Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 34

Thread: Spybot - Search & Destroy unable to remove Delta.Tollbar

  1. #11
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    You had a severely infected machine. I'm going to try and help you out here but I do know there are files found that are pirated, illegal and that is unacceptable.


    The following are not necessarily spyware/malware, but we suggest you place a check mark next to the following entries, as these programs may be taking up system resources.
    All items can be found using http://www.bleepingcomputer.com/startups/ startup items database

    Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
    O4 - HKLM\..\Run: [SystemExplorerAutoStart] "F:\Program Files\System Explorer\SystemExplorer.exe" /TRAY
    O4 - HKLM\..\Run: [Nvtmru] "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
    O4 - HKLM\..\Run: [UnlockerAssistant] "F:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [AtherosBtStack] "F:\Program Files\Bluetooth Suite\BtvStack.exe"
    O4 - HKLM\..\Run: [AthBtTray] "F:\Program Files\Bluetooth Suite\AthBtTray.exe"
    O4 - HKLM\..\Run: [BCSSync] "F:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [Everything] "F:\Program Files\Everything\Everything.exe" -startup
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [WordWeb] "F:\Program Files\WordWeb\wweb32.exe" -startup
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [uTorrent] "F:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
    O4 - HKCU\..\Run: [tinySpell] F:\Program Files\tinySpell\tinyspell.exe
    O4 - HKCU\..\Run: [Ditto] F:\Program Files\Ditto\Ditto.exe
    O4 - HKCU\..\Run: [DU Meter] "F:\Program Files\DU Meter\DUMeter.exe" /autostart
    O4 - HKCU\..\Run: [OfficeSyncProcess] "F:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
    O4 - HKCU\..\Run: [IDMan] F:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [KiesPreload] F:\Program Files\Samsung\Kies\Kies.exe /preload
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [Ditto] F:\Program Files\Ditto\Ditto.exe (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [IDMan] F:\Program Files\Internet Download Manager\IDMan.exe /onboot (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun (User 'UpdatusUser')O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [DU Meter] "F:\Program Files\DU Meter\DUMeter.exe" /autostart (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [KiesPreload] F:\Program Files\Samsung\Kies\Kies.exe /preload (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [KiesAirMessage] F:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [] F:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [OfficeSyncProcess] "F:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" (User 'UpdatusUser')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    after you check these items, of course some you may not want to, please reboot the computer to set the registry.

    ~~~~~~~~~~~~~~~~~~~~~`
    NEXT

    Need to delete the malicious files found.

    Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

    start
    C:\Users\All Users\InstallMate
    C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000
    C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\003\t\00\00000000
    C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000000
    C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000001
    C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\007\t\00\00000000
    C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\009\t\00\00000000
    C:\Users\Michael\Desktop\u1301.exe
    D:\Downloads\Programs\du.meter.6.0x-patch.rar.2233.gzquar
    D:\Downloads\Programs\SetupImgBurn_2.5.7.0.exe
    D:\Downloads\Torrents\Microsoft Office Enterprise 2010 Corporate.zip
    D:\Downloads\Torrents\Auslogics BoostSpeed 6.4.2.0\Auslogics BoostSpeed 6.4.2.0.zip
    D:\Downloads\Torrents\Battery.Calibration.v2.1-AnDrOiD\Battery Calibration v2.1-AnDrOiD.apk
    D:\Downloads\Torrents\Kindle new Library 2012 by naxyyidz\Kindle new Library 2012 by naxyyidz.rar
    :\Downloads\Torrents\Windows Loader v2.2.1. DAZ crack 7\windows loader v2.2.1.exe.
    E:\Downloads\Programs\Tweak-Me!-1.3.0.0-Setup.exe
    F:\Downloads\Antony.Lewis.WordWeb.Pro.Ultimate.Reference.Bundle.v6.8.Retail.Incl.Keygen-BRD.part1.exe
    F:\Downloads\ThaiTV.apk
    F:\Downloads\Compressed\Android.Application.KeysP2P.rar
    F:\Downloads\Compressed\DownloadHashVerifier.zip
    F:\Downloads\Compressed\idm_ultraedit_20.00.0.1037.rar.8578.gzquar
    F:\Downloads\Compressed\rainlendar.pro.2.12.build.136_2.rar.32615.gzquar
    F:\Downloads\Compressed\u.zip
    F:\Downloads\Compressed\Android.Application.KeysP2P\Android.Application.Keys-P2P\Android Keys Collection 2012.rar
    F:\Downloads\Compressed\Android.Application.KeysP2P\Android.Application.Keys-P2P\Android Keys Collection 2012\Android Keys Collection 2012\Poweramp Full Version Unlocker.apk
    F:\Downloads\Programs\ccsetup410.exe
    F:\Downloads\Programs\disk-defrag-setup_2.exe
    F:\Downloads\Programs\ninja-setup-2.4.5.exe
    F:\Downloads\Programs\Riot-setup.exe
    F:\Downloads\Programs\Unlocker1.9.2.exe
    F:\Program Files\SecurityXploded\DownloadHashVerifier\DownloadHashVerifier.exe
    end

    Run FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


    ~~~~~~~~~~~~~~~~~~~~~~~~

    Fixlog.txt <-- Please post it to your reply

    ~~~~~~~~~~~~~

    Forum Policy
    I strongly suggest you remove any cracked software that is installed, we do not approve nor will we provide support in the future for problems produced because of illegal software.

    Don't download/run keygens or cracks..Most are infected by some kind of malware.
    At the least you get adware popups and junk links to junk sites.
    At worst -- system could be destroyed resulting in need to do total wipe/re-install & personal info such as credit card numbers/bank passwords stolen.

    Many of the keygens uploaded to p2p sites are done so by infected systems and are named in such a way to make them look like awsome downloads.
    Most victims don't even know they are sharing worms....Others are script kiddies uploading crapware because they think its funny.

    Crack sites are just as bad.
    Simply visiting the site out of curosity just to see if a "crack" is even available without downloading can get you infected because the sites themselves take advantage of exploitable software/OS to infect it.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  2. #12
    Junior Member
    Join Date
    Jan 2014
    Location
    Bangkok Thailand
    Posts
    25

    Default

    Dear Juliet,

    Here is the Fixlog.txt log:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-01-2014 01
    Ran by Michael at 2014-02-02 16:56:44 Run:2
    Running from C:\Users\Michael\Desktop
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    start
    C:\Users\All Users\InstallMate
    C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000
    C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\003\t\00\00000000
    C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000000
    C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000001
    C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\007\t\00\00000000
    C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\009\t\00\00000000
    C:\Users\Michael\Desktop\u1301.exe
    D:\Downloads\Programs\du.meter.6.0x-patch.rar.2233.gzquar
    D:\Downloads\Programs\SetupImgBurn_2.5.7.0.exe
    D:\Downloads\Torrents\Microsoft Office Enterprise 2010 Corporate.zip
    D:\Downloads\Torrents\Auslogics BoostSpeed 6.4.2.0\Auslogics BoostSpeed 6.4.2.0.zip
    D:\Downloads\Torrents\Battery.Calibration.v2.1-AnDrOiD\Battery Calibration v2.1-AnDrOiD.apk
    D:\Downloads\Torrents\Kindle new Library 2012 by naxyyidz\Kindle new Library 2012 by naxyyidz.rar
    :\Downloads\Torrents\Windows Loader v2.2.1. DAZ crack 7\windows loader v2.2.1.exe.
    E:\Downloads\Programs\Tweak-Me!-1.3.0.0-Setup.exe
    F:\Downloads\Antony.Lewis.WordWeb.Pro.Ultimate.Reference.Bundle.v6.8.Retail.Incl.Keygen-BRD.part1.exe
    F:\Downloads\ThaiTV.apk
    F:\Downloads\Compressed\Android.Application.KeysP2P.rar
    F:\Downloads\Compressed\DownloadHashVerifier.zip
    F:\Downloads\Compressed\idm_ultraedit_20.00.0.1037.rar.8578.gzquar
    F:\Downloads\Compressed\rainlendar.pro.2.12.build.136_2.rar.32615.gzquar
    F:\Downloads\Compressed\u.zip
    F:\Downloads\Compressed\Android.Application.KeysP2P\Android.Application.Keys-P2P\Android Keys Collection 2012.rar
    F:\Downloads\Compressed\Android.Application.KeysP2P\Android.Application.Keys-P2P\Android Keys Collection 2012\Android Keys Collection 2012\Poweramp Full Version Unlocker.apk
    F:\Downloads\Programs\ccsetup410.exe
    F:\Downloads\Programs\disk-defrag-setup_2.exe
    F:\Downloads\Programs\ninja-setup-2.4.5.exe
    F:\Downloads\Programs\Riot-setup.exe
    F:\Downloads\Programs\Unlocker1.9.2.exe
    F:\Program Files\SecurityXploded\DownloadHashVerifier\DownloadHashVerifier.exe
    end
    *****************

    C:\Users\All Users\InstallMate => Moved successfully.
    C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000 => Moved successfully.
    C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\003\t\00\00000000 => Moved successfully.
    C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000000 => Moved successfully.
    C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000001 => Moved successfully.
    C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\007\t\00\00000000 => Moved successfully.
    C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\009\t\00\00000000 => Moved successfully.
    C:\Users\Michael\Desktop\u1301.exe => Moved successfully.
    D:\Downloads\Programs\du.meter.6.0x-patch.rar.2233.gzquar => Moved successfully.
    D:\Downloads\Programs\SetupImgBurn_2.5.7.0.exe => Moved successfully.
    D:\Downloads\Torrents\Microsoft Office Enterprise 2010 Corporate.zip => Moved successfully.
    D:\Downloads\Torrents\Auslogics BoostSpeed 6.4.2.0\Auslogics BoostSpeed 6.4.2.0.zip => Moved successfully.
    D:\Downloads\Torrents\Battery.Calibration.v2.1-AnDrOiD\Battery Calibration v2.1-AnDrOiD.apk => Moved successfully.
    D:\Downloads\Torrents\Kindle new Library 2012 by naxyyidz\Kindle new Library 2012 by naxyyidz.rar => Moved successfully.
    E:\Downloads\Programs\Tweak-Me!-1.3.0.0-Setup.exe => Moved successfully.
    F:\Downloads\Antony.Lewis.WordWeb.Pro.Ultimate.Reference.Bundle.v6.8.Retail.Incl.Keygen-BRD.part1.exe => Moved successfully.
    F:\Downloads\ThaiTV.apk => Moved successfully.
    F:\Downloads\Compressed\Android.Application.KeysP2P.rar => Moved successfully.
    F:\Downloads\Compressed\DownloadHashVerifier.zip => Moved successfully.
    F:\Downloads\Compressed\idm_ultraedit_20.00.0.1037.rar.8578.gzquar => Moved successfully.
    F:\Downloads\Compressed\rainlendar.pro.2.12.build.136_2.rar.32615.gzquar => Moved successfully.
    F:\Downloads\Compressed\u.zip => Moved successfully.
    F:\Downloads\Compressed\Android.Application.KeysP2P\Android.Application.Keys-P2P\Android Keys Collection 2012.rar => Moved successfully.
    F:\Downloads\Compressed\Android.Application.KeysP2P\Android.Application.Keys-P2P\Android Keys Collection 2012\Android Keys Collection 2012\Poweramp Full Version Unlocker.apk => Moved successfully.
    F:\Downloads\Programs\ccsetup410.exe => Moved successfully.
    F:\Downloads\Programs\disk-defrag-setup_2.exe => Moved successfully.
    F:\Downloads\Programs\ninja-setup-2.4.5.exe => Moved successfully.
    F:\Downloads\Programs\Riot-setup.exe => Moved successfully.
    F:\Downloads\Programs\Unlocker1.9.2.exe => Moved successfully.
    F:\Program Files\SecurityXploded\DownloadHashVerifier\DownloadHashVerifier.exe => Moved successfully.

    ==== End of Fixlog ====

    --
    Do I need to post HijackThis new log?

    Thank you.

  3. #13
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    How is the computer at the moment?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  4. #14
    Junior Member
    Join Date
    Jan 2014
    Location
    Bangkok Thailand
    Posts
    25

    Default

    Dear Juliet,

    The PC is working normally, as far as I can see. Although, I didn't have enough time to try things.

    I do not know if it is related, but my downloads are very slow at the moment.

    Thank you.

  5. #15
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    no idea whats up with download speeds, continue to monitor it for now.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  6. #16
    Junior Member
    Join Date
    Jan 2014
    Location
    Bangkok Thailand
    Posts
    25

    Default

    Dear Juliet,

    So far, I didn't notice any significant improvements in system behavior. Sluggishness and mouse inaccessibility is the same as it was before.

    Also, the GMER is still reporting the same rootkit possibility. "GMER has found system modification caused by ROOTKIT activvity."
    Service ??????????????????????????" (*** hidden *** ) [AUTO] <-- ROOTKIT !!!
    If you want, I'll post a full log.

  7. #17
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    I'll post a full log.
    just the part where it identifies the infection or we'll have a very big/long log.

    Also,
    Step 1.
    TDSSKiller:

    Please read carefully and follow these steps.
    • Doubleclick on TDSSKiller.exe on your desktop to run the application, then on Start Scan.




    • If an infected file is detected, the default action will be Cure, click on Continue.




    • If a suspicious file is detected, the default action will be Skip, click on Continue.




    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.




    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  8. #18
    Junior Member
    Join Date
    Jan 2014
    Location
    Bangkok Thailand
    Posts
    25

    Default

    Dear Juliet,

    Kaspersky TDSSKiller v2.8.16.0.
    The scan found NO Threats. Here is a report:

    23:21:17.0585 1380 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
    23:21:18.0945 1380 ============================================================
    23:21:18.0945 1380 Current date / time: 2014/02/02 23:21:18.0945
    23:21:18.0945 1380 SystemInfo:
    23:21:18.0945 1380
    23:21:18.0945 1380 OS Version: 6.1.7601 ServicePack: 1.0
    23:21:18.0945 1380 Product type: Workstation
    23:21:18.0945 1380 ComputerName: MICHAEL-PC
    23:21:18.0945 1380 UserName: Michael
    23:21:18.0945 1380 Windows directory: C:\Windows
    23:21:18.0945 1380 System windows directory: C:\Windows
    23:21:18.0945 1380 Processor architecture: Intel x86
    23:21:18.0945 1380 Number of processors: 4
    23:21:18.0945 1380 Page size: 0x1000
    23:21:18.0945 1380 Boot type: Normal boot
    23:21:18.0945 1380 ============================================================
    23:21:19.0772 1380 Drive \Device\Harddisk0\DR0 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    23:21:19.0812 1380 ============================================================
    23:21:19.0812 1380 \Device\Harddisk0\DR0:
    23:21:20.0014 1380 MBR partitions:
    23:21:20.0014 1380 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E1EDEC
    23:21:20.0038 1380 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4E1EE6A, BlocksNum 0xC34F28D
    23:21:20.0055 1380 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1116E136, BlocksNum 0x287E254
    23:21:20.0066 1380 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x139EC3CA, BlocksNum 0x94BFD6D
    23:21:20.0076 1380 \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0x1CEAC800, BlocksNum 0x603E000
    23:21:20.0076 1380 ============================================================
    23:21:20.0183 1380 C: <-> \Device\Harddisk0\DR0\Partition5
    23:21:20.0219 1380 D: <-> \Device\Harddisk0\DR0\Partition2
    23:21:20.0245 1380 E: <-> \Device\Harddisk0\DR0\Partition3
    23:21:20.0285 1380 F: <-> \Device\Harddisk0\DR0\Partition4
    23:21:20.0285 1380 ============================================================
    23:21:20.0285 1380 Initialize success
    23:21:20.0285 1380 ============================================================
    23:21:29.0366 8596 ============================================================
    23:21:29.0366 8596 Scan started
    23:21:29.0367 8596 Mode: Manual;
    23:21:29.0367 8596 ============================================================
    23:21:30.0042 8596 ================ Scan system memory ========================
    23:21:30.0042 8596 System memory - ok
    23:21:30.0043 8596 ================ Scan services =============================
    23:21:30.0175 8596 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    23:21:30.0177 8596 1394ohci - ok
    23:21:30.0197 8596 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    23:21:30.0229 8596 ACPI - ok
    23:21:30.0248 8596 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    23:21:30.0248 8596 AcpiPmi - ok
    23:21:30.0375 8596 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    23:21:30.0393 8596 Adobe LM Service - ok
    23:21:30.0445 8596 [ 8D268693A6DCE3D7319DF14834841BAF ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    23:21:30.0446 8596 AdobeFlashPlayerUpdateSvc - ok
    23:21:30.0471 8596 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    23:21:30.0477 8596 adp94xx - ok
    23:21:30.0498 8596 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
    23:21:30.0502 8596 adpahci - ok
    23:21:30.0520 8596 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    23:21:30.0522 8596 adpu320 - ok
    23:21:30.0546 8596 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    23:21:30.0547 8596 AeLookupSvc - ok
    23:21:30.0580 8596 [ F81BB7E487EDCEAB630A7EE66CF23913 ] AFD C:\Windows\system32\drivers\afd.sys
    23:21:30.0583 8596 AFD - ok
    23:21:30.0612 8596 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
    23:21:30.0614 8596 agp440 - ok
    23:21:30.0643 8596 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
    23:21:30.0645 8596 aic78xx - ok
    23:21:30.0661 8596 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
    23:21:30.0662 8596 ALG - ok
    23:21:30.0678 8596 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
    23:21:30.0678 8596 aliide - ok
    23:21:30.0697 8596 [ DEB88D6B0D7CE5FB78FC4AB88E6B0C43 ] ambakdrv C:\Windows\system32\ambakdrv.sys
    23:21:30.0698 8596 ambakdrv - ok
    23:21:30.0712 8596 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
    23:21:30.0713 8596 amdagp - ok
    23:21:30.0736 8596 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
    23:21:30.0736 8596 amdide - ok
    23:21:30.0750 8596 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    23:21:30.0751 8596 AmdK8 - ok
    23:21:30.0762 8596 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
    23:21:30.0763 8596 AmdPPM - ok
    23:21:30.0794 8596 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
    23:21:30.0795 8596 amdsata - ok
    23:21:30.0810 8596 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
    23:21:30.0812 8596 amdsbs - ok
    23:21:30.0822 8596 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    23:21:30.0823 8596 amdxata - ok
    23:21:30.0830 8596 [ 9059308FD5FE4317B6C489CA570567CB ] ammntdrv C:\Windows\system32\ammntdrv.sys
    23:21:30.0832 8596 ammntdrv - ok
    23:21:30.0862 8596 [ A913BE84E18FB1A92853AB7525B448F9 ] ampa C:\Windows\system32\ampa.sys
    23:21:30.0863 8596 ampa - ok
    23:21:30.0887 8596 [ 9D6956A382EE791013B3FE4B7206D8C7 ] amwrtdrv C:\Windows\system32\amwrtdrv.sys
    23:21:30.0888 8596 amwrtdrv - ok
    23:21:30.0901 8596 [ 2F8616646215EEDB28C2E40994DB8E38 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
    23:21:30.0901 8596 androidusb - ok
    23:21:30.0991 8596 [ D1AF38FBAC0DC7E6D796B0ED01707EE0 ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
    23:21:30.0992 8596 AppHostSvc - ok
    23:21:31.0026 8596 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
    23:21:31.0027 8596 AppID - ok
    23:21:31.0053 8596 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    23:21:31.0054 8596 AppIDSvc - ok
    23:21:31.0088 8596 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
    23:21:31.0089 8596 Appinfo - ok
    23:21:31.0107 8596 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
    23:21:31.0109 8596 arc - ok
    23:21:31.0122 8596 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
    23:21:31.0124 8596 arcsas - ok
    23:21:31.0158 8596 [ 997E2A930987B5B417C2684C7C4B9156 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
    23:21:31.0159 8596 asmthub3 - ok
    23:21:31.0197 8596 [ EEC4742AA8FDD5FEBDACC566514CC3AD ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
    23:21:31.0200 8596 asmtxhci - ok
    23:21:31.0337 8596 [ 9D768C43FEF254DD50B1DBF8AD5C4C0B ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    23:21:31.0338 8596 aspnet_state - ok
    23:21:31.0363 8596 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    23:21:31.0364 8596 AsyncMac - ok
    23:21:31.0384 8596 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
    23:21:31.0385 8596 atapi - ok
    23:21:31.0411 8596 [ 882EDBAFCC227852C9DCA23EA48D2E78 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
    23:21:31.0412 8596 AthBTPort - ok
    23:21:31.0445 8596 [ 99925B8EC4FCCDB3992292FBCB31069E ] ATHDFU C:\Windows\system32\Drivers\AthDfu.sys
    23:21:31.0447 8596 ATHDFU - ok
    23:21:31.0514 8596 [ 92758ED60F8134E3B844808413F25530 ] AtherosSvc F:\Program Files\Bluetooth Suite\adminservice.exe
    23:21:31.0515 8596 AtherosSvc - ok
    23:21:31.0552 8596 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    23:21:31.0559 8596 AudioEndpointBuilder - ok
    23:21:31.0565 8596 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
    23:21:31.0566 8596 Audiosrv - ok
    23:21:31.0602 8596 [ B5B8FC2C4D520F1F1EED52A980ED5091 ] avc3 C:\Windows\system32\DRIVERS\avc3.sys
    23:21:31.0608 8596 avc3 - ok
    23:21:31.0637 8596 [ 818E7E029DB594DCB8D6218A7D6FA575 ] avckf C:\Windows\system32\DRIVERS\avckf.sys
    23:21:31.0644 8596 avckf - ok
    23:21:31.0656 8596 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
    23:21:31.0657 8596 AxInstSV - ok
    23:21:31.0692 8596 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
    23:21:31.0699 8596 b06bdrv - ok
    23:21:31.0736 8596 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
    23:21:31.0740 8596 b57nd60x - ok
    23:21:31.0791 8596 [ CEC28A8DD313C36E2B3CD12C30A1B4D0 ] Backupper Service F:\Program Files\AOMEI Backupper\ABService.exe
    23:21:31.0792 8596 Backupper Service - ok
    23:21:31.0825 8596 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
    23:21:31.0826 8596 BDESVC - ok
    23:21:31.0886 8596 [ BC0795019263D9421003008C5211350C ] bdfwfpf F:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys
    23:21:31.0889 8596 bdfwfpf - ok
    23:21:31.0892 8596 [ 66668490AC6165FDA83089BF71511BF4 ] bdselfpr F:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys
    23:21:31.0893 8596 bdselfpr - ok
    23:21:31.0911 8596 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
    23:21:31.0912 8596 Beep - ok
    23:21:31.0932 8596 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
    23:21:31.0937 8596 BFE - ok
    23:21:31.0976 8596 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
    23:21:31.0982 8596 BITS - ok
    23:21:31.0984 8596 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    23:21:31.0985 8596 blbdrive - ok
    23:21:32.0050 8596 [ 9D3719BCB5E78CCAFF5A2B192C0F5B81 ] BootDefragDriver C:\Windows\system32\drivers\BootDefragDriver.sys
    23:21:32.0051 8596 BootDefragDriver - ok
    23:21:32.0066 8596 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    23:21:32.0067 8596 bowser - ok
    23:21:32.0081 8596 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
    23:21:32.0082 8596 BrFiltLo - ok
    23:21:32.0089 8596 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
    23:21:32.0089 8596 BrFiltUp - ok
    23:21:32.0113 8596 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
    23:21:32.0114 8596 Browser - ok
    23:21:32.0156 8596 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    23:21:32.0158 8596 Brserid - ok
    23:21:32.0174 8596 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    23:21:32.0175 8596 BrSerWdm - ok
    23:21:32.0199 8596 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    23:21:32.0200 8596 BrUsbMdm - ok
    23:21:32.0209 8596 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    23:21:32.0210 8596 BrUsbSer - ok
    23:21:32.0240 8596 [ E5B321F18A1D8B6B8DD397D92BA5946A ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
    23:21:32.0243 8596 BTATH_A2DP - ok
    23:21:32.0266 8596 [ F60E0C722442EA91F0C253B7814D8192 ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys
    23:21:32.0267 8596 BTATH_BUS - ok
    23:21:32.0298 8596 [ F31E369DB8258B28E3DCF66705AEA9E9 ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys
    23:21:32.0301 8596 BTATH_HCRP - ok
    23:21:32.0335 8596 [ 6651798266FDE23159D961463A63A77D ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
    23:21:32.0337 8596 BTATH_LWFLT - ok
    23:21:32.0349 8596 [ 08EF5298DF80BC136523BCD2ED8B9C37 ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys
    23:21:32.0351 8596 BTATH_RCP - ok
    23:21:32.0366 8596 [ EF6269EAB772989E338BA4C833093BAC ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
    23:21:32.0368 8596 BtFilter - ok
    23:21:32.0391 8596 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
    23:21:32.0392 8596 BthEnum - ok
    23:21:32.0406 8596 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    23:21:32.0407 8596 BTHMODEM - ok
    23:21:32.0429 8596 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
    23:21:32.0431 8596 BthPan - ok
    23:21:32.0471 8596 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
    23:21:32.0477 8596 BTHPORT - ok
    23:21:32.0509 8596 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
    23:21:32.0510 8596 bthserv - ok
    23:21:32.0523 8596 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
    23:21:32.0524 8596 BTHUSB - ok
    23:21:32.0554 8596 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    23:21:32.0556 8596 cdfs - ok
    23:21:32.0570 8596 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    23:21:32.0572 8596 cdrom - ok
    23:21:32.0598 8596 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
    23:21:32.0598 8596 CertPropSvc - ok
    23:21:32.0613 8596 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
    23:21:32.0614 8596 circlass - ok
    23:21:32.0651 8596 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
    23:21:32.0655 8596 CLFS - ok
    23:21:32.0704 8596 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    23:21:32.0706 8596 clr_optimization_v2.0.50727_32 - ok
    23:21:32.0731 8596 [ E87213F37A13E2B54391E40934F071D0 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    23:21:32.0733 8596 clr_optimization_v4.0.30319_32 - ok
    23:21:32.0746 8596 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
    23:21:32.0746 8596 CmBatt - ok
    23:21:32.0766 8596 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
    23:21:32.0766 8596 cmdide - ok
    23:21:32.0798 8596 [ 85449EEBE8F8EBD6481EFBF0F352B4EB ] CNG C:\Windows\system32\Drivers\cng.sys
    23:21:32.0804 8596 CNG - ok
    23:21:32.0808 8596 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys
    23:21:32.0810 8596 Compbatt - ok
    23:21:32.0843 8596 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
    23:21:32.0845 8596 CompositeBus - ok
    23:21:32.0848 8596 COMSysApp - ok
    23:21:32.0851 8596 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    23:21:32.0852 8596 crcdisk - ok
    23:21:32.0874 8596 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    23:21:32.0876 8596 CryptSvc - ok
    23:21:32.0913 8596 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
    23:21:32.0915 8596 DcomLaunch - ok
    23:21:32.0946 8596 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
    23:21:32.0950 8596 defragsvc - ok
    23:21:32.0965 8596 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    23:21:32.0982 8596 DfsC - ok
    23:21:33.0017 8596 [ EDF7F8387C2072205ABCF105F14B13B4 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
    23:21:33.0018 8596 dg_ssudbus - ok
    23:21:33.0048 8596 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
    23:21:33.0052 8596 Dhcp - ok
    23:21:33.0061 8596 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
    23:21:33.0062 8596 discache - ok
    23:21:33.0069 8596 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
    23:21:33.0070 8596 Disk - ok
    23:21:33.0097 8596 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    23:21:33.0099 8596 Dnscache - ok
    23:21:33.0125 8596 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
    23:21:33.0127 8596 dot3svc - ok
    23:21:33.0163 8596 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
    23:21:33.0165 8596 DPS - ok
    23:21:33.0194 8596 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    23:21:33.0195 8596 drmkaud - ok
    23:21:33.0245 8596 [ D19DCBB8C775E71D924BB66D9BFB708C ] DUMeterDrv F:\Program Files\DU Meter\DUMETR32.SYS
    23:21:33.0246 8596 DUMeterDrv - ok
    23:21:33.0247 8596 DUMeterSvc - ok
    23:21:33.0295 8596 [ 71BC35067CABC02C9453AEAA42B2E43E ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    23:21:33.0302 8596 DXGKrnl - ok
    23:21:33.0330 8596 [ 43529B8D3655555D4C600538A1C90328 ] e1cexpress C:\Windows\system32\DRIVERS\e1c6232.sys
    23:21:33.0333 8596 e1cexpress - ok
    23:21:33.0359 8596 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
    23:21:33.0362 8596 EapHost - ok
    23:21:33.0543 8596 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
    23:21:33.0611 8596 ebdrv - ok
    23:21:33.0674 8596 [ 803B370865D907EA21DC0C2B6A8936B5 ] EFS C:\Windows\System32\lsass.exe
    23:21:33.0675 8596 EFS - ok
    23:21:33.0726 8596 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    23:21:33.0731 8596 ehRecvr - ok
    23:21:33.0762 8596 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
    23:21:33.0763 8596 ehSched - ok
    23:21:33.0789 8596 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
    23:21:33.0794 8596 elxstor - ok
    23:21:33.0807 8596 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
    23:21:33.0808 8596 ErrDev - ok
    23:21:33.0837 8596 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
    23:21:33.0838 8596 EventSystem - ok
    23:21:33.0850 8596 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
    23:21:33.0852 8596 exfat - ok
    23:21:33.0867 8596 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    23:21:33.0868 8596 fastfat - ok
    23:21:33.0910 8596 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
    23:21:33.0932 8596 Fax - ok
    23:21:33.0954 8596 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
    23:21:33.0955 8596 fdc - ok
    23:21:33.0969 8596 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
    23:21:33.0969 8596 fdPHost - ok
    23:21:33.0982 8596 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
    23:21:33.0983 8596 FDResPub - ok
    23:21:33.0990 8596 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    23:21:33.0991 8596 FileInfo - ok
    23:21:34.0003 8596 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    23:21:34.0004 8596 Filetrace - ok
    23:21:34.0018 8596 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
    23:21:34.0019 8596 flpydisk - ok
    23:21:34.0037 8596 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    23:21:34.0040 8596 FltMgr - ok
    23:21:34.0092 8596 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
    23:21:34.0150 8596 FontCache - ok
    23:21:34.0205 8596 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    23:21:34.0206 8596 FontCache3.0.0.0 - ok
    23:21:34.0223 8596 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    23:21:34.0225 8596 FsDepends - ok
    23:21:34.0255 8596 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    23:21:34.0256 8596 Fs_Rec - ok
    23:21:34.0293 8596 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    23:21:34.0297 8596 fvevol - ok
    23:21:34.0315 8596 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    23:21:34.0317 8596 gagp30kx - ok
    23:21:34.0361 8596 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
    23:21:34.0369 8596 gpsvc - ok
    23:21:34.0423 8596 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    23:21:34.0424 8596 gupdate - ok
    23:21:34.0427 8596 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    23:21:34.0427 8596 gupdatem - ok
    23:21:34.0443 8596 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    23:21:34.0445 8596 gusvc - ok
    23:21:34.0464 8596 [ 46524E4F27A44A86F28772D80BC3CE02 ] gzflt C:\Windows\system32\DRIVERS\gzflt.sys
    23:21:34.0466 8596 gzflt - ok
    23:21:34.0497 8596 [ 771676DB364B444C6333B5F30C7A1755 ] gzserv F:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
    23:21:34.0498 8596 gzserv - ok
    23:21:34.0511 8596 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    23:21:34.0512 8596 hcw85cir - ok
    23:21:34.0535 8596 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    23:21:34.0540 8596 HdAudAddService - ok
    23:21:34.0560 8596 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    23:21:34.0561 8596 HDAudBus - ok
    23:21:34.0583 8596 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
    23:21:34.0584 8596 HidBatt - ok
    23:21:34.0602 8596 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
    23:21:34.0604 8596 HidBth - ok
    23:21:34.0618 8596 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
    23:21:34.0619 8596 HidIr - ok
    23:21:34.0649 8596 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
    23:21:34.0650 8596 hidserv - ok
    23:21:34.0670 8596 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    23:21:34.0671 8596 HidUsb - ok
    23:21:34.0696 8596 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
    23:21:34.0697 8596 hkmsvc - ok
    23:21:34.0730 8596 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    23:21:34.0753 8596 HomeGroupListener - ok
    23:21:34.0797 8596 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    23:21:34.0799 8596 HomeGroupProvider - ok
    23:21:34.0812 8596 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    23:21:34.0813 8596 HpSAMD - ok
    23:21:34.0836 8596 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    23:21:34.0841 8596 HTTP - ok
    23:21:34.0865 8596 [ 22B142AED14E7385B221539C15AF1568 ] HWiNFO32 C:\Windows\system32\drivers\HWiNFO32.SYS
    23:21:34.0865 8596 HWiNFO32 - ok
    23:21:34.0870 8596 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    23:21:34.0871 8596 hwpolicy - ok
    23:21:34.0887 8596 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    23:21:34.0888 8596 i8042prt - ok
    23:21:34.0922 8596 [ D339C4CA42E96B710567861F7645AF51 ] iaStorA C:\Windows\system32\DRIVERS\iaStorA.sys
    23:21:34.0925 8596 iaStorA - ok
    23:21:34.0980 8596 [ 20E83F4632E15A5E9E716FF2E8AC7FAE ] IAStorDataMgrSvc F:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    23:21:34.0982 8596 IAStorDataMgrSvc - ok
    23:21:35.0011 8596 [ F2AB8BD9DF7B2497ED2A28038140A970 ] iaStorF C:\Windows\system32\DRIVERS\iaStorF.sys
    23:21:35.0012 8596 iaStorF - ok
    23:21:35.0029 8596 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    23:21:35.0030 8596 iaStorV - ok
    23:21:35.0063 8596 [ 203BB2691E7D0088A2C1F9C39C15A9B7 ] IDMWFP C:\Windows\system32\DRIVERS\idmwfp.sys
    23:21:35.0064 8596 IDMWFP - ok
    23:21:35.0122 8596 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    23:21:35.0125 8596 idsvc - ok
    23:21:35.0126 8596 IEEtwCollectorService - ok
    23:21:35.0153 8596 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    23:21:35.0154 8596 iirsp - ok
    23:21:35.0192 8596 [ B9C54120F46392100478F58F374E5709 ] IKEEXT C:\Windows\System32\ikeext.dll
    23:21:35.0198 8596 IKEEXT - ok
    23:21:35.0327 8596 [ 816EEF1A714ABF9A633F478EFAC8F24C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
    23:21:35.0404 8596 IntcAzAudAddService - ok
    23:21:35.0668 8596 [ 406F3093117E72925DF8C50457E280A1 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
    23:21:35.0672 8596 Intel(R) Capability Licensing Service Interface - ok
    23:21:35.0764 8596 [ 0CC925B161F2496AF44E71E91CE42856 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
    23:21:35.0769 8596 Intel(R) Capability Licensing Service TCP IP Interface - ok
    23:21:35.0847 8596 [ 9097B892CBBB306F04A3852912FBDE9A ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
    23:21:35.0849 8596 Intel(R) PROSet Monitoring Service - ok
    23:21:35.0866 8596 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
    23:21:35.0866 8596 intelide - ok
    23:21:35.0908 8596 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    23:21:35.0908 8596 intelppm - ok
    23:21:35.0937 8596 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    23:21:35.0939 8596 IPBusEnum - ok
    23:21:35.0951 8596 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    23:21:35.0952 8596 IpFilterDriver - ok
    23:21:35.0988 8596 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    23:21:35.0990 8596 iphlpsvc - ok
    23:21:36.0004 8596 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    23:21:36.0005 8596 IPMIDRV - ok
    23:21:36.0016 8596 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    23:21:36.0017 8596 IPNAT - ok
    23:21:36.0029 8596 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
    23:21:36.0029 8596 IRENUM - ok
    23:21:36.0043 8596 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    23:21:36.0043 8596 isapnp - ok
    23:21:36.0075 8596 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    23:21:36.0078 8596 iScsiPrt - ok
    23:21:36.0147 8596 [ 1128B38EEC9DAF1B36373B65E87C00A3 ] jhi_service C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    23:21:36.0149 8596 jhi_service - ok
    23:21:36.0201 8596 [ 9C8C370E7E15F0BB86BC264AD9D8AAFA ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
    23:21:36.0202 8596 JRAID - ok
    23:21:36.0215 8596 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    23:21:36.0216 8596 kbdclass - ok
    23:21:36.0230 8596 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    23:21:36.0231 8596 kbdhid - ok
    23:21:36.0236 8596 [ 803B370865D907EA21DC0C2B6A8936B5 ] KeyIso C:\Windows\system32\lsass.exe
    23:21:36.0237 8596 KeyIso - ok
    23:21:36.0263 8596 [ F286830298323272260332D6ABC905C1 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    23:21:36.0263 8596 KSecDD - ok
    23:21:36.0280 8596 [ D7C760D57B1656DD748B9E4AB6CB5A51 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    23:21:36.0281 8596 KSecPkg - ok
    23:21:36.0315 8596 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
    23:21:36.0320 8596 KtmRm - ok
    23:21:36.0366 8596 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
    23:21:36.0370 8596 LanmanServer - ok
    23:21:36.0406 8596 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    23:21:36.0410 8596 LanmanWorkstation - ok
    23:21:36.0438 8596 [ 006540C9CDC7E72ADD1435CF778EC674 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
    23:21:36.0440 8596 LHidFilt - ok
    23:21:36.0458 8596 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    23:21:36.0459 8596 lltdio - ok
    23:21:36.0489 8596 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    23:21:36.0492 8596 lltdsvc - ok
    23:21:36.0501 8596 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
    23:21:36.0501 8596 lmhosts - ok
    23:21:36.0517 8596 [ 3C5BA4B2E4D1180BF9810963A494799A ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
    23:21:36.0518 8596 LMouFilt - ok
    23:21:36.0534 8596 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    23:21:36.0536 8596 LSI_FC - ok
    23:21:36.0550 8596 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    23:21:36.0551 8596 LSI_SAS - ok
    23:21:36.0560 8596 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
    23:21:36.0561 8596 LSI_SAS2 - ok
    23:21:36.0574 8596 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    23:21:36.0576 8596 LSI_SCSI - ok
    23:21:36.0589 8596 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
    23:21:36.0590 8596 luafv - ok
    23:21:36.0623 8596 [ 49F629541C91371FE3AAA2F8728555D9 ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
    23:21:36.0624 8596 LUsbFilt - ok
    23:21:36.0651 8596 [ 1A7DB7A00A4B0D8DA24CD691A4547291 ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2Mon.sys
    23:21:36.0652 8596 LVPr2Mon - ok
    23:21:36.0712 8596 [ 0DDFDCAA92C7F553328DB06BA599BEA9 ] LVPrcSrv C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    23:21:36.0714 8596 LVPrcSrv - ok
    23:21:36.0818 8596 [ 37072EC9299E825F4335CC554B6FAC6A ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys
    23:21:36.0840 8596 LVRS - ok
    23:21:37.0059 8596 [ A240E42A7402E927A71B6E8AA4629B13 ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys
    23:21:37.0266 8596 LVUVC - ok
    23:21:37.0294 8596 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    23:21:37.0295 8596 MBAMProtector - ok
    23:21:37.0390 8596 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler F:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    23:21:37.0393 8596 MBAMScheduler - ok
    23:21:37.0435 8596 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    23:21:37.0437 8596 MBAMService - ok
    23:21:37.0465 8596 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    23:21:37.0465 8596 Mcx2Svc - ok
    23:21:37.0493 8596 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
    23:21:37.0493 8596 megasas - ok
    23:21:37.0517 8596 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
    23:21:37.0518 8596 MegaSR - ok
    23:21:37.0545 8596 [ D1625B6ADDDE12801DB3C2DF029CFDC2 ] MEI C:\Windows\system32\DRIVERS\TeeDriver.sys
    23:21:37.0547 8596 MEI - ok
    23:21:37.0582 8596 Microsoft SharePoint Workspace Audit Service - ok
    23:21:37.0621 8596 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
    23:21:37.0623 8596 MMCSS - ok
    23:21:37.0637 8596 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
    23:21:37.0638 8596 Modem - ok
    23:21:37.0662 8596 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    23:21:37.0662 8596 monitor - ok
    23:21:37.0673 8596 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    23:21:37.0673 8596 mouclass - ok
    23:21:37.0685 8596 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    23:21:37.0685 8596 mouhid - ok
    23:21:37.0698 8596 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    23:21:37.0698 8596 mountmgr - ok
    23:21:37.0717 8596 [ 3B9398E0146855B1DC0E3D9769C80F01 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    23:21:37.0718 8596 MozillaMaintenance - ok
    23:21:37.0745 8596 [ 24406D75B40F0F6B3C1AC7031D734565 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    23:21:37.0746 8596 MpFilter - ok
    23:21:37.0771 8596 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
    23:21:37.0771 8596 mpio - ok
    23:21:37.0786 8596 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    23:21:37.0786 8596 mpsdrv - ok
    23:21:37.0826 8596 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
    23:21:37.0829 8596 MpsSvc - ok
    23:21:37.0851 8596 [ 21F4B24ACFC79A483515BD986DD9043F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    23:21:37.0852 8596 MRxDAV - ok
    23:21:37.0874 8596 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    23:21:37.0875 8596 mrxsmb - ok
    23:21:37.0904 8596 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    23:21:37.0906 8596 mrxsmb10 - ok
    23:21:37.0922 8596 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    23:21:37.0923 8596 mrxsmb20 - ok
    23:21:37.0937 8596 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
    23:21:37.0938 8596 msahci - ok
    23:21:37.0955 8596 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    23:21:37.0955 8596 msdsm - ok
    23:21:37.0969 8596 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
    23:21:37.0970 8596 MSDTC - ok
    23:21:37.0987 8596 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
    23:21:37.0988 8596 Msfs - ok
    23:21:37.0995 8596 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    23:21:37.0996 8596 mshidkmdf - ok
    23:21:38.0004 8596 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    23:21:38.0005 8596 msisadrv - ok
    23:21:38.0033 8596 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    23:21:38.0034 8596 MSiSCSI - ok
    23:21:38.0036 8596 msiserver - ok
    23:21:38.0060 8596 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    23:21:38.0060 8596 MSKSSRV - ok
    23:21:38.0062 8596 MsMpSvc - ok
    23:21:38.0068 8596 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    23:21:38.0068 8596 MSPCLOCK - ok
    23:21:38.0075 8596 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    23:21:38.0075 8596 MSPQM - ok
    23:21:38.0092 8596 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    23:21:38.0093 8596 MsRPC - ok
    23:21:38.0117 8596 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    23:21:38.0117 8596 mssmbios - ok
    23:21:38.0126 8596 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    23:21:38.0127 8596 MSTEE - ok
    23:21:38.0134 8596 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
    23:21:38.0135 8596 MTConfig - ok
    23:21:38.0149 8596 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
    23:21:38.0149 8596 Mup - ok
    23:21:38.0220 8596 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
    23:21:38.0224 8596 napagent - ok
    23:21:38.0267 8596 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    23:21:38.0268 8596 NativeWifiP - ok
    23:21:38.0311 8596 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
    23:21:38.0316 8596 NDIS - ok
    23:21:38.0335 8596 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    23:21:38.0336 8596 NdisCap - ok
    23:21:38.0350 8596 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    23:21:38.0350 8596 NdisTapi - ok
    23:21:38.0364 8596 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    23:21:38.0364 8596 Ndisuio - ok
    23:21:38.0380 8596 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    23:21:38.0380 8596 NdisWan - ok
    23:21:38.0394 8596 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    23:21:38.0394 8596 NDProxy - ok
    23:21:38.0405 8596 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    23:21:38.0406 8596 NetBIOS - ok
    23:21:38.0423 8596 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    23:21:38.0424 8596 NetBT - ok
    23:21:38.0432 8596 [ 803B370865D907EA21DC0C2B6A8936B5 ] Netlogon C:\Windows\system32\lsass.exe
    23:21:38.0432 8596 Netlogon - ok
    23:21:38.0472 8596 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
    23:21:38.0476 8596 Netman - ok
    23:21:38.0497 8596 [ 21318671BCAD3ACF16638F98D4D00973 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    23:21:38.0497 8596 NetMsmqActivator - ok
    23:21:38.0500 8596 [ 21318671BCAD3ACF16638F98D4D00973 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    23:21:38.0501 8596 NetPipeActivator - ok
    23:21:38.0519 8596 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
    23:21:38.0520 8596 netprofm - ok
    23:21:38.0524 8596 [ 21318671BCAD3ACF16638F98D4D00973 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    23:21:38.0524 8596 NetTcpActivator - ok
    23:21:38.0527 8596 [ 21318671BCAD3ACF16638F98D4D00973 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    23:21:38.0528 8596 NetTcpPortSharing - ok
    23:21:38.0536 8596 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    23:21:38.0537 8596 nfrd960 - ok
    23:21:38.0555 8596 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
    23:21:38.0556 8596 NlaSvc - ok
    23:21:38.0564 8596 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
    23:21:38.0564 8596 Npfs - ok
    23:21:38.0597 8596 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
    23:21:38.0597 8596 nsi - ok
    23:21:38.0607 8596 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    23:21:38.0607 8596 nsiproxy - ok
    23:21:38.0671 8596 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    23:21:38.0682 8596 Ntfs - ok
    23:21:38.0687 8596 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
    23:21:38.0688 8596 Null - ok
    23:21:38.0713 8596 [ FBEC0FD36ED61EFEE1E3063281EAB984 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
    23:21:38.0715 8596 NVHDA - ok
    23:21:39.0073 8596 [ FB20C4EE6242B71AB95A65AC2CE19161 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    23:21:39.0104 8596 nvlddmkm - ok
    23:21:39.0135 8596 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    23:21:39.0137 8596 nvraid - ok
    23:21:39.0152 8596 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    23:21:39.0154 8596 nvstor - ok
    23:21:39.0722 8596 [ DB48A9EE04D1D581FB178BF88FA616FD ] NvStreamSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    23:21:40.0119 8596 NvStreamSvc - ok
    23:21:40.0229 8596 [ 6004D55C0434E15CE98A4CF2A6A4BE94 ] nvsvc C:\Windows\system32\nvvsvc.exe
    23:21:40.0233 8596 nvsvc - ok
    23:21:40.0621 8596 [ 005E474630A7AA05A617C574B702FEED ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    23:21:40.0680 8596 nvUpdatusService - ok
    23:21:40.0696 8596 [ 9C6266C4A78D48A4000F658AD187E9E5 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad32v.sys
    23:21:40.0696 8596 nvvad_WaveExtensible - ok
    23:21:40.0721 8596 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    23:21:40.0722 8596 nv_agp - ok
    23:21:40.0751 8596 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    23:21:40.0751 8596 ohci1394 - ok
    23:21:40.0806 8596 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    23:21:40.0808 8596 ose - ok
    23:21:41.0014 8596 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    23:21:41.0140 8596 osppsvc - ok
    23:21:41.0177 8596 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    23:21:41.0179 8596 p2pimsvc - ok
    23:21:41.0196 8596 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
    23:21:41.0198 8596 p2psvc - ok
    23:21:41.0227 8596 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
    23:21:41.0228 8596 Parport - ok
    23:21:41.0255 8596 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
    23:21:41.0255 8596 partmgr - ok
    23:21:41.0270 8596 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
    23:21:41.0270 8596 Parvdm - ok
    23:21:41.0287 8596 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
    23:21:41.0289 8596 PcaSvc - ok
    23:21:41.0297 8596 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
    23:21:41.0297 8596 pci - ok
    23:21:41.0317 8596 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
    23:21:41.0318 8596 pciide - ok
    23:21:41.0335 8596 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    23:21:41.0336 8596 pcmcia - ok
    23:21:41.0349 8596 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
    23:21:41.0350 8596 pcw - ok
    23:21:41.0394 8596 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    23:21:41.0401 8596 PEAUTH - ok
    23:21:41.0465 8596 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
    23:21:41.0476 8596 pla - ok
    23:21:41.0514 8596 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    23:21:41.0515 8596 PlugPlay - ok
    23:21:41.0530 8596 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    23:21:41.0530 8596 PNRPAutoReg - ok
    23:21:41.0544 8596 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    23:21:41.0545 8596 PNRPsvc - ok
    23:21:41.0569 8596 [ 8071BF1D8ACFCF96F36B28E34A16BD78 ] Point32 C:\Windows\system32\DRIVERS\point32.sys
    23:21:41.0569 8596 Point32 - ok
    23:21:41.0607 8596 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    23:21:41.0608 8596 PolicyAgent - ok
    23:21:41.0649 8596 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
    23:21:41.0652 8596 Power - ok
    23:21:41.0664 8596 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    23:21:41.0666 8596 PptpMiniport - ok
    23:21:41.0699 8596 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
    23:21:41.0699 8596 Processor - ok
    23:21:41.0721 8596 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
    23:21:41.0723 8596 ProfSvc - ok
    23:21:41.0730 8596 [ 803B370865D907EA21DC0C2B6A8936B5 ] ProtectedStorage C:\Windows\system32\lsass.exe
    23:21:41.0731 8596 ProtectedStorage - ok
    23:21:41.0743 8596 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    23:21:41.0744 8596 Psched - ok
    23:21:41.0769 8596 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    23:21:41.0770 8596 PSI_SVC_2 - ok
    23:21:41.0826 8596 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    23:21:41.0836 8596 ql2300 - ok
    23:21:41.0846 8596 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    23:21:41.0847 8596 ql40xx - ok
    23:21:41.0878 8596 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
    23:21:41.0880 8596 QWAVE - ok
    23:21:41.0894 8596 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    23:21:41.0895 8596 QWAVEdrv - ok
    23:21:41.0903 8596 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    23:21:41.0903 8596 RasAcd - ok
    23:21:41.0929 8596 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    23:21:41.0930 8596 RasAgileVpn - ok
    23:21:41.0933 8596 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
    23:21:41.0934 8596 RasAuto - ok
    23:21:41.0943 8596 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    23:21:41.0944 8596 Rasl2tp - ok
    23:21:41.0991 8596 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
    23:21:41.0995 8596 RasMan - ok
    23:21:42.0012 8596 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    23:21:42.0013 8596 RasPppoe - ok
    23:21:42.0023 8596 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    23:21:42.0024 8596 RasSstp - ok
    23:21:42.0036 8596 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    23:21:42.0037 8596 rdbss - ok
    23:21:42.0047 8596 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
    23:21:42.0047 8596 rdpbus - ok
    23:21:42.0056 8596 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    23:21:42.0057 8596 RDPCDD - ok
    23:21:42.0068 8596 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    23:21:42.0068 8596 RDPENCDD - ok
    23:21:42.0077 8596 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    23:21:42.0077 8596 RDPREFMP - ok
    23:21:42.0103 8596 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
    23:21:42.0104 8596 RdpVideoMiniport - ok
    23:21:42.0129 8596 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    23:21:42.0130 8596 RDPWD - ok
    23:21:42.0148 8596 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    23:21:42.0149 8596 rdyboost - ok
    23:21:42.0184 8596 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
    23:21:42.0185 8596 RemoteAccess - ok
    23:21:42.0208 8596 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    23:21:42.0209 8596 RemoteRegistry - ok
    23:21:42.0238 8596 [ B9BB8E2093C1615AD6EA55AD96214354 ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys
    23:21:42.0239 8596 Revoflt - ok
    23:21:42.0276 8596 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
    23:21:42.0276 8596 RFCOMM - ok
    23:21:42.0317 8596 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    23:21:42.0319 8596 RpcEptMapper - ok
    23:21:42.0351 8596 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
    23:21:42.0351 8596 RpcLocator - ok
    23:21:42.0368 8596 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
    23:21:42.0370 8596 RpcSs - ok
    23:21:42.0396 8596 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    23:21:42.0397 8596 rspndr - ok
    23:21:42.0413 8596 [ 803B370865D907EA21DC0C2B6A8936B5 ] SamSs C:\Windows\system32\lsass.exe
    23:21:42.0415 8596 SamSs - ok
    23:21:42.0445 8596 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    23:21:42.0446 8596 sbp2port - ok
    23:21:42.0476 8596 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    23:21:42.0477 8596 SCardSvr - ok
    23:21:42.0486 8596 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    23:21:42.0487 8596 scfilter - ok
    23:21:42.0520 8596 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
    23:21:42.0528 8596 Schedule - ok
    23:21:42.0544 8596 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
    23:21:42.0544 8596 SCPolicySvc - ok
    23:21:42.0575 8596 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    23:21:42.0576 8596 SDRSVC - ok
    23:21:42.0728 8596 [ 98EF79CC2B07398AC525F9EA1AE0366F ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    23:21:42.0823 8596 SDScannerService - ok
    23:21:42.0895 8596 [ 14BF6B3AB327D519ED007CDDC56F6900 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    23:21:42.0928 8596 SDUpdateService - ok
    23:21:42.0944 8596 [ 820EBE67AB99F033FDE25B2692157991 ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    23:21:42.0946 8596 SDWSCService - ok
    23:21:42.0973 8596 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    23:21:42.0974 8596 secdrv - ok
    23:21:42.0987 8596 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
    23:21:42.0988 8596 seclogon - ok
    23:21:43.0010 8596 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
    23:21:43.0011 8596 SENS - ok
    23:21:43.0029 8596 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
    23:21:43.0030 8596 SensrSvc - ok
    23:21:43.0044 8596 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\drivers\serenum.sys
    23:21:43.0045 8596 Serenum - ok
    23:21:43.0055 8596 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\drivers\serial.sys
    23:21:43.0056 8596 Serial - ok
    23:21:43.0067 8596 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    23:21:43.0068 8596 sermouse - ok
    23:21:43.0084 8596 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
    23:21:43.0086 8596 SessionEnv - ok
    23:21:43.0112 8596 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    23:21:43.0112 8596 sffdisk - ok
    23:21:43.0126 8596 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    23:21:43.0127 8596 sffp_mmc - ok
    23:21:43.0141 8596 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    23:21:43.0141 8596 sffp_sd - ok
    23:21:43.0154 8596 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    23:21:43.0154 8596 sfloppy - ok
    23:21:43.0208 8596 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
    23:21:43.0211 8596 SharedAccess - ok
    23:21:43.0253 8596 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    23:21:43.0256 8596 ShellHWDetection - ok
    23:21:43.0285 8596 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
    23:21:43.0286 8596 sisagp - ok
    23:21:43.0296 8596 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
    23:21:43.0297 8596 SiSRaid2 - ok
    23:21:43.0311 8596 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    23:21:43.0312 8596 SiSRaid4 - ok
    23:21:43.0505 8596 [ 9F712B26EE3B0242DE997A42FD302E2C ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    23:21:43.0617 8596 Skype C2C Service - ok
    23:21:43.0655 8596 [ 50D9949020E02B847CD48F1243FCB895 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
    23:21:43.0657 8596 SkypeUpdate - ok
    23:21:43.0672 8596 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
    23:21:43.0673 8596 Smb - ok
    23:21:43.0702 8596 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    23:21:43.0703 8596 SNMPTRAP - ok
    23:21:43.0743 8596 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
    23:21:43.0744 8596 spldr - ok
    23:21:43.0826 8596 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
    23:21:43.0830 8596 Spooler - ok
    23:21:43.0951 8596 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
    23:21:44.0048 8596 sppsvc - ok
    23:21:44.0065 8596 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    23:21:44.0066 8596 sppuinotify - ok
    23:21:44.0101 8596 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
    23:21:44.0102 8596 srv - ok
    23:21:44.0123 8596 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    23:21:44.0124 8596 srv2 - ok
    23:21:44.0138 8596 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    23:21:44.0139 8596 srvnet - ok
    23:21:44.0168 8596 [ BB6EDB0257860083193CC1581AC7D485 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
    23:21:44.0170 8596 ssadbus - ok
    23:21:44.0184 8596 [ 5BCB68F7B62159C07789D3F405750623 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
    23:21:44.0185 8596 ssadmdfl - ok
    23:21:44.0193 8596 [ 1588A89F9CD9E68DE9FCC9F60FDB5C08 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
    23:21:44.0194 8596 ssadmdm - ok
    23:21:44.0204 8596 [ 9EFD9F42795C9E90206C1E9A9B25E8D3 ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
    23:21:44.0204 8596 ssadserd - ok
    23:21:44.0225 8596 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    23:21:44.0226 8596 SSDPSRV - ok
    23:21:44.0238 8596 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
    23:21:44.0239 8596 SstpSvc - ok
    23:21:44.0259 8596 [ 24F5F92263E3B461A1105FE370D53D1C ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
    23:21:44.0260 8596 ssudmdm - ok
    23:21:44.0305 8596 [ 4F08BE2C2AC568EE9867A9B0F4F09540 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    23:21:44.0306 8596 Stereo Service - ok
    23:21:44.0337 8596 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
    23:21:44.0337 8596 stexstor - ok
    23:21:44.0373 8596 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
    23:21:44.0376 8596 StiSvc - ok
    23:21:44.0381 8596 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    23:21:44.0382 8596 swenum - ok
    23:21:44.0417 8596 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
    23:21:44.0418 8596 swprv - ok
    23:21:44.0477 8596 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
    23:21:44.0487 8596 SysMain - ok
    23:21:44.0573 8596 [ 7EAEF49D206899909EB63014FC8DC19A ] SystemExplorerHelpService F:\Program Files\System Explorer\service\SystemExplorerService.exe
    23:21:44.0577 8596 SystemExplorerHelpService - ok
    23:21:44.0623 8596 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
    23:21:44.0624 8596 TabletInputService - ok
    23:21:44.0692 8596 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
    23:21:44.0694 8596 TapiSrv - ok
    23:21:44.0737 8596 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
    23:21:44.0739 8596 TBS - ok

    Continued in the next post...

  9. #19
    Junior Member
    Join Date
    Jan 2014
    Location
    Bangkok Thailand
    Posts
    25

    Default

    Continuation...

    23:21:44.0800 8596 [ CA59F7C570AF70BC174F477CFE2D9EE3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    23:21:44.0804 8596 Tcpip - ok
    23:21:44.0819 8596 [ CA59F7C570AF70BC174F477CFE2D9EE3 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    23:21:44.0823 8596 TCPIP6 - ok
    23:21:44.0861 8596 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    23:21:44.0862 8596 tcpipreg - ok
    23:21:44.0898 8596 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    23:21:44.0899 8596 TDPIPE - ok
    23:21:44.0942 8596 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    23:21:44.0943 8596 TDTCP - ok
    23:21:44.0956 8596 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    23:21:44.0956 8596 tdx - ok
    23:21:45.0158 8596 [ 8EA86BC14E5AE25E4DA5C742587FB1A4 ] TeamViewer9 C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
    23:21:45.0309 8596 TeamViewer9 - ok
    23:21:45.0323 8596 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    23:21:45.0324 8596 TermDD - ok
    23:21:45.0365 8596 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
    23:21:45.0371 8596 TermService - ok
    23:21:45.0379 8596 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
    23:21:45.0380 8596 Themes - ok
    23:21:45.0392 8596 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
    23:21:45.0393 8596 THREADORDER - ok
    23:21:45.0422 8596 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
    23:21:45.0440 8596 TrkWks - ok
    23:21:45.0466 8596 [ 88E0F99FDB8DDCB6E6A15380E164FEA2 ] trufos C:\Windows\system32\DRIVERS\trufos.sys
    23:21:45.0469 8596 trufos - ok
    23:21:45.0521 8596 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    23:21:45.0522 8596 TrustedInstaller - ok
    23:21:45.0548 8596 [ B37B08F2E5EEB1A37E448E09BACE1101 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    23:21:45.0548 8596 tssecsrv - ok
    23:21:45.0563 8596 [ C6A5FBD4977305E1FA23E02C042DB463 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    23:21:45.0563 8596 TsUsbFlt - ok
    23:21:45.0592 8596 [ 57C527AF84748B5C2F5178C499C0B81F ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
    23:21:45.0593 8596 TsUsbGD - ok
    23:21:45.0625 8596 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    23:21:45.0626 8596 tunnel - ok
    23:21:45.0636 8596 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    23:21:45.0636 8596 uagp35 - ok
    23:21:45.0658 8596 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    23:21:45.0659 8596 udfs - ok
    23:21:45.0693 8596 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    23:21:45.0694 8596 UI0Detect - ok
    23:21:45.0714 8596 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    23:21:45.0714 8596 uliagpkx - ok
    23:21:45.0731 8596 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    23:21:45.0731 8596 umbus - ok
    23:21:45.0756 8596 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
    23:21:45.0757 8596 UmPass - ok
    23:21:45.0794 8596 [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 F:\Program Files\Unlocker\UnlockerDriver5.sys
    23:21:45.0794 8596 UnlockerDriver5 - ok
    23:21:45.0831 8596 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
    23:21:45.0833 8596 upnphost - ok
    23:21:45.0880 8596 [ A1977C315BF5691DA99235AA4A6907AF ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    23:21:45.0881 8596 usbaudio - ok
    23:21:45.0913 8596 [ 0803FBA9FE829D61AE26EC0BCC910C46 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
    23:21:45.0913 8596 usbccgp - ok
    23:21:46.0084 8596 [ 2352AB5F9F8F097BF9D41D5A4718A041 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    23:21:46.0086 8596 usbcir - ok
    23:21:46.0130 8596 [ D40855F89B69305140BBD7E9A3BA2DA6 ] usbehci C:\Windows\system32\drivers\usbehci.sys
    23:21:46.0130 8596 usbehci - ok
    23:21:46.0168 8596 [ EDF2DF71C4F1E13A6AC75F5224DE655A ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    23:21:46.0170 8596 usbhub - ok
    23:21:46.0190 8596 [ 9828C8D14CC2676421778F0DE638CF97 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    23:21:46.0190 8596 usbohci - ok
    23:21:46.0227 8596 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\drivers\usbprint.sys
    23:21:46.0228 8596 usbprint - ok
    23:21:46.0251 8596 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    23:21:46.0252 8596 USBSTOR - ok
    23:21:46.0269 8596 [ 800AABFD625EEFF899F7E5496BDE37AB ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    23:21:46.0269 8596 usbuhci - ok
    23:21:46.0303 8596 [ DE014425522610BEDCA3821BB8C0F1D5 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
    23:21:46.0303 8596 usbvideo - ok
    23:21:46.0353 8596 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
    23:21:46.0355 8596 UxSms - ok
    23:21:46.0378 8596 [ 803B370865D907EA21DC0C2B6A8936B5 ] VaultSvc C:\Windows\system32\lsass.exe
    23:21:46.0379 8596 VaultSvc - ok
    23:21:46.0413 8596 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    23:21:46.0414 8596 vdrvroot - ok
    23:21:46.0506 8596 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
    23:21:46.0512 8596 vds - ok
    23:21:46.0528 8596 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    23:21:46.0529 8596 vga - ok
    23:21:46.0539 8596 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
    23:21:46.0539 8596 VgaSave - ok
    23:21:46.0551 8596 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    23:21:46.0552 8596 vhdmp - ok
    23:21:46.0584 8596 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
    23:21:46.0584 8596 viaagp - ok
    23:21:46.0596 8596 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
    23:21:46.0596 8596 ViaC7 - ok
    23:21:46.0611 8596 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
    23:21:46.0611 8596 viaide - ok
    23:21:46.0626 8596 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    23:21:46.0626 8596 volmgr - ok
    23:21:46.0643 8596 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    23:21:46.0645 8596 volmgrx - ok
    23:21:46.0675 8596 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    23:21:46.0676 8596 volsnap - ok
    23:21:46.0691 8596 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    23:21:46.0692 8596 vsmraid - ok
    23:21:46.0770 8596 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
    23:21:46.0774 8596 VSS - ok
    23:21:46.0782 8596 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    23:21:46.0782 8596 vwifibus - ok
    23:21:46.0800 8596 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
    23:21:46.0802 8596 W32Time - ok
    23:21:46.0889 8596 [ 57C8C20BFA5BEF6BD851EBAC67A8CED0 ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
    23:21:46.0891 8596 W3SVC - ok
    23:21:46.0900 8596 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    23:21:46.0901 8596 WacomPen - ok
    23:21:46.0915 8596 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    23:21:46.0915 8596 WANARP - ok
    23:21:46.0919 8596 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    23:21:46.0920 8596 Wanarpv6 - ok
    23:21:46.0939 8596 [ 57C8C20BFA5BEF6BD851EBAC67A8CED0 ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
    23:21:46.0940 8596 WAS - ok
    23:21:47.0002 8596 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    23:21:47.0013 8596 WatAdminSvc - ok
    23:21:47.0085 8596 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
    23:21:47.0102 8596 wbengine - ok
    23:21:47.0125 8596 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    23:21:47.0128 8596 WbioSrvc - ok
    23:21:47.0142 8596 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
    23:21:47.0144 8596 wcncsvc - ok
    23:21:47.0153 8596 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    23:21:47.0154 8596 WcsPlugInService - ok
    23:21:47.0202 8596 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
    23:21:47.0202 8596 Wd - ok
    23:21:47.0237 8596 [ 25944D2CC49E0A6C581D02A74B7D6645 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    23:21:47.0242 8596 Wdf01000 - ok
    23:21:47.0255 8596 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
    23:21:47.0256 8596 WdiServiceHost - ok
    23:21:47.0259 8596 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
    23:21:47.0260 8596 WdiSystemHost - ok
    23:21:47.0284 8596 [ 75E8EBD7040CE238684333F97014762A ] WebClient C:\Windows\System32\webclnt.dll
    23:21:47.0286 8596 WebClient - ok
    23:21:47.0299 8596 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
    23:21:47.0300 8596 Wecsvc - ok
    23:21:47.0311 8596 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
    23:21:47.0312 8596 wercplsupport - ok
    23:21:47.0344 8596 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
    23:21:47.0347 8596 WerSvc - ok
    23:21:47.0359 8596 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    23:21:47.0360 8596 WfpLwf - ok
    23:21:47.0377 8596 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    23:21:47.0378 8596 WIMMount - ok
    23:21:47.0429 8596 [ 082CF481F659FAE0DE51AD060881EB47 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
    23:21:47.0432 8596 WinDefend - ok
    23:21:47.0439 8596 WinHttpAutoProxySvc - ok
    23:21:47.0493 8596 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    23:21:47.0495 8596 Winmgmt - ok
    23:21:47.0564 8596 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
    23:21:47.0574 8596 WinRM - ok
    23:21:47.0611 8596 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    23:21:47.0612 8596 WinUsb - ok
    23:21:47.0680 8596 [ A7C993F86BE5AF035DE06DF9160D7008 ] WiseBootAssistant F:\Program Files\Wise\Wise Care 365\BootTime.exe
    23:21:47.0682 8596 WiseBootAssistant - ok
    23:21:47.0742 8596 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
    23:21:47.0755 8596 Wlansvc - ok
    23:21:47.0783 8596 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
    23:21:47.0784 8596 WmiAcpi - ok
    23:21:47.0829 8596 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    23:21:47.0832 8596 wmiApSrv - ok
    23:21:47.0906 8596 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
    23:21:47.0910 8596 WMPNetworkSvc - ok
    23:21:47.0928 8596 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
    23:21:47.0929 8596 WPCSvc - ok
    23:21:47.0951 8596 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    23:21:47.0952 8596 WPDBusEnum - ok
    23:21:47.0985 8596 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    23:21:47.0985 8596 ws2ifsl - ok
    23:21:47.0995 8596 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
    23:21:47.0996 8596 wscsvc - ok
    23:21:48.0001 8596 WSearch - ok
    23:21:48.0085 8596 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
    23:21:48.0130 8596 wuauserv - ok
    23:21:48.0164 8596 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    23:21:48.0165 8596 WudfPf - ok
    23:21:48.0187 8596 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    23:21:48.0188 8596 WUDFRd - ok
    23:21:48.0216 8596 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    23:21:48.0217 8596 wudfsvc - ok
    23:21:48.0247 8596 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll
    23:21:48.0249 8596 WwanSvc - ok
    23:21:48.0276 8596 楗敳潂瑯獁楳瑳湡tI" - ok
    23:21:48.0279 8596 ================ Scan global ===============================
    23:21:48.0329 8596 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
    23:21:48.0355 8596 [ 51BB04243DF6196C06E125898127E397 ] C:\Windows\system32\winsrv.dll
    23:21:48.0362 8596 [ 51BB04243DF6196C06E125898127E397 ] C:\Windows\system32\winsrv.dll
    23:21:48.0390 8596 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
    23:21:48.0430 8596 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
    23:21:48.0434 8596 [Global] - ok
    23:21:48.0434 8596 ================ Scan MBR ==================================
    23:21:48.0452 8596 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    23:21:48.0596 8596 \Device\Harddisk0\DR0 - ok
    23:21:48.0596 8596 ================ Scan VBR ==================================
    23:21:48.0597 8596 [ 0465127D79BBEF7154E32C1A6045797E ] \Device\Harddisk0\DR0\Partition1
    23:21:48.0598 8596 \Device\Harddisk0\DR0\Partition1 - ok
    23:21:48.0611 8596 [ F6BDAB548C5E891284E81656866A28C3 ] \Device\Harddisk0\DR0\Partition2
    23:21:48.0612 8596 \Device\Harddisk0\DR0\Partition2 - ok
    23:21:48.0626 8596 [ C1E451995F221C1C50CAD01A39425052 ] \Device\Harddisk0\DR0\Partition3
    23:21:48.0627 8596 \Device\Harddisk0\DR0\Partition3 - ok
    23:21:48.0637 8596 [ 206B2B5894B92584770FD18A925A895D ] \Device\Harddisk0\DR0\Partition4
    23:21:48.0639 8596 \Device\Harddisk0\DR0\Partition4 - ok
    23:21:48.0651 8596 [ AC3FFB9A21753396539FDC6202DBCF05 ] \Device\Harddisk0\DR0\Partition5
    23:21:48.0653 8596 \Device\Harddisk0\DR0\Partition5 - ok
    23:21:48.0653 8596 ============================================================
    23:21:48.0653 8596 Scan finished
    23:21:48.0653 8596 ============================================================
    23:21:48.0657 8772 Detected object count: 0
    23:21:48.0657 8772 Actual detected object count: 0
    ___

    Here is a GMER partial log:

    GMER 2.1.19357 - http://www.gmer.net
    Rootkit scan 2014-02-02 20:19:33
    Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000067 ST330062 rev.3.AA 279.46GB
    Running: gmer.exe; Driver: C:\Users\Michael\AppData\Local\Temp\uwliifow.sys


    ---- System - GMER 2.1 ----

    SSDT \??\F:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwAllocateVirtualMemory [0x91DA109C]
    SSDT \??\F:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwAlpcConnectPort [0x91DA4544]

    ---...--- CUT HERE ---...---

    ---- Devices - GMER 2.1 ----

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 ambakdrv.sys
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 ambakdrv.sys
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 ambakdrv.sys
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 ambakdrv.sys
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 ambakdrv.sys

    Device \Driver\BTHUSB \Device\00000084 bthport.sys
    Device \Driver\BTHUSB \Device\00000086 bthport.sys

    ---- Services - GMER 2.1 ----

    Service ??????????????????????????" (*** hidden *** ) [AUTO] <-- ROOTKIT !!!

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026832fd4c8
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026832fd4c8 (not active ControlSet)

    ---- EOF - GMER 2.1 ----

  10. #20
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    I think it's something we found earlier

    I have attached a script for FRST, download it to your computer, locate it next to FRST.exe, then start FRST and click on the Fix button and then attach the fixlog.txt to your next reply.





    Attachment 11190
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •