5260 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
    19:20:32.0495 5260 wuauserv - ok
    19:20:32.0542 5260 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    19:20:32.0542 5260 WudfPf - ok
    19:20:32.0573 5260 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    19:20:32.0573 5260 WUDFRd - ok
    19:20:32.0636 5260 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    19:20:32.0636 5260 wudfsvc - ok
    19:20:32.0667 5260 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll
    19:20:32.0667 5260 WwanSvc - ok
    19:20:32.0682 5260 ================ Scan global ===============================
    19:20:32.0729 5260 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
    19:20:32.0792 5260 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
    19:20:32.0823 5260 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
    19:20:32.0870 5260 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
    19:20:32.0901 5260 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
    19:20:32.0901 5260 [Global] - ok
    ==========

  6. #6
    Junior Member
    Join Date
    Feb 2010
    Posts
    20

    Default

    19:20:32.0901 5260 ================ Scan MBR ==================================
    19:20:32.0916 5260 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    19:20:33.0962 5260 \Device\Harddisk0\DR0 - ok
    19:20:33.0977 5260 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR3
    19:20:36.0785 5260 \Device\Harddisk1\DR3 - ok
    19:20:36.0785 5260 ================ Scan VBR ==================================
    19:20:36.0816 5260 [ 0F55955A99EF05C41DE3A32B028D09D3 ] \Device\Harddisk0\DR0\Partition1
    19:20:36.0879 5260 \Device\Harddisk0\DR0\Partition1 - ok
    19:20:36.0894 5260 [ 382441C2B244C2123777C9FE494FD3EB ] \Device\Harddisk0\DR0\Partition2
    19:20:36.0894 5260 \Device\Harddisk0\DR0\Partition2 - ok
    19:20:36.0910 5260 [ C7A1B840C0D38A721C442B35EFA1895A ] \Device\Harddisk1\DR3\Partition1
    19:20:36.0910 5260 \Device\Harddisk1\DR3\Partition1 - ok
    19:20:36.0910 5260 ============================================================
    19:20:36.0910 5260 Scan finished
    19:20:36.0910 5260 ============================================================
    19:20:36.0926 5324 Detected object count: 0
    19:20:36.0926 5324 Actual detected object count: 0
    19:21:19.0202 4224 ============================================================
    19:21:19.0202 4224 Scan started
    19:21:19.0202 4224 Mode: Manual;
    19:21:19.0202 4224 ============================================================
    19:21:20.0231 4224 ================ Scan system memory ========================
    19:21:20.0231 4224 System memory - ok
    19:21:20.0231 4224 ================ Scan services =============================
    19:21:20.0481 4224 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    19:21:20.0481 4224 1394ohci - ok
    19:21:20.0543 4224 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    19:21:20.0543 4224 ACPI - ok
    19:21:20.0590 4224 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    19:21:20.0590 4224 AcpiPmi - ok
    19:21:20.0699 4224 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    19:21:20.0699 4224 AdobeFlashPlayerUpdateSvc - ok
    19:21:20.0762 4224 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    19:21:20.0777 4224 adp94xx - ok
    19:21:20.0824 4224 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    19:21:20.0824 4224 adpahci - ok
    19:21:20.0840 4224 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    19:21:20.0840 4224 adpu320 - ok
    19:21:20.0902 4224 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    19:21:20.0902 4224 AeLookupSvc - ok
    19:21:20.0949 4224 [ 330A1E4DF07C2E29949ED8631CD8828E ] AERTFilters C:\Windows\system32\AERTSrv.exe
    19:21:20.0949 4224 AERTFilters - ok
    19:21:21.0011 4224 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
    19:21:21.0011 4224 AFD - ok
    19:21:21.0042 4224 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
    19:21:21.0042 4224 agp440 - ok
    19:21:21.0074 4224 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
    19:21:21.0074 4224 aic78xx - ok
    19:21:21.0120 4224 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
    19:21:21.0120 4224 ALG - ok
    19:21:21.0136 4224 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
    19:21:21.0136 4224 aliide - ok
    19:21:21.0198 4224 [ F970EA885AEFEB1B9EB97CA7F1EB226D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    19:21:21.0198 4224 AMD External Events Utility - ok
    19:21:21.0245 4224 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
    19:21:21.0245 4224 amdagp - ok
    19:21:21.0292 4224 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
    19:21:21.0292 4224 amdide - ok
    19:21:21.0339 4224 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    19:21:21.0339 4224 AmdK8 - ok
    19:21:22.0041 4224 [ AB70F110143892EB41AA46500AA5CF00 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    19:21:22.0088 4224 amdkmdag - ok
    19:21:22.0134 4224 [ 32D68D05B871EED5572D0C2C764EA4EC ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
    19:21:22.0134 4224 amdkmdap - ok
    19:21:22.0181 4224 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    19:21:22.0181 4224 AmdPPM - ok
    19:21:22.0228 4224 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
    19:21:22.0228 4224 amdsata - ok
    19:21:22.0275 4224 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    19:21:22.0275 4224 amdsbs - ok
    19:21:22.0306 4224 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    19:21:22.0322 4224 amdxata - ok
    19:21:22.0368 4224 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
    19:21:22.0368 4224 AppID - ok
    19:21:22.0431 4224 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    19:21:22.0431 4224 AppIDSvc - ok
    19:21:22.0478 4224 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
    19:21:22.0509 4224 Appinfo - ok
    19:21:22.0758 4224 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    19:21:22.0758 4224 Apple Mobile Device - ok
    19:21:22.0805 4224 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
    19:21:22.0805 4224 arc - ok
    19:21:22.0836 4224 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    19:21:22.0836 4224 arcsas - ok
    19:21:22.0883 4224 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    19:21:22.0883 4224 AsyncMac - ok
    19:21:22.0946 4224 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
    19:21:22.0946 4224 atapi - ok
    19:21:23.0039 4224 [ B01751CC563AECAC09BBE36AAA21FBEF ] athr C:\Windows\system32\DRIVERS\athr.sys
    19:21:23.0055 4224 athr - ok
    19:21:24.0209 4224 [ AB70F110143892EB41AA46500AA5CF00 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    19:21:24.0256 4224 atikmdag - ok
    19:21:24.0412 4224 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    19:21:24.0412 4224 AudioEndpointBuilder - ok
    19:21:24.0428 4224 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
    19:21:24.0443 4224 Audiosrv - ok
    19:21:24.0474 4224 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
    19:21:24.0474 4224 AxInstSV - ok
    19:21:24.0599 4224 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
    19:21:24.0599 4224 b06bdrv - ok
    19:21:24.0646 4224 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
    19:21:24.0646 4224 b57nd60x - ok
    19:21:24.0693 4224 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
    19:21:24.0708 4224 BDESVC - ok
    19:21:24.0708 4224 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
    19:21:24.0708 4224 Beep - ok
    19:21:24.0818 4224 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
    19:21:24.0818 4224 BFE - ok
    19:21:24.0896 4224 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
    19:21:24.0896 4224 BITS - ok
    19:21:24.0927 4224 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    19:21:24.0927 4224 blbdrive - ok
    19:21:25.0083 4224 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    19:21:25.0083 4224 Bonjour Service - ok
    19:21:25.0130 4224 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    19:21:25.0130 4224 bowser - ok
    19:21:25.0161 4224 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    19:21:25.0161 4224 BrFiltLo - ok
    19:21:25.0192 4224 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    19:21:25.0192 4224 BrFiltUp - ok
    19:21:25.0254 4224 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
    19:21:25.0254 4224 Browser - ok
    19:21:25.0348 4224 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    19:21:25.0364 4224 Brserid - ok
    19:21:25.0379 4224 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    19:21:25.0395 4224 BrSerWdm - ok
    19:21:25.0426 4224 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    19:21:25.0426 4224 BrUsbMdm - ok
    19:21:25.0457 4224 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    19:21:25.0457 4224 BrUsbSer - ok
    19:21:25.0504 4224 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    19:21:25.0504 4224 BTHMODEM - ok
    19:21:25.0535 4224 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
    19:21:25.0535 4224 bthserv - ok
    19:21:25.0582 4224 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    19:21:25.0582 4224 cdfs - ok
    19:21:25.0629 4224 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    19:21:25.0629 4224 cdrom - ok
    19:21:25.0676 4224 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
    19:21:25.0676 4224 CertPropSvc - ok
    19:21:25.0707 4224 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    19:21:25.0707 4224 circlass - ok
    19:21:25.0785 4224 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
    19:21:25.0785 4224 CLFS - ok
    19:21:25.0941 4224 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    19:21:25.0941 4224 clr_optimization_v2.0.50727_32 - ok
    19:21:26.0066 4224 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    19:21:26.0066 4224 clr_optimization_v4.0.30319_32 - ok
    19:21:26.0112 4224 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    19:21:26.0112 4224 CmBatt - ok
    19:21:26.0144 4224 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
    19:21:26.0144 4224 cmdide - ok
    19:21:26.0253 4224 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
    19:21:26.0253 4224 CNG - ok
    19:21:26.0300 4224 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    19:21:26.0300 4224 Compbatt - ok
    19:21:26.0362 4224 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    19:21:26.0362 4224 CompositeBus - ok
    19:21:26.0362 4224 COMSysApp - ok
    19:21:26.0393 4224 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    19:21:26.0393 4224 crcdisk - ok
    19:21:26.0456 4224 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
    19:21:26.0456 4224 CryptSvc - ok
    19:21:26.0549 4224 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
    19:21:26.0549 4224 DcomLaunch - ok
    19:21:26.0768 4224 [ 34AE0DFA3EE3B5B9975042D87332D0B7 ] DefaultTabUpdate C:\Users\Matt\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
    19:21:26.0768 4224 DefaultTabUpdate - ok
    19:21:26.0846 4224 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
    19:21:26.0861 4224 defragsvc - ok
    19:21:26.0908 4224 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    19:21:26.0908 4224 DfsC - ok
    19:21:26.0939 4224 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
    19:21:26.0939 4224 Dhcp - ok
    19:21:26.0986 4224 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
    19:21:26.0986 4224 discache - ok
    19:21:27.0017 4224 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
    19:21:27.0017 4224 Disk - ok
    19:21:27.0204 4224 [ EAF0EEA0687BEB6A6B0287F6E84C5435 ] dldoCATSCustConnectService C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldoserv.exe
    19:21:27.0204 4224 dldoCATSCustConnectService - ok
    19:21:27.0204 4224 dldo_device - ok
    19:21:27.0267 4224 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    19:21:27.0267 4224 Dnscache - ok
    19:21:27.0314 4224 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
    19:21:27.0314 4224 dot3svc - ok
    19:21:27.0376 4224 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
    19:21:27.0376 4224 DPS - ok
    19:21:27.0407 4224 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    19:21:27.0407 4224 drmkaud - ok
    19:21:27.0563 4224 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    19:21:27.0563 4224 DXGKrnl - ok
    19:21:27.0657 4224 [ CF0A6015F437161698C5B2A0A12CF052 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
    19:21:27.0657 4224 e1express - ok
    19:21:27.0704 4224 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
    19:21:27.0704 4224 EapHost - ok
    19:21:27.0969 4224 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
    19:21:27.0984 4224 ebdrv - ok
    19:21:28.0031 4224 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
    19:21:28.0031 4224 EFS - ok
    19:21:28.0265 4224 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    19:21:28.0265 4224 ehRecvr - ok
    19:21:28.0296 4224 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
    19:21:28.0296 4224 ehSched - ok
    19:21:28.0406 4224 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    19:21:28.0406 4224 elxstor - ok
    19:21:28.0452 4224 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
    19:21:28.0452 4224 ErrDev - ok
    19:21:28.0562 4224 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
    19:21:28.0562 4224 EventSystem - ok
    19:21:28.0608 4224 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
    19:21:28.0608 4224 exfat - ok
    19:21:28.0655 4224 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    19:21:28.0671 4224 fastfat - ok
    19:21:28.0671 4224 FastUserSwitchingCompatibility - ok
    19:21:28.0811 4224 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
    19:21:28.0811 4224 Fax - ok
    19:21:28.0842 4224 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    19:21:28.0842 4224 fdc - ok
    19:21:28.0889 4224 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
    19:21:28.0889 4224 fdPHost - ok
    19:21:28.0920 4224 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
    19:21:28.0920 4224 FDResPub - ok
    19:21:28.0967 4224 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    19:21:28.0967 4224 FileInfo - ok
    19:21:28.0998 4224 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    19:21:28.0998 4224 Filetrace - ok
    19:21:29.0030 4224 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    19:21:29.0030 4224 flpydisk - ok
    19:21:29.0108 4224 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    19:21:29.0108 4224 FltMgr - ok
    19:21:29.0295 4224 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
    19:21:29.0295 4224 FontCache - ok
    19:21:29.0420 4224 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    19:21:29.0420 4224 FontCache3.0.0.0 - ok
    19:21:29.0451 4224 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    19:21:29.0451 4224 FsDepends - ok
    19:21:29.0513 4224 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    19:21:29.0513 4224 Fs_Rec - ok
    19:21:29.0560 4224 [ 5502FF5AE50FDFA3D37367418D9E0EF9 ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys
    19:21:29.0560 4224 FTDIBUS - ok
    19:21:29.0591 4224 [ 8086BE20DB3D4EF8638A7A9983D30F9E ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys
    19:21:29.0591 4224 FTSER2K - ok
    19:21:29.0638 4224 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    19:21:29.0638 4224 fvevol - ok
    19:21:29.0685 4224 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    19:21:29.0685 4224 gagp30kx - ok
    19:21:29.0716 4224 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    19:21:29.0716 4224 GEARAspiWDM - ok
    19:21:29.0919 4224 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
    19:21:29.0934 4224 gpsvc - ok
    19:21:29.0950 4224 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    19:21:29.0950 4224 hcw85cir - ok
    19:21:29.0997 4224 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    19:21:29.0997 4224 HdAudAddService - ok
    19:21:30.0044 4224 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    19:21:30.0044 4224 HDAudBus - ok
    19:21:30.0075 4224 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    19:21:30.0075 4224 HidBatt - ok
    19:21:30.0106 4224 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    19:21:30.0106 4224 HidBth - ok
    19:21:30.0137 4224 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    19:21:30.0137 4224 HidIr - ok
    19:21:30.0168 4224 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
    19:21:30.0168 4224 hidserv - ok
    19:21:30.0215 4224 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    19:21:30.0215 4224 HidUsb - ok
    19:21:30.0246 4224 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
    19:21:30.0262 4224 hkmsvc - ok
    19:21:30.0324 4224 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    19:21:30.0340 4224 HomeGroupListener - ok
    19:21:30.0402 4224 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    19:21:30.0418 4224 HomeGroupProvider - ok
    19:21:30.0465 4224 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    19:21:30.0465 4224 HpSAMD - ok
    19:21:30.0652 4224 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    19:21:30.0652 4224 HTTP - ok
    19:21:30.0699 4224 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    19:21:30.0699 4224 hwpolicy - ok
    19:21:30.0730 4224 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    19:21:30.0730 4224 i8042prt - ok
    19:21:30.0792 4224 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    19:21:30.0792 4224 iaStorV - ok
    19:21:30.0980 4224 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    19:21:30.0980 4224 idsvc - ok
    19:21:31.0011 4224 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    19:21:31.0011 4224 iirsp - ok
    19:21:31.0089 4224 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
    19:21:31.0089 4224 IKEEXT - ok
    19:21:31.0588 4224 [ F8F53C5449F15B23D4C61D51D2701DA8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
    19:21:31.0604 4224 IntcAzAudAddService - ok
    19:21:31.0635 4224 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
    19:21:31.0635 4224 intelide - ok
    19:21:31.0682 4224 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    19:21:31.0682 4224 intelppm - ok
    19:21:31.0728 4224 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    19:21:31.0728 4224 IPBusEnum - ok
    19:21:31.0760 4224 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    19:21:31.0775 4224 IpFilterDriver - ok
    19:21:31.0900 4224 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    19:21:31.0931 4224 iphlpsvc - ok
    19:21:31.0978 4224 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    19:21:31.0978 4224 IPMIDRV - ok
    19:21:31.0994 4224 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    19:21:31.0994 4224 IPNAT - ok
    19:21:32.0087 4224 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    19:21:32.0087 4224 iPod Service - ok
    19:21:32.0118 4224 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
    19:21:32.0118 4224 IRENUM - ok
    19:21:32.0150 4224 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    19:21:32.0150 4224 isapnp - ok
    19:21:32.0181 4224 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    19:21:32.0181 4224 iScsiPrt - ok
    19:21:32.0196 4224 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    19:21:32.0196 4224 kbdclass - ok
    19:21:32.0228 4224 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    19:21:32.0228 4224 kbdhid - ok
    19:21:32.0243 4224 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
    19:21:32.0243 4224 KeyIso - ok
    19:21:32.0321 4224 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    19:21:32.0321 4224 KSecDD - ok
    19:21:32.0352 4224 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    19:21:32.0352 4224 KSecPkg - ok
    19:21:32.0446 4224 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
    19:21:32.0446 4224 KtmRm - ok
    19:21:32.0508 4224 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
    19:21:32.0508 4224 LanmanServer - ok
    19:21:32.0555 4224 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    19:21:32.0555 4224 LanmanWorkstation - ok
    19:21:32.0602 4224 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    19:21:32.0602 4224 lltdio - ok
    19:21:32.0664 4224 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    19:21:32.0680 4224 lltdsvc - ok
    19:21:32.0696 4224 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
    19:21:32.0696 4224 lmhosts - ok
    19:21:32.0711 4224 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    19:21:32.0711 4224 LSI_FC - ok
    19:21:32.0727 4224 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    19:21:32.0727 4224 LSI_SAS - ok
    19:21:32.0774 4224 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    19:21:32.0774 4224 LSI_SAS2 - ok
    19:21:32.0805 4224 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    19:21:32.0805 4224 LSI_SCSI - ok
    19:21:32.0836 4224 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
    19:21:32.0836 4224 luafv - ok
    19:21:32.0883 4224 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    19:21:32.0883 4224 Mcx2Svc - ok
    19:21:32.0930 4224 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    19:21:32.0930 4224 megasas - ok
    19:21:33.0008 4224 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    19:21:33.0008 4224 MegaSR - ok
    19:21:33.0054 4224 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
    19:21:33.0054 4224 MMCSS - ok
    19:21:33.0086 4224 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
    19:21:33.0086 4224 Modem - ok
    19:21:33.0132 4224 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    19:21:33.0132 4224 monitor - ok
    19:21:33.0179 4224 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    19:21:33.0179 4224 mouclass - ok
    19:21:33.0195 4224 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    19:21:33.0195 4224 mouhid - ok
    19:21:33.0242 4224 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    19:21:33.0242 4224 mountmgr - ok
    19:21:33.0320 4224 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    19:21:33.0320 4224 MpFilter - ok
    19:21:33.0382 4224 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
    19:21:33.0382 4224 mpio - ok
    19:21:33.0647 4224 [ A69630D039C38018689190234F866D77 ] MpKslc832e0a3 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CFCD9E9D-55A8-410D-AA1E-0EC1A02B4CAB}\MpKslc832e0a3.sys
    19:21:33.0647 4224 MpKslc832e0a3 - ok
    19:21:33.0725 4224 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    19:21:33.0725 4224 mpsdrv - ok
    19:21:33.0912 4224 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
    19:21:33.0928 4224 MpsSvc - ok
    19:21:33.0990 4224 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    19:21:33.0990 4224 MRxDAV - ok
    19:21:34.0022 4224 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    19:21:34.0022 4224 mrxsmb - ok
    19:21:34.0115 4224 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    19:21:34.0115 4224 mrxsmb10 - ok
    19:21:34.0146 4224 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    19:21:34.0146 4224 mrxsmb20 - ok
    19:21:34.0178 4224 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
    19:21:34.0178 4224 msahci - ok
    19:21:34.0224 4224 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    19:21:34.0224 4224 msdsm - ok
    19:21:34.0271 4224 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
    19:21:34.0287 4224 MSDTC - ok
    19:21:34.0302 4224 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
    19:21:34.0302 4224 Msfs - ok
    19:21:34.0349 4224 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    19:21:34.0349 4224 mshidkmdf - ok
    19:21:34.0396 4224 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    19:21:34.0396 4224 msisadrv - ok
    19:21:34.0443 4224 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    19:21:34.0458 4224 MSiSCSI - ok
    19:21:34.0458 4224 msiserver - ok
    19:21:34.0490 4224 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    19:21:34.0490 4224 MSKSSRV - ok
    19:21:34.0599 4224 [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
    19:21:34.0599 4224 MsMpSvc - ok
    19:21:34.0630 4224 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    19:21:34.0630 4224 MSPCLOCK - ok
    19:21:34.0661 4224 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    19:21:34.0661 4224 MSPQM - ok
    19:21:34.0739 4224 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    19:21:34.0739 4224 MsRPC - ok
    19:21:34.0770 4224 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    19:21:34.0770 4224 mssmbios - ok
    19:21:34.0817 4224 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    19:21:34.0817 4224 MSTEE - ok
    19:21:34.0848 4224 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    19:21:34.0848 4224 MTConfig - ok
    19:21:34.0895 4224 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
    19:21:34.0895 4224 Mup - ok
    19:21:34.0989 4224 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
    19:21:34.0989 4224 napagent - ok
    19:21:35.0082 4224 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    19:21:35.0082 4224 NativeWifiP - ok
    19:21:35.0332 4224 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
    19:21:35.0332 4224 NDIS - ok
    19:21:35.0363 4224 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    19:21:35.0379 4224 NdisCap - ok
    19:21:35.0410 4224 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    19:21:35.0410 4224 NdisTapi - ok
    19:21:35.0457 4224 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    19:21:35.0457 4224 Ndisuio - ok
    19:21:35.0504 4224 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    19:21:35.0504 4224 NdisWan - ok
    19:21:35.0550 4224 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    19:21:35.0550 4224 NDProxy - ok
    19:21:35.0582 4224 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    19:21:35.0582 4224 NetBIOS - ok
    19:21:35.0660 4224 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    19:21:35.0675 4224 NetBT - ok
    19:21:35.0706 4224 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
    19:21:35.0706 4224 Netlogon - ok
    19:21:35.0816 4224 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
    19:21:35.0816 4224 Netman - ok
    19:21:35.0878 4224 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
    19:21:35.0894 4224 netprofm - ok
    19:21:35.0925 4224 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    19:21:35.0925 4224 NetTcpPortSharing - ok
    19:21:35.0956 4224 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    19:21:35.0956 4224 nfrd960 - ok
    19:21:36.0003 4224 [ 832E098BCA8235436FE2D8AE50AC3718 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    19:21:36.0003 4224 NisDrv - ok
    19:21:36.0112 4224 [ E570ECA850F30EB740C2E9699DF3D2BD ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
    19:21:36.0112 4224 NisSrv - ok
    19:21:36.0206 4224 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
    19:21:36.0206 4224 NlaSvc - ok
    19:21:36.0252 4224 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
    19:21:36.0252 4224 Npfs - ok
    19:21:36.0299 4224 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
    19:21:36.0299 4224 nsi - ok
    19:21:36.0330 4224 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    19:21:36.0346 4224 nsiproxy - ok
    19:21:36.0674 4224 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    19:21:36.0689 4224 Ntfs - ok
    19:21:36.0705 4224 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
    19:21:36.0705 4224 Null - ok
    19:21:36.0752 4224 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    19:21:36.0752 4224 nvraid - ok
    19:21:36.0752 4224 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    19:21:36.0752 4224 nvstor - ok
    19:21:36.0767 4224 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    19:21:36.0767 4224 nv_agp - ok
    19:21:36.0830 4224 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    19:21:36.0830 4224 odserv - ok
    19:21:36.0892 4224 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    19:21:36.0892 4224 ohci1394 - ok
    19:21:36.0954 4224 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    19:21:36.0954 4224 ose - ok
    19:21:37.0048 4224 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    19:21:37.0048 4224 p2pimsvc - ok
    19:21:37.0157 4224 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
    19:21:37.0173 4224 p2psvc - ok
    19:21:37.0204 4224 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    19:21:37.0204 4224 Parport - ok
    19:21:37.0251 4224 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
    19:21:37.0251 4224 partmgr - ok
    19:21:37.0282 4224 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
    19:21:37.0282 4224 Parvdm - ok
    19:21:37.0360 4224 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
    19:21:37.0360 4224 PcaSvc - ok
    19:21:37.0391 4224 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
    19:21:37.0391 4224 pci - ok
    19:21:37.0454 4224 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
    19:21:37.0454 4224 pciide - ok
    19:21:37.0516 4224 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    19:21:37.0516 4224 pcmcia - ok
    19:21:37.0532 4224 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
    19:21:37.0532 4224 pcw - ok
    19:21:37.0734 4224 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    19:21:37.0734 4224 PEAUTH - ok
    19:21:37.0812 4224 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
    19:21:37.0828 4224 pla - ok
    19:21:37.0937 4224 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    19:21:37.0937 4224 PlugPlay - ok
    19:21:37.0984 4224 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    19:21:37.0984 4224 PNRPAutoReg - ok
    19:21:38.0078 4224 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    19:21:38.0078 4224 PNRPsvc - ok
    19:21:38.0156 4224 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    19:21:38.0171 4224 PolicyAgent - ok
    19:21:38.0203 4224 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
    19:21:38.0203 4224 Power - ok
    19:21:38.0234 4224 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    19:21:38.0234 4224 PptpMiniport - ok
    19:21:38.0281 4224 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
    19:21:38.0281 4224 Processor - ok
    19:21:38.0359 4224 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
    19:21:38.0359 4224 ProfSvc - ok
    19:21:38.0390 4224 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
    19:21:38.0390 4224 ProtectedStorage - ok
    19:21:38.0437 4224 [ 64E413BA0C529AA40C3924BBCC4153DB ] ProtexisLicensing C:\Windows\system32\PSIService.exe
    19:21:38.0452 4224 ProtexisLicensing - ok
    19:21:38.0483 4224 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    19:21:38.0483 4224 Psched - ok
    19:21:38.0780 4224 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    19:21:38.0780 4224 ql2300 - ok
    19:21:38.0811 4224 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    19:21:38.0811 4224 ql40xx - ok
    19:21:38.0858 4224 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
    19:21:38.0858 4224 QWAVE - ok
    19:21:38.0889 4224 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    19:21:38.0889 4224 QWAVEdrv - ok
    19:21:38.0920 4224 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    19:21:38.0920 4224 RasAcd - ok
    19:21:38.0983 4224 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    19:21:38.0983 4224 RasAgileVpn - ok
    19:21:39.0014 4224 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
    19:21:39.0014 4224 RasAuto - ok
    19:21:39.0045 4224 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    19:21:39.0045 4224 Rasl2tp - ok
    19:21:39.0139 4224 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
    19:21:39.0139 4224 RasMan - ok
    19:21:39.0185 4224 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    19:21:39.0185 4224 RasPppoe - ok
    19:21:39.0217 4224 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    19:21:39.0217 4224 RasSstp - ok
    19:21:39.0295 4224 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    19:21:39.0295 4224 rdbss - ok
    19:21:39.0341 4224 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    19:21:39.0341 4224 rdpbus - ok
    19:21:39.0388 4224 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    19:21:39.0388 4224 RDPCDD - ok
    19:21:39.0435 4224 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    19:21:39.0435 4224 RDPENCDD - ok
    19:21:39.0466 4224 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    19:21:39.0466 4224 RDPREFMP - ok
    19:21:39.0560 4224 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    19:21:39.0560 4224 RDPWD - ok
    19:21:39.0638 4224 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    19:21:39.0638 4224 rdyboost - ok
    19:21:39.0716 4224 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
    19:21:39.0716 4224 RemoteAccess - ok
    19:21:39.0747 4224 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    19:21:39.0747 4224 RemoteRegistry - ok
    19:21:39.0778 4224 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    19:21:39.0778 4224 RpcEptMapper - ok
    19:21:39.0825 4224 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
    19:21:39.0825 4224 RpcLocator - ok
    19:21:39.0950 4224 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
    19:21:39.0950 4224 RpcSs - ok
    19:21:39.0997 4224 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    19:21:39.0997 4224 rspndr - ok
    19:21:40.0012 4224 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
    19:21:40.0012 4224 SamSs - ok
    19:21:40.0043 4224 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    19:21:40.0043 4224 sbp2port - ok
    19:21:40.0090 4224 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    19:21:40.0090 4224 SCardSvr - ok
    19:21:40.0121 4224 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    19:21:40.0121 4224 scfilter - ok
    19:21:40.0340 4224 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
    19:21:40.0340 4224 Schedule - ok
    19:21:40.0371 4224 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
    19:21:40.0371 4224 SCPolicySvc - ok
    19:21:40.0433 4224 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    19:21:40.0433 4224 SDRSVC - ok
    19:21:40.0917 4224 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    19:21:40.0917 4224 SDScannerService - ok
    19:21:41.0323 4224 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    19:21:41.0323 4224 SDUpdateService - ok
    19:21:41.0385 4224 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    19:21:41.0385 4224 SDWSCService - ok
    19:21:41.0447 4224 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    19:21:41.0447 4224 secdrv - ok
    19:21:41.0494 4224 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
    19:21:41.0494 4224 seclogon - ok
    19:21:41.0541 4224 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
    19:21:41.0541 4224 SENS - ok
    19:21:41.0572 4224 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
    19:21:41.0572 4224 SensrSvc - ok
    19:21:41.0619 4224 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    19:21:41.0619 4224 Serenum - ok
    19:21:41.0666 4224 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    19:21:41.0666 4224 Serial - ok
    19:21:41.0713 4224 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    19:21:41.0713 4224 sermouse - ok
    19:21:41.0759 4224 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
    19:21:41.0759 4224 SessionEnv - ok
    19:21:41.0791 4224 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    19:21:41.0791 4224 sffdisk - ok
    19:21:41.0837 4224 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    19:21:41.0837 4224 sffp_mmc - ok
    19:21:41.0869 4224 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    19:21:41.0869 4224 sffp_sd - ok
    19:21:41.0900 4224 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    19:21:41.0915 4224 sfloppy - ok
    19:21:41.0962 4224 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
    19:21:41.0962 4224 SharedAccess - ok
    19:21:41.0978 4224 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    19:21:41.0993 4224 ShellHWDetection - ok
    19:21:42.0025 4224 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
    19:21:42.0025 4224 sisagp - ok
    19:21:42.0056 4224 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    19:21:42.0056 4224 SiSRaid2 - ok
    19:21:42.0087 4224 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    19:21:42.0087 4224 SiSRaid4 - ok
    19:21:42.0134 4224 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
    19:21:42.0134 4224 Smb - ok
    19:21:42.0165 4224 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    19:21:42.0165 4224 SNMPTRAP - ok
    19:21:42.0212 4224 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
    19:21:42.0212 4224 spldr - ok
    19:21:42.0321 4224 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
    19:21:42.0337 4224 Spooler - ok
    19:21:42.0383 4224 [ B6EEE5B77579BD2C6F847CF807821B47 ] SpoolerCache C:\Windows\spoolsvc.exe
    19:21:42.0383 4224 SpoolerCache - ok
    19:21:42.0727 4224 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
    19:21:42.0742 4224 sppsvc - ok
    19:21:42.0789 4224 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    19:21:42.0789 4224 sppuinotify - ok
    19:21:42.0867 4224 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
    19:21:42.0883 4224 srv - ok
    19:21:42.0898 4224 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    19:21:42.0898 4224 srv2 - ok
    19:21:42.0929 4224 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    19:21:42.0929 4224 srvnet - ok
    19:21:42.0961 4224 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    19:21:42.0976 4224 SSDPSRV - ok
    19:21:43.0023 4224 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
    19:21:43.0023 4224 SstpSvc - ok
    19:21:43.0070 4224 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    19:21:43.0070 4224 stexstor - ok
    19:21:43.0195 4224 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
    19:21:43.0195 4224 StiSvc - ok
    19:21:43.0241 4224 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
    19:21:43.0241 4224 swenum - ok
    19:21:43.0351 4224 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
    19:21:43.0351 4224 swprv - ok
    19:21:43.0663 4224 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
    19:21:43.0678 4224 SysMain - ok
    19:21:43.0725 4224 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
    19:21:43.0725 4224 TabletInputService - ok
    19:21:43.0819 4224 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
    19:21:43.0819 4224 TapiSrv - ok
    19:21:43.0881 4224 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
    19:21:43.0881 4224 TBS - ok
    19:21:43.0943 4224 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    19:21:43.0959 4224 Tcpip - ok
    19:21:44.0006 4224 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    19:21:44.0021 4224 TCPIP6 - ok
    19:21:44.0053 4224 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    19:21:44.0053 4224 tcpipreg - ok
    19:21:44.0099 4224 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    19:21:44.0099 4224 TDPIPE - ok
    19:21:44.0146 4224 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    19:21:44.0146 4224 TDTCP - ok
    19:21:44.0177 4224 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    19:21:44.0177 4224 tdx - ok
    19:21:44.0224 4224 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
    19:21:44.0224 4224 TermDD - ok
    19:21:44.0396 4224 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
    19:21:44.0396 4224 TermService - ok
    19:21:44.0443 4224 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
    19:21:44.0458 4224 Themes - ok
    19:21:44.0489 4224 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
    19:21:44.0489 4224 THREADORDER - ok
    19:21:44.0521 4224 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
    19:21:44.0536 4224 TrkWks - ok
    19:21:44.0677 4224 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    19:21:44.0677 4224 TrustedInstaller - ok
    19:21:44.0723 4224 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    19:21:44.0723 4224 tssecsrv - ok
    19:21:44.0770 4224 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    19:21:44.0770 4224 TsUsbFlt - ok
    19:21:44.0833 4224 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    19:21:44.0833 4224 tunnel - ok
    19:21:44.0879 4224 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    19:21:44.0879 4224 uagp35 - ok
    19:21:44.0957 4224 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    19:21:44.0957 4224 udfs - ok
    19:21:44.0989 4224 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    19:21:44.0989 4224 UI0Detect - ok
    19:21:45.0020 4224 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    19:21:45.0020 4224 uliagpkx - ok
    19:21:45.0082 4224 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
    19:21:45.0082 4224 umbus - ok
    19:21:45.0113 4224 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    19:21:45.0113 4224 UmPass - ok
    19:21:45.0223 4224 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
    19:21:45.0223 4224 upnphost - ok
    19:21:45.0269 4224 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
    19:21:45.0269 4224 USBAAPL - ok
    19:21:45.0316 4224 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    19:21:45.0316 4224 usbccgp - ok
    19:21:45.0363 4224 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    19:21:45.0363 4224 usbcir - ok
    19:21:45.0410 4224 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    19:21:45.0410 4224 usbehci - ok
    19:21:45.0441 4224 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    19:21:45.0441 4224 usbhub - ok
    19:21:45.0472 4224 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    19:21:45.0472 4224 usbohci - ok
    19:21:45.0519 4224 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    19:21:45.0519 4224 usbprint - ok
    19:21:45.0566 4224 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    19:21:45.0581 4224 usbscan - ok
    19:21:45.0628 4224 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    19:21:45.0628 4224 USBSTOR - ok
    19:21:45.0659 4224 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    19:21:45.0659 4224 usbuhci - ok
    19:21:45.0691 4224 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
    19:21:45.0706 4224 UxSms - ok
    19:21:45.0706 4224 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
    19:21:45.0706 4224 VaultSvc - ok
    19:21:45.0737 4224 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    19:21:45.0737 4224 vdrvroot - ok
    19:21:45.0909 4224 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
    19:21:45.0909 4224 vds - ok
    19:21:45.0956 4224 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    19:21:45.0956 4224 vga - ok
    19:21:45.0987 4224 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
    19:21:45.0987 4224 VgaSave - ok
    19:21:46.0034 4224 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    19:21:46.0034 4224 vhdmp - ok
    19:21:46.0065 4224 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
    19:21:46.0065 4224 viaagp - ok
    19:21:46.0096 4224 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
    19:21:46.0096 4224 ViaC7 - ok
    19:21:46.0127 4224 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
    19:21:46.0127 4224 viaide - ok
    19:21:46.0159 4224 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    19:21:46.0159 4224 volmgr - ok
    19:21:46.0237 4224 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    19:21:46.0237 4224 volmgrx - ok
    19:21:46.0299 4224 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    19:21:46.0299 4224 volsnap - ok
    19:21:46.0346 4224 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    19:21:46.0346 4224 vsmraid - ok
    19:21:46.0642 4224 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
    19:21:46.0658 4224 VSS - ok
    19:21:46.0673 4224 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    19:21:46.0673 4224 vwifibus - ok
    19:21:46.0720 4224 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    19:21:46.0720 4224 vwififlt - ok
    19:21:46.0845 4224 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
    19:21:46.0861 4224 W32Time - ok
    19:21:46.0892 4224 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    19:21:46.0892 4224 WacomPen - ok
    19:21:46.0939 4224 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    19:21:46.0939 4224 WANARP - ok
    19:21:46.0954 4224 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    19:21:46.0954 4224 Wanarpv6 - ok
    19:21:47.0235 4224 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    19:21:47.0235 4224 WatAdminSvc - ok
    19:21:47.0531 4224 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
    19:21:47.0547 4224 wbengine - ok
    19:21:47.0625 4224 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    19:21:47.0641 4224 WbioSrvc - ok
    19:21:47.0703 4224 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
    19:21:47.0703 4224 wcncsvc - ok
    19:21:47.0734 4224 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    19:21:47.0734 4224 WcsPlugInService - ok
    19:21:47.0765 4224 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
    19:21:47.0765 4224 Wd - ok
    19:21:47.0921 4224 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    19:21:47.0937 4224 Wdf01000 - ok
    19:21:47.0953 4224 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
    19:21:47.0953 4224 WdiServiceHost - ok
    19:21:47.0953 4224 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
    19:21:47.0953 4224 WdiSystemHost - ok
    19:21:48.0031 4224 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
    19:21:48.0031 4224 WebClient - ok
    19:21:48.0062 4224 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
    19:21:48.0077 4224 Wecsvc - ok
    19:21:48.0109 4224 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
    19:21:48.0109 4224 wercplsupport - ok
    19:21:48.0140 4224 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
    19:21:48.0140 4224 WerSvc - ok
    19:21:48.0187 4224 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    19:21:48.0187 4224 WfpLwf - ok
    19:21:48.0218 4224 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    19:21:48.0218 4224 WIMMount - ok
    19:21:48.0467 4224 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
    19:21:48.0467 4224 WinDefend - ok
    19:21:48.0483 4224 WinHttpAutoProxySvc - ok
    19:21:48.0686 4224 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    19:21:48.0686 4224 Winmgmt - ok
    19:21:48.0889 4224 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
    19:21:48.0904 4224 WinRM - ok
    19:21:48.0951 4224 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    19:21:48.0951 4224 WinUsb - ok
    19:21:49.0169 4224 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
    19:21:49.0169 4224 Wlansvc - ok
    19:21:49.0201 4224 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    19:21:49.0216 4224 WmiAcpi - ok
    19:21:49.0263 4224 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    19:21:49.0263 4224 wmiApSrv - ok
    19:21:49.0637 4224 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
    19:21:49.0637 4224 WMPNetworkSvc - ok
    19:21:49.0669 4224 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
    19:21:49.0669 4224 WPCSvc - ok
    19:21:49.0715 4224 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    19:21:49.0715 4224 WPDBusEnum - ok
    19:21:49.0762 4224 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    19:21:49.0762 4224 ws2ifsl - ok
    19:21:49.0793 4224 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
    19:21:49.0793 4224 wscsvc - ok
    19:21:49.0793 4224 WSearch - ok
    19:21:49.0918 4224 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
    19:21:49.0934 4224 wuauserv - ok
    19:21:49.0996 4224 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    19:21:49.0996 4224 WudfPf - ok
    19:21:50.0043 4224 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    19:21:50.0043 4224 WUDFRd - ok
    19:21:50.0090 4224 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    19:21:50.0090 4224 wudfsvc - ok
    19:21:50.0183 4224 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll
    19:21:50.0183 4224 WwanSvc - ok
    19:21:50.0199 4224 ================ Scan global ===============================
    19:21:50.0246 4224 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
    19:21:50.0324 4224 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
    19:21:50.0371 4224 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
    19:21:50.0417 4224 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
    19:21:50.0464 4224 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
    19:21:50.0464 4224 [Global] - ok
    19:21:50.0464 4224 ================ Scan MBR ==================================
    19:21:50.0495 4224 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    19:21:51.0712 4224 \Device\Harddisk0\DR0 - ok
    19:21:51.0728 4224 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR3
    19:21:54.0177 4224 \Device\Harddisk1\DR3 - ok
    19:21:54.0177 4224 ================ Scan VBR ==================================
    19:21:54.0193 4224 [ 0F55955A99EF05C41DE3A32B028D09D3 ] \Device\Harddisk0\DR0\Partition1
    19:21:54.0224 4224 \Device\Harddisk0\DR0\Partition1 - ok
    19:21:54.0239 4224 [ 382441C2B244C2123777C9FE494FD3EB ] \Device\Harddisk0\DR0\Partition2
    19:21:54.0271 4224 \Device\Harddisk0\DR0\Partition2 - ok
    19:21:54.0271 4224 [ C7A1B840C0D38A721C442B35EFA1895A ] \Device\Harddisk1\DR3\Partition1
    19:21:54.0271 4224 \Device\Harddisk1\DR3\Partition1 - ok
    19:21:54.0271 4224 ============================================================
    19:21:54.0271 4224 Scan finished
    19:21:54.0271 4224 ============================================================
    19:21:54.0286 4864 Detected object count: 0
    19:21:54.0286 4864 Actual detected object count: 0
    19:22:47.0272 5332 Deinitialize success

  7. #7
    Junior Member
    Join Date
    Feb 2010
    Posts
    20

    Default

    ComboFix 13-05-22.01 - Matt 05/22/2013 19:34:58.1.4 - x86
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.2343 [GMT -4:00]
    Running from: c:\users\Matt\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
    SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\SPL7B88.tmp
    c:\users\Matt\acrobat850950.exe
    c:\users\Matt\acrobatreader53868.exe
    c:\users\Matt\acrobatreader55286.exe
    c:\users\Matt\alg.exe
    c:\users\Matt\alg48478.exe
    c:\users\Matt\AppData\Local\miurtew.dll
    c:\users\Matt\AppData\Roaming\ashlp.dll
    c:\users\Matt\AppData\Roaming\d6eca8fa-bdd5-4019-991b-982afaa6a1e0ad
    c:\users\Matt\AppData\Roaming\d6eca8fa-bdd5-4019-991b-982afaa6a1e0ad\decafabddbafaaaead.exe
    c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab
    c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
    c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico
    c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg
    c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
    c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe
    c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe
    c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll
    c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll
    c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
    c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
    c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\ebay_ie.ico
    c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\facebook_ie.ico
    c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\imdb_ie.ico
    c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\search_here_ie.ico
    c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
    c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\twitter_ie.ico
    c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
    c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\update.exe
    c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\wikipedia_ie.ico
    c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\youtube_ie.ico
    c:\users\Matt\AppData\Roaming\msocpc.dll
    c:\users\Matt\chrome125524.exe
    c:\users\Matt\firefox.exe
    c:\users\Matt\flashplayer.exe
    c:\users\Matt\googleupdate.exe
    c:\users\Matt\icq.exe
    c:\users\Matt\icq442766.exe
    c:\users\Matt\iexplore956429.exe
    c:\users\Matt\java.exe
    c:\users\Matt\java647518.exe
    c:\users\Matt\jqs.exe
    c:\users\Matt\jqs828680.exe
    c:\users\Matt\jucheck.exe
    c:\users\Matt\msconfig.exe
    c:\users\Matt\mstsc.exe
    c:\users\Matt\notepad582814.exe
    c:\users\Matt\opera.exe
    c:\users\Matt\skype.exe
    c:\users\Matt\teamviewer.exe
    c:\users\Matt\windowsupdate.exe
    c:\users\Matt\windowsupdate357826.exe
    c:\windows\spoolsvc.exe
    c:\windows\system32\FastUserSwitchingCompatibilityex.dll
    F:\autorun.inf
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_DefaultTabUpdate
    -------\Service_SpoolerCache
    -------\Service_DefaultTabUpdate
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-04-22 to 2013-05-22 )))))))))))))))))))))))))))))))
    .
    .
    2013-05-22 23:44 . 2013-05-22 23:47 -------- d-----w- c:\users\Matt\AppData\Local\temp
    2013-05-22 23:44 . 2013-05-22 23:44 -------- d-----w- c:\users\Mcx1-MATT-DESKTOP\AppData\Local\temp
    2013-05-22 23:44 . 2013-05-22 23:44 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-05-22 23:20 . 2013-05-22 23:20 -------- d-----w- c:\users\Matt\AppData\Roaming\Vihuovx
    2013-05-22 21:00 . 2013-05-22 21:00 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CFCD9E9D-55A8-410D-AA1E-0EC1A02B4CAB}\MpKslc832e0a3.sys
    2013-05-22 20:26 . 2013-05-22 20:37 60872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CFCD9E9D-55A8-410D-AA1E-0EC1A02B4CAB}\offreg.dll
    2013-05-22 20:20 . 2013-05-22 20:19 724464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{74858603-C52E-42A1-9794-CAE5797B6404}\gapaengine.dll
    2013-05-22 20:19 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CFCD9E9D-55A8-410D-AA1E-0EC1A02B4CAB}\mpengine.dll
    2013-05-15 23:59 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-05-15 07:03 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2013-05-15 00:23 . 2013-05-15 00:23 388096 ----a-r- c:\users\Matt\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2013-05-15 00:23 . 2013-05-15 00:23 -------- d-----w- c:\program files\Trend Micro
    2013-05-15 00:08 . 2013-04-10 03:14 2347520 ----a-w- c:\windows\system32\win32k.sys
    2013-05-15 00:08 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll
    2013-05-15 00:08 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
    2013-05-15 00:08 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2013-05-15 00:08 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2013-05-15 00:08 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe
    2013-05-15 00:08 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll
    2013-05-15 00:08 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
    2013-05-15 00:04 . 2013-05-15 00:04 -------- d-----w- c:\users\Matt\AppData\Local\Diagnostics
    2013-05-14 22:12 . 2009-01-25 16:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
    2013-05-14 22:12 . 2013-05-14 22:13 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
    2013-05-14 20:55 . 2013-05-14 20:55 -------- d-----w- c:\users\Matt\AppData\Roaming\Fiiwso
    2013-05-08 18:15 . 2013-05-08 18:16 -------- d-----w- c:\programdata\MFAData
    2013-05-08 18:15 . 2013-05-08 18:15 -------- d--h--w- c:\programdata\Common Files
    2013-05-08 18:15 . 2013-05-08 18:15 -------- d-----w- c:\users\Matt\AppData\Local\MFAData
    2013-05-08 18:15 . 2013-05-08 18:15 -------- d-----w- c:\users\Matt\AppData\Local\Avg2013
    2013-05-08 17:48 . 2013-05-22 23:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2013-05-08 11:48 . 2013-05-08 11:48 -------- d-----w- c:\program files\CCleaner
    2013-05-08 10:39 . 2013-05-15 00:05 -------- d-----w- c:\users\Matt\AppData\Local\ElevatedDiagnostics
    2013-05-07 10:57 . 2013-05-07 10:57 -------- d-----w- c:\users\Matt\AppData\Roaming\Malwarebytes
    2013-05-07 10:56 . 2013-05-07 10:56 -------- d-----w- c:\programdata\Malwarebytes
    2013-05-07 10:56 . 2013-05-07 10:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-05-07 10:56 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-05-07 10:56 . 2013-05-07 10:56 -------- d-----w- c:\users\Matt\AppData\Local\Programs
    2013-05-04 17:56 . 2013-05-14 21:06 -------- d-----w- c:\users\Matt\AppData\Roaming\Obhobumu
    2013-05-01 11:18 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-05-02 15:28 . 2012-08-17 03:03 238872 ------w- c:\windows\system32\MpSigStub.exe
    2013-05-01 11:29 . 2012-10-03 11:45 706640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2013-04-13 04:45 . 2013-05-15 00:08 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45 . 2013-05-15 00:08 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
    2013-03-21 07:20 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
    2013-03-19 05:04 . 2013-04-10 09:29 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-03-19 05:04 . 2013-04-10 09:29 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-03-19 04:48 . 2013-04-10 09:29 38912 ----a-w- c:\windows\system32\csrsrv.dll
    2013-03-19 02:49 . 2013-04-10 09:29 69632 ----a-w- c:\windows\system32\smss.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
    "Vanifiibaw"="c:\users\Matt\AppData\Roaming\Vihuovx\ohmui.exe" [2012-11-08 223453]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
    "dldomon.exe"="c:\program files\Dell 968 AIO Printer\dldomon.exe" [2007-10-05 455920]
    "MemoryCardManager"="c:\program files\Dell 968 AIO Printer\memcard.exe" [2007-10-05 410864]
    "Dell 968 AIO Printer Fax Server"="c:\program files\Dell 968 AIO Printer\fm3032.exe" [2007-10-05 312560]
    "Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-03-21 478800]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
    "SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
    "MRT"="c:\windows\system32\MRT.exe" [2013-05-15 72607752]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-03-21 280576]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Camera Monitor SD.lnk - c:\program files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe [2012-8-17 541976]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\dldoserv.exe [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S1 MpKslc832e0a3;MpKslc832e0a3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CFCD9E9D-55A8-410D-AA1E-0EC1A02B4CAB}\MpKslc832e0a3.sys [x]
    S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe [x]
    S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
    S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-17 13:37]
    .
    2013-05-22 c:\windows\Tasks\Security Center Update - 2458005175.job
    - c:\users\Matt\AppData\Roaming\Vihuovx\ohmui.exe [2012-11-08 14:57]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-Adobe CSx Manager - c:\users\Matt\AppData\Roaming\d6eca8fa-bdd5-4019-991b-982afaa6a1e0ad\decafabddbafaaaead.exe
    HKCU-Run-msocpc - c:\users\Matt\AppData\Roaming\msocpc.dll
    HKCU-Run-ashlp - c:\users\Matt\AppData\Roaming\ashlp.dll
    HKCU-Run-miurtew - c:\users\Matt\AppData\Local\miurtew.dll
    HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe
    Notify-SDWinLogon - SDWinLogon.dll
    AddRemove-DefaultTab - c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(3936)
    c:\program files\Spybot - Search & Destroy 2\SDHelper.dll
    c:\program files\Spybot - Search & Destroy 2\snlBase150.bpl
    c:\program files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    c:\program files\Spybot - Search & Destroy 2\DEC150.bpl
    c:\program files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
    c:\program files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    c:\program files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
    c:\program files\Common Files\Apple\Internet Services\ShellStreams.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Client\MsMpEng.exe
    c:\windows\system32\atieclxx.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\PSIService.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\conhost.exe
    c:\windows\RtHDVCpl.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\system32\sppsvc.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\System32\rundll32.exe
    .
    **************************************************************************
    .
    Completion time: 2013-05-22 19:50:21 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-05-22 23:50
    .
    Pre-Run: 324,436,500,480 bytes free
    Post-Run: 324,721,852,416 bytes free
    .
    - - End Of File - - 0A0DEDA635DA6F5439444105AC6DBDD1


    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User : Matt [Admin rights]
    Mode : Remove -- Date : 05/22/2013 19:58:45
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 5 ¤¤¤
    [SUSP PATH] ohmui.exe -- C:\Users\Matt\AppData\Roaming\Vihuovx\ohmui.exe [-] -> KILLED [TermProc]
    [RESIDUE] ohmui.exe -- C:\Users\Matt\AppData\Roaming\Vihuovx\ohmui.exe [-] -> KILLED [TermProc]
    [RESIDUE] ohmui.exe -- C:\Users\Matt\AppData\Roaming\Vihuovx\ohmui.exe [-] -> KILLED [TermProc]
    [RESIDUE] ohmui.exe -- C:\Users\Matt\AppData\Roaming\Vihuovx\ohmui.exe [-] -> KILLED [TermProc]
    [RESIDUE] ohmui.exe -- C:\Users\Matt\AppData\Roaming\Vihuovx\ohmui.exe [-] -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 6 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : Vanifiibaw (C:\Users\Matt\AppData\Roaming\Vihuovx\ohmui.exe) [-] -> DELETED
    [TASK][SUSP PATH] Security Center Update - 2458005175.job : C:\Users\Matt\AppData\Roaming\Vihuovx\ohmui.exe [-] -> DELETED
    [TASK][SUSP PATH] Security Center Update - 2458005175 : C:\Users\Matt\AppData\Roaming\Vihuovx\ohmui.exe [-] -> DELETED
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ Extern Hives: ¤¤¤
    -> D:\windows\system32\config\SOFTWARE
    -> D:\windows\system32\config\SYSTEM
    -> D:\Users\Default\NTUSER.DAT

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: SAMSUNG HD501LJ ATA Device +++++
    --- User ---
    [MBR] b375475226487e8ce2d997a212d681f1
    [BSP] e597a974ea790eba1f4c1e16a34192c0 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 10240 Mo
    2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21084160 | Size: 466644 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: Toshiba Ext HDD USB Device +++++
    --- User ---
    [MBR] 36975d8c628c480db24a99c327662fd9
    [BSP] 42fb20df9705a1a62caf1866578b27ae : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 64 | Size: 953867 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[3]_D_05222013_02d1958.txt >>
    RKreport[1]_S_05222013_02d1701.txt ; RKreport[2]_S_05222013_02d1957.txt ; RKreport[3]_D_05222013_02d1958.txt

  8. #8
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi fujymo,

    1. ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the code-box below into it:

    Code:
    Folder::
    c:\users\Matt\AppData\Roaming\Fiiwso
    c:\users\Matt\AppData\Roaming\Obhobumu
    C:\Users\Matt\AppData\Roaming\Vihuovx
    
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Vanifiibaw"=-
    
    ClearJavaCache::
    Save this as CFScript.txt, in the same location as ComboFix.exe




    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, please post the C:\ComboFix.txt for further review.

    =========================

    In your next post please provide the following:

    • ComboFix.txt
    • How's the computer running?
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  9. #9
    Junior Member
    Join Date
    Feb 2010
    Posts
    20

    Default

    OCD,

    I performed the requested task and the computer appears to be running just fine. The task manager is not showing nay unusual activity and the harddrive is not working as fast as it can.

    Fujymo



    ComboFix 13-05-22.01 - Matt 05/23/2013 15:19:12.2.4 - x86
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.2281 [GMT -4:00]
    Running from: c:\users\Matt\Desktop\ComboFix.exe
    Command switches used :: c:\users\Matt\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
    SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Matt\acrobatreader.exe
    c:\users\Matt\AppData\Roaming\amsecure.exe
    c:\users\Matt\AppData\Roaming\Fiiwso
    c:\users\Matt\AppData\Roaming\Fiiwso\qyrygyy.exe
    c:\users\Matt\AppData\Roaming\Obhobumu
    c:\users\Matt\AppData\Roaming\Vihuovx
    c:\users\Matt\AppData\Roaming\Vihuovx\ohmui.exe
    c:\users\Matt\iexplore.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-04-23 to 2013-05-23 )))))))))))))))))))))))))))))))
    .
    .
    2013-05-23 19:28 . 2013-05-23 19:28 -------- d-----w- c:\users\Matt\AppData\Local\temp
    2013-05-23 19:28 . 2013-05-23 19:28 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2013-05-23 19:28 . 2013-05-23 19:28 -------- d-----w- c:\users\Mcx1-MATT-DESKTOP\AppData\Local\temp
    2013-05-23 19:28 . 2013-05-23 19:28 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-05-23 00:48 . 2013-05-23 00:48 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5561925C-EB9B-4686-A433-A5F78E776AF1}\MpKsled1a8c0f.sys
    2013-05-23 00:10 . 2013-05-23 00:10 60872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5561925C-EB9B-4686-A433-A5F78E776AF1}\offreg.dll
    2013-05-23 00:01 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5561925C-EB9B-4686-A433-A5F78E776AF1}\mpengine.dll
    2013-05-22 20:20 . 2013-05-22 20:19 724464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{74858603-C52E-42A1-9794-CAE5797B6404}\gapaengine.dll
    2013-05-15 23:59 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-05-15 07:03 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2013-05-15 00:23 . 2013-05-15 00:23 388096 ----a-r- c:\users\Matt\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2013-05-15 00:23 . 2013-05-15 00:23 -------- d-----w- c:\program files\Trend Micro
    2013-05-15 00:08 . 2013-04-10 03:14 2347520 ----a-w- c:\windows\system32\win32k.sys
    2013-05-15 00:08 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll
    2013-05-15 00:08 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
    2013-05-15 00:08 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2013-05-15 00:08 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2013-05-15 00:08 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe
    2013-05-15 00:08 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll
    2013-05-15 00:08 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
    2013-05-15 00:04 . 2013-05-15 00:04 -------- d-----w- c:\users\Matt\AppData\Local\Diagnostics
    2013-05-14 22:12 . 2009-01-25 16:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
    2013-05-14 22:12 . 2013-05-14 22:13 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
    2013-05-08 18:15 . 2013-05-08 18:16 -------- d-----w- c:\programdata\MFAData
    2013-05-08 18:15 . 2013-05-08 18:15 -------- d--h--w- c:\programdata\Common Files
    2013-05-08 18:15 . 2013-05-08 18:15 -------- d-----w- c:\users\Matt\AppData\Local\MFAData
    2013-05-08 18:15 . 2013-05-08 18:15 -------- d-----w- c:\users\Matt\AppData\Local\Avg2013
    2013-05-08 17:48 . 2013-05-22 23:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2013-05-08 11:48 . 2013-05-08 11:48 -------- d-----w- c:\program files\CCleaner
    2013-05-08 10:39 . 2013-05-15 00:05 -------- d-----w- c:\users\Matt\AppData\Local\ElevatedDiagnostics
    2013-05-07 10:57 . 2013-05-07 10:57 -------- d-----w- c:\users\Matt\AppData\Roaming\Malwarebytes
    2013-05-07 10:56 . 2013-05-07 10:56 -------- d-----w- c:\programdata\Malwarebytes
    2013-05-07 10:56 . 2013-05-07 10:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-05-07 10:56 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-05-07 10:56 . 2013-05-07 10:56 -------- d-----w- c:\users\Matt\AppData\Local\Programs
    2013-05-01 11:18 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-05-02 15:28 . 2012-08-17 03:03 238872 ------w- c:\windows\system32\MpSigStub.exe
    2013-05-01 11:29 . 2012-10-03 11:45 706640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2013-04-13 04:45 . 2013-05-15 00:08 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45 . 2013-05-15 00:08 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
    2013-03-21 07:20 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
    2013-03-19 05:04 . 2013-04-10 09:29 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-03-19 05:04 . 2013-04-10 09:29 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-03-19 04:48 . 2013-04-10 09:29 38912 ----a-w- c:\windows\system32\csrsrv.dll
    2013-03-19 02:49 . 2013-04-10 09:29 69632 ----a-w- c:\windows\system32\smss.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
    "dldomon.exe"="c:\program files\Dell 968 AIO Printer\dldomon.exe" [2007-10-05 455920]
    "MemoryCardManager"="c:\program files\Dell 968 AIO Printer\memcard.exe" [2007-10-05 410864]
    "Dell 968 AIO Printer Fax Server"="c:\program files\Dell 968 AIO Printer\fm3032.exe" [2007-10-05 312560]
    "Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-03-21 478800]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
    "SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-03-21 280576]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Camera Monitor SD.lnk - c:\program files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe [2012-8-17 541976]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\dldoserv.exe [x]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S1 MpKsled1a8c0f;MpKsled1a8c0f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5561925C-EB9B-4686-A433-A5F78E776AF1}\MpKsled1a8c0f.sys [x]
    S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 82857404
    *NewlyCreated* - MPKSLED1A8C0F
    *Deregistered* - 82857404
    *Deregistered* - TrueSight
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-05-23 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-17 13:37]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-Internet Security - c:\users\Matt\AppData\Roaming\amsecure.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-05-23 15:31:11
    ComboFix-quarantined-files.txt 2013-05-23 19:31
    ComboFix2.txt 2013-05-22 23:50
    .
    Pre-Run: 322,267,201,536 bytes free
    Post-Run: 322,364,616,704 bytes free
    .
    - - End Of File - - E0D6B836D5574018165CC295F1F51790

  10. #10
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi fujymo,

    1. Malwarebytes' Anti-Malware

    Locate Malwarebytes' Anti-Malware (it should be on your desktop).
    If not, download it here
    • Right click and select "Run as Administrator" mbam-setup.exe and follow the prompts to run the program..
    • Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
    • Select Perform quick scan, then click Scan.



    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample: and click Remove Selected .


    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

    =========================

    2. ESET Online Scanner

    *Note:
    • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
    • Please don't go surfing while your resident protection is disabled!
    • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

    ** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

    = = = = = = = = = = = = = = = = = = = =

    Go here to run ESET Online Scanner

    (Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
    • Click Scan.
    • Wait for the scan to finish.
    • When the scan completes, click List of found threats
    • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
    • Include the contents of this report in your next reply

      Note - when ESET doesn't find any threats, no report will be created.
    • Push the back button.
    • Push Finish
    • Re-enable your Antivirus software.

    =========================

    In your next post please provide the following:

    • MBAM log
    • ESET's log.txt
    • What issues still remain?

    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •