Delayed write failed virus removed?

Solved
By akaGizmo
Mar 22, 2012
  1. I tried removing with MBAM, Superantispyware, MSE --thought I had a clean system, but Internet Explorer randomly launches itself to strange sites.

    BTW: I am doing this remote, using TeamViewer

    I followed the 5-Step instructions (except disconnecting from the Internet).

    gmer found nothing; mbam.log, dds and attach.txt to follow


    I hope someone can help.

    Thanks in advance!
  2. akaGizmo

    akaGizmo Newcomer, in training Topic Starter Posts: 26

    mbam.log

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.22.02

    Windows Vista Service Pack 1 x86 NTFS
    Internet Explorer 8.0.6001.19088
    Kelli :: KRIS-PC [administrator]

    3/22/2012 9:46:59 AM
    mbam-log-2012-03-22 (09-46-59).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra |

    Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 218173
    Time elapsed: 8 minute(s), 30 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  3. akaGizmo

    akaGizmo Newcomer, in training Topic Starter Posts: 26

    DDS

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.19088
    Run by Kelli at 10:11:45 on 2012-03-22
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3573.2068 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\aestsrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\Windows\system32\STacSV.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wbem\unsecapp.exe
    c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Program Files\TeamViewer\Version6\TeamViewer_Desktop.exe
    C:\Windows\system32\taskeng.exe
    c:\program files\teamviewer\version6\TeamViewer.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\TeamViewer\Version6\tv_w32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\REGSVR32.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    uWindow Title = Internet Explorer provided by Dell
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080730
    mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
    BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
    TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\~disab~1\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} - hxxps://wmtss1.wcsu.edu/auth/taweb.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    TCP: DhcpNameServer = 167.206.251.130 167.206.251.129
    TCP: Interfaces\{9F7136FC-BD10-40C5-BB3A-A09C78481805} : DhcpNameServer = 167.206.251.130 167.206.251.129
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\kelli\appdata\roaming\mozilla\firefox\profiles\l79wd44r.default\
    FF - prefs.js: browser.search.selectedEngine - WOT Safe Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
    FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
    R1 MpKsla337b3e9;MpKsla337b3e9;c:\programdata\microsoft\microsoft antimalware\definition updates\{6e987111-c0fa-45b8-bb70-3c679194f464}\MpKsla337b3e9.sys [2012-3-22 29904]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-7-30 73728]
    R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048]
    R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2011-5-6 1085440]
    R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2012-3-20 2337144]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-8-8 24652]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-7-30 111616]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
    R3 pxldqpoc;pxldqpoc;c:\users\kelli\appdata\local\temp\pxldqpoc.sys [2012-3-22 100864]
    S2 0029071332293059mcinstcleanup;McAfee Application Installer Cleanup (0029071332293059);c:\users\kelli\appdata\local\temp\002907~1.exe -cleanup -nolog --> c:\users\kelli\appdata\local\temp\002907~1.EXE -cleanup -nolog [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-03-22 14:08:43 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6e987111-c0fa-45b8-bb70-3c679194f464}\MpKsla337b3e9.sys
    2012-03-22 13:45:46 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-22 13:45:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-03-22 12:33:02 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{4040a0ce-c292-406e-9eea-195731fd7168}\gapaengine.dll
    2012-03-22 12:32:51 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6e987111-c0fa-45b8-bb70-3c679194f464}\mpengine.dll
    2012-03-22 12:30:32 -------- d-----w- c:\program files\Microsoft Security Client
    2012-03-21 05:03:37 -------- d-----w- c:\users\kelli\appdata\roaming\SUPERAntiSpyware.com
    2012-03-21 05:02:42 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-03-21 02:07:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-03-21 02:04:16 -------- d-----w- c:\program files\WOT
    2012-03-21 01:49:40 -------- d-----w- c:\users\kelli\appdata\local\Adobe
    2012-03-21 01:24:33 -------- d-----w- c:\users\kelli\appdata\local\Mozilla
    2012-03-21 01:14:27 -------- d-----w- c:\users\kelli\appdata\local\Stardock_Corporation
    2012-03-21 01:14:11 -------- d-----w- c:\users\kelli\appdata\local\AIM Toolbar
    2012-03-21 01:12:14 -------- d-----w- c:\users\kelli\appdata\roaming\Intel
    2012-03-21 01:08:47 -------- d-----w- c:\users\kelli\appdata\local\KodakGallery
    2012-03-21 01:06:23 -------- d-----w- c:\users\kelli\appdata\local\Apple Computer
    2012-03-21 01:06:13 -------- d-----w- c:\users\kelli\appdata\local\MediaDirect
    2012-03-21 01:06:12 -------- d-----w- c:\users\kelli\appdata\local\Google
    2012-03-21 01:05:52 -------- d-----w- c:\users\kelli\appdata\local\SupportSoft
    2012-03-21 01:05:50 -------- d-----w- c:\users\kelli\appdata\local\Symantec
    2012-03-21 01:05:01 -------- d-----w- c:\users\kelli\appdata\roaming\Dell
    2012-03-21 01:04:18 -------- d-----w- c:\users\kelli\appdata\local\VirtualStore
    2012-03-20 23:36:31 -------- d-----w- c:\users\kelli\appdata\roaming\Malwarebytes
    2012-03-20 23:30:13 -------- d-----w- c:\program files\CCleaner
    2012-03-20 23:02:22 -------- d-----w- c:\programdata\Malwarebytes
    2012-03-20 22:25:39 -------- d-----w- C:\usr
    2012-03-20 22:22:00 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6064ebb1-a048-460c-94d3-dea32612088f}\mpengine.dll
    2012-03-20 21:54:29 -------- d-----w- c:\program files\TeamViewer
    .
    ==================== Find3M ====================
    .
    2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
    .
    ============= FINISH: 10:18:56.07 ===============
  4. akaGizmo

    akaGizmo Newcomer, in training Topic Starter Posts: 26

    Attach

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 7/30/2008 9:13:08 AM
    System Uptime: 3/22/2012 9:39:36 AM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0U990C
    Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz | Microprocessor | 1000/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 221 GiB total, 59.377 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 5.424 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    32 Bit HP CIO Components Installer
    3ivx MPEG-4 5.0.3 (remove only)
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 8.1.3
    Advanced Audio FX Engine
    Advanced Video FX Engine
    AIM 7
    AIM MusicLink 4.0.0.0
    AIM Toolbar
    Aleks 3.14
    AOL Install
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Banctec Service Agreement
    Bonjour
    Browser Address Error Redirector
    BufferChm
    C4400
    C4400_Help
    Canon DIGITAL CAMERA Solution Disk Software Guide
    CANON iMAGE GATEWAY Task for ZoomBrowser EX
    Canon Internet Library for ZoomBrowser EX
    Canon MOV Decoder
    Canon MOV Encoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon Personal Printing Guide
    Canon PowerShot SX210 IS Camera User Guide
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC 8
    Canon Utilities Movie Uploader for YouTube
    Canon Utilities MyCamera
    Canon Utilities PhotoStitch
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    Cards_Calendar_OrderGift_DoMorePlugout
    CCleaner
    CCScore
    Compatibility Pack for the 2007 Office system
    Conexant HDA D330 MDC V.92 Modem
    Copy
    CustomerResearchQFolder
    Dell-eBay
    Dell Best of Web
    Dell DataSafe Online
    Dell Dock
    Dell Getting Started Guide
    Dell Support Center (Support Software)
    Dell Touchpad
    Dell Webcam Center
    Dell Webcam Manager
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    Digital Line Detect
    DocProc
    DocProcQFolder
    Download Updater (AOL LLC)
    EarthLink Setup Files
    EDocs
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSSONIC
    ESSTOOLS
    essvatgt
    eSupportQFolder
    FlipShare
    Google Update Helper
    GPBaseService
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Customer Participation Program 10.0
    HP Imaging Device Functions 10.0
    HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
    HP Photosmart Essential 2.5
    HP Smart Web Printing
    HP Solution Center 10.0
    HP Update
    HPPhotoSmartPhotobookWebPack1
    HPProductAssistant
    HPSSupply
    Intel(R) Matrix Storage Manager
    Intel(R) PROSet/Wireless Software
    iTunes
    Java Auto Updater
    kgcbaby
    kgcbase
    kgchday
    kgchlwn
    kgcinvt
    kgckids
    kgcmove
    kgcvday
    Kodak EasyShare software
    KSU
    Laptop Integrated Webcam Driver (1.04.01.1011)
    Live! Cam Avatar Creator
    Live! Cam Avatar v1.0
    LiveUpdate 3.2 (Symantec Corporation)
    Malwarebytes Anti-Malware version 1.60.1.1000
    MarketResearch
    mCore
    MediaDirect
    mHelp
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft VC9 runtime libraries
    Microsoft Works
    mMHouse
    MobileMe Control Panel
    Modem Diagnostic Tool
    Mozilla Firefox 11.0 (x86 en-US)
    mPfMgr
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    mWMI
    netbrdg
    NetWaiting
    NetZeroInstallers
    Notifier
    OCR Software by I.R.I.S. 10.0
    OfotoXMI
    OGA Notifier 2.0.0048.0
    ooVoo
    OutlookAddinSetup
    PanoStandAlone
    PCDADDIN
    PCDHELP
    PS_AIO_03_C4400_ProductContext
    PS_AIO_03_C4400_Software
    PS_AIO_03_C4400_Software_Min
    PSSWCORE
    QuickSet
    QuickTime
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Safari
    Scan
    Security Update for 2007 Microsoft Office System (KB951550)
    Security Update for 2007 Microsoft Office System (KB951944)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB969679)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft Office Excel 2007 (KB969682)
    Security Update for Microsoft Office OneNote 2007 (KB950130)
    Security Update for Microsoft Office Outlook 2007 (KB972363)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office Publisher 2007 (KB969693)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB969604)
    SFR
    SHASTA
    Shop for HP Supplies
    SKIN0001
    SKINXSDK
    Skype Toolbars
    Skype™ 5.3
    SmartWebPrintingOC
    Snood 4
    SolutionCenter
    staticcr
    Status
    TeamViewer 6
    Toolbox
    tooltips
    TrayApp
    UnloadSupport
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB974810)
    VideoToolkit01
    Viewpoint Media Player
    VPRINTOL
    WebReg
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    WIRELESS
    WOT for Internet Explorer
    Xvid 1.2.1 final uninstall
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/22/2012 9:12:03 AM, Error: Schannel [36874] - An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
    3/22/2012 8:19:46 AM, Error: EventLog [6008] - The previous system shutdown at 8:17:40 AM on 3/22/2012 was unexpected.
    3/21/2012 8:05:44 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    3/20/2012 9:46:31 PM, Error: Service Control Manager [7024] - The KtmRm for Distributed Transaction Coordinator service terminated with service-specific error 2147942438 (0x80070026).
    3/20/2012 9:44:28 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
    3/20/2012 9:44:14 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    3/20/2012 11:58:23 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.2.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    3/20/2012 10:16:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    3/20/2012 10:16:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    3/20/2012 10:16:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/20/2012 10:16:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    3/20/2012 10:15:43 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    3/20/2012 10:15:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    3/20/2012 10:15:40 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter spldr Wanarpv6
    3/20/2012 10:15:40 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    3/20/2012 10:15:05 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
    .
    ==== End Of File ===========================
  5. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  6. akaGizmo

    akaGizmo Newcomer, in training Topic Starter Posts: 26

    aswMBR.exe isn't working. After I open it, and choose "allow", nothing happens. I tried running as Administrator and even in safe mode --nothing
  7. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Proceed with Bootkit Remover.
  8. akaGizmo

    akaGizmo Newcomer, in training Topic Starter Posts: 26

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 1 (build 6
    001), 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`73800000

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
  9. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Please download and run ListParts by Farbar (for 32-bit system) to your desktop.

    Please download and run ListParts64 by Farbar (for 64-bit system) to your desktop.

    Click on Scan button.

    Scan result will open in Notepad.
    Post it in your next reply.
  10. akaGizmo

    akaGizmo Newcomer, in training Topic Starter Posts: 26

    ListParts by Farbar Version: 12-03-2012 03
    Ran by Kelli (administrator) on 22-03-2012 at 22:25:19
    Windows Vista (X86)
    Running From: C:\Users\Kelli\Desktop
    Language: 0409
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 36%
    Total physical RAM: 3573.12 MB
    Available physical RAM: 2255.5 MB
    Total Pagefile: 7332 MB
    Available Pagefile: 6145.06 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1968.48 MB

    ======================= Partitions =========================

    1 Drive c: (OS) (Fixed) (Total:220.58 GB) (Free:58.94 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
    2 Drive d: (RECOVERY) (Fixed) (Total:9.77 GB) (Free:5.42 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 233 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 39 MB 32 KB
    Partition 2 Primary 10 GB 40 MB
    Partition 3 Primary 221 GB 10 GB
    Partition 0 Extended 2559 MB 230 GB
    Partition 4 Logical 2558 MB 230 GB

    ======================================================================================================

    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    ======================================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 D RECOVERY NTFS Partition 10 GB Healthy

    ======================================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 221 GB Healthy System (partition with boot components)

    ======================================================================================================

    Disk: 0
    Partition 4
    Type : DD
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    ======================================================================================================

    ****** End Of Log ******
  11. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    That looks fine.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  12. akaGizmo

    akaGizmo Newcomer, in training Topic Starter Posts: 26

    TDSSKiller will not run. Tried running as administrator as well.
  13. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Download the FixTDSS.exe

    Save the file to your Windows desktop.
    Close all running programs.
    If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
    Double-click the FixTDSS.exe file to start the removal tool.
    Click Start to begin the process, and then allow the tool to run.
    OK any security prompts.
    Restart the computer when prompted by the tool.
    After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
    If you are running Windows XP, re-enable System Restore.
  14. akaGizmo

    akaGizmo Newcomer, in training Topic Starter Posts: 26

    ***Infected MBR detected
  15. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Very well.
    See if TDSSKiller and aswMBR will run now.
  16. akaGizmo

    akaGizmo Newcomer, in training Topic Starter Posts: 26

    TDSSFix tool has a repair button, should I press it?

    (BTW: aswMBR just launched...i'll scan and post results)
  17. akaGizmo

    akaGizmo Newcomer, in training Topic Starter Posts: 26

    FYI: ...while scanning, Microsoft Security Essentials had a pop-up "detected 1 potential threat and suspended it. Click clean computer to remove this threat"
  18. akaGizmo

    akaGizmo Newcomer, in training Topic Starter Posts: 26

    aswMBR.txt

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-22 23:25:51
    -----------------------------
    23:25:51.536 OS Version: Windows 6.0.6001 Service Pack 1
    23:25:51.536 Number of processors: 2 586 0xF0D
    23:25:51.536 ComputerName: KRIS-PC UserName: Kelli
    23:26:26.246 Initialize success
    23:27:18.199 AVAST engine defs: 12032000
    23:28:29.618 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    23:28:29.618 Disk 0 Vendor: WDC_WD25 01.0 Size: 0MB BusType: 3
    23:28:29.618 Disk 0 MBR read successfully
    23:28:29.634 Disk 0 MBR scan
    23:28:29.665 Disk 0 unknown MBR code
    23:28:29.665 Disk 0 MBR hidden
    23:28:29.681 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
    23:28:29.712 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10000 MB offset 81920
    23:28:29.759 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 225874 MB offset 20561920
    23:28:29.805 Disk 0 Partition - 00 0F Extended LBA 2559 MB offset 483153920
    23:28:29.821 Disk 0 Partition 4 00 DD MSDOS5.0 2558 MB offset 483155968
    23:28:30.117 Disk 0 scanning sectors +488394752
    23:28:30.227 Disk 0 scanning C:\Windows\system32\drivers
    23:28:59.708 Service scanning
    23:29:25.516 Service MpKsl1ba73dea c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{66C4F3D1-8D38-433E-9624-BAD24D5F5B14}\MpKsl1ba73dea.sys **LOCKED** 32
    23:29:25.641 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
    23:29:55.221 Modules scanning
    23:30:00.744 Disk 0 trace - called modules:
    23:30:00.759
    23:30:02.506 AVAST engine scan C:\Windows
    23:30:07.155 AVAST engine scan C:\Windows\system32
    23:36:07.361 AVAST engine scan C:\Windows\system32\drivers
    23:36:42.433 AVAST engine scan C:\Users\Kelli
    23:37:44.225 Disk 0 MBR has been saved successfully to "C:\Users\Kelli\Desktop\MBR.dat"
    23:37:44.756 The log file has been saved successfully to "C:\Users\Kelli\Desktop\aswMBR.txt"
  19. akaGizmo

    akaGizmo Newcomer, in training Topic Starter Posts: 26

    FYI: Microsoft Security Essentials now said "To complete the cleanup, you'll need to restart your computer"


    Should I restart anyway?

    Run TDSSKiller?
  20. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Restart and run TDSSKiller.
  21. akaGizmo

    akaGizmo Newcomer, in training Topic Starter Posts: 26

    00:09:33.0422 1484 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
    00:09:33.0688 1484 ============================================================
    00:09:33.0688 1484 Current date / time: 2012/03/23 00:09:33.0688
    00:09:33.0688 1484 SystemInfo:
    00:09:33.0688 1484
    00:09:33.0688 1484 OS Version: 6.0.6001 ServicePack: 1.0
    00:09:33.0688 1484 Product type: Workstation
    00:09:33.0688 1484 ComputerName: KRIS-PC
    00:09:33.0688 1484 UserName: Kelli
    00:09:33.0688 1484 Windows directory: C:\Windows
    00:09:33.0688 1484 System windows directory: C:\Windows
    00:09:33.0688 1484 Processor architecture: Intel x86
    00:09:33.0688 1484 Number of processors: 2
    00:09:33.0688 1484 Page size: 0x1000
    00:09:33.0688 1484 Boot type: Normal boot
    00:09:33.0688 1484 ============================================================
    00:09:35.0092 1484 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    00:09:35.0123 1484 \Device\Harddisk0\DR0:
    00:09:35.0123 1484 MBR used
    00:09:35.0123 1484 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1388000
    00:09:35.0123 1484 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C000, BlocksNum 0x1B929168
    00:09:35.0341 1484 Initialize success
    00:09:35.0341 1484 ============================================================
    00:09:40.0677 1300 ============================================================
    00:09:40.0677 1300 Scan started
    00:09:40.0677 1300 Mode: Manual;
    00:09:40.0677 1300 ============================================================
    00:09:41.0099 1300 0029071332293059mcinstcleanup - ok
    00:09:41.0223 1300 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
    00:09:41.0239 1300 ACPI - ok
    00:09:41.0379 1300 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    00:09:41.0395 1300 adp94xx - ok
    00:09:41.0489 1300 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    00:09:41.0504 1300 adpahci - ok
    00:09:41.0551 1300 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    00:09:41.0551 1300 adpu160m - ok
    00:09:41.0582 1300 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    00:09:41.0598 1300 adpu320 - ok
    00:09:41.0645 1300 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
    00:09:41.0660 1300 AeLookupSvc - ok
    00:09:41.0707 1300 AESTFilters (ef1142512bec12f1c2c87735da1755be) C:\Windows\system32\aestsrv.exe
    00:09:41.0707 1300 AESTFilters - ok
    00:09:41.0801 1300 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
    00:09:41.0816 1300 AFD - ok
    00:09:41.0894 1300 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    00:09:41.0894 1300 agp440 - ok
    00:09:41.0925 1300 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    00:09:41.0941 1300 aic78xx - ok
    00:09:41.0988 1300 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
    00:09:41.0988 1300 ALG - ok
    00:09:42.0019 1300 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    00:09:42.0019 1300 aliide - ok
    00:09:42.0097 1300 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    00:09:42.0113 1300 amdagp - ok
    00:09:42.0159 1300 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    00:09:42.0159 1300 amdide - ok
    00:09:42.0191 1300 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    00:09:42.0191 1300 AmdK7 - ok
    00:09:42.0237 1300 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    00:09:42.0237 1300 AmdK8 - ok
    00:09:42.0300 1300 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\Windows\system32\DRIVERS\Apfiltr.sys
    00:09:42.0300 1300 ApfiltrService - ok
    00:09:42.0378 1300 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
    00:09:42.0378 1300 Appinfo - ok
    00:09:42.0518 1300 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    00:09:42.0534 1300 Apple Mobile Device - ok
    00:09:42.0721 1300 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    00:09:42.0721 1300 arc - ok
    00:09:42.0768 1300 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    00:09:42.0768 1300 arcsas - ok
    00:09:42.0815 1300 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    00:09:42.0815 1300 AsyncMac - ok
    00:09:42.0846 1300 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
    00:09:42.0846 1300 atapi - ok
    00:09:43.0017 1300 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
    00:09:43.0017 1300 AudioEndpointBuilder - ok
    00:09:43.0049 1300 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
    00:09:43.0064 1300 Audiosrv - ok
    00:09:43.0142 1300 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    00:09:43.0142 1300 Beep - ok
    00:09:43.0236 1300 BFE (d3e6d78285529962349a7f1617035938) C:\Windows\System32\bfe.dll
    00:09:43.0251 1300 BFE - ok
    00:09:43.0345 1300 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\System32\qmgr.dll
    00:09:43.0376 1300 BITS - ok
    00:09:43.0423 1300 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    00:09:43.0423 1300 blbdrive - ok
    00:09:43.0548 1300 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe
    00:09:43.0563 1300 Bonjour Service - ok
    00:09:43.0704 1300 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
    00:09:43.0704 1300 bowser - ok
    00:09:43.0782 1300 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    00:09:43.0782 1300 BrFiltLo - ok
    00:09:43.0829 1300 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    00:09:43.0829 1300 BrFiltUp - ok
    00:09:43.0875 1300 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
    00:09:43.0875 1300 Browser - ok
    00:09:43.0922 1300 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    00:09:43.0922 1300 Brserid - ok
    00:09:43.0969 1300 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    00:09:43.0969 1300 BrSerWdm - ok
    00:09:44.0016 1300 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    00:09:44.0016 1300 BrUsbMdm - ok
    00:09:44.0078 1300 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    00:09:44.0078 1300 BrUsbSer - ok
    00:09:44.0125 1300 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    00:09:44.0125 1300 BTHMODEM - ok
    00:09:44.0172 1300 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    00:09:44.0172 1300 cdfs - ok
    00:09:44.0219 1300 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
    00:09:44.0219 1300 cdrom - ok
    00:09:44.0281 1300 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
    00:09:44.0281 1300 CertPropSvc - ok
    00:09:44.0312 1300 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    00:09:44.0312 1300 circlass - ok
    00:09:44.0359 1300 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
    00:09:44.0359 1300 CLFS - ok
    00:09:44.0484 1300 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    00:09:44.0484 1300 clr_optimization_v2.0.50727_32 - ok
    00:09:44.0593 1300 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    00:09:44.0593 1300 clr_optimization_v4.0.30319_32 - ok
    00:09:44.0687 1300 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    00:09:44.0687 1300 CmBatt - ok
    00:09:44.0733 1300 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    00:09:44.0733 1300 cmdide - ok
    00:09:44.0749 1300 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    00:09:44.0749 1300 Compbatt - ok
    00:09:44.0765 1300 COMSysApp - ok
    00:09:44.0780 1300 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    00:09:44.0796 1300 crcdisk - ok
    00:09:44.0889 1300 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    00:09:44.0889 1300 Crusoe - ok
    00:09:44.0983 1300 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
    00:09:44.0983 1300 CryptSvc - ok
    00:09:45.0077 1300 DcomLaunch (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
    00:09:45.0108 1300 DcomLaunch - ok
    00:09:45.0217 1300 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
    00:09:45.0217 1300 DfsC - ok
    00:09:45.0357 1300 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
    00:09:45.0435 1300 DFSR - ok
    00:09:45.0529 1300 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
    00:09:45.0529 1300 Dhcp - ok
    00:09:45.0638 1300 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
    00:09:45.0638 1300 disk - ok
    00:09:45.0716 1300 Dnscache (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll
    00:09:45.0716 1300 Dnscache - ok
    00:09:45.0810 1300 DockLoginService (13511564cac5a005255765e322c16967) C:\Program Files\Dell\DellDock\DockLogin.exe
    00:09:45.0810 1300 DockLoginService - ok
    00:09:45.0888 1300 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
    00:09:45.0903 1300 dot3svc - ok
    00:09:46.0059 1300 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
    00:09:46.0059 1300 Dot4 - ok
    00:09:46.0075 1300 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    00:09:46.0075 1300 Dot4Print - ok
    00:09:46.0122 1300 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
    00:09:46.0122 1300 dot4usb - ok
    00:09:46.0169 1300 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
    00:09:46.0184 1300 DPS - ok
    00:09:46.0231 1300 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    00:09:46.0231 1300 drmkaud - ok
    00:09:46.0309 1300 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
    00:09:46.0325 1300 DXGKrnl - ok
    00:09:46.0403 1300 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
    00:09:46.0403 1300 e1express - ok
    00:09:46.0465 1300 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    00:09:46.0465 1300 E1G60 - ok
    00:09:46.0543 1300 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
    00:09:46.0559 1300 EapHost - ok
    00:09:46.0621 1300 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
    00:09:46.0621 1300 Ecache - ok
    00:09:46.0839 1300 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
    00:09:46.0855 1300 ehRecvr - ok
    00:09:46.0886 1300 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
    00:09:46.0886 1300 ehSched - ok
    00:09:46.0917 1300 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
    00:09:46.0917 1300 ehstart - ok
    00:09:47.0011 1300 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    00:09:47.0027 1300 elxstor - ok
    00:09:47.0089 1300 EMDMgmt (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
    00:09:47.0120 1300 EMDMgmt - ok
    00:09:47.0151 1300 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    00:09:47.0151 1300 ErrDev - ok
    00:09:47.0214 1300 EventSystem (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
    00:09:47.0214 1300 EventSystem - ok
    00:09:47.0292 1300 EvtEng (e71b03ff6b819ae1a286aa27e956d523) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    00:09:47.0448 1300 EvtEng - ok
    00:09:47.0541 1300 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
    00:09:47.0541 1300 exfat - ok
    00:09:47.0619 1300 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
    00:09:47.0619 1300 fastfat - ok
    00:09:47.0651 1300 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    00:09:47.0651 1300 fdc - ok
    00:09:47.0682 1300 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
    00:09:47.0682 1300 fdPHost - ok
    00:09:47.0713 1300 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
    00:09:47.0713 1300 FDResPub - ok
    00:09:47.0760 1300 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    00:09:47.0760 1300 FileInfo - ok
    00:09:47.0791 1300 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    00:09:47.0838 1300 Filetrace - ok
    00:09:48.0259 1300 FlipShare Service (b8602c90d3c427d8a86ce60437615cf5) C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    00:09:48.0275 1300 FlipShare Service - ok
    00:09:48.0665 1300 FlipShareServer (ac5fb7094f31534594cae48306972cbd) C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
    00:09:48.0930 1300 FlipShareServer - ok
    00:09:49.0195 1300 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    00:09:49.0195 1300 flpydisk - ok
    00:09:49.0257 1300 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
    00:09:49.0257 1300 FltMgr - ok
    00:09:49.0351 1300 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    00:09:49.0351 1300 FontCache3.0.0.0 - ok
    00:09:49.0398 1300 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    00:09:49.0398 1300 Fs_Rec - ok
    00:09:49.0445 1300 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    00:09:49.0445 1300 gagp30kx - ok
    00:09:49.0491 1300 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    00:09:49.0491 1300 GEARAspiWDM - ok
    00:09:49.0569 1300 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
    00:09:49.0585 1300 gpsvc - ok
    00:09:49.0710 1300 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
    00:09:49.0710 1300 gupdate - ok
    00:09:49.0741 1300 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
    00:09:49.0757 1300 gupdatem - ok
    00:09:49.0881 1300 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
    00:09:49.0881 1300 HDAudBus - ok
    00:09:49.0913 1300 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    00:09:49.0928 1300 HidBth - ok
    00:09:49.0944 1300 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    00:09:49.0959 1300 HidIr - ok
    00:09:50.0069 1300 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll
    00:09:50.0069 1300 hidserv - ok
    00:09:50.0147 1300 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
    00:09:50.0147 1300 HidUsb - ok
    00:09:50.0193 1300 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
    00:09:50.0209 1300 hkmsvc - ok
    00:09:50.0240 1300 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    00:09:50.0240 1300 HpCISSs - ok
    00:09:50.0381 1300 hpqcxs08 (f50f7984fdd151edd8a70a8dbd9e2a44) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
    00:09:50.0646 1300 hpqcxs08 - ok
    00:09:50.0880 1300 hpqddsvc (df446ba625cc441617843e87798ce048) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
    00:09:50.0880 1300 hpqddsvc - ok
    00:09:51.0051 1300 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    00:09:51.0083 1300 HSF_DPV - ok
    00:09:51.0129 1300 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    00:09:51.0129 1300 HSXHWAZL - ok
    00:09:51.0192 1300 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
    00:09:51.0192 1300 HTTP - ok
    00:09:51.0270 1300 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    00:09:51.0270 1300 i2omp - ok
    00:09:51.0332 1300 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    00:09:51.0348 1300 i8042prt - ok
    00:09:51.0504 1300 IAANTMON (ae38a12f79a4980ddb88f36514f8a1da) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    00:09:51.0519 1300 IAANTMON - ok
    00:09:51.0660 1300 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
    00:09:51.0660 1300 iaStor - ok
    00:09:51.0769 1300 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    00:09:51.0769 1300 iaStorV - ok
    00:09:51.0878 1300 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    00:09:51.0909 1300 idsvc - ok
    00:09:52.0081 1300 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
    00:09:52.0159 1300 igfx - ok
    00:09:52.0206 1300 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    00:09:52.0206 1300 iirsp - ok
    00:09:52.0268 1300 IKEEXT (68e8c415e102e5d79fd7e4a765b8cba4) C:\Windows\System32\ikeext.dll
    00:09:52.0299 1300 IKEEXT - ok
    00:09:52.0346 1300 IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys
    00:09:52.0362 1300 IntcHdmiAddService - ok
    00:09:52.0409 1300 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
    00:09:52.0409 1300 intelide - ok
    00:09:52.0471 1300 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    00:09:52.0471 1300 intelppm - ok
    00:09:52.0518 1300 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
    00:09:52.0518 1300 IPBusEnum - ok
    00:09:52.0565 1300 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    00:09:52.0565 1300 IpFilterDriver - ok
    00:09:52.0611 1300 iphlpsvc (6a35d233693edc29a12742049bc5e37f) C:\Windows\System32\iphlpsvc.dll
    00:09:52.0611 1300 iphlpsvc - ok
    00:09:52.0627 1300 IpInIp - ok
    00:09:52.0658 1300 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    00:09:52.0658 1300 IPMIDRV - ok
    00:09:52.0689 1300 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    00:09:52.0689 1300 IPNAT - ok
    00:09:52.0783 1300 iPod Service (3a6d4d8abacf64292d060c9e06d2050d) C:\Program Files\iPod\bin\iPodService.exe
    00:09:52.0814 1300 iPod Service - ok
    00:09:52.0845 1300 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    00:09:52.0845 1300 IRENUM - ok
    00:09:52.0892 1300 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    00:09:52.0892 1300 isapnp - ok
    00:09:52.0923 1300 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
    00:09:52.0939 1300 iScsiPrt - ok
    00:09:52.0955 1300 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    00:09:52.0955 1300 iteatapi - ok
    00:09:53.0001 1300 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    00:09:53.0001 1300 iteraid - ok
    00:09:53.0033 1300 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    00:09:53.0033 1300 kbdclass - ok
    00:09:53.0064 1300 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
    00:09:53.0064 1300 kbdhid - ok
    00:09:53.0126 1300 KeyIso (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
    00:09:53.0126 1300 KeyIso - ok
    00:09:53.0173 1300 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
    00:09:53.0189 1300 KSecDD - ok
    00:09:53.0235 1300 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
    00:09:53.0251 1300 KtmRm - ok
    00:09:53.0313 1300 LanmanServer (1925e63c91cf1610ae41bfd539062079) C:\Windows\system32\srvsvc.dll
    00:09:53.0313 1300 LanmanServer - ok
    00:09:53.0376 1300 LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll
    00:09:53.0376 1300 LanmanWorkstation - ok
    00:09:53.0547 1300 LiveUpdate (3c7fcbbc35e0a52ce9b12e9cc4f5b991) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    00:09:53.0657 1300 LiveUpdate - ok
    00:09:53.0781 1300 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    00:09:53.0781 1300 lltdio - ok
    00:09:53.0859 1300 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
    00:09:53.0875 1300 lltdsvc - ok
    00:09:53.0891 1300 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
    00:09:53.0891 1300 lmhosts - ok
    00:09:53.0953 1300 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    00:09:53.0953 1300 LSI_FC - ok
    00:09:53.0984 1300 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    00:09:53.0984 1300 LSI_SAS - ok
    00:09:54.0031 1300 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    00:09:54.0031 1300 LSI_SCSI - ok
    00:09:54.0062 1300 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    00:09:54.0078 1300 luafv - ok
    00:09:54.0109 1300 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
    00:09:54.0109 1300 Mcx2Svc - ok
    00:09:54.0140 1300 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    00:09:54.0156 1300 mdmxsdk - ok
    00:09:54.0171 1300 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    00:09:54.0187 1300 megasas - ok
    00:09:54.0234 1300 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    00:09:54.0234 1300 MegaSR - ok
    00:09:54.0312 1300 Microsoft Office Groove Audit Service (033b947af4a997820e86fcb070b1f450) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
    00:09:54.0312 1300 Microsoft Office Groove Audit Service - ok
    00:09:54.0421 1300 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
    00:09:54.0421 1300 MMCSS - ok
    00:09:54.0515 1300 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    00:09:54.0515 1300 Modem - ok
    00:09:54.0561 1300 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    00:09:54.0561 1300 monitor - ok
    00:09:54.0593 1300 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    00:09:54.0593 1300 mouclass - ok
    00:09:54.0624 1300 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    00:09:54.0624 1300 mouhid - ok
    00:09:54.0655 1300 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    00:09:54.0671 1300 MountMgr - ok
    00:09:54.0749 1300 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
    00:09:54.0749 1300 MpFilter - ok
    00:09:54.0795 1300 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    00:09:54.0795 1300 mpio - ok
    00:09:55.0123 1300 MpKsl25625841 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{66C4F3D1-8D38-433E-9624-BAD24D5F5B14}\MpKsl25625841.sys
    00:09:55.0139 1300 MpKsl25625841 - ok
    00:09:55.0295 1300 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
    00:09:55.0295 1300 MpNWMon - ok
    00:09:55.0373 1300 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    00:09:55.0373 1300 mpsdrv - ok
    00:09:55.0435 1300 MpsSvc (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
    00:09:55.0451 1300 MpsSvc - ok
    00:09:55.0513 1300 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    00:09:55.0513 1300 Mraid35x - ok
    00:09:55.0529 1300 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
    00:09:55.0544 1300 MRxDAV - ok
    00:09:55.0607 1300 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
    00:09:55.0607 1300 mrxsmb - ok
    00:09:55.0654 1300 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    00:09:55.0654 1300 mrxsmb10 - ok
    00:09:55.0717 1300 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    00:09:55.0717 1300 mrxsmb20 - ok
    00:09:55.0748 1300 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
    00:09:55.0748 1300 msahci - ok
    00:09:55.0795 1300 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    00:09:55.0795 1300 msdsm - ok
    00:09:55.0842 1300 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
    00:09:55.0857 1300 MSDTC - ok
    00:09:55.0888 1300 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    00:09:55.0904 1300 Msfs - ok
    00:09:55.0935 1300 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    00:09:55.0935 1300 msisadrv - ok
    00:09:55.0998 1300 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
    00:09:55.0998 1300 MSiSCSI - ok
    00:09:56.0013 1300 msiserver - ok
    00:09:56.0060 1300 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    00:09:56.0060 1300 MSKSSRV - ok
    00:09:56.0263 1300 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    00:09:56.0263 1300 MsMpSvc - ok
    00:09:56.0278 1300 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    00:09:56.0278 1300 MSPCLOCK - ok
    00:09:56.0310 1300 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    00:09:56.0310 1300 MSPQM - ok
    00:09:56.0341 1300 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
    00:09:56.0341 1300 MsRPC - ok
    00:09:56.0372 1300 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    00:09:56.0372 1300 mssmbios - ok
    00:09:56.0419 1300 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    00:09:56.0419 1300 MSTEE - ok
    00:09:56.0450 1300 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
    00:09:56.0466 1300 Mup - ok
    00:09:56.0512 1300 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
    00:09:56.0528 1300 napagent - ok
    00:09:56.0590 1300 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
    00:09:56.0590 1300 NativeWifiP - ok
    00:09:56.0653 1300 NDIS (c8560010a542b5dca94c62468dc20784) C:\Windows\system32\drivers\ndis.sys
    00:09:56.0668 1300 NDIS - ok
    00:09:56.0715 1300 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    00:09:56.0715 1300 NdisTapi - ok
    00:09:56.0762 1300 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    00:09:56.0762 1300 Ndisuio - ok
    00:09:56.0793 1300 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
    00:09:56.0793 1300 NdisWan - ok
    00:09:56.0840 1300 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    00:09:56.0840 1300 NDProxy - ok
    00:09:56.0887 1300 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\Windows\system32\HPZinw12.dll
    00:09:56.0902 1300 Net Driver HPZ12 - ok
    00:09:56.0918 1300 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    00:09:56.0918 1300 NetBIOS - ok
    00:09:56.0949 1300 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
    00:09:56.0965 1300 netbt - ok
    00:09:57.0012 1300 Netlogon (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
    00:09:57.0012 1300 Netlogon - ok
    00:09:57.0058 1300 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
    00:09:57.0074 1300 Netman - ok
    00:09:57.0136 1300 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
    00:09:57.0152 1300 netprofm - ok
    00:09:57.0214 1300 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    00:09:57.0214 1300 NetTcpPortSharing - ok
    00:09:57.0448 1300 NETw4v32 (dd194a025d1c0472f45f57de8d8388eb) C:\Windows\system32\DRIVERS\NETw4v32.sys
    00:09:57.0526 1300 NETw4v32 - ok
    00:09:57.0698 1300 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    00:09:57.0760 1300 nfrd960 - ok
    00:09:57.0948 1300 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    00:09:57.0963 1300 NisDrv - ok
    00:09:58.0166 1300 NisSrv (a5cb074f34bbd89948e34a630d459c0c) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    00:09:58.0182 1300 NisSrv - ok
    00:09:58.0275 1300 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
    00:09:58.0291 1300 NlaSvc - ok
    00:09:58.0369 1300 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
    00:09:58.0369 1300 Npfs - ok
    00:09:58.0416 1300 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
    00:09:58.0416 1300 nsi - ok
    00:09:58.0447 1300 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    00:09:58.0462 1300 nsiproxy - ok
    00:09:58.0525 1300 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
  22. akaGizmo

    akaGizmo Newcomer, in training Topic Starter Posts: 26

    00:09:58.0572 1300 Ntfs - ok
    00:09:58.0603 1300 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    00:09:58.0603 1300 ntrigdigi - ok
    00:09:58.0634 1300 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    00:09:58.0634 1300 Null - ok
    00:09:58.0681 1300 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    00:09:58.0681 1300 nvraid - ok
    00:09:58.0712 1300 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    00:09:58.0712 1300 nvstor - ok
    00:09:58.0743 1300 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    00:09:58.0759 1300 nv_agp - ok
    00:09:58.0774 1300 NwlnkFlt - ok
    00:09:58.0790 1300 NwlnkFwd - ok
    00:09:58.0962 1300 odserv (e54aa592a65f317390eee386a8821692) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    00:09:58.0977 1300 odserv - ok
    00:09:59.0102 1300 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
    00:09:59.0118 1300 OEM02Dev - ok
    00:09:59.0164 1300 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
    00:09:59.0164 1300 OEM02Vfx - ok
    00:09:59.0211 1300 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
    00:09:59.0211 1300 ohci1394 - ok
    00:09:59.0336 1300 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    00:09:59.0336 1300 ose - ok
    00:09:59.0461 1300 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
    00:09:59.0492 1300 p2pimsvc - ok
    00:09:59.0508 1300 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
    00:09:59.0523 1300 p2psvc - ok
    00:09:59.0648 1300 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    00:09:59.0648 1300 Parport - ok
    00:09:59.0679 1300 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
    00:09:59.0679 1300 partmgr - ok
    00:09:59.0710 1300 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    00:09:59.0710 1300 Parvdm - ok
    00:09:59.0757 1300 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
    00:09:59.0773 1300 PcaSvc - ok
    00:09:59.0804 1300 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
    00:09:59.0804 1300 pci - ok
    00:09:59.0835 1300 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
    00:09:59.0835 1300 pciide - ok
    00:09:59.0929 1300 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    00:09:59.0929 1300 pcmcia - ok
    00:10:00.0022 1300 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    00:10:00.0054 1300 PEAUTH - ok
    00:10:00.0194 1300 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
    00:10:00.0272 1300 pla - ok
    00:10:00.0319 1300 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
    00:10:00.0334 1300 PlugPlay - ok
    00:10:00.0397 1300 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\Windows\system32\HPZipm12.dll
    00:10:00.0397 1300 Pml Driver HPZ12 - ok
    00:10:00.0459 1300 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
    00:10:00.0475 1300 PNRPAutoReg - ok
    00:10:00.0522 1300 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
    00:10:00.0537 1300 PNRPsvc - ok
    00:10:00.0600 1300 PolicyAgent (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
    00:10:00.0615 1300 PolicyAgent - ok
    00:10:00.0662 1300 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    00:10:00.0678 1300 PptpMiniport - ok
    00:10:00.0709 1300 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
    00:10:00.0724 1300 Processor - ok
    00:10:00.0771 1300 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
    00:10:00.0771 1300 ProfSvc - ok
    00:10:00.0834 1300 ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
    00:10:00.0834 1300 ProtectedStorage - ok
    00:10:00.0880 1300 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
    00:10:00.0880 1300 PSched - ok
    00:10:00.0912 1300 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
    00:10:00.0912 1300 PxHelp20 - ok
    00:10:00.0990 1300 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    00:10:01.0036 1300 ql2300 - ok
    00:10:01.0068 1300 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    00:10:01.0068 1300 ql40xx - ok
    00:10:01.0114 1300 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
    00:10:01.0114 1300 QWAVE - ok
    00:10:01.0146 1300 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    00:10:01.0146 1300 QWAVEdrv - ok
    00:10:01.0239 1300 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
    00:10:01.0333 1300 R300 - ok
    00:10:01.0380 1300 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    00:10:01.0380 1300 RasAcd - ok
    00:10:01.0426 1300 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
    00:10:01.0426 1300 RasAuto - ok
    00:10:01.0458 1300 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    00:10:01.0458 1300 Rasl2tp - ok
    00:10:01.0489 1300 RasMan (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
    00:10:01.0504 1300 RasMan - ok
    00:10:01.0536 1300 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
    00:10:01.0536 1300 RasPppoe - ok
    00:10:01.0567 1300 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
    00:10:01.0567 1300 RasSstp - ok
    00:10:01.0614 1300 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
    00:10:01.0645 1300 rdbss - ok
    00:10:01.0707 1300 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    00:10:01.0707 1300 RDPCDD - ok
    00:10:01.0755 1300 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
    00:10:01.0755 1300 rdpdr - ok
    00:10:01.0771 1300 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    00:10:01.0786 1300 RDPENCDD - ok
    00:10:01.0817 1300 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
    00:10:01.0833 1300 RDPWD - ok
    00:10:01.0895 1300 RegSrvc (2cf574d0965f58e514a2dc94114d7eca) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    00:10:02.0036 1300 RegSrvc - ok
    00:10:02.0145 1300 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
    00:10:02.0145 1300 RemoteAccess - ok
    00:10:02.0207 1300 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
    00:10:02.0223 1300 RemoteRegistry - ok
    00:10:02.0270 1300 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
    00:10:02.0270 1300 rimmptsk - ok
    00:10:02.0285 1300 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
    00:10:02.0301 1300 rimsptsk - ok
    00:10:02.0317 1300 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
    00:10:02.0317 1300 rismxdp - ok
    00:10:02.0348 1300 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
    00:10:02.0363 1300 RpcLocator - ok
    00:10:02.0426 1300 RpcSs (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
    00:10:02.0426 1300 RpcSs - ok
    00:10:02.0504 1300 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    00:10:02.0504 1300 rspndr - ok
    00:10:02.0551 1300 SamSs (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
    00:10:02.0551 1300 SamSs - ok
    00:10:02.0597 1300 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    00:10:02.0613 1300 sbp2port - ok
    00:10:02.0644 1300 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
    00:10:02.0660 1300 SCardSvr - ok
    00:10:02.0722 1300 Schedule (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll
    00:10:02.0769 1300 Schedule - ok
    00:10:02.0816 1300 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
    00:10:02.0816 1300 SCPolicySvc - ok
    00:10:03.0284 1300 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
    00:10:03.0299 1300 sdbus - ok
    00:10:03.0409 1300 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
    00:10:03.0409 1300 SDRSVC - ok
    00:10:03.0455 1300 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    00:10:03.0455 1300 secdrv - ok
    00:10:03.0487 1300 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
    00:10:03.0502 1300 seclogon - ok
    00:10:03.0533 1300 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
    00:10:03.0549 1300 SENS - ok
    00:10:03.0565 1300 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    00:10:03.0565 1300 Serenum - ok
    00:10:03.0611 1300 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    00:10:03.0611 1300 Serial - ok
    00:10:03.0643 1300 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    00:10:03.0643 1300 sermouse - ok
    00:10:03.0705 1300 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
    00:10:03.0705 1300 SessionEnv - ok
    00:10:03.0736 1300 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
    00:10:03.0736 1300 sffdisk - ok
    00:10:03.0768 1300 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    00:10:03.0768 1300 sffp_mmc - ok
    00:10:03.0800 1300 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys
    00:10:03.0800 1300 sffp_sd - ok
    00:10:03.0815 1300 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    00:10:03.0815 1300 sfloppy - ok
    00:10:03.0893 1300 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
    00:10:03.0893 1300 SharedAccess - ok
    00:10:03.0956 1300 ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll
    00:10:03.0971 1300 ShellHWDetection - ok
    00:10:04.0018 1300 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    00:10:04.0018 1300 sisagp - ok
    00:10:04.0049 1300 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    00:10:04.0049 1300 SiSRaid2 - ok
    00:10:04.0080 1300 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    00:10:04.0080 1300 SiSRaid4 - ok
    00:10:04.0205 1300 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
    00:10:04.0299 1300 slsvc - ok
    00:10:04.0346 1300 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
    00:10:04.0361 1300 SLUINotify - ok
    00:10:04.0408 1300 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
    00:10:04.0408 1300 Smb - ok
    00:10:04.0455 1300 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
    00:10:04.0455 1300 SNMPTRAP - ok
    00:10:04.0486 1300 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    00:10:04.0486 1300 spldr - ok
    00:10:04.0533 1300 Spooler (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe
    00:10:04.0548 1300 Spooler - ok
    00:10:04.0580 1300 sprtsvc_dellsupportcenter - ok
    00:10:04.0673 1300 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
    00:10:04.0673 1300 srv - ok
    00:10:04.0751 1300 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
    00:10:04.0751 1300 srv2 - ok
    00:10:04.0829 1300 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
    00:10:04.0829 1300 srvnet - ok
    00:10:04.0876 1300 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
    00:10:04.0876 1300 SSDPSRV - ok
    00:10:04.0970 1300 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
    00:10:04.0970 1300 SstpSvc - ok
    00:10:05.0063 1300 STacSV (7e6dd4b34acd36af6c711d2bde91b040) C:\Windows\system32\STacSV.exe
    00:10:05.0063 1300 STacSV - ok
    00:10:05.0157 1300 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
    00:10:05.0204 1300 STHDA - ok
    00:10:05.0297 1300 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
    00:10:05.0313 1300 stisvc - ok
    00:10:05.0406 1300 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    00:10:05.0469 1300 stllssvr - ok
    00:10:05.0531 1300 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    00:10:05.0531 1300 swenum - ok
    00:10:05.0625 1300 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
    00:10:05.0625 1300 swprv - ok
    00:10:05.0656 1300 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    00:10:05.0656 1300 Symc8xx - ok
    00:10:05.0687 1300 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    00:10:05.0687 1300 Sym_hi - ok
    00:10:05.0718 1300 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    00:10:05.0718 1300 Sym_u3 - ok
    00:10:05.0750 1300 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
    00:10:05.0781 1300 SysMain - ok
    00:10:05.0812 1300 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
    00:10:05.0812 1300 TabletInputService - ok
    00:10:05.0859 1300 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
    00:10:05.0859 1300 TapiSrv - ok
    00:10:05.0890 1300 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
    00:10:05.0890 1300 TBS - ok
    00:10:05.0968 1300 Tcpip (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\drivers\tcpip.sys
    00:10:05.0984 1300 Tcpip - ok
    00:10:06.0046 1300 Tcpip6 (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\DRIVERS\tcpip.sys
    00:10:06.0062 1300 Tcpip6 - ok
    00:10:06.0124 1300 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
    00:10:06.0124 1300 tcpipreg - ok
    00:10:06.0171 1300 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    00:10:06.0171 1300 TDPIPE - ok
    00:10:06.0202 1300 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    00:10:06.0233 1300 TDTCP - ok
    00:10:06.0249 1300 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
    00:10:06.0264 1300 tdx - ok
    00:10:06.0530 1300 TeamViewer6 (8a9828975a857e477efef5a61ba45ac0) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
    00:10:06.0561 1300 TeamViewer6 - ok
    00:10:06.0717 1300 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
    00:10:06.0717 1300 TermDD - ok
    00:10:06.0779 1300 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
    00:10:06.0795 1300 TermService - ok
    00:10:06.0873 1300 Themes (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll
    00:10:06.0888 1300 Themes - ok
    00:10:06.0966 1300 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
    00:10:06.0982 1300 THREADORDER - ok
    00:10:07.0044 1300 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
    00:10:07.0044 1300 TrkWks - ok
    00:10:07.0107 1300 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
    00:10:07.0107 1300 TrustedInstaller - ok
    00:10:07.0185 1300 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    00:10:07.0185 1300 tssecsrv - ok
    00:10:07.0232 1300 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    00:10:07.0232 1300 tunmp - ok
    00:10:07.0278 1300 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
    00:10:07.0278 1300 tunnel - ok
    00:10:07.0310 1300 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    00:10:07.0310 1300 uagp35 - ok
    00:10:07.0372 1300 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
    00:10:07.0372 1300 udfs - ok
    00:10:07.0466 1300 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
    00:10:07.0466 1300 UI0Detect - ok
    00:10:07.0512 1300 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    00:10:07.0512 1300 uliagpkx - ok
    00:10:07.0544 1300 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    00:10:07.0559 1300 uliahci - ok
    00:10:07.0575 1300 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    00:10:07.0575 1300 UlSata - ok
    00:10:07.0622 1300 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    00:10:07.0622 1300 ulsata2 - ok
    00:10:07.0653 1300 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    00:10:07.0653 1300 umbus - ok
    00:10:07.0731 1300 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
    00:10:07.0746 1300 upnphost - ok
    00:10:07.0824 1300 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
    00:10:07.0840 1300 USBAAPL - ok
    00:10:07.0902 1300 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    00:10:07.0902 1300 usbccgp - ok
    00:10:07.0934 1300 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    00:10:07.0934 1300 usbcir - ok
    00:10:07.0980 1300 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
    00:10:07.0980 1300 usbehci - ok
    00:10:07.0996 1300 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
    00:10:08.0012 1300 usbhub - ok
    00:10:08.0027 1300 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    00:10:08.0043 1300 usbohci - ok
    00:10:08.0090 1300 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    00:10:08.0090 1300 usbprint - ok
    00:10:08.0152 1300 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    00:10:08.0152 1300 usbscan - ok
    00:10:08.0183 1300 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    00:10:08.0183 1300 USBSTOR - ok
    00:10:08.0230 1300 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    00:10:08.0230 1300 usbuhci - ok
    00:10:08.0277 1300 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
    00:10:08.0292 1300 UxSms - ok
    00:10:08.0324 1300 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
    00:10:08.0355 1300 vds - ok
    00:10:08.0402 1300 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    00:10:08.0402 1300 vga - ok
    00:10:08.0433 1300 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    00:10:08.0433 1300 VgaSave - ok
    00:10:08.0480 1300 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    00:10:08.0480 1300 viaagp - ok
    00:10:08.0511 1300 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    00:10:08.0511 1300 ViaC7 - ok
    00:10:08.0558 1300 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    00:10:08.0558 1300 viaide - ok
    00:10:08.0651 1300 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files\Viewpoint\Common\ViewpointService.exe
    00:10:08.0698 1300 Viewpoint Manager Service - ok
    00:10:09.0119 1300 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    00:10:09.0119 1300 volmgr - ok
    00:10:09.0197 1300 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
    00:10:09.0197 1300 volmgrx - ok
    00:10:09.0291 1300 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
    00:10:09.0306 1300 volsnap - ok
    00:10:09.0338 1300 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    00:10:09.0353 1300 vsmraid - ok
    00:10:09.0416 1300 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
    00:10:09.0462 1300 VSS - ok
    00:10:09.0494 1300 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
    00:10:09.0509 1300 W32Time - ok
    00:10:09.0603 1300 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    00:10:09.0603 1300 WacomPen - ok
    00:10:09.0665 1300 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    00:10:09.0665 1300 Wanarp - ok
    00:10:09.0681 1300 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    00:10:09.0681 1300 Wanarpv6 - ok
    00:10:09.0806 1300 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
    00:10:09.0821 1300 wcncsvc - ok
    00:10:09.0884 1300 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
    00:10:09.0899 1300 WcsPlugInService - ok
    00:10:09.0962 1300 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    00:10:09.0977 1300 Wd - ok
    00:10:10.0024 1300 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    00:10:10.0040 1300 Wdf01000 - ok
    00:10:10.0071 1300 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
    00:10:10.0071 1300 WdiServiceHost - ok
    00:10:10.0086 1300 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
    00:10:10.0102 1300 WdiSystemHost - ok
    00:10:10.0118 1300 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
    00:10:10.0133 1300 WebClient - ok
    00:10:10.0196 1300 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
    00:10:10.0196 1300 Wecsvc - ok
    00:10:10.0242 1300 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
    00:10:10.0242 1300 wercplsupport - ok
    00:10:10.0289 1300 WerSvc (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll
    00:10:10.0305 1300 WerSvc - ok
    00:10:10.0367 1300 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    00:10:10.0430 1300 winachsf - ok
    00:10:10.0492 1300 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
    00:10:10.0492 1300 WinDefend - ok
    00:10:10.0508 1300 WinHttpAutoProxySvc - ok
    00:10:10.0586 1300 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
    00:10:10.0601 1300 Winmgmt - ok
    00:10:10.0695 1300 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
    00:10:10.0757 1300 WinRM - ok
    00:10:10.0866 1300 Wlansvc (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll
    00:10:10.0898 1300 Wlansvc - ok
    00:10:10.0976 1300 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    00:10:10.0976 1300 WmiAcpi - ok
    00:10:11.0069 1300 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
    00:10:11.0069 1300 wmiApSrv - ok
    00:10:11.0210 1300 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
    00:10:11.0241 1300 WMPNetworkSvc - ok
    00:10:11.0319 1300 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
    00:10:11.0334 1300 WPCSvc - ok
    00:10:11.0350 1300 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
    00:10:11.0366 1300 WPDBusEnum - ok
    00:10:11.0428 1300 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
    00:10:11.0428 1300 WpdUsb - ok
    00:10:11.0600 1300 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    00:10:11.0646 1300 WPFFontCache_v0400 - ok
    00:10:11.0693 1300 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    00:10:11.0693 1300 ws2ifsl - ok
    00:10:11.0771 1300 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\System32\wscsvc.dll
    00:10:11.0787 1300 wscsvc - ok
    00:10:11.0787 1300 WSearch - ok
    00:10:11.0912 1300 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
    00:10:11.0990 1300 wuauserv - ok
    00:10:12.0036 1300 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    00:10:12.0036 1300 WUDFRd - ok
    00:10:12.0083 1300 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
    00:10:12.0083 1300 wudfsvc - ok
    00:10:12.0130 1300 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
    00:10:12.0146 1300 XAudio - ok
    00:10:12.0177 1300 XAudioService (28dc5d626e036a75a572556f0a6eb1f6) C:\Windows\system32\DRIVERS\xaudio.exe
    00:10:12.0192 1300 XAudioService - ok
    00:10:12.0239 1300 yukonwlh (a4822191c7cea271903c2a4fb6d9809d) C:\Windows\system32\DRIVERS\yk60x86.sys
    00:10:12.0255 1300 yukonwlh - ok
    00:10:12.0286 1300 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    00:10:13.0113 1300 \Device\Harddisk0\DR0 - ok
    00:10:13.0144 1300 Boot (0x1200) (1c87bb41b794aa77b498067de1159056) \Device\Harddisk0\DR0\Partition0
    00:10:13.0144 1300 \Device\Harddisk0\DR0\Partition0 - ok
    00:10:13.0191 1300 Boot (0x1200) (6eb823f88d298c188019456d43267234) \Device\Harddisk0\DR0\Partition1
    00:10:13.0191 1300 \Device\Harddisk0\DR0\Partition1 - ok
    00:10:13.0191 1300 ============================================================
    00:10:13.0191 1300 Scan finished
    00:10:13.0191 1300 ============================================================
    00:10:13.0222 3660 Detected object count: 0
    00:10:13.0222 3660 Actual detected object count: 0
  23. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Very good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  24. akaGizmo

    akaGizmo Newcomer, in training Topic Starter Posts: 26

    I wasn't expecting my Teamviewer connection to return, but it did!
  25. akaGizmo

    akaGizmo Newcomer, in training Topic Starter Posts: 26

    ComboFix 12-03-22.01 - Kelli 03/23/2012 0:36.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3573.2399 [GMT -4:00]
    Running from: c:\users\Kelli\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\~xSw8pf89PIF3eg
    c:\programdata\~xSw8pf89PIF3egr
    c:\programdata\xSw8pf89PIF3eg
    c:\users\Kris\Desktop\System Check.lnk
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-23 to 2012-03-23 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-23 04:47 . 2012-03-23 04:47 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-23 04:09 . 2012-03-23 04:09 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66C4F3D1-8D38-433E-9624-BAD24D5F5B14}\MpKsl25625841.sys
    2012-03-23 04:07 . 2012-03-23 04:07 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66C4F3D1-8D38-433E-9624-BAD24D5F5B14}\offreg.dll
    2012-03-23 02:15 . 2012-03-13 23:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66C4F3D1-8D38-433E-9624-BAD24D5F5B14}\mpengine.dll
    2012-03-22 13:45 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-22 13:45 . 2012-03-22 13:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-03-22 12:33 . 2012-03-22 12:32 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4040A0CE-C292-406E-9EEA-195731FD7168}\gapaengine.dll
    2012-03-22 12:30 . 2012-03-22 12:30 -------- d-----w- c:\program files\Microsoft Security Client
    2012-03-21 05:02 . 2012-03-21 05:02 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-03-21 02:07 . 2012-03-21 02:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-03-21 02:04 . 2012-03-21 02:04 -------- d-----w- c:\program files\WOT
    2012-03-20 23:35 . 2012-03-21 01:05 -------- d-----w- c:\users\Kelli
    2012-03-20 23:30 . 2012-03-20 23:30 -------- d-----w- c:\program files\CCleaner
    2012-03-20 23:02 . 2012-03-20 23:02 -------- d-----w- c:\programdata\Malwarebytes
    2012-03-20 22:25 . 2012-03-20 23:27 -------- d-----w- C:\usr
    2012-03-20 22:22 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6064EBB1-A048-460C-94D3-DEA32612088F}\mpengine.dll
    2012-03-20 22:04 . 2012-03-20 22:08 -------- d-----w- c:\users\Rollbackrx
    2012-03-20 21:54 . 2012-03-20 21:54 -------- d-----w- c:\program files\TeamViewer
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-31 12:44 . 2009-10-22 23:47 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-03-13 04:39 . 2012-03-21 01:51 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    .
    c:\users\Rollbackrx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-7-30 50688]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
    QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled
    Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 0029071332293059mcinstcleanup;McAfee Application Installer Cleanup (0029071332293059);c:\users\Kelli\AppData\Local\Temp\002907~1.EXE [x]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 25675224
    *NewlyCreated* - MPKSL25625841
    *Deregistered* - 25675224
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 01:35]
    .
    2012-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 01:35]
    .
    2012-03-23 c:\windows\Tasks\User_Feed_Synchronization-{8664DD1A-9AE7-4396-976B-16D3119F0393}.job
    - c:\windows\system32\msfeedssync.exe [2011-06-20 04:32]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    TCP: DhcpNameServer = 167.206.251.129 167.206.251.130
    DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} - hxxps://wmtss1.wcsu.edu/auth/taweb.cab
    FF - ProfilePath - c:\users\Kelli\AppData\Roaming\Mozilla\Firefox\Profiles\l79wd44r.default\
    FF - prefs.js: browser.search.selectedEngine - WOT Safe Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    .
    - - - - ORPHANS REMOVED - - - -
    .
    ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
    Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    AddRemove-3ivx MPEG-4 5.0.3 - c:\program files\3ivx\3ivx MPEG-4 5.0.3\uninstaller.exe
    AddRemove-AIM MusicLink 4.0.0.0 - c:\progra~1\AIMMUS~1\UNWISE.EXE
    AddRemove-Snood 4_is1 - c:\program files\Snood 4\unins000.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-03-23 00:47
    Windows 6.0.6001 Service Pack 1 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2012-03-23 00:50:22
    ComboFix-quarantined-files.txt 2012-03-23 04:50
    .
    Pre-Run: 63,040,983,040 bytes free
    Post-Run: 63,159,918,592 bytes free
    .
    - - End Of File - - 1AB7D8EC6E9D63B4DA9069984F23C872


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.