Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Google Redirect - Scour, Gimmeanswers, Happili


  • This topic is locked This topic is locked
23 replies to this topic

#1 yaosers

yaosers

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 24 March 2012 - 02:42 PM

I recently caught a Google Redirect virus that redirects my search results to scour, gimmeanswers and happili. My operating system is Windows 7 Home Premium (64bit). Prior to finding this forum, I was recommended and did run combofix and the issue has not been resolved. I have gone through the preparation guide and would appreciate any support.

Here is my DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Home at 14:21:40 on 2012-03-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6057.4514 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.siriusxm.com/
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_Plugin.exe -update plugin
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3D83421F-F283-4356-97A8-CB8F2E523C23} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{86BB2C85-BA10-45C8-A293-3105BA87E60F} : DhcpNameServer = 8.8.8.8 208.67.222.222 208.67.220.220 8.8.4.4
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\9s276l5l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z136&install_date=20111026
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z136&form=ZGAADF&install_date=20111026&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-3-17 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-9-14 1692480]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-24 05:06:13 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-24 04:55:07 -------- d-----w- C:\ComboFix
2012-03-24 04:47:17 98816 ----a-w- C:\Windows\sed.exe
2012-03-24 04:47:17 518144 ----a-w- C:\Windows\SWREG.exe
2012-03-24 04:47:17 256000 ----a-w- C:\Windows\PEV.exe
2012-03-24 04:47:17 208896 ----a-w- C:\Windows\MBR.exe
2012-03-24 04:18:32 -------- d-----w- C:\Users\Home\AppData\Roaming\f-secure
2012-03-24 04:18:22 -------- d-----w- C:\ProgramData\F-Secure
2012-03-24 03:05:04 -------- d-----w- C:\Program Files (x86)\ESET
2012-03-24 02:53:39 388096 ----a-r- C:\Users\Home\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-24 02:53:39 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-03-24 02:50:05 -------- d-----w- C:\Users\Home\AppData\Roaming\Malwarebytes
2012-03-24 02:50:01 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-24 02:50:01 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-24 02:50:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-24 01:57:48 -------- d-----w- C:\Program Files\CCleaner
2012-03-22 01:42:14 -------- d-----w- C:\Users\Home\AppData\Local\ElevatedDiagnostics
2012-03-18 14:19:45 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-18 14:19:45 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-18 04:49:01 -------- d-----w- C:\Windows\pss
2012-03-18 04:11:30 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-03-18 04:11:30 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-14 08:01:59 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 08:01:59 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 08:01:59 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-13 22:39:21 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-13 22:39:19 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-13 22:39:19 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-13 22:39:14 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-13 22:39:14 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-13 22:39:14 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-13 22:39:14 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-13 22:39:07 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-13 22:39:07 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-13 22:39:07 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-09 02:25:59 -------- d-----w- C:\Program Files\iPod
2012-03-09 02:25:58 -------- d-----w- C:\Program Files\iTunes
2012-03-09 02:25:58 -------- d-----w- C:\Program Files (x86)\iTunes
2012-03-03 03:42:20 -------- d-----w- C:\Users\Home\AppData\Local\Apple Computer
2012-03-03 03:42:11 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-03-03 03:42:11 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-03-03 03:42:11 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-03-03 03:42:03 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-03-03 03:40:55 -------- d-----w- C:\Users\Home\AppData\Local\Apple
2012-03-03 03:40:28 -------- d-----w- C:\Program Files\Bonjour
2012-03-03 03:40:28 -------- d-----w- C:\Program Files (x86)\Bonjour
.
==================== Find3M ====================
.
2012-03-24 02:47:10 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 14:22:01.97 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:11 PM

Posted 25 March 2012 - 12:31 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 yaosers

yaosers
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 25 March 2012 - 08:28 AM

Hi Gringo,

Thank you for your help. I ran combofix as instructed without any issues. Here is my log:

ComboFix 12-03-22.01 - Home 03/25/2012 8:15.6.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6057.4787 [GMT -5:00]
Running from: c:\users\Home\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-02-25 to 2012-03-25 )))))))))))))))))))))))))))))))
.
.
2012-03-25 13:19 . 2012-03-25 13:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-24 04:18 . 2012-03-24 04:18 -------- d-----w- c:\users\Home\AppData\Roaming\f-secure
2012-03-24 04:18 . 2012-03-24 04:18 -------- d-----w- c:\programdata\F-Secure
2012-03-24 03:05 . 2012-03-24 03:05 -------- d-----w- c:\program files (x86)\ESET
2012-03-24 02:53 . 2012-03-24 02:53 388096 ----a-r- c:\users\Home\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-24 02:53 . 2012-03-24 02:53 -------- d-----w- c:\program files (x86)\Trend Micro
2012-03-24 02:50 . 2012-03-24 02:50 -------- d-----w- c:\users\Home\AppData\Roaming\Malwarebytes
2012-03-24 02:50 . 2012-03-24 02:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-24 02:50 . 2012-03-24 02:50 -------- d-----w- c:\programdata\Malwarebytes
2012-03-24 02:50 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-24 02:47 . 2012-03-24 02:47 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-24 02:47 . 2012-03-24 02:47 -------- d-----w- c:\program files (x86)\Java
2012-03-24 01:57 . 2012-03-24 01:57 -------- d-----w- c:\program files\CCleaner
2012-03-22 01:42 . 2012-03-22 01:42 -------- d-----w- c:\users\Home\AppData\Local\ElevatedDiagnostics
2012-03-18 14:19 . 2012-03-18 14:19 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-18 14:19 . 2012-03-18 14:19 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-18 04:11 . 2012-03-24 02:36 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-18 04:11 . 2012-03-18 04:14 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-14 08:01 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 08:01 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 08:01 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 22:39 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 22:39 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 22:39 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 22:39 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 22:39 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 22:39 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 22:39 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 22:39 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 22:39 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 22:39 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-09 02:25 . 2012-03-09 02:25 -------- d-----w- c:\program files\iPod
2012-03-09 02:25 . 2012-03-09 02:26 -------- d-----w- c:\program files\iTunes
2012-03-09 02:25 . 2012-03-09 02:26 -------- d-----w- c:\program files (x86)\iTunes
2012-03-03 03:42 . 2012-03-03 03:42 -------- d-----w- c:\users\Home\AppData\Roaming\Apple Computer
2012-03-03 03:42 . 2012-03-03 03:42 -------- d-----w- c:\users\Home\AppData\Local\Apple Computer
2012-03-03 03:42 . 2012-03-03 03:42 -------- dc----w- c:\windows\system32\DRVSTORE
2012-03-03 03:42 . 2009-05-18 19:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-03-03 03:42 . 2008-04-17 18:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-03-03 03:42 . 2008-04-17 18:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-03-03 03:42 . 2012-03-03 03:42 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-03-03 03:42 . 2012-03-03 03:42 -------- d-----w- c:\programdata\Apple Computer
2012-03-03 03:40 . 2012-03-03 03:40 -------- d-----w- c:\users\Home\AppData\Local\Apple
2012-03-03 03:40 . 2012-03-03 03:40 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-03-03 03:40 . 2012-03-03 03:40 -------- d-----w- c:\program files\Common Files\Apple
2012-03-03 03:40 . 2012-03-03 03:40 -------- d-----w- c:\program files\Bonjour
2012-03-03 03:40 . 2012-03-03 03:40 -------- d-----w- c:\program files (x86)\Bonjour
2012-03-03 03:40 . 2012-03-09 02:25 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-03-03 03:40 . 2012-03-03 03:40 -------- d-----w- c:\programdata\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-24 02:47 . 2011-09-14 22:51 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-04 10:44 . 2012-02-16 03:24 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 03:24 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-16 03:24 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-16 03:24 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-16 03:24 498688 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-19_00.00.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-25 13:13 . 2012-03-25 13:13 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-03-18 23:59 . 2012-03-18 23:59 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2010-11-21 03:09 . 2012-03-24 05:15 27622 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-24 05:15 33990 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-01 21:28 . 2012-03-24 06:04 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-01 21:28 . 2012-03-09 04:29 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-01 21:28 . 2012-03-24 06:04 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-01 21:28 . 2012-03-09 04:29 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-09 04:29 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-24 06:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-03-24 19:30 95984 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-09-05 15:04 . 2011-09-05 15:04 64952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\armsvc.exe
+ 2011-10-01 21:41 . 2012-03-24 05:15 5580 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3708790988-2525651993-2563727528-1001_UserData.bin
- 2012-03-19 00:00 . 2012-03-19 00:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-25 13:20 . 2012-03-25 13:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-25 13:20 . 2012-03-25 13:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-19 00:00 . 2012-03-19 00:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-09-14 22:51 . 2011-09-14 22:51 157472 c:\windows\SysWOW64\javaws.exe
+ 2012-03-24 02:47 . 2012-03-24 02:47 157472 c:\windows\SysWOW64\javaws.exe
+ 2012-03-24 02:47 . 2012-03-24 02:47 149280 c:\windows\SysWOW64\javaw.exe
+ 2012-03-24 02:47 . 2012-03-24 02:47 149280 c:\windows\SysWOW64\java.exe
+ 2011-10-02 05:07 . 2012-03-25 13:10 246594 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2012-03-24 02:09 660520 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-18 05:17 660520 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-24 02:09 121190 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-18 05:17 121190 c:\windows\system32\perfc009.dat
- 2009-07-14 05:12 . 2011-02-10 16:14 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-03-24 03:04 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2012-03-25 13:13 269176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-18 23:59 269176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-24 02:47 . 2012-03-24 02:47 207360 c:\windows\Installer\1de180.msi
+ 2011-09-05 15:04 . 2011-09-05 15:04 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\AcroRdIF.dll
- 2011-10-01 21:38 . 2011-11-09 09:17 6652032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3708790988-2525651993-2563727528-1001-12288.dat
+ 2011-10-01 21:38 . 2012-03-24 04:33 6652032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3708790988-2525651993-2563727528-1001-12288.dat
+ 2012-03-24 02:51 . 2012-03-24 02:51 1402880 c:\windows\Installer\1de184.msi
+ 2011-10-01 21:38 . 2012-03-25 13:13 27575632 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3708790988-2525651993-2563727528-1001-8192.dat
+ 2012-03-24 02:46 . 2012-03-24 02:46 12938752 c:\windows\Installer\1de17a.msi
+ 2012-01-03 17:58 . 2012-01-03 17:58 20320256 c:\windows\Installer\1b27b.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-29 885760]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-07-08 1692480]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-29 2055016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-01 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-01 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.siriusxm.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\9s276l5l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z136&install_date=20111026
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z136&form=ZGAADF&install_date=20111026&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
.
**************************************************************************
.
Completion time: 2012-03-25 08:23:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-25 13:23
ComboFix2.txt 2012-03-24 05:03
ComboFix3.txt 2012-03-24 04:54
ComboFix4.txt 2012-03-24 01:16
ComboFix5.txt 2012-03-25 13:14
.
Pre-Run: 660,428,832,768 bytes free
Post-Run: 660,074,233,856 bytes free
.
- - End Of File - - FA1445C5238E5E680116417CB2DDFD84

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:11 PM

Posted 25 March 2012 - 12:11 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 yaosers

yaosers
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 25 March 2012 - 12:22 PM

Thanks again Gringo. I had no issues with the new set of instructions.

My tdsskiller log is as follows:

12:13:36.0496 5508 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
12:13:36.0855 5508 ============================================================
12:13:36.0855 5508 Current date / time: 2012/03/25 12:13:36.0855
12:13:36.0855 5508 SystemInfo:
12:13:36.0855 5508
12:13:36.0855 5508 OS Version: 6.1.7601 ServicePack: 1.0
12:13:36.0855 5508 Product type: Workstation
12:13:36.0855 5508 ComputerName: HOME-PC
12:13:36.0855 5508 UserName: Home
12:13:36.0855 5508 Windows directory: C:\Windows
12:13:36.0855 5508 System windows directory: C:\Windows
12:13:36.0855 5508 Running under WOW64
12:13:36.0855 5508 Processor architecture: Intel x64
12:13:36.0855 5508 Number of processors: 4
12:13:36.0855 5508 Page size: 0x1000
12:13:36.0855 5508 Boot type: Normal boot
12:13:36.0855 5508 ============================================================
12:13:37.0619 5508 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:13:37.0635 5508 \Device\Harddisk0\DR0:
12:13:37.0635 5508 MBR used
12:13:37.0635 5508 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D9F000
12:13:37.0635 5508 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1DB3000, BlocksNum 0x72953000
12:13:37.0666 5508 Initialize success
12:13:37.0666 5508 ============================================================
12:13:52.0423 2896 ============================================================
12:13:52.0423 2896 Scan started
12:13:52.0423 2896 Mode: Manual;
12:13:52.0423 2896 ============================================================
12:13:53.0266 2896 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:13:53.0266 2896 1394ohci - ok
12:13:53.0297 2896 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:13:53.0297 2896 ACPI - ok
12:13:53.0313 2896 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:13:53.0313 2896 AcpiPmi - ok
12:13:53.0391 2896 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:13:53.0391 2896 AdobeARMservice - ok
12:13:53.0422 2896 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
12:13:53.0422 2896 adp94xx - ok
12:13:53.0422 2896 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
12:13:53.0437 2896 adpahci - ok
12:13:53.0437 2896 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
12:13:53.0437 2896 adpu320 - ok
12:13:53.0469 2896 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:13:53.0469 2896 AeLookupSvc - ok
12:13:53.0531 2896 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:13:53.0531 2896 AFD - ok
12:13:53.0531 2896 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:13:53.0531 2896 agp440 - ok
12:13:53.0562 2896 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:13:53.0562 2896 ALG - ok
12:13:53.0578 2896 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:13:53.0578 2896 aliide - ok
12:13:53.0578 2896 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:13:53.0578 2896 amdide - ok
12:13:53.0578 2896 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
12:13:53.0593 2896 AmdK8 - ok
12:13:53.0593 2896 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
12:13:53.0593 2896 AmdPPM - ok
12:13:53.0625 2896 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:13:53.0625 2896 amdsata - ok
12:13:53.0656 2896 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
12:13:53.0656 2896 amdsbs - ok
12:13:53.0671 2896 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:13:53.0671 2896 amdxata - ok
12:13:53.0687 2896 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:13:53.0687 2896 AppID - ok
12:13:53.0703 2896 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:13:53.0703 2896 AppIDSvc - ok
12:13:53.0703 2896 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:13:53.0703 2896 Appinfo - ok
12:13:53.0781 2896 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:13:53.0781 2896 Apple Mobile Device - ok
12:13:53.0796 2896 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
12:13:53.0796 2896 arc - ok
12:13:53.0796 2896 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
12:13:53.0812 2896 arcsas - ok
12:13:53.0874 2896 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:13:53.0874 2896 aspnet_state - ok
12:13:53.0905 2896 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:13:53.0905 2896 AsyncMac - ok
12:13:53.0921 2896 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:13:53.0921 2896 atapi - ok
12:13:53.0968 2896 athr (96abf88241f90ff647e55c934c55c2f1) C:\Windows\system32\DRIVERS\athrx.sys
12:13:53.0999 2896 athr - ok
12:13:54.0030 2896 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:13:54.0046 2896 AudioEndpointBuilder - ok
12:13:54.0046 2896 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:13:54.0046 2896 AudioSrv - ok
12:13:54.0171 2896 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
12:13:54.0186 2896 AVGIDSAgent - ok
12:13:54.0202 2896 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
12:13:54.0202 2896 AVGIDSDriver - ok
12:13:54.0233 2896 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
12:13:54.0233 2896 AVGIDSEH - ok
12:13:54.0249 2896 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
12:13:54.0249 2896 AVGIDSFilter - ok
12:13:54.0264 2896 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
12:13:54.0280 2896 Avgldx64 - ok
12:13:54.0295 2896 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
12:13:54.0295 2896 Avgmfx64 - ok
12:13:54.0327 2896 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
12:13:54.0327 2896 Avgrkx64 - ok
12:13:54.0342 2896 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
12:13:54.0342 2896 Avgtdia - ok
12:13:54.0389 2896 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
12:13:54.0389 2896 avgwd - ok
12:13:54.0405 2896 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:13:54.0405 2896 AxInstSV - ok
12:13:54.0451 2896 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
12:13:54.0451 2896 b06bdrv - ok
12:13:54.0467 2896 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:13:54.0467 2896 b57nd60a - ok
12:13:54.0498 2896 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:13:54.0498 2896 BDESVC - ok
12:13:54.0514 2896 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:13:54.0514 2896 Beep - ok
12:13:54.0545 2896 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:13:54.0561 2896 BFE - ok
12:13:54.0592 2896 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
12:13:54.0592 2896 BITS - ok
12:13:54.0607 2896 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:13:54.0607 2896 blbdrive - ok
12:13:54.0685 2896 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
12:13:54.0685 2896 Bonjour Service - ok
12:13:54.0717 2896 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:13:54.0717 2896 bowser - ok
12:13:54.0748 2896 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
12:13:54.0748 2896 BrFiltLo - ok
12:13:54.0748 2896 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
12:13:54.0748 2896 BrFiltUp - ok
12:13:54.0779 2896 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:13:54.0779 2896 BridgeMP - ok
12:13:54.0826 2896 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:13:54.0826 2896 Browser - ok
12:13:54.0826 2896 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:13:54.0841 2896 Brserid - ok
12:13:54.0841 2896 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:13:54.0841 2896 BrSerWdm - ok
12:13:54.0841 2896 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:13:54.0857 2896 BrUsbMdm - ok
12:13:54.0857 2896 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:13:54.0857 2896 BrUsbSer - ok
12:13:54.0873 2896 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
12:13:54.0873 2896 BTHMODEM - ok
12:13:54.0888 2896 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:13:54.0888 2896 bthserv - ok
12:13:54.0904 2896 catchme - ok
12:13:54.0919 2896 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:13:54.0919 2896 cdfs - ok
12:13:54.0951 2896 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:13:54.0951 2896 cdrom - ok
12:13:54.0966 2896 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:13:54.0966 2896 CertPropSvc - ok
12:13:54.0966 2896 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
12:13:54.0966 2896 circlass - ok
12:13:54.0997 2896 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:13:54.0997 2896 CLFS - ok
12:13:55.0060 2896 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:13:55.0060 2896 clr_optimization_v2.0.50727_32 - ok
12:13:55.0091 2896 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:13:55.0091 2896 clr_optimization_v2.0.50727_64 - ok
12:13:55.0122 2896 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:13:55.0122 2896 clr_optimization_v4.0.30319_32 - ok
12:13:55.0138 2896 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:13:55.0138 2896 clr_optimization_v4.0.30319_64 - ok
12:13:55.0153 2896 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
12:13:55.0153 2896 CmBatt - ok
12:13:55.0153 2896 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:13:55.0153 2896 cmdide - ok
12:13:55.0200 2896 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:13:55.0200 2896 CNG - ok
12:13:55.0247 2896 CnxtHdAudService (5c855932e4df00b1b6f5f6f57e82b6c5) C:\Windows\system32\drivers\CHDRT64.sys
12:13:55.0247 2896 CnxtHdAudService - ok
12:13:55.0263 2896 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
12:13:55.0278 2896 Compbatt - ok
12:13:55.0294 2896 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:13:55.0294 2896 CompositeBus - ok
12:13:55.0309 2896 COMSysApp - ok
12:13:55.0309 2896 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
12:13:55.0309 2896 crcdisk - ok
12:13:55.0341 2896 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
12:13:55.0341 2896 CryptSvc - ok
12:13:55.0450 2896 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
12:13:55.0450 2896 cvhsvc - ok
12:13:55.0481 2896 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:13:55.0481 2896 DcomLaunch - ok
12:13:55.0497 2896 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:13:55.0497 2896 defragsvc - ok
12:13:55.0528 2896 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:13:55.0528 2896 DfsC - ok
12:13:55.0543 2896 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:13:55.0543 2896 Dhcp - ok
12:13:55.0559 2896 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:13:55.0559 2896 discache - ok
12:13:55.0590 2896 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
12:13:55.0590 2896 Disk - ok
12:13:55.0621 2896 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:13:55.0621 2896 Dnscache - ok
12:13:55.0637 2896 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:13:55.0637 2896 dot3svc - ok
12:13:55.0699 2896 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
12:13:55.0699 2896 Dot4 - ok
12:13:55.0715 2896 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
12:13:55.0715 2896 Dot4Print - ok
12:13:55.0746 2896 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
12:13:55.0746 2896 dot4usb - ok
12:13:55.0762 2896 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:13:55.0762 2896 DPS - ok
12:13:55.0793 2896 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:13:55.0793 2896 drmkaud - ok
12:13:55.0824 2896 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:13:55.0824 2896 DXGKrnl - ok
12:13:55.0855 2896 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:13:55.0855 2896 EapHost - ok
12:13:55.0902 2896 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
12:13:55.0918 2896 ebdrv - ok
12:13:55.0965 2896 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:13:55.0965 2896 EFS - ok
12:13:56.0011 2896 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:13:56.0011 2896 ehRecvr - ok
12:13:56.0027 2896 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:13:56.0027 2896 ehSched - ok
12:13:56.0058 2896 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
12:13:56.0058 2896 elxstor - ok
12:13:56.0074 2896 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:13:56.0074 2896 ErrDev - ok
12:13:56.0089 2896 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:13:56.0089 2896 EventSystem - ok
12:13:56.0105 2896 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:13:56.0105 2896 exfat - ok
12:13:56.0121 2896 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:13:56.0121 2896 fastfat - ok
12:13:56.0136 2896 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:13:56.0152 2896 Fax - ok
12:13:56.0152 2896 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
12:13:56.0152 2896 fdc - ok
12:13:56.0167 2896 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:13:56.0167 2896 fdPHost - ok
12:13:56.0183 2896 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:13:56.0183 2896 FDResPub - ok
12:13:56.0183 2896 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:13:56.0183 2896 FileInfo - ok
12:13:56.0199 2896 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:13:56.0199 2896 Filetrace - ok
12:13:56.0214 2896 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
12:13:56.0214 2896 flpydisk - ok
12:13:56.0230 2896 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:13:56.0230 2896 FltMgr - ok
12:13:56.0261 2896 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:13:56.0277 2896 FontCache - ok
12:13:56.0339 2896 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:13:56.0355 2896 FontCache3.0.0.0 - ok
12:13:56.0370 2896 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:13:56.0370 2896 FsDepends - ok
12:13:56.0386 2896 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:13:56.0386 2896 Fs_Rec - ok
12:13:56.0401 2896 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:13:56.0401 2896 fvevol - ok
12:13:56.0417 2896 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
12:13:56.0417 2896 gagp30kx - ok
12:13:56.0464 2896 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:13:56.0464 2896 GEARAspiWDM - ok
12:13:56.0511 2896 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
12:13:56.0511 2896 GoToAssist - ok
12:13:56.0542 2896 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:13:56.0542 2896 gpsvc - ok
12:13:56.0573 2896 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:13:56.0573 2896 hcw85cir - ok
12:13:56.0589 2896 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:13:56.0589 2896 HDAudBus - ok
12:13:56.0604 2896 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
12:13:56.0604 2896 HidBatt - ok
12:13:56.0604 2896 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
12:13:56.0604 2896 HidBth - ok
12:13:56.0620 2896 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
12:13:56.0620 2896 HidIr - ok
12:13:56.0635 2896 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:13:56.0635 2896 hidserv - ok
12:13:56.0651 2896 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:13:56.0651 2896 HidUsb - ok
12:13:56.0682 2896 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:13:56.0682 2896 hkmsvc - ok
12:13:56.0698 2896 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:13:56.0698 2896 HomeGroupListener - ok
12:13:56.0713 2896 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:13:56.0713 2896 HomeGroupProvider - ok
12:13:56.0854 2896 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
12:13:56.0854 2896 hpqcxs08 - ok
12:13:56.0869 2896 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
12:13:56.0885 2896 hpqddsvc - ok
12:13:56.0901 2896 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:13:56.0901 2896 HpSAMD - ok
12:13:56.0916 2896 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:13:56.0932 2896 HTTP - ok
12:13:56.0947 2896 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:13:56.0947 2896 hwpolicy - ok
12:13:56.0979 2896 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:13:56.0979 2896 i8042prt - ok
12:13:57.0010 2896 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:13:57.0010 2896 iaStorV - ok
12:13:57.0088 2896 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:13:57.0088 2896 idsvc - ok
12:13:57.0291 2896 igfx (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:13:57.0431 2896 igfx - ok
12:13:57.0447 2896 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
12:13:57.0447 2896 iirsp - ok
12:13:57.0493 2896 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:13:57.0493 2896 IKEEXT - ok
12:13:57.0587 2896 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
12:13:57.0587 2896 IntcDAud - ok
12:13:57.0603 2896 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:13:57.0603 2896 intelide - ok
12:13:57.0603 2896 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:13:57.0603 2896 intelppm - ok
12:13:57.0618 2896 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:13:57.0618 2896 IPBusEnum - ok
12:13:57.0634 2896 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:13:57.0634 2896 IpFilterDriver - ok
12:13:57.0681 2896 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:13:57.0681 2896 iphlpsvc - ok
12:13:57.0681 2896 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:13:57.0681 2896 IPMIDRV - ok
12:13:57.0712 2896 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:13:57.0712 2896 IPNAT - ok
12:13:57.0774 2896 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
12:13:57.0790 2896 iPod Service - ok
12:13:57.0805 2896 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:13:57.0805 2896 IRENUM - ok
12:13:57.0821 2896 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:13:57.0821 2896 isapnp - ok
12:13:57.0837 2896 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:13:57.0852 2896 iScsiPrt - ok
12:13:57.0868 2896 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:13:57.0868 2896 kbdclass - ok
12:13:57.0883 2896 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
12:13:57.0883 2896 kbdhid - ok
12:13:57.0930 2896 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:13:57.0930 2896 KeyIso - ok
12:13:57.0946 2896 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:13:57.0946 2896 KSecDD - ok
12:13:57.0961 2896 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:13:57.0961 2896 KSecPkg - ok
12:13:57.0977 2896 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:13:57.0977 2896 ksthunk - ok
12:13:58.0008 2896 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:13:58.0024 2896 KtmRm - ok
12:13:58.0055 2896 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
12:13:58.0055 2896 LanmanServer - ok
12:13:58.0071 2896 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:13:58.0086 2896 LanmanWorkstation - ok
12:13:58.0117 2896 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:13:58.0117 2896 lltdio - ok
12:13:58.0133 2896 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:13:58.0133 2896 lltdsvc - ok
12:13:58.0149 2896 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:13:58.0149 2896 lmhosts - ok
12:13:58.0180 2896 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
12:13:58.0180 2896 LSI_FC - ok
12:13:58.0180 2896 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
12:13:58.0180 2896 LSI_SAS - ok
12:13:58.0195 2896 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
12:13:58.0195 2896 LSI_SAS2 - ok
12:13:58.0195 2896 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
12:13:58.0195 2896 LSI_SCSI - ok
12:13:58.0227 2896 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:13:58.0227 2896 luafv - ok
12:13:58.0258 2896 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:13:58.0258 2896 Mcx2Svc - ok
12:13:58.0258 2896 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
12:13:58.0258 2896 megasas - ok
12:13:58.0273 2896 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
12:13:58.0273 2896 MegaSR - ok
12:13:58.0305 2896 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
12:13:58.0305 2896 MEIx64 - ok
12:13:58.0320 2896 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:13:58.0320 2896 MMCSS - ok
12:13:58.0320 2896 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:13:58.0320 2896 Modem - ok
12:13:58.0336 2896 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:13:58.0336 2896 monitor - ok
12:13:58.0367 2896 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:13:58.0367 2896 mouclass - ok
12:13:58.0383 2896 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:13:58.0383 2896 mouhid - ok
12:13:58.0414 2896 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:13:58.0414 2896 mountmgr - ok
12:13:58.0414 2896 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:13:58.0414 2896 mpio - ok
12:13:58.0429 2896 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:13:58.0429 2896 mpsdrv - ok
12:13:58.0476 2896 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:13:58.0476 2896 MpsSvc - ok
12:13:58.0492 2896 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:13:58.0492 2896 MRxDAV - ok
12:13:58.0523 2896 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:13:58.0523 2896 mrxsmb - ok
12:13:58.0554 2896 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:13:58.0554 2896 mrxsmb10 - ok
12:13:58.0585 2896 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:13:58.0585 2896 mrxsmb20 - ok
12:13:58.0601 2896 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:13:58.0601 2896 msahci - ok
12:13:58.0617 2896 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:13:58.0617 2896 msdsm - ok
12:13:58.0648 2896 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:13:58.0648 2896 MSDTC - ok
12:13:58.0663 2896 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:13:58.0663 2896 Msfs - ok
12:13:58.0695 2896 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:13:58.0695 2896 mshidkmdf - ok
12:13:58.0710 2896 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:13:58.0710 2896 msisadrv - ok
12:13:58.0726 2896 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:13:58.0726 2896 MSiSCSI - ok
12:13:58.0741 2896 msiserver - ok
12:13:58.0757 2896 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:13:58.0757 2896 MSKSSRV - ok
12:13:58.0757 2896 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:13:58.0757 2896 MSPCLOCK - ok
12:13:58.0773 2896 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:13:58.0773 2896 MSPQM - ok
12:13:58.0788 2896 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:13:58.0788 2896 MsRPC - ok
12:13:58.0804 2896 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
12:13:58.0804 2896 mssmbios - ok
12:13:58.0819 2896 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:13:58.0819 2896 MSTEE - ok
12:13:58.0819 2896 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
12:13:58.0819 2896 MTConfig - ok
12:13:58.0835 2896 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:13:58.0851 2896 Mup - ok
12:13:58.0866 2896 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:13:58.0882 2896 napagent - ok
12:13:58.0897 2896 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:13:58.0913 2896 NativeWifiP - ok
12:13:58.0944 2896 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
12:13:58.0960 2896 NDIS - ok
12:13:58.0975 2896 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:13:58.0975 2896 NdisCap - ok
12:13:59.0007 2896 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:13:59.0007 2896 NdisTapi - ok
12:13:59.0022 2896 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:13:59.0022 2896 Ndisuio - ok
12:13:59.0038 2896 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:13:59.0038 2896 NdisWan - ok
12:13:59.0069 2896 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:13:59.0069 2896 NDProxy - ok
12:13:59.0116 2896 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
12:13:59.0131 2896 Net Driver HPZ12 - ok
12:13:59.0147 2896 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:13:59.0147 2896 NetBIOS - ok
12:13:59.0163 2896 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:13:59.0163 2896 NetBT - ok
12:13:59.0194 2896 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:13:59.0194 2896 Netlogon - ok
12:13:59.0241 2896 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:13:59.0241 2896 Netman - ok
12:13:59.0319 2896 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:13:59.0319 2896 NetMsmqActivator - ok
12:13:59.0319 2896 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:13:59.0319 2896 NetPipeActivator - ok
12:13:59.0350 2896 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:13:59.0350 2896 netprofm - ok
12:13:59.0365 2896 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:13:59.0365 2896 NetTcpActivator - ok
12:13:59.0365 2896 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:13:59.0365 2896 NetTcpPortSharing - ok
12:13:59.0397 2896 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
12:13:59.0397 2896 nfrd960 - ok
12:13:59.0412 2896 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:13:59.0412 2896 NlaSvc - ok
12:13:59.0506 2896 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
12:13:59.0537 2896 NOBU - ok
12:13:59.0568 2896 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:13:59.0568 2896 Npfs - ok
12:13:59.0584 2896 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:13:59.0584 2896 nsi - ok
12:13:59.0584 2896 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:13:59.0584 2896 nsiproxy - ok
12:13:59.0631 2896 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:13:59.0646 2896 Ntfs - ok
12:13:59.0693 2896 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:13:59.0693 2896 Null - ok
12:13:59.0724 2896 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:13:59.0724 2896 nvraid - ok
12:13:59.0740 2896 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:13:59.0740 2896 nvstor - ok
12:13:59.0771 2896 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:13:59.0771 2896 nv_agp - ok
12:13:59.0771 2896 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:13:59.0771 2896 ohci1394 - ok
12:13:59.0802 2896 OpenVPNService (f3e320751067fb1abf574850cf6cfb2d) C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
12:13:59.0802 2896 OpenVPNService - ok
12:13:59.0880 2896 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:13:59.0880 2896 ose - ok
12:13:59.0989 2896 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:14:00.0052 2896 osppsvc - ok
12:14:00.0099 2896 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:14:00.0099 2896 p2pimsvc - ok
12:14:00.0130 2896 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:14:00.0130 2896 p2psvc - ok
12:14:00.0145 2896 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
12:14:00.0145 2896 Parport - ok
12:14:00.0161 2896 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
12:14:00.0161 2896 partmgr - ok
12:14:00.0177 2896 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:14:00.0177 2896 PcaSvc - ok
12:14:00.0192 2896 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:14:00.0192 2896 pci - ok
12:14:00.0223 2896 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:14:00.0223 2896 pciide - ok
12:14:00.0239 2896 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
12:14:00.0239 2896 pcmcia - ok
12:14:00.0255 2896 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:14:00.0255 2896 pcw - ok
12:14:00.0286 2896 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:14:00.0286 2896 PEAUTH - ok
12:14:00.0317 2896 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:14:00.0333 2896 PerfHost - ok
12:14:00.0364 2896 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:14:00.0379 2896 pla - ok
12:14:00.0426 2896 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:14:00.0426 2896 PlugPlay - ok
12:14:00.0457 2896 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
12:14:00.0473 2896 Pml Driver HPZ12 - ok
12:14:00.0473 2896 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:14:00.0473 2896 PNRPAutoReg - ok
12:14:00.0489 2896 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:14:00.0489 2896 PNRPsvc - ok
12:14:00.0520 2896 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:14:00.0535 2896 PolicyAgent - ok
12:14:00.0551 2896 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:14:00.0551 2896 Power - ok
12:14:00.0598 2896 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:14:00.0598 2896 PptpMiniport - ok
12:14:00.0613 2896 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
12:14:00.0613 2896 Processor - ok
12:14:00.0629 2896 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
12:14:00.0645 2896 ProfSvc - ok
12:14:00.0676 2896 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:14:00.0676 2896 ProtectedStorage - ok
12:14:00.0691 2896 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:14:00.0691 2896 Psched - ok
12:14:00.0723 2896 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
12:14:00.0723 2896 PxHlpa64 - ok
12:14:00.0769 2896 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
12:14:00.0769 2896 ql2300 - ok
12:14:00.0785 2896 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
12:14:00.0785 2896 ql40xx - ok
12:14:00.0801 2896 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:14:00.0801 2896 QWAVE - ok
12:14:00.0816 2896 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:14:00.0816 2896 QWAVEdrv - ok
12:14:00.0816 2896 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:14:00.0816 2896 RasAcd - ok
12:14:00.0847 2896 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:14:00.0847 2896 RasAgileVpn - ok
12:14:00.0863 2896 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:14:00.0863 2896 RasAuto - ok
12:14:00.0879 2896 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:14:00.0894 2896 Rasl2tp - ok
12:14:00.0894 2896 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:14:00.0910 2896 RasMan - ok
12:14:00.0925 2896 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:14:00.0925 2896 RasPppoe - ok
12:14:00.0941 2896 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:14:00.0941 2896 RasSstp - ok
12:14:00.0957 2896 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:14:00.0957 2896 rdbss - ok
12:14:00.0957 2896 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
12:14:00.0957 2896 rdpbus - ok
12:14:00.0972 2896 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:14:00.0972 2896 RDPCDD - ok
12:14:00.0988 2896 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:14:01.0003 2896 RDPENCDD - ok
12:14:01.0003 2896 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:14:01.0003 2896 RDPREFMP - ok
12:14:01.0035 2896 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
12:14:01.0050 2896 RDPWD - ok
12:14:01.0066 2896 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:14:01.0066 2896 rdyboost - ok
12:14:01.0097 2896 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:14:01.0097 2896 RemoteAccess - ok
12:14:01.0113 2896 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:14:01.0113 2896 RemoteRegistry - ok
12:14:01.0206 2896 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
12:14:01.0206 2896 RoxMediaDB12OEM - ok
12:14:01.0237 2896 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
12:14:01.0237 2896 RoxWatch12 - ok
12:14:01.0253 2896 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:14:01.0253 2896 RpcEptMapper - ok
12:14:01.0284 2896 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:14:01.0284 2896 RpcLocator - ok
12:14:01.0300 2896 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:14:01.0315 2896 RpcSs - ok
12:14:01.0347 2896 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:14:01.0347 2896 rspndr - ok
12:14:01.0393 2896 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:14:01.0393 2896 RTL8167 - ok
12:14:01.0440 2896 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:14:01.0440 2896 SamSs - ok
12:14:01.0456 2896 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:14:01.0456 2896 sbp2port - ok
12:14:01.0534 2896 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
12:14:01.0549 2896 SBSDWSCService - ok
12:14:01.0565 2896 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:14:01.0581 2896 SCardSvr - ok
12:14:01.0581 2896 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:14:01.0581 2896 scfilter - ok
12:14:01.0612 2896 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:14:01.0627 2896 Schedule - ok
12:14:01.0659 2896 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:14:01.0659 2896 SCPolicySvc - ok
12:14:01.0674 2896 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:14:01.0674 2896 SDRSVC - ok
12:14:01.0690 2896 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:14:01.0690 2896 secdrv - ok
12:14:01.0705 2896 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:14:01.0705 2896 seclogon - ok
12:14:01.0737 2896 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
12:14:01.0737 2896 SENS - ok
12:14:01.0752 2896 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:14:01.0752 2896 SensrSvc - ok
12:14:01.0768 2896 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
12:14:01.0768 2896 Serenum - ok
12:14:01.0783 2896 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
12:14:01.0783 2896 Serial - ok
12:14:01.0783 2896 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
12:14:01.0783 2896 sermouse - ok
12:14:01.0815 2896 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:14:01.0815 2896 SessionEnv - ok
12:14:01.0815 2896 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:14:01.0815 2896 sffdisk - ok
12:14:01.0830 2896 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:14:01.0830 2896 sffp_mmc - ok
12:14:01.0830 2896 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:14:01.0830 2896 sffp_sd - ok
12:14:01.0846 2896 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
12:14:01.0846 2896 sfloppy - ok
12:14:01.0893 2896 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
12:14:01.0893 2896 Sftfs - ok
12:14:01.0955 2896 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
12:14:01.0955 2896 sftlist - ok
12:14:01.0971 2896 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
12:14:01.0971 2896 Sftplay - ok
12:14:01.0986 2896 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
12:14:01.0986 2896 Sftredir - ok
12:14:02.0049 2896 SftService (1968e6ebbeecf61d5f7d8603467e2ad0) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
12:14:02.0064 2896 SftService - ok
12:14:02.0111 2896 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
12:14:02.0111 2896 Sftvol - ok
12:14:02.0127 2896 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
12:14:02.0127 2896 sftvsa - ok
12:14:02.0142 2896 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:14:02.0142 2896 SharedAccess - ok
12:14:02.0173 2896 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:14:02.0173 2896 ShellHWDetection - ok
12:14:02.0205 2896 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
12:14:02.0205 2896 SiSRaid2 - ok
12:14:02.0205 2896 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
12:14:02.0205 2896 SiSRaid4 - ok
12:14:02.0220 2896 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:14:02.0220 2896 Smb - ok
12:14:02.0236 2896 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:14:02.0236 2896 SNMPTRAP - ok
12:14:02.0251 2896 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:14:02.0251 2896 spldr - ok
12:14:02.0283 2896 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:14:02.0283 2896 Spooler - ok
12:14:02.0345 2896 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:14:02.0392 2896 sppsvc - ok
12:14:02.0407 2896 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:14:02.0407 2896 sppuinotify - ok
12:14:02.0454 2896 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:14:02.0454 2896 srv - ok
12:14:02.0470 2896 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:14:02.0470 2896 srv2 - ok
12:14:02.0485 2896 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:14:02.0485 2896 srvnet - ok
12:14:02.0517 2896 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:14:02.0517 2896 SSDPSRV - ok
12:14:02.0532 2896 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:14:02.0532 2896 SstpSvc - ok
12:14:02.0548 2896 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
12:14:02.0548 2896 stexstor - ok
12:14:02.0579 2896 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:14:02.0579 2896 stisvc - ok
12:14:02.0641 2896 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
12:14:02.0641 2896 stllssvr - ok
12:14:02.0657 2896 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
12:14:02.0657 2896 swenum - ok
12:14:02.0673 2896 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:14:02.0688 2896 swprv - ok
12:14:02.0719 2896 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:14:02.0751 2896 SysMain - ok
12:14:02.0766 2896 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:14:02.0766 2896 TabletInputService - ok
12:14:02.0813 2896 tap0901 (f0b9d3ed88e56d3cd713dff21e42aaf0) C:\Windows\system32\DRIVERS\tap0901.sys
12:14:02.0813 2896 tap0901 - ok
12:14:02.0813 2896 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:14:02.0829 2896 TapiSrv - ok
12:14:02.0829 2896 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:14:02.0829 2896 TBS - ok
12:14:02.0891 2896 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
12:14:02.0891 2896 Tcpip - ok
12:14:02.0938 2896 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
12:14:02.0938 2896 TCPIP6 - ok
12:14:02.0953 2896 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:14:02.0953 2896 tcpipreg - ok
12:14:02.0969 2896 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:14:02.0969 2896 TDPIPE - ok
12:14:03.0000 2896 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:14:03.0000 2896 TDTCP - ok
12:14:03.0031 2896 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:14:03.0031 2896 tdx - ok
12:14:03.0047 2896 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
12:14:03.0047 2896 TermDD - ok
12:14:03.0063 2896 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:14:03.0063 2896 TermService - ok
12:14:03.0109 2896 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:14:03.0109 2896 Themes - ok
12:14:03.0125 2896 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:14:03.0125 2896 THREADORDER - ok
12:14:03.0141 2896 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:14:03.0141 2896 TrkWks - ok
12:14:03.0172 2896 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:14:03.0187 2896 TrustedInstaller - ok
12:14:03.0187 2896 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:14:03.0187 2896 tssecsrv - ok
12:14:03.0203 2896 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:14:03.0203 2896 TsUsbFlt - ok
12:14:03.0203 2896 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
12:14:03.0219 2896 TsUsbGD - ok
12:14:03.0234 2896 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:14:03.0234 2896 tunnel - ok
12:14:03.0250 2896 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
12:14:03.0250 2896 uagp35 - ok
12:14:03.0265 2896 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:14:03.0265 2896 udfs - ok
12:14:03.0281 2896 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:14:03.0281 2896 UI0Detect - ok
12:14:03.0297 2896 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:14:03.0297 2896 uliagpkx - ok
12:14:03.0312 2896 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
12:14:03.0312 2896 umbus - ok
12:14:03.0343 2896 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
12:14:03.0343 2896 UmPass - ok
12:14:03.0359 2896 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:14:03.0359 2896 upnphost - ok
12:14:03.0406 2896 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
12:14:03.0406 2896 USBAAPL64 - ok
12:14:03.0437 2896 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
12:14:03.0437 2896 usbccgp - ok
12:14:03.0453 2896 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:14:03.0453 2896 usbcir - ok
12:14:03.0468 2896 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:14:03.0468 2896 usbehci - ok
12:14:03.0484 2896 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:14:03.0499 2896 usbhub - ok
12:14:03.0515 2896 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:14:03.0515 2896 usbohci - ok
12:14:03.0546 2896 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:14:03.0546 2896 usbprint - ok
12:14:03.0562 2896 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:14:03.0562 2896 usbscan - ok
12:14:03.0577 2896 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:14:03.0577 2896 USBSTOR - ok
12:14:03.0593 2896 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:14:03.0593 2896 usbuhci - ok
12:14:03.0624 2896 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:14:03.0624 2896 UxSms - ok
12:14:03.0655 2896 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:14:03.0655 2896 VaultSvc - ok
12:14:03.0671 2896 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:14:03.0671 2896 vdrvroot - ok
12:14:03.0687 2896 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:14:03.0702 2896 vds - ok
12:14:03.0718 2896 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:14:03.0718 2896 vga - ok
12:14:03.0733 2896 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:14:03.0733 2896 VgaSave - ok
12:14:03.0749 2896 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:14:03.0749 2896 vhdmp - ok
12:14:03.0765 2896 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:14:03.0765 2896 viaide - ok
12:14:03.0780 2896 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:14:03.0780 2896 volmgr - ok
12:14:03.0796 2896 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:14:03.0796 2896 volmgrx - ok
12:14:03.0811 2896 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:14:03.0827 2896 volsnap - ok
12:14:03.0843 2896 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
12:14:03.0843 2896 vsmraid - ok
12:14:03.0889 2896 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:14:03.0905 2896 VSS - ok
12:14:03.0936 2896 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:14:03.0936 2896 vwifibus - ok
12:14:03.0936 2896 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:14:03.0952 2896 vwififlt - ok
12:14:03.0967 2896 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:14:03.0967 2896 W32Time - ok
12:14:03.0983 2896 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
12:14:03.0983 2896 WacomPen - ok
12:14:03.0999 2896 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:14:03.0999 2896 WANARP - ok
12:14:03.0999 2896 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:14:03.0999 2896 Wanarpv6 - ok
12:14:04.0061 2896 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:14:04.0077 2896 WatAdminSvc - ok
12:14:04.0092 2896 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:14:04.0108 2896 wbengine - ok
12:14:04.0123 2896 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:14:04.0123 2896 WbioSrvc - ok
12:14:04.0139 2896 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:14:04.0139 2896 wcncsvc - ok
12:14:04.0155 2896 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:14:04.0155 2896 WcsPlugInService - ok
12:14:04.0170 2896 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
12:14:04.0170 2896 Wd - ok
12:14:04.0186 2896 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:14:04.0186 2896 Wdf01000 - ok
12:14:04.0201 2896 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:14:04.0201 2896 WdiServiceHost - ok
12:14:04.0201 2896 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:14:04.0201 2896 WdiSystemHost - ok
12:14:04.0217 2896 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:14:04.0217 2896 WebClient - ok
12:14:04.0217 2896 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:14:04.0233 2896 Wecsvc - ok
12:14:04.0233 2896 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:14:04.0248 2896 wercplsupport - ok
12:14:04.0264 2896 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:14:04.0264 2896 WerSvc - ok
12:14:04.0279 2896 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:14:04.0279 2896 WfpLwf - ok
12:14:04.0311 2896 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
12:14:04.0311 2896 WimFltr - ok
12:14:04.0342 2896 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:14:04.0342 2896 WIMMount - ok
12:14:04.0373 2896 WinDefend - ok
12:14:04.0373 2896 WinHttpAutoProxySvc - ok
12:14:04.0420 2896 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:14:04.0420 2896 Winmgmt - ok
12:14:04.0467 2896 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:14:04.0498 2896 WinRM - ok
12:14:04.0545 2896 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
12:14:04.0545 2896 WinUsb - ok
12:14:04.0576 2896 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:14:04.0591 2896 Wlansvc - ok
12:14:04.0638 2896 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:14:04.0638 2896 wlcrasvc - ok
12:14:04.0701 2896 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:14:04.0732 2896 wlidsvc - ok
12:14:04.0747 2896 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:14:04.0747 2896 WmiAcpi - ok
12:14:04.0794 2896 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:14:04.0794 2896 wmiApSrv - ok
12:14:04.0825 2896 WMPNetworkSvc - ok
12:14:04.0841 2896 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:14:04.0841 2896 WPCSvc - ok
12:14:04.0857 2896 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:14:04.0857 2896 WPDBusEnum - ok
12:14:04.0872 2896 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:14:04.0872 2896 ws2ifsl - ok
12:14:04.0903 2896 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
12:14:04.0903 2896 wscsvc - ok
12:14:04.0903 2896 WSearch - ok
12:14:04.0966 2896 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
12:14:04.0997 2896 wuauserv - ok
12:14:05.0013 2896 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:14:05.0013 2896 WudfPf - ok
12:14:05.0028 2896 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:14:05.0044 2896 WUDFRd - ok
12:14:05.0059 2896 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:14:05.0059 2896 wudfsvc - ok
12:14:05.0075 2896 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:14:05.0075 2896 WwanSvc - ok
12:14:05.0091 2896 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:14:05.0153 2896 \Device\Harddisk0\DR0 - ok
12:14:05.0153 2896 Boot (0x1200) (12c00f5a40e3786e70eafa6e35793665) \Device\Harddisk0\DR0\Partition0
12:14:05.0153 2896 \Device\Harddisk0\DR0\Partition0 - ok
12:14:05.0153 2896 Boot (0x1200) (4d0b8773ccbfbc460041dfc80cdcb4c2) \Device\Harddisk0\DR0\Partition1
12:14:05.0153 2896 \Device\Harddisk0\DR0\Partition1 - ok
12:14:05.0169 2896 ============================================================
12:14:05.0169 2896 Scan finished
12:14:05.0169 2896 ============================================================
12:14:05.0169 2168 Detected object count: 0
12:14:05.0169 2168 Actual detected object count: 0

My aswMBR log is as follows:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-25 12:14:49
-----------------------------
12:14:49.346 OS Version: Windows x64 6.1.7601 Service Pack 1
12:14:49.346 Number of processors: 4 586 0x2A07
12:14:49.362 ComputerName: HOME-PC UserName: Home
12:14:50.298 Initialize success
12:19:25.344 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:19:25.348 Disk 0 Vendor: WDC_WD10EALX-759BA1 19.01H19 Size: 953869MB BusType: 3
12:19:25.373 Disk 0 MBR read successfully
12:19:25.376 Disk 0 MBR scan
12:19:25.379 Disk 0 Windows VISTA default MBR code
12:19:25.382 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
12:19:25.384 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15166 MB offset 81920
12:19:25.400 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 938662 MB offset 31141888
12:19:25.427 Disk 0 scanning C:\Windows\system32\drivers
12:19:28.951 Service scanning
12:19:37.386 Modules scanning
12:19:37.394 Disk 0 trace - called modules:
12:19:37.406 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
12:19:37.411 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006574060]
12:19:37.741 3 CLASSPNP.SYS[fffff8800197d43f] -> nt!IofCallDriver -> [0xfffffa80062f4520]
12:19:37.746 5 ACPI.sys[fffff88000f457a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80062cb060]
12:19:37.751 Scan finished successfully
12:20:22.423 Disk 0 MBR has been saved successfully to "C:\Users\Home\Desktop\FIX\MBR.dat"
12:20:22.426 The log file has been saved successfully to "C:\Users\Home\Desktop\FIX\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:11 PM

Posted 25 March 2012 - 08:09 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 yaosers

yaosers
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 25 March 2012 - 08:30 PM

Thanks Gringo,

I followed your instructions without any problems. I tried searching on Bing and the first page I tried to load was redirected to happili.

Here is my log:

ComboFix 12-03-22.01 - Home 03/25/2012 20:16:39.7.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6057.4961 [GMT -5:00]
Running from: c:\users\Home\Desktop\ComboFix.exe
Command switches used :: c:\users\Home\Desktop\CFscript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-26 to 2012-03-26 )))))))))))))))))))))))))))))))
.
.
2012-03-26 01:19 . 2012-03-26 01:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-24 04:18 . 2012-03-24 04:18 -------- d-----w- c:\users\Home\AppData\Roaming\f-secure
2012-03-24 04:18 . 2012-03-24 04:18 -------- d-----w- c:\programdata\F-Secure
2012-03-24 03:05 . 2012-03-24 03:05 -------- d-----w- c:\program files (x86)\ESET
2012-03-24 02:53 . 2012-03-24 02:53 388096 ----a-r- c:\users\Home\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-24 02:53 . 2012-03-24 02:53 -------- d-----w- c:\program files (x86)\Trend Micro
2012-03-24 02:50 . 2012-03-24 02:50 -------- d-----w- c:\users\Home\AppData\Roaming\Malwarebytes
2012-03-24 02:50 . 2012-03-24 02:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-24 02:50 . 2012-03-24 02:50 -------- d-----w- c:\programdata\Malwarebytes
2012-03-24 02:50 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-24 02:47 . 2012-03-24 02:47 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-24 02:47 . 2012-03-24 02:47 -------- d-----w- c:\program files (x86)\Java
2012-03-24 01:57 . 2012-03-24 01:57 -------- d-----w- c:\program files\CCleaner
2012-03-22 01:42 . 2012-03-22 01:42 -------- d-----w- c:\users\Home\AppData\Local\ElevatedDiagnostics
2012-03-18 14:19 . 2012-03-18 14:19 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-18 14:19 . 2012-03-18 14:19 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-18 04:11 . 2012-03-24 02:36 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-18 04:11 . 2012-03-18 04:14 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-14 08:01 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 08:01 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 08:01 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 22:39 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 22:39 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 22:39 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 22:39 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 22:39 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 22:39 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 22:39 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 22:39 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 22:39 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 22:39 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-09 02:25 . 2012-03-09 02:25 -------- d-----w- c:\program files\iPod
2012-03-09 02:25 . 2012-03-09 02:26 -------- d-----w- c:\program files\iTunes
2012-03-09 02:25 . 2012-03-09 02:26 -------- d-----w- c:\program files (x86)\iTunes
2012-03-03 03:42 . 2012-03-03 03:42 -------- d-----w- c:\users\Home\AppData\Roaming\Apple Computer
2012-03-03 03:42 . 2012-03-03 03:42 -------- d-----w- c:\users\Home\AppData\Local\Apple Computer
2012-03-03 03:42 . 2012-03-03 03:42 -------- dc----w- c:\windows\system32\DRVSTORE
2012-03-03 03:42 . 2009-05-18 19:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-03-03 03:42 . 2008-04-17 18:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-03-03 03:42 . 2008-04-17 18:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-03-03 03:42 . 2012-03-03 03:42 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-03-03 03:42 . 2012-03-03 03:42 -------- d-----w- c:\programdata\Apple Computer
2012-03-03 03:40 . 2012-03-03 03:40 -------- d-----w- c:\users\Home\AppData\Local\Apple
2012-03-03 03:40 . 2012-03-03 03:40 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-03-03 03:40 . 2012-03-03 03:40 -------- d-----w- c:\program files\Common Files\Apple
2012-03-03 03:40 . 2012-03-03 03:40 -------- d-----w- c:\program files\Bonjour
2012-03-03 03:40 . 2012-03-03 03:40 -------- d-----w- c:\program files (x86)\Bonjour
2012-03-03 03:40 . 2012-03-09 02:25 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-03-03 03:40 . 2012-03-03 03:40 -------- d-----w- c:\programdata\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-24 02:47 . 2011-09-14 22:51 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-04 10:44 . 2012-02-16 03:24 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 03:24 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-16 03:24 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-16 03:24 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-16 03:24 498688 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-19_00.00.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-26 01:19 . 2012-03-26 01:19 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-03-18 23:59 . 2012-03-18 23:59 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2010-11-21 03:09 . 2012-03-25 13:26 28310 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-25 13:26 34022 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-01 21:28 . 2012-03-24 06:04 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-01 21:28 . 2012-03-09 04:29 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-01 21:28 . 2012-03-24 06:04 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-01 21:28 . 2012-03-09 04:29 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-09 04:29 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-24 06:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-03-24 19:30 95984 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-09-05 15:04 . 2011-09-05 15:04 64952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\armsvc.exe
+ 2011-10-01 21:41 . 2012-03-25 13:26 5896 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3708790988-2525651993-2563727528-1001_UserData.bin
- 2012-03-19 00:00 . 2012-03-19 00:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-26 01:20 . 2012-03-26 01:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-26 01:20 . 2012-03-26 01:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-19 00:00 . 2012-03-19 00:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-09-14 22:51 . 2011-09-14 22:51 157472 c:\windows\SysWOW64\javaws.exe
+ 2012-03-24 02:47 . 2012-03-24 02:47 157472 c:\windows\SysWOW64\javaws.exe
+ 2012-03-24 02:47 . 2012-03-24 02:47 149280 c:\windows\SysWOW64\javaw.exe
+ 2012-03-24 02:47 . 2012-03-24 02:47 149280 c:\windows\SysWOW64\java.exe
+ 2011-10-02 05:07 . 2012-03-26 01:13 246850 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2012-03-24 02:09 660520 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-18 05:17 660520 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-24 02:09 121190 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-18 05:17 121190 c:\windows\system32\perfc009.dat
- 2009-07-14 05:12 . 2011-02-10 16:14 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-03-24 03:04 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2012-03-26 01:19 269176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-18 23:59 269176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-24 02:47 . 2012-03-24 02:47 207360 c:\windows\Installer\1de180.msi
+ 2011-09-05 15:04 . 2011-09-05 15:04 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\AcroRdIF.dll
- 2011-10-01 21:38 . 2011-11-09 09:17 6652032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3708790988-2525651993-2563727528-1001-12288.dat
+ 2011-10-01 21:38 . 2012-03-24 04:33 6652032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3708790988-2525651993-2563727528-1001-12288.dat
+ 2012-03-24 02:51 . 2012-03-24 02:51 1402880 c:\windows\Installer\1de184.msi
+ 2011-10-01 21:38 . 2012-03-26 01:19 27651972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3708790988-2525651993-2563727528-1001-8192.dat
+ 2012-03-24 02:46 . 2012-03-24 02:46 12938752 c:\windows\Installer\1de17a.msi
+ 2012-01-03 17:58 . 2012-01-03 17:58 20320256 c:\windows\Installer\1b27b.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-29 885760]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-07-08 1692480]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-29 2055016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-01 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-01 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.siriusxm.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\9s276l5l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z136&install_date=20111026
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z136&form=ZGAADF&install_date=20111026&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
.
**************************************************************************
.
Completion time: 2012-03-25 20:23:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-26 01:23
ComboFix2.txt 2012-03-25 13:23
ComboFix3.txt 2012-03-24 05:03
ComboFix4.txt 2012-03-24 04:54
ComboFix5.txt 2012-03-26 01:15
.
Pre-Run: 660,112,310,272 bytes free
Post-Run: 660,067,295,232 bytes free
.
- - End Of File - - 5555364C8AFD26BDC0FFC8F737528046

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:11 PM

Posted 25 March 2012 - 09:07 PM

Hello


I want you to uninstall firefox and when asked about user data I want you to delete that also

when you have completed that then you can reinstall it and come back and let me know how things are doing
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 yaosers

yaosers
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 25 March 2012 - 09:53 PM

Hi Gringo, everything went smoothly. No redirects so far!

Do you think the issue is resolved?

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:11 PM

Posted 25 March 2012 - 10:02 PM

Greetings

I am going to run some more scans to be sure but I think the worst is over



I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 yaosers

yaosers
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 25 March 2012 - 10:28 PM

That's good news.

Here is my tdsskiller log:

22:21:31.0126 1544 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
22:21:31.0688 1544 ============================================================
22:21:31.0688 1544 Current date / time: 2012/03/25 22:21:31.0688
22:21:31.0688 1544 SystemInfo:
22:21:31.0688 1544
22:21:31.0688 1544 OS Version: 6.1.7601 ServicePack: 1.0
22:21:31.0688 1544 Product type: Workstation
22:21:31.0688 1544 ComputerName: HOME-PC
22:21:31.0688 1544 UserName: Home
22:21:31.0688 1544 Windows directory: C:\Windows
22:21:31.0688 1544 System windows directory: C:\Windows
22:21:31.0688 1544 Running under WOW64
22:21:31.0688 1544 Processor architecture: Intel x64
22:21:31.0688 1544 Number of processors: 4
22:21:31.0688 1544 Page size: 0x1000
22:21:31.0688 1544 Boot type: Normal boot
22:21:31.0688 1544 ============================================================
22:21:32.0421 1544 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:21:32.0437 1544 \Device\Harddisk0\DR0:
22:21:32.0437 1544 MBR used
22:21:32.0437 1544 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D9F000
22:21:32.0437 1544 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1DB3000, BlocksNum 0x72953000
22:21:32.0468 1544 Initialize success
22:21:32.0468 1544 ============================================================
22:21:33.0716 3728 ============================================================
22:21:33.0716 3728 Scan started
22:21:33.0716 3728 Mode: Manual;
22:21:33.0716 3728 ============================================================
22:21:34.0340 3728 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:21:34.0355 3728 1394ohci - ok
22:21:34.0371 3728 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:21:34.0387 3728 ACPI - ok
22:21:34.0387 3728 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:21:34.0387 3728 AcpiPmi - ok
22:21:34.0480 3728 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:21:34.0480 3728 AdobeARMservice - ok
22:21:34.0496 3728 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
22:21:34.0496 3728 adp94xx - ok
22:21:34.0511 3728 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
22:21:34.0511 3728 adpahci - ok
22:21:34.0527 3728 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
22:21:34.0527 3728 adpu320 - ok
22:21:34.0558 3728 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:21:34.0558 3728 AeLookupSvc - ok
22:21:34.0621 3728 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:21:34.0621 3728 AFD - ok
22:21:34.0636 3728 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:21:34.0636 3728 agp440 - ok
22:21:34.0652 3728 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:21:34.0652 3728 ALG - ok
22:21:34.0667 3728 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:21:34.0667 3728 aliide - ok
22:21:34.0667 3728 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:21:34.0667 3728 amdide - ok
22:21:34.0683 3728 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
22:21:34.0683 3728 AmdK8 - ok
22:21:34.0699 3728 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
22:21:34.0699 3728 AmdPPM - ok
22:21:34.0714 3728 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:21:34.0714 3728 amdsata - ok
22:21:34.0730 3728 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
22:21:34.0730 3728 amdsbs - ok
22:21:34.0745 3728 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:21:34.0745 3728 amdxata - ok
22:21:34.0761 3728 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:21:34.0761 3728 AppID - ok
22:21:34.0777 3728 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:21:34.0777 3728 AppIDSvc - ok
22:21:34.0792 3728 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
22:21:34.0808 3728 Appinfo - ok
22:21:34.0870 3728 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:21:34.0870 3728 Apple Mobile Device - ok
22:21:34.0901 3728 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
22:21:34.0901 3728 arc - ok
22:21:34.0917 3728 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
22:21:34.0917 3728 arcsas - ok
22:21:34.0979 3728 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:21:34.0979 3728 aspnet_state - ok
22:21:35.0011 3728 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:21:35.0011 3728 AsyncMac - ok
22:21:35.0042 3728 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:21:35.0042 3728 atapi - ok
22:21:35.0120 3728 athr (96abf88241f90ff647e55c934c55c2f1) C:\Windows\system32\DRIVERS\athrx.sys
22:21:35.0167 3728 athr - ok
22:21:35.0229 3728 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:21:35.0229 3728 AudioEndpointBuilder - ok
22:21:35.0245 3728 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:21:35.0260 3728 AudioSrv - ok
22:21:35.0401 3728 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
22:21:35.0416 3728 AVGIDSAgent - ok
22:21:35.0448 3728 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
22:21:35.0448 3728 AVGIDSDriver - ok
22:21:35.0463 3728 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
22:21:35.0463 3728 AVGIDSEH - ok
22:21:35.0479 3728 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
22:21:35.0479 3728 AVGIDSFilter - ok
22:21:35.0526 3728 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
22:21:35.0526 3728 Avgldx64 - ok
22:21:35.0541 3728 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
22:21:35.0541 3728 Avgmfx64 - ok
22:21:35.0572 3728 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
22:21:35.0572 3728 Avgrkx64 - ok
22:21:35.0604 3728 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
22:21:35.0604 3728 Avgtdia - ok
22:21:35.0635 3728 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
22:21:35.0635 3728 avgwd - ok
22:21:35.0682 3728 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
22:21:35.0682 3728 AxInstSV - ok
22:21:35.0713 3728 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
22:21:35.0728 3728 b06bdrv - ok
22:21:35.0744 3728 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:21:35.0760 3728 b57nd60a - ok
22:21:35.0791 3728 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:21:35.0806 3728 BDESVC - ok
22:21:35.0884 3728 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:21:35.0884 3728 Beep - ok
22:21:35.0931 3728 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
22:21:35.0931 3728 BFE - ok
22:21:35.0978 3728 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
22:21:35.0978 3728 BITS - ok
22:21:35.0994 3728 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:21:35.0994 3728 blbdrive - ok
22:21:36.0056 3728 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:21:36.0056 3728 Bonjour Service - ok
22:21:36.0103 3728 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:21:36.0103 3728 bowser - ok
22:21:36.0118 3728 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
22:21:36.0118 3728 BrFiltLo - ok
22:21:36.0118 3728 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
22:21:36.0134 3728 BrFiltUp - ok
22:21:36.0165 3728 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
22:21:36.0165 3728 BridgeMP - ok
22:21:36.0181 3728 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:21:36.0181 3728 Browser - ok
22:21:36.0196 3728 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:21:36.0196 3728 Brserid - ok
22:21:36.0212 3728 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:21:36.0212 3728 BrSerWdm - ok
22:21:36.0212 3728 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:21:36.0212 3728 BrUsbMdm - ok
22:21:36.0228 3728 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:21:36.0228 3728 BrUsbSer - ok
22:21:36.0243 3728 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
22:21:36.0243 3728 BTHMODEM - ok
22:21:36.0259 3728 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:21:36.0259 3728 bthserv - ok
22:21:36.0368 3728 catchme - ok
22:21:36.0399 3728 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:21:36.0399 3728 cdfs - ok
22:21:36.0415 3728 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
22:21:36.0415 3728 cdrom - ok
22:21:36.0430 3728 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:21:36.0430 3728 CertPropSvc - ok
22:21:36.0446 3728 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
22:21:36.0446 3728 circlass - ok
22:21:36.0477 3728 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:21:36.0477 3728 CLFS - ok
22:21:36.0540 3728 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:21:36.0540 3728 clr_optimization_v2.0.50727_32 - ok
22:21:36.0555 3728 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:21:36.0571 3728 clr_optimization_v2.0.50727_64 - ok
22:21:36.0602 3728 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:21:36.0602 3728 clr_optimization_v4.0.30319_32 - ok
22:21:36.0633 3728 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:21:36.0633 3728 clr_optimization_v4.0.30319_64 - ok
22:21:36.0633 3728 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
22:21:36.0633 3728 CmBatt - ok
22:21:36.0649 3728 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:21:36.0649 3728 cmdide - ok
22:21:36.0696 3728 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
22:21:36.0696 3728 CNG - ok
22:21:36.0758 3728 CnxtHdAudService (5c855932e4df00b1b6f5f6f57e82b6c5) C:\Windows\system32\drivers\CHDRT64.sys
22:21:36.0758 3728 CnxtHdAudService - ok
22:21:36.0774 3728 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
22:21:36.0774 3728 Compbatt - ok
22:21:36.0805 3728 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:21:36.0805 3728 CompositeBus - ok
22:21:36.0805 3728 COMSysApp - ok
22:21:36.0805 3728 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
22:21:36.0820 3728 crcdisk - ok
22:21:36.0836 3728 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
22:21:36.0836 3728 CryptSvc - ok
22:21:36.0961 3728 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:21:36.0961 3728 cvhsvc - ok
22:21:36.0992 3728 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:21:37.0008 3728 DcomLaunch - ok
22:21:37.0023 3728 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:21:37.0023 3728 defragsvc - ok
22:21:37.0070 3728 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:21:37.0070 3728 DfsC - ok
22:21:37.0101 3728 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
22:21:37.0117 3728 Dhcp - ok
22:21:37.0132 3728 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:21:37.0148 3728 discache - ok
22:21:37.0164 3728 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
22:21:37.0164 3728 Disk - ok
22:21:37.0195 3728 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
22:21:37.0210 3728 Dnscache - ok
22:21:37.0210 3728 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
22:21:37.0226 3728 dot3svc - ok
22:21:37.0273 3728 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
22:21:37.0273 3728 Dot4 - ok
22:21:37.0288 3728 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:21:37.0304 3728 Dot4Print - ok
22:21:37.0320 3728 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
22:21:37.0320 3728 dot4usb - ok
22:21:37.0335 3728 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:21:37.0351 3728 DPS - ok
22:21:37.0366 3728 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:21:37.0366 3728 drmkaud - ok
22:21:37.0429 3728 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:21:37.0444 3728 DXGKrnl - ok
22:21:37.0460 3728 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:21:37.0460 3728 EapHost - ok
22:21:37.0538 3728 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
22:21:37.0554 3728 ebdrv - ok
22:21:37.0616 3728 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
22:21:37.0616 3728 EFS - ok
22:21:37.0678 3728 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:21:37.0678 3728 ehRecvr - ok
22:21:37.0694 3728 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:21:37.0694 3728 ehSched - ok
22:21:37.0710 3728 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
22:21:37.0725 3728 elxstor - ok
22:21:37.0725 3728 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:21:37.0725 3728 ErrDev - ok
22:21:37.0772 3728 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:21:37.0772 3728 EventSystem - ok
22:21:37.0788 3728 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:21:37.0788 3728 exfat - ok
22:21:37.0819 3728 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:21:37.0834 3728 fastfat - ok
22:21:37.0866 3728 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:21:37.0866 3728 Fax - ok
22:21:37.0881 3728 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
22:21:37.0881 3728 fdc - ok
22:21:37.0897 3728 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:21:37.0897 3728 fdPHost - ok
22:21:37.0897 3728 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:21:37.0912 3728 FDResPub - ok
22:21:37.0928 3728 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:21:37.0928 3728 FileInfo - ok
22:21:37.0944 3728 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:21:37.0944 3728 Filetrace - ok
22:21:37.0944 3728 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
22:21:37.0944 3728 flpydisk - ok
22:21:37.0959 3728 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:21:37.0975 3728 FltMgr - ok
22:21:38.0006 3728 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
22:21:38.0037 3728 FontCache - ok
22:21:38.0115 3728 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:21:38.0115 3728 FontCache3.0.0.0 - ok
22:21:38.0146 3728 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:21:38.0146 3728 FsDepends - ok
22:21:38.0162 3728 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:21:38.0162 3728 Fs_Rec - ok
22:21:38.0193 3728 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:21:38.0193 3728 fvevol - ok
22:21:38.0209 3728 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
22:21:38.0209 3728 gagp30kx - ok
22:21:38.0240 3728 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:21:38.0240 3728 GEARAspiWDM - ok
22:21:38.0302 3728 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
22:21:38.0302 3728 GoToAssist - ok
22:21:38.0349 3728 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:21:38.0349 3728 gpsvc - ok
22:21:38.0365 3728 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:21:38.0365 3728 hcw85cir - ok
22:21:38.0396 3728 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:21:38.0396 3728 HDAudBus - ok
22:21:38.0396 3728 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
22:21:38.0396 3728 HidBatt - ok
22:21:38.0412 3728 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
22:21:38.0412 3728 HidBth - ok
22:21:38.0427 3728 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
22:21:38.0427 3728 HidIr - ok
22:21:38.0443 3728 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
22:21:38.0458 3728 hidserv - ok
22:21:38.0474 3728 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:21:38.0474 3728 HidUsb - ok
22:21:38.0505 3728 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:21:38.0505 3728 hkmsvc - ok
22:21:38.0521 3728 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:21:38.0536 3728 HomeGroupListener - ok
22:21:38.0536 3728 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:21:38.0552 3728 HomeGroupProvider - ok
22:21:38.0677 3728 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
22:21:38.0692 3728 hpqcxs08 - ok
22:21:38.0708 3728 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
22:21:38.0708 3728 hpqddsvc - ok
22:21:38.0755 3728 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:21:38.0755 3728 HpSAMD - ok
22:21:38.0786 3728 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:21:38.0802 3728 HTTP - ok
22:21:38.0817 3728 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:21:38.0817 3728 hwpolicy - ok
22:21:38.0848 3728 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:21:38.0848 3728 i8042prt - ok
22:21:38.0895 3728 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:21:38.0895 3728 iaStorV - ok
22:21:38.0973 3728 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:21:38.0989 3728 idsvc - ok
22:21:39.0207 3728 igfx (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:21:39.0441 3728 igfx - ok
22:21:39.0472 3728 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
22:21:39.0472 3728 iirsp - ok
22:21:39.0519 3728 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:21:39.0519 3728 IKEEXT - ok
22:21:39.0566 3728 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
22:21:39.0566 3728 IntcDAud - ok
22:21:39.0582 3728 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:21:39.0582 3728 intelide - ok
22:21:39.0597 3728 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:21:39.0597 3728 intelppm - ok
22:21:39.0613 3728 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:21:39.0613 3728 IPBusEnum - ok
22:21:39.0628 3728 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:21:39.0628 3728 IpFilterDriver - ok
22:21:39.0660 3728 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
22:21:39.0675 3728 iphlpsvc - ok
22:21:39.0691 3728 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:21:39.0691 3728 IPMIDRV - ok
22:21:39.0706 3728 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:21:39.0706 3728 IPNAT - ok
22:21:39.0769 3728 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
22:21:39.0784 3728 iPod Service - ok
22:21:39.0816 3728 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:21:39.0816 3728 IRENUM - ok
22:21:39.0831 3728 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:21:39.0831 3728 isapnp - ok
22:21:39.0847 3728 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:21:39.0862 3728 iScsiPrt - ok
22:21:39.0878 3728 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:21:39.0878 3728 kbdclass - ok
22:21:39.0894 3728 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
22:21:39.0894 3728 kbdhid - ok
22:21:39.0940 3728 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:21:39.0940 3728 KeyIso - ok
22:21:39.0940 3728 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:21:39.0956 3728 KSecDD - ok
22:21:39.0956 3728 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:21:39.0972 3728 KSecPkg - ok
22:21:39.0972 3728 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:21:39.0987 3728 ksthunk - ok
22:21:40.0018 3728 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:21:40.0018 3728 KtmRm - ok
22:21:40.0050 3728 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
22:21:40.0065 3728 LanmanServer - ok
22:21:40.0081 3728 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:21:40.0081 3728 LanmanWorkstation - ok
22:21:40.0112 3728 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:21:40.0112 3728 lltdio - ok
22:21:40.0143 3728 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:21:40.0143 3728 lltdsvc - ok
22:21:40.0159 3728 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:21:40.0159 3728 lmhosts - ok
22:21:40.0174 3728 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
22:21:40.0174 3728 LSI_FC - ok
22:21:40.0206 3728 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
22:21:40.0206 3728 LSI_SAS - ok
22:21:40.0206 3728 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
22:21:40.0221 3728 LSI_SAS2 - ok
22:21:40.0221 3728 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
22:21:40.0221 3728 LSI_SCSI - ok
22:21:40.0237 3728 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:21:40.0237 3728 luafv - ok
22:21:40.0268 3728 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:21:40.0268 3728 Mcx2Svc - ok
22:21:40.0284 3728 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
22:21:40.0284 3728 megasas - ok
22:21:40.0299 3728 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
22:21:40.0299 3728 MegaSR - ok
22:21:40.0330 3728 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
22:21:40.0330 3728 MEIx64 - ok
22:21:40.0346 3728 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:21:40.0346 3728 MMCSS - ok
22:21:40.0362 3728 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:21:40.0362 3728 Modem - ok
22:21:40.0377 3728 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:21:40.0393 3728 monitor - ok
22:21:40.0408 3728 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:21:40.0408 3728 mouclass - ok
22:21:40.0408 3728 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:21:40.0424 3728 mouhid - ok
22:21:40.0424 3728 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:21:40.0424 3728 mountmgr - ok
22:21:40.0440 3728 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:21:40.0440 3728 mpio - ok
22:21:40.0455 3728 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:21:40.0455 3728 mpsdrv - ok
22:21:40.0486 3728 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
22:21:40.0502 3728 MpsSvc - ok
22:21:40.0518 3728 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:21:40.0518 3728 MRxDAV - ok
22:21:40.0549 3728 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:21:40.0549 3728 mrxsmb - ok
22:21:40.0580 3728 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:21:40.0596 3728 mrxsmb10 - ok
22:21:40.0611 3728 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:21:40.0611 3728 mrxsmb20 - ok
22:21:40.0627 3728 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:21:40.0627 3728 msahci - ok
22:21:40.0642 3728 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:21:40.0642 3728 msdsm - ok
22:21:40.0658 3728 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:21:40.0658 3728 MSDTC - ok
22:21:40.0674 3728 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:21:40.0689 3728 Msfs - ok
22:21:40.0705 3728 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:21:40.0705 3728 mshidkmdf - ok
22:21:40.0720 3728 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:21:40.0720 3728 msisadrv - ok
22:21:40.0752 3728 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:21:40.0752 3728 MSiSCSI - ok
22:21:40.0752 3728 msiserver - ok
22:21:40.0783 3728 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:21:40.0783 3728 MSKSSRV - ok
22:21:40.0798 3728 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:21:40.0798 3728 MSPCLOCK - ok
22:21:40.0798 3728 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:21:40.0814 3728 MSPQM - ok
22:21:40.0830 3728 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:21:40.0830 3728 MsRPC - ok
22:21:40.0845 3728 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
22:21:40.0845 3728 mssmbios - ok
22:21:40.0861 3728 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:21:40.0861 3728 MSTEE - ok
22:21:40.0861 3728 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
22:21:40.0861 3728 MTConfig - ok
22:21:40.0939 3728 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:21:40.0939 3728 Mup - ok
22:21:40.0986 3728 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:21:40.0986 3728 napagent - ok
22:21:41.0017 3728 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:21:41.0032 3728 NativeWifiP - ok
22:21:41.0079 3728 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
22:21:41.0095 3728 NDIS - ok
22:21:41.0110 3728 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:21:41.0110 3728 NdisCap - ok
22:21:41.0142 3728 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:21:41.0142 3728 NdisTapi - ok
22:21:41.0157 3728 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:21:41.0157 3728 Ndisuio - ok
22:21:41.0173 3728 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:21:41.0173 3728 NdisWan - ok
22:21:41.0188 3728 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:21:41.0188 3728 NDProxy - ok
22:21:41.0251 3728 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
22:21:41.0251 3728 Net Driver HPZ12 - ok
22:21:41.0266 3728 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:21:41.0266 3728 NetBIOS - ok
22:21:41.0282 3728 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:21:41.0282 3728 NetBT - ok
22:21:41.0313 3728 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:21:41.0313 3728 Netlogon - ok
22:21:41.0360 3728 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:21:41.0360 3728 Netman - ok
22:21:41.0438 3728 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:21:41.0438 3728 NetMsmqActivator - ok
22:21:41.0438 3728 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:21:41.0454 3728 NetPipeActivator - ok
22:21:41.0485 3728 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:21:41.0485 3728 netprofm - ok
22:21:41.0485 3728 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:21:41.0500 3728 NetTcpActivator - ok
22:21:41.0500 3728 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:21:41.0500 3728 NetTcpPortSharing - ok
22:21:41.0532 3728 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
22:21:41.0532 3728 nfrd960 - ok
22:21:41.0578 3728 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:21:41.0594 3728 NlaSvc - ok
22:21:41.0703 3728 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
22:21:41.0766 3728 NOBU - ok
22:21:41.0781 3728 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:21:41.0781 3728 Npfs - ok
22:21:41.0797 3728 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:21:41.0797 3728 nsi - ok
22:21:41.0812 3728 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:21:41.0812 3728 nsiproxy - ok
22:21:41.0859 3728 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:21:41.0890 3728 Ntfs - ok
22:21:41.0906 3728 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:21:41.0906 3728 Null - ok
22:21:41.0922 3728 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:21:41.0937 3728 nvraid - ok
22:21:41.0937 3728 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:21:41.0953 3728 nvstor - ok
22:21:41.0968 3728 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:21:41.0984 3728 nv_agp - ok
22:21:41.0984 3728 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:21:41.0984 3728 ohci1394 - ok
22:21:42.0046 3728 OpenVPNService (f3e320751067fb1abf574850cf6cfb2d) C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
22:21:42.0046 3728 OpenVPNService - ok
22:21:42.0124 3728 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:21:42.0124 3728 ose - ok
22:21:42.0265 3728 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:21:42.0343 3728 osppsvc - ok
22:21:42.0374 3728 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:21:42.0374 3728 p2pimsvc - ok
22:21:42.0405 3728 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:21:42.0405 3728 p2psvc - ok
22:21:42.0421 3728 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
22:21:42.0421 3728 Parport - ok
22:21:42.0436 3728 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
22:21:42.0436 3728 partmgr - ok
22:21:42.0452 3728 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:21:42.0452 3728 PcaSvc - ok
22:21:42.0483 3728 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:21:42.0483 3728 pci - ok
22:21:42.0499 3728 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:21:42.0499 3728 pciide - ok
22:21:42.0530 3728 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
22:21:42.0530 3728 pcmcia - ok
22:21:42.0546 3728 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:21:42.0546 3728 pcw - ok
22:21:42.0577 3728 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:21:42.0577 3728 PEAUTH - ok
22:21:42.0624 3728 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:21:42.0624 3728 PerfHost - ok
22:21:42.0670 3728 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:21:42.0702 3728 pla - ok
22:21:42.0748 3728 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:21:42.0764 3728 PlugPlay - ok
22:21:42.0811 3728 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
22:21:42.0811 3728 Pml Driver HPZ12 - ok
22:21:42.0826 3728 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:21:42.0826 3728 PNRPAutoReg - ok
22:21:42.0842 3728 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:21:42.0842 3728 PNRPsvc - ok
22:21:42.0889 3728 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:21:42.0889 3728 PolicyAgent - ok
22:21:42.0920 3728 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:21:42.0936 3728 Power - ok
22:21:42.0967 3728 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:21:42.0967 3728 PptpMiniport - ok
22:21:42.0982 3728 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
22:21:42.0998 3728 Processor - ok
22:21:43.0014 3728 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
22:21:43.0029 3728 ProfSvc - ok
22:21:43.0045 3728 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:21:43.0045 3728 ProtectedStorage - ok
22:21:43.0092 3728 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:21:43.0092 3728 Psched - ok
22:21:43.0123 3728 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
22:21:43.0123 3728 PxHlpa64 - ok
22:21:43.0170 3728 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
22:21:43.0185 3728 ql2300 - ok
22:21:43.0185 3728 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
22:21:43.0185 3728 ql40xx - ok
22:21:43.0216 3728 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:21:43.0216 3728 QWAVE - ok
22:21:43.0232 3728 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:21:43.0232 3728 QWAVEdrv - ok
22:21:43.0232 3728 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:21:43.0248 3728 RasAcd - ok
22:21:43.0263 3728 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:21:43.0279 3728 RasAgileVpn - ok
22:21:43.0279 3728 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:21:43.0294 3728 RasAuto - ok
22:21:43.0310 3728 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:21:43.0310 3728 Rasl2tp - ok
22:21:43.0341 3728 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:21:43.0341 3728 RasMan - ok
22:21:43.0357 3728 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:21:43.0357 3728 RasPppoe - ok
22:21:43.0372 3728 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:21:43.0372 3728 RasSstp - ok
22:21:43.0388 3728 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:21:43.0388 3728 rdbss - ok
22:21:43.0404 3728 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
22:21:43.0404 3728 rdpbus - ok
22:21:43.0435 3728 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:21:43.0435 3728 RDPCDD - ok
22:21:43.0450 3728 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:21:43.0450 3728 RDPENCDD - ok
22:21:43.0466 3728 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:21:43.0466 3728 RDPREFMP - ok
22:21:43.0513 3728 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
22:21:43.0513 3728 RDPWD - ok
22:21:43.0544 3728 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:21:43.0560 3728 rdyboost - ok
22:21:43.0575 3728 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:21:43.0591 3728 RemoteAccess - ok
22:21:43.0606 3728 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:21:43.0606 3728 RemoteRegistry - ok
22:21:43.0716 3728 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
22:21:43.0716 3728 RoxMediaDB12OEM - ok
22:21:43.0747 3728 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
22:21:43.0762 3728 RoxWatch12 - ok
22:21:43.0762 3728 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:21:43.0762 3728 RpcEptMapper - ok
22:21:43.0794 3728 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:21:43.0794 3728 RpcLocator - ok
22:21:43.0825 3728 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:21:43.0825 3728 RpcSs - ok
22:21:43.0872 3728 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:21:43.0872 3728 rspndr - ok
22:21:43.0903 3728 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:21:43.0918 3728 RTL8167 - ok
22:21:43.0934 3728 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:21:43.0934 3728 SamSs - ok
22:21:43.0965 3728 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:21:43.0965 3728 sbp2port - ok
22:21:44.0059 3728 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
22:21:44.0074 3728 SBSDWSCService - ok
22:21:44.0106 3728 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:21:44.0106 3728 SCardSvr - ok
22:21:44.0121 3728 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:21:44.0137 3728 scfilter - ok
22:21:44.0168 3728 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:21:44.0184 3728 Schedule - ok
22:21:44.0215 3728 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:21:44.0215 3728 SCPolicySvc - ok
22:21:44.0230 3728 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:21:44.0230 3728 SDRSVC - ok
22:21:44.0262 3728 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:21:44.0262 3728 secdrv - ok
22:21:44.0277 3728 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:21:44.0277 3728 seclogon - ok
22:21:44.0293 3728 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
22:21:44.0308 3728 SENS - ok
22:21:44.0308 3728 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:21:44.0308 3728 SensrSvc - ok
22:21:44.0340 3728 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
22:21:44.0340 3728 Serenum - ok
22:21:44.0355 3728 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
22:21:44.0355 3728 Serial - ok
22:21:44.0355 3728 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
22:21:44.0355 3728 sermouse - ok
22:21:44.0386 3728 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:21:44.0386 3728 SessionEnv - ok
22:21:44.0402 3728 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:21:44.0402 3728 sffdisk - ok
22:21:44.0402 3728 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:21:44.0402 3728 sffp_mmc - ok
22:21:44.0418 3728 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:21:44.0418 3728 sffp_sd - ok
22:21:44.0433 3728 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
22:21:44.0433 3728 sfloppy - ok
22:21:44.0480 3728 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
22:21:44.0496 3728 Sftfs - ok
22:21:44.0574 3728 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:21:44.0589 3728 sftlist - ok
22:21:44.0605 3728 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
22:21:44.0605 3728 Sftplay - ok
22:21:44.0620 3728 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
22:21:44.0620 3728 Sftredir - ok
22:21:44.0683 3728 SftService (1968e6ebbeecf61d5f7d8603467e2ad0) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
22:21:44.0714 3728 SftService - ok
22:21:44.0745 3728 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
22:21:44.0745 3728 Sftvol - ok
22:21:44.0761 3728 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:21:44.0761 3728 sftvsa - ok
22:21:44.0792 3728 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:21:44.0792 3728 SharedAccess - ok
22:21:44.0823 3728 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:21:44.0823 3728 ShellHWDetection - ok
22:21:44.0854 3728 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
22:21:44.0854 3728 SiSRaid2 - ok
22:21:44.0870 3728 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
22:21:44.0870 3728 SiSRaid4 - ok
22:21:44.0886 3728 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:21:44.0886 3728 Smb - ok
22:21:44.0901 3728 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:21:44.0901 3728 SNMPTRAP - ok
22:21:44.0917 3728 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:21:44.0932 3728 spldr - ok
22:21:44.0948 3728 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:21:44.0948 3728 Spooler - ok
22:21:45.0042 3728 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:21:45.0088 3728 sppsvc - ok
22:21:45.0104 3728 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:21:45.0104 3728 sppuinotify - ok
22:21:45.0135 3728 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:21:45.0151 3728 srv - ok
22:21:45.0166 3728 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:21:45.0166 3728 srv2 - ok
22:21:45.0198 3728 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:21:45.0198 3728 srvnet - ok
22:21:45.0213 3728 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:21:45.0229 3728 SSDPSRV - ok
22:21:45.0229 3728 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:21:45.0244 3728 SstpSvc - ok
22:21:45.0276 3728 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
22:21:45.0276 3728 stexstor - ok
22:21:45.0307 3728 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:21:45.0307 3728 stisvc - ok
22:21:45.0354 3728 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
22:21:45.0354 3728 stllssvr - ok
22:21:45.0385 3728 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
22:21:45.0385 3728 swenum - ok
22:21:45.0400 3728 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:21:45.0416 3728 swprv - ok
22:21:45.0478 3728 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:21:45.0510 3728 SysMain - ok
22:21:45.0525 3728 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:21:45.0525 3728 TabletInputService - ok
22:21:45.0556 3728 tap0901 (f0b9d3ed88e56d3cd713dff21e42aaf0) C:\Windows\system32\DRIVERS\tap0901.sys
22:21:45.0556 3728 tap0901 - ok
22:21:45.0572 3728 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:21:45.0588 3728 TapiSrv - ok
22:21:45.0603 3728 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:21:45.0603 3728 TBS - ok
22:21:45.0681 3728 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
22:21:45.0697 3728 Tcpip - ok
22:21:45.0744 3728 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
22:21:45.0759 3728 TCPIP6 - ok
22:21:45.0790 3728 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:21:45.0790 3728 tcpipreg - ok
22:21:45.0806 3728 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:21:45.0806 3728 TDPIPE - ok
22:21:45.0837 3728 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:21:45.0837 3728 TDTCP - ok
22:21:45.0868 3728 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:21:45.0868 3728 tdx - ok
22:21:45.0900 3728 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
22:21:45.0900 3728 TermDD - ok
22:21:45.0915 3728 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:21:45.0915 3728 TermService - ok
22:21:45.0993 3728 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:21:46.0009 3728 Themes - ok
22:21:46.0087 3728 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:21:46.0087 3728 THREADORDER - ok
22:21:46.0102 3728 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:21:46.0102 3728 TrkWks - ok
22:21:46.0149 3728 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:21:46.0149 3728 TrustedInstaller - ok
22:21:46.0165 3728 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:21:46.0165 3728 tssecsrv - ok
22:21:46.0196 3728 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:21:46.0196 3728 TsUsbFlt - ok
22:21:46.0212 3728 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
22:21:46.0212 3728 TsUsbGD - ok
22:21:46.0243 3728 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:21:46.0243 3728 tunnel - ok
22:21:46.0258 3728 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
22:21:46.0258 3728 uagp35 - ok
22:21:46.0274 3728 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:21:46.0274 3728 udfs - ok
22:21:46.0290 3728 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:21:46.0290 3728 UI0Detect - ok
22:21:46.0305 3728 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:21:46.0305 3728 uliagpkx - ok
22:21:46.0321 3728 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
22:21:46.0321 3728 umbus - ok
22:21:46.0336 3728 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
22:21:46.0336 3728 UmPass - ok
22:21:46.0352 3728 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:21:46.0368 3728 upnphost - ok
22:21:46.0399 3728 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
22:21:46.0399 3728 USBAAPL64 - ok
22:21:46.0446 3728 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
22:21:46.0446 3728 usbccgp - ok
22:21:46.0446 3728 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:21:46.0446 3728 usbcir - ok
22:21:46.0477 3728 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
22:21:46.0477 3728 usbehci - ok
22:21:46.0508 3728 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:21:46.0508 3728 usbhub - ok
22:21:46.0539 3728 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
22:21:46.0539 3728 usbohci - ok
22:21:46.0570 3728 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:21:46.0570 3728 usbprint - ok
22:21:46.0586 3728 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:21:46.0586 3728 usbscan - ok
22:21:46.0602 3728 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:21:46.0602 3728 USBSTOR - ok
22:21:46.0633 3728 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:21:46.0633 3728 usbuhci - ok
22:21:46.0648 3728 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:21:46.0648 3728 UxSms - ok
22:21:46.0680 3728 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:21:46.0680 3728 VaultSvc - ok
22:21:46.0711 3728 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:21:46.0711 3728 vdrvroot - ok
22:21:46.0726 3728 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:21:46.0742 3728 vds - ok
22:21:46.0758 3728 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:21:46.0758 3728 vga - ok
22:21:46.0789 3728 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:21:46.0789 3728 VgaSave - ok
22:21:46.0804 3728 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:21:46.0804 3728 vhdmp - ok
22:21:46.0820 3728 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:21:46.0820 3728 viaide - ok
22:21:46.0836 3728 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:21:46.0836 3728 volmgr - ok
22:21:46.0867 3728 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:21:46.0867 3728 volmgrx - ok
22:21:46.0882 3728 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:21:46.0882 3728 volsnap - ok
22:21:46.0898 3728 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
22:21:46.0898 3728 vsmraid - ok
22:21:46.0960 3728 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:21:46.0992 3728 VSS - ok
22:21:47.0007 3728 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:21:47.0007 3728 vwifibus - ok
22:21:47.0038 3728 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:21:47.0038 3728 vwififlt - ok
22:21:47.0054 3728 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:21:47.0070 3728 W32Time - ok
22:21:47.0070 3728 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
22:21:47.0070 3728 WacomPen - ok
22:21:47.0101 3728 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:21:47.0101 3728 WANARP - ok
22:21:47.0116 3728 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:21:47.0116 3728 Wanarpv6 - ok
22:21:47.0179 3728 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
22:21:47.0194 3728 WatAdminSvc - ok
22:21:47.0210 3728 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:21:47.0226 3728 wbengine - ok
22:21:47.0241 3728 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:21:47.0241 3728 WbioSrvc - ok
22:21:47.0257 3728 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:21:47.0257 3728 wcncsvc - ok
22:21:47.0272 3728 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:21:47.0272 3728 WcsPlugInService - ok
22:21:47.0288 3728 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
22:21:47.0288 3728 Wd - ok
22:21:47.0304 3728 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:21:47.0304 3728 Wdf01000 - ok
22:21:47.0319 3728 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:21:47.0319 3728 WdiServiceHost - ok
22:21:47.0319 3728 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:21:47.0319 3728 WdiSystemHost - ok
22:21:47.0335 3728 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:21:47.0335 3728 WebClient - ok
22:21:47.0335 3728 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:21:47.0350 3728 Wecsvc - ok
22:21:47.0350 3728 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:21:47.0350 3728 wercplsupport - ok
22:21:47.0382 3728 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:21:47.0397 3728 WerSvc - ok
22:21:47.0413 3728 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:21:47.0413 3728 WfpLwf - ok
22:21:47.0444 3728 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
22:21:47.0460 3728 WimFltr - ok
22:21:47.0475 3728 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:21:47.0475 3728 WIMMount - ok
22:21:47.0506 3728 WinDefend - ok
22:21:47.0506 3728 WinHttpAutoProxySvc - ok
22:21:47.0569 3728 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:21:47.0569 3728 Winmgmt - ok
22:21:47.0631 3728 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:21:47.0662 3728 WinRM - ok
22:21:47.0709 3728 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:21:47.0709 3728 WinUsb - ok
22:21:47.0756 3728 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:21:47.0772 3728 Wlansvc - ok
22:21:47.0834 3728 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:21:47.0834 3728 wlcrasvc - ok
22:21:47.0912 3728 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:21:47.0943 3728 wlidsvc - ok
22:21:47.0974 3728 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:21:47.0974 3728 WmiAcpi - ok
22:21:48.0021 3728 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:21:48.0037 3728 wmiApSrv - ok
22:21:48.0052 3728 WMPNetworkSvc - ok
22:21:48.0068 3728 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:21:48.0068 3728 WPCSvc - ok
22:21:48.0084 3728 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:21:48.0084 3728 WPDBusEnum - ok
22:21:48.0099 3728 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:21:48.0099 3728 ws2ifsl - ok
22:21:48.0146 3728 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
22:21:48.0146 3728 wscsvc - ok
22:21:48.0162 3728 WSearch - ok
22:21:48.0208 3728 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
22:21:48.0255 3728 wuauserv - ok
22:21:48.0271 3728 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:21:48.0271 3728 WudfPf - ok
22:21:48.0302 3728 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:21:48.0302 3728 WUDFRd - ok
22:21:48.0318 3728 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:21:48.0318 3728 wudfsvc - ok
22:21:48.0333 3728 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:21:48.0349 3728 WwanSvc - ok
22:21:48.0364 3728 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:21:48.0427 3728 \Device\Harddisk0\DR0 - ok
22:21:48.0427 3728 Boot (0x1200) (12c00f5a40e3786e70eafa6e35793665) \Device\Harddisk0\DR0\Partition0
22:21:48.0427 3728 \Device\Harddisk0\DR0\Partition0 - ok
22:21:48.0442 3728 Boot (0x1200) (4d0b8773ccbfbc460041dfc80cdcb4c2) \Device\Harddisk0\DR0\Partition1
22:21:48.0442 3728 \Device\Harddisk0\DR0\Partition1 - ok
22:21:48.0442 3728 ============================================================
22:21:48.0442 3728 Scan finished
22:21:48.0442 3728 ============================================================
22:21:48.0458 6956 Detected object count: 0
22:21:48.0458 6956 Actual detected object count: 0

#12 yaosers

yaosers
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 25 March 2012 - 10:46 PM

and here is my aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-25 22:28:25
-----------------------------
22:28:25.475 OS Version: Windows x64 6.1.7601 Service Pack 1
22:28:25.475 Number of processors: 4 586 0x2A07
22:28:25.475 ComputerName: HOME-PC UserName: Home
22:28:26.520 Initialize success
22:29:57.746 AVAST engine defs: 12032501
22:33:57.706 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:33:57.706 Disk 0 Vendor: WDC_WD10EALX-759BA1 19.01H19 Size: 953869MB BusType: 3
22:33:57.722 Disk 0 MBR read successfully
22:33:57.722 Disk 0 MBR scan
22:33:57.722 Disk 0 Windows VISTA default MBR code
22:33:57.737 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
22:33:57.737 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15166 MB offset 81920
22:33:57.753 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 938662 MB offset 31141888
22:33:57.768 Disk 0 scanning C:\Windows\system32\drivers
22:34:02.807 Service scanning
22:34:15.318 Modules scanning
22:34:15.318 Disk 0 trace - called modules:
22:34:15.334 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
22:34:15.849 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006574060]
22:34:15.849 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8005472db0]
22:34:15.849 5 ACPI.sys[fffff88000f237a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80060e3060]
22:34:17.409 AVAST engine scan C:\Windows
22:34:20.279 AVAST engine scan C:\Windows\system32
22:35:50.104 AVAST engine scan C:\Windows\system32\drivers
22:35:56.719 AVAST engine scan C:\Users\Home
22:37:09.118 AVAST engine scan C:\ProgramData
22:39:07.335 Scan finished successfully
22:46:43.933 Disk 0 MBR has been saved successfully to "C:\Users\Home\Desktop\MBR.dat"
22:46:43.933 The log file has been saved successfully to "C:\Users\Home\Desktop\aswMBR.txt"

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:11 PM

Posted 25 March 2012 - 11:52 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 yaosers

yaosers
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 26 March 2012 - 12:42 AM

Hi Gringo,

I ran it as instructed. Combofix kept telling me that my AVG was still running even though it was disabled. No redirect thus far. Here is my log:

ComboFix 12-03-22.01 - Home 03/26/2012 0:24.8.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6057.4376 [GMT -5:00]
Running from: c:\users\Home\Desktop\ComboFix.exe
Command switches used :: c:\users\Home\Desktop\CFscript.txt
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-02-26 to 2012-03-26 )))))))))))))))))))))))))))))))
.
.
2012-03-26 05:27 . 2012-03-26 05:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-24 04:18 . 2012-03-24 04:18 -------- d-----w- c:\users\Home\AppData\Roaming\f-secure
2012-03-24 04:18 . 2012-03-24 04:18 -------- d-----w- c:\programdata\F-Secure
2012-03-24 03:05 . 2012-03-24 03:05 -------- d-----w- c:\program files (x86)\ESET
2012-03-24 02:53 . 2012-03-24 02:53 388096 ----a-r- c:\users\Home\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-24 02:53 . 2012-03-24 02:53 -------- d-----w- c:\program files (x86)\Trend Micro
2012-03-24 02:50 . 2012-03-24 02:50 -------- d-----w- c:\users\Home\AppData\Roaming\Malwarebytes
2012-03-24 02:50 . 2012-03-24 02:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-24 02:50 . 2012-03-24 02:50 -------- d-----w- c:\programdata\Malwarebytes
2012-03-24 02:50 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-24 02:47 . 2012-03-24 02:47 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-24 02:47 . 2012-03-24 02:47 -------- d-----w- c:\program files (x86)\Java
2012-03-24 01:57 . 2012-03-24 01:57 -------- d-----w- c:\program files\CCleaner
2012-03-22 01:42 . 2012-03-22 01:42 -------- d-----w- c:\users\Home\AppData\Local\ElevatedDiagnostics
2012-03-18 04:11 . 2012-03-24 02:36 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-18 04:11 . 2012-03-18 04:14 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-14 08:01 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 08:01 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 08:01 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 22:39 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 22:39 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 22:39 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 22:39 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 22:39 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 22:39 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 22:39 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 22:39 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 22:39 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 22:39 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-09 02:25 . 2012-03-09 02:25 -------- d-----w- c:\program files\iPod
2012-03-09 02:25 . 2012-03-09 02:26 -------- d-----w- c:\program files\iTunes
2012-03-09 02:25 . 2012-03-09 02:26 -------- d-----w- c:\program files (x86)\iTunes
2012-03-03 03:42 . 2012-03-03 03:42 -------- d-----w- c:\users\Home\AppData\Roaming\Apple Computer
2012-03-03 03:42 . 2012-03-03 03:42 -------- d-----w- c:\users\Home\AppData\Local\Apple Computer
2012-03-03 03:42 . 2012-03-03 03:42 -------- dc----w- c:\windows\system32\DRVSTORE
2012-03-03 03:42 . 2009-05-18 19:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-03-03 03:42 . 2008-04-17 18:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-03-03 03:42 . 2008-04-17 18:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-03-03 03:42 . 2012-03-03 03:42 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-03-03 03:42 . 2012-03-03 03:42 -------- d-----w- c:\programdata\Apple Computer
2012-03-03 03:40 . 2012-03-03 03:40 -------- d-----w- c:\users\Home\AppData\Local\Apple
2012-03-03 03:40 . 2012-03-03 03:40 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-03-03 03:40 . 2012-03-03 03:40 -------- d-----w- c:\program files\Common Files\Apple
2012-03-03 03:40 . 2012-03-03 03:40 -------- d-----w- c:\program files\Bonjour
2012-03-03 03:40 . 2012-03-03 03:40 -------- d-----w- c:\program files (x86)\Bonjour
2012-03-03 03:40 . 2012-03-09 02:25 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-03-03 03:40 . 2012-03-03 03:40 -------- d-----w- c:\programdata\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-24 02:47 . 2011-09-14 22:51 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-04 10:44 . 2012-02-16 03:24 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 03:24 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-16 03:24 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-16 03:24 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-16 03:24 498688 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-19_00.00.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-26 05:27 . 2012-03-26 05:27 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-03-18 23:59 . 2012-03-18 23:59 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2010-11-21 03:09 . 2012-03-26 01:29 28734 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-26 01:29 34062 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-01 21:28 . 2012-03-24 06:04 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-01 21:28 . 2012-03-09 04:29 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-01 21:28 . 2012-03-24 06:04 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-01 21:28 . 2012-03-09 04:29 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-09 04:29 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-24 06:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-03-24 19:30 95984 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-09-05 15:04 . 2011-09-05 15:04 64952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\armsvc.exe
+ 2011-10-01 21:41 . 2012-03-26 01:29 6020 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3708790988-2525651993-2563727528-1001_UserData.bin
- 2012-03-19 00:00 . 2012-03-19 00:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-26 05:28 . 2012-03-26 05:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-26 05:28 . 2012-03-26 05:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-19 00:00 . 2012-03-19 00:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-09-14 22:51 . 2011-09-14 22:51 157472 c:\windows\SysWOW64\javaws.exe
+ 2012-03-24 02:47 . 2012-03-24 02:47 157472 c:\windows\SysWOW64\javaws.exe
+ 2012-03-24 02:47 . 2012-03-24 02:47 149280 c:\windows\SysWOW64\javaw.exe
+ 2012-03-24 02:47 . 2012-03-24 02:47 149280 c:\windows\SysWOW64\java.exe
+ 2011-10-02 05:07 . 2012-03-26 01:13 246850 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2012-03-24 02:09 660520 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-18 05:17 660520 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-24 02:09 121190 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-18 05:17 121190 c:\windows\system32\perfc009.dat
- 2009-07-14 05:12 . 2011-02-10 16:14 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-03-24 03:04 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2012-03-26 05:27 269176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-18 23:59 269176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-24 02:47 . 2012-03-24 02:47 207360 c:\windows\Installer\1de180.msi
+ 2011-09-05 15:04 . 2011-09-05 15:04 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\AcroRdIF.dll
- 2011-10-01 21:38 . 2011-11-09 09:17 6652032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3708790988-2525651993-2563727528-1001-12288.dat
+ 2011-10-01 21:38 . 2012-03-24 04:33 6652032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3708790988-2525651993-2563727528-1001-12288.dat
+ 2012-03-24 02:51 . 2012-03-24 02:51 1402880 c:\windows\Installer\1de184.msi
+ 2011-10-01 21:38 . 2012-03-26 05:27 28173044 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3708790988-2525651993-2563727528-1001-8192.dat
+ 2012-03-24 02:46 . 2012-03-24 02:46 12938752 c:\windows\Installer\1de17a.msi
+ 2012-01-03 17:58 . 2012-01-03 17:58 20320256 c:\windows\Installer\1b27b.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-29 885760]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-07-08 1692480]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-29 2055016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-01 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-01 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.siriusxm.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\9s276l5l.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
.
**************************************************************************
.
Completion time: 2012-03-26 00:35:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-26 05:35
ComboFix2.txt 2012-03-26 01:23
ComboFix3.txt 2012-03-25 13:23
ComboFix4.txt 2012-03-24 05:03
ComboFix5.txt 2012-03-26 05:22
.
Pre-Run: 660,021,202,944 bytes free
Post-Run: 659,896,332,288 bytes free
.
- - End Of File - - EDEDC6F3DBF19DAE481AA82537D6B7CA

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:11 PM

Posted 26 March 2012 - 08:13 AM

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users