Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Malware...no solutions work so far. Paypal tip to whoever helps me clean this!


  • This topic is locked This topic is locked
22 replies to this topic

#1 ChrisInOrlando

ChrisInOrlando

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 23 March 2012 - 11:52 PM

Hey guys...Windows 7, IE 9, somehow got this google redirect malware. Tried looking in the hosts files, looking for hidden services in the driver manager, ran all the canned solutions, no luck.

Attached are the DDS and GMER. Yes, I'll happily throw out a paypal tip to expedite this!

Thanks,
Chris

Attached Files

  • Attached File  DDS.txt   26.91KB   2 downloads
  • Attached File  gmer.log   411bytes   1 downloads


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:22 PM

Posted 24 March 2012 - 12:29 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ChrisInOrlando

ChrisInOrlando
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 24 March 2012 - 01:08 AM

Hi! I believe I attached the logs. Let me know what else I need to provide.

Chris

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:22 PM

Posted 24 March 2012 - 01:12 AM

I want you to run the program I have listed please


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 ChrisInOrlando

ChrisInOrlando
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 24 March 2012 - 06:21 PM

Gringo: Sorry, just want to clarify....you want me to run combofix? Asking first, because I've heard so many potentially dangeorus things about combofix. Let me know,

thanks,
Chris

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:22 PM

Posted 24 March 2012 - 09:49 PM

yes I do - it is dangerous to use on your own - I have been trained to use it


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 ChrisInOrlando

ChrisInOrlando
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 25 March 2012 - 02:40 AM

Okay, the combo log is attached. thx, chris

ComboFix 12-03-22.01 - Jackie 03/25/2012 0:48.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2381 [GMT -4:00]
Running from: c:\users\Jackie\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jackie\AppData\Local\ie_runner_app.exe
c:\users\Jackie\AppData\Roaming\KBDSL14.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-02-25 to 2012-03-25 )))))))))))))))))))))))))))))))
.
.
2012-03-25 05:37 . 2012-03-25 05:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-25 02:05 . 2012-03-25 02:05 -------- d-----w- c:\users\Jackie\AppData\Roaming\SUPERAntiSpyware.com
2012-03-25 02:04 . 2012-03-25 02:04 4306 ----a-w- C:\cc_20120324_220434.reg
2012-03-25 02:04 . 2012-03-25 02:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-25 02:04 . 2012-03-25 02:04 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-23 06:39 . 2012-03-23 06:39 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-03-23 06:34 . 2012-03-23 06:39 -------- d-----w- c:\programdata\HitmanPro
2012-03-23 05:52 . 2012-03-23 05:52 39184 ----a-w- c:\windows\system32\Partizan.exe
2012-03-23 05:51 . 2012-03-23 05:51 2 --shatr- c:\windows\winstart.bat
2012-03-23 05:51 . 2012-03-24 03:13 -------- d-----w- c:\program files (x86)\UnHackMe
2012-03-23 05:29 . 2012-03-23 05:29 -------- d-----w- c:\users\Jackie\AppData\Roaming\Malwarebytes
2012-03-23 05:29 . 2012-03-23 05:29 -------- d-----w- c:\programdata\Malwarebytes
2012-03-23 05:29 . 2012-03-23 05:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-23 05:29 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-23 04:26 . 2012-03-23 04:26 -------- d-----w- c:\program files (x86)\Lavasoft
2012-03-23 04:26 . 2012-03-23 04:30 -------- d-----w- c:\programdata\Lavasoft
2012-03-13 20:09 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 20:09 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 20:09 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 20:09 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 20:09 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 20:09 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 20:08 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 20:08 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 20:08 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 20:08 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-10 01:32 . 2012-03-10 01:32 4431872 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-09 00:41 . 2012-03-09 00:41 25996 ----a-w- C:\cc_20120308_194117.reg
2012-03-08 23:57 . 2012-03-08 23:57 -------- d-----w- c:\users\Jackie\AppData\Roaming\IObit
2012-03-08 23:57 . 2011-12-16 22:21 31576 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-03-08 23:57 . 2010-11-26 23:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-03-08 23:57 . 2012-03-08 23:57 -------- d-----w- c:\program files (x86)\IObit
2012-03-03 07:20 . 2012-03-03 07:20 -------- d-----w- c:\program files\iPod
2012-03-03 07:20 . 2012-03-03 07:21 -------- d-----w- c:\program files\iTunes
2012-03-03 07:20 . 2012-03-03 07:21 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-08 23:55 . 2011-08-22 04:58 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-31 12:44 . 2010-04-30 04:38 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-28 03:59 . 2012-02-16 01:56 498688 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jackie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jackie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jackie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xmarks"="c:\program files (x86)\Xmarks\IE Extension\xmarkssync.exe" [2010-04-19 1048576]
"Upromise Update"="c:\program files (x86)\Upromise\dca-ua.exe" [2010-12-02 175800]
"Upromise Tray"="c:\program files (x86)\Upromise\UpromiseTray.exe" [2010-12-14 241360]
"7 Taskbar Tweaker"="c:\users\Jackie\AppData\Roaming\7 Taskbar Tweaker\7 Taskbar Tweaker.exe" [2011-07-03 92160]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-10 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-17 5500800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-14 498160]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DellComms"="c:\program files (x86)\Dell\DellComms\bin\sprtcmd.exe" [2009-05-04 206064]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-05-29 479232]
"WDCBG"="c:\windows\WDCBG.EXE" [2004-08-02 118784]
"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2011-10-19 1807360]
"dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\users\Jackie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-29 1316192]
Dropbox.lnk - c:\users\Jackie\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2011-12-2 1000288]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-5-4 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-29 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-10 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-10 136176]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-05 92160]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-06-23 60928]
S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-05-04 206064]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SASKUTIL
*Deregistered* - MpNWMon
*Deregistered* - NisDrv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-10 08:53]
.
2012-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-10 08:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Jackie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Jackie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Jackie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-05 8123936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-03 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-03 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-03 408600]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-10-30 3169872]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://my.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {601B418B-E6A6-47FC-A094-07248741CEB3} - file:///E:/vwr_data/WebVwr.cab
DPF: {62415890-4985-0825-2508-23487C2A845F} - hxxp://www.annamariaislandresorts.net/ipcamera_V1224_YCAM.cab
FF - ProfilePath - c:\users\Jackie\AppData\Roaming\Mozilla\Firefox\Profiles\1dy1auak.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.vrbo.com/search?q=waynesville&from-date=Arrival&to-date=Departure
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-vsoqj - c:\users\Jackie\AppData\Roaming\KBDSL14.dll
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe SVG Viewer - c:\windows\System32\Adobe\SVG Viewer\Uninst.isu
AddRemove-YInstHelper - c:\windows\system32\regsvr32
AddRemove-{65D0C510-D7B6-4438-9FC8-E6B91115AB0D} - c:\program files (x86)\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-475549793-1826180772-819085261-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\C*h*r*i*s* *M*i*s*c* \Job Search]
"Order"=hex:08,00,00,00,02,00,00,00,bc,03,00,00,01,00,00,00,06,00,00,00,b6,00,
00,00,00,00,00,00,a8,00,32,00,cd,00,00,00,00,99,ad,9b,20,00,44,45,56,45,4c,\
.
[HKEY_USERS\S-1-5-21-475549793-1826180772-819085261-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\C*h*r*i*s* *M*i*s*c* \Politics]
"Order"=hex:08,00,00,00,02,00,00,00,ee,04,00,00,01,00,00,00,07,00,00,00,7c,00,
00,00,00,00,00,00,6e,00,32,00,cd,00,00,00,00,19,12,e0,20,00,41,43,45,4f,46,\
.
[HKEY_USERS\S-1-5-21-475549793-1826180772-819085261-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\C*h*r*i*s* *M*i*s*c* \Pop Culture - Misc]
"Order"=hex:08,00,00,00,02,00,00,00,c4,04,00,00,01,00,00,00,07,00,00,00,76,00,
00,00,00,00,00,00,68,00,32,00,cd,00,00,00,00,dd,23,8d,20,00,32,33,53,4b,49,\
.
[HKEY_USERS\S-1-5-21-475549793-1826180772-819085261-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\C*h*r*i*s* *M*i*s*c* \Pop Culture - TV, Movies]
"Order"=hex:08,00,00,00,02,00,00,00,06,04,00,00,01,00,00,00,06,00,00,00,9e,00,
00,00,00,00,00,00,90,00,32,00,cd,00,00,00,00,95,fc,9f,20,00,43,55,4c,54,54,\
.
[HKEY_USERS\S-1-5-21-475549793-1826180772-819085261-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\J*a*c*k*i*e* \LAM sites]
"Order"=hex:08,00,00,00,02,00,00,00,1c,08,00,00,01,00,00,00,0d,00,00,00,7a,00,
00,00,00,00,00,00,6c,00,32,00,cd,00,00,00,00,42,26,1c,20,00,41,4e,44,49,57,\
.
[HKEY_USERS\S-1-5-21-475549793-1826180772-819085261-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\J*a*c*k*i*e* \PRODUCT CODES]
"Order"=hex:08,00,00,00,02,00,00,00,92,00,00,00,01,00,00,00,01,00,00,00,86,00,
00,00,00,00,00,00,78,00,32,00,cd,00,00,00,00,87,27,11,20,00,54,4f,59,53,54,\
.
[HKEY_USERS\S-1-5-21-475549793-1826180772-819085261-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\J*a*c*k*i*e* \sunday school]
"Order"=hex:08,00,00,00,02,00,00,00,88,0f,00,00,01,00,00,00,15,00,00,00,7c,00,
00,00,00,00,00,00,6e,00,32,00,cd,00,00,00,00,37,4c,bf,20,00,42,49,42,4c,45,\
.
[HKEY_USERS\S-1-5-21-475549793-1826180772-819085261-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\J*a*c*k*i*e* \Triathlon info]
"Order"=hex:08,00,00,00,02,00,00,00,54,07,00,00,01,00,00,00,0b,00,00,00,9e,00,
00,00,0a,00,00,00,90,00,32,00,cd,00,00,00,00,ae,da,dd,20,00,43,45,4e,54,52,\
.
[HKEY_USERS\S-1-5-21-475549793-1826180772-819085261-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\J*a*c*k*i*e* \Willow House]
"Order"=hex:08,00,00,00,02,00,00,00,de,06,00,00,01,00,00,00,0a,00,00,00,96,00,
00,00,00,00,00,00,88,00,32,00,cd,00,00,00,00,dd,cc,9e,20,00,43,4f,4e,4e,49,\
.
[HKEY_USERS\S-1-5-21-475549793-1826180772-819085261-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*r*o*j*e*c*t*s* \backsplash]
"Order"=hex:08,00,00,00,02,00,00,00,dc,00,00,00,01,00,00,00,01,00,00,00,d0,00,
00,00,00,00,00,00,c2,00,32,00,cd,00,00,00,00,bf,a2,82,20,00,47,4c,41,53,53,\
.
[HKEY_USERS\S-1-5-21-475549793-1826180772-819085261-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*r*o*j*e*c*t*s* \Cabinets]
"Order"=hex:08,00,00,00,02,00,00,00,94,01,00,00,01,00,00,00,03,00,00,00,7c,00,
00,00,00,00,00,00,6e,00,32,00,cd,00,00,00,00,c5,0c,cc,20,00,48,49,43,4b,4f,\
.
[HKEY_USERS\S-1-5-21-475549793-1826180772-819085261-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*r*o*j*e*c*t*s* \Pergola]
"Order"=hex:08,00,00,00,02,00,00,00,9c,01,00,00,01,00,00,00,02,00,00,00,dc,00,
00,00,00,00,00,00,ce,00,32,00,cd,00,00,00,00,c0,3f,28,20,00,48,54,54,50,2d,\
.
[HKEY_USERS\S-1-5-21-475549793-1826180772-819085261-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*r*o*j*e*c*t*s* \stoneveneer]
"Order"=hex:08,00,00,00,02,00,00,00,ca,0f,00,00,01,00,00,00,15,00,00,00,ba,00,
00,00,00,00,00,00,ac,00,32,00,cd,00,00,00,00,0d,ac,2c,20,00,41,4c,4c,49,45,\
.
[HKEY_USERS\S-1-5-21-475549793-1826180772-819085261-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*r*o*j*e*c*t*s* \vanities]
"Order"=hex:08,00,00,00,02,00,00,00,b0,08,00,00,01,00,00,00,0b,00,00,00,56,00,
00,00,09,00,00,00,48,00,31,00,00,00,00,00,00,7b,0f,4f,10,00,73,69,6e,6b,73,\
.
[HKEY_USERS\S-1-5-21-475549793-1826180772-819085261-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*r*o*j*e*c*t*s* \vanities\sinks]
"Order"=hex:08,00,00,00,02,00,00,00,de,14,00,00,01,00,00,00,17,00,00,00,f4,00,
00,00,00,00,00,00,e6,00,32,00,cd,00,00,00,00,9e,d6,56,20,00,32,34,53,4f,50,\
.
[HKEY_USERS\S-1-5-21-475549793-1826180772-819085261-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*c*h*o*o*l* *s*t*u*f*f* \gifted info]
"Order"=hex:08,00,00,00,02,00,00,00,fe,01,00,00,01,00,00,00,03,00,00,00,82,00,
00,00,00,00,00,00,74,00,32,00,cd,00,00,00,00,4e,90,7d,20,00,46,4c,4f,52,49,\
.
[HKEY_USERS\S-1-5-21-475549793-1826180772-819085261-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*c*h*o*o*l* *s*t*u*f*f* \IEP info]
"Order"=hex:08,00,00,00,02,00,00,00,e6,08,00,00,01,00,00,00,0d,00,00,00,f4,00,
00,00,00,00,00,00,e6,00,32,00,cd,00,00,00,00,2b,cf,3f,20,00,41,43,43,4f,4d,\
.
[HKEY_USERS\S-1-5-21-475549793-1826180772-819085261-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*c*h*o*o*l* *s*t*u*f*f* \learning games]
"Order"=hex:08,00,00,00,02,00,00,00,56,09,00,00,01,00,00,00,0f,00,00,00,66,00,
00,00,00,00,00,00,58,00,31,00,00,00,00,00,00,06,fc,05,10,00,48,41,4e,44,57,\
.
[HKEY_USERS\S-1-5-21-475549793-1826180772-819085261-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*c*h*o*o*l* *s*t*u*f*f* \learning games\handwriting]
"Order"=hex:08,00,00,00,02,00,00,00,e4,02,00,00,01,00,00,00,04,00,00,00,d4,00,
00,00,00,00,00,00,c6,00,32,00,cd,00,00,00,00,5e,18,72,20,00,42,41,53,49,43,\
.
[HKEY_USERS\S-1-5-21-475549793-1826180772-819085261-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*c*h*o*o*l* *s*t*u*f*f* \learning games\math & time]
"Order"=hex:08,00,00,00,02,00,00,00,12,0e,00,00,01,00,00,00,17,00,00,00,90,00,
00,00,00,00,00,00,82,00,32,00,cd,00,00,00,00,6b,7b,1c,20,00,42,41,53,49,43,\
.
[HKEY_USERS\S-1-5-21-475549793-1826180772-819085261-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*c*h*o*o*l* *s*t*u*f*f* \learning games\spelling & grammar]
"Order"=hex:08,00,00,00,02,00,00,00,68,04,00,00,01,00,00,00,06,00,00,00,f4,00,
00,00,00,00,00,00,e6,00,32,00,cd,00,00,00,00,14,5b,3b,20,00,46,52,45,45,4f,\
.
[HKEY_USERS\S-1-5-21-475549793-1826180772-819085261-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*c*h*o*o*l* *s*t*u*f*f* \learning games\stories]
"Order"=hex:08,00,00,00,02,00,00,00,84,02,00,00,01,00,00,00,04,00,00,00,92,00,
00,00,00,00,00,00,84,00,32,00,cd,00,00,00,00,52,54,c2,20,00,43,41,4e,44,4c,\
.
[HKEY_USERS\S-1-5-21-475549793-1826180772-819085261-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*c*h*o*o*l* *s*t*u*f*f* \LPD APD tests]
"Order"=hex:08,00,00,00,02,00,00,00,02,09,00,00,01,00,00,00,0c,00,00,00,a8,00,
00,00,00,00,00,00,9a,00,32,00,cd,00,00,00,00,f4,7e,98,20,00,32,30,30,39,49,\
.
[HKEY_USERS\S-1-5-21-475549793-1826180772-819085261-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\T*e*c*h*n*i*c*a*l* \Dell]
"Order"=hex:08,00,00,00,02,00,00,00,0c,00,00,00,01,00,00,00,00,00,00,00
.
[HKEY_USERS\S-1-5-21-475549793-1826180772-819085261-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\T*e*c*h*n*i*c*a*l* \Tech - Design, Web Dev, Adobe]
"Order"=hex:08,00,00,00,02,00,00,00,9a,06,00,00,01,00,00,00,09,00,00,00,ba,00,
00,00,00,00,00,00,ac,00,32,00,cd,00,00,00,00,28,1a,11,20,00,43,41,4e,4e,4f,\
.
[HKEY_USERS\S-1-5-21-475549793-1826180772-819085261-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\T*e*c*h*n*i*c*a*l* \Tech - Misc]
"Order"=hex:08,00,00,00,02,00,00,00,6e,08,00,00,01,00,00,00,0c,00,00,00,9a,00,
00,00,00,00,00,00,8c,00,32,00,cd,00,00,00,00,62,f2,dd,20,00,32,30,30,35,43,\
.
[HKEY_USERS\S-1-5-21-475549793-1826180772-819085261-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\T*e*c*h*n*i*c*a*l* \Tech - Oracle]
"Order"=hex:08,00,00,00,02,00,00,00,40,18,00,00,01,00,00,00,27,00,00,00,92,00,
00,00,01,00,00,00,84,00,32,00,cd,00,00,00,00,c4,57,53,20,00,39,49,44,41,54,\
.
[HKEY_USERS\S-1-5-21-475549793-1826180772-819085261-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\T*e*c*h*n*i*c*a*l* \Tech - Wallpaper, Fonts, Clip Art]
"Order"=hex:08,00,00,00,02,00,00,00,72,05,00,00,01,00,00,00,08,00,00,00,b2,00,
00,00,07,00,00,00,a4,00,32,00,cd,00,00,00,00,8d,2c,ab,20,00,5f,44,49,56,49,\
.
[HKEY_USERS\S-1-5-21-475549793-1826180772-819085261-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\V*a*c*a*t*i*o*n* *a*n*d* *T*r*i*p* *i*n*f*o* \Beach]
"Order"=hex:08,00,00,00,02,00,00,00,8c,02,00,00,01,00,00,00,03,00,00,00,d4,00,
00,00,00,00,00,00,c6,00,32,00,cd,00,00,00,00,e1,f9,f3,20,00,48,54,54,50,2d,\
.
[HKEY_USERS\S-1-5-21-475549793-1826180772-819085261-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\V*a*c*a*t*i*o*n* *a*n*d* *T*r*i*p* *i*n*f*o* \Delta]
"Order"=hex:08,00,00,00,02,00,00,00,6a,02,00,00,01,00,00,00,04,00,00,00,8c,00,
00,00,00,00,00,00,7e,00,32,00,cd,00,00,00,00,66,d0,0d,20,00,41,57,41,52,44,\
.
[HKEY_USERS\S-1-5-21-475549793-1826180772-819085261-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\V*a*c*a*t*i*o*n* *a*n*d* *T*r*i*p* *i*n*f*o* \Florida]
"Order"=hex:08,00,00,00,02,00,00,00,02,06,00,00,01,00,00,00,08,00,00,00,c6,00,
00,00,00,00,00,00,b8,00,32,00,cd,00,00,00,00,f0,a3,47,20,00,43,41,4d,50,47,\
.
[HKEY_USERS\S-1-5-21-475549793-1826180772-819085261-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\V*a*c*a*t*i*o*n* *a*n*d* *T*r*i*p* *i*n*f*o* \Great cabins]
"Order"=hex:08,00,00,00,02,00,00,00,de,09,00,00,01,00,00,00,0d,00,00,00,f4,00,
00,00,07,00,00,00,e6,00,32,00,cd,00,00,00,00,53,27,36,20,00,42,52,59,53,4f,\
.
[HKEY_USERS\S-1-5-21-475549793-1826180772-819085261-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\V*a*c*a*t*i*o*n* *a*n*d* *T*r*i*p* *i*n*f*o* \Mountains 2009]
"Order"=hex:08,00,00,00,02,00,00,00,0c,00,00,00,01,00,00,00,00,00,00,00
.
[HKEY_USERS\S-1-5-21-475549793-1826180772-819085261-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\V*a*c*a*t*i*o*n* *a*n*d* *T*r*i*p* *i*n*f*o* \WEST]
"Order"=hex:08,00,00,00,02,00,00,00,0c,00,00,00,01,00,00,00,00,00,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-25 01:41:10
ComboFix-quarantined-files.txt 2012-03-25 05:41
.
Pre-Run: 6,505,934,848 bytes free
Post-Run: 7,068,303,360 bytes free
.
- - End Of File - - 7863B0F09D4EE0C424963679C1A773AA

Attached Files


Edited by gringo_pr, 25 March 2012 - 03:54 AM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:22 PM

Posted 25 March 2012 - 03:54 AM

Greetings

PLEASE don't attach the reports - see edit above

Give me a short feedback after each step to let me know how things are going

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 ChrisInOrlando

ChrisInOrlando
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 25 March 2012 - 08:58 AM

TDSSKiller found nothing:
09:55:57.0791 6224 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
09:55:58.0371 6224 ============================================================
09:55:58.0371 6224 Current date / time: 2012/03/25 09:55:58.0371
09:55:58.0371 6224 SystemInfo:
09:55:58.0371 6224
09:55:58.0371 6224 OS Version: 6.1.7601 ServicePack: 1.0
09:55:58.0371 6224 Product type: Workstation
09:55:58.0371 6224 ComputerName: MAIN
09:55:58.0371 6224 UserName: Jackie
09:55:58.0371 6224 Windows directory: C:\Windows
09:55:58.0371 6224 System windows directory: C:\Windows
09:55:58.0371 6224 Running under WOW64
09:55:58.0371 6224 Processor architecture: Intel x64
09:55:58.0371 6224 Number of processors: 4
09:55:58.0371 6224 Page size: 0x1000
09:55:58.0371 6224 Boot type: Normal boot
09:55:58.0371 6224 ============================================================
09:55:59.0551 6224 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:55:59.0561 6224 \Device\Harddisk0\DR0:
09:55:59.0561 6224 MBR used
09:55:59.0561 6224 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1388000
09:55:59.0561 6224 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x13BA800, BlocksNum 0x7530000
09:55:59.0571 6224 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x88EB000, BlocksNum 0x31A9A800
09:55:59.0641 6224 Initialize success
09:55:59.0641 6224 ============================================================
09:56:01.0193 3520 ============================================================
09:56:01.0193 3520 Scan started
09:56:01.0193 3520 Mode: Manual;
09:56:01.0193 3520 ============================================================
09:56:03.0134 3520 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
09:56:03.0134 3520 !SASCORE - ok
09:56:03.0264 3520 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
09:56:03.0274 3520 1394ohci - ok
09:56:03.0364 3520 aawservice (0629361fac4576ba48ab39f4903dce9e) C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe
09:56:03.0374 3520 aawservice - ok
09:56:03.0454 3520 Acceler (c49c56b35bfc6cda8d1fdcad2885568f) C:\Windows\system32\DRIVERS\Acceler.sys
09:56:03.0464 3520 Acceler - ok
09:56:03.0514 3520 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
09:56:03.0524 3520 ACPI - ok
09:56:03.0594 3520 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
09:56:03.0594 3520 AcpiPmi - ok
09:56:03.0674 3520 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
09:56:03.0694 3520 adp94xx - ok
09:56:03.0724 3520 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
09:56:03.0724 3520 adpahci - ok
09:56:03.0744 3520 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
09:56:03.0754 3520 adpu320 - ok
09:56:03.0784 3520 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
09:56:03.0794 3520 AeLookupSvc - ok
09:56:03.0864 3520 AERTFilters (3ac22a3dfa8a050e35f0e3cd99d0cdf2) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
09:56:03.0874 3520 AERTFilters - ok
09:56:03.0934 3520 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
09:56:03.0944 3520 AFD - ok
09:56:03.0984 3520 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
09:56:03.0994 3520 agp440 - ok
09:56:04.0034 3520 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
09:56:04.0034 3520 ALG - ok
09:56:04.0094 3520 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
09:56:04.0094 3520 aliide - ok
09:56:04.0114 3520 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
09:56:04.0114 3520 amdide - ok
09:56:04.0174 3520 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
09:56:04.0174 3520 AmdK8 - ok
09:56:04.0194 3520 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
09:56:04.0204 3520 AmdPPM - ok
09:56:04.0254 3520 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
09:56:04.0254 3520 amdsata - ok
09:56:04.0304 3520 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
09:56:04.0304 3520 amdsbs - ok
09:56:04.0324 3520 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
09:56:04.0324 3520 amdxata - ok
09:56:04.0384 3520 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
09:56:04.0384 3520 AppID - ok
09:56:04.0414 3520 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
09:56:04.0414 3520 AppIDSvc - ok
09:56:04.0444 3520 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
09:56:04.0444 3520 Appinfo - ok
09:56:04.0534 3520 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:56:04.0534 3520 Apple Mobile Device - ok
09:56:04.0594 3520 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
09:56:04.0594 3520 arc - ok
09:56:04.0624 3520 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
09:56:04.0634 3520 arcsas - ok
09:56:04.0674 3520 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
09:56:04.0674 3520 AsyncMac - ok
09:56:04.0734 3520 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
09:56:04.0734 3520 atapi - ok
09:56:04.0794 3520 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:56:04.0814 3520 AudioEndpointBuilder - ok
09:56:04.0844 3520 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:56:04.0844 3520 AudioSrv - ok
09:56:04.0884 3520 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
09:56:04.0894 3520 AxInstSV - ok
09:56:04.0954 3520 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
09:56:04.0964 3520 b06bdrv - ok
09:56:05.0014 3520 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:56:05.0024 3520 b57nd60a - ok
09:56:05.0054 3520 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
09:56:05.0064 3520 BDESVC - ok
09:56:05.0084 3520 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
09:56:05.0084 3520 Beep - ok
09:56:05.0144 3520 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
09:56:05.0164 3520 BFE - ok
09:56:05.0214 3520 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
09:56:05.0244 3520 BITS - ok
09:56:05.0274 3520 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
09:56:05.0274 3520 blbdrive - ok
09:56:05.0334 3520 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
09:56:05.0344 3520 Bonjour Service - ok
09:56:05.0384 3520 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
09:56:05.0384 3520 bowser - ok
09:56:05.0434 3520 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:56:05.0434 3520 BrFiltLo - ok
09:56:05.0454 3520 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:56:05.0454 3520 BrFiltUp - ok
09:56:05.0474 3520 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
09:56:05.0474 3520 BridgeMP - ok
09:56:05.0514 3520 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
09:56:05.0514 3520 Browser - ok
09:56:05.0544 3520 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
09:56:05.0554 3520 Brserid - ok
09:56:05.0574 3520 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
09:56:05.0574 3520 BrSerWdm - ok
09:56:05.0594 3520 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:56:05.0604 3520 BrUsbMdm - ok
09:56:05.0634 3520 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
09:56:05.0634 3520 BrUsbSer - ok
09:56:05.0694 3520 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
09:56:05.0694 3520 BthEnum - ok
09:56:05.0734 3520 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
09:56:05.0734 3520 BTHMODEM - ok
09:56:05.0784 3520 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
09:56:05.0784 3520 BthPan - ok
09:56:05.0834 3520 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
09:56:05.0844 3520 BTHPORT - ok
09:56:05.0904 3520 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
09:56:05.0904 3520 bthserv - ok
09:56:05.0934 3520 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
09:56:05.0944 3520 BTHUSB - ok
09:56:05.0964 3520 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
09:56:05.0974 3520 btwaudio - ok
09:56:05.0994 3520 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\drivers\btwavdt.sys
09:56:06.0004 3520 btwavdt - ok
09:56:06.0094 3520 btwdins (d65aa164acd0f6706dbcfbbcc9731584) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
09:56:06.0104 3520 btwdins - ok
09:56:06.0124 3520 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
09:56:06.0124 3520 btwl2cap - ok
09:56:06.0134 3520 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
09:56:06.0134 3520 btwrchid - ok
09:56:06.0164 3520 catchme - ok
09:56:06.0194 3520 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
09:56:06.0204 3520 cdfs - ok
09:56:06.0254 3520 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
09:56:06.0264 3520 cdrom - ok
09:56:06.0314 3520 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:56:06.0314 3520 CertPropSvc - ok
09:56:06.0364 3520 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
09:56:06.0364 3520 circlass - ok
09:56:06.0404 3520 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
09:56:06.0404 3520 CLFS - ok
09:56:06.0444 3520 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:56:06.0444 3520 clr_optimization_v2.0.50727_32 - ok
09:56:06.0494 3520 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:56:06.0494 3520 clr_optimization_v2.0.50727_64 - ok
09:56:06.0534 3520 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
09:56:06.0534 3520 CmBatt - ok
09:56:06.0574 3520 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
09:56:06.0574 3520 cmdide - ok
09:56:06.0624 3520 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
09:56:06.0644 3520 CNG - ok
09:56:06.0694 3520 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
09:56:06.0704 3520 Compbatt - ok
09:56:06.0764 3520 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
09:56:06.0764 3520 CompositeBus - ok
09:56:06.0784 3520 COMSysApp - ok
09:56:06.0804 3520 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
09:56:06.0804 3520 crcdisk - ok
09:56:06.0854 3520 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
09:56:06.0864 3520 CryptSvc - ok
09:56:06.0924 3520 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
09:56:06.0924 3520 CtClsFlt - ok
09:56:06.0984 3520 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
09:56:06.0994 3520 DcomLaunch - ok
09:56:07.0034 3520 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
09:56:07.0034 3520 defragsvc - ok
09:56:07.0074 3520 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
09:56:07.0084 3520 DfsC - ok
09:56:07.0124 3520 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
09:56:07.0134 3520 Dhcp - ok
09:56:07.0164 3520 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
09:56:07.0164 3520 discache - ok
09:56:07.0224 3520 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
09:56:07.0224 3520 Disk - ok
09:56:07.0274 3520 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
09:56:07.0274 3520 Dnscache - ok
09:56:07.0374 3520 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
09:56:07.0374 3520 DockLoginService - ok
09:56:07.0414 3520 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
09:56:07.0424 3520 dot3svc - ok
09:56:07.0474 3520 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
09:56:07.0474 3520 Dot4 - ok
09:56:07.0524 3520 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
09:56:07.0524 3520 Dot4Print - ok
09:56:07.0554 3520 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
09:56:07.0554 3520 dot4usb - ok
09:56:07.0594 3520 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
09:56:07.0594 3520 DPS - ok
09:56:07.0644 3520 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
09:56:07.0644 3520 drmkaud - ok
09:56:07.0704 3520 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
09:56:07.0734 3520 DXGKrnl - ok
09:56:07.0764 3520 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
09:56:07.0774 3520 EapHost - ok
09:56:07.0874 3520 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
09:56:07.0964 3520 ebdrv - ok
09:56:07.0994 3520 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
09:56:07.0994 3520 EFS - ok
09:56:08.0094 3520 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
09:56:08.0114 3520 ehRecvr - ok
09:56:08.0244 3520 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
09:56:08.0244 3520 ehSched - ok
09:56:08.0304 3520 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
09:56:08.0304 3520 ElbyCDIO - ok
09:56:08.0364 3520 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
09:56:08.0374 3520 elxstor - ok
09:56:08.0414 3520 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
09:56:08.0414 3520 ErrDev - ok
09:56:08.0474 3520 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
09:56:08.0484 3520 EventSystem - ok
09:56:08.0614 3520 EvtEng (51643ee2712d9212e1e53ca7e8d8eb4a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
09:56:08.0624 3520 EvtEng - ok
09:56:08.0654 3520 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
09:56:08.0664 3520 exfat - ok
09:56:08.0684 3520 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
09:56:08.0694 3520 fastfat - ok
09:56:08.0744 3520 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
09:56:08.0774 3520 Fax - ok
09:56:08.0794 3520 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
09:56:08.0804 3520 fdc - ok
09:56:08.0844 3520 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
09:56:08.0844 3520 fdPHost - ok
09:56:08.0864 3520 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
09:56:08.0864 3520 FDResPub - ok
09:56:08.0884 3520 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
09:56:08.0884 3520 FileInfo - ok
09:56:08.0904 3520 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
09:56:08.0904 3520 Filetrace - ok
09:56:08.0924 3520 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
09:56:08.0924 3520 flpydisk - ok
09:56:08.0985 3520 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
09:56:08.0995 3520 FltMgr - ok
09:56:09.0045 3520 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
09:56:09.0075 3520 FontCache - ok
09:56:09.0125 3520 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:56:09.0125 3520 FontCache3.0.0.0 - ok
09:56:09.0245 3520 FreeAgentGoNext Service (9513b437b7adb1e6065b7f0d83d11ecf) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
09:56:09.0245 3520 FreeAgentGoNext Service - ok
09:56:09.0275 3520 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
09:56:09.0275 3520 FsDepends - ok
09:56:09.0295 3520 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
09:56:09.0295 3520 Fs_Rec - ok
09:56:09.0345 3520 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
09:56:09.0355 3520 fvevol - ok
09:56:09.0375 3520 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:56:09.0385 3520 gagp30kx - ok
09:56:09.0425 3520 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:56:09.0425 3520 GEARAspiWDM - ok
09:56:09.0455 3520 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
09:56:09.0455 3520 GoToAssist - ok
09:56:09.0505 3520 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
09:56:09.0525 3520 gpsvc - ok
09:56:09.0615 3520 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:56:09.0615 3520 gupdate - ok
09:56:09.0625 3520 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:56:09.0625 3520 gupdatem - ok
09:56:09.0655 3520 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
09:56:09.0655 3520 gusvc - ok
09:56:09.0685 3520 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
09:56:09.0685 3520 hcw85cir - ok
09:56:09.0745 3520 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
09:56:09.0755 3520 HDAudBus - ok
09:56:09.0785 3520 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
09:56:09.0785 3520 HECIx64 - ok
09:56:09.0815 3520 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
09:56:09.0815 3520 HidBatt - ok
09:56:09.0845 3520 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
09:56:09.0845 3520 HidBth - ok
09:56:09.0865 3520 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
09:56:09.0865 3520 HidIr - ok
09:56:09.0895 3520 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
09:56:09.0895 3520 hidserv - ok
09:56:09.0945 3520 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
09:56:09.0955 3520 HidUsb - ok
09:56:09.0985 3520 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
09:56:09.0995 3520 hkmsvc - ok
09:56:10.0035 3520 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
09:56:10.0035 3520 HomeGroupListener - ok
09:56:10.0065 3520 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
09:56:10.0075 3520 HomeGroupProvider - ok
09:56:10.0215 3520 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
09:56:10.0225 3520 hpqcxs08 - ok
09:56:10.0265 3520 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
09:56:10.0275 3520 hpqddsvc - ok
09:56:10.0335 3520 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
09:56:10.0345 3520 HpSAMD - ok
09:56:10.0415 3520 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
09:56:10.0425 3520 HPSLPSVC - ok
09:56:10.0475 3520 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
09:56:10.0495 3520 HTTP - ok
09:56:10.0525 3520 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
09:56:10.0525 3520 hwpolicy - ok
09:56:10.0575 3520 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
09:56:10.0585 3520 i8042prt - ok
09:56:10.0645 3520 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
09:56:10.0655 3520 iaStorV - ok
09:56:10.0725 3520 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
09:56:10.0735 3520 IDriverT - ok
09:56:10.0795 3520 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:56:10.0815 3520 idsvc - ok
09:56:11.0025 3520 igfx (0372c154226f7074cd150f475a4870a6) C:\Windows\system32\DRIVERS\igdkmd64.sys
09:56:11.0075 3520 igfx - ok
09:56:11.0145 3520 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
09:56:11.0145 3520 iirsp - ok
09:56:11.0205 3520 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
09:56:11.0235 3520 IKEEXT - ok
09:56:11.0275 3520 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
09:56:11.0275 3520 Impcd - ok
09:56:11.0325 3520 InstallFilterService (fd5ef1d0210cb9c0773bba7ca360d762) C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
09:56:11.0325 3520 InstallFilterService - ok
09:56:11.0405 3520 IntcAzAudAddService (9c1d5314d42b7f1bd6ad6fb1ba8870a8) C:\Windows\system32\drivers\RTKVHD64.sys
09:56:11.0475 3520 IntcAzAudAddService - ok
09:56:11.0515 3520 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys
09:56:11.0515 3520 IntcDAud - ok
09:56:11.0555 3520 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
09:56:11.0555 3520 intelide - ok
09:56:11.0595 3520 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
09:56:11.0605 3520 intelppm - ok
09:56:11.0635 3520 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
09:56:11.0645 3520 IPBusEnum - ok
09:56:11.0685 3520 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:56:11.0695 3520 IpFilterDriver - ok
09:56:11.0745 3520 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
09:56:11.0765 3520 iphlpsvc - ok
09:56:11.0805 3520 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
09:56:11.0805 3520 IPMIDRV - ok
09:56:11.0845 3520 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
09:56:11.0855 3520 IPNAT - ok
09:56:11.0935 3520 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
09:56:11.0945 3520 iPod Service - ok
09:56:11.0995 3520 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
09:56:11.0995 3520 IRENUM - ok
09:56:12.0045 3520 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
09:56:12.0045 3520 isapnp - ok
09:56:12.0065 3520 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
09:56:12.0075 3520 iScsiPrt - ok
09:56:12.0115 3520 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
09:56:12.0125 3520 kbdclass - ok
09:56:12.0145 3520 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
09:56:12.0145 3520 kbdhid - ok
09:56:12.0175 3520 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:56:12.0185 3520 KeyIso - ok
09:56:12.0225 3520 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
09:56:12.0225 3520 KSecDD - ok
09:56:12.0265 3520 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
09:56:12.0275 3520 KSecPkg - ok
09:56:12.0315 3520 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
09:56:12.0315 3520 ksthunk - ok
09:56:12.0355 3520 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
09:56:12.0365 3520 KtmRm - ok
09:56:12.0405 3520 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
09:56:12.0415 3520 LanmanServer - ok
09:56:12.0465 3520 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
09:56:12.0475 3520 LanmanWorkstation - ok
09:56:12.0535 3520 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
09:56:12.0535 3520 lltdio - ok
09:56:12.0575 3520 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
09:56:12.0585 3520 lltdsvc - ok
09:56:12.0615 3520 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
09:56:12.0625 3520 lmhosts - ok
09:56:12.0685 3520 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:56:12.0685 3520 LSI_FC - ok
09:56:12.0725 3520 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:56:12.0725 3520 LSI_SAS - ok
09:56:12.0765 3520 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:56:12.0765 3520 LSI_SAS2 - ok
09:56:12.0815 3520 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:56:12.0825 3520 LSI_SCSI - ok
09:56:12.0885 3520 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
09:56:12.0885 3520 luafv - ok
09:56:12.0925 3520 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
09:56:12.0935 3520 Mcx2Svc - ok
09:56:12.0955 3520 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
09:56:12.0955 3520 megasas - ok
09:56:12.0985 3520 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
09:56:12.0995 3520 MegaSR - ok
09:56:13.0045 3520 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
09:56:13.0045 3520 Microsoft Office Groove Audit Service - ok
09:56:13.0105 3520 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:56:13.0105 3520 MMCSS - ok
09:56:13.0135 3520 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
09:56:13.0135 3520 Modem - ok
09:56:13.0175 3520 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
09:56:13.0175 3520 monitor - ok
09:56:13.0225 3520 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
09:56:13.0225 3520 mouclass - ok
09:56:13.0275 3520 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
09:56:13.0295 3520 mouhid - ok
09:56:13.0325 3520 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
09:56:13.0335 3520 mountmgr - ok
09:56:13.0375 3520 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
09:56:13.0375 3520 mpio - ok
09:56:13.0405 3520 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
09:56:13.0405 3520 mpsdrv - ok
09:56:13.0465 3520 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
09:56:13.0485 3520 MpsSvc - ok
09:56:13.0525 3520 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
09:56:13.0535 3520 MRxDAV - ok
09:56:13.0565 3520 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:56:13.0575 3520 mrxsmb - ok
09:56:13.0615 3520 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:56:13.0625 3520 mrxsmb10 - ok
09:56:13.0665 3520 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:56:13.0665 3520 mrxsmb20 - ok
09:56:13.0705 3520 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
09:56:13.0705 3520 msahci - ok
09:56:13.0725 3520 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
09:56:13.0725 3520 msdsm - ok
09:56:13.0765 3520 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
09:56:13.0775 3520 MSDTC - ok
09:56:13.0815 3520 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
09:56:13.0815 3520 Msfs - ok
09:56:13.0855 3520 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
09:56:13.0855 3520 mshidkmdf - ok
09:56:13.0865 3520 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
09:56:13.0875 3520 msisadrv - ok
09:56:13.0905 3520 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
09:56:13.0915 3520 MSiSCSI - ok
09:56:13.0925 3520 msiserver - ok
09:56:13.0965 3520 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
09:56:13.0965 3520 MSKSSRV - ok
09:56:13.0996 3520 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
09:56:13.0996 3520 MSPCLOCK - ok
09:56:14.0026 3520 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
09:56:14.0026 3520 MSPQM - ok
09:56:14.0066 3520 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
09:56:14.0076 3520 MsRPC - ok
09:56:14.0096 3520 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
09:56:14.0096 3520 mssmbios - ok
09:56:14.0126 3520 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
09:56:14.0126 3520 MSTEE - ok
09:56:14.0146 3520 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
09:56:14.0146 3520 MTConfig - ok
09:56:14.0176 3520 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
09:56:14.0176 3520 Mup - ok
09:56:14.0256 3520 MyWiFiDHCPDNS (d285d0539016be299a55ff997b44da33) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
09:56:14.0266 3520 MyWiFiDHCPDNS - ok
09:56:14.0306 3520 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
09:56:14.0326 3520 napagent - ok
09:56:14.0376 3520 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
09:56:14.0386 3520 NativeWifiP - ok
09:56:14.0446 3520 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
09:56:14.0466 3520 NDIS - ok
09:56:14.0506 3520 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
09:56:14.0516 3520 NdisCap - ok
09:56:14.0546 3520 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
09:56:14.0546 3520 NdisTapi - ok
09:56:14.0586 3520 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
09:56:14.0596 3520 Ndisuio - ok
09:56:14.0646 3520 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
09:56:14.0646 3520 NdisWan - ok
09:56:14.0696 3520 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
09:56:14.0696 3520 NDProxy - ok
09:56:14.0746 3520 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
09:56:14.0746 3520 Net Driver HPZ12 - ok
09:56:14.0766 3520 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
09:56:14.0776 3520 NetBIOS - ok
09:56:14.0816 3520 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
09:56:14.0826 3520 NetBT - ok
09:56:14.0856 3520 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:56:14.0866 3520 Netlogon - ok
09:56:14.0916 3520 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
09:56:14.0916 3520 Netman - ok
09:56:14.0946 3520 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
09:56:14.0956 3520 netprofm - ok
09:56:15.0006 3520 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:56:15.0006 3520 NetTcpPortSharing - ok
09:56:15.0186 3520 NETw5s64 (981736527b6384bd594b45b2c852432f) C:\Windows\system32\DRIVERS\NETw5s64.sys
09:56:15.0236 3520 NETw5s64 - ok
09:56:15.0276 3520 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
09:56:15.0276 3520 nfrd960 - ok
09:56:15.0316 3520 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
09:56:15.0326 3520 NlaSvc - ok
09:56:15.0346 3520 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
09:56:15.0346 3520 Npfs - ok
09:56:15.0376 3520 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
09:56:15.0376 3520 nsi - ok
09:56:15.0396 3520 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
09:56:15.0396 3520 nsiproxy - ok
09:56:15.0466 3520 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
09:56:15.0506 3520 Ntfs - ok
09:56:15.0516 3520 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
09:56:15.0516 3520 Null - ok
09:56:15.0546 3520 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
09:56:15.0556 3520 nvraid - ok
09:56:15.0576 3520 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
09:56:15.0586 3520 nvstor - ok
09:56:15.0646 3520 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
09:56:15.0646 3520 nv_agp - ok
09:56:15.0746 3520 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:56:15.0756 3520 odserv - ok
09:56:15.0786 3520 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
09:56:15.0796 3520 ohci1394 - ok
09:56:15.0836 3520 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:56:15.0836 3520 ose - ok
09:56:15.0876 3520 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:56:15.0876 3520 p2pimsvc - ok
09:56:15.0906 3520 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
09:56:15.0916 3520 p2psvc - ok
09:56:15.0956 3520 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
09:56:15.0966 3520 Parport - ok
09:56:15.0996 3520 Partizan - ok
09:56:16.0036 3520 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
09:56:16.0046 3520 partmgr - ok
09:56:16.0066 3520 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
09:56:16.0066 3520 PcaSvc - ok
09:56:16.0116 3520 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
09:56:16.0116 3520 pci - ok
09:56:16.0136 3520 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
09:56:16.0136 3520 pciide - ok
09:56:16.0166 3520 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
09:56:16.0166 3520 pcmcia - ok
09:56:16.0186 3520 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
09:56:16.0186 3520 pcw - ok
09:56:16.0216 3520 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
09:56:16.0236 3520 PEAUTH - ok
09:56:16.0306 3520 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
09:56:16.0306 3520 PerfHost - ok
09:56:16.0376 3520 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
09:56:16.0406 3520 pla - ok
09:56:16.0466 3520 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
09:56:16.0486 3520 PlugPlay - ok
09:56:16.0546 3520 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
09:56:16.0546 3520 Pml Driver HPZ12 - ok
09:56:16.0576 3520 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
09:56:16.0586 3520 PNRPAutoReg - ok
09:56:16.0606 3520 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:56:16.0606 3520 PNRPsvc - ok
09:56:16.0646 3520 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
09:56:16.0666 3520 PolicyAgent - ok
09:56:16.0716 3520 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
09:56:16.0726 3520 Power - ok
09:56:16.0786 3520 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
09:56:16.0786 3520 PptpMiniport - ok
09:56:16.0836 3520 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
09:56:16.0836 3520 Processor - ok
09:56:16.0876 3520 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
09:56:16.0876 3520 ProfSvc - ok
09:56:16.0926 3520 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:56:16.0926 3520 ProtectedStorage - ok
09:56:16.0976 3520 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
09:56:16.0976 3520 Psched - ok
09:56:17.0006 3520 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
09:56:17.0016 3520 PxHlpa64 - ok
09:56:17.0056 3520 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
09:56:17.0096 3520 ql2300 - ok
09:56:17.0126 3520 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
09:56:17.0126 3520 ql40xx - ok
09:56:17.0156 3520 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
09:56:17.0166 3520 QWAVE - ok
09:56:17.0186 3520 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
09:56:17.0186 3520 QWAVEdrv - ok
09:56:17.0216 3520 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
09:56:17.0216 3520 RasAcd - ok
09:56:17.0246 3520 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:56:17.0256 3520 RasAgileVpn - ok
09:56:17.0276 3520 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
09:56:17.0286 3520 RasAuto - ok
09:56:17.0316 3520 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:56:17.0316 3520 Rasl2tp - ok
09:56:17.0366 3520 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
09:56:17.0376 3520 RasMan - ok
09:56:17.0396 3520 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
09:56:17.0396 3520 RasPppoe - ok
09:56:17.0426 3520 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
09:56:17.0426 3520 RasSstp - ok
09:56:17.0466 3520 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
09:56:17.0476 3520 rdbss - ok
09:56:17.0496 3520 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
09:56:17.0496 3520 rdpbus - ok
09:56:17.0506 3520 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:56:17.0506 3520 RDPCDD - ok
09:56:17.0526 3520 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
09:56:17.0526 3520 RDPENCDD - ok
09:56:17.0546 3520 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
09:56:17.0546 3520 RDPREFMP - ok
09:56:17.0596 3520 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
09:56:17.0596 3520 RDPWD - ok
09:56:17.0646 3520 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
09:56:17.0646 3520 rdyboost - ok
09:56:17.0756 3520 RegSrvc (3b71b5b91e7dca93585d5a86c897adc4) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
09:56:17.0766 3520 RegSrvc - ok
09:56:17.0796 3520 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
09:56:17.0806 3520 RemoteAccess - ok
09:56:17.0836 3520 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
09:56:17.0846 3520 RemoteRegistry - ok
09:56:17.0916 3520 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
09:56:17.0916 3520 RFCOMM - ok
09:56:17.0956 3520 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
09:56:17.0956 3520 RpcEptMapper - ok
09:56:17.0966 3520 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
09:56:17.0976 3520 RpcLocator - ok
09:56:18.0026 3520 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
09:56:18.0026 3520 RpcSs - ok
09:56:18.0086 3520 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
09:56:18.0086 3520 rspndr - ok
09:56:18.0126 3520 RSUSBSTOR (502b316947ea887cddd325d4745eb7d0) C:\Windows\system32\Drivers\RtsUStor.sys
09:56:18.0136 3520 RSUSBSTOR - ok
09:56:18.0196 3520 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
09:56:18.0216 3520 RTL8167 - ok
09:56:18.0256 3520 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:56:18.0256 3520 SamSs - ok
09:56:18.0336 3520 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
09:56:18.0346 3520 SASDIFSV - ok
09:56:18.0376 3520 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
09:56:18.0376 3520 SASKUTIL - ok
09:56:18.0436 3520 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
09:56:18.0436 3520 sbp2port - ok
09:56:18.0486 3520 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
09:56:18.0486 3520 SCardSvr - ok
09:56:18.0536 3520 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
09:56:18.0536 3520 scfilter - ok
09:56:18.0586 3520 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
09:56:18.0616 3520 Schedule - ok
09:56:18.0656 3520 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:56:18.0656 3520 SCPolicySvc - ok
09:56:18.0696 3520 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
09:56:18.0706 3520 SDRSVC - ok
09:56:18.0746 3520 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:56:18.0756 3520 secdrv - ok
09:56:18.0796 3520 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
09:56:18.0796 3520 seclogon - ok
09:56:18.0846 3520 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
09:56:18.0846 3520 SENS - ok
09:56:18.0886 3520 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
09:56:18.0886 3520 SensrSvc - ok
09:56:18.0916 3520 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
09:56:18.0916 3520 Serenum - ok
09:56:18.0946 3520 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
09:56:18.0956 3520 Serial - ok
09:56:18.0986 3520 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
09:56:18.0986 3520 sermouse - ok
09:56:19.0036 3520 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
09:56:19.0036 3520 SessionEnv - ok
09:56:19.0076 3520 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
09:56:19.0076 3520 sffdisk - ok
09:56:19.0106 3520 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
09:56:19.0106 3520 sffp_mmc - ok
09:56:19.0126 3520 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
09:56:19.0126 3520 sffp_sd - ok
09:56:19.0146 3520 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
09:56:19.0146 3520 sfloppy - ok
09:56:19.0206 3520 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
09:56:19.0216 3520 SharedAccess - ok
09:56:19.0236 3520 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
09:56:19.0246 3520 ShellHWDetection - ok
09:56:19.0266 3520 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:56:19.0266 3520 SiSRaid2 - ok
09:56:19.0296 3520 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
09:56:19.0296 3520 SiSRaid4 - ok
09:56:19.0376 3520 SmartDefragDriver (dd0443bc6cc78a19fd399817f8c51401) C:\Windows\system32\Drivers\SmartDefragDriver.sys
09:56:19.0386 3520 SmartDefragDriver - ok
09:56:19.0406 3520 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
09:56:19.0406 3520 Smb - ok
09:56:19.0436 3520 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
09:56:19.0446 3520 SNMPTRAP - ok
09:56:19.0466 3520 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
09:56:19.0466 3520 spldr - ok
09:56:19.0496 3520 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
09:56:19.0516 3520 Spooler - ok
09:56:19.0626 3520 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
09:56:19.0706 3520 sppsvc - ok
09:56:19.0726 3520 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
09:56:19.0726 3520 sppuinotify - ok
09:56:19.0816 3520 sprtsvc_DellComms (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
09:56:19.0816 3520 sprtsvc_DellComms - ok
09:56:19.0866 3520 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
09:56:19.0866 3520 sprtsvc_DellSupportCenter - ok
09:56:19.0916 3520 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
09:56:19.0926 3520 srv - ok
09:56:19.0976 3520 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
09:56:19.0976 3520 srv2 - ok
09:56:19.0996 3520 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
09:56:20.0006 3520 srvnet - ok
09:56:20.0046 3520 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
09:56:20.0056 3520 SSDPSRV - ok
09:56:20.0076 3520 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
09:56:20.0076 3520 SstpSvc - ok
09:56:20.0126 3520 stdflt (c48e0745d33897c7a73394214f2b9b4f) C:\Windows\system32\DRIVERS\stdflt.sys
09:56:20.0126 3520 stdflt - ok
09:56:20.0186 3520 Steam Client Service - ok
09:56:20.0226 3520 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
09:56:20.0226 3520 stexstor - ok
09:56:20.0276 3520 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
09:56:20.0276 3520 StillCam - ok
09:56:20.0366 3520 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
09:56:20.0386 3520 stisvc - ok
09:56:20.0426 3520 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
09:56:20.0426 3520 swenum - ok
09:56:20.0476 3520 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
09:56:20.0486 3520 swprv - ok
09:56:20.0546 3520 SynTP (639b57dc871be4b86283027faf1f4e30) C:\Windows\system32\DRIVERS\SynTP.sys
09:56:20.0546 3520 SynTP - ok
09:56:20.0616 3520 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
09:56:20.0666 3520 SysMain - ok
09:56:20.0706 3520 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
09:56:20.0716 3520 TabletInputService - ok
09:56:20.0756 3520 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
09:56:20.0766 3520 TapiSrv - ok
09:56:20.0786 3520 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
09:56:20.0796 3520 TBS - ok
09:56:20.0866 3520 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
09:56:20.0916 3520 Tcpip - ok
09:56:20.0976 3520 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
09:56:20.0986 3520 TCPIP6 - ok
09:56:21.0026 3520 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
09:56:21.0026 3520 tcpipreg - ok
09:56:21.0066 3520 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
09:56:21.0066 3520 TDPIPE - ok
09:56:21.0106 3520 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
09:56:21.0106 3520 TDTCP - ok
09:56:21.0146 3520 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
09:56:21.0156 3520 tdx - ok
09:56:21.0196 3520 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
09:56:21.0196 3520 TermDD - ok
09:56:21.0246 3520 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
09:56:21.0276 3520 TermService - ok
09:56:21.0306 3520 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
09:56:21.0316 3520 Themes - ok
09:56:21.0346 3520 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:56:21.0346 3520 THREADORDER - ok
09:56:21.0376 3520 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
09:56:21.0386 3520 TrkWks - ok
09:56:21.0426 3520 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
09:56:21.0426 3520 TrustedInstaller - ok
09:56:21.0466 3520 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:56:21.0476 3520 tssecsrv - ok
09:56:21.0536 3520 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
09:56:21.0536 3520 TsUsbFlt - ok
09:56:21.0576 3520 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
09:56:21.0586 3520 tunnel - ok
09:56:21.0606 3520 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
09:56:21.0606 3520 uagp35 - ok
09:56:21.0646 3520 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
09:56:21.0656 3520 udfs - ok
09:56:21.0696 3520 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
09:56:21.0696 3520 UI0Detect - ok
09:56:21.0746 3520 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
09:56:21.0746 3520 uliagpkx - ok
09:56:21.0796 3520 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
09:56:21.0796 3520 umbus - ok
09:56:21.0816 3520 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
09:56:21.0826 3520 UmPass - ok
09:56:21.0846 3520 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
09:56:21.0856 3520 upnphost - ok
09:56:21.0906 3520 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
09:56:21.0906 3520 USBAAPL64 - ok
09:56:21.0936 3520 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
09:56:21.0946 3520 usbccgp - ok
09:56:21.0976 3520 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
09:56:21.0976 3520 usbcir - ok
09:56:22.0017 3520 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
09:56:22.0017 3520 usbehci - ok
09:56:22.0047 3520 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
09:56:22.0057 3520 usbhub - ok
09:56:22.0087 3520 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
09:56:22.0087 3520 usbohci - ok
09:56:22.0107 3520 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
09:56:22.0107 3520 usbprint - ok
09:56:22.0157 3520 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
09:56:22.0167 3520 usbscan - ok
09:56:22.0197 3520 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:56:22.0207 3520 USBSTOR - ok
09:56:22.0247 3520 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
09:56:22.0247 3520 usbuhci - ok
09:56:22.0287 3520 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
09:56:22.0297 3520 usbvideo - ok
09:56:22.0317 3520 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
09:56:22.0317 3520 UxSms - ok
09:56:22.0357 3520 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:56:22.0357 3520 VaultSvc - ok
09:56:22.0397 3520 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
09:56:22.0407 3520 VClone - ok
09:56:22.0457 3520 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
09:56:22.0457 3520 vdrvroot - ok
09:56:22.0517 3520 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
09:56:22.0537 3520 vds - ok
09:56:22.0577 3520 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
09:56:22.0577 3520 vga - ok
09:56:22.0607 3520 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
09:56:22.0617 3520 VgaSave - ok
09:56:22.0647 3520 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
09:56:22.0657 3520 vhdmp - ok
09:56:22.0697 3520 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
09:56:22.0697 3520 viaide - ok
09:56:22.0737 3520 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
09:56:22.0737 3520 volmgr - ok
09:56:22.0797 3520 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
09:56:22.0807 3520 volmgrx - ok
09:56:22.0847 3520 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
09:56:22.0857 3520 volsnap - ok
09:56:22.0877 3520 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
09:56:22.0887 3520 vsmraid - ok
09:56:22.0957 3520 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
09:56:22.0987 3520 VSS - ok
09:56:23.0007 3520 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
09:56:23.0007 3520 vwifibus - ok
09:56:23.0057 3520 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
09:56:23.0057 3520 vwififlt - ok
09:56:23.0097 3520 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
09:56:23.0097 3520 vwifimp - ok
09:56:23.0127 3520 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
09:56:23.0137 3520 W32Time - ok
09:56:23.0157 3520 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
09:56:23.0167 3520 WacomPen - ok
09:56:23.0197 3520 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:56:23.0197 3520 WANARP - ok
09:56:23.0217 3520 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:56:23.0217 3520 Wanarpv6 - ok
09:56:23.0287 3520 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
09:56:23.0317 3520 WatAdminSvc - ok
09:56:23.0377 3520 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
09:56:23.0417 3520 wbengine - ok
09:56:23.0437 3520 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
09:56:23.0437 3520 WbioSrvc - ok
09:56:23.0477 3520 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
09:56:23.0487 3520 wcncsvc - ok
09:56:23.0507 3520 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
09:56:23.0507 3520 WcsPlugInService - ok
09:56:23.0547 3520 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
09:56:23.0547 3520 Wd - ok
09:56:23.0587 3520 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:56:23.0607 3520 Wdf01000 - ok
09:56:23.0617 3520 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:56:23.0617 3520 WdiServiceHost - ok
09:56:23.0627 3520 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:56:23.0627 3520 WdiSystemHost - ok
09:56:23.0677 3520 wdkmd (5b34e5938b9e76798977725e3f7847c4) C:\Windows\system32\DRIVERS\WDKMD.sys
09:56:23.0677 3520 wdkmd - ok
09:56:23.0707 3520 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
09:56:23.0707 3520 WebClient - ok
09:56:23.0727 3520 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
09:56:23.0737 3520 Wecsvc - ok
09:56:23.0767 3520 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
09:56:23.0777 3520 wercplsupport - ok
09:56:23.0807 3520 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
09:56:23.0807 3520 WerSvc - ok
09:56:23.0837 3520 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
09:56:23.0837 3520 WfpLwf - ok
09:56:23.0867 3520 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
09:56:23.0877 3520 WIMMount - ok
09:56:23.0907 3520 WinDefend - ok
09:56:23.0917 3520 WinHttpAutoProxySvc - ok
09:56:23.0977 3520 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
09:56:23.0977 3520 Winmgmt - ok
09:56:24.0057 3520 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
09:56:24.0107 3520 WinRM - ok
09:56:24.0167 3520 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
09:56:24.0167 3520 WinUsb - ok
09:56:24.0207 3520 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
09:56:24.0227 3520 Wlansvc - ok
09:56:24.0267 3520 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
09:56:24.0277 3520 WmiAcpi - ok
09:56:24.0297 3520 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
09:56:24.0297 3520 wmiApSrv - ok
09:56:24.0347 3520 WMPNetworkSvc - ok
09:56:24.0377 3520 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
09:56:24.0387 3520 WPCSvc - ok
09:56:24.0417 3520 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
09:56:24.0417 3520 WPDBusEnum - ok
09:56:24.0457 3520 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
09:56:24.0467 3520 ws2ifsl - ok
09:56:24.0487 3520 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
09:56:24.0497 3520 wscsvc - ok
09:56:24.0507 3520 WSearch - ok
09:56:24.0587 3520 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
09:56:24.0657 3520 wuauserv - ok
09:56:24.0697 3520 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
09:56:24.0707 3520 WudfPf - ok
09:56:24.0757 3520 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:56:24.0767 3520 WUDFRd - ok
09:56:24.0787 3520 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
09:56:24.0797 3520 wudfsvc - ok
09:56:24.0817 3520 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
09:56:24.0827 3520 WwanSvc - ok
09:56:24.0887 3520 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:56:24.0957 3520 \Device\Harddisk0\DR0 - ok
09:56:24.0967 3520 Boot (0x1200) (13e0e07c8d7facca27cf4a9cb0b83e56) \Device\Harddisk0\DR0\Partition0
09:56:24.0967 3520 \Device\Harddisk0\DR0\Partition0 - ok
09:56:24.0977 3520 Boot (0x1200) (5fbeec304255b89f9f44bfbc42ea0a09) \Device\Harddisk0\DR0\Partition1
09:56:24.0977 3520 \Device\Harddisk0\DR0\Partition1 - ok
09:56:24.0997 3520 Boot (0x1200) (9f74aaa827eb085048016308877f3ad3) \Device\Harddisk0\DR0\Partition2
09:56:24.0997 3520 \Device\Harddisk0\DR0\Partition2 - ok
09:56:24.0997 3520 ============================================================
09:56:24.0997 3520 Scan finished
09:56:24.0997 3520 ============================================================
09:56:25.0007 7056 Detected object count: 0
09:56:25.0007 7056 Actual detected object count: 0

#10 ChrisInOrlando

ChrisInOrlando
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 25 March 2012 - 09:06 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-25 09:59:50
-----------------------------
09:59:50.233 OS Version: Windows x64 6.1.7601 Service Pack 1
09:59:50.233 Number of processors: 4 586 0x2502
09:59:50.233 ComputerName: MAIN UserName:
09:59:50.583 Initialize success
10:00:37.730 AVAST engine defs: 12032500
10:00:57.964 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
10:00:57.964 Disk 0 Vendor: ST9500420AS 0003SDM1 Size: 476940MB BusType: 11
10:00:57.994 Disk 0 MBR read successfully
10:00:58.004 Disk 0 MBR scan
10:00:58.004 Disk 0 Windows 7 default MBR code
10:00:58.014 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
10:00:58.024 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10000 MB offset 206848
10:00:58.044 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 60000 MB offset 20686848
10:00:58.044 Disk 0 Partition - 00 0F Extended LBA 406838 MB offset 143566848
10:00:58.074 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 406837 MB offset 143568896
10:00:58.114 Disk 0 scanning C:\Windows\system32\drivers
10:01:10.796 Service scanning
10:01:32.427 Modules scanning
10:01:32.437 Disk 0 trace - called modules:
10:01:32.477 ntoskrnl.exe CLASSPNP.SYS disk.sys stdflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
10:01:32.487 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bff060]
10:01:32.487 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8004a92c30]
10:01:32.497 5 stdflt.sys[fffff88001943a4a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa800491f060]
10:01:35.107 AVAST engine scan C:\Windows
10:01:37.678 AVAST engine scan C:\Windows\system32
10:04:51.892 AVAST engine scan C:\Windows\system32\drivers
10:05:06.976 AVAST engine scan C:\Users\Jackie
10:05:29.006 Disk 0 MBR has been saved successfully to "C:\Users\Jackie\Desktop\MBR.dat"
10:05:29.006 The log file has been saved successfully to "C:\Users\Jackie\Desktop\aswMBR.txt"

#11 ChrisInOrlando

ChrisInOrlando
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 25 March 2012 - 09:10 AM

question: did the combofix make any changes? I ask because the issue appears to have gone away for now. It was intermittent before, so I'm going to continue with more testing....

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:22 PM

Posted 25 March 2012 - 12:52 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:22 PM

Posted 28 March 2012 - 12:01 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 ChrisInOrlando

ChrisInOrlando
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 28 March 2012 - 11:20 PM

Hi:
Sorry for the delay, I was travelling without internet access.
Question: I no longer seem to have the issue; running combofix the first time, combined with the other thigns we did, seems to have cleaned it. SO should I still run the CFSCRIPT step that you suggested? I don't want to do anything else with combofix that's an unnecessary risk if I don't have to, but I want your input before making that decision.
Thanks,
Chris

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:22 PM

Posted 28 March 2012 - 11:49 PM

Hello


that script serves two functions

One it clears out the java cache which often holds hidden viruses and removes unneeded files so they will not have to be scanned later, thus making some of the scans coming

also gives combofix a chance to pickup anything it may have missed the first time.

also will show us if anything is trying to put back the infection after we have removed it



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users