Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with FBI moneypak virus, please help!


  • This topic is locked This topic is locked
19 replies to this topic

#1 TDY329

TDY329

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 22 November 2012 - 01:18 PM

Hello,

I'm infected with the FBI moneypak virus. It won't let me log onto the internet without bringing up the virus screen telling me to pay money. I can run the computer if I shut off my wireless connections. Please help!

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:51 AM

Posted 22 November 2012 - 10:00 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:51 AM

Posted 25 November 2012 - 07:58 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 TDY329

TDY329
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 27 November 2012 - 07:30 PM

Gringo, thank you so much for your help. I have temporarily lost internet access at my apartment and am having to go out to use it, hence the delay, for which I apologize. I might take a little long to respond, but I will eventually. Friday or Saturday will probably be the next time I can respond. Also, I can only access the internet in safemode with networking. Will that be a problem?

log for Security Check:

Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 11.0.1.152
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 15.0.1 Firefox out of Date!
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
````````Process Check: objlist.exe by Laurent````````
Tim Desktop antimalware Defogger.exe
Tim Desktop antimalware SecurityCheck.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

logs for Download DDS:

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 1.6.0_31
Run by Tim at 19:13:41 on 2012-11-27
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\ctfmon.exe
C:\Users\Tim\Desktop\antimalware\SecurityCheck.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [SansaDispatch] c:\users\tim\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11c_Plugin.exe -update plugin
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11c_Plugin.exe -update plugin
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.5.1
TCP: Interfaces\{E4D78717-2D17-411E-BC28-ABB275A96EDA} : DHCPNameServer = 192.168.5.1
TCP: Interfaces\{E4D78717-2D17-411E-BC28-ABB275A96EDA}\251636861656C637 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E4D78717-2D17-411E-BC28-ABB275A96EDA}\2656C6B696E6E233932336 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{E4D78717-2D17-411E-BC28-ABB275A96EDA}\2656C6B696E6E2562616E2765756374737 : DHCPNameServer = 192.168.169.1
TCP: Interfaces\{E4D78717-2D17-411E-BC28-ABB275A96EDA}\65348413 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{E4D78717-2D17-411E-BC28-ABB275A96EDA}\855627875637 : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{E4D78717-2D17-411E-BC28-ABB275A96EDA}\B6F6C6C61627 : DHCPNameServer = 192.168.2.1
Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tim\appdata\roaming\mozilla\firefox\profiles\m58jnm5n.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\tim\appdata\roaming\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\tim\appdata\roaming\move networks\plugins\npqmp071705000014.dll
FF - ExtSQL: 2012-10-19 19:51; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
FF - ExtSQL: !HIDDEN! 2009-11-06 23:10; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? RdpVideoMiniport;Remote Desktop Video Miniport Driver
R? rpcnetp;rpcnetp
R? SrvHsfHDA;SrvHsfHDA
R? SrvHsfV92;SrvHsfV92
R? SrvHsfWinac;SrvHsfWinac
R? Synth3dVsc;Synth3dVsc
R? TsUsbFlt;TsUsbFlt
R? tsusbhub;tsusbhub
R? VGPU;VGPU
R? WatAdminSvc;Windows Activation Technologies Service
S? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
.
=============== Created Last 30 ================
.
2012-11-17 20:05:20 -------- d-----w- C:\$WINDOWS.~LS
2012-11-17 02:21:52 -------- d-----w- c:\windows\pss
2012-11-16 03:10:02 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2012-11-16 03:08:43 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-11-12 14:28:01 6980552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{331934f6-f2ee-4b4c-9f9a-7eee550d8145}\mpengine.dll
.
==================== Find3M ====================
.
2012-11-12 15:36:57 44544 ----a-w- c:\windows\system32\agremove.exe
2012-10-14 03:58:54 44544 ----a-w- c:\programdata\lsass.exe
2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-04 18:30:12 38912 ----a-w- c:\windows\system32\identprv.dll
2012-08-31 17:18:09 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 17:12:02 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
.
============= FINISH: 19:16:52.88 ===============

and...

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume3
Install Date: 11/7/2009 1:01:27 AM
System Uptime: 11/27/2012 6:29:16 PM (1 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel® Core™2 Duo CPU T7100 @ 1.80GHz | Microprocessor | 1795/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 110 GiB total, 46.578 GiB free.
D: is FIXED (NTFS) - 2 GiB total, 1.395 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet 3055
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: Hewlett-Packard
Name: HP LaserJet 3055
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP Color LaserJet 2605dn
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet 2605dn
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart D110 series
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: HP
Name: Photosmart D110 series
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 6500 E710n-z
Device ID: ROOT\MULTIFUNCTION\0003
Manufacturer: HP
Name: Officejet 6500 E710n-z
PNP Device ID: ROOT\MULTIFUNCTION\0003
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 4500 G510n-z
Device ID: ROOT\MULTIFUNCTION\0004
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\MULTIFUNCTION\0004
Service:
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP253: 11/17/2012 12:21:09 PM - Removed Symantec Endpoint Protection.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
32 Bit HP CIO Components Installer
4660_4680_Help
7-Zip 4.65
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.2
Amazon MP3 Downloader 1.0.10
Apple Software Update
ApproveIt Desktop
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
CCleaner
D3DX10
DebugMode Wax 2.0
Dell Driver Download Manager
Dell Touchpad
DivX Setup
ESET Online Scanner v3
FoxTab AVI Converter (remove only)
Google Chrome
Google Update Helper
HiJackThis
HP OfficeJet J4600 All-In-One Series
J4600
Java Auto Updater
Java™ 6 Update 31
LiveUpdate 3.3 (Symantec Corporation)
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Move Media Player
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Firefox 16.0.1 (x86 en-US)
Mozilla Maintenance Service
Mpeg2Decoder 1.3
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
NVIDIA Drivers
ProductContext
PureEdge Viewer 6.5
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Revo Uninstaller 1.93
Sansa Updater
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Sid Meier's Civilization 4
Toolbox
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
VLC media player 2.0.2
WebReg
Winamp
Winamp Detector Plug-in
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
WinRAR 4.20 (32-bit)
Xvid Video Codec
YTD Video Downloader 3.9.3
.
==== Event Viewer Messages From Past Week ========
.
11/27/2012 7:14:12 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Management Instrumentation service to connect.
11/27/2012 7:14:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
11/27/2012 7:12:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service defragsvc with arguments "" in order to run the server: {D20A3293-3341-4AE8-9AAF-8E397CB63C34}
11/27/2012 7:12:26 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/27/2012 7:12:26 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/27/2012 7:12:26 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/27/2012 6:50:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
11/27/2012 6:30:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/27/2012 6:30:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/27/2012 6:30:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/27/2012 6:30:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/27/2012 6:30:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
11/22/2012 5:14:01 PM, Error: NetBT [4307] - Initialization failed because the transport refused to open initial addresses.
11/22/2012 12:05:04 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
11/21/2012 8:10:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
.
==== End Of File ===========================

#5 TDY329

TDY329
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 27 November 2012 - 07:54 PM

In the interest of not wasting more time if you need me to run those programs not in safe mode, I rebooted and ran them (with networking turned off so the virus is not triggered). Here are the logs, if you need them:

DDS 1:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume3
Install Date: 11/7/2009 1:01:27 AM
System Uptime: 11/27/2012 7:32:41 PM (0 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel® Core™2 Duo CPU T7100 @ 1.80GHz | Microprocessor | 792/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 110 GiB total, 46.563 GiB free.
D: is FIXED (NTFS) - 2 GiB total, 1.395 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet 3055
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: Hewlett-Packard
Name: HP LaserJet 3055
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP Color LaserJet 2605dn
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet 2605dn
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart D110 series
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: HP
Name: Photosmart D110 series
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 6500 E710n-z
Device ID: ROOT\MULTIFUNCTION\0003
Manufacturer: HP
Name: Officejet 6500 E710n-z
PNP Device ID: ROOT\MULTIFUNCTION\0003
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 4500 G510n-z
Device ID: ROOT\MULTIFUNCTION\0004
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\MULTIFUNCTION\0004
Service:
.
==== System Restore Points ===================
.
RP253: 11/17/2012 12:21:09 PM - Removed Symantec Endpoint Protection.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
32 Bit HP CIO Components Installer
4660_4680_Help
7-Zip 4.65
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.2
Amazon MP3 Downloader 1.0.10
Apple Software Update
ApproveIt Desktop
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
CCleaner
D3DX10
DebugMode Wax 2.0
Dell Driver Download Manager
Dell Touchpad
DivX Setup
ESET Online Scanner v3
FoxTab AVI Converter (remove only)
Google Chrome
Google Update Helper
HiJackThis
HP OfficeJet J4600 All-In-One Series
J4600
Java Auto Updater
Java™ 6 Update 31
LiveUpdate 3.3 (Symantec Corporation)
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Move Media Player
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Firefox 16.0.1 (x86 en-US)
Mozilla Maintenance Service
Mpeg2Decoder 1.3
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
NVIDIA Drivers
ProductContext
PureEdge Viewer 6.5
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Revo Uninstaller 1.93
Sansa Updater
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Sid Meier's Civilization 4
Toolbox
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
VLC media player 2.0.2
WebReg
Winamp
Winamp Detector Plug-in
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
WinRAR 4.20 (32-bit)
Xvid Video Codec
YTD Video Downloader 3.9.3
.
==== Event Viewer Messages From Past Week ========
.
11/27/2012 7:22:30 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
11/27/2012 7:22:30 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
11/27/2012 7:22:30 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/27/2012 7:14:12 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Management Instrumentation service to connect.
11/27/2012 7:14:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
11/27/2012 7:12:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service defragsvc with arguments "" in order to run the server: {D20A3293-3341-4AE8-9AAF-8E397CB63C34}
11/27/2012 7:12:26 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/27/2012 7:12:26 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/27/2012 7:12:26 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/27/2012 6:50:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
11/27/2012 6:30:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/27/2012 6:30:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/27/2012 6:30:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/27/2012 6:30:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/27/2012 6:30:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
11/22/2012 5:14:01 PM, Error: NetBT [4307] - Initialization failed because the transport refused to open initial addresses.
11/22/2012 12:05:04 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
11/21/2012 8:10:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
.
==== End Of File ===========================

DDS 2:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 1.6.0_31
Run by Tim at 19:43:40 on 2012-11-27
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1022.330 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\rpcnetp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Users\Tim\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\ProgramData\lsass.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k defragsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [SansaDispatch] c:\users\tim\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11c_Plugin.exe -update plugin
StartupFolder: c:\users\tim\appdata\roaming\micros~1\windows\startm~1\programs\startup\ctfmon.lnk - c:\programdata\lsass.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.5.1
TCP: Interfaces\{E4D78717-2D17-411E-BC28-ABB275A96EDA} : DHCPNameServer = 192.168.5.1
TCP: Interfaces\{E4D78717-2D17-411E-BC28-ABB275A96EDA}\251636861656C637 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E4D78717-2D17-411E-BC28-ABB275A96EDA}\2656C6B696E6E233932336 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{E4D78717-2D17-411E-BC28-ABB275A96EDA}\2656C6B696E6E2562616E2765756374737 : DHCPNameServer = 192.168.169.1
TCP: Interfaces\{E4D78717-2D17-411E-BC28-ABB275A96EDA}\65348413 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{E4D78717-2D17-411E-BC28-ABB275A96EDA}\855627875637 : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{E4D78717-2D17-411E-BC28-ABB275A96EDA}\B6F6C6C61627 : DHCPNameServer = 192.168.2.1
Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tim\appdata\roaming\mozilla\firefox\profiles\m58jnm5n.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\tim\appdata\roaming\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\tim\appdata\roaming\move networks\plugins\npqmp071705000014.dll
FF - ExtSQL: 2012-10-19 19:51; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
FF - ExtSQL: !HIDDEN! 2009-11-06 23:10; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
RUnknown rpcnetp;rpcnetp; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-3-6 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-6 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-22 1343400]
.
=============== Created Last 30 ================
.
2012-11-17 20:05:20 -------- d-----w- C:\$WINDOWS.~LS
2012-11-17 02:21:52 -------- d-----w- c:\windows\pss
2012-11-16 03:10:02 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2012-11-16 03:08:43 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-11-12 14:28:01 6980552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{331934f6-f2ee-4b4c-9f9a-7eee550d8145}\mpengine.dll
.
==================== Find3M ====================
.
2012-11-12 15:36:57 44544 ----a-w- c:\windows\system32\agremove.exe
2012-10-14 03:58:54 44544 ----a-w- c:\programdata\lsass.exe
2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-04 18:30:12 38912 ----a-w- c:\windows\system32\identprv.dll
2012-08-31 17:18:09 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 17:12:02 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
.
============= FINISH: 19:45:22.20 ===============

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:51 AM

Posted 27 November 2012 - 08:56 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 TDY329

TDY329
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 29 November 2012 - 09:58 PM

Ok, ran combofix. No problems. My computer seems to be running fine now. Previously after connecting to the internet and maybe opening up a web browser for a bit the FBI moneypak screen would appear. It's been 10 minutes connected to the internet (not in safemode) and no problems. Log is below:

ComboFix 12-11-29.02 - Tim 11/29/2012 21:38:32.3.2 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1022.612 [GMT -5:00]
Running from: c:\users\Tim\Desktop\antimalware\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ce9dd752.pad
c:\programdata\H85KwOa0.exe.b
c:\programdata\lsass.exe
c:\users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
c:\windows\system32\drivers\etc\lmhosts
.
c:\windows\System32\autochk.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-30 )))))))))))))))))))))))))))))))
.
.
2012-11-30 02:49 . 2012-11-30 02:49 -------- d-----w- c:\users\Tim\AppData\Local\temp
2012-11-30 02:49 . 2012-11-30 02:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-11-30 02:49 . 2012-11-30 02:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-17 20:05 . 2012-11-17 20:05 -------- d-----w- C:\$WINDOWS.~LS
2012-11-16 03:10 . 2012-11-30 02:18 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2012-11-16 03:08 . 2012-11-30 02:27 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-11-12 14:28 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{331934F6-F2EE-4B4C-9F9A-7EEE550D8145}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-12 15:36 . 2011-12-16 20:46 44544 ----a-w- c:\windows\system32\agremove.exe
2012-09-14 18:28 . 2012-10-14 04:10 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-04 18:30 . 2012-10-01 21:10 38912 ----a-w- c:\windows\system32\identprv.dll
2012-10-19 20:39 . 2012-10-19 20:39 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SansaDispatch"="c:\users\Tim\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2012-08-30 79872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-05 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-05 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-05 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-10-05 86016]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11c_Plugin.exe" [2011-10-24 247968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AprvRemoveLegacyExcelKeys]
c:\program files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AprvRemoveLegacyWordKeys]
c:\program files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-12 02:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 06:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 16:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 08:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApproveItForOfficeSetup]
2009-04-30 03:12 155648 ----a-w- c:\program files\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\masqform.exe]
2005-07-04 13:50 643072 ----a-w- c:\program files\PureEdge\Viewer 6.5\masqform.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2007-10-05 01:24 86016 ----a-w- c:\windows\System32\nvhotkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-10-05 01:24 81920 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-10-05 01:24 86016 ----a-w- c:\windows\System32\nvsvc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-10-19 23:49 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 rpcnetp;rpcnetp;c:\windows\System32\rpcnetp.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-03 02:41]
.
2012-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-03 02:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.5.1
Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
FF - ProfilePath - c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\m58jnm5n.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=
FF - ExtSQL: 2012-10-19 19:51; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - ExtSQL: !HIDDEN! 2009-11-06 23:10; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Akamai NetSession Interface - c:\users\Tim\AppData\Local\Akamai\netsession_win.exe
AddRemove-FX - AVI Converter - c:\progra~1\FOXTAB~1\Uninstall\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.csc]
"ImagePath"="\?"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-29 21:52:02
ComboFix-quarantined-files.txt 2012-11-30 02:52
ComboFix2.txt 2012-03-26 04:22
ComboFix3.txt 2012-03-25 05:00
.
Pre-Run: 49,942,962,176 bytes free
Post-Run: 53,755,260,928 bytes free
.
- - End Of File - - 280C0F356A5A7C123B51C541E634FE8D

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:51 AM

Posted 30 November 2012 - 08:28 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:51 AM

Posted 02 December 2012 - 11:53 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 TDY329

TDY329
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 05 December 2012 - 07:27 PM

Hello, I am going to need a little bit more time to work on this. Thank you for your help and patience.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:51 AM

Posted 05 December 2012 - 07:46 PM

no problem I will check on you in a couple of days



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:51 AM

Posted 08 December 2012 - 02:11 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:51 AM

Posted 12 December 2012 - 12:38 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 TDY329

TDY329
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 13 December 2012 - 09:23 PM

Ok, finally. Thank you for your patience.

TDSKiller:

22:09:41.0795 2156 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:09:44.0572 2156 ============================================================
22:09:44.0572 2156 Current date / time: 2012/12/11 22:09:44.0572
22:09:44.0572 2156 SystemInfo:
22:09:44.0572 2156
22:09:44.0572 2156 OS Version: 6.1.7601 ServicePack: 1.0
22:09:44.0572 2156 Product type: Workstation
22:09:44.0572 2156 ComputerName: TIM-PC
22:09:45.0284 2156 UserName: Tim
22:09:45.0284 2156 Windows directory: C:\Windows
22:09:45.0284 2156 System windows directory: C:\Windows
22:09:45.0285 2156 Processor architecture: Intel x86
22:09:45.0285 2156 Number of processors: 2
22:09:45.0285 2156 Page size: 0x1000
22:09:45.0285 2156 Boot type: Normal boot
22:09:45.0285 2156 ============================================================
22:10:26.0259 2156 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:10:26.0766 2156 ============================================================
22:10:26.0766 2156 \Device\Harddisk0\DR0:
22:10:26.0827 2156 MBR partitions:
22:10:26.0827 2156 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2B800, BlocksNum 0x400000
22:10:26.0827 2156 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x42B800, BlocksNum 0xDB68800
22:10:26.0827 2156 ============================================================
22:10:27.0331 2156 C: <-> \Device\Harddisk0\DR0\Partition2
22:10:27.0944 2156 D: <-> \Device\Harddisk0\DR0\Partition1
22:10:28.0347 2156 ============================================================
22:10:28.0347 2156 Initialize success
22:10:28.0347 2156 ============================================================
22:12:16.0047 1132 ============================================================
22:12:16.0047 1132 Scan started
22:12:16.0047 1132 Mode: Manual;
22:12:16.0047 1132 ============================================================
22:12:20.0919 1132 ================ Scan system memory ========================
22:12:20.0919 1132 System memory - ok
22:12:20.0924 1132 ================ Scan services =============================
22:12:20.0943 1132 .csc - ok
22:12:21.0870 1132 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:12:21.0916 1132 1394ohci - ok
22:12:22.0016 1132 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:12:22.0023 1132 ACPI - ok
22:12:22.0056 1132 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:12:22.0058 1132 AcpiPmi - ok
22:12:22.0138 1132 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:12:22.0165 1132 adp94xx - ok
22:12:22.0212 1132 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:12:22.0238 1132 adpahci - ok
22:12:22.0325 1132 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:12:22.0344 1132 adpu320 - ok
22:12:22.0383 1132 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:12:22.0385 1132 AeLookupSvc - ok
22:12:22.0542 1132 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
22:12:22.0587 1132 AFD - ok
22:12:22.0672 1132 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
22:12:22.0727 1132 agp440 - ok
22:12:23.0004 1132 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
22:12:23.0131 1132 aic78xx - ok
22:12:23.0569 1132 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
22:12:23.0606 1132 ALG - ok
22:12:23.0716 1132 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
22:12:23.0804 1132 aliide - ok
22:12:23.0948 1132 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
22:12:24.0026 1132 amdagp - ok
22:12:24.0188 1132 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
22:12:24.0267 1132 amdide - ok
22:12:24.0352 1132 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:12:24.0422 1132 AmdK8 - ok
22:12:24.0510 1132 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:12:24.0555 1132 AmdPPM - ok
22:12:24.0738 1132 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:12:24.0751 1132 amdsata - ok
22:12:24.0863 1132 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:12:24.0900 1132 amdsbs - ok
22:12:24.0949 1132 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:12:24.0980 1132 amdxata - ok
22:12:25.0114 1132 [ 350F19EB5FE4EC37A2414DF56CDE1AA8 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
22:12:25.0155 1132 ApfiltrService - ok
22:12:25.0323 1132 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
22:12:25.0366 1132 AppID - ok
22:12:25.0429 1132 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:12:25.0492 1132 AppIDSvc - ok
22:12:25.0690 1132 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
22:12:25.0710 1132 Appinfo - ok
22:12:25.0926 1132 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
22:12:26.0002 1132 AppMgmt - ok
22:12:26.0069 1132 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
22:12:26.0137 1132 arc - ok
22:12:26.0157 1132 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:12:26.0177 1132 arcsas - ok
22:12:26.0260 1132 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:12:26.0302 1132 AsyncMac - ok
22:12:26.0473 1132 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
22:12:26.0474 1132 atapi - ok
22:12:26.0851 1132 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:12:26.0861 1132 AudioEndpointBuilder - ok
22:12:26.0878 1132 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
22:12:26.0882 1132 Audiosrv - ok
22:12:27.0020 1132 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:12:27.0043 1132 AxInstSV - ok
22:12:27.0472 1132 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
22:12:27.0694 1132 b06bdrv - ok
22:12:28.0092 1132 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
22:12:28.0191 1132 b57nd60x - ok
22:12:29.0392 1132 [ F9CE9B5E049EFC66B8E6C73C18EE8438 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
22:12:29.0580 1132 BCM43XX - ok
22:12:29.0677 1132 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
22:12:29.0745 1132 BDESVC - ok
22:12:30.0021 1132 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
22:12:30.0149 1132 Beep - ok
22:12:30.0648 1132 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
22:12:30.0687 1132 BFE - ok
22:12:30.0954 1132 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
22:12:31.0125 1132 BITS - ok
22:12:31.0184 1132 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:12:31.0242 1132 blbdrive - ok
22:12:31.0374 1132 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:12:31.0475 1132 bowser - ok
22:12:31.0591 1132 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:12:31.0710 1132 BrFiltLo - ok
22:12:31.0795 1132 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:12:31.0866 1132 BrFiltUp - ok
22:12:32.0556 1132 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
22:12:32.0637 1132 BridgeMP - ok
22:12:32.0846 1132 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
22:12:32.0941 1132 Browser - ok
22:12:33.0227 1132 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:12:33.0278 1132 Brserid - ok
22:12:33.0401 1132 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:12:33.0452 1132 BrSerWdm - ok
22:12:33.0584 1132 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:12:33.0645 1132 BrUsbMdm - ok
22:12:33.0763 1132 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:12:33.0867 1132 BrUsbSer - ok
22:12:34.0094 1132 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
22:12:34.0181 1132 BthEnum - ok
22:12:34.0215 1132 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:12:34.0276 1132 BTHMODEM - ok
22:12:34.0573 1132 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
22:12:34.0576 1132 BthPan - ok
22:12:34.0815 1132 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
22:12:34.0841 1132 BTHPORT - ok
22:12:34.0988 1132 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
22:12:35.0023 1132 bthserv - ok
22:12:35.0156 1132 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
22:12:35.0187 1132 BTHUSB - ok
22:12:36.0377 1132 catchme - ok
22:12:36.0507 1132 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:12:36.0564 1132 cdfs - ok
22:12:36.0725 1132 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
22:12:36.0775 1132 cdrom - ok
22:12:36.0942 1132 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
22:12:36.0983 1132 CertPropSvc - ok
22:12:37.0053 1132 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:12:37.0089 1132 circlass - ok
22:12:37.0222 1132 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
22:12:37.0250 1132 CLFS - ok
22:12:37.0900 1132 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:12:38.0422 1132 clr_optimization_v2.0.50727_32 - ok
22:12:39.0459 1132 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:12:40.0481 1132 clr_optimization_v4.0.30319_32 - ok
22:12:40.0592 1132 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:12:40.0613 1132 CmBatt - ok
22:12:40.0700 1132 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:12:40.0764 1132 cmdide - ok
22:12:40.0955 1132 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
22:12:41.0080 1132 CNG - ok
22:12:41.0356 1132 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:12:41.0490 1132 Compbatt - ok
22:12:41.0699 1132 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:12:41.0812 1132 CompositeBus - ok
22:12:41.0917 1132 COMSysApp - ok
22:12:42.0061 1132 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:12:42.0193 1132 crcdisk - ok
22:12:42.0471 1132 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:12:42.0520 1132 CryptSvc - ok
22:12:42.0779 1132 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys
22:12:42.0838 1132 CSC - ok
22:12:43.0285 1132 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
22:12:43.0432 1132 CscService - ok
22:12:43.0746 1132 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
22:12:43.0771 1132 DcomLaunch - ok
22:12:43.0870 1132 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
22:12:43.0909 1132 defragsvc - ok
22:12:44.0026 1132 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:12:44.0091 1132 DfsC - ok
22:12:44.0538 1132 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
22:12:44.0606 1132 Dhcp - ok
22:12:44.0785 1132 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
22:12:44.0930 1132 discache - ok
22:12:45.0107 1132 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:12:45.0222 1132 Disk - ok
22:12:45.0867 1132 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:12:45.0917 1132 Dnscache - ok
22:12:46.0092 1132 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
22:12:46.0158 1132 dot3svc - ok
22:12:46.0753 1132 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
22:12:46.0856 1132 Dot4 - ok
22:12:47.0162 1132 [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
22:12:47.0220 1132 Dot4Print - ok
22:12:47.0427 1132 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
22:12:47.0662 1132 dot4usb - ok
22:12:47.0808 1132 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
22:12:47.0851 1132 DPS - ok
22:12:48.0074 1132 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:12:48.0152 1132 drmkaud - ok
22:12:48.0547 1132 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:12:48.0615 1132 DXGKrnl - ok
22:12:48.0720 1132 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
22:12:48.0731 1132 EapHost - ok
22:12:49.0854 1132 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
22:12:50.0041 1132 ebdrv - ok
22:12:50.0117 1132 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
22:12:50.0128 1132 EFS - ok
22:12:50.0671 1132 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:12:50.0993 1132 ehRecvr - ok
22:12:51.0082 1132 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
22:12:51.0132 1132 ehSched - ok
22:12:51.0505 1132 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:12:51.0628 1132 elxstor - ok
22:12:52.0388 1132 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:12:52.0467 1132 ErrDev - ok
22:12:52.0791 1132 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
22:12:52.0828 1132 EventSystem - ok
22:12:52.0974 1132 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
22:12:53.0023 1132 exfat - ok
22:12:53.0989 1132 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:12:54.0033 1132 fastfat - ok
22:12:56.0814 1132 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
22:12:56.0875 1132 Fax - ok
22:12:56.0960 1132 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:12:57.0002 1132 fdc - ok
22:12:57.0174 1132 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
22:12:57.0240 1132 fdPHost - ok
22:12:57.0474 1132 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
22:12:57.0622 1132 FDResPub - ok
22:12:57.0706 1132 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:12:57.0767 1132 FileInfo - ok
22:12:57.0864 1132 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:12:57.0897 1132 Filetrace - ok
22:12:58.0382 1132 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:12:58.0409 1132 FLEXnet Licensing Service - ok
22:12:58.0446 1132 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:12:58.0461 1132 flpydisk - ok
22:12:58.0636 1132 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:12:58.0675 1132 FltMgr - ok
22:12:59.0181 1132 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
22:12:59.0225 1132 FontCache - ok
22:13:00.0084 1132 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:13:00.0184 1132 FontCache3.0.0.0 - ok
22:13:00.0234 1132 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:13:00.0261 1132 FsDepends - ok
22:13:00.0342 1132 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:13:00.0475 1132 Fs_Rec - ok
22:13:00.0745 1132 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:13:00.0755 1132 fvevol - ok
22:13:00.0895 1132 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:13:00.0925 1132 gagp30kx - ok
22:13:01.0025 1132 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
22:13:01.0055 1132 gpsvc - ok
22:13:01.0145 1132 [ F058C5F64DFF28A2C8D7D1D04171E604 ] guardian2 C:\Windows\system32\Drivers\oz776.sys
22:13:01.0195 1132 guardian2 - ok
22:13:01.0695 1132 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
22:13:01.0705 1132 gupdate - ok
22:13:01.0785 1132 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
22:13:01.0785 1132 gupdatem - ok
22:13:01.0875 1132 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:13:01.0905 1132 hcw85cir - ok
22:13:02.0125 1132 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:13:02.0175 1132 HdAudAddService - ok
22:13:02.0295 1132 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:13:02.0325 1132 HDAudBus - ok
22:13:02.0385 1132 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:13:02.0395 1132 HidBatt - ok
22:13:02.0455 1132 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:13:02.0575 1132 HidBth - ok
22:13:02.0645 1132 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:13:02.0655 1132 HidIr - ok
22:13:02.0755 1132 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
22:13:02.0795 1132 hidserv - ok
22:13:02.0965 1132 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
22:13:03.0005 1132 HidUsb - ok
22:13:03.0085 1132 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:13:03.0105 1132 hkmsvc - ok
22:13:03.0245 1132 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:13:03.0275 1132 HomeGroupListener - ok
22:13:03.0375 1132 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:13:03.0405 1132 HomeGroupProvider - ok
22:13:03.0495 1132 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:13:03.0515 1132 HpSAMD - ok
22:13:04.0095 1132 [ 83DB5DD8BE71CBA5447FBD7A48FDBEDA ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
22:13:04.0275 1132 HPSLPSVC - ok
22:13:04.0547 1132 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:13:04.0637 1132 HTTP - ok
22:13:04.0727 1132 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:13:04.0777 1132 hwpolicy - ok
22:13:04.0877 1132 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:13:04.0907 1132 i8042prt - ok
22:13:05.0087 1132 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:13:05.0117 1132 iaStorV - ok
22:13:05.0267 1132 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:13:05.0367 1132 idsvc - ok
22:13:05.0509 1132 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:13:05.0569 1132 iirsp - ok
22:13:05.0759 1132 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
22:13:05.0769 1132 IKEEXT - ok
22:13:05.0819 1132 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
22:13:05.0819 1132 intelide - ok
22:13:06.0139 1132 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:13:06.0139 1132 intelppm - ok
22:13:06.0179 1132 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:13:06.0199 1132 IPBusEnum - ok
22:13:06.0249 1132 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:13:06.0259 1132 IpFilterDriver - ok
22:13:06.0449 1132 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:13:06.0459 1132 iphlpsvc - ok
22:13:06.0519 1132 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:13:06.0529 1132 IPMIDRV - ok
22:13:06.0559 1132 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:13:06.0569 1132 IPNAT - ok
22:13:06.0639 1132 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:13:06.0639 1132 IRENUM - ok
22:13:06.0669 1132 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:13:06.0669 1132 isapnp - ok
22:13:06.0709 1132 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:13:06.0709 1132 iScsiPrt - ok
22:13:06.0749 1132 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
22:13:06.0769 1132 kbdclass - ok
22:13:06.0839 1132 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
22:13:06.0839 1132 kbdhid - ok
22:13:06.0869 1132 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
22:13:06.0869 1132 KeyIso - ok
22:13:06.0919 1132 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:13:06.0919 1132 KSecDD - ok
22:13:06.0979 1132 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:13:06.0979 1132 KSecPkg - ok
22:13:07.0059 1132 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
22:13:07.0069 1132 KtmRm - ok
22:13:07.0109 1132 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
22:13:07.0119 1132 LanmanServer - ok
22:13:07.0169 1132 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:13:07.0179 1132 LanmanWorkstation - ok
22:13:07.0419 1132 [ E34152D03CAAAAA81DD66D803F392522 ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
22:13:07.0599 1132 LiveUpdate - ok
22:13:07.0669 1132 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:13:07.0679 1132 lltdio - ok
22:13:07.0729 1132 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:13:07.0739 1132 lltdsvc - ok
22:13:07.0779 1132 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
22:13:07.0779 1132 lmhosts - ok
22:13:07.0849 1132 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:13:07.0859 1132 LSI_FC - ok
22:13:07.0899 1132 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:13:07.0919 1132 LSI_SAS - ok
22:13:07.0989 1132 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:13:07.0999 1132 LSI_SAS2 - ok
22:13:08.0039 1132 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:13:08.0059 1132 LSI_SCSI - ok
22:13:08.0110 1132 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
22:13:08.0114 1132 luafv - ok
22:13:08.0191 1132 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:13:08.0221 1132 Mcx2Svc - ok
22:13:08.0251 1132 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:13:08.0271 1132 megasas - ok
22:13:08.0361 1132 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:13:08.0371 1132 MegaSR - ok
22:13:08.0426 1132 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
22:13:08.0463 1132 MMCSS - ok
22:13:08.0493 1132 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
22:13:08.0493 1132 Modem - ok
22:13:08.0543 1132 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:13:08.0573 1132 monitor - ok
22:13:08.0653 1132 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
22:13:08.0673 1132 mouclass - ok
22:13:08.0763 1132 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:13:08.0773 1132 mouhid - ok
22:13:08.0823 1132 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:13:08.0833 1132 mountmgr - ok
22:13:08.0933 1132 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:13:08.0943 1132 MozillaMaintenance - ok
22:13:08.0983 1132 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
22:13:08.0983 1132 mpio - ok
22:13:09.0013 1132 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:13:09.0033 1132 mpsdrv - ok
22:13:09.0263 1132 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:13:09.0273 1132 MpsSvc - ok
22:13:09.0323 1132 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:13:09.0333 1132 MRxDAV - ok
22:13:09.0363 1132 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:13:09.0383 1132 mrxsmb - ok
22:13:09.0413 1132 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:13:09.0433 1132 mrxsmb10 - ok
22:13:09.0473 1132 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:13:09.0473 1132 mrxsmb20 - ok
22:13:09.0533 1132 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
22:13:09.0533 1132 msahci - ok
22:13:09.0613 1132 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:13:09.0613 1132 msdsm - ok
22:13:09.0653 1132 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
22:13:09.0663 1132 MSDTC - ok
22:13:09.0733 1132 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:13:09.0733 1132 Msfs - ok
22:13:09.0763 1132 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:13:09.0793 1132 mshidkmdf - ok
22:13:09.0833 1132 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:13:09.0833 1132 msisadrv - ok
22:13:09.0883 1132 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:13:09.0893 1132 MSiSCSI - ok
22:13:09.0903 1132 msiserver - ok
22:13:09.0943 1132 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:13:09.0943 1132 MSKSSRV - ok
22:13:09.0973 1132 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:13:09.0973 1132 MSPCLOCK - ok
22:13:09.0993 1132 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:13:09.0993 1132 MSPQM - ok
22:13:10.0023 1132 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:13:10.0023 1132 MsRPC - ok
22:13:10.0053 1132 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:13:10.0053 1132 mssmbios - ok
22:13:10.0093 1132 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:13:10.0093 1132 MSTEE - ok
22:13:10.0113 1132 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:13:10.0113 1132 MTConfig - ok
22:13:10.0143 1132 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
22:13:10.0143 1132 Mup - ok
22:13:10.0243 1132 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
22:13:10.0253 1132 napagent - ok
22:13:10.0303 1132 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:13:10.0303 1132 NativeWifiP - ok
22:13:10.0423 1132 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:13:10.0433 1132 NDIS - ok
22:13:10.0463 1132 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:13:10.0473 1132 NdisCap - ok
22:13:10.0503 1132 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:13:10.0503 1132 NdisTapi - ok
22:13:10.0563 1132 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:13:10.0563 1132 Ndisuio - ok
22:13:10.0633 1132 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:13:10.0653 1132 NdisWan - ok
22:13:10.0693 1132 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:13:10.0743 1132 NDProxy - ok
22:13:10.0863 1132 [ 510C138564486FF926A3F773205C63D1 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
22:13:10.0883 1132 Net Driver HPZ12 - ok
22:13:10.0933 1132 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:13:10.0943 1132 NetBIOS - ok
22:13:11.0003 1132 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:13:11.0003 1132 NetBT - ok
22:13:11.0023 1132 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
22:13:11.0023 1132 Netlogon - ok
22:13:11.0123 1132 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
22:13:11.0133 1132 Netman - ok
22:13:11.0203 1132 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
22:13:11.0213 1132 netprofm - ok
22:13:11.0303 1132 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:13:11.0303 1132 NetTcpPortSharing - ok
22:13:11.0363 1132 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:13:11.0363 1132 nfrd960 - ok
22:13:11.0423 1132 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:13:11.0443 1132 NlaSvc - ok
22:13:11.0473 1132 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:13:11.0473 1132 Npfs - ok
22:13:11.0533 1132 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
22:13:11.0533 1132 nsi - ok
22:13:11.0573 1132 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:13:11.0573 1132 nsiproxy - ok
22:13:11.0763 1132 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:13:11.0783 1132 Ntfs - ok
22:13:11.0843 1132 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
22:13:11.0843 1132 Null - ok
22:13:12.0476 1132 [ DC89868592D74DE404406C9420C3F277 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:13:12.0749 1132 nvlddmkm - ok
22:13:12.0837 1132 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:13:12.0907 1132 nvraid - ok
22:13:12.0937 1132 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:13:12.0937 1132 nvstor - ok
22:13:12.0997 1132 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:13:13.0017 1132 nv_agp - ok
22:13:13.0307 1132 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:13:13.0317 1132 odserv - ok
22:13:13.0387 1132 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:13:13.0427 1132 ohci1394 - ok
22:13:13.0547 1132 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:13:13.0587 1132 ose - ok
22:13:13.0677 1132 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:13:14.0027 1132 p2pimsvc - ok
22:13:14.0187 1132 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
22:13:14.0217 1132 p2psvc - ok
22:13:14.0287 1132 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:13:14.0307 1132 Parport - ok
22:13:14.0377 1132 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:13:14.0397 1132 partmgr - ok
22:13:14.0427 1132 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
22:13:14.0447 1132 Parvdm - ok
22:13:14.0517 1132 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:13:14.0567 1132 PcaSvc - ok
22:13:14.0667 1132 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
22:13:14.0697 1132 pci - ok
22:13:14.0737 1132 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
22:13:14.0737 1132 pciide - ok
22:13:14.0817 1132 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:13:14.0837 1132 pcmcia - ok
22:13:14.0857 1132 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
22:13:14.0857 1132 pcw - ok
22:13:14.0897 1132 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:13:14.0917 1132 PEAUTH - ok
22:13:15.0257 1132 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:13:15.0347 1132 PeerDistSvc - ok
22:13:16.0049 1132 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
22:13:16.0149 1132 pla - ok
22:13:16.0339 1132 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:13:16.0409 1132 PlugPlay - ok
22:13:16.0439 1132 [ 37E5E8FFBAD35605DAEEC3224EA0E465 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
22:13:16.0459 1132 Pml Driver HPZ12 - ok
22:13:16.0529 1132 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:13:16.0529 1132 PNRPAutoReg - ok
22:13:16.0599 1132 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:13:16.0609 1132 PNRPsvc - ok
22:13:17.0003 1132 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:13:17.0043 1132 PolicyAgent - ok
22:13:17.0093 1132 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
22:13:17.0123 1132 Power - ok
22:13:17.0173 1132 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:13:17.0193 1132 PptpMiniport - ok
22:13:17.0233 1132 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:13:17.0243 1132 Processor - ok
22:13:17.0373 1132 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
22:13:17.0435 1132 ProfSvc - ok
22:13:17.0517 1132 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:13:17.0517 1132 ProtectedStorage - ok
22:13:17.0587 1132 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:13:17.0597 1132 Psched - ok
22:13:18.0249 1132 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:13:18.0359 1132 ql2300 - ok
22:13:18.0451 1132 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:13:18.0541 1132 ql40xx - ok
22:13:18.0651 1132 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
22:13:18.0691 1132 QWAVE - ok
22:13:18.0751 1132 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:13:18.0751 1132 QWAVEdrv - ok
22:13:18.0791 1132 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:13:18.0791 1132 RasAcd - ok
22:13:18.0901 1132 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:13:18.0941 1132 RasAgileVpn - ok
22:13:18.0971 1132 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
22:13:18.0971 1132 RasAuto - ok
22:13:19.0051 1132 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:13:19.0061 1132 Rasl2tp - ok
22:13:19.0191 1132 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
22:13:19.0231 1132 RasMan - ok
22:13:19.0281 1132 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:13:19.0281 1132 RasPppoe - ok
22:13:19.0311 1132 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:13:19.0311 1132 RasSstp - ok
22:13:19.0391 1132 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:13:19.0391 1132 rdbss - ok
22:13:19.0421 1132 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:13:19.0431 1132 rdpbus - ok
22:13:19.0471 1132 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:13:19.0481 1132 RDPCDD - ok
22:13:19.0521 1132 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:13:19.0551 1132 RDPDR - ok
22:13:19.0631 1132 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:13:19.0721 1132 RDPENCDD - ok
22:13:19.0761 1132 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:13:19.0761 1132 RDPREFMP - ok
22:13:19.0961 1132 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:13:20.0031 1132 RdpVideoMiniport - ok
22:13:20.0101 1132 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:13:20.0141 1132 RDPWD - ok
22:13:20.0191 1132 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:13:20.0211 1132 rdyboost - ok
22:13:20.0251 1132 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
22:13:20.0251 1132 RemoteAccess - ok
22:13:20.0341 1132 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:13:20.0381 1132 RemoteRegistry - ok
22:13:20.0431 1132 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
22:13:20.0441 1132 RFCOMM - ok
22:13:20.0461 1132 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:13:20.0461 1132 RpcEptMapper - ok
22:13:20.0511 1132 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
22:13:20.0531 1132 RpcLocator - ok
22:13:20.0741 1132 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
22:13:20.0751 1132 RpcSs - ok
22:13:20.0921 1132 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:13:20.0951 1132 rspndr - ok
22:13:21.0001 1132 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
22:13:21.0021 1132 s3cap - ok
22:13:21.0061 1132 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
22:13:21.0061 1132 SamSs - ok
22:13:21.0201 1132 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:13:21.0231 1132 sbp2port - ok
22:13:21.0351 1132 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:13:21.0371 1132 SCardSvr - ok
22:13:21.0401 1132 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:13:21.0421 1132 scfilter - ok
22:13:21.0721 1132 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
22:13:21.0751 1132 Schedule - ok
22:13:21.0810 1132 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:13:21.0813 1132 SCPolicySvc - ok
22:13:21.0893 1132 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:13:21.0913 1132 SDRSVC - ok
22:13:22.0033 1132 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:13:22.0103 1132 secdrv - ok
22:13:22.0157 1132 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
22:13:22.0175 1132 seclogon - ok
22:13:22.0265 1132 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
22:13:22.0295 1132 SENS - ok
22:13:22.0405 1132 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:13:22.0425 1132 SensrSvc - ok
22:13:22.0515 1132 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:13:22.0545 1132 Serenum - ok
22:13:22.0635 1132 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:13:22.0665 1132 Serial - ok
22:13:22.0725 1132 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:13:22.0735 1132 sermouse - ok
22:13:22.0817 1132 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
22:13:22.0847 1132 SessionEnv - ok
22:13:22.0907 1132 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:13:22.0937 1132 sffdisk - ok
22:13:22.0967 1132 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:13:22.0987 1132 sffp_mmc - ok
22:13:23.0017 1132 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:13:23.0047 1132 sffp_sd - ok
22:13:23.0117 1132 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:13:23.0137 1132 sfloppy - ok
22:13:23.0327 1132 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:13:23.0367 1132 SharedAccess - ok
22:13:23.0527 1132 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:13:23.0587 1132 ShellHWDetection - ok
22:13:23.0617 1132 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
22:13:23.0647 1132 sisagp - ok
22:13:23.0757 1132 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:13:23.0807 1132 SiSRaid2 - ok
22:13:23.0847 1132 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:13:23.0867 1132 SiSRaid4 - ok
22:13:23.0947 1132 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:13:23.0947 1132 Smb - ok
22:13:24.0117 1132 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:13:24.0137 1132 SNMPTRAP - ok
22:13:24.0177 1132 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
22:13:24.0227 1132 spldr - ok
22:13:24.0327 1132 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
22:13:24.0357 1132 Spooler - ok
22:13:25.0647 1132 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
22:13:25.0857 1132 sppsvc - ok
22:13:25.0999 1132 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:13:26.0059 1132 sppuinotify - ok
22:13:26.0139 1132 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:13:26.0159 1132 srv - ok
22:13:26.0239 1132 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:13:26.0289 1132 srv2 - ok
22:13:26.0379 1132 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
22:13:26.0489 1132 SrvHsfHDA - ok
22:13:26.0889 1132 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
22:13:26.0979 1132 SrvHsfV92 - ok
22:13:27.0019 1132 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
22:13:27.0049 1132 SrvHsfWinac - ok
22:13:27.0079 1132 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:13:27.0301 1132 srvnet - ok
22:13:27.0391 1132 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:13:27.0401 1132 SSDPSRV - ok
22:13:27.0411 1132 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:13:27.0421 1132 SstpSvc - ok
22:13:27.0521 1132 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:13:27.0561 1132 stexstor - ok
22:13:27.0641 1132 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
22:13:27.0671 1132 StiSvc - ok
22:13:27.0701 1132 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
22:13:27.0741 1132 storflt - ok
22:13:27.0821 1132 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
22:13:27.0861 1132 storvsc - ok
22:13:27.0911 1132 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
22:13:27.0951 1132 swenum - ok
22:13:27.0991 1132 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
22:13:28.0041 1132 swprv - ok
22:13:28.0111 1132 Synth3dVsc - ok
22:13:28.0613 1132 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
22:13:28.0643 1132 SysMain - ok
22:13:28.0695 1132 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:13:28.0725 1132 TabletInputService - ok
22:13:28.0835 1132 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
22:13:28.0885 1132 TapiSrv - ok
22:13:28.0965 1132 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
22:13:29.0005 1132 TBS - ok
22:13:29.0275 1132 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:13:29.0295 1132 Tcpip - ok
22:13:29.0375 1132 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:13:29.0385 1132 TCPIP6 - ok
22:13:29.0567 1132 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:13:29.0607 1132 tcpipreg - ok
22:13:29.0677 1132 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:13:29.0717 1132 TDPIPE - ok
22:13:29.0787 1132 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:13:29.0837 1132 TDTCP - ok
22:13:30.0007 1132 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:13:30.0057 1132 tdx - ok
22:13:30.0097 1132 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:13:30.0117 1132 TermDD - ok
22:13:30.0307 1132 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
22:13:30.0357 1132 TermService - ok
22:13:30.0447 1132 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
22:13:30.0557 1132 Themes - ok
22:13:30.0597 1132 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
22:13:30.0597 1132 THREADORDER - ok
22:13:30.0747 1132 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
22:13:30.0777 1132 TrkWks - ok
22:13:30.0857 1132 [ 1512D11C1E1E37A4AE2E2B62794F0D2E ] TrueSight c:\windows\system32\drivers\TrueSight.sys
22:13:30.0897 1132 TrueSight - ok
22:13:31.0107 1132 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:13:31.0207 1132 TrustedInstaller - ok
22:13:31.0257 1132 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:13:31.0307 1132 tssecsrv - ok
22:13:31.0497 1132 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:13:31.0537 1132 TsUsbFlt - ok
22:13:31.0607 1132 tsusbhub - ok
22:13:31.0767 1132 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:13:31.0797 1132 tunnel - ok
22:13:31.0837 1132 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:13:31.0867 1132 uagp35 - ok
22:13:31.0987 1132 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:13:32.0037 1132 udfs - ok
22:13:32.0117 1132 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:13:32.0147 1132 UI0Detect - ok
22:13:32.0197 1132 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:13:32.0207 1132 uliagpkx - ok
22:13:32.0227 1132 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
22:13:32.0267 1132 umbus - ok
22:13:32.0367 1132 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:13:32.0387 1132 UmPass - ok
22:13:32.0487 1132 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
22:13:32.0507 1132 UmRdpService - ok
22:13:32.0657 1132 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
22:13:32.0677 1132 upnphost - ok
22:13:32.0757 1132 [ D4FB6ECC60A428564BA8768B0E23C0FC ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
22:13:32.0777 1132 USBAAPL - ok
22:13:32.0847 1132 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
22:13:32.0857 1132 usbccgp - ok
22:13:32.0877 1132 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:13:32.0907 1132 usbcir - ok
22:13:32.0947 1132 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:13:32.0967 1132 usbehci - ok
22:13:33.0037 1132 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:13:33.0047 1132 usbhub - ok
22:13:33.0087 1132 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:13:33.0087 1132 usbohci - ok
22:13:33.0137 1132 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:13:33.0137 1132 usbprint - ok
22:13:33.0187 1132 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:13:33.0237 1132 usbscan - ok
22:13:33.0267 1132 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:13:33.0297 1132 USBSTOR - ok
22:13:33.0337 1132 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:13:33.0337 1132 usbuhci - ok
22:13:33.0377 1132 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
22:13:33.0397 1132 UxSms - ok
22:13:33.0417 1132 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
22:13:33.0417 1132 VaultSvc - ok
22:13:33.0437 1132 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:13:33.0447 1132 vdrvroot - ok
22:13:33.0517 1132 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
22:13:33.0667 1132 vds - ok
22:13:33.0737 1132 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:13:33.0737 1132 vga - ok
22:13:33.0767 1132 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
22:13:33.0767 1132 VgaSave - ok
22:13:33.0837 1132 VGPU - ok
22:13:33.0887 1132 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:13:33.0927 1132 vhdmp - ok
22:13:33.0987 1132 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
22:13:34.0007 1132 viaagp - ok
22:13:34.0037 1132 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
22:13:34.0037 1132 ViaC7 - ok
22:13:34.0077 1132 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
22:13:34.0107 1132 viaide - ok
22:13:34.0217 1132 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
22:13:34.0247 1132 vmbus - ok
22:13:34.0277 1132 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
22:13:34.0307 1132 VMBusHID - ok
22:13:34.0347 1132 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:13:34.0377 1132 volmgr - ok
22:13:34.0417 1132 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:13:34.0447 1132 volmgrx - ok
22:13:34.0487 1132 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:13:34.0507 1132 volsnap - ok
22:13:34.0577 1132 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:13:34.0587 1132 vsmraid - ok
22:13:34.0867 1132 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
22:13:34.0897 1132 VSS - ok
22:13:34.0927 1132 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:13:34.0927 1132 vwifibus - ok
22:13:34.0987 1132 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:13:34.0987 1132 vwififlt - ok
22:13:35.0047 1132 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:13:35.0047 1132 vwifimp - ok
22:13:35.0157 1132 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
22:13:35.0187 1132 W32Time - ok
22:13:35.0227 1132 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:13:35.0267 1132 WacomPen - ok
22:13:35.0357 1132 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:13:35.0357 1132 WANARP - ok
22:13:35.0377 1132 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:13:35.0377 1132 Wanarpv6 - ok
22:13:35.0527 1132 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:13:35.0557 1132 WatAdminSvc - ok
22:13:35.0659 1132 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
22:13:35.0699 1132 wbengine - ok
22:13:35.0757 1132 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:13:35.0761 1132 WbioSrvc - ok
22:13:35.0831 1132 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:13:35.0841 1132 wcncsvc - ok
22:13:35.0871 1132 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:13:35.0911 1132 WcsPlugInService - ok
22:13:35.0981 1132 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:13:35.0991 1132 Wd - ok
22:13:36.0071 1132 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:13:36.0111 1132 Wdf01000 - ok
22:13:36.0121 1132 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:13:36.0151 1132 WdiServiceHost - ok
22:13:36.0161 1132 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:13:36.0161 1132 WdiSystemHost - ok
22:13:36.0241 1132 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
22:13:36.0261 1132 WebClient - ok
22:13:36.0321 1132 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:13:36.0331 1132 Wecsvc - ok
22:13:36.0371 1132 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:13:36.0411 1132 wercplsupport - ok
22:13:36.0461 1132 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
22:13:36.0521 1132 WerSvc - ok
22:13:36.0571 1132 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:13:36.0571 1132 WfpLwf - ok
22:13:36.0601 1132 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:13:36.0611 1132 WIMMount - ok
22:13:36.0711 1132 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
22:13:36.0741 1132 WinDefend - ok
22:13:36.0761 1132 WinHttpAutoProxySvc - ok
22:13:36.0863 1132 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:13:36.0883 1132 Winmgmt - ok
22:13:37.0033 1132 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
22:13:37.0063 1132 WinRM - ok
22:13:37.0143 1132 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:13:37.0153 1132 WinUsb - ok
22:13:37.0213 1132 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:13:37.0233 1132 Wlansvc - ok
22:13:37.0503 1132 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:13:37.0533 1132 wlidsvc - ok
22:13:37.0603 1132 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:13:37.0603 1132 WmiAcpi - ok
22:13:37.0653 1132 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:13:37.0663 1132 wmiApSrv - ok
22:13:37.0963 1132 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
22:13:38.0003 1132 WMPNetworkSvc - ok
22:13:38.0055 1132 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:13:38.0085 1132 WPCSvc - ok
22:13:38.0145 1132 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:13:38.0165 1132 WPDBusEnum - ok
22:13:38.0205 1132 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:13:38.0205 1132 ws2ifsl - ok
22:13:38.0267 1132 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
22:13:38.0277 1132 wscsvc - ok
22:13:38.0307 1132 WSearch - ok
22:13:38.0519 1132 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
22:13:38.0579 1132 wuauserv - ok
22:13:38.0641 1132 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:13:38.0641 1132 WudfPf - ok
22:13:38.0691 1132 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:13:38.0711 1132 WUDFRd - ok
22:13:38.0761 1132 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:13:38.0761 1132 wudfsvc - ok
22:13:38.0791 1132 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
22:13:38.0801 1132 WwanSvc - ok
22:13:38.0911 1132 ================ Scan global ===============================
22:13:38.0961 1132 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
22:13:39.0021 1132 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
22:13:39.0051 1132 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
22:13:39.0101 1132 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
22:13:39.0151 1132 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
22:13:39.0171 1132 [Global] - ok
22:13:39.0171 1132 ================ Scan MBR ==================================
22:13:39.0261 1132 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:13:39.0261 1132 Suspicious mbr (Forged): \Device\Harddisk0\DR0
22:13:39.0511 1132 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
22:13:39.0511 1132 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
22:13:39.0511 1132 ================ Scan VBR ==================================
22:13:39.0611 1132 [ F143E7EB052FF2A23808CC9389537B2C ] \Device\Harddisk0\DR0\Partition1
22:13:39.0691 1132 \Device\Harddisk0\DR0\Partition1 - ok
22:13:39.0721 1132 [ 90F7C297EBA248BA108C1EE5602E5FCD ] \Device\Harddisk0\DR0\Partition2
22:13:39.0801 1132 \Device\Harddisk0\DR0\Partition2 - ok
22:13:39.0801 1132 ============================================================
22:13:39.0801 1132 Scan finished
22:13:39.0801 1132 ============================================================
22:13:39.0831 5984 Detected object count: 1
22:13:39.0831 5984 Actual detected object count: 1
22:14:07.0019 5984 \Device\Harddisk0\DR0\# - copied to quarantine
22:14:07.0029 5984 \Device\Harddisk0\DR0 - copied to quarantine
22:14:07.0119 5984 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
22:14:07.0259 5984 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
22:14:07.0269 5984 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
22:14:07.0269 5984 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
22:14:07.0279 5984 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
22:14:07.0299 5984 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
22:14:07.0299 5984 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
22:14:07.0299 5984 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
22:14:07.0309 5984 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
22:14:07.0389 5984 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
22:14:07.0389 5984 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
22:14:07.0389 5984 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
22:14:07.0739 5984 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
22:14:07.0929 5984 \Device\Harddisk0\DR0 - ok
22:14:08.0069 5984 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
22:14:16.0295 4884 Deinitialize success

And...

22:18:14.0335 2852 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:18:14.0366 2852 ============================================================
22:18:14.0366 2852 Current date / time: 2012/12/11 22:18:14.0366
22:18:14.0366 2852 SystemInfo:
22:18:14.0366 2852
22:18:14.0366 2852 OS Version: 6.1.7601 ServicePack: 1.0
22:18:14.0366 2852 Product type: Workstation
22:18:14.0366 2852 ComputerName: TIM-PC
22:18:14.0366 2852 UserName: Tim
22:18:14.0366 2852 Windows directory: C:\Windows
22:18:14.0366 2852 System windows directory: C:\Windows
22:18:14.0366 2852 Processor architecture: Intel x86
22:18:14.0366 2852 Number of processors: 2
22:18:14.0366 2852 Page size: 0x1000
22:18:14.0366 2852 Boot type: Normal boot
22:18:14.0366 2852 ============================================================
22:18:23.0112 2852 BG loaded
22:18:24.0001 2852 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:18:24.0001 2852 ============================================================
22:18:24.0001 2852 \Device\Harddisk0\DR0:
22:18:24.0001 2852 MBR partitions:
22:18:24.0001 2852 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2B800, BlocksNum 0x400000
22:18:24.0001 2852 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x42B800, BlocksNum 0xDB68800
22:18:24.0001 2852 ============================================================
22:18:24.0110 2852 C: <-> \Device\Harddisk0\DR0\Partition2
22:18:24.0173 2852 D: <-> \Device\Harddisk0\DR0\Partition1
22:18:24.0173 2852 ============================================================
22:18:24.0173 2852 Initialize success
22:18:24.0173 2852 ============================================================
22:18:34.0515 3616 ============================================================
22:18:34.0515 3616 Scan started
22:18:34.0515 3616 Mode: Manual;
22:18:34.0515 3616 ============================================================
22:18:35.0841 3616 ================ Scan system memory ========================
22:18:35.0841 3616 System memory - ok
22:18:35.0841 3616 ================ Scan services =============================
22:18:35.0873 3616 .csc - ok
22:18:36.0060 3616 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:18:36.0060 3616 1394ohci - ok
22:18:36.0122 3616 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:18:36.0138 3616 ACPI - ok
22:18:36.0153 3616 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:18:36.0169 3616 AcpiPmi - ok
22:18:36.0231 3616 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:18:36.0247 3616 adp94xx - ok
22:18:36.0278 3616 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:18:36.0294 3616 adpahci - ok
22:18:36.0325 3616 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:18:36.0341 3616 adpu320 - ok
22:18:36.0372 3616 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:18:36.0372 3616 AeLookupSvc - ok
22:18:36.0450 3616 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
22:18:36.0450 3616 AFD - ok
22:18:36.0512 3616 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
22:18:36.0512 3616 agp440 - ok
22:18:36.0559 3616 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
22:18:36.0575 3616 aic78xx - ok
22:18:36.0684 3616 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
22:18:36.0684 3616 ALG - ok
22:18:36.0715 3616 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
22:18:36.0715 3616 aliide - ok
22:18:36.0746 3616 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
22:18:36.0746 3616 amdagp - ok
22:18:36.0777 3616 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
22:18:36.0777 3616 amdide - ok
22:18:36.0824 3616 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:18:36.0824 3616 AmdK8 - ok
22:18:36.0871 3616 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:18:36.0871 3616 AmdPPM - ok
22:18:36.0918 3616 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:18:36.0918 3616 amdsata - ok
22:18:36.0965 3616 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:18:36.0965 3616 amdsbs - ok
22:18:36.0996 3616 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:18:36.0996 3616 amdxata - ok
22:18:37.0058 3616 [ 350F19EB5FE4EC37A2414DF56CDE1AA8 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
22:18:37.0058 3616 ApfiltrService - ok
22:18:37.0121 3616 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
22:18:37.0121 3616 AppID - ok
22:18:37.0199 3616 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:18:37.0199 3616 AppIDSvc - ok
22:18:37.0261 3616 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
22:18:37.0261 3616 Appinfo - ok
22:18:37.0339 3616 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
22:18:37.0339 3616 AppMgmt - ok
22:18:37.0401 3616 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
22:18:37.0401 3616 arc - ok
22:18:37.0433 3616 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:18:37.0448 3616 arcsas - ok
22:18:37.0479 3616 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:18:37.0479 3616 AsyncMac - ok
22:18:37.0542 3616 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
22:18:37.0542 3616 atapi - ok
22:18:37.0635 3616 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:18:37.0635 3616 AudioEndpointBuilder - ok
22:18:37.0651 3616 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
22:18:37.0667 3616 Audiosrv - ok
22:18:37.0760 3616 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:18:37.0760 3616 AxInstSV - ok
22:18:37.0823 3616 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
22:18:37.0838 3616 b06bdrv - ok
22:18:37.0869 3616 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
22:18:37.0885 3616 b57nd60x - ok
22:18:38.0041 3616 [ F9CE9B5E049EFC66B8E6C73C18EE8438 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
22:18:38.0072 3616 BCM43XX - ok
22:18:38.0135 3616 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
22:18:38.0135 3616 BDESVC - ok
22:18:38.0181 3616 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
22:18:38.0181 3616 Beep - ok
22:18:38.0275 3616 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
22:18:38.0291 3616 BFE - ok
22:18:38.0353 3616 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
22:18:38.0369 3616 BITS - ok
22:18:38.0400 3616 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:18:38.0400 3616 blbdrive - ok
22:18:38.0447 3616 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:18:38.0462 3616 bowser - ok
22:18:38.0493 3616 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:18:38.0493 3616 BrFiltLo - ok
22:18:38.0525 3616 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:18:38.0525 3616 BrFiltUp - ok
22:18:38.0571 3616 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
22:18:38.0587 3616 BridgeMP - ok
22:18:38.0681 3616 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
22:18:38.0681 3616 Browser - ok
22:18:38.0727 3616 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:18:38.0743 3616 Brserid - ok
22:18:38.0759 3616 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:18:38.0759 3616 BrSerWdm - ok
22:18:38.0790 3616 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:18:38.0790 3616 BrUsbMdm - ok
22:18:38.0821 3616 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:18:38.0821 3616 BrUsbSer - ok
22:18:38.0868 3616 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
22:18:38.0868 3616 BthEnum - ok
22:18:38.0899 3616 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:18:38.0899 3616 BTHMODEM - ok
22:18:38.0961 3616 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
22:18:38.0961 3616 BthPan - ok
22:18:39.0024 3616 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
22:18:39.0024 3616 BTHPORT - ok
22:18:39.0071 3616 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
22:18:39.0071 3616 bthserv - ok
22:18:39.0117 3616 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
22:18:39.0117 3616 BTHUSB - ok
22:18:39.0195 3616 catchme - ok
22:18:39.0227 3616 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:18:39.0227 3616 cdfs - ok
22:18:39.0305 3616 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
22:18:39.0305 3616 cdrom - ok
22:18:39.0367 3616 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
22:18:39.0367 3616 CertPropSvc - ok
22:18:39.0398 3616 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:18:39.0398 3616 circlass - ok
22:18:39.0445 3616 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
22:18:39.0461 3616 CLFS - ok
22:18:39.0554 3616 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:18:39.0570 3616 clr_optimization_v2.0.50727_32 - ok
22:18:39.0741 3616 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:18:39.0819 3616 clr_optimization_v4.0.30319_32 - ok
22:18:39.0866 3616 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:18:39.0866 3616 CmBatt - ok
22:18:39.0913 3616 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:18:39.0913 3616 cmdide - ok
22:18:39.0991 3616 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
22:18:39.0991 3616 CNG - ok
22:18:40.0022 3616 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:18:40.0022 3616 Compbatt - ok
22:18:40.0085 3616 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:18:40.0085 3616 CompositeBus - ok
22:18:40.0116 3616 COMSysApp - ok
22:18:40.0147 3616 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:18:40.0147 3616 crcdisk - ok
22:18:40.0209 3616 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:18:40.0209 3616 CryptSvc - ok
22:18:40.0287 3616 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys
22:18:40.0287 3616 CSC - ok
22:18:40.0365 3616 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
22:18:40.0381 3616 CscService - ok
22:18:40.0428 3616 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
22:18:40.0443 3616 DcomLaunch - ok
22:18:40.0475 3616 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
22:18:40.0490 3616 defragsvc - ok
22:18:40.0553 3616 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:18:40.0553 3616 DfsC - ok
22:18:40.0740 3616 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
22:18:40.0755 3616 Dhcp - ok
22:18:40.0771 3616 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
22:18:40.0771 3616 discache - ok
22:18:40.0802 3616 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:18:40.0818 3616 Disk - ok
22:18:40.0880 3616 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:18:40.0880 3616 Dnscache - ok
22:18:40.0927 3616 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
22:18:40.0943 3616 dot3svc - ok
22:18:41.0036 3616 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
22:18:41.0036 3616 Dot4 - ok
22:18:41.0099 3616 [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
22:18:41.0099 3616 Dot4Print - ok
22:18:41.0145 3616 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
22:18:41.0145 3616 dot4usb - ok
22:18:41.0192 3616 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
22:18:41.0192 3616 DPS - ok
22:18:41.0255 3616 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:18:41.0255 3616 drmkaud - ok
22:18:41.0333 3616 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:18:41.0348 3616 DXGKrnl - ok
22:18:41.0379 3616 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
22:18:41.0379 3616 EapHost - ok
22:18:41.0551 3616 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
22:18:41.0645 3616 ebdrv - ok
22:18:41.0691 3616 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
22:18:41.0707 3616 EFS - ok
22:18:41.0801 3616 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:18:41.0816 3616 ehRecvr - ok
22:18:41.0863 3616 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
22:18:41.0863 3616 ehSched - ok
22:18:41.0941 3616 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:18:41.0957 3616 elxstor - ok
22:18:41.0988 3616 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:18:41.0988 3616 ErrDev - ok
22:18:42.0066 3616 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
22:18:42.0066 3616 EventSystem - ok
22:18:42.0097 3616 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
22:18:42.0097 3616 exfat - ok
22:18:42.0128 3616 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:18:42.0128 3616 fastfat - ok
22:18:42.0206 3616 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
22:18:42.0222 3616 Fax - ok
22:18:42.0269 3616 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:18:42.0269 3616 fdc - ok
22:18:42.0284 3616 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
22:18:42.0284 3616 fdPHost - ok
22:18:42.0315 3616 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
22:18:42.0331 3616 FDResPub - ok
22:18:42.0347 3616 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:18:42.0362 3616 FileInfo - ok
22:18:42.0378 3616 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:18:42.0378 3616 Filetrace - ok
22:18:42.0503 3616 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:18:42.0518 3616 FLEXnet Licensing Service - ok
22:18:42.0549 3616 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:18:42.0549 3616 flpydisk - ok
22:18:42.0690 3616 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:18:42.0690 3616 FltMgr - ok
22:18:42.0783 3616 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
22:18:42.0799 3616 FontCache - ok
22:18:42.0861 3616 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:18:42.0877 3616 FontCache3.0.0.0 - ok
22:18:42.0893 3616 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:18:42.0893 3616 FsDepends - ok
22:18:42.0939 3616 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:18:42.0939 3616 Fs_Rec - ok
22:18:43.0002 3616 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:18:43.0017 3616 fvevol - ok
22:18:43.0049 3616 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:18:43.0049 3616 gagp30kx - ok
22:18:43.0142 3616 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
22:18:43.0142 3616 gpsvc - ok
22:18:43.0173 3616 [ F058C5F64DFF28A2C8D7D1D04171E604 ] guardian2 C:\Windows\system32\Drivers\oz776.sys
22:18:43.0189 3616 guardian2 - ok
22:18:43.0298 3616 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
22:18:43.0298 3616 gupdate - ok
22:18:43.0314 3616 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
22:18:43.0314 3616 gupdatem - ok
22:18:43.0361 3616 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:18:43.0361 3616 hcw85cir - ok
22:18:43.0439 3616 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:18:43.0439 3616 HdAudAddService - ok
22:18:43.0485 3616 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:18:43.0485 3616 HDAudBus - ok
22:18:43.0517 3616 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:18:43.0517 3616 HidBatt - ok
22:18:43.0548 3616 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:18:43.0548 3616 HidBth - ok
22:18:43.0595 3616 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:18:43.0595 3616 HidIr - ok
22:18:43.0641 3616 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
22:18:43.0641 3616 hidserv - ok
22:18:43.0719 3616 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
22:18:43.0719 3616 HidUsb - ok
22:18:43.0766 3616 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:18:43.0766 3616 hkmsvc - ok
22:18:43.0829 3616 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:18:43.0844 3616 HomeGroupListener - ok
22:18:43.0891 3616 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:18:43.0891 3616 HomeGroupProvider - ok
22:18:43.0922 3616 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:18:43.0938 3616 HpSAMD - ok
22:18:44.0047 3616 [ 83DB5DD8BE71CBA5447FBD7A48FDBEDA ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
22:18:44.0063 3616 HPSLPSVC - ok
22:18:44.0141 3616 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:18:44.0156 3616 HTTP - ok
22:18:44.0203 3616 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:18:44.0203 3616 hwpolicy - ok
22:18:44.0265 3616 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:18:44.0265 3616 i8042prt - ok
22:18:44.0328 3616 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:18:44.0343 3616 iaStorV - ok
22:18:44.0453 3616 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:18:44.0484 3616 idsvc - ok
22:18:44.0515 3616 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:18:44.0515 3616 iirsp - ok
22:18:44.0687 3616 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
22:18:44.0702 3616 IKEEXT - ok
22:18:44.0765 3616 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
22:18:44.0765 3616 intelide - ok
22:18:44.0796 3616 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:18:44.0796 3616 intelppm - ok
22:18:44.0827 3616 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:18:44.0827 3616 IPBusEnum - ok
22:18:44.0874 3616 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:18:44.0889 3616 IpFilterDriver - ok
22:18:44.0983 3616 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:18:44.0983 3616 iphlpsvc - ok
22:18:45.0045 3616 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:18:45.0045 3616 IPMIDRV - ok
22:18:45.0077 3616 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:18:45.0077 3616 IPNAT - ok
22:18:45.0123 3616 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:18:45.0123 3616 IRENUM - ok
22:18:45.0155 3616 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:18:45.0155 3616 isapnp - ok
22:18:45.0217 3616 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:18:45.0217 3616 iScsiPrt - ok
22:18:45.0264 3616 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
22:18:45.0264 3616 kbdclass - ok
22:18:45.0326 3616 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
22:18:45.0326 3616 kbdhid - ok
22:18:45.0342 3616 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
22:18:45.0342 3616 KeyIso - ok
22:18:45.0389 3616 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:18:45.0389 3616 KSecDD - ok
22:18:45.0451 3616 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:18:45.0451 3616 KSecPkg - ok
22:18:45.0513 3616 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
22:18:45.0529 3616 KtmRm - ok
22:18:45.0576 3616 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
22:18:45.0576 3616 LanmanServer - ok
22:18:45.0654 3616 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:18:45.0654 3616 LanmanWorkstation - ok
22:18:45.0857 3616 [ E34152D03CAAAAA81DD66D803F392522 ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
22:18:45.0950 3616 LiveUpdate - ok
22:18:46.0028 3616 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:18:46.0028 3616 lltdio - ok
22:18:46.0075 3616 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:18:46.0091 3616 lltdsvc - ok
22:18:46.0137 3616 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
22:18:46.0137 3616 lmhosts - ok
22:18:46.0231 3616 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:18:46.0247 3616 LSI_FC - ok
22:18:46.0262 3616 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:18:46.0262 3616 LSI_SAS - ok
22:18:46.0293 3616 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:18:46.0293 3616 LSI_SAS2 - ok
22:18:46.0325 3616 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:18:46.0325 3616 LSI_SCSI - ok
22:18:46.0356 3616 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
22:18:46.0356 3616 luafv - ok
22:18:46.0403 3616 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:18:46.0403 3616 Mcx2Svc - ok
22:18:46.0434 3616 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:18:46.0434 3616 megasas - ok
22:18:46.0481 3616 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:18:46.0481 3616 MegaSR - ok
22:18:46.0527 3616 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
22:18:46.0527 3616 MMCSS - ok
22:18:46.0559 3616 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
22:18:46.0559 3616 Modem - ok
22:18:46.0605 3616 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:18:46.0605 3616 monitor - ok
22:18:46.0668 3616 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
22:18:46.0668 3616 mouclass - ok
22:18:46.0715 3616 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:18:46.0715 3616 mouhid - ok
22:18:46.0777 3616 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:18:46.0777 3616 mountmgr - ok
22:18:46.0855 3616 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:18:46.0855 3616 MozillaMaintenance - ok
22:18:46.0917 3616 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
22:18:46.0917 3616 mpio - ok
22:18:46.0933 3616 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:18:46.0933 3616 mpsdrv - ok
22:18:47.0058 3616 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:18:47.0058 3616 MpsSvc - ok
22:18:47.0105 3616 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:18:47.0120 3616 MRxDAV - ok
22:18:47.0183 3616 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:18:47.0183 3616 mrxsmb - ok
22:18:47.0229 3616 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:18:47.0229 3616 mrxsmb10 - ok
22:18:47.0261 3616 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:18:47.0261 3616 mrxsmb20 - ok
22:18:47.0307 3616 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
22:18:47.0307 3616 msahci - ok
22:18:47.0354 3616 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:18:47.0370 3616 msdsm - ok
22:18:47.0401 3616 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
22:18:47.0401 3616 MSDTC - ok
22:18:47.0463 3616 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:18:47.0463 3616 Msfs - ok
22:18:47.0495 3616 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:18:47.0495 3616 mshidkmdf - ok
22:18:47.0557 3616 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:18:47.0557 3616 msisadrv - ok
22:18:47.0682 3616 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:18:47.0682 3616 MSiSCSI - ok
22:18:47.0697 3616 msiserver - ok
22:18:47.0744 3616 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:18:47.0744 3616 MSKSSRV - ok
22:18:47.0760 3616 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:18:47.0760 3616 MSPCLOCK - ok
22:18:47.0791 3616 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:18:47.0791 3616 MSPQM - ok
22:18:47.0822 3616 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:18:47.0822 3616 MsRPC - ok
22:18:47.0853 3616 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:18:47.0853 3616 mssmbios - ok
22:18:47.0885 3616 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:18:47.0885 3616 MSTEE - ok
22:18:47.0900 3616 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:18:47.0916 3616 MTConfig - ok
22:18:47.0947 3616 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
22:18:47.0947 3616 Mup - ok
22:18:48.0009 3616 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
22:18:48.0025 3616 napagent - ok
22:18:48.0087 3616 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:18:48.0087 3616 NativeWifiP - ok
22:18:48.0181 3616 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:18:48.0212 3616 NDIS - ok
22:18:48.0243 3616 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:18:48.0243 3616 NdisCap - ok
22:18:48.0275 3616 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:18:48.0275 3616 NdisTapi - ok
22:18:48.0337 3616 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:18:48.0337 3616 Ndisuio - ok
22:18:48.0399 3616 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:18:48.0415 3616 NdisWan - ok
22:18:48.0431 3616 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:18:48.0431 3616 NDProxy - ok
22:18:48.0493 3616 [ 510C138564486FF926A3F773205C63D1 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
22:18:48.0493 3616 Net Driver HPZ12 - ok
22:18:48.0540 3616 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:18:48.0540 3616 NetBIOS - ok
22:18:48.0665 3616 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:18:48.0665 3616 NetBT - ok
22:18:48.0680 3616 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
22:18:48.0696 3616 Netlogon - ok
22:18:48.0743 3616 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
22:18:48.0758 3616 Netman - ok
22:18:48.0805 3616 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
22:18:48.0821 3616 netprofm - ok
22:18:48.0867 3616 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:18:48.0867 3616 NetTcpPortSharing - ok
22:18:48.0914 3616 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:18:48.0914 3616 nfrd960 - ok
22:18:48.0977 3616 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:18:48.0977 3616 NlaSvc - ok
22:18:49.0008 3616 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:18:49.0008 3616 Npfs - ok
22:18:49.0039 3616 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
22:18:49.0039 3616 nsi - ok
22:18:49.0055 3616 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:18:49.0055 3616 nsiproxy - ok
22:18:49.0164 3616 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:18:49.0195 3616 Ntfs - ok
22:18:49.0242 3616 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
22:18:49.0242 3616 Null - ok
22:18:49.0616 3616 [ DC89868592D74DE404406C9420C3F277 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:18:49.0741 3616 nvlddmkm - ok
22:18:49.0803 3616 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:18:49.0819 3616 nvraid - ok
22:18:49.0850 3616 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:18:49.0850 3616 nvstor - ok
22:18:49.0897 3616 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:18:49.0897 3616 nv_agp - ok
22:18:49.0991 3616 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:18:50.0006 3616 odserv - ok
22:18:50.0053 3616 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:18:50.0053 3616 ohci1394 - ok
22:18:50.0131 3616 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:18:50.0147 3616 ose - ok
22:18:50.0193 3616 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:18:50.0209 3616 p2pimsvc - ok
22:18:50.0240 3616 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
22:18:50.0256 3616 p2psvc - ok
22:18:50.0303 3616 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:18:50.0303 3616 Parport - ok
22:18:50.0349 3616 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:18:50.0349 3616 partmgr - ok
22:18:50.0381 3616 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
22:18:50.0381 3616 Parvdm - ok
22:18:50.0412 3616 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:18:50.0412 3616 PcaSvc - ok
22:18:50.0474 3616 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
22:18:50.0474 3616 pci - ok
22:18:50.0505 3616 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
22:18:50.0505 3616 pciide - ok
22:18:50.0537 3616 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:18:50.0552 3616 pcmcia - ok
22:18:50.0568 3616 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
22:18:50.0568 3616 pcw - ok
22:18:50.0693 3616 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:18:50.0708 3616 PEAUTH - ok
22:18:50.0817 3616 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:18:50.0849 3616 PeerDistSvc - ok
22:18:50.0989 3616 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
22:18:51.0036 3616 pla - ok
22:18:51.0114 3616 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:18:51.0129 3616 PlugPlay - ok
22:18:51.0145 3616 [ 37E5E8FFBAD35605DAEEC3224EA0E465 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
22:18:51.0161 3616 Pml Driver HPZ12 - ok
22:18:51.0176 3616 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:18:51.0192 3616 PNRPAutoReg - ok
22:18:51.0223 3616 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:18:51.0239 3616 PNRPsvc - ok
22:18:51.0301 3616 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:18:51.0301 3616 PolicyAgent - ok
22:18:51.0363 3616 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
22:18:51.0379 3616 Power - ok
22:18:51.0410 3616 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:18:51.0426 3616 PptpMiniport - ok
22:18:51.0441 3616 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:18:51.0441 3616 Processor - ok
22:18:51.0504 3616 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
22:18:51.0519 3616 ProfSvc - ok
22:18:51.0535 3616 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:18:51.0535 3616 ProtectedStorage - ok
22:18:51.0582 3616 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:18:51.0582 3616 Psched - ok
22:18:51.0722 3616 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:18:51.0769 3616 ql2300 - ok
22:18:51.0816 3616 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:18:51.0816 3616 ql40xx - ok
22:18:51.0863 3616 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
22:18:51.0878 3616 QWAVE - ok
22:18:51.0894 3616 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:18:51.0894 3616 QWAVEdrv - ok
22:18:51.0925 3616 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:18:51.0925 3616 RasAcd - ok
22:18:51.0972 3616 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:18:51.0972 3616 RasAgileVpn - ok
22:18:52.0019 3616 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
22:18:52.0034 3616 RasAuto - ok
22:18:52.0065 3616 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:18:52.0065 3616 Rasl2tp - ok
22:18:52.0143 3616 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
22:18:52.0143 3616 RasMan - ok
22:18:52.0175 3616 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:18:52.0175 3616 RasPppoe - ok
22:18:52.0190 3616 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:18:52.0190 3616 RasSstp - ok
22:18:52.0221 3616 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:18:52.0221 3616 rdbss - ok
22:18:52.0268 3616 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:18:52.0268 3616 rdpbus - ok
22:18:52.0315 3616 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:18:52.0315 3616 RDPCDD - ok
22:18:52.0346 3616 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:18:52.0362 3616 RDPDR - ok
22:18:52.0409 3616 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:18:52.0409 3616 RDPENCDD - ok
22:18:52.0424 3616 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:18:52.0440 3616 RDPREFMP - ok
22:18:52.0549 3616 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:18:52.0549 3616 RdpVideoMiniport - ok
22:18:52.0674 3616 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:18:52.0674 3616 RDPWD - ok
22:18:52.0752 3616 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:18:52.0767 3616 rdyboost - ok
22:18:52.0783 3616 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
22:18:52.0799 3616 RemoteAccess - ok
22:18:52.0830 3616 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:18:52.0845 3616 RemoteRegistry - ok
22:18:52.0908 3616 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
22:18:52.0908 3616 RFCOMM - ok
22:18:52.0939 3616 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:18:52.0939 3616 RpcEptMapper - ok
22:18:52.0970 3616 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
22:18:52.0970 3616 RpcLocator - ok
22:18:53.0033 3616 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
22:18:53.0048 3616 RpcSs - ok
22:18:53.0095 3616 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:18:53.0095 3616 rspndr - ok
22:18:53.0142 3616 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
22:18:53.0157 3616 s3cap - ok
22:18:53.0173 3616 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
22:18:53.0173 3616 SamSs - ok
22:18:53.0220 3616 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:18:53.0220 3616 sbp2port - ok
22:18:53.0267 3616 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:18:53.0267 3616 SCardSvr - ok
22:18:53.0282 3616 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:18:53.0282 3616 scfilter - ok
22:18:53.0360 3616 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
22:18:53.0376 3616 Schedule - ok
22:18:53.0407 3616 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:18:53.0407 3616 SCPolicySvc - ok
22:18:53.0454 3616 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:18:53.0454 3616 SDRSVC - ok
22:18:53.0501 3616 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:18:53.0516 3616 secdrv - ok
22:18:53.0547 3616 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
22:18:53.0547 3616 seclogon - ok
22:18:53.0579 3616 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
22:18:53.0579 3616 SENS - ok
22:18:53.0688 3616 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:18:53.0688 3616 SensrSvc - ok
22:18:53.0719 3616 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:18:53.0719 3616 Serenum - ok
22:18:53.0781 3616 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:18:53.0781 3616 Serial - ok
22:18:53.0813 3616 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:18:53.0813 3616 sermouse - ok
22:18:53.0891 3616 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
22:18:53.0906 3616 SessionEnv - ok
22:18:53.0953 3616 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:18:53.0953 3616 sffdisk - ok
22:18:53.0969 3616 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:18:53.0984 3616 sffp_mmc - ok
22:18:54.0000 3616 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:18:54.0015 3616 sffp_sd - ok
22:18:54.0047 3616 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:18:54.0047 3616 sfloppy - ok
22:18:54.0109 3616 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:18:54.0125 3616 SharedAccess - ok
22:18:54.0171 3616 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:18:54.0187 3616 ShellHWDetection - ok
22:18:54.0218 3616 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
22:18:54.0218 3616 sisagp - ok
22:18:54.0281 3616 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:18:54.0296 3616 SiSRaid2 - ok
22:18:54.0312 3616 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:18:54.0312 3616 SiSRaid4 - ok
22:18:54.0359 3616 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:18:54.0359 3616 Smb - ok
22:18:54.0421 3616 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:18:54.0437 3616 SNMPTRAP - ok
22:18:54.0452 3616 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
22:18:54.0468 3616 spldr - ok
22:18:54.0530 3616 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
22:18:54.0546 3616 Spooler - ok
22:18:54.0733 3616 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
22:18:54.0827 3616 sppsvc - ok
22:18:54.0873 3616 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:18:54.0873 3616 sppuinotify - ok
22:18:54.0951 3616 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:18:54.0951 3616 srv - ok
22:18:54.0998 3616 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:18:54.0998 3616 srv2 - ok
22:18:55.0076 3616 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
22:18:55.0076 3616 SrvHsfHDA - ok
22:18:55.0139 3616 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
22:18:55.0154 3616 SrvHsfV92 - ok
22:18:55.0201 3616 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
22:18:55.0201 3616 SrvHsfWinac - ok
22:18:55.0232 3616 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:18:55.0232 3616 srvnet - ok
22:18:55.0279 3616 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:18:55.0295 3616 SSDPSRV - ok
22:18:55.0295 3616 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:18:55.0310 3616 SstpSvc - ok
22:18:55.0341 3616 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:18:55.0341 3616 stexstor - ok
22:18:55.0419 3616 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
22:18:55.0435 3616 StiSvc - ok
22:18:55.0451 3616 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
22:18:55.0451 3616 storflt - ok
22:18:55.0513 3616 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
22:18:55.0513 3616 storvsc - ok
22:18:55.0529 3616 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
22:18:55.0529 3616 swenum - ok
22:18:55.0591 3616 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
22:18:55.0607 3616 swprv - ok
22:18:55.0685 3616 Synth3dVsc - ok
22:18:55.0778 3616 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
22:18:55.0794 3616 SysMain - ok
22:18:55.0841 3616 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:18:55.0856 3616 TabletInputService - ok
22:18:55.0919 3616 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
22:18:55.0919 3616 TapiSrv - ok
22:18:55.0950 3616 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
22:18:55.0965 3616 TBS - ok
22:18:56.0059 3616 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:18:56.0106 3616 Tcpip - ok
22:18:56.0168 3616 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:18:56.0184 3616 TCPIP6 - ok
22:18:56.0246 3616 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:18:56.0246 3616 tcpipreg - ok
22:18:56.0309 3616 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:18:56.0309 3616 TDPIPE - ok
22:18:56.0355 3616 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:18:56.0355 3616 TDTCP - ok
22:18:56.0402 3616 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:18:56.0418 3616 tdx - ok
22:18:56.0418 3616 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:18:56.0433 3616 TermDD - ok
22:18:56.0496 3616 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
22:18:56.0527 3616 TermService - ok
22:18:56.0574 3616 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
22:18:56.0574 3616 Themes - ok
22:18:56.0589 3616 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
22:18:56.0605 3616 THREADORDER - ok
22:18:56.0621 3616 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
22:18:56.0636 3616 TrkWks - ok
22:18:56.0667 3616 [ 1512D11C1E1E37A4AE2E2B62794F0D2E ] TrueSight c:\windows\system32\drivers\TrueSight.sys
22:18:56.0667 3616 TrueSight - ok
22:18:56.0745 3616 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:18:56.0761 3616 TrustedInstaller - ok
22:18:56.0808 3616 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:18:56.0808 3616 tssecsrv - ok
22:18:56.0886 3616 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:18:56.0886 3616 TsUsbFlt - ok
22:18:56.0901 3616 tsusbhub - ok
22:18:56.0964 3616 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:18:56.0979 3616 tunnel - ok
22:18:57.0042 3616 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:18:57.0057 3616 uagp35 - ok
22:18:57.0120 3616 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:18:57.0135 3616 udfs - ok
22:18:57.0182 3616 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:18:57.0182 3616 UI0Detect - ok
22:18:57.0260 3616 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:18:57.0260 3616 uliagpkx - ok
22:18:57.0291 3616 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
22:18:57.0291 3616 umbus - ok
22:18:57.0354 3616 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:18:57.0354 3616 UmPass - ok
22:18:57.0401 3616 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
22:18:57.0416 3616 UmRdpService - ok
22:18:57.0463 3616 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
22:18:57.0479 3616 upnphost - ok
22:18:57.0541 3616 [ D4FB6ECC60A428564BA8768B0E23C0FC ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
22:18:57.0541 3616 USBAAPL - ok
22:18:57.0557 3616 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
22:18:57.0557 3616 usbccgp - ok
22:18:57.0666 3616 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:18:57.0666 3616 usbcir - ok
22:18:57.0697 3616 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:18:57.0697 3616 usbehci - ok
22:18:57.0744 3616 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:18:57.0759 3616 usbhub - ok
22:18:57.0791 3616 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:18:57.0791 3616 usbohci - ok
22:18:57.0837 3616 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:18:57.0837 3616 usbprint - ok
22:18:57.0900 3616 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:18:57.0900 3616 usbscan - ok
22:18:57.0931 3616 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:18:57.0931 3616 USBSTOR - ok
22:18:57.0962 3616 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:18:57.0962 3616 usbuhci - ok
22:18:58.0009 3616 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
22:18:58.0009 3616 UxSms - ok
22:18:58.0025 3616 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
22:18:58.0040 3616 VaultSvc - ok
22:18:58.0071 3616 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:18:58.0071 3616 vdrvroot - ok
22:18:58.0149 3616 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
22:18:58.0165 3616 vds - ok
22:18:58.0212 3616 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:18:58.0212 3616 vga - ok
22:18:58.0243 3616 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
22:18:58.0243 3616 VgaSave - ok
22:18:58.0274 3616 VGPU - ok
22:18:58.0321 3616 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:18:58.0337 3616 vhdmp - ok
22:18:58.0383 3616 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
22:18:58.0383 3616 viaagp - ok
22:18:58.0415 3616 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
22:18:58.0415 3616 ViaC7 - ok
22:18:58.0477 3616 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
22:18:58.0477 3616 viaide - ok
22:18:58.0539 3616 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
22:18:58.0539 3616 vmbus - ok
22:18:58.0571 3616 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
22:18:58.0571 3616 VMBusHID - ok
22:18:58.0586 3616 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:18:58.0602 3616 volmgr - ok
22:18:58.0711 3616 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:18:58.0711 3616 volmgrx - ok
22:18:58.0742 3616 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:18:58.0758 3616 volsnap - ok
22:18:58.0789 3616 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:18:58.0805 3616 vsmraid - ok
22:18:58.0883 3616 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
22:18:58.0929 3616 VSS - ok
22:18:58.0961 3616 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:18:58.0961 3616 vwifibus - ok
22:18:59.0023 3616 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:18:59.0023 3616 vwififlt - ok
22:18:59.0117 3616 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:18:59.0117 3616 vwifimp - ok
22:18:59.0179 3616 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
22:18:59.0195 3616 W32Time - ok
22:18:59.0226 3616 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:18:59.0226 3616 WacomPen - ok
22:18:59.0288 3616 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:18:59.0288 3616 WANARP - ok
22:18:59.0304 3616 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:18:59.0304 3616 Wanarpv6 - ok
22:18:59.0444 3616 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:18:59.0491 3616 WatAdminSvc - ok
22:18:59.0585 3616 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
22:18:59.0631 3616 wbengine - ok
22:18:59.0678 3616 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:18:59.0694 3616 WbioSrvc - ok
22:18:59.0756 3616 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:18:59.0772 3616 wcncsvc - ok
22:18:59.0803 3616 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:18:59.0803 3616 WcsPlugInService - ok
22:18:59.0850 3616 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:18:59.0850 3616 Wd - ok
22:18:59.0928 3616 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:18:59.0943 3616 Wdf01000 - ok
22:18:59.0959 3616 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:18:59.0959 3616 WdiServiceHost - ok
22:18:59.0990 3616 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:18:59.0990 3616 WdiSystemHost - ok
22:19:00.0053 3616 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
22:19:00.0053 3616 WebClient - ok
22:19:00.0099 3616 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:19:00.0115 3616 Wecsvc - ok
22:19:00.0146 3616 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:19:00.0162 3616 wercplsupport - ok
22:19:00.0177 3616 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
22:19:00.0193 3616 WerSvc - ok
22:19:00.0224 3616 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:19:00.0224 3616 WfpLwf - ok
22:19:00.0255 3616 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:19:00.0255 3616 WIMMount - ok
22:19:00.0349 3616 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
22:19:00.0365 3616 WinDefend - ok
22:19:00.0365 3616 WinHttpAutoProxySvc - ok
22:19:00.0458 3616 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:19:00.0458 3616 Winmgmt - ok
22:19:00.0552 3616 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
22:19:00.0599 3616 WinRM - ok
22:19:00.0723 3616 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:19:00.0739 3616 WinUsb - ok
22:19:00.0801 3616 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:19:00.0817 3616 Wlansvc - ok
22:19:00.0957 3616 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:19:00.0989 3616 wlidsvc - ok
22:19:01.0145 3616 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:19:01.0160 3616 WmiAcpi - ok
22:19:01.0363 3616 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:19:01.0394 3616 wmiApSrv - ok
22:19:02.0081 3616 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
22:19:02.0174 3616 WMPNetworkSvc - ok
22:19:02.0315 3616 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:19:02.0377 3616 WPCSvc - ok
22:19:02.0595 3616 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:19:02.0611 3616 WPDBusEnum - ok
22:19:02.0814 3616 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:19:02.0829 3616 ws2ifsl - ok
22:19:03.0032 3616 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
22:19:03.0063 3616 wscsvc - ok
22:19:03.0079 3616 WSearch - ok
22:19:03.0687 3616 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
22:19:03.0890 3616 wuauserv - ok
22:19:03.0953 3616 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:19:03.0953 3616 WudfPf - ok
22:19:04.0046 3616 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:19:04.0077 3616 WUDFRd - ok
22:19:04.0155 3616 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:19:04.0155 3616 wudfsvc - ok
22:19:04.0249 3616 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
22:19:04.0280 3616 WwanSvc - ok
22:19:04.0374 3616 ================ Scan global ===============================
22:19:04.0421 3616 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
22:19:04.0499 3616 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
22:19:04.0530 3616 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
22:19:04.0577 3616 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
22:19:04.0655 3616 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
22:19:04.0655 3616 [Global] - ok
22:19:04.0655 3616 ================ Scan MBR ==================================
22:19:04.0733 3616 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:19:05.0481 3616 \Device\Harddisk0\DR0 - ok
22:19:05.0481 3616 ================ Scan VBR ==================================
22:19:05.0497 3616 [ F143E7EB052FF2A23808CC9389537B2C ] \Device\Harddisk0\DR0\Partition1
22:19:05.0513 3616 \Device\Harddisk0\DR0\Partition1 - ok
22:19:05.0528 3616 [ 90F7C297EBA248BA108C1EE5602E5FCD ] \Device\Harddisk0\DR0\Partition2
22:19:05.0544 3616 \Device\Harddisk0\DR0\Partition2 - ok
22:19:05.0544 3616 ============================================================
22:19:05.0544 3616 Scan finished
22:19:05.0544 3616 ============================================================
22:19:05.0575 3608 Detected object count: 0
22:19:05.0575 3608 Actual detected object count: 0
22:19:11.0737 2808 Deinitialize success

And...

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-11 22:19:28
-----------------------------
22:19:28.646 OS Version: Windows 6.1.7601 Service Pack 1
22:19:28.646 Number of processors: 2 586 0xF0D
22:19:28.646 ComputerName: TIM-PC UserName: Tim
22:20:10.735 Initialize success
20:25:27.761 AVAST engine defs: 12121301
20:40:06.877 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
20:40:06.950 Disk 0 Vendor: TOSHIBA_MK1237GSX DL140D Size: 114473MB BusType: 3
20:40:06.990 Disk 0 MBR read successfully
20:40:06.996 Disk 0 MBR scan
20:40:08.708 Disk 0 Windows 7 default MBR code
20:40:08.736 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 86 MB offset 63
20:40:09.773 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 2048 MB offset 178176
20:40:10.105 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 112337 MB offset 4372480
20:40:10.205 Disk 0 scanning sectors +234438656
20:40:10.565 Disk 0 scanning C:\Windows\system32\drivers
20:40:32.291 Service scanning
20:40:33.421 Service .csc \? **LOCKED** 123
20:41:19.891 Modules scanning
20:41:31.391 Disk 0 trace - called modules:
20:41:31.441 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys PCIIDEX.SYS atapi.sys
20:41:31.511 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x853455c0]
20:41:31.531 3 CLASSPNP.SYS[878a759e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x84e93908]
20:41:32.711 AVAST engine scan C:\Windows
20:41:39.281 AVAST engine scan C:\Windows\system32
20:41:48.731 File: C:\Windows\system32\autochk.exe **INFECTED** Win32:Malware-gen
20:46:56.472 AVAST engine scan C:\Windows\system32\drivers
20:47:16.962 AVAST engine scan C:\Users\Tim
20:49:36.602 File: C:\Users\Tim\AppData\LocalLow\36AA.tmp **INFECTED** Win32:Alureon-AXX [Trj]
20:50:37.652 Disk 0 MBR has been saved successfully to "C:\Users\Tim\Desktop\antimalware\MBR.dat"
20:50:37.682 The log file has been saved successfully to "C:\Users\Tim\Desktop\antimalware\aswMBR.txt"

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:51 AM

Posted 13 December 2012 - 10:22 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users