Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is it an infection?


  • This topic is locked This topic is locked
19 replies to this topic

#1 Omar Yehia

Omar Yehia

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 29 April 2012 - 09:41 PM

Hi,
It seems i have a memory leak or an infection or something, i can't figure it out what it is, just let me know if i have an infection. I can't leave my system on and when it's idle, it takes forever to open any application, please help i have attached the files required
Regards,

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:10 AM

Posted 30 April 2012 - 09:47 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Omar Yehia

Omar Yehia
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 30 April 2012 - 06:40 PM

Results of screen317's Security Check version 0.99.32
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
BullGuard
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

TuneUp Utilities Language Pack (en-US)
Java™ 6 Update 31
Adobe Flash Player 11.1.102.55
Adobe Reader X (10.1.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

ComboFix 12-04-31.02 - R0M 30/04/2012 18:38:41.22.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3070.1673 [GMT -4:00]
Running from: c:\users\R0M\Desktop\ComboFix.exe
AV: BullGuard Antivirus *Disabled/Outdated* {C3CCAC61-52F7-A056-1860-6406566E2578}
FW: BullGuard Firewall *Disabled* {FBF72D44-1898-A10E-333F-CD33A8BD6203}
SP: BullGuard Antispyware *Disabled/Outdated* {78AD4D85-74CD-AFD8-22D0-5F742DE96FC5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\15fc9c67-6e4d-42b6-b215-fee7bb01b1c7.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-30 )))))))))))))))))))))))))))))))
.
.
2012-04-30 22:50 . 2012-04-30 22:51 -------- d-----w- c:\users\R0M\AppData\Local\temp
2012-04-30 22:50 . 2012-04-30 22:50 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-30 22:50 . 2012-04-30 22:50 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-04-30 22:50 . 2012-04-30 22:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-29 17:04 . 2012-04-29 17:06 -------- d-----w- c:\program files\UFile 2011
2012-04-29 16:56 . 2012-04-29 16:56 -------- d-----w- c:\users\R0M\AppData\Local\ZoomFoot Send Photo
2012-04-29 16:42 . 2012-04-29 16:43 -------- d-----w- c:\program files\ZoomFoot Send Photo
2012-04-14 01:25 . 2012-04-14 01:25 -------- d-----w- c:\program files\Common Files\Java
2012-04-13 19:28 . 2012-04-14 01:32 -------- d-----w- c:\users\R0M\AppData\Roaming\BullGuard
2012-04-13 19:24 . 2012-04-30 22:49 -------- d-----w- c:\programdata\BullGuard
2012-04-13 19:24 . 2012-04-13 19:24 -------- d-----w- c:\program files\Common Files\BullGuard Ltd
2012-04-13 19:24 . 2012-04-13 19:24 -------- d-----w- c:\program files\BullGuard Ltd
2012-04-13 19:10 . 2012-04-13 19:16 -------- d-----w- c:\programdata\F-Secure
2012-04-13 19:04 . 2012-04-13 19:04 87608 ----a-w- c:\users\R0M\AppData\Roaming\inst.exe
2012-04-11 18:00 . 2012-02-28 01:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-11 18:00 . 2012-02-28 01:58 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-04-11 17:59 . 2012-02-28 01:18 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-04-11 17:59 . 2012-02-28 01:08 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-04-11 17:59 . 2012-02-28 01:11 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-04-11 17:59 . 2012-02-28 01:13 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-04-11 17:59 . 2012-02-28 01:11 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-04-11 17:51 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 17:51 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 17:51 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 17:51 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 17:51 . 2012-03-06 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 17:51 . 2012-03-06 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 10:58 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-04-09 15:26 . 2012-04-14 01:28 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2012-04-02 18:55 . 2012-04-02 19:00 -------- d-----w- c:\programdata\ReaConverter
2012-04-02 18:55 . 2012-04-02 18:55 -------- d-----w- c:\users\R0M\AppData\Roaming\RCP 6
2012-04-02 18:55 . 2012-04-02 18:55 -------- d-----w- c:\program files\ReaConverter 6.7 Standard
2012-04-02 18:41 . 2012-04-02 18:41 -------- d-----w- c:\users\R0M\AppData\Local\Samsung
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 01:28 . 2011-07-26 22:26 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-14 01:23 . 2010-04-17 21:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-13 19:31 . 2011-11-24 14:14 53088 ----a-w- c:\windows\system32\BGLsp.dll
2012-04-13 19:04 . 2009-02-07 23:55 47360 ----a-w- c:\users\R0M\AppData\Roaming\pcouffin.sys
2012-03-09 06:26 . 2012-03-09 06:26 9183232 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-03-09 05:16 . 2012-03-09 05:16 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-03-09 05:16 . 2010-10-27 07:55 791552 ----a-w- c:\windows\system32\aticfx32.dll
2012-03-09 05:11 . 2012-03-09 05:11 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-03-09 05:10 . 2012-03-09 05:10 405504 ----a-w- c:\windows\system32\atieclxx.exe
2012-03-09 05:10 . 2012-03-09 05:10 163328 ----a-w- c:\windows\system32\atiesrxx.exe
2012-03-09 05:08 . 2012-03-09 05:08 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2012-03-09 05:07 . 2012-03-09 05:07 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-03-09 05:07 . 2012-03-09 05:07 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-03-09 05:04 . 2012-03-09 05:04 6200320 ----a-w- c:\windows\system32\atidxx32.dll
2012-03-09 04:39 . 2012-03-09 04:39 19739136 ----a-w- c:\windows\system32\atioglxx.dll
2012-03-09 04:36 . 2012-03-09 04:36 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2012-03-09 04:23 . 2012-03-09 04:23 5062656 ----a-w- c:\windows\system32\atiumdva.dll
2012-03-09 04:23 . 2008-10-08 20:29 5954048 ----a-w- c:\windows\system32\atiumdag.dll
2012-03-09 04:18 . 2012-03-09 04:18 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-03-09 04:18 . 2012-03-09 04:18 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-03-09 04:12 . 2012-03-09 04:12 13715968 ----a-w- c:\windows\system32\aticaldd.dll
2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\system32\atimpc32.dll
2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\system32\amdpcom32.dll
2012-03-09 03:58 . 2012-03-09 03:58 356352 ----a-w- c:\windows\system32\atiadlxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-03-09 03:57 . 2012-03-09 03:57 265216 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-03-09 03:56 . 2012-03-09 03:56 33280 ----a-w- c:\windows\system32\atiuxpag.dll
2012-03-09 03:56 . 2011-01-26 22:12 30208 ----a-w- c:\windows\system32\atiu9pag.dll
2012-03-09 03:56 . 2011-01-26 22:11 37376 ----a-w- c:\windows\system32\atitmpxx.dll
2012-03-09 03:55 . 2012-03-09 03:55 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-03-09 03:47 . 2010-10-27 07:14 51200 ----a-w- c:\windows\system32\coinst.dll
2012-03-08 08:42 . 2012-03-08 08:42 216136 ----a-w- c:\windows\system32\drivers\NSKernel.sys
2012-03-08 08:42 . 2012-03-08 08:42 20040 ----a-w- c:\windows\system32\drivers\NSNetmon.sys
2012-03-08 08:42 . 2012-03-08 08:42 308296 ----a-w- c:\windows\system32\drivers\Trufos.sys
2012-03-08 08:41 . 2012-03-08 08:41 61152 ----a-w- c:\windows\system32\drivers\BdSpy.sys
2012-03-08 08:41 . 2012-03-08 08:41 33880 ----a-w- c:\windows\system32\drivers\afw.sys
2012-03-08 08:41 . 2012-03-08 08:41 338520 ----a-w- c:\windows\system32\drivers\afwcore.sys
2012-02-15 15:01 . 2012-02-15 15:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 15:01 . 2012-02-15 15:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-14 15:45 . 2012-03-14 07:07 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 07:07 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-14 07:07 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-14 07:07 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-14 07:07 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-09 19:13 . 2012-02-16 00:20 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2012-02-09 19:13 . 2012-02-16 00:20 21312 ----a-w- c:\windows\system32\authuitu.dll
2012-02-08 06:03 . 2012-03-04 21:40 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C719204-2FB6-45F0-8459-48F1B3AFEDBD}\mpengine.dll
2012-02-02 15:16 . 2012-03-14 07:07 2044416 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Audiogalaxy"="c:\users\R0M\AppData\Local\Audiogalaxy\Audiogalaxy.exe" [2011-12-17 2955496]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"NetWorx"="c:\program files\NetWorx\networx.exe" [2012-02-27 3387904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\BullGuard.exe" [2012-04-13 1712480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\R0M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
hpqtra08.exe [2008-3-25 214360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GetRight.lnk - c:\program files\GetRight\GetRight.exe [2008-10-23 4657424]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\BgGamingMonitor.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-07-18 73728]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - TRUFOS
*Deregistered* - fwdyrpoc
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
BullGuard_Main REG_MULTI_SZ BsMain
BullGuard REG_MULTI_SZ BsFileScan BsFire
BullGuard_Proxy REG_MULTI_SZ BsMailProxy
BullGuard_Backup REG_MULTI_SZ BsBackup
.
Contents of the 'Scheduled Tasks' folder
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2255320971-820056546-208935856-1000Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2255320971-820056546-208935856-1000UA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2255320971-820056546-208935856-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2255320971-820056546-208935856-1000UA.job
c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
c:\windows\Tasks\RtlNICDiagVistaStart.job
c:\windows\Tasks\SystemToolsDailyTest.job
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\windows\system32\BGLsp.dll
TCP: DhcpNameServer = 24.200.241.37 24.202.72.13 24.200.0.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-FoxTab FLV Player - c:\progra~1\FOXTAB~1\Uninstall\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-30 18:51
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-04-30 18:55:52
ComboFix-quarantined-files.txt 2012-04-30 22:55
ComboFix2.txt 2012-04-13 18:29
ComboFix3.txt 2012-02-01 20:16
ComboFix4.txt 2011-11-16 08:02
.
Pre-Run: 106,499,350,528 bytes free
Post-Run: 106,538,164,224 bytes free
.
- - End Of File - - DEAD121FF2CA7CDE8FD53CCA42BFD19C

Regards,

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:10 AM

Posted 30 April 2012 - 08:17 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Omar Yehia

Omar Yehia
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 01 May 2012 - 01:14 AM

02:13:15.0143 4300 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
02:13:15.0454 4300 ============================================================
02:13:15.0454 4300 Current date / time: 2012/05/01 02:13:15.0454
02:13:15.0454 4300 SystemInfo:
02:13:15.0454 4300
02:13:15.0454 4300 OS Version: 6.0.6002 ServicePack: 2.0
02:13:15.0454 4300 Product type: Workstation
02:13:15.0454 4300 ComputerName: ROMSTER2
02:13:15.0454 4300 UserName: R0M
02:13:15.0454 4300 Windows directory: C:\Windows
02:13:15.0454 4300 System windows directory: C:\Windows
02:13:15.0454 4300 Processor architecture: Intel x86
02:13:15.0454 4300 Number of processors: 4
02:13:15.0454 4300 Page size: 0x1000
02:13:15.0454 4300 Boot type: Normal boot
02:13:15.0454 4300 ============================================================
02:13:16.0567 4300 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
02:13:16.0584 4300 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
02:13:16.0626 4300 Drive \Device\Harddisk6\DR6 - Size: 0x1D1C0F00000 (1863.01 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
02:13:16.0627 4300 ============================================================
02:13:16.0627 4300 \Device\Harddisk0\DR0:
02:13:16.0627 4300 MBR partitions:
02:13:16.0627 4300 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F800, BlocksNum 0x1E00000
02:13:16.0627 4300 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E1F800, BlocksNum 0x38566000
02:13:16.0627 4300 \Device\Harddisk1\DR1:
02:13:16.0628 4300 MBR partitions:
02:13:16.0628 4300 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
02:13:16.0628 4300 \Device\Harddisk6\DR6:
02:13:16.0628 4300 MBR partitions:
02:13:16.0628 4300 \Device\Harddisk6\DR6\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000
02:13:16.0628 4300 ============================================================
02:13:16.0673 4300 C: <-> \Device\Harddisk0\DR0\Partition1
02:13:16.0698 4300 D: <-> \Device\Harddisk0\DR0\Partition0
02:13:16.0732 4300 J: <-> \Device\Harddisk1\DR1\Partition0
02:13:17.0175 4300 F: <-> \Device\Harddisk6\DR6\Partition0
02:13:17.0175 4300 ============================================================
02:13:17.0175 4300 Initialize success
02:13:17.0175 4300 ============================================================
02:13:19.0353 6084 ============================================================
02:13:19.0353 6084 Scan started
02:13:19.0353 6084 Mode: Manual;
02:13:19.0353 6084 ============================================================
02:13:20.0408 6084 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
02:13:20.0411 6084 ACPI - ok
02:13:20.0573 6084 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
02:13:20.0574 6084 AdobeARMservice - ok
02:13:20.0673 6084 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
02:13:20.0675 6084 AdobeFlashPlayerUpdateSvc - ok
02:13:20.0735 6084 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
02:13:20.0737 6084 adp94xx - ok
02:13:20.0760 6084 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
02:13:20.0762 6084 adpahci - ok
02:13:20.0783 6084 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
02:13:20.0784 6084 adpu160m - ok
02:13:20.0808 6084 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
02:13:20.0809 6084 adpu320 - ok
02:13:20.0842 6084 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
02:13:20.0843 6084 AeLookupSvc - ok
02:13:20.0869 6084 AERTFilters (b6d7239e7af6d1b64c790a28067dc6e5) C:\Windows\system32\AERTSrv.exe
02:13:20.0870 6084 AERTFilters - ok
02:13:20.0946 6084 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
02:13:20.0948 6084 AFD - ok
02:13:20.0973 6084 AFW (eae1ae91722040fd617886ca32563055) C:\Windows\system32\DRIVERS\afw.sys
02:13:20.0974 6084 AFW - ok
02:13:21.0013 6084 afwcore (0b1ba39311ea4e7c50ec4b119b7c8597) C:\Windows\system32\DRIVERS\afwcore.sys
02:13:21.0016 6084 afwcore - ok
02:13:21.0045 6084 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
02:13:21.0046 6084 agp440 - ok
02:13:21.0092 6084 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
02:13:21.0093 6084 aic78xx - ok
02:13:21.0135 6084 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
02:13:21.0151 6084 ALG - ok
02:13:21.0151 6084 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
02:13:21.0166 6084 aliide - ok
02:13:21.0210 6084 AMD External Events Utility (4b9298fd6707980ab8e3a8f0e642ec9a) C:\Windows\system32\atiesrxx.exe
02:13:21.0212 6084 AMD External Events Utility - ok
02:13:21.0234 6084 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
02:13:21.0235 6084 amdagp - ok
02:13:21.0253 6084 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
02:13:21.0254 6084 amdide - ok
02:13:21.0297 6084 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
02:13:21.0298 6084 AmdK7 - ok
02:13:21.0312 6084 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
02:13:21.0313 6084 AmdK8 - ok
02:13:21.0822 6084 amdkmdag (5c297f25a4a09d14bfe2cab5de2f1457) C:\Windows\system32\DRIVERS\atikmdag.sys
02:13:21.0870 6084 amdkmdag - ok
02:13:22.0038 6084 amdkmdap (ff2e35d9bd35f36a0126a0ca7556e43d) C:\Windows\system32\DRIVERS\atikmpag.sys
02:13:22.0040 6084 amdkmdap - ok
02:13:22.0069 6084 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
02:13:22.0070 6084 Appinfo - ok
02:13:22.0265 6084 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:13:22.0265 6084 Apple Mobile Device - ok
02:13:22.0286 6084 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
02:13:22.0288 6084 arc - ok
02:13:22.0328 6084 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
02:13:22.0329 6084 arcsas - ok
02:13:22.0373 6084 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
02:13:22.0373 6084 AsyncMac - ok
02:13:22.0396 6084 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
02:13:22.0397 6084 atapi - ok
02:13:22.0429 6084 AtiHdmiService - ok
02:13:22.0904 6084 atikmdag (5c297f25a4a09d14bfe2cab5de2f1457) C:\Windows\system32\DRIVERS\atikmdag.sys
02:13:22.0952 6084 atikmdag - ok
02:13:23.0093 6084 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
02:13:23.0096 6084 AudioEndpointBuilder - ok
02:13:23.0099 6084 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
02:13:23.0102 6084 Audiosrv - ok
02:13:23.0138 6084 BCM42RLY - ok
02:13:23.0250 6084 BCM43XX (abd543e555bc0453bf52664936df4dcd) C:\Windows\system32\DRIVERS\bcmwl6.sys
02:13:23.0256 6084 BCM43XX - ok
02:13:23.0334 6084 BdSpy (71a1694e482231ebfd51c52ce8c9ddf7) C:\Windows\system32\DRIVERS\BdSpy.sys
02:13:23.0334 6084 BdSpy - ok
02:13:23.0351 6084 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
02:13:23.0351 6084 Beep - ok
02:13:23.0411 6084 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
02:13:23.0413 6084 BFE - ok
02:13:23.0497 6084 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
02:13:23.0504 6084 BITS - ok
02:13:23.0520 6084 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
02:13:23.0521 6084 blbdrive - ok
02:13:23.0646 6084 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
02:13:23.0649 6084 Bonjour Service - ok
02:13:23.0699 6084 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
02:13:23.0700 6084 bowser - ok
02:13:23.0724 6084 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
02:13:23.0725 6084 BrFiltLo - ok
02:13:23.0737 6084 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
02:13:23.0738 6084 BrFiltUp - ok
02:13:23.0767 6084 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
02:13:23.0769 6084 Browser - ok
02:13:23.0792 6084 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
02:13:23.0793 6084 Brserid - ok
02:13:23.0801 6084 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
02:13:23.0802 6084 BrSerWdm - ok
02:13:23.0820 6084 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
02:13:23.0820 6084 BrUsbMdm - ok
02:13:23.0832 6084 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
02:13:23.0833 6084 BrUsbSer - ok
02:13:23.0889 6084 BsBackup (e604991bdb5a3eaeddd47f9ff34b2438) C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll
02:13:23.0890 6084 BsBackup - ok
02:13:23.0927 6084 BsBhvScan (864cdec7a2dce47f064493e536fd1034) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
02:13:23.0930 6084 BsBhvScan - ok
02:13:23.0976 6084 BsFileScan (be3e3f94324e00b0774d153ddaa431e4) C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll
02:13:23.0994 6084 BsFileScan - ok
02:13:24.0034 6084 BsFire (6b49b29e3e99c1073e7fb28aaa0dbd59) C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll
02:13:24.0051 6084 BsFire - ok
02:13:24.0105 6084 BsMailProxy (3cae3d054e6c4af9d37450bb6653bd96) C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll
02:13:24.0121 6084 BsMailProxy - ok
02:13:24.0196 6084 BsMain (9233f91f42d715b37e10786c5c2e3cd4) C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll
02:13:24.0198 6084 BsMain - ok
02:13:24.0215 6084 BsScanner (27a3adf887e1675e9e754cf8877460f2) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
02:13:24.0216 6084 BsScanner - ok
02:13:24.0258 6084 BsUpdate (613ea3cd6527949afeed181bfb62af43) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
02:13:24.0260 6084 BsUpdate - ok
02:13:24.0357 6084 BT - ok
02:13:24.0401 6084 btaudio - ok
02:13:24.0401 6084 Btcsrusb - ok
02:13:24.0401 6084 BTDriver - ok
02:13:24.0433 6084 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
02:13:24.0433 6084 BthEnum - ok
02:13:24.0433 6084 BtHidBus - ok
02:13:24.0487 6084 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
02:13:24.0488 6084 BTHMODEM - ok
02:13:24.0518 6084 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
02:13:24.0520 6084 BthPan - ok
02:13:24.0595 6084 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
02:13:24.0598 6084 BTHPORT - ok
02:13:24.0670 6084 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
02:13:24.0671 6084 BthServ - ok
02:13:24.0683 6084 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
02:13:24.0684 6084 BTHUSB - ok
02:13:24.0737 6084 btnetBUs (d3c277a51ef9e2ec972d6221f99c0b6d) C:\Windows\system32\Drivers\btnetBus.sys
02:13:24.0738 6084 btnetBUs - ok
02:13:24.0740 6084 BTWDNDIS - ok
02:13:24.0745 6084 btwhid - ok
02:13:24.0748 6084 BTWUSB - ok
02:13:24.0919 6084 catchme - ok
02:13:25.0018 6084 catflt (e3a2df3bcb44b9d0f8d60c651b66b4ed) C:\Windows\system32\DRIVERS\catflt.sys
02:13:25.0019 6084 catflt - ok
02:13:25.0039 6084 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
02:13:25.0040 6084 cdfs - ok
02:13:25.0077 6084 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
02:13:25.0078 6084 cdrom - ok
02:13:25.0153 6084 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
02:13:25.0154 6084 CertPropSvc - ok
02:13:25.0168 6084 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
02:13:25.0169 6084 circlass - ok
02:13:25.0220 6084 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
02:13:25.0223 6084 CLFS - ok
02:13:25.0288 6084 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:13:25.0290 6084 clr_optimization_v2.0.50727_32 - ok
02:13:25.0373 6084 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:13:25.0375 6084 clr_optimization_v4.0.30319_32 - ok
02:13:25.0391 6084 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
02:13:25.0392 6084 cmdide - ok
02:13:25.0404 6084 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
02:13:25.0405 6084 Compbatt - ok
02:13:25.0408 6084 COMSysApp - ok
02:13:25.0418 6084 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
02:13:25.0419 6084 crcdisk - ok
02:13:25.0441 6084 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
02:13:25.0442 6084 Crusoe - ok
02:13:25.0483 6084 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
02:13:25.0483 6084 CryptSvc - ok
02:13:25.0533 6084 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
02:13:25.0538 6084 DcomLaunch - ok
02:13:25.0591 6084 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
02:13:25.0592 6084 DfsC - ok
02:13:25.0738 6084 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
02:13:25.0750 6084 DFSR - ok
02:13:25.0886 6084 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
02:13:25.0888 6084 Dhcp - ok
02:13:25.0962 6084 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
02:13:25.0963 6084 disk - ok
02:13:26.0026 6084 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
02:13:26.0027 6084 Dnscache - ok
02:13:26.0090 6084 DockLoginService (13511564cac5a005255765e322c16967) C:\Program Files\Dell\DellDock\DockLogin.exe
02:13:26.0091 6084 DockLoginService - ok
02:13:26.0148 6084 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
02:13:26.0151 6084 dot3svc - ok
02:13:26.0186 6084 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
02:13:26.0188 6084 Dot4 - ok
02:13:26.0196 6084 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
02:13:26.0197 6084 Dot4Print - ok
02:13:26.0206 6084 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
02:13:26.0207 6084 dot4usb - ok
02:13:26.0240 6084 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
02:13:26.0242 6084 DPS - ok
02:13:26.0255 6084 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
02:13:26.0256 6084 drmkaud - ok
02:13:26.0267 6084 DrWebEngine - ok
02:13:26.0355 6084 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
02:13:26.0359 6084 DXGKrnl - ok
02:13:26.0397 6084 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
02:13:26.0399 6084 e1express - ok
02:13:26.0423 6084 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
02:13:26.0425 6084 E1G60 - ok
02:13:26.0444 6084 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
02:13:26.0446 6084 EapHost - ok
02:13:26.0518 6084 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
02:13:26.0519 6084 Ecache - ok
02:13:26.0597 6084 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
02:13:26.0597 6084 ehRecvr - ok
02:13:26.0613 6084 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
02:13:26.0613 6084 ehSched - ok
02:13:26.0614 6084 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
02:13:26.0614 6084 ehstart - ok
02:13:26.0647 6084 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
02:13:26.0650 6084 elxstor - ok
02:13:26.0712 6084 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
02:13:26.0720 6084 EMDMgmt - ok
02:13:26.0738 6084 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
02:13:26.0739 6084 ErrDev - ok
02:13:26.0809 6084 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
02:13:26.0813 6084 EventSystem - ok
02:13:26.0865 6084 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
02:13:26.0866 6084 exfat - ok
02:13:26.0892 6084 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
02:13:26.0894 6084 fastfat - ok
02:13:26.0911 6084 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
02:13:26.0912 6084 fdc - ok
02:13:26.0929 6084 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
02:13:26.0931 6084 fdPHost - ok
02:13:26.0950 6084 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
02:13:26.0953 6084 FDResPub - ok
02:13:26.0977 6084 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
02:13:26.0978 6084 FileInfo - ok
02:13:26.0996 6084 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
02:13:26.0997 6084 Filetrace - ok
02:13:27.0009 6084 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
02:13:27.0010 6084 flpydisk - ok
02:13:27.0062 6084 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
02:13:27.0064 6084 FltMgr - ok
02:13:27.0182 6084 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
02:13:27.0193 6084 FontCache - ok
02:13:27.0263 6084 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
02:13:27.0264 6084 FontCache3.0.0.0 - ok
02:13:27.0318 6084 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
02:13:27.0318 6084 Fs_Rec - ok
02:13:27.0336 6084 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
02:13:27.0337 6084 gagp30kx - ok
02:13:27.0363 6084 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
02:13:27.0364 6084 GEARAspiWDM - ok
02:13:27.0390 6084 ggc (daa2b09e589569462e16596526c920c8) C:\Windows\system32\DRIVERS\ggc.sys
02:13:27.0391 6084 ggc - ok
02:13:27.0434 6084 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
02:13:27.0435 6084 ggflt - ok
02:13:27.0502 6084 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
02:13:27.0502 6084 ggsemc - ok
02:13:27.0589 6084 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
02:13:27.0590 6084 GoToAssist - ok
02:13:27.0681 6084 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
02:13:27.0681 6084 gpsvc - ok
02:13:27.0705 6084 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
02:13:27.0707 6084 HdAudAddService - ok
02:13:27.0783 6084 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
02:13:27.0787 6084 HDAudBus - ok
02:13:27.0844 6084 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
02:13:27.0845 6084 HidBth - ok
02:13:27.0870 6084 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
02:13:27.0871 6084 HidIr - ok
02:13:27.0922 6084 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
02:13:27.0923 6084 hidserv - ok
02:13:27.0971 6084 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
02:13:27.0972 6084 HidUsb - ok
02:13:27.0996 6084 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
02:13:27.0999 6084 hkmsvc - ok
02:13:28.0017 6084 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
02:13:28.0018 6084 HpCISSs - ok
02:13:28.0178 6084 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
02:13:28.0180 6084 hpqcxs08 - ok
02:13:28.0198 6084 hpqddsvc (ee4c7a4cf2316701ffde90f404520265) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
02:13:28.0200 6084 hpqddsvc - ok
02:13:28.0254 6084 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
02:13:28.0257 6084 HTTP - ok
02:13:28.0275 6084 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
02:13:28.0276 6084 i2omp - ok
02:13:28.0313 6084 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
02:13:28.0314 6084 i8042prt - ok
02:13:28.0362 6084 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\drivers\iastor.sys
02:13:28.0364 6084 iaStor - ok
02:13:28.0389 6084 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
02:13:28.0391 6084 iaStorV - ok
02:13:28.0515 6084 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
02:13:28.0517 6084 IDriverT - ok
02:13:28.0962 6084 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:13:28.0974 6084 idsvc - ok
02:13:29.0067 6084 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
02:13:29.0069 6084 iirsp - ok
02:13:29.0122 6084 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
02:13:29.0129 6084 IKEEXT - ok
02:13:29.0319 6084 IntcAzAudAddService (32abc54d0dde1a8885c9439537dd3bad) C:\Windows\system32\drivers\RTKVHDA.sys
02:13:29.0332 6084 IntcAzAudAddService - ok
02:13:29.0423 6084 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
02:13:29.0424 6084 intelide - ok
02:13:29.0451 6084 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
02:13:29.0452 6084 intelppm - ok
02:13:29.0479 6084 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
02:13:29.0482 6084 IPBusEnum - ok
02:13:29.0511 6084 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:13:29.0512 6084 IpFilterDriver - ok
02:13:29.0569 6084 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
02:13:29.0573 6084 iphlpsvc - ok
02:13:29.0576 6084 IpInIp - ok
02:13:29.0597 6084 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
02:13:29.0598 6084 IPMIDRV - ok
02:13:29.0615 6084 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
02:13:29.0617 6084 IPNAT - ok
02:13:29.0717 6084 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
02:13:29.0722 6084 iPod Service - ok
02:13:29.0750 6084 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
02:13:29.0751 6084 IRENUM - ok
02:13:29.0767 6084 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
02:13:29.0768 6084 isapnp - ok
02:13:29.0829 6084 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
02:13:29.0831 6084 iScsiPrt - ok
02:13:29.0845 6084 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
02:13:29.0846 6084 iteatapi - ok
02:13:29.0878 6084 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
02:13:29.0879 6084 iteraid - ok
02:13:29.0882 6084 IvtBtBUs - ok
02:13:29.0902 6084 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
02:13:29.0903 6084 kbdclass - ok
02:13:29.0956 6084 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
02:13:29.0957 6084 kbdhid - ok
02:13:30.0008 6084 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
02:13:30.0010 6084 KeyIso - ok
02:13:30.0075 6084 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
02:13:30.0078 6084 KSecDD - ok
02:13:30.0135 6084 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
02:13:30.0141 6084 KtmRm - ok
02:13:30.0193 6084 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
02:13:30.0198 6084 LanmanServer - ok
02:13:30.0261 6084 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
02:13:30.0266 6084 LanmanWorkstation - ok
02:13:30.0277 6084 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
02:13:30.0278 6084 lltdio - ok
02:13:30.0305 6084 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
02:13:30.0319 6084 lltdsvc - ok
02:13:30.0337 6084 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
02:13:30.0339 6084 lmhosts - ok
02:13:30.0518 6084 LMIGuardianSvc (beda81549fce5fe29fae11dd9a616541) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
02:13:30.0521 6084 LMIGuardianSvc - ok
02:13:30.0572 6084 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
02:13:30.0573 6084 LMIInfo - ok
02:13:30.0625 6084 LMIMaint (47d56618afcdf08c4f154b57bd70bc61) C:\Program Files\LogMeIn\x86\RaMaint.exe
02:13:30.0626 6084 LMIMaint - ok
02:13:30.0700 6084 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
02:13:30.0701 6084 lmimirr - ok
02:13:30.0704 6084 LMIRfsClientNP - ok
02:13:30.0722 6084 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
02:13:30.0723 6084 LMIRfsDriver - ok
02:13:30.0753 6084 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe
02:13:30.0755 6084 LogMeIn - ok
02:13:30.0778 6084 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
02:13:30.0779 6084 LSI_FC - ok
02:13:30.0801 6084 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
02:13:30.0802 6084 LSI_SAS - ok
02:13:30.0839 6084 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
02:13:30.0841 6084 LSI_SCSI - ok
02:13:30.0858 6084 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
02:13:30.0859 6084 luafv - ok
02:13:30.0915 6084 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
02:13:30.0931 6084 Mcx2Svc - ok
02:13:30.0946 6084 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
02:13:30.0946 6084 megasas - ok
02:13:30.0964 6084 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
02:13:30.0967 6084 MegaSR - ok
02:13:30.0987 6084 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
02:13:30.0989 6084 MMCSS - ok
02:13:31.0003 6084 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
02:13:31.0004 6084 Modem - ok
02:13:31.0043 6084 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
02:13:31.0044 6084 monitor - ok
02:13:31.0056 6084 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
02:13:31.0057 6084 mouclass - ok
02:13:31.0067 6084 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
02:13:31.0068 6084 mouhid - ok
02:13:31.0078 6084 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
02:13:31.0079 6084 MountMgr - ok
02:13:31.0108 6084 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
02:13:31.0110 6084 mpio - ok
02:13:31.0177 6084 MpKsl145c1d68 - ok
02:13:31.0190 6084 MpKsl2cea89db - ok
02:13:31.0193 6084 MpKsleb09c178 - ok
02:13:31.0243 6084 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
02:13:31.0244 6084 mpsdrv - ok
02:13:31.0308 6084 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
02:13:31.0314 6084 MpsSvc - ok
02:13:31.0329 6084 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
02:13:31.0330 6084 Mraid35x - ok
02:13:31.0373 6084 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
02:13:31.0375 6084 MRxDAV - ok
02:13:31.0408 6084 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:13:31.0410 6084 mrxsmb - ok
02:13:31.0477 6084 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:13:31.0479 6084 mrxsmb10 - ok
02:13:31.0494 6084 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:13:31.0495 6084 mrxsmb20 - ok
02:13:31.0510 6084 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
02:13:31.0511 6084 msahci - ok
02:13:31.0531 6084 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
02:13:31.0532 6084 msdsm - ok
02:13:31.0560 6084 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
02:13:31.0563 6084 MSDTC - ok
02:13:31.0595 6084 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
02:13:31.0596 6084 Msfs - ok
02:13:31.0614 6084 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
02:13:31.0615 6084 msisadrv - ok
02:13:31.0661 6084 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
02:13:31.0673 6084 MSiSCSI - ok
02:13:31.0676 6084 msiserver - ok
02:13:31.0708 6084 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
02:13:31.0709 6084 MSKSSRV - ok
02:13:31.0713 6084 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
02:13:31.0714 6084 MSPCLOCK - ok
02:13:31.0753 6084 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
02:13:31.0753 6084 MSPQM - ok
02:13:31.0811 6084 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
02:13:31.0812 6084 MsRPC - ok
02:13:31.0824 6084 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
02:13:31.0824 6084 mssmbios - ok
02:13:31.0828 6084 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
02:13:31.0829 6084 MSTEE - ok
02:13:31.0882 6084 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
02:13:31.0883 6084 Mup - ok
02:13:31.0983 6084 MySQL - ok
02:13:32.0030 6084 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
02:13:32.0030 6084 napagent - ok
02:13:32.0091 6084 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
02:13:32.0093 6084 NativeWifiP - ok
02:13:32.0171 6084 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
02:13:32.0175 6084 NDIS - ok
02:13:32.0184 6084 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
02:13:32.0185 6084 NdisTapi - ok
02:13:32.0189 6084 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
02:13:32.0189 6084 Ndisuio - ok
02:13:32.0254 6084 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
02:13:32.0255 6084 NdisWan - ok
02:13:32.0265 6084 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
02:13:32.0266 6084 NDProxy - ok
02:13:32.0334 6084 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\Windows\system32\HPZinw12.dll
02:13:32.0336 6084 Net Driver HPZ12 - ok
02:13:32.0344 6084 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
02:13:32.0345 6084 NetBIOS - ok
02:13:32.0398 6084 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
02:13:32.0399 6084 netbt - ok
02:13:32.0428 6084 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
02:13:32.0430 6084 Netlogon - ok
02:13:32.0481 6084 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
02:13:32.0485 6084 Netman - ok
02:13:32.0505 6084 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
02:13:32.0510 6084 netprofm - ok
02:13:32.0592 6084 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:13:32.0595 6084 NetTcpPortSharing - ok
02:13:32.0619 6084 networx (323d4ca30902a190197e7dc39f12a251) C:\Windows\system32\drivers\networx.sys
02:13:32.0620 6084 networx - ok
02:13:32.0656 6084 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
02:13:32.0657 6084 nfrd960 - ok
02:13:32.0678 6084 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
02:13:32.0682 6084 NlaSvc - ok
02:13:32.0723 6084 NovaShieldFilterDriver (f49032bb622c3677dd1a84815c958f07) C:\Windows\system32\DRIVERS\NSKernel.sys
02:13:32.0724 6084 NovaShieldFilterDriver - ok
02:13:32.0756 6084 NovaShieldTDIDriver (6c67f5abfccd2f6e6930f5ffa3579d8c) C:\Windows\system32\DRIVERS\NSNetmon.sys
02:13:32.0756 6084 NovaShieldTDIDriver - ok
02:13:32.0784 6084 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
02:13:32.0785 6084 Npfs - ok
02:13:32.0820 6084 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
02:13:32.0823 6084 nsi - ok
02:13:32.0832 6084 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
02:13:32.0833 6084 nsiproxy - ok
02:13:32.0924 6084 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
02:13:32.0931 6084 Ntfs - ok
02:13:32.0946 6084 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
02:13:32.0947 6084 ntrigdigi - ok
02:13:32.0951 6084 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
02:13:32.0952 6084 Null - ok
02:13:32.0982 6084 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
02:13:32.0984 6084 nvraid - ok
02:13:33.0004 6084 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
02:13:33.0005 6084 nvstor - ok
02:13:33.0031 6084 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
02:13:33.0033 6084 nv_agp - ok
02:13:33.0036 6084 NwlnkFlt - ok
02:13:33.0068 6084 NwlnkFwd - ok
02:13:33.0111 6084 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
02:13:33.0112 6084 ohci1394 - ok
02:13:33.0183 6084 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
02:13:33.0193 6084 p2pimsvc - ok
02:13:33.0199 6084 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
02:13:33.0205 6084 p2psvc - ok
02:13:33.0234 6084 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
02:13:33.0235 6084 Parport - ok
02:13:33.0283 6084 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
02:13:33.0284 6084 partmgr - ok
02:13:33.0303 6084 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
02:13:33.0304 6084 Parvdm - ok
02:13:33.0326 6084 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
02:13:33.0329 6084 PcaSvc - ok
02:13:33.0402 6084 PCDSRVC{E9D79540-57D5953E-06020101}_0 (92fddbed716bf5c3cb766101563cfce5) c:\program files\dell support center\pcdsrvc.pkms
02:13:33.0404 6084 PCDSRVC{E9D79540-57D5953E-06020101}_0 - ok
02:13:33.0457 6084 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
02:13:33.0459 6084 pci - ok
02:13:33.0509 6084 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
02:13:33.0510 6084 pciide - ok
02:13:33.0535 6084 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
02:13:33.0537 6084 pcmcia - ok
02:13:33.0562 6084 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
02:13:33.0563 6084 pcouffin - ok
02:13:33.0627 6084 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
02:13:33.0632 6084 PEAUTH - ok
02:13:33.0709 6084 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
02:13:33.0728 6084 pla - ok
02:13:33.0853 6084 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
02:13:33.0858 6084 PlugPlay - ok
02:13:33.0912 6084 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\Windows\system32\HPZipm12.dll
02:13:33.0914 6084 Pml Driver HPZ12 - ok
02:13:33.0957 6084 pmxmouse (fab495f1defeb596c44b9752a25e2a60) C:\Windows\system32\DRIVERS\pmxmouse.sys
02:13:33.0958 6084 pmxmouse - ok
02:13:33.0985 6084 pmxusblf (020eae9dfe3cd277994ce60e4c2c71cf) C:\Windows\system32\DRIVERS\pmxusblf.sys
02:13:33.0986 6084 pmxusblf - ok
02:13:34.0071 6084 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
02:13:34.0077 6084 PNRPAutoReg - ok
02:13:34.0083 6084 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
02:13:34.0089 6084 PNRPsvc - ok
02:13:34.0150 6084 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
02:13:34.0166 6084 PolicyAgent - ok
02:13:34.0182 6084 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
02:13:34.0182 6084 PptpMiniport - ok
02:13:34.0196 6084 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
02:13:34.0197 6084 Processor - ok
02:13:34.0255 6084 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
02:13:34.0259 6084 ProfSvc - ok
02:13:34.0286 6084 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
02:13:34.0288 6084 ProtectedStorage - ok
02:13:34.0324 6084 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
02:13:34.0326 6084 PSched - ok
02:13:34.0343 6084 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
02:13:34.0344 6084 PxHelp20 - ok
02:13:34.0419 6084 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
02:13:34.0436 6084 ql2300 - ok
02:13:34.0461 6084 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
02:13:34.0463 6084 ql40xx - ok
02:13:34.0499 6084 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
02:13:34.0505 6084 QWAVE - ok
02:13:34.0519 6084 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
02:13:34.0520 6084 QWAVEdrv - ok
02:13:34.0977 6084 R300 (5c297f25a4a09d14bfe2cab5de2f1457) C:\Windows\system32\DRIVERS\atikmdag.sys
02:13:35.0029 6084 R300 - ok
02:13:35.0141 6084 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
02:13:35.0142 6084 RasAcd - ok
02:13:35.0154 6084 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
02:13:35.0159 6084 RasAuto - ok
02:13:35.0177 6084 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:13:35.0178 6084 Rasl2tp - ok
02:13:35.0264 6084 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
02:13:35.0264 6084 RasMan - ok
02:13:35.0288 6084 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
02:13:35.0289 6084 RasPppoe - ok
02:13:35.0341 6084 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
02:13:35.0342 6084 RasSstp - ok
02:13:35.0394 6084 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
02:13:35.0396 6084 rdbss - ok
02:13:35.0403 6084 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:13:35.0404 6084 RDPCDD - ok
02:13:35.0434 6084 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
02:13:35.0436 6084 rdpdr - ok
02:13:35.0440 6084 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
02:13:35.0440 6084 RDPENCDD - ok
02:13:35.0488 6084 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
02:13:35.0489 6084 RDPWD - ok
02:13:35.0527 6084 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
02:13:35.0531 6084 RemoteAccess - ok
02:13:35.0583 6084 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
02:13:35.0587 6084 RemoteRegistry - ok
02:13:35.0642 6084 Revoflt (b9bb8e2093c1615ad6ea55ad96214354) C:\Windows\system32\DRIVERS\revoflt.sys
02:13:35.0643 6084 Revoflt - ok
02:13:35.0674 6084 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
02:13:35.0675 6084 RFCOMM - ok
02:13:35.0696 6084 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
02:13:35.0699 6084 RpcLocator - ok
02:13:35.0767 6084 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
02:13:35.0772 6084 RpcSs - ok
02:13:35.0782 6084 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
02:13:35.0784 6084 rspndr - ok
02:13:35.0846 6084 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
02:13:35.0848 6084 RTL8169 - ok
02:13:35.0878 6084 RtNdPt60 (7f8d15ee000577be703537849d4f9397) C:\Windows\system32\DRIVERS\RtNdPt60.sys
02:13:35.0879 6084 RtNdPt60 - ok
02:13:35.0905 6084 s0017bus (6381d7fac6ce956f37aa76031939f8cc) C:\Windows\system32\DRIVERS\s0017bus.sys
02:13:35.0907 6084 s0017bus - ok
02:13:35.0924 6084 s0017mdfl (3a0b4fc02d9d79a4f7ee9c13e287c5eb) C:\Windows\system32\DRIVERS\s0017mdfl.sys
02:13:35.0925 6084 s0017mdfl - ok
02:13:35.0947 6084 s0017mdm (aa689c79d62caf565357520cae065f17) C:\Windows\system32\DRIVERS\s0017mdm.sys
02:13:35.0949 6084 s0017mdm - ok
02:13:35.0973 6084 s0017mgmt (547b1a09017a4c4ce6b535ba810523da) C:\Windows\system32\DRIVERS\s0017mgmt.sys
02:13:35.0975 6084 s0017mgmt - ok
02:13:36.0000 6084 s0017nd5 (6db4820821e819cf61546e1f991a298d) C:\Windows\system32\DRIVERS\s0017nd5.sys
02:13:36.0002 6084 s0017nd5 - ok
02:13:36.0023 6084 s0017obex (d623bf6f04f7603ee1c4b59c737b69a7) C:\Windows\system32\DRIVERS\s0017obex.sys
02:13:36.0025 6084 s0017obex - ok
02:13:36.0056 6084 s0017unic (0c970a53fc43815e948628442f8983ad) C:\Windows\system32\DRIVERS\s0017unic.sys
02:13:36.0057 6084 s0017unic - ok
02:13:36.0109 6084 s117bus (1f561844318914e7eb6e54673a4cc54c) C:\Windows\system32\DRIVERS\s117bus.sys
02:13:36.0110 6084 s117bus - ok
02:13:36.0124 6084 s117mdfl (ba93eec3cdf6a63b77ae66221aa4f902) C:\Windows\system32\DRIVERS\s117mdfl.sys
02:13:36.0125 6084 s117mdfl - ok
02:13:36.0144 6084 s117mdm (cba12fd8a8ee5b5cdfbbae2381cd6703) C:\Windows\system32\DRIVERS\s117mdm.sys
02:13:36.0145 6084 s117mdm - ok
02:13:36.0164 6084 s117mgmt (bd6483e64b1da17e812b34bcdefd9459) C:\Windows\system32\DRIVERS\s117mgmt.sys
02:13:36.0166 6084 s117mgmt - ok
02:13:36.0196 6084 s117nd5 (c7ca36c3054b4cd47a1f6611b046e2f9) C:\Windows\system32\DRIVERS\s117nd5.sys
02:13:36.0197 6084 s117nd5 - ok
02:13:36.0211 6084 s117obex (e290b3a6b58fb72ca97dd48d64e4fc1c) C:\Windows\system32\DRIVERS\s117obex.sys
02:13:36.0213 6084 s117obex - ok
02:13:36.0239 6084 s117unic (5c4d1ba23c7511ac880e8ba7baa80dba) C:\Windows\system32\DRIVERS\s117unic.sys
02:13:36.0240 6084 s117unic - ok
02:13:36.0315 6084 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
02:13:36.0315 6084 SamSs - ok
02:13:36.0363 6084 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
02:13:36.0363 6084 sbp2port - ok
02:13:36.0383 6084 SBRE - ok
02:13:36.0446 6084 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
02:13:36.0450 6084 SCardSvr - ok
02:13:36.0528 6084 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
02:13:36.0533 6084 Schedule - ok
02:13:36.0547 6084 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
02:13:36.0549 6084 SCPolicySvc - ok
02:13:36.0587 6084 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
02:13:36.0591 6084 SDRSVC - ok
02:13:36.0602 6084 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
02:13:36.0603 6084 secdrv - ok
02:13:36.0612 6084 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
02:13:36.0615 6084 seclogon - ok
02:13:36.0672 6084 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
02:13:36.0673 6084 seehcri - ok
02:13:36.0696 6084 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
02:13:36.0699 6084 SENS - ok
02:13:36.0715 6084 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
02:13:36.0716 6084 Serenum - ok
02:13:36.0736 6084 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
02:13:36.0738 6084 Serial - ok
02:13:36.0756 6084 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
02:13:36.0757 6084 sermouse - ok
02:13:36.0795 6084 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
02:13:36.0798 6084 SessionEnv - ok
02:13:36.0814 6084 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
02:13:36.0815 6084 sffdisk - ok
02:13:36.0826 6084 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
02:13:36.0827 6084 sffp_mmc - ok
02:13:36.0846 6084 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
02:13:36.0847 6084 sffp_sd - ok
02:13:36.0860 6084 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
02:13:36.0861 6084 sfloppy - ok
02:13:36.0900 6084 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
02:13:36.0906 6084 SharedAccess - ok
02:13:36.0945 6084 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
02:13:36.0948 6084 ShellHWDetection - ok
02:13:36.0974 6084 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
02:13:36.0975 6084 sisagp - ok
02:13:36.0992 6084 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
02:13:36.0994 6084 SiSRaid2 - ok
02:13:37.0007 6084 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
02:13:37.0009 6084 SiSRaid4 - ok
02:13:37.0226 6084 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
02:13:37.0247 6084 slsvc - ok
02:13:37.0415 6084 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
02:13:37.0415 6084 SLUINotify - ok
02:13:37.0468 6084 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
02:13:37.0470 6084 Smb - ok
02:13:37.0484 6084 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
02:13:37.0487 6084 SNMPTRAP - ok
02:13:37.0526 6084 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
02:13:37.0527 6084 spldr - ok
02:13:37.0587 6084 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
02:13:37.0591 6084 Spooler - ok
02:13:37.0631 6084 sprtsvc_dellsupportcenter - ok
02:13:37.0727 6084 sptd (a199171385be17973fd800fa91f8f78a) C:\Windows\system32\Drivers\sptd.sys
02:13:37.0728 6084 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: a199171385be17973fd800fa91f8f78a
02:13:37.0729 6084 sptd ( LockedFile.Multi.Generic ) - warning
02:13:37.0729 6084 sptd - detected LockedFile.Multi.Generic (1)
02:13:37.0805 6084 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
02:13:37.0807 6084 srv - ok
02:13:37.0859 6084 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
02:13:37.0860 6084 srv2 - ok
02:13:37.0876 6084 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
02:13:37.0877 6084 srvnet - ok
02:13:37.0897 6084 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
02:13:37.0900 6084 SSDPSRV - ok
02:13:37.0929 6084 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
02:13:37.0933 6084 SstpSvc - ok
02:13:37.0962 6084 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
02:13:37.0967 6084 stisvc - ok
02:13:37.0985 6084 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
02:13:37.0986 6084 swenum - ok
02:13:38.0039 6084 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
02:13:38.0046 6084 swprv - ok
02:13:38.0064 6084 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
02:13:38.0065 6084 Symc8xx - ok
02:13:38.0128 6084 symsnap (c9273531eac75ee225e3170fb6107fa3) C:\Windows\system32\DRIVERS\symsnap.sys
02:13:38.0130 6084 symsnap - ok
02:13:38.0145 6084 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
02:13:38.0146 6084 Sym_hi - ok
02:13:38.0160 6084 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
02:13:38.0162 6084 Sym_u3 - ok
02:13:38.0234 6084 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
02:13:38.0243 6084 SysMain - ok
02:13:38.0271 6084 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
02:13:38.0276 6084 TabletInputService - ok
02:13:38.0334 6084 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
02:13:38.0339 6084 TapiSrv - ok
02:13:38.0350 6084 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
02:13:38.0354 6084 TBS - ok
02:13:38.0448 6084 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
02:13:38.0454 6084 Tcpip - ok
02:13:38.0485 6084 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
02:13:38.0485 6084 Tcpip6 - ok
02:13:38.0517 6084 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
02:13:38.0517 6084 tcpipreg - ok
02:13:38.0518 6084 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
02:13:38.0518 6084 TDPIPE - ok
02:13:38.0523 6084 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
02:13:38.0524 6084 TDTCP - ok
02:13:38.0574 6084 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
02:13:38.0575 6084 tdx - ok
02:13:38.0626 6084 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
02:13:38.0627 6084 TermDD - ok
02:13:38.0695 6084 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
02:13:38.0700 6084 TermService - ok
02:13:38.0761 6084 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
02:13:38.0765 6084 Themes - ok
02:13:38.0791 6084 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
02:13:38.0793 6084 THREADORDER - ok
02:13:38.0910 6084 TomTomHOMEService (3199a477f0f06eede41bd55179f8eb05) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
02:13:38.0911 6084 TomTomHOMEService - ok
02:13:38.0958 6084 TotRec7 (e9c2642ec635b01f19f343df5eb488d3) C:\Windows\system32\drivers\TotRec7.sys
02:13:38.0959 6084 TotRec7 - ok
02:13:38.0984 6084 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
02:13:38.0988 6084 TrkWks - ok
02:13:39.0018 6084 Trufos (b1f9b01f90f08ed91af5a7d3ed66148c) C:\Windows\system32\DRIVERS\Trufos.sys
02:13:39.0021 6084 Trufos - ok
02:13:39.0065 6084 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
02:13:39.0066 6084 TrustedInstaller - ok
02:13:39.0107 6084 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:13:39.0108 6084 tssecsrv - ok
02:13:39.0119 6084 TuneUp.UtilitiesSvc - ok
02:13:39.0129 6084 TuneUpUtilitiesDrv - ok
02:13:39.0148 6084 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
02:13:39.0149 6084 tunmp - ok
02:13:39.0195 6084 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
02:13:39.0196 6084 tunnel - ok
02:13:39.0338 6084 TVersityMediaServer (e0a9b5b92097211a57fd16d27f2b3750) C:\ProgramData\TVersity\Media Server\MediaServer.exe
02:13:39.0344 6084 TVersityMediaServer - ok
02:13:39.0370 6084 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
02:13:39.0371 6084 uagp35 - ok
02:13:39.0396 6084 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
02:13:39.0398 6084 udfs - ok
02:13:39.0432 6084 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
02:13:39.0436 6084 UI0Detect - ok
02:13:39.0452 6084 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
02:13:39.0453 6084 uliagpkx - ok
02:13:39.0479 6084 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
02:13:39.0481 6084 uliahci - ok
02:13:39.0498 6084 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
02:13:39.0500 6084 UlSata - ok
02:13:39.0526 6084 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
02:13:39.0528 6084 ulsata2 - ok
02:13:39.0566 6084 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
02:13:39.0566 6084 umbus - ok
02:13:39.0597 6084 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
02:13:39.0597 6084 UMPass - ok
02:13:39.0614 6084 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
02:13:39.0616 6084 upnphost - ok
02:13:39.0672 6084 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
02:13:39.0674 6084 USBAAPL - ok
02:13:39.0734 6084 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
02:13:39.0735 6084 usbaudio - ok
02:13:39.0798 6084 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
02:13:39.0799 6084 usbccgp - ok
02:13:39.0823 6084 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
02:13:39.0824 6084 usbcir - ok
02:13:39.0849 6084 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
02:13:39.0850 6084 usbehci - ok
02:13:39.0914 6084 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
02:13:39.0916 6084 usbhub - ok
02:13:39.0931 6084 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
02:13:39.0932 6084 usbohci - ok
02:13:39.0961 6084 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
02:13:39.0962 6084 usbprint - ok
02:13:39.0980 6084 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
02:13:39.0981 6084 usbscan - ok
02:13:39.0993 6084 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:13:39.0994 6084 USBSTOR - ok
02:13:40.0009 6084 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
02:13:40.0010 6084 usbuhci - ok
02:13:40.0064 6084 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
02:13:40.0068 6084 UxSms - ok
02:13:40.0123 6084 v2imount (b4d63048d6358e7c6ab61b98b8cff263) C:\Windows\system32\DRIVERS\v2imount.sys
02:13:40.0124 6084 v2imount - ok
02:13:40.0128 6084 VComm - ok
02:13:40.0132 6084 VcommMgr - ok
02:13:40.0177 6084 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
02:13:40.0185 6084 vds - ok
02:13:40.0200 6084 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
02:13:40.0201 6084 vga - ok
02:13:40.0213 6084 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
02:13:40.0214 6084 VgaSave - ok
02:13:40.0238 6084 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
02:13:40.0239 6084 viaagp - ok
02:13:40.0261 6084 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
02:13:40.0262 6084 ViaC7 - ok
02:13:40.0280 6084 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
02:13:40.0281 6084 viaide - ok
02:13:40.0296 6084 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
02:13:40.0297 6084 volmgr - ok
02:13:40.0355 6084 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
02:13:40.0358 6084 volmgrx - ok
02:13:40.0412 6084 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
02:13:40.0414 6084 volsnap - ok
02:13:40.0436 6084 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
02:13:40.0437 6084 vsmraid - ok
02:13:40.0515 6084 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
02:13:40.0524 6084 VSS - ok
02:13:40.0586 6084 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
02:13:40.0590 6084 W32Time - ok
02:13:40.0650 6084 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
02:13:40.0650 6084 WacomPen - ok
02:13:40.0665 6084 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
02:13:40.0665 6084 Wanarp - ok
02:13:40.0665 6084 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
02:13:40.0665 6084 Wanarpv6 - ok
02:13:40.0708 6084 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
02:13:40.0717 6084 wcncsvc - ok
02:13:40.0739 6084 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
02:13:40.0743 6084 WcsPlugInService - ok
02:13:40.0759 6084 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
02:13:40.0760 6084 Wd - ok
02:13:40.0792 6084 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
02:13:40.0795 6084 Wdf01000 - ok
02:13:40.0813 6084 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
02:13:40.0817 6084 WdiServiceHost - ok
02:13:40.0820 6084 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
02:13:40.0823 6084 WdiSystemHost - ok
02:13:40.0882 6084 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
02:13:40.0887 6084 WebClient - ok
02:13:40.0941 6084 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
02:13:40.0947 6084 Wecsvc - ok
02:13:40.0958 6084 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
02:13:40.0961 6084 wercplsupport - ok
02:13:41.0016 6084 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
02:13:41.0021 6084 WerSvc - ok
02:13:41.0094 6084 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
02:13:41.0110 6084 WinDefend - ok
02:13:41.0115 6084 WinHttpAutoProxySvc - ok
02:13:41.0173 6084 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
02:13:41.0176 6084 Winmgmt - ok
02:13:41.0280 6084 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
02:13:41.0297 6084 WinRM - ok
02:13:41.0373 6084 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
02:13:41.0382 6084 Wlansvc - ok
02:13:41.0592 6084 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:13:41.0601 6084 wlidsvc - ok
02:13:41.0676 6084 wltrysvc - ok
02:13:41.0732 6084 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
02:13:41.0732 6084 WmiAcpi - ok
02:13:41.0788 6084 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
02:13:41.0792 6084 wmiApSrv - ok
02:13:41.0875 6084 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
02:13:41.0886 6084 WMPNetworkSvc - ok
02:13:41.0937 6084 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
02:13:41.0943 6084 WPCSvc - ok
02:13:41.0998 6084 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
02:13:42.0003 6084 WPDBusEnum - ok
02:13:42.0051 6084 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
02:13:42.0052 6084 WpdUsb - ok
02:13:42.0208 6084 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
02:13:42.0213 6084 WPFFontCache_v0400 - ok
02:13:42.0239 6084 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
02:13:42.0240 6084 ws2ifsl - ok
02:13:42.0295 6084 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
02:13:42.0299 6084 wscsvc - ok
02:13:42.0303 6084 WSearch - ok
02:13:42.0411 6084 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
02:13:42.0435 6084 wuauserv - ok
02:13:42.0541 6084 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:13:42.0542 6084 WUDFRd - ok
02:13:42.0567 6084 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
02:13:42.0571 6084 wudfsvc - ok
02:13:42.0616 6084 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
02:13:42.0663 6084 \Device\Harddisk0\DR0 - ok
02:13:42.0670 6084 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
02:13:42.0673 6084 \Device\Harddisk1\DR1 - ok
02:13:42.0676 6084 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk6\DR6
02:13:42.0678 6084 \Device\Harddisk6\DR6 - ok
02:13:42.0690 6084 Boot (0x1200) (0df498043b82843b314c4ad3a1003fbe) \Device\Harddisk0\DR0\Partition0
02:13:42.0691 6084 \Device\Harddisk0\DR0\Partition0 - ok
02:13:42.0694 6084 Boot (0x1200) (77e51061eabc1cabe2bbf3eb09a94bf9) \Device\Harddisk0\DR0\Partition1
02:13:42.0694 6084 \Device\Harddisk0\DR0\Partition1 - ok
02:13:42.0697 6084 Boot (0x1200) (fcf3f24fe94ee950cbadaf40dfef6605) \Device\Harddisk1\DR1\Partition0
02:13:42.0699 6084 \Device\Harddisk1\DR1\Partition0 - ok
02:13:42.0701 6084 Boot (0x1200) (28fd12954942fc44714da473a15eadf7) \Device\Harddisk6\DR6\Partition0
02:13:42.0703 6084 \Device\Harddisk6\DR6\Partition0 - ok
02:13:42.0703 6084 ============================================================
02:13:42.0703 6084 Scan finished
02:13:42.0703 6084 ============================================================
02:13:42.0711 6016 Detected object count: 1
02:13:42.0711 6016 Actual detected object count: 1
02:13:47.0684 6016 sptd ( LockedFile.Multi.Generic ) - skipped by user
02:13:47.0684 6016 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

System BSOD and did not finish running Aswmbr

Regards,

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:10 AM

Posted 01 May 2012 - 02:12 AM

Greetings

System BSOD and did not finish running Aswmbr


Try and run it ONCE more and let me know if it blue screens again



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Omar Yehia

Omar Yehia
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 01 May 2012 - 12:34 PM

It is stuck at wlsetup-web, since 4 hours, what is it?

Regards,

#8 Omar Yehia

Omar Yehia
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 01 May 2012 - 01:16 PM

k just BSOD at ATIKMPAG.SYS, so looks like graphic driver conflict or something...

Regards,

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:10 AM

Posted 01 May 2012 - 09:46 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Omar Yehia

Omar Yehia
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 02 May 2012 - 11:47 AM

ComboFix 12-05-01.03 - R0M 02/05/2012 4:00.23.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3070.1704 [GMT -4:00]
Running from: c:\users\R0M\Desktop\ComboFix.exe
Command switches used :: c:\users\R0M\Desktop\CFScript.txt
AV: BullGuard Antivirus *Disabled/Outdated* {C3CCAC61-52F7-A056-1860-6406566E2578}
FW: BullGuard Firewall *Disabled* {FBF72D44-1898-A10E-333F-CD33A8BD6203}
SP: BullGuard Antispyware *Disabled/Outdated* {78AD4D85-74CD-AFD8-22D0-5F742DE96FC5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-02 to 2012-05-02 )))))))))))))))))))))))))))))))
.
.
2012-05-02 08:08 . 2012-05-02 08:08 -------- d-----w- c:\users\R0M\AppData\Local\temp
2012-04-13 19:24 . 2012-04-13 19:24 -------- d-----w- c:\program files\Common Files\BullGuard Ltd
2012-04-13 19:24 . 2012-04-13 19:24 -------- d-----w- c:\program files\BullGuard Ltd
2012-04-13 19:10 . 2012-04-13 19:16 -------- d-----w- c:\programdata\F-Secure
2012-04-13 19:04 . 2012-04-13 19:04 87608 ----a-w- c:\users\R0M\AppData\Roaming\inst.exe
2012-04-11 18:00 . 2012-02-28 01:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-11 18:00 . 2012-02-28 01:58 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-04-11 17:59 . 2012-02-28 01:18 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-04-11 17:59 . 2012-02-28 01:08 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-04-11 17:59 . 2012-02-28 01:11 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-04-11 17:59 . 2012-02-28 01:13 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-04-11 17:59 . 2012-02-28 01:11 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-04-11 17:51 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 17:51 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 17:51 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 17:51 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 17:51 . 2012-03-06 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 17:51 . 2012-03-06 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 10:58 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-04-09 15:26 . 2012-04-14 01:28 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2012-04-02 18:55 . 2012-04-02 19:00 -------- d-----w- c:\programdata\ReaConverter
2012-04-02 18:55 . 2012-04-02 18:55 -------- d-----w- c:\users\R0M\AppData\Roaming\RCP 6
2012-04-02 18:55 . 2012-04-02 18:55 -------- d-----w- c:\program files\ReaConverter 6.7 Standard
2012-04-02 18:41 . 2012-04-02 18:41 -------- d-----w- c:\users\R0M\AppData\Local\Samsung
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 01:28 . 2011-07-26 22:26 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-14 01:23 . 2010-04-17 21:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-13 19:31 . 2011-11-24 14:14 53088 ----a-w- c:\windows\system32\BGLsp.dll
2012-04-13 19:04 . 2009-02-07 23:55 47360 ----a-w- c:\users\R0M\AppData\Roaming\pcouffin.sys
2012-03-09 06:26 . 2012-03-09 06:26 9183232 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-03-09 05:16 . 2012-03-09 05:16 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-03-09 05:16 . 2010-10-27 07:55 791552 ----a-w- c:\windows\system32\aticfx32.dll
2012-03-09 05:11 . 2012-03-09 05:11 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-03-09 05:10 . 2012-03-09 05:10 405504 ----a-w- c:\windows\system32\atieclxx.exe
2012-03-09 05:10 . 2012-03-09 05:10 163328 ----a-w- c:\windows\system32\atiesrxx.exe
2012-03-09 05:08 . 2012-03-09 05:08 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2012-03-09 05:07 . 2012-03-09 05:07 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-03-09 05:07 . 2012-03-09 05:07 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-03-09 05:04 . 2012-03-09 05:04 6200320 ----a-w- c:\windows\system32\atidxx32.dll
2012-03-09 04:39 . 2012-03-09 04:39 19739136 ----a-w- c:\windows\system32\atioglxx.dll
2012-03-09 04:36 . 2012-03-09 04:36 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2012-03-09 04:23 . 2012-03-09 04:23 5062656 ----a-w- c:\windows\system32\atiumdva.dll
2012-03-09 04:23 . 2008-10-08 20:29 5954048 ----a-w- c:\windows\system32\atiumdag.dll
2012-03-09 04:18 . 2012-03-09 04:18 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-03-09 04:18 . 2012-03-09 04:18 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-03-09 04:12 . 2012-03-09 04:12 13715968 ----a-w- c:\windows\system32\aticaldd.dll
2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\system32\atimpc32.dll
2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\system32\amdpcom32.dll
2012-03-09 03:58 . 2012-03-09 03:58 356352 ----a-w- c:\windows\system32\atiadlxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-03-09 03:57 . 2012-03-09 03:57 265216 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-03-09 03:56 . 2012-03-09 03:56 33280 ----a-w- c:\windows\system32\atiuxpag.dll
2012-03-09 03:56 . 2011-01-26 22:12 30208 ----a-w- c:\windows\system32\atiu9pag.dll
2012-03-09 03:56 . 2011-01-26 22:11 37376 ----a-w- c:\windows\system32\atitmpxx.dll
2012-03-09 03:55 . 2012-03-09 03:55 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-03-09 03:47 . 2010-10-27 07:14 51200 ----a-w- c:\windows\system32\coinst.dll
2012-03-08 08:42 . 2012-03-08 08:42 216136 ----a-w- c:\windows\system32\drivers\NSKernel.sys
2012-03-08 08:42 . 2012-03-08 08:42 20040 ----a-w- c:\windows\system32\drivers\NSNetmon.sys
2012-03-08 08:42 . 2012-03-08 08:42 308296 ----a-w- c:\windows\system32\drivers\Trufos.sys
2012-03-08 08:41 . 2012-03-08 08:41 61152 ----a-w- c:\windows\system32\drivers\BdSpy.sys
2012-03-08 08:41 . 2012-03-08 08:41 33880 ----a-w- c:\windows\system32\drivers\afw.sys
2012-03-08 08:41 . 2012-03-08 08:41 338520 ----a-w- c:\windows\system32\drivers\afwcore.sys
2012-02-15 15:01 . 2012-02-15 15:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 15:01 . 2012-02-15 15:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-14 15:45 . 2012-03-14 07:07 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 07:07 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-14 07:07 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-14 07:07 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-14 07:07 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-09 19:13 . 2012-02-16 00:20 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2012-02-09 19:13 . 2012-02-16 00:20 21312 ----a-w- c:\windows\system32\authuitu.dll
2012-02-08 06:03 . 2012-03-04 21:40 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C719204-2FB6-45F0-8459-48F1B3AFEDBD}\mpengine.dll
2012-02-02 15:16 . 2012-03-14 07:07 2044416 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Audiogalaxy"="c:\users\R0M\AppData\Local\Audiogalaxy\Audiogalaxy.exe" [2011-12-17 2955496]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"NetWorx"="c:\program files\NetWorx\networx.exe" [2012-02-27 3387904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\BullGuard.exe" [2012-04-13 1712480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\R0M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
hpqtra08.exe [2008-3-25 214360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GetRight.lnk - c:\program files\GetRight\GetRight.exe [2008-10-23 4657424]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\BgGamingMonitor.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-07-18 73728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
BullGuard_Main REG_MULTI_SZ BsMain
BullGuard REG_MULTI_SZ BsFileScan BsFire
BullGuard_Proxy REG_MULTI_SZ BsMailProxy
BullGuard_Backup REG_MULTI_SZ BsBackup
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 01:28]
.
2012-05-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2255320971-820056546-208935856-1000Core.job
- c:\users\R0M\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-18 01:18]
.
2012-05-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2255320971-820056546-208935856-1000UA.job
- c:\users\R0M\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-18 01:18]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2255320971-820056546-208935856-1000Core.job
- c:\users\R0M\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-23 03:15]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2255320971-820056546-208935856-1000UA.job
- c:\users\R0M\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-23 03:15]
.
2012-05-02 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 05:40]
.
2012-05-01 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2008-10-08 11:18]
.
2012-05-01 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 05:40]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\windows\system32\BGLsp.dll
TCP: DhcpNameServer = 24.200.241.37 24.202.72.13 24.200.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-02 04:08
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4816)
c:\progra~1\NetWorx\deskband.dll
.
Completion time: 2012-05-02 04:11:33
ComboFix-quarantined-files.txt 2012-05-02 08:11
ComboFix2.txt 2012-04-30 22:55
ComboFix3.txt 2012-04-13 18:29
ComboFix4.txt 2012-02-01 20:16
ComboFix5.txt 2012-05-02 07:57
.
Pre-Run: 103,912,755,200 bytes free
Post-Run: 103,956,447,232 bytes free
.
- - End Of File - - E0C679D05AC87D7A8A58D5D54C436FD5

I had to reboot the computer after that since neither Chrome nor Internet Explorer was able to run, some kind of locked registry key marked for deletion

As for computer i have to leave it idle and find out if system starts slowing down or not, did you find anything in the logs i have sent you?

Regards,

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:10 AM

Posted 02 May 2012 - 10:59 PM

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Omar Yehia

Omar Yehia
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 03 May 2012 - 03:43 PM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.03.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
R0M :: ROMSTER2 [administrator]

03/05/2012 4:21:10 PM
mbam-log-2012-05-03 (16-21-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228178
Time elapsed: 7 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:41:20 PM, on 03/05/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\NetWorx\networx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Users\R0M\AppData\Local\Audiogalaxy\Audiogalaxy.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\GetRight\GetRight.exe
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &NetWorx Desk Band - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - C:\PROGRA~1\NetWorx\deskband.dll
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [NetWorx] "C:\Program Files\NetWorx\networx.exe" /auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe" -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Audiogalaxy] "C:\Users\R0M\AppData\Local\Audiogalaxy\Audiogalaxy.exe" /startup
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
O4 - Startup: hpqtra08.exe
O4 - Global Startup: GetRight.lnk = C:\Program Files\GetRight\GetRight.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - c:\program files\bullguard ltd\bullguard\Antiphishing\IE\BGAntiphishingIE.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\System32\BgGamingMonitor.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BullGuard behavioural detection service (BsBhvScan) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
O23 - Service: BullGuard scanning service (BsScanner) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\ProgramData\TVersity\Media Server\MediaServer.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 11611 bytes

#13 Omar Yehia

Omar Yehia
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 03 May 2012 - 03:59 PM

System is slow a lot, like something is running in the background, i can barely do anything...

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:10 AM

Posted 03 May 2012 - 10:17 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [NetWorx] "C:\Program Files\NetWorx\networx.exe" /auto
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [Audiogalaxy] "C:\Users\R0M\AppData\Local\Audiogalaxy\Audiogalaxy.exe" /startup
      O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
      O4 - Startup: hpqtra08.exe
      O4 - Global Startup: GetRight.lnk = C:\Program Files\GetRight\GetRight.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:10 AM

Posted 06 May 2012 - 03:58 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users