Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horses: Crypt.AQLW and Agent r.ATS


  • This topic is locked This topic is locked
16 replies to this topic

#1 Julie_backroads

Julie_backroads

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 08 May 2012 - 10:43 PM

Hello, and thank you in advance for your assistance.

The problem is on a Win XP computer -- AVG is frequently reporting "Trojan Horse Crypt.AQLW" and occassionally "Trojan Horse Agent r.ATS". Clicking "Move to vault" on these alerts doesn't resolve it. Other main symptom is the inability to use Google ... any search re-routes the browser to other pages.

I have followed all steps in your Preparation Guide and am posting the requested data below and attaching the requested files.

During the GMER Log step, the scan resulted with a message box appearing on top of the GMER window. The message read:

"WARNING!!!
GMER has found system modification caused by ROOTKIT activity."

I will not make any changes to this computer or request other assistance on this issue; I'll wait for your reply and follow the instructions.

Thanks so much for your help!

Please see attached files:
- attach.txt
- Ark.txt

Please see DDS.txt below

--------DDS.txt------------

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by Julie Schwalm at 11:45:02 on 2012-05-08
.
============== Running Processes ===============
.
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\System32\ping.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\System32\ping.exe
C:\Documents and Settings\Julie Schwalm\Desktop\dds.scr
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mbox.backroadsdata.com/
uDefault_Page_URL = hxxp://www.dellnet.com
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe
mRun: [Motive SmartBridge] c:\progra~1\virtua~1\smartb~1\SprintDSLAlert.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
dRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322)" -"http://www.gameonia.com/flash-games/74/4-wheel-fury-2.html?utm_source=113652&utm_campaign=267661&utm_content=7834986&utm_term=playgame&subid=113652&partnerid=113652#playgame"
mPolicies-explorer: <NO NAME> =
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html
IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partypoker.net\partypokernet.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: mswsock.dll
Trusted Zone: teconline.com\mytec
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: mymicros.net Chart Client - hxxp://www.mymicros.net/mymicrosChartClient.cab
DPF: mymicros.net Reporting Client - hxxp://www.mymicros.net/rptsel.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://moneycentral.msn.com/cabs/pmupd806.exe
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37973.8313425926
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B6E6EEF0-F5AA-4A4D-88EC-FF43FB2029E5} - hxxps://www-den.mytelevox.com/labcalls/cabs/TeleVoxAudioPlayer2.CAB
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://vistageevents.webex.com/client/T26L10NSP49EP30/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{49E0CB5A-B8F5-439A-B3E8-4A35DA71BD6D} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
.
============= SERVICES / DRIVERS ===============
.
R? aawservice;Citrixxteserver
R? AGV;Pca
R? antivirscheduler;Lxbs_device
R? antivirservice;ZY202_XP
R? avg7alrt;Wmconnectcds
R? avg7core;TIEHDUSB
R? avg7rsw;Cmigameport
R? avg7updsvc;W8100PCI
R? avgarcln;IPSECSHM
R? avgascln;USB11LDR
R? avgclean;Thpsrv
R? avgcoresvc;Pavdrv
R? avgfwsrv;GetPlusHelper
R? avgio;Websensedcagent
R? avgtdi;Wg111nd5
R? avp;SbieDrv
R? aw_host;Prevxdriver
R? awhost32;Vpcusb
R? awlegacy;Lvusbsta
R? ca-messagequeuing;Epson_pm_rpcv2_01
R? caisafe;Aswtdi
R? ccevtmgr;RalinkRegistryWriter
R? ccpwdsvc;Cltnetcnservice
R? ccsetmgr;Rdpnp
R? cdiskdun;cdiskdun
R? cmdagent;M2500
R? cpuz132;NeroMediaHomeService.4
R? CTMFLT;W300mdm
R? CTMMOUNT;Ipcsvc
R? CTMSHD;W300bus
R? DivisCTP;Cpuz132
R? fssfltr;Nmwcdcj
R? fsssvc;WinDriver6
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? GV600_4;XBCD
R? ikfileflt;NEOFLTR_600_13319
R? ikfilesec;USB28xxBGA
R? ikhlayer;Ftpds
R? iksysflt;Usrbridg
R? jmssmbio;jmssmbio
R? lfsfilt;HSONYPVh
R? LMIRfsDriver;Cap7134
R? lpx;Websenserealtimeanalyzer
R? LRMINIPORT;ICM10USB
R? mcafeeframework;LEX_AS_NIC_SERVICE_YNOS
R? mcdetect.exe;Oracleorahomeagent
R? mclserviceatl;As6frin
R? mcpromgr;Se59obex
R? McShield;McAfee.com McShield
R? mcsysmon;Qcmerced
R? mctskshd.exe;Epstnt01
R? mcupdmgr.exe;McAfee SecurityCenter Update Manager
R? MCVSRte;McAfee.com VirusScan Online Realtime Engine
R? mfeavfk;Oracleorahomeclientcache
R? mferkdk;Iviaspi
R? mfesmfk;InterBaseGuardian
R? mirrorv3;Asctrm
R? mks_scan;Tangoservice
R? MpFilter;Alertmanager
R? mpfirewl;Symproxysvc
R? NaiFiltr;NaiFiltr
R? navap;Webrootenterpriseupdateservice
R? navapsvc;LPCFilter
R? naveng;Pivotmou
R? navex15;Vaiomediaplatform-integratedserver-upnp
R? ndasbus;Tcsd_win32.exe
R? nod32krn;CTHWIUT.DLL
R? ofcservice;Rdpdd
R? OUDFS;OUDFS
R? pav_service;Dlabmfsm
R? pavagente;Acnusvc
R? pavfnsvr;C34nb4c5
R? pavsrv;Nsvcip
R? PCPitstop Scheduling;PCPitstop Scheduling
R? pctavsvc;Dladresm
R? PEVSystemStart;UpdateCenterService
R? pf_usb;Kensington Digital Frame Service
R? RalinkRegistryWriter;Alertservice
R? RAPIProtocol;Ssscsisv
R? regdefend;Adfs
R? rt2870;Gagp30kx
R? savscan;Flutilssvc
R? SbieDrv;Vzfw
R? sbservice;Sfsync04
R? sdcoreservice;WUSB54Gv4SVC
R? starwindservice;ZTEusbmdm6k
R? starwindserviceae;Dlcg_device
R? symantecantibotagent;LCcfltr
R? symantecantibotshim;Ctsfm2k
R? symantecantibotwatcher;Toshidpt
R? TeamViewer;Transbaseservice
R? veteboot;Papyjoy
R? vetfddnt;LHidUsbK
R? vsdatant;Pageserver
R? webrootadminconsole;AEAudioService
R? webrootspysweeperservice;Cfosspeed
R? xfilt;CoachAud
R? ZDCNDIS5;Wpsscannersvc
R? ZY202_XP;CX88ENC
S? avg9wd;AVG Free WatchDog
S? AvgLdx86;AVG Free AVI Loader Driver x86
S? AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86
S? AvgTdiX;AVG Free8 Network Redirector
S? Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service
S? Lbd;Lbd
S? mrtRate;mrtRate
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-05-07 11:12:46 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-16 17:48:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2002-08-29 11:00:00 94784 --sh--w- c:\windows\TWAIN.DLL
2004-08-04 06:56:48 50688 --sh--w- c:\windows\twain_32.dll
.
============= FINISH: 11:47:05.23 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:13 PM

Posted 08 May 2012 - 11:59 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Julie_backroads

Julie_backroads
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 10 May 2012 - 01:52 PM

Hello Gringo, and thank you for your help!

I have followed your instructions and run both Security Check and ComboFix (results are included below).

While running Security Check, the process stopped with "Preparing Done!" on the black screen, and displayed this error message:

"netsh.exe - Entry Point Not Found
The procedure entry point MigrateWinsockConfiguration could not be located in the dynamic link library MSWSOCK.dll."


I clicked OK and the process resumed.

The computer is currently running great - much faster, no AVG alerts, and successful Google searches (no longer being rerouted away from Google).

I am including the results of the two processes below.

Do you think all resolved or is there anything else I should do?

Thanks again!
Julie


--------Security Check Results ---------------------

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
AVG Free 9.0
McAfee VirusScan
McAfee SecurityCenter
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Java™ 6 Update 11
Java™ 6 Update 5
Java version out of date!
Adobe Flash Player 9 Flash Player out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Julie Schwalm Desktop VirusRemoval SecurityCheck.exe
``````````End of Log````````````

------------------ComboFix Results-------------------------

ComboFix 12-05-09.01 - Julie Schwalm 05/09/2012 19:49:00.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.626 [GMT -5:00]
Running from: c:\documents and settings\Julie Schwalm\Desktop\VirusRemoval\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Julie Schwalm\Application Data\AdobeDLM.log
c:\documents and settings\Julie Schwalm\g2ax_customer_downloadhelper_win32_x86.exe
c:\documents and settings\Julie Schwalm\My Documents\~WRL3876.tmp
c:\documents and settings\Julie Schwalm\WINDOWS
c:\documents and settings\Katie\WINDOWS
c:\windows\$NtUninstallKB21518$
c:\windows\$NtUninstallKB21518$\2017349815
c:\windows\$NtUninstallKB21518$\2325012122\@
c:\windows\$NtUninstallKB21518$\2325012122\bckfg.tmp
c:\windows\$NtUninstallKB21518$\2325012122\cfg.ini
c:\windows\$NtUninstallKB21518$\2325012122\Desktop.ini
c:\windows\$NtUninstallKB21518$\2325012122\keywords
c:\windows\$NtUninstallKB21518$\2325012122\kwrd.dll
c:\windows\$NtUninstallKB21518$\2325012122\L\asobptkf
c:\windows\$NtUninstallKB21518$\2325012122\lsflt7.ver
c:\windows\$NtUninstallKB21518$\2325012122\oemid
c:\windows\$NtUninstallKB21518$\2325012122\U\00000001.@
c:\windows\$NtUninstallKB21518$\2325012122\U\00000002.@
c:\windows\$NtUninstallKB21518$\2325012122\U\00000004.@
c:\windows\$NtUninstallKB21518$\2325012122\U\80000000.@
c:\windows\$NtUninstallKB21518$\2325012122\U\80000004.@
c:\windows\$NtUninstallKB21518$\2325012122\U\80000032.@
c:\windows\$NtUninstallKB21518$\2325012122\version
c:\windows\BackUp
c:\windows\dasetup.log
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Downloaded Program Files\Temp
c:\windows\EventSystem.log
c:\windows\iun6002.exe
c:\windows\offitems.log
c:\windows\patch.exe
c:\windows\system32\dds_trash_log.cmd
.
Infected copy of c:\windows\system32\drivers\afd.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EPSONSTATUSAGENT2
-------\Legacy_FRAMEWORK
-------\Legacy_NETWORKLOG
-------\Legacy_RAYSAT3_4_6_18SERVER
-------\Legacy_STEC3
-------\Legacy_SVCHOST
-------\Legacy_USNJSVC
-------\Service_epsonstatusagent2
-------\Service_framework
-------\Service_raysat3_4_6_18server
-------\Service_STEC3
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-04-10 to 2012-05-10 )))))))))))))))))))))))))))))))
.
.
2012-05-09 22:21 . 2008-08-14 10:34 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-05-09 22:21 . 2008-08-14 10:34 138496 ----a-w- c:\windows\system32\dllcache\afd.sys
2012-05-08 19:25 . 2012-05-08 19:25 664 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-16 17:48 . 2012-03-16 17:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2002-08-29 11:00 94784 --sh--w- c:\windows\TWAIN.DLL
2004-08-04 06:56 50688 --sh--w- c:\windows\twain_32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2003-05-15 245760]
"Motive SmartBridge"="c:\progra~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe" [2010-08-17 483415]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2012-01-27 2077536]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2004-10-25 184320]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\McAgent.exe" [2004-08-18 245760]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 14:57 12536 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=c:\windows\pss\Billminder.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dataviz Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dataviz Messenger.lnk
backup=c:\windows\pss\Dataviz Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp psc 700 series) - 1.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp psc 700 series) - 1.lnk
backup=c:\windows\pss\HPAiODevice(hp psc 700 series) - 1.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=c:\windows\pss\Quicken Startup.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Virtual Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Virtual Assistant.lnk
backup=c:\windows\pss\Virtual Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Julie Schwalm^Start Menu^Programs^Startup^HotSync Manager.LNK]
path=c:\documents and settings\Julie Schwalm\Start Menu\Programs\Startup\HotSync Manager.LNK
backup=c:\windows\pss\HotSync Manager.LNKStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Julie Schwalm^Start Menu^Programs^Startup^Palm Registration.lnk]
path=c:\documents and settings\Julie Schwalm\Start Menu\Programs\Startup\Palm Registration.lnk
backup=c:\windows\pss\Palm Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
NvQTwk [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-04-10 22:44 679936 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 10:59 122880 ----a-w- c:\windows\BCMSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-09-04 01:43 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Carbonite Backup]
2009-01-09 21:13 669840 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 06:56 15360 ------w- c:\windows\SYSTEM32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
2002-04-03 07:01 135264 ----a-w- c:\program files\Creative\SBLive\Diagnostics\diagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
2009-09-28 22:56 140640 ----a-w- c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-10-01 23:57 289576 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
2004-08-18 00:26 245760 ----a-w- c:\progra~1\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
2004-10-25 17:08 184320 ----a-w- c:\progra~1\McAfee.com\Agent\mcupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 20:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2004-12-24 16:20 204845 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2001-07-03 15:11 57344 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StrgSync.exe]
2005-10-08 03:01 3032576 ----a-w- c:\program files\StorageSync\StrgSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-01-17 18:47 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 07:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Palm\\HOTSYNC.EXE"=
"c:\\Program Files\\WS_FTP Pro\\wsftppro.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnf.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
.
R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [10/10/2009 10:52 PM 64512]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [4/18/2009 11:18 PM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [4/18/2009 11:18 PM 243152]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 9:57 AM 308136]
R2 mrtRate;mrtRate;c:\windows\SYSTEM32\DRIVERS\MrtRate.sys [12/19/2002 11:00 AM 34916]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/7/2010 9:36 AM 136176]
S3 cdiskdun;cdiskdun;\??\c:\docume~1\JULIES~1\LOCALS~1\Temp\cdiskdun.sys --> c:\docume~1\JULIES~1\LOCALS~1\Temp\cdiskdun.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/7/2010 9:36 AM 136176]
S3 jmssmbio;jmssmbio;\??\c:\docume~1\JULIES~1\LOCALS~1\Temp\jmssmbio.sys --> c:\docume~1\JULIES~1\LOCALS~1\Temp\jmssmbio.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1355968]
S3 NaiFiltr;NaiFiltr;c:\windows\SYSTEM32\DRIVERS\NaiFiltr.sys [10/26/2004 9:41 PM 23296]
S3 OUDFS;OUDFS;\??\c:\docume~1\JULIES~1\LOCALS~1\Temp\OUDFS.SYS --> c:\docume~1\JULIES~1\LOCALS~1\Temp\OUDFS.SYS [?]
S3 pf_usb;Kensington Digital Frame Service;c:\windows\SYSTEM32\DRIVERS\PF_USB.sys [12/22/2002 7:22 PM 17036]
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
rootmodem
pae_1394
igfx
PDExchange
atiavaiw
mxssvr
ageresoftmodem
xpadminserver
es1371
idsvc
ctxcpuusync
VC6SecS
tap0901
ds1
HECI
mcp
eloggersvc6
CnxTrUsb
mferkdk
inotask
dimension4
KR3NPXP
mks_scan
w550mgmt
zntport
rsvchost
bwcsrv
w810obex
djsnetcn
RimSerPort
mcafeeframework
lpx
LUsbKbd
RTLE8023xp
vga
dot4scan
caili
lmimirr
arrayssl_vpn_service3,0,1,9
ICAM5USB
pavagente
bwsvc
nvedavt
transactional
CTMSHD
xpagentserver
Epfwndis
CTMMOUNT
CTEXFIFX.DLL
IFPUSB
wlluc48
pnmsrv
fsbwsys
rfcomm
backupexecrpcservice
iolo_srv
acprfmgrsvc
pciSd
vmauthdservice
cmdagent
bthenum
LPDSVC
nocashio
npkcusb
basfipm
AmdIde
MA8032M
se59mgmt
acnusvc
s116mgmt
nod32krn
MpFilter
iviaspi
s24trans
gemserv
lhidflt2
NVTCP
VMAUDIO
CTSYN
mcpromgr
pdlndint
WmFilter
licensemanagersocket
NxNetMon
nwlnknb
ageremodemaudio
diskperf
ICAM3NT5
marvinbus
TMHIDSRV
samfilt
amdk8
YMIDUSB
Eplpdx02
CX23880
vproeventmonitor
ahcix86s
orbmediaservice
SrvcEPECioctl
prepdrvr
CTERFXFX.DLL
dot3svc
TPwSav
pdlnacom
tosrfnds
btserial
mssql$soshome22
kwatchsvc
TPPWRIF
mldserv
procexp111
parallel
CAMCAUD
asp.net_2.0.50727
VAIOMediaPlatform-VideoServer-HTTP
VHidMinidrv
efs
lpds
trayman
MS1000
aamqdispatcher
motmodem
bthidenum
SNMP
EpmPsd
DCamUSBDXGTech
rpsupdaterr
win32sl
belmonitorservice
wps
penrendezvous
cacheserver
AVWLP_USB
DellAMBrokerService
ELmou
rslinxng
sptisrv
atmeltpm
P17xfi
tmmbd
lvpopflt
tappsrv
BrPar
plscsi
lightscribeservice
btwdndis
slabbus
sleepy
pcidrv
VC4CB104
pmem
omniinet
w800mgmt
emclisrv
fsssvc
Hardlock
winss
usbprint
zpsc
crystalaps
NWSNS
w200mdm
sysaidagent
nHancer
DSI_SiUSBXp_3_1
pae_avs
dklogger
roxwatch9
protexislicensing
aiclient
eelogsvc
besclient
sandradatasrv
w550mdm
npptnt2
BrSerIf
ibmpmdrv
adpu320
ssrvc
YahooAUService
QWAVEDRV
WmUsbHid
qfcoresvc
sdbus
authsyssvc
usr11g
CTAudSvcService
APLMp50
tbaspi
lvselsus
vclone
AtlsAud
rampartsvc
PBADRV
wencrservice
dpfusmgr
govsrv
ipahelper.exe
ZD1211BU(ZyDAS)
ssm_bus
MTDVC2_ENUM
tifm
elservice
Sk99202k
upsmonservice
AF15BDA
mozybackup
cs429x
USBMN1X1
tcpipBM
SE27bus
uclauncherservice
rksample
sfman
msvsmon90
A4S2600
sdcoreservice
naveng
SlWdmSup
vc5secs
avgascln
ntsecure
vaiomediaplatform-videoserver-appserver
ftpqueue
akshasp
bcm43xx
cachemgr
tosrfhid
openvpnservice
pdlnshay
ShockMgr
kodakccs
raysatxsi5_0server
ctxcpubal
AcronisOSSReinstallSvc
antivirscheduler
axsnmsvc
dxdebug
vxsvc
JRAID
PTDCVsp
pctavsvc
vci
ssmdrv
CVirtA
s616unic
wmp54gsvc
pmj151la
mssql$sony_mediamgr
https-nassry
tgsrvc_smartagent
UimBus
LMIRfsDriver
procmon10
V0080Dev
ibmsmbus
lgsnd_filter
xusb21
asuskbnt
pdagent
wg5n
USB28xxOEM
avg7updsvc
igniteservice.exe
msgsrvservice
bcserver
moufiltr
purgeieservice
RTL8023xp
FTSER2K
HabuFltr
QV2KUX
CTHWIUT.DLL
W8100PCI
InterBaseServer
pcx1unic
DynDNS_Updater_Service
pxhelp20
W700mdm
itchfltr
cdfsvc
sigfilt
actser
hcwPP2
dns4meclient
rp32service
ftsata2
stllssvr
pavsrv
oraclesnmppeerencapsulator
tfsndrct
BlueSoleilCS
vserial
pdscheduler
adsservice
nscirda
ssidrv
ehrecvr
pdlnebas
wmccds
utilman
bcoreusb
Accelerometer
SE2Dmdm
nuvaud2
swmsflt
cmdmon
tme3srv
EAWDMFD
AmeLanPc
wacomvhid
unlockerdriver5
acedrv07
regspy
elaunidr
usprserv
ispwdsvc
bdpredir
eabusb
atfsd
tphdexlgsvc
Shockprf
server
hclinetd
s117unic
nsengine
brmfbags
W700mdfl
mvwebserver
ALABULK
s616mgmt
hamachi
mcstrm
winachsf
emu10k
nic1394
pktfilter
TBPanel
W2acehid
tdimsys
w39n51
SE2Bobex
mnsframework
epsonbidirectionalagent
BCM42RLY
W700bus
atimtag
z525bus
uiusys
HSXHWBS2
tosrfbnp
3dkeybd
lxcccustomerconnect
LoopBeMidi1
NICM
ikfileflt
nhcDriverDevice
nwlnkipx
blueservice
imaservice
foldersize
flashcom
oracleorahomehttpserver
qmofiltr
W55U01
AN983
ccsetmgr
SQLAgent$ABBEYIIOFFLINE
s125mgmt
mi-raysat_3dsmax9_32
bthport
s24eventmonitor
UsbDiag
2wirepcp
{6080a529-897e-4629-a488-aba0c29b635e}
F700imd
euq_monitor
symfw
pacsptisvr
SenFiltService
tavsvc
UxTuneUp
roammgr
KMW_KBD
p1110vid
ONSIO
lirsgt
cwafadminmonitor
fontcache3.0.0.0
nvgts
slave
PGPsdkDriver
ctljystk
Via4in1
motoswitchservice
wmdmpmsp
winachcf
nvlddmkm
snare
DSDrv4
iviVD
delldmi
edspport
npkcmsvc
spmgr
tapeware
winvnc
s116obex
TNaviSrv
drvnddm
ctdvda2k
maya70docserver
NxFsMon
BCMTPM
aolavupd
avgio
SE2Dmdfl
bc_prt_f
ixiaendpoint
stylexpservice
SMCB000
SNC
ASNDIS5
p1131vid
wsearch
gdrv
lyncusbserv
smtpd32
p17xfilt
iteatapi
grmnusb
snac
slabser
U81xmdfl
rtl8185
rassstp
pdlnafac
lxcj_device
symsecureport
LUsbFilt
wlancig
usbio
ddxgb
rtl8029
se2End5
wcontrol
OEM02Afx
eamon
tvtnetwk
eeyeevnt
CXTUNE
iirsp
axskbus
MxlW2k
usbvm321
pdlnatcm
ppa3
ClntMgmt.sys
fcprintservice
RTL8169
EpmShd
msi_wlan_service
ANC
yukonwlh
ldlcserv
MKEMUSB
truecrypt
cwcspud
lvckap
SIODRV
pxfhbus
pivot
lxce_device
Tablet2k
cnmpar21
dtscsi
rtl8187Se
PTDCMdm
PhilCam8116
ssm_mdm
inort
inspect
PTproct
npapimon
cpntsrv
AX88772
CdaD10BA
statusagent4
w810mdfl
oracle_load_balancer_60_server-forms6ip14
ACDaemon
cypresslink
websensecamserver
bc_filter
Anydlc
arc
ibmasrex
digitizer
incdfs
scsk4
backupexecdevicemediaservice
tcpip6
srvdpi
s117nd5
s7oppitx
clnt_clientman
webrootspysweeperservice
WmHidLo
ghaio
db2governor
cvspydr2
bthpan
vcdsecs
nvidesm
TMKEmu
hpdj
deckzpsx
OEM02Dev
DCamUSBGrandTek
fetnd5bv
NWSAP
mfesmfk
USB_RNDIS_XP
ppmoucls
as32svc
belgium_id_card_service
isamsmt
sqlagent$sony_mediamgr
MA8032C
nnsvc
bgsvcgen
mpservice
DfwWebAgent
iomdisk
tvalz
timounter
MXOPSWD
Cam5603C
smapint
TICalc
webdriveservice
NWDNS
nmwcdcm
Pcatip
SSFS0BB9
RalinkRegistryWriter
CcmExec
upnp
RT25USBAP
c-dillasrv
quickbooksdb
Wdf01000
sony_ssm.sys
lvsrvlauncher
ROOTUSB
beatjammusicstreamingserver
hsfhwbs2
iam
mstdfrgs
vtserver
scan
Evian
hcf_msft
sysenforce
PhilCam8116_XP
enxpsvr
emu10k1
mqdmserd
datunidr
msloop
rtl8139
vcomm
nsm1serd
sentinelprotectionserver
lxbs_device
lvpr2mon
spsslm
stcagent
DM9102
a016obex
amdppm
slpmonx
s117mdfl
mcdetect.exe
brmfrmps
websenseuserservice
merakcontrol
useraccess7
jconfigd
nalntservice
CDRPDACC
vstor2-ws60
sfcure01
avupdsvc
aeaudio
z525obex
Angel2
dlacdbhm
MSFWDrv
e1000
tifm21
haspnt
AffinegyService
avg7core
SWUMX20
LC7981
LMS
USBCamera
apphostsvc
PCDRSRVC
L8042mou
svv
wmp54gv4svc
F700isw
IntelC53
nmwcdcj
caboagp
UMPass
Alpham1
dot4ufd
wudfpf
SNP2UVC
cwcpsvc20
wg111nd5
DevUpper
PAC7302
bb-run
wltwo51b
shdserv
pdlndlpb
MREMPR5
mwlsvc
arcltsrv
cvslock
HWSCtrl
{a7447300-8075-4b0d-83f1-3d75c8ebc623}
sndsrvc
oracleorahometnslistener
p2pgasvc
CADlink
mdmxsdk
VAIOMediaPlatform-MusicServer-UPnP
eelsservice
amdk7
SMPLSCSI
btkrnl
RESMGR
tversitymediaserver
tosrfbd
aawservice
iksysflt
SrvcEPIOMngr
agentsrv
Defrag32
Airgo
oracleorahomepagingserver
ivscheduler
nimxdfk
szkg
zumbus
adobeactivefilemonitor5.0
nipxirmu
dm1service
db2licd
snareiis
pdiddcci
icollectservice
aswupdsv
TeamViewer
HpqRemHid
nsm1mdfl
cm102u32
windowblinds
ESMCR
ZuneBusEnum
pshost
zmxpzip
slservice
navex15
JiaoIO
ADSMService
RMSvc
enethusb
pdengine
epfw
se2Eunic
rkhdrv31
oracleorahomeclientcache
epson_pm_rpcv4_01
WscNetDr
zpaction
nmap
AdobeActiveFileMonitor6.0
risdptsk
starwindservice
WNIPROT5
sympxsvc
cportclm
mpe
LMouFilt
ser2pl
AR5416
aslm75
nvcap
k750mdm
AtcL002
dwusbdnt
FileDisk
stylexphelper
sshrmd
CrystalSysInfo
rupsmon
digirefresh
plsremotesvc
DritekPortIO
LVVI500A
GTPTSER
bwmservice
NuidFltr
oracleservicesecinst
psimsvc
pdfcreatormessages
se2Bnd5
SiS7018
SE26mdm
se45mdfl
wltrysvc
avp
mi-raysat_3dsmax8
SE2Bbus
3compxe
CTDevice_Srv
pcx1nd5
ctaud2k
qserver
elnkservice
DniVad
w22n51
citrixwmiservice
retroexplauncher
acsvc
ca-messagequeuing
cpuz132
trcboot
se27unic
Ld51ocnucsnp
fasttrackinstallerservice
dot4print
intcazaudaddservice
eaphost
FlexBios
atinevxx
z525mdfl
SI3112
nvrd32
RTHDMIAzAudService
ipassconnectengine
rnadiagnosticsservice
XBCD
sprtsvc_ddoctorv2
ctac32k
teefer
SbcpHid
eventclientmultiplexer
qbposdbservices
JiaoCap
pnrouter
symtdi
LRMINIPORT
HssDrv
vhidmini
CT20XUT.DLL
atitool
smservauth
MA-620
fsks
NVR0Dev
StickyMesger
stac97
WavxDMgr
rimvserport
revudfservice
pinnaclesys.mediaserver
EUSBMSD
LVRS
se44mgmt
sfng32
hmonitor
ofcservice
CdaC15BA
hpqcxs08
StkAMini
tpsrv
wpdusb
AtiHdmiService
ltxred
commserver
backuplauncher
AsDsm
NWUSBPort
MSFWHLPR
RioS30
tng-doba
fallback
nvmd
cpqrcmc
SWUMX51
uagp35
thpsrv
usbser
ATKFUSService
cpqvcagent
COMMONFX.DLL
zpmysql
viairda
steamdvr
mssql$microsoftbcm
caisafe
fgdxbus
pcradminserver
awlegacy
ami0nt
PCTINDIS5
fsRamDsk
CSRBC
Slntamr
vvdsvc
SE2Cmgmt
sglfb
USB_RNDIS
TUWinStylerThemeSvc
hpdskflt
naimagent32
avg7alrt
rvsinst
RadProbe
dcpflics
AlteraByteBlaster
websenselogserver
dlcj_device
mdm
uisp
WinVd32
se44bus
imonitor
mwssched
lxrsii1s
FreshIO
zdeviceservice
adfs
GoogleDesktopManager-010708-104812
se26unic
StillCam
nvrd64
armoucfltr
AdfuUd
nimcdldu
dlcg_device
SbieDrv
sandboxu
vds
SRVLOC
ser2plms
prodrv06
Defrag32b
googledesktopmanager
oracleorahomemanagementserver
iAimFP7
Mtlmnt5
sit_mdm
vmusb
vc8secs
AR5523
Machnm32
xfilt
se2Dunic
dnserver32
LXARScan
SeratoUsb
NITaggerService
PNRPSvc
meraksmtp
VAIOMediaPlatform-MusicServer-HTTP
se59mdfl
tsmapip
lkclassads
noipducservice
WNCPKT
dbmang
U81xmdm
cpqfcalm
W8335XP
tdrpman
WMIService
omniusb
HssSrv
NVR0FLASHDev
omniusbl
mohfilt
tfsnopio
MTC0001_ESB
DVDRC
symantecantibotshim
ScFBPNT3
infrastructure
CTAUDFX.DLL
xnacc
clisvc
CBN
PSSdk23
NTACCESS
smartlinkservice
vstor2
NETMDUSB
IFP700
Xponaut_WBD
tangoservice
Dfs
DVDVRRdr_xp
tnbrlds
vmware
videoacceleratorengine
HWIONT
a8djusb
acrotray
siskp
ms_mpu401
websensecommunicationagent
adaptecstoragemanageragent
msmpsvc
captureservice
spcflt
aswtdi
tlntsvr
WmXlCore
winpowermonitor
Pctspk
purendis
nisum
vrmonsvc
vmnetadapter
npfmntor
pivotmou
PAR1284
TPM
syslogd
WaveEnrollmentService
tosrfec
aexnsclient
snapman380
us30sys
dlcc_device
athr
firelm01
NWSIPX32
tfsnudf
vwlogger
LHidUsbK
patrolagent
roxmediadb
d-link_st3402
JL2005C
R300
hsfhwazl
s116unic
sweepsrv.sys
epson_pm_rpcv2_01
gusvc
amon
blueletaudio
vpcbus
CTEDSPFX.DLL
AYDrvNT_ALYAC
se45nd5
ssisvr32
rca
blueletscoaudio
zebrmdmc
roxupnpserver
LMouKE
wusb54gv2svc
pmshellsrv
L8042Kbd
mrvw245
GVCplDrv
VRcore
ZDCNDIS5
TIEHDUSB
rpskt
mfetdik
syntp
mr7910
EhttpSrv
smrt
lxcgcustomerconnect
npkcsvc
dsncservice
Fd16_700
gmer
dlaifs_m
klblmain
NVENET
Ptserlp
ntrtscan
tpkmpsvc
CX88ENC
aexnsclienttransport
clr_optimization_v2.0.50215_32
cmpci
snpstd
xfactorae1
svcwmu
pdlndsdl
usb20l
s116bus
si3114r
QPCapSvc
XUIF
DCFS2K
fcdabus
mclserviceatl
symmpi
cidaemon
FsVga
bdrsdrv
s3twistr
usbohci
mscsptisrv
ikfilesec
DcPTP
cpqalert
VrAcFil
psasrv
WmVirHid
comhost
KLOGNT
roxliveshare9
IJPLMSVC
toscosrv
bdss
ftpds
symwsc
SaiNtBus
harmony
tb2launch
A88xXBar
w300mdm
sysdown
defwatch
NETw4v32
tmlisten
pinnaclemarvinusb
hidgame
HPFXBULK
BcmSqlStartupSvc
filterservice
rimusb
s217mgmt
wanminiportservice
SE2Cbus
BRCMDECO
rpcapd
cmbatt
dladresm
bjmcmng
WINIO
aegisp
NCPro
rrrspy
msdv
se44mdfl
iclarityqosservice
lxrjd31d
enodpl
sffp_sd
irmon
RushTopDevice
hap17v2k
tmactmon
igateway
Wbutton
proxyhostservice
tossmbnt
artourservice
HFACSVC
BrUsbSer
proxyserverservice
ATMsrvc
sagefserver
symidsco
qkbfiltr
adobeactivefilemonitor4.0
tfsncofs
F700ius
bgmainsvc
winsshd
ctxhttp
dnwhodisp
db2jds
L1e
mpfp
bthidmgr
knobserv
lilsgt
nsvcip
ndiscm
SprintRcAppSvc
RSAFAL
pxfhmdfl
Uim_IM
cxlpt
clmtomcatstartersvc
SetupNT
CoachUsb
lvtuner
BootScreen
netmnt
oracleorahomeagent
MSICPL
btwaudio
NICSer_WPC54G
sfsync02
dcfssvc
midisyn
s117mdm
SQLAgent$LG_LP2
sbiesvc
flashcomadmin
easdrv
k750bus
winpowermanager
vaiomediaplatform-musicserver-appserver
prevxagent
lxda_device
ksthunk
epsonbidirectionalservice
LPCFilter
btnhnd
livesrv
profos
SPFDRV
HBtnKey
nsvclog
mrpostman
hap16v2k
NOWMEMDF
AGV
WmiAcpi
automate6
wampapache
EMATCORE
dashsvc
hpqwmi
M3AD
deltafw
de_serv
Subsonic
CBTNDIS5
mwagent
nicconfigsvc
FiltUSBEMPIA
UVCFTR
aliadwdm
tbhsd
Exportit
atiavpci
atirage3
sit_bus
ntservice1
zppinger
aclient
viamraid
Sus2pl
elnkupdateservice
cvsnt
adminserver
ccispwdsvc
SE2Eobex
odclientservice
sisperf
sysplant
tng-dtmg
oracle%oracle_home_service%clientcache80
vmodem
wlancfg
nwlnkspx
pfc
UDFReadr
elotouchscreen
nim32
tzontservice
phc600
ZTEusbmdm6k
w300bus
vmkbd2
iastor
nmindexingservice
vpn5000service
sonywbms
EL2000
transbaseservice
DLARTL_M
VIAPFD
cygserver
prevxdriver
s217mdm
wpshelper
wkscfgsrv
viagfx
ownershipprotocol
st330service
se45unic
lxrsge10s
firesvc
mssql$pinnaclesys
s117obex
db2ntsecserver
XFX_program
AtiPcie
atkdisplf
IWCA
atinrvxx
sfusvc
S7oppilx
btwrchid
bt3cusb
fsaa
SE2Emgmt
svcwrsssdk
se44mdm
emAudio
MSCamSvc
LHidKe
cnxtdiag
procexp100
WINUSB
ipodservice
toshidpt
amusbprt
fasttx2k
DXEC02
magictuneengine
CnxtHdAudService
Nsynas32
sisnic
rspndr
SE26bus
CSDriver
STV672
nv_agp
KS0108
WGX
sscdmdm
GT680x
dsbrokerservice
ikhlayer
MobilePreInstallerService
ptserial
navap
AVCamUSB20
tvs
Si3114r5
zpcollector
StkASSrv
avgclean
dntus26
o2flash
SaiH040B
vaiomediaplatform-photoserver-appserver
pdlncbas
WLAN_USB
ccs
roxliveshare
kraidsvc
prohlp02
imap4d32
nettcpportsharing
KMWDFilter
cpuidlep
hpqddsvc
msmframework
ibmpmsvc
ALYac_PZSrv
a016mdfl
roxmediadb9
XDva004
dlbu_device
GTF32BUS
vetfddnt
DcLps
ati2mpaa
SABSVC
digisptiservice
tmxpflt
aswrdr
portio
SaiClass
ec2007service
keriomailserver
lxby_device
alcxwdm
sscdbhk5
rt2500usb
pdlnatdl
razerusb
IPFilter
tvtfilter
etoksrv
oracle_load_balancer_60_client-forms6ip14
wdm_au8820
RAPIProtocol
statusagent
MREMP50a64
cavasm
itmrtsvc
HPFECP20
sit_flt
netdetect
mctskshd.exe
SaiNtHid
bmwebcfg
z800obex
ErrDev
symappcore
uploadmgr
smartwiservice
ativraxx
snapman
ZY202_XP
SE2Dmgmt
SE2Ebus
mpfservice
EIO_XP
drvmcdb
remoterecord
ss_mdm
PID_PEPI
PCISys
lp6nds35
pchost
SE27mdfl
ni_nic
usb_rndisx
UpdateCenterService
tos_sps32
USRpdA
mediamaxxlservice
appnnode
dlpwd
vrfwsvc
axsaki
btwavdt
U81xmgmt
TPECioCtl
DNE
MTDVC2
remotelyanywhere
ptbsync
cqcpu
A88xEnc
PXRDDriver
coste
IntuitUpdateService
us30service
bhmonitorservice
ggsemc
bt
iomegaaccess
arhidfltr
lvmvdrv
s716bus
veteboot
pinnacleupdatesvc
proxyhostdriver
bdfsfltr
BsHelpCS
iwebcal
avgarcln
carboncopy32
SGIR
int15.sys
DLH5X
windrvNT
webupdate
iPassPeriodicUpdateService
cwafadmincontroller
mdvrmng
vpctcom
sfilter
tsdhd
askernel
agnwifi
prosync1
w200mdfl
backupexecagentaccelerator
SE2Bmgmt
oracleoradb10g_home1isql*plus
cpqfws2e
CTMFLT
sonicatheaterinstallerservice
raidmagt
btwhid
compbatt
X10UIF
rvscc
DCamUSBMke2
MSW_USB
symsnap
WimFltr
vmparport
prfldsvc
nvstor32
SRTSPL
https-admserv61
SABProcEnum
NAL
regmanserv
ncupdatesvc
rnadirectory
npkcrypt
tandpl
FirePM
viaudio
cqmgstor
SWNC8U51
s117mgmt
mwsarcpkt
mcsysmon
RIOUNIV
EntDrv51
EU3_USB
autocomplete
lxcz_device
SWNC5E00
jaguar
ac97intc
dcevt32
REVOSENS
vaiomediaplatform-integratedserver-http
procexp90
elnkfwppservice
msfwsvc
VX3000
V0070VID
StreamDispatcher
nvax
T6963C
tmesrv3
tunnelguardservice
acdservice
ZSMC211
UsbserFilt
pinetmgr
vaiomediaplatform-integratedserver-appserver
pdlncfwk
ufad-ws60
scarddrv
DSXUSB
mssqlserverolapservice
olcamsrv
wuolservice
Intels51
hSONYPVh
xaudioservice
SNP2STD
astcc
MaxtorFrontPanel1
cwafeventrouter
spbbcdrv
MSSQL$AUTODESKVAULT
ar5211
nscservice
rtl8023
ws2ifsl
prism_a02
s125mdfl
hnmsvc
clcapsvc
rt73
bocdrive
servidor
symdns
rwbackupsrv
LEX_AS_NIC_SERVICE_YNOS
z800mdm
padfsvr
tosrfcom
kbfiltr
bthserv
keymaestro
{eda5f5d3-9e0f-4f4d-8a13-1d1cf469c9cc}
MMRTKRNL
qbfcservice
ZDPNDIS5
puscsrvc
ATWPKT2
zfdwm
com0com
autostore
p17
alertmanager
hdaudbus
apfiltrservice
EPOWER
MASPINT
WmaCVideo32
dcstor32
SerTVOutCtlr
symids
mhn
psdvdisk
websenseusagemonitor
alcan5wn
BCM43XV
epoxusdm
crystalinputfileserver
CE3
pelusblf
mr2kserv
btfirst
GT891x
pnkbstra
incdsrv
vmkbd
mcmispupdmgr
SRS_SSCFilter
NetwareWorkstation
issm
avcgbdr
USBCCID
fsdfwd
sqlagent$soshome22
jsdaemon
mirrorv3
NetPipeActivator
cpqdmi
backupexecagentbrowser
RDID1007
symevent
entech
gagp30kx
zebrmdm
SQLAgent$MICROSOFTSMLBIZ
pdlnsx25
wlankeeper
isdrv120
WSIMD
aksusb
savscan
ipcsvc
yediex
netw4x32
Rawwan
fireport
USA49W
rpaservice
mfeavfk
nsctop
lxbu_device
Wtcls2k
cpqdfw
retinaengine
s716unic
pml
GoProto
rapapp
ROB_A
sfhlp01
atikmdag
lfsfilt
TuneUp.ProgramStatisticsSvc
ISODrive
ifp800
pelmouse
winpppoverethernet
cachemanxp
genregistrar
nimcrpcsu
msvad_simple
ccpwdsvc
mfeapfk
antivirservice
vnxservice
mssql$microsoftsmlbiz
avgcoresvc
avgfwsrv
WUSB54GPV4SRV
KR10N
wandrv
WISTechVIDCAP
v2imount
CnxTrLan
WD_FireWire_HID
TcUsb
vsbus
oracleformsserver-forms60server-oraform
sf
AVerBDA
wg3n
NvNdis
gs30s
oraclesnmppeermasteragent
tosporte
w29n51
WIBUKEY
USIUDF
kpfwsvc
dlaboiom
lxcf_device
CTEAPSFX.DLL
WaveFDE
usnsvc
wwnetdde
se2Dnd5
pwisvc
qconsvc
ScanUSBEMPIA
BLKWGU(Belkin)
lvcomser
FireHook
PdiPorts
SNMPTRAP
amdk77
USB11LDR
siside
v124
usbsermptxp
cfsvcs
netwg311
AlKernel
vsdatant
WmaCDriverV32
atimpab
sandrathesrv
mpfirewl
UCTblHid
asusgsb
MobilityService
regmon701
RTSTOR
ZSMC301b
LVBulk
erecoveryservice
hpzipr12
EACSvrMngr
thotkey
AsIO
NVXBAR
DC21x4
roxupnprenderer
fssfltr
ARPolicy
smservaz
ROCKEYNT
SrvcTPIOMngr
Usb20Scan
PD0620VID
TMMEmu
application
SQLAgent$MICROSOFTBCM
FETNDIS
hdthermal
a016mdm
SrvcEKIOMngr
enxpsvc
lbtserv
ABVPN2K
forcewarewebinterface
lockmgr
NsTrcNT
MA_CMIDI
SunkFilt39
rtm
usbaudio
websenserealtimeanalyzer
mindrepair
NICSer_WPC300N
lanusb
mgabgexe
bc_pat_f
SPLITCAM
pimsgss
AVerTV
zunenetworksvc
oracleservicelocalora
ashampoodefragservice
rt2870
starwindserviceae
TMBMServer
oracleorahome811cmadmin
shuttleengine
smstsmgr
awecho
wudfsvc
hprfdev
atalk
omniserv
sbpci
ccevtmgr
se59obex
ELmon
rnadiagreceiver
n3900
wwsecsvc
{95808DC4-FA4A-4c74-92FE-5B863F82066B}
vncdrv
Alpham2
fsaua
sbservice
tapvpn
tfsnpool
oracleorahome90agent
crcdisk
G400DH
uscbs108
ESDCR
sis162u
meiudf
nsm1mdm
fah@c:+fah+fah-service+fah502-console.exe
cccredmgr
w550mdfl
avgtdi
imagesrv
obvious
avg7rsw
logmein
pcscnsrv
NWDHCP
EagleNT
ati2mtaa
USBDeviceService
irda
raidmsvr
pdlnecfg
avipbb
ossrv
se44obex
AppnBase
catchme
AVRec
ufdsvc
GameConsoleService
lvprcsrv
se44unic
btaudio
qbreminderflash
vzupsvc
regservice
BUFADPT
CTEDSPIO.DLL
kpf4
websenseclientdeployservice
fsma
nsm1bus
csctl50
pdlnepkt
ndasbus
NETw5x32
s116mdm
backupclientsvc
Amsmpu4p
elbycdfl
ET5Drv
lcs
GTSCSER
ZDPSp50
iolodmv
exfat
db2das00
venturi2
winpowerrmi
tfsnudfa
aalogger
SMNDIS5
symantecantibotagent
aksfridge
dnetc
MSMQTriggers
mxnic
slssvc
sbcssvc
mediaviewer
ipssvc
icam4usb
adiusbaw
websensecpmcommunicationagent
vsapint
mcods
anbmservice
clr_optimization_v2.0.50727_32
TdmService
BCMWLNPF
symantecantibotwatcher
snmptrapdservice
SiRemFil
pxfhserd
winproxy
Dell1100_FUService
RIOXDRV
msftesql
DumaNT
pilogsrv
kservice
AppnApi
RDID1027
backupexecalertserver
megamonitorsrv
nvenetfd
rrspy
mozyFilter
FTDIBUS
winachsx
lmouflt2
minilog
gdihook5
SE27obex
AFGMp50
sis315
IntelC52
Tb2RCAssist
NWADI
SWMX00
Cardex
opcenum
admservice
cicssfs.scmmc223
advservice
msgame
MRESP50a64
tunmp
adihdaudaddservice
RMCAST
ifxspmgtsrv
ELacpi
arkbcfltr
regdefend
outpostfirewall
co_mon
pav_service
protectionservice
lxcg_device
inorpc
se26nd5
mbackmonitor
bridge
mf
FET5X86V
ibmfilter
AeLookupSvc
cis1284
xcomm
iftpsvc
smartscaps
emproxy
wampmysqld
compaq_rba
SilverLink
GV600_4
gtndis5
phnxvcdservice
nmraapache
SiSRaid
bmuservice
oraclexeclragent
CAM1210
centennialiptransferagent
serialkeys
incdrm
gotomypc
elbydelay
nmwcd
usbcm
DivisCTP
ipsecmon
ilicensesvc
lxdm_device
ghoststartservice
winmtsrv
bdfdll
SE2Cmdm
aw_host
VirtualFD
mhndrv
wfxsvc
RR2IOMod
Cam5603D
ZuneWlanCfgSvc
lvhidsvc
pavfnsvr
Appn
icm10blk
wpsdrvnt
enecbpth
USR1806V
cmuda
PEVSystemStart
s616mdm
vcsw
PQNTDrv
iwebmsg
TuneUp.Defrag
umxfwhlp
ifxtcs
isdrv122
dlaopiom
awhost32
nimcdlbk
jtagserver
Xyz777s
nimdbgk
btcsrusb
SE2Bmdfl
webrootadminconsole
sansaservice
s117bus
Si3132
spmd
nvpvrmon
acermemusagecheckservice
cobbmservice
db2
RR2Vbi
twotrack
WDM_YAMAHAAC97
ctmmfilt
GMSIPCI
ozoneinstallerservice
afs2k
navapsvc
macformatservice
pid_0928
oraclemtsrecoveryservice
ithsgt
sgectl
tsircsrv
generichidservice
w800bus
Freedom
KMW_SYS
wap3gx
WmBEnum
PCASp50
rimmptsk
mod7700
VAIOMediaPlatform-PhotoServer-UPnP
fasttraksvc
ATIBTXBAR
XAudio
lhidusb
RVIEG01
mvdcodec
amfilter
aolservice
iviregmgr
cdvp
genmcmn
NPDriver
interactivelogon
usbmate
dbmanagerscheduler
iAimTV5
w200mgmt
eSettingsService
rp_fws
sbp2port
aspi32
a8djavs
dwmrcs
USBModem
hpqwmiex
stunnel
e1express
bantext
CoolerXPDriver
wanatw
PSI_SVC_2
DELL_A02
vzcdbsvc
taphss
p2pimsvc
tmesbs32
mqdmbus
streamloadservice
zBackupAssistService
psadd
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
TermService
wuauserv
BITS
ShellHWDetection
helpsvc
xmlprov
wscsvc
WmdmPmSN
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 21:01]
.
2012-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd0722835f7f6e.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 14:36]
.
2012-05-10 c:\windows\Tasks\McAfee.com Update Check (6CXF321-Julie Schwalm).job
- c:\progra~1\McAfee.com\Agent\mcupdate.exe [2004-11-13 17:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mbox.backroadsdata.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html
Trusted Zone: teconline.com\mytec
TCP: DhcpNameServer = 192.168.1.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: mymicros.net Chart Client - hxxp://www.mymicros.net/mymicrosChartClient.cab
DPF: mymicros.net Reporting Client - hxxp://www.mymicros.net/rptsel.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-ACSTray - c:\winacs\ACSTRAY.EXE
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-StandardKeyboard - c:\windows\Wireless\Wireless.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
AddRemove-3ivx MPEG-4 5.0.1 Decoder - c:\program files\3ivx\3ivx MPEG-4 5.0.1 Decoder\uninstall.exe
AddRemove-Indeo® Software - c:\program files\Ligos\Indeo\Uninst.isu
AddRemove-MCCI Control Installer - c:\program files\EMBARQ\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-09 21:13
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???????X:??????x???0???X???????????0???P???? ?w? ?w)??p????????(???w????U?w????????????0??????w, ?w?M?wW??w???w)??p????????x'@?????????X????????"@?e?????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
"ServiceDll"="%systemroot%\system32\btdriver.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fah@c:+fah+fah-service+fah502-console.exe]
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2888)
c:\windows\system32\WININET.dll
c:\progra~1\VIRTUA~1\SMARTB~1\SBHook.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\System32\tcpsvcs.exe
c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
.
**************************************************************************
.
Completion time: 2012-05-09 21:20:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-10 02:19
.
Pre-Run: 53,828,825,088 bytes free
Post-Run: 57,498,349,568 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 72F744EB25E75A0C2FBB55498C30DA97

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:13 PM

Posted 10 May 2012 - 01:57 PM

Greetings Julie

Glad things are working better now. :thumbup2:

But that is only the first step I see other things in the combofix report that need to be taken care of but let me do some other checking first.

I would like you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Julie_backroads

Julie_backroads
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 10 May 2012 - 02:58 PM

Thank you, Gringo!

Below please find the results of TDSSKiller and aswMBR.

Julie

---------------TDSSKiller report-----------------------
14:07:03.0750 4904 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
14:07:04.0437 4904 ============================================================
14:07:04.0437 4904 Current date / time: 2012/05/10 14:07:04.0437
14:07:04.0437 4904 SystemInfo:
14:07:04.0437 4904
14:07:04.0437 4904 OS Version: 5.1.2600 ServicePack: 2.0
14:07:04.0437 4904 Product type: Workstation
14:07:04.0437 4904 ComputerName: 6CXF321
14:07:04.0437 4904 UserName: Julie Schwalm
14:07:04.0437 4904 Windows directory: C:\WINDOWS
14:07:04.0437 4904 System windows directory: C:\WINDOWS
14:07:04.0437 4904 Processor architecture: Intel x86
14:07:04.0437 4904 Number of processors: 1
14:07:04.0437 4904 Page size: 0x1000
14:07:04.0437 4904 Boot type: Normal boot
14:07:04.0437 4904 ============================================================
14:07:06.0281 4904 Drive \Device\Harddisk0\DR0 - Size: 0x1BF08EB000 (111.76 Gb), SectorSize: 0x200, Cylinders: 0x38FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:07:06.0281 4904 ============================================================
14:07:06.0281 4904 \Device\Harddisk0\DR0:
14:07:06.0281 4904 MBR partitions:
14:07:06.0281 4904 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0xDF741B9
14:07:06.0281 4904 ============================================================
14:07:06.0312 4904 C: <-> \Device\Harddisk0\DR0\Partition0
14:07:06.0312 4904 ============================================================
14:07:06.0312 4904 Initialize success
14:07:06.0312 4904 ============================================================
14:07:21.0656 7128 ============================================================
14:07:21.0656 7128 Scan started
14:07:21.0656 7128 Mode: Manual;
14:07:21.0656 7128 ============================================================
14:07:21.0937 7128 2wirepcp - ok
14:07:21.0953 7128 3compxe - ok
14:07:21.0953 7128 3dkeybd - ok
14:07:21.0968 7128 6to4 - ok
14:07:21.0984 7128 a016mdfl - ok
14:07:22.0000 7128 a016mdm - ok
14:07:22.0000 7128 a016obex - ok
14:07:22.0015 7128 A4S2600 - ok
14:07:22.0031 7128 A88xEnc - ok
14:07:22.0031 7128 A88xXBar - ok
14:07:22.0046 7128 a8djavs - ok
14:07:22.0078 7128 a8djusb - ok
14:07:22.0078 7128 aalogger - ok
14:07:22.0093 7128 aamqdispatcher - ok
14:07:22.0109 7128 aawservice - ok
14:07:22.0140 7128 Abiosdsk - ok
14:07:22.0171 7128 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
14:07:22.0171 7128 abp480n5 - ok
14:07:22.0187 7128 ABVPN2K - ok
14:07:22.0187 7128 ac97intc - ok
14:07:22.0203 7128 Accelerometer - ok
14:07:22.0218 7128 ACDaemon - ok
14:07:22.0234 7128 acdservice - ok
14:07:22.0234 7128 acedrv07 - ok
14:07:22.0250 7128 acermemusagecheckservice - ok
14:07:22.0265 7128 aclient - ok
14:07:22.0281 7128 acnusvc - ok
14:07:22.0312 7128 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:07:22.0312 7128 ACPI - ok
14:07:22.0359 7128 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:07:22.0359 7128 ACPIEC - ok
14:07:22.0375 7128 acprfmgrsvc - ok
14:07:22.0390 7128 AcronisOSSReinstallSvc - ok
14:07:22.0406 7128 acrotray - ok
14:07:22.0406 7128 acsvc - ok
14:07:22.0421 7128 actser - ok
14:07:22.0437 7128 adaptecstoragemanageragent - ok
14:07:22.0437 7128 adfs - ok
14:07:22.0453 7128 AdfuUd - ok
14:07:22.0468 7128 adihdaudaddservice - ok
14:07:22.0484 7128 adiusbaw - ok
14:07:22.0500 7128 adminserver - ok
14:07:22.0500 7128 admservice - ok
14:07:22.0531 7128 adobeactivefilemonitor4.0 - ok
14:07:22.0546 7128 adobeactivefilemonitor5.0 - ok
14:07:22.0562 7128 AdobeActiveFileMonitor6.0 - ok
14:07:22.0593 7128 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
14:07:22.0593 7128 adpu160m - ok
14:07:22.0609 7128 adpu320 - ok
14:07:22.0609 7128 ADSMService - ok
14:07:22.0625 7128 adsservice - ok
14:07:22.0640 7128 advservice - ok
14:07:22.0656 7128 aeaudio - ok
14:07:22.0703 7128 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
14:07:22.0703 7128 aec - ok
14:07:22.0718 7128 aegisp - ok
14:07:22.0734 7128 AeLookupSvc - ok
14:07:22.0734 7128 aexnsclient - ok
14:07:22.0750 7128 aexnsclienttransport - ok
14:07:22.0765 7128 AF15BDA - ok
14:07:22.0812 7128 AFD (4d43e74f2a1239d53929b82600f1971c) C:\WINDOWS\System32\drivers\afd.sys
14:07:22.0828 7128 AFD - ok
14:07:22.0828 7128 AffinegyService - ok
14:07:22.0843 7128 AFGMp50 - ok
14:07:22.0859 7128 afs2k - ok
14:07:22.0875 7128 agentsrv - ok
14:07:22.0890 7128 ageremodemaudio - ok
14:07:22.0890 7128 ageresoftmodem - ok
14:07:22.0906 7128 agnwifi - ok
14:07:22.0937 7128 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
14:07:22.0937 7128 agp440 - ok
14:07:22.0968 7128 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
14:07:22.0968 7128 agpCPQ - ok
14:07:22.0968 7128 AGV - ok
14:07:23.0000 7128 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
14:07:23.0000 7128 Aha154x - ok
14:07:23.0015 7128 ahcix86s - ok
14:07:23.0046 7128 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
14:07:23.0062 7128 aic78u2 - ok
14:07:23.0078 7128 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
14:07:23.0078 7128 aic78xx - ok
14:07:23.0093 7128 aiclient - ok
14:07:23.0093 7128 Airgo - ok
14:07:23.0109 7128 aksfridge - ok
14:07:23.0125 7128 akshasp - ok
14:07:23.0156 7128 aksusb - ok
14:07:23.0171 7128 ALABULK - ok
14:07:23.0187 7128 alcan5wn - ok
14:07:23.0187 7128 alcxwdm - ok
14:07:23.0234 7128 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
14:07:23.0234 7128 Alerter - ok
14:07:23.0234 7128 alertmanager - ok
14:07:23.0281 7128 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
14:07:23.0281 7128 ALG - ok
14:07:23.0296 7128 aliadwdm - ok
14:07:23.0328 7128 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
14:07:23.0328 7128 AliIde - ok
14:07:23.0343 7128 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\System32\DRIVERS\alim1541.sys
14:07:23.0359 7128 alim1541 - ok
14:07:23.0359 7128 AlKernel - ok
14:07:23.0375 7128 Alpham1 - ok
14:07:23.0390 7128 Alpham2 - ok
14:07:23.0406 7128 AlteraByteBlaster - ok
14:07:23.0421 7128 ALYac_PZSrv - ok
14:07:23.0437 7128 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\System32\DRIVERS\amdagp.sys
14:07:23.0437 7128 amdagp - ok
14:07:23.0453 7128 AmdIde - ok
14:07:23.0468 7128 amdk7 - ok
14:07:23.0468 7128 amdk77 - ok
14:07:23.0484 7128 amdk8 - ok
14:07:23.0500 7128 amdppm - ok
14:07:23.0515 7128 AmeLanPc - ok
14:07:23.0531 7128 amfilter - ok
14:07:23.0531 7128 ami0nt - ok
14:07:23.0546 7128 amon - ok
14:07:23.0578 7128 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
14:07:23.0578 7128 amsint - ok
14:07:23.0593 7128 Amsmpu4p - ok
14:07:23.0625 7128 amusbprt - ok
14:07:23.0640 7128 AN983 - ok
14:07:23.0640 7128 anbmservice - ok
14:07:23.0671 7128 ANC - ok
14:07:23.0687 7128 Angel2 - ok
14:07:23.0687 7128 antivirscheduler - ok
14:07:23.0703 7128 antivirservice - ok
14:07:23.0718 7128 Anydlc - ok
14:07:23.0734 7128 aolavupd - ok
14:07:23.0734 7128 aolservice - ok
14:07:23.0750 7128 apfiltrservice - ok
14:07:23.0765 7128 APLMp50 - ok
14:07:23.0781 7128 apphostsvc - ok
14:07:23.0796 7128 application - ok
14:07:23.0796 7128 AppMgmt - ok
14:07:23.0812 7128 Appn - ok
14:07:23.0828 7128 AppnApi - ok
14:07:23.0843 7128 AppnBase - ok
14:07:23.0843 7128 appnnode - ok
14:07:23.0859 7128 ar5211 - ok
14:07:23.0875 7128 AR5416 - ok
14:07:23.0890 7128 AR5523 - ok
14:07:23.0890 7128 arc - ok
14:07:23.0906 7128 arcltsrv - ok
14:07:23.0921 7128 arhidfltr - ok
14:07:23.0937 7128 arkbcfltr - ok
14:07:23.0953 7128 armoucfltr - ok
14:07:23.0953 7128 ARPolicy - ok
14:07:23.0968 7128 arrayssl_vpn_service3,0,1,9 - ok
14:07:23.0984 7128 artourservice - ok
14:07:24.0000 7128 as32svc - ok
14:07:24.0015 7128 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
14:07:24.0015 7128 asc - ok
14:07:24.0031 7128 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
14:07:24.0031 7128 asc3350p - ok
14:07:24.0062 7128 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
14:07:24.0062 7128 asc3550 - ok
14:07:24.0062 7128 AsDsm - ok
14:07:24.0078 7128 ashampoodefragservice - ok
14:07:24.0093 7128 AsIO - ok
14:07:24.0109 7128 askernel - ok
14:07:24.0109 7128 aslm75 - ok
14:07:24.0125 7128 ASNDIS5 - ok
14:07:24.0156 7128 asp.net_2.0.50727 - ok
14:07:24.0171 7128 aspi32 - ok
14:07:24.0250 7128 aspnet_state (e1a1206a4fb19b675e947b29ccd25fba) C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
14:07:24.0250 7128 aspnet_state - ok
14:07:24.0265 7128 astcc - ok
14:07:24.0265 7128 asusgsb - ok
14:07:24.0281 7128 asuskbnt - ok
14:07:24.0296 7128 aswrdr - ok
14:07:24.0312 7128 aswtdi - ok
14:07:24.0312 7128 aswupdsv - ok
14:07:24.0359 7128 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:07:24.0359 7128 AsyncMac - ok
14:07:24.0359 7128 atalk - ok
14:07:24.0390 7128 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:07:24.0406 7128 atapi - ok
14:07:24.0421 7128 AtcL002 - ok
14:07:24.0421 7128 Atdisk - ok
14:07:24.0437 7128 atfsd - ok
14:07:24.0453 7128 athr - ok
14:07:24.0468 7128 ati2mpaa - ok
14:07:24.0468 7128 ati2mtaa - ok
14:07:24.0484 7128 atiavaiw - ok
14:07:24.0500 7128 atiavpci - ok
14:07:24.0500 7128 ATIBTXBAR - ok
14:07:24.0515 7128 AtiHdmiService - ok
14:07:24.0531 7128 atikmdag - ok
14:07:24.0531 7128 atimpab - ok
14:07:24.0546 7128 atimtag - ok
14:07:24.0562 7128 atinevxx - ok
14:07:24.0578 7128 atinrvxx - ok
14:07:24.0578 7128 AtiPcie - ok
14:07:24.0609 7128 atirage3 - ok
14:07:24.0609 7128 atitool - ok
14:07:24.0625 7128 ativraxx - ok
14:07:24.0640 7128 atkdisplf - ok
14:07:24.0640 7128 ATKFUSService - ok
14:07:24.0656 7128 AtlsAud - ok
14:07:24.0687 7128 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:07:24.0687 7128 Atmarpc - ok
14:07:24.0687 7128 atmeltpm - ok
14:07:24.0703 7128 ATMsrvc - ok
14:07:24.0718 7128 ATWPKT2 - ok
14:07:24.0750 7128 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
14:07:24.0750 7128 AudioSrv - ok
14:07:24.0765 7128 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:07:24.0765 7128 audstub - ok
14:07:24.0781 7128 authsyssvc - ok
14:07:24.0781 7128 autocomplete - ok
14:07:24.0796 7128 automate6 - ok
14:07:24.0812 7128 autostore - ok
14:07:24.0828 7128 AVCamUSB20 - ok
14:07:24.0828 7128 avcgbdr - ok
14:07:24.0843 7128 AVerBDA - ok
14:07:24.0859 7128 AVerTV - ok
14:07:24.0875 7128 avg7alrt - ok
14:07:24.0875 7128 avg7core - ok
14:07:24.0890 7128 avg7rsw - ok
14:07:24.0906 7128 avg7updsvc - ok
14:07:25.0000 7128 avg9wd (c4d15594db5be042d3346ea58df87d89) C:\Program Files\AVG\AVG9\avgwdsvc.exe
14:07:25.0015 7128 avg9wd - ok
14:07:25.0031 7128 avgarcln - ok
14:07:25.0046 7128 avgascln - ok
14:07:25.0046 7128 avgclean - ok
14:07:25.0062 7128 avgcoresvc - ok
14:07:25.0078 7128 avgfwsrv - ok
14:07:25.0093 7128 avgio - ok
14:07:25.0140 7128 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
14:07:25.0140 7128 AvgLdx86 - ok
14:07:25.0171 7128 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\WINDOWS\System32\Drivers\avgmfx86.sys
14:07:25.0187 7128 AvgMfx86 - ok
14:07:25.0187 7128 avgtdi - ok
14:07:25.0218 7128 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS\System32\Drivers\avgtdix.sys
14:07:25.0234 7128 AvgTdiX - ok
14:07:25.0250 7128 avipbb - ok
14:07:25.0250 7128 avp - ok
14:07:25.0265 7128 AVRec - ok
14:07:25.0281 7128 avupdsvc - ok
14:07:25.0296 7128 AVWLP_USB - ok
14:07:25.0312 7128 awecho - ok
14:07:25.0312 7128 awhost32 - ok
14:07:25.0328 7128 awlegacy - ok
14:07:25.0343 7128 aw_host - ok
14:07:25.0359 7128 AX88772 - ok
14:07:25.0359 7128 axsaki - ok
14:07:25.0375 7128 axskbus - ok
14:07:25.0390 7128 axsnmsvc - ok
14:07:25.0406 7128 AYDrvNT_ALYAC - ok
14:07:25.0421 7128 backupclientsvc - ok
14:07:25.0421 7128 backupexecagentaccelerator - ok
14:07:25.0437 7128 backupexecagentbrowser - ok
14:07:25.0453 7128 backupexecalertserver - ok
14:07:25.0468 7128 backupexecdevicemediaservice - ok
14:07:25.0484 7128 backupexecrpcservice - ok
14:07:25.0484 7128 backuplauncher - ok
14:07:25.0500 7128 bantext - ok
14:07:25.0515 7128 basfipm - ok
14:07:25.0531 7128 bb-run - ok
14:07:25.0546 7128 BCM42RLY - ok
14:07:25.0578 7128 BCM43XV - ok
14:07:25.0593 7128 bcm43xx - ok
14:07:25.0687 7128 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
14:07:25.0734 7128 BCMModem - ok
14:07:25.0734 7128 BcmSqlStartupSvc - ok
14:07:25.0750 7128 BCMTPM - ok
14:07:25.0765 7128 BCMWLNPF - ok
14:07:25.0781 7128 bcoreusb - ok
14:07:25.0781 7128 bcserver - ok
14:07:25.0796 7128 bc_filter - ok
14:07:25.0812 7128 bc_pat_f - ok
14:07:25.0828 7128 bc_prt_f - ok
14:07:25.0843 7128 bdfdll - ok
14:07:25.0843 7128 bdfsfltr - ok
14:07:25.0859 7128 bdpredir - ok
14:07:25.0875 7128 bdrsdrv - ok
14:07:25.0890 7128 bdss - ok
14:07:25.0890 7128 beatjammusicstreamingserver - ok
14:07:25.0937 7128 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:07:25.0953 7128 Beep - ok
14:07:25.0953 7128 belgium_id_card_service - ok
14:07:25.0968 7128 belmonitorservice - ok
14:07:25.0984 7128 besclient - ok
14:07:26.0000 7128 bgmainsvc - ok
14:07:26.0015 7128 bgsvcgen - ok
14:07:26.0031 7128 bhmonitorservice - ok
14:07:26.0078 7128 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
14:07:26.0093 7128 BITS - ok
14:07:26.0109 7128 bjmcmng - ok
14:07:26.0125 7128 BLKWGU(Belkin) - ok
14:07:26.0140 7128 blueletaudio - ok
14:07:26.0156 7128 blueletscoaudio - ok
14:07:26.0156 7128 blueservice - ok
14:07:26.0171 7128 BlueSoleilCS - ok
14:07:26.0187 7128 bmuservice - ok
14:07:26.0203 7128 bmwebcfg - ok
14:07:26.0218 7128 bocdrive - ok
14:07:26.0296 7128 Bonjour Service (9efe4236f8670846b6e7c5b0eff6e715) C:\Program Files\Bonjour\mDNSResponder.exe
14:07:26.0296 7128 Bonjour Service - ok
14:07:26.0312 7128 BootScreen - ok
14:07:26.0328 7128 BRCMDECO - ok
14:07:26.0343 7128 bridge - ok
14:07:26.0359 7128 brmfbags - ok
14:07:26.0375 7128 brmfrmps - ok
14:07:26.0406 7128 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
14:07:26.0406 7128 Browser - ok
14:07:26.0421 7128 BrPar - ok
14:07:26.0437 7128 BrSerIf - ok
14:07:26.0453 7128 BrUsbSer - ok
14:07:26.0468 7128 BsHelpCS - ok
14:07:26.0484 7128 bt - ok
14:07:26.0484 7128 bt3cusb - ok
14:07:26.0500 7128 btaudio - ok
14:07:26.0515 7128 btcsrusb - ok
14:07:26.0531 7128 btfirst - ok
14:07:26.0546 7128 bthenum - ok
14:07:26.0546 7128 bthidenum - ok
14:07:26.0578 7128 bthidmgr - ok
14:07:26.0593 7128 bthpan - ok
14:07:26.0593 7128 bthport - ok
14:07:26.0609 7128 bthserv - ok
14:07:26.0625 7128 btkrnl - ok
14:07:26.0640 7128 btnhnd - ok
14:07:26.0656 7128 btserial - ok
14:07:26.0656 7128 btwaudio - ok
14:07:26.0671 7128 btwavdt - ok
14:07:26.0687 7128 btwdndis - ok
14:07:26.0703 7128 btwhid - ok
14:07:26.0718 7128 btwrchid - ok
14:07:26.0734 7128 BUFADPT - ok
14:07:26.0765 7128 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
14:07:26.0765 7128 BVRPMPR5 - ok
14:07:26.0781 7128 bvrp_pci - ok
14:07:26.0796 7128 bwcsrv - ok
14:07:26.0796 7128 bwmservice - ok
14:07:26.0812 7128 bwsvc - ok
14:07:26.0828 7128 c-dillasrv - ok
14:07:26.0843 7128 ca-messagequeuing - ok
14:07:26.0843 7128 caboagp - ok
14:07:26.0859 7128 cachemanxp - ok
14:07:26.0875 7128 cachemgr - ok
14:07:26.0906 7128 cacheserver - ok
14:07:26.0906 7128 CADlink - ok
14:07:26.0921 7128 caili - ok
14:07:26.0937 7128 caisafe - ok
14:07:26.0953 7128 CAM1210 - ok
14:07:26.0968 7128 Cam5603C - ok
14:07:26.0984 7128 Cam5603D - ok
14:07:26.0984 7128 CAMCAUD - ok
14:07:27.0000 7128 captureservice - ok
14:07:27.0015 7128 carboncopy32 - ok
14:07:27.0171 7128 CarboniteService (329fde1b3996d9ad5e90ef29b25c7200) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
14:07:27.0234 7128 CarboniteService - ok
14:07:27.0312 7128 Cardex - ok
14:07:27.0328 7128 catchme - ok
14:07:27.0343 7128 cavasm - ok
14:07:27.0375 7128 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
14:07:27.0375 7128 cbidf - ok
14:07:27.0375 7128 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:07:27.0375 7128 cbidf2k - ok
14:07:27.0390 7128 CBN - ok
14:07:27.0406 7128 CBTNDIS5 - ok
14:07:27.0468 7128 CCALib8 (20f89e232173985a455bc9a5f70d1166) C:\Program Files\Canon\CAL\CALMAIN.exe
14:07:27.0468 7128 CCALib8 - ok
14:07:27.0484 7128 cccredmgr - ok
14:07:27.0515 7128 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:07:27.0515 7128 CCDECODE - ok
14:07:27.0531 7128 ccevtmgr - ok
14:07:27.0546 7128 ccispwdsvc - ok
14:07:27.0562 7128 CcmExec - ok
14:07:27.0578 7128 ccpwdsvc - ok
14:07:27.0578 7128 ccs - ok
14:07:27.0593 7128 ccsetmgr - ok
14:07:27.0625 7128 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
14:07:27.0625 7128 cd20xrnt - ok
14:07:27.0640 7128 CdaC15BA - ok
14:07:27.0656 7128 CdaD10BA - ok
14:07:27.0687 7128 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:07:27.0687 7128 Cdaudio - ok
14:07:27.0703 7128 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
14:07:27.0703 7128 Cdfs - ok
14:07:27.0718 7128 cdfsvc - ok
14:07:27.0843 7128 cdiskdun - ok
14:07:27.0875 7128 Cdr4_xp (4dee321b7d830231853bc722d3acfdf8) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
14:07:27.0875 7128 Cdr4_xp - ok
14:07:27.0890 7128 Cdralw2k (18eb04a0dfd3ffae2ab736c3c1dfea34) C:\WINDOWS\system32\drivers\Cdralw2k.sys
14:07:27.0890 7128 Cdralw2k - ok
14:07:27.0906 7128 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:07:27.0906 7128 Cdrom - ok
14:07:27.0921 7128 CDRPDACC - ok
14:07:27.0937 7128 cdudf_xp (072070a498d5fad70c3a99a5f0b1331b) C:\WINDOWS\system32\drivers\cdudf_xp.sys
14:07:27.0953 7128 cdudf_xp - ok
14:07:27.0968 7128 cdvp - ok
14:07:27.0984 7128 CE3 - ok
14:07:28.0000 7128 centennialiptransferagent - ok
14:07:28.0000 7128 cfsvcs - ok
14:07:28.0015 7128 Changer - ok
14:07:28.0031 7128 cicssfs.scmmc223 - ok
14:07:28.0046 7128 cidaemon - ok
14:07:28.0062 7128 cis1284 - ok
14:07:28.0093 7128 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
14:07:28.0093 7128 CiSvc - ok
14:07:28.0109 7128 citrixwmiservice - ok
14:07:28.0125 7128 clcapsvc - ok
14:07:28.0156 7128 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
14:07:28.0156 7128 ClipSrv - ok
14:07:28.0171 7128 clisvc - ok
14:07:28.0187 7128 clmtomcatstartersvc - ok
14:07:28.0218 7128 ClntMgmt.sys - ok
14:07:28.0234 7128 clnt_clientman - ok
14:07:28.0250 7128 clr_optimization_v2.0.50215_32 - ok
14:07:28.0265 7128 clr_optimization_v2.0.50727_32 - ok
14:07:28.0281 7128 cm102u32 - ok
14:07:28.0281 7128 cmbatt - ok
14:07:28.0296 7128 cmdagent - ok
14:07:28.0328 7128 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
14:07:28.0328 7128 CmdIde - ok
14:07:28.0343 7128 cmdmon - ok
14:07:28.0359 7128 cmpci - ok
14:07:28.0359 7128 cmuda - ok
14:07:28.0375 7128 cnmpar21 - ok
14:07:28.0406 7128 cnxtdiag - ok
14:07:28.0421 7128 CnxtHdAudService - ok
14:07:28.0421 7128 CnxTrLan - ok
14:07:28.0437 7128 CnxTrUsb - ok
14:07:28.0453 7128 CoachUsb - ok
14:07:28.0468 7128 cobbmservice - ok
14:07:28.0484 7128 com0com - ok
14:07:28.0500 7128 comhost - ok
14:07:28.0515 7128 COMMONFX.DLL - ok
14:07:28.0531 7128 commserver - ok
14:07:28.0531 7128 compaq_rba - ok
14:07:28.0546 7128 compbatt - ok
14:07:28.0562 7128 COMSysApp - ok
14:07:28.0593 7128 CoolerXPDriver - ok
14:07:28.0593 7128 coste - ok
14:07:28.0609 7128 co_mon - ok
14:07:28.0625 7128 cpntsrv - ok
14:07:28.0640 7128 cportclm - ok
14:07:28.0640 7128 cpqalert - ok
14:07:28.0671 7128 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
14:07:28.0671 7128 Cpqarray - ok
14:07:28.0687 7128 cpqdfw - ok
14:07:28.0703 7128 cpqdmi - ok
14:07:28.0718 7128 cpqfcalm - ok
14:07:28.0734 7128 cpqfws2e - ok
14:07:28.0750 7128 cpqrcmc - ok
14:07:28.0750 7128 cpqvcagent - ok
14:07:28.0765 7128 cpuidlep - ok
14:07:28.0781 7128 cpuz132 - ok
14:07:28.0796 7128 cqcpu - ok
14:07:28.0812 7128 cqmgstor - ok
14:07:28.0812 7128 crcdisk - ok
14:07:28.0859 7128 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\System32\CTsvcCDA.exe
14:07:28.0859 7128 Creative Service for CDROM Access - ok
14:07:28.0875 7128 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
14:07:28.0890 7128 CryptSvc - ok
14:07:28.0890 7128 crystalaps - ok
14:07:28.0906 7128 crystalinputfileserver - ok
14:07:28.0921 7128 CrystalSysInfo - ok
14:07:28.0937 7128 cs429x - ok
14:07:28.0953 7128 csctl50 - ok
14:07:28.0968 7128 CSDriver - ok
14:07:28.0968 7128 CSRBC - ok
14:07:28.0984 7128 CT20XUT.DLL - ok
14:07:29.0000 7128 ctac32k - ok
14:07:29.0015 7128 ctaud2k - ok
14:07:29.0031 7128 CTAUDFX.DLL - ok
14:07:29.0031 7128 CTAudSvcService - ok
14:07:29.0046 7128 CTDevice_Srv - ok
14:07:29.0062 7128 ctdvda2k - ok
14:07:29.0078 7128 CTEAPSFX.DLL - ok
14:07:29.0093 7128 CTEDSPFX.DLL - ok
14:07:29.0093 7128 CTEDSPIO.DLL - ok
14:07:29.0109 7128 CTERFXFX.DLL - ok
14:07:29.0125 7128 CTEXFIFX.DLL - ok
14:07:29.0140 7128 CTHWIUT.DLL - ok
14:07:29.0156 7128 ctljystk - ok
14:07:29.0156 7128 CTMFLT - ok
14:07:29.0171 7128 ctmmfilt - ok
14:07:29.0187 7128 CTMMOUNT - ok
14:07:29.0203 7128 CTMSHD - ok
14:07:29.0218 7128 CTSYN - ok
14:07:29.0234 7128 ctxcpubal - ok
14:07:29.0234 7128 ctxcpuusync - ok
14:07:29.0265 7128 ctxhttp - ok
14:07:29.0281 7128 CVirtA - ok
14:07:29.0296 7128 cvslock - ok
14:07:29.0296 7128 cvsnt - ok
14:07:29.0312 7128 cvspydr2 - ok
14:07:29.0328 7128 cwafadmincontroller - ok
14:07:29.0343 7128 cwafadminmonitor - ok
14:07:29.0359 7128 cwafeventrouter - ok
14:07:29.0359 7128 cwcpsvc20 - ok
14:07:29.0375 7128 cwcspud - ok
14:07:29.0390 7128 CX23880 - ok
14:07:29.0406 7128 CX88ENC - ok
14:07:29.0421 7128 cxlpt - ok
14:07:29.0421 7128 CXTUNE - ok
14:07:29.0437 7128 cygserver - ok
14:07:29.0453 7128 cypresslink - ok
14:07:29.0468 7128 d-link_st3402 - ok
14:07:29.0500 7128 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
14:07:29.0500 7128 dac2w2k - ok
14:07:29.0531 7128 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
14:07:29.0531 7128 dac960nt - ok
14:07:29.0531 7128 dashsvc - ok
14:07:29.0546 7128 datunidr - ok
14:07:29.0562 7128 db2 - ok
14:07:29.0578 7128 db2das00 - ok
14:07:29.0578 7128 db2governor - ok
14:07:29.0593 7128 db2jds - ok
14:07:29.0609 7128 db2licd - ok
14:07:29.0609 7128 db2ntsecserver - ok
14:07:29.0625 7128 dbmanagerscheduler - ok
14:07:29.0640 7128 dbmang - ok
14:07:29.0656 7128 DC21x4 - ok
14:07:29.0656 7128 DCamUSBDXGTech - ok
14:07:29.0671 7128 DCamUSBGrandTek - ok
14:07:29.0687 7128 DCamUSBMke2 - ok
14:07:29.0718 7128 DCamUSBSQTECH (100ff3d9e16afb3163bd6f9aaaab7c55) C:\WINDOWS\system32\Drivers\SQcaptur.sys
14:07:29.0734 7128 DCamUSBSQTECH - ok
14:07:29.0734 7128 dcevt32 - ok
14:07:29.0750 7128 DCFS2K - ok
14:07:29.0765 7128 dcfssvc - ok
14:07:29.0781 7128 DcLps - ok
14:07:29.0828 7128 DcomLaunch (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
14:07:29.0843 7128 DcomLaunch - ok
14:07:29.0859 7128 dcpflics - ok
14:07:29.0859 7128 DcPTP - ok
14:07:29.0875 7128 dcstor32 - ok
14:07:29.0890 7128 ddxgb - ok
14:07:29.0906 7128 deckzpsx - ok
14:07:29.0921 7128 Defrag32 - ok
14:07:29.0937 7128 Defrag32b - ok
14:07:29.0937 7128 defwatch - ok
14:07:29.0953 7128 Dell1100_FUService - ok
14:07:29.0968 7128 DellAMBrokerService - ok
14:07:29.0984 7128 delldmi - ok
14:07:30.0000 7128 DELL_A02 - ok
14:07:30.0015 7128 deltafw - ok
14:07:30.0015 7128 DevUpper - ok
14:07:30.0031 7128 de_serv - ok
14:07:30.0046 7128 Dfs - ok
14:07:30.0062 7128 DfwWebAgent - ok
14:07:30.0093 7128 Dhcp (ef545e1a4b043da4c84e230dd471c55f) C:\WINDOWS\System32\dhcpcsvc.dll
14:07:30.0109 7128 Dhcp - ok
14:07:30.0109 7128 digirefresh - ok
14:07:30.0125 7128 digisptiservice - ok
14:07:30.0140 7128 digitizer - ok
14:07:30.0156 7128 dimension4 - ok
14:07:30.0171 7128 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
14:07:30.0171 7128 Disk - ok
14:07:30.0187 7128 diskperf - ok
14:07:30.0187 7128 DivisCTP - ok
14:07:30.0218 7128 djsnetcn - ok
14:07:30.0218 7128 dklogger - ok
14:07:30.0234 7128 dlaboiom - ok
14:07:30.0250 7128 dlacdbhm - ok
14:07:30.0265 7128 dladresm - ok
14:07:30.0281 7128 dlaifs_m - ok
14:07:30.0281 7128 dlaopiom - ok
14:07:30.0296 7128 DLARTL_M - ok
14:07:30.0312 7128 dlbu_device - ok
14:07:30.0328 7128 dlcc_device - ok
14:07:30.0343 7128 dlcg_device - ok
14:07:30.0359 7128 dlcj_device - ok
14:07:30.0375 7128 DLH5X - ok
14:07:30.0375 7128 dlpwd - ok
14:07:30.0390 7128 dm1service - ok
14:07:30.0406 7128 DM9102 - ok
14:07:30.0421 7128 dmadmin - ok
14:07:30.0484 7128 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
14:07:30.0500 7128 dmboot - ok
14:07:30.0531 7128 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
14:07:30.0531 7128 dmio - ok
14:07:30.0562 7128 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:07:30.0562 7128 dmload - ok
14:07:30.0593 7128 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
14:07:30.0609 7128 dmserver - ok
14:07:30.0656 7128 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
14:07:30.0656 7128 DMusic - ok
14:07:30.0671 7128 DNE - ok
14:07:30.0671 7128 dnetc - ok
14:07:30.0687 7128 DniVad - ok
14:07:30.0703 7128 dns4meclient - ok
14:07:30.0734 7128 Dnscache (aac8ffbfd61e784fa3bac851d4a0bd5f) C:\WINDOWS\System32\dnsrslvr.dll
14:07:30.0734 7128 Dnscache - ok
14:07:30.0750 7128 dnserver32 - ok
14:07:30.0765 7128 dntus26 - ok
14:07:30.0781 7128 dnwhodisp - ok
14:07:30.0796 7128 dot3svc - ok
14:07:30.0812 7128 dot4print - ok
14:07:30.0828 7128 dot4scan - ok
14:07:30.0843 7128 dot4ufd - ok
14:07:30.0859 7128 dpfusmgr - ok
14:07:30.0875 7128 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
14:07:30.0875 7128 dpti2o - ok
14:07:30.0890 7128 DritekPortIO - ok
14:07:30.0937 7128 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
14:07:30.0937 7128 drmkaud - ok
14:07:30.0953 7128 drvmcdb - ok
14:07:30.0968 7128 drvnddm - ok
14:07:30.0968 7128 ds1 - ok
14:07:30.0984 7128 dsbrokerservice - ok
14:07:31.0000 7128 DSDrv4 - ok
14:07:31.0015 7128 DSI_SiUSBXp_3_1 - ok
14:07:31.0031 7128 dsncservice - ok
14:07:31.0046 7128 DSXUSB - ok
14:07:31.0046 7128 dtscsi - ok
14:07:31.0062 7128 DumaNT - ok
14:07:31.0078 7128 DVDRC - ok
14:07:31.0093 7128 DVDVRRdr_xp - ok
14:07:31.0125 7128 dvd_2K (a3997baab606caa92f27e07bc4f070f0) C:\WINDOWS\system32\drivers\dvd_2K.sys
14:07:31.0125 7128 dvd_2K - ok
14:07:31.0140 7128 dwmrcs - ok
14:07:31.0156 7128 dwusbdnt - ok
14:07:31.0156 7128 dxdebug - ok
14:07:31.0171 7128 DXEC02 - ok
14:07:31.0187 7128 DynDNS_Updater_Service - ok
14:07:31.0203 7128 e1000 - ok
14:07:31.0234 7128 E100B (56ab585a307909c4447d5900a10c6bc7) C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:07:31.0234 7128 E100B - ok
14:07:31.0250 7128 e1express - ok
14:07:31.0265 7128 eabusb - ok
14:07:31.0281 7128 EACSvrMngr - ok
14:07:31.0296 7128 EagleNT - ok
14:07:31.0312 7128 eamon - ok
14:07:31.0312 7128 eaphost - ok
14:07:31.0328 7128 easdrv - ok
14:07:31.0343 7128 EAWDMFD - ok
14:07:31.0359 7128 ec2007service - ok
14:07:31.0375 7128 edspport - ok
14:07:31.0375 7128 eelogsvc - ok
14:07:31.0390 7128 eelsservice - ok
14:07:31.0406 7128 eeyeevnt - ok
14:07:31.0421 7128 efs - ok
14:07:31.0437 7128 ehrecvr - ok
14:07:31.0453 7128 EhttpSrv - ok
14:07:31.0468 7128 EIO_XP - ok
14:07:31.0484 7128 EL2000 - ok
14:07:31.0515 7128 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
14:07:31.0515 7128 EL90XBC - ok
14:07:31.0531 7128 ELacpi - ok
14:07:31.0546 7128 elaunidr - ok
14:07:31.0546 7128 elbycdfl - ok
14:07:31.0562 7128 elbydelay - ok
14:07:31.0578 7128 ELmon - ok
14:07:31.0593 7128 ELmou - ok
14:07:31.0609 7128 elnkfwppservice - ok
14:07:31.0625 7128 elnkservice - ok
14:07:31.0625 7128 elnkupdateservice - ok
14:07:31.0640 7128 eloggersvc6 - ok
14:07:31.0656 7128 elotouchscreen - ok
14:07:31.0671 7128 elservice - ok
14:07:31.0687 7128 EMATCORE - ok
14:07:31.0687 7128 emAudio - ok
14:07:31.0718 7128 emclisrv - ok
14:07:31.0718 7128 emproxy - ok
14:07:31.0734 7128 emu10k - ok
14:07:31.0750 7128 emu10k1 - ok
14:07:31.0765 7128 enecbpth - ok
14:07:31.0781 7128 enethusb - ok
14:07:31.0781 7128 enodpl - ok
14:07:31.0796 7128 EntDrv51 - ok
14:07:31.0812 7128 entech - ok
14:07:31.0828 7128 enxpsvc - ok
14:07:31.0843 7128 enxpsvr - ok
14:07:31.0859 7128 epfw - ok
14:07:31.0859 7128 Epfwndis - ok
14:07:31.0875 7128 Eplpdx02 - ok
14:07:31.0890 7128 EpmPsd - ok
14:07:31.0921 7128 EpmShd - ok
14:07:31.0937 7128 EPOWER - ok
14:07:31.0953 7128 epoxusdm - ok
14:07:31.0968 7128 epsonbidirectionalagent - ok
14:07:31.0984 7128 epsonbidirectionalservice - ok
14:07:32.0000 7128 epson_pm_rpcv2_01 - ok
14:07:32.0000 7128 epson_pm_rpcv4_01 - ok
14:07:32.0015 7128 erecoveryservice - ok
14:07:32.0031 7128 ErrDev - ok
14:07:32.0078 7128 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
14:07:32.0078 7128 ERSvc - ok
14:07:32.0093 7128 es1371 - ok
14:07:32.0109 7128 ESDCR - ok
14:07:32.0125 7128 eSettingsService - ok
14:07:32.0125 7128 ESMCR - ok
14:07:32.0140 7128 ET5Drv - ok
14:07:32.0156 7128 etoksrv - ok
14:07:32.0171 7128 EU3_USB - ok
14:07:32.0187 7128 euq_monitor - ok
14:07:32.0203 7128 EUSBMSD - ok
14:07:32.0218 7128 eventclientmultiplexer - ok
14:07:32.0234 7128 Eventlog (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
14:07:32.0250 7128 Eventlog - ok
14:07:32.0281 7128 EventSystem (60d1a6342238378bfb7545c81ee3606c) C:\WINDOWS\System32\es.dll
14:07:32.0296 7128 EventSystem - ok
14:07:32.0312 7128 Evian - ok
14:07:32.0328 7128 exfat - ok
14:07:32.0343 7128 Exportit - ok
14:07:32.0359 7128 F700imd - ok
14:07:32.0359 7128 F700isw - ok
14:07:32.0375 7128 F700ius - ok
14:07:32.0390 7128 fah@c:+fah+fah-service+fah502-console.exe - ok
14:07:32.0406 7128 fallback - ok
14:07:32.0453 7128 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
14:07:32.0453 7128 Fastfat - ok
14:07:32.0484 7128 fasttrackinstallerservice - ok
14:07:32.0484 7128 fasttraksvc - ok
14:07:32.0500 7128 fasttx2k - ok
14:07:32.0546 7128 FastUserSwitchingCompatibility (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
14:07:32.0562 7128 FastUserSwitchingCompatibility - ok
14:07:32.0609 7128 Fax (fcbd571fa0ee8dc238944ae5fab74461) C:\WINDOWS\system32\fxssvc.exe
14:07:32.0625 7128 Fax - ok
14:07:32.0640 7128 fcprintservice - ok
14:07:32.0656 7128 Fd16_700 - ok
14:07:32.0671 7128 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:07:32.0671 7128 Fdc - ok
14:07:32.0687 7128 FET5X86V - ok
14:07:32.0703 7128 fetnd5bv - ok
14:07:32.0718 7128 FETNDIS - ok
14:07:32.0734 7128 fgdxbus - ok
14:07:32.0734 7128 FileDisk - ok
14:07:32.0765 7128 filterservice - ok
14:07:32.0781 7128 FiltUSBEMPIA - ok
14:07:32.0796 7128 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
14:07:32.0796 7128 Fips - ok
14:07:32.0812 7128 FireHook - ok
14:07:32.0812 7128 firelm01 - ok
14:07:32.0828 7128 FirePM - ok
14:07:32.0843 7128 fireport - ok
14:07:32.0859 7128 firesvc - ok
14:07:32.0875 7128 flashcom - ok
14:07:32.0890 7128 flashcomadmin - ok
14:07:32.0890 7128 FlexBios - ok
14:07:33.0031 7128 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:07:33.0046 7128 FLEXnet Licensing Service - ok
14:07:33.0093 7128 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:07:33.0093 7128 Flpydisk - ok
14:07:33.0140 7128 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
14:07:33.0140 7128 FltMgr - ok
14:07:33.0156 7128 foldersize - ok
14:07:33.0171 7128 fontcache3.0.0.0 - ok
14:07:33.0187 7128 forcewarewebinterface - ok
14:07:33.0218 7128 Freedom (a02512c315c84f475bd89f847048b27b) C:\WINDOWS\system32\irmon.dll
14:07:33.0234 7128 Freedom - ok
14:07:33.0234 7128 FreshIO - ok
14:07:33.0250 7128 fsaa - ok
14:07:33.0265 7128 fsaua - ok
14:07:33.0281 7128 fsbwsys - ok
14:07:33.0296 7128 fsdfwd - ok
14:07:33.0312 7128 fsks - ok
14:07:33.0312 7128 fsma - ok
14:07:33.0328 7128 fsRamDsk - ok
14:07:33.0343 7128 fssfltr - ok
14:07:33.0359 7128 fsssvc - ok
14:07:33.0375 7128 FsVga - ok
14:07:33.0390 7128 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:07:33.0390 7128 Fs_Rec - ok
14:07:33.0390 7128 FTDIBUS - ok
14:07:33.0421 7128 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:07:33.0421 7128 Ftdisk - ok
14:07:33.0437 7128 ftpds - ok
14:07:33.0453 7128 ftpqueue - ok
14:07:33.0468 7128 ftsata2 - ok
14:07:33.0484 7128 FTSER2K - ok
14:07:33.0500 7128 G400DH - ok
14:07:33.0515 7128 gagp30kx - ok
14:07:33.0531 7128 GameConsoleService - ok
14:07:33.0546 7128 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
14:07:33.0546 7128 gameenum - ok
14:07:33.0562 7128 gdihook5 - ok
14:07:33.0578 7128 gdrv - ok
14:07:33.0609 7128 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
14:07:33.0609 7128 GEARAspiWDM - ok
14:07:33.0609 7128 gemserv - ok
14:07:33.0640 7128 generichidservice - ok
14:07:33.0656 7128 genmcmn - ok
14:07:33.0671 7128 genregistrar - ok
14:07:33.0687 7128 ggsemc - ok
14:07:33.0703 7128 ghaio - ok
14:07:33.0718 7128 ghoststartservice - ok
14:07:33.0718 7128 GMSIPCI - ok
14:07:33.0734 7128 googledesktopmanager - ok
14:07:33.0750 7128 GoogleDesktopManager-010708-104812 - ok
14:07:33.0765 7128 GoProto - ok
14:07:33.0781 7128 gotomypc - ok
14:07:33.0812 7128 govsrv - ok
14:07:33.0843 7128 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:07:33.0859 7128 Gpc - ok
14:07:33.0859 7128 grmnusb - ok
14:07:33.0875 7128 gs30s - ok
14:07:33.0890 7128 GT680x - ok
14:07:33.0921 7128 GT891x - ok
14:07:33.0937 7128 GTF32BUS - ok
14:07:33.0953 7128 gtndis5 - ok
14:07:33.0968 7128 GTPTSER - ok
14:07:33.0984 7128 GTSCSER - ok
14:07:34.0031 7128 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:07:34.0046 7128 gupdate - ok
14:07:34.0046 7128 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:07:34.0062 7128 gupdatem - ok
14:07:34.0062 7128 gusvc - ok
14:07:34.0078 7128 GV600_4 - ok
14:07:34.0093 7128 GVCplDrv - ok
14:07:34.0109 7128 HabuFltr - ok
14:07:34.0125 7128 hamachi - ok
14:07:34.0140 7128 hap16v2k - ok
14:07:34.0140 7128 hap17v2k - ok
14:07:34.0156 7128 Hardlock - ok
14:07:34.0171 7128 harmony - ok
14:07:34.0187 7128 haspnt - ok
14:07:34.0203 7128 HBtnKey - ok
14:07:34.0218 7128 hcf_msft - ok
14:07:34.0218 7128 hclinetd - ok
14:07:34.0234 7128 hcwPP2 - ok
14:07:34.0250 7128 hdaudbus - ok
14:07:34.0265 7128 hdthermal - ok
14:07:34.0281 7128 HECI - ok
14:07:34.0375 7128 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:07:34.0375 7128 helpsvc - ok
14:07:34.0390 7128 HFACSVC - ok
14:07:34.0390 7128 hidgame - ok
14:07:34.0421 7128 HidServ (9376e6893e52b368abc6255bf54f0b28) C:\WINDOWS\System32\hidserv.dll
14:07:34.0437 7128 HidServ - ok
14:07:34.0468 7128 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:07:34.0468 7128 HidUsb - ok
14:07:34.0484 7128 hmonitor - ok
14:07:34.0484 7128 hnmsvc - ok
14:07:34.0500 7128 hpdj - ok
14:07:34.0515 7128 hpdskflt - ok
14:07:34.0531 7128 HPFECP20 - ok
14:07:34.0546 7128 HPFXBULK - ok
14:07:34.0562 7128 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
14:07:34.0578 7128 hpn - ok
14:07:34.0578 7128 hpqcxs08 - ok
14:07:34.0593 7128 hpqddsvc - ok
14:07:34.0609 7128 HpqRemHid - ok
14:07:34.0625 7128 hpqwmi - ok
14:07:34.0640 7128 hpqwmiex - ok
14:07:34.0656 7128 hprfdev - ok
14:07:34.0656 7128 hpzipr12 - ok
14:07:34.0671 7128 hsfhwazl - ok
14:07:34.0687 7128 hsfhwbs2 - ok
14:07:34.0703 7128 hSONYPVh - ok
14:07:34.0718 7128 HssDrv - ok
14:07:34.0734 7128 HssSrv - ok
14:07:34.0750 7128 HSXHWBS2 - ok
14:07:34.0796 7128 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
14:07:34.0796 7128 HTTP - ok
14:07:34.0859 7128 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
14:07:34.0859 7128 HTTPFilter - ok
14:07:34.0875 7128 https-admserv61 - ok
14:07:34.0875 7128 https-nassry - ok
14:07:34.0890 7128 HWIONT - ok
14:07:34.0906 7128 HWSCtrl - ok
14:07:34.0953 7128 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
14:07:34.0953 7128 i2omgmt - ok
14:07:35.0000 7128 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\System32\DRIVERS\i2omp.sys
14:07:35.0000 7128 i2omp - ok
14:07:35.0046 7128 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:07:35.0046 7128 i8042prt - ok
14:07:35.0093 7128 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
14:07:35.0093 7128 i81x - ok
14:07:35.0140 7128 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
14:07:35.0140 7128 iAimFP0 - ok
14:07:35.0171 7128 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
14:07:35.0171 7128 iAimFP1 - ok
14:07:35.0203 7128 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
14:07:35.0203 7128 iAimFP2 - ok
14:07:35.0234 7128 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
14:07:35.0234 7128 iAimFP3 - ok
14:07:35.0250 7128 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
14:07:35.0250 7128 iAimFP4 - ok
14:07:35.0265 7128 iAimFP7 - ok
14:07:35.0296 7128 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
14:07:35.0296 7128 iAimTV0 - ok
14:07:35.0328 7128 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
14:07:35.0328 7128 iAimTV1 - ok
14:07:35.0343 7128 iAimTV2 - ok
14:07:35.0359 7128 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
14:07:35.0359 7128 iAimTV3 - ok
14:07:35.0390 7128 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
14:07:35.0390 7128 iAimTV4 - ok
14:07:35.0406 7128 iAimTV5 - ok
14:07:35.0421 7128 iam - ok
14:07:35.0421 7128 iastor - ok
14:07:35.0437 7128 ibmasrex - ok
14:07:35.0453 7128 ibmfilter - ok
14:07:35.0468 7128 ibmpmdrv - ok
14:07:35.0484 7128 ibmpmsvc - ok
14:07:35.0500 7128 ibmsmbus - ok
14:07:35.0515 7128 ICAM3NT5 - ok
14:07:35.0531 7128 icam4usb - ok
14:07:35.0546 7128 ICAM5USB - ok
14:07:35.0562 7128 iclarityqosservice - ok
14:07:35.0562 7128 icm10blk - ok
14:07:35.0578 7128 icollectservice - ok
14:07:35.0687 7128 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:07:35.0687 7128 IDriverT - ok
14:07:35.0703 7128 idsvc - ok
14:07:35.0718 7128 IFP700 - ok
14:07:35.0718 7128 ifp800 - ok
14:07:35.0750 7128 IFPUSB - ok
14:07:35.0765 7128 iftpsvc - ok
14:07:35.0781 7128 ifxspmgtsrv - ok
14:07:35.0796 7128 ifxtcs - ok
14:07:35.0812 7128 igateway - ok
14:07:35.0828 7128 igfx - ok
14:07:35.0843 7128 igniteservice.exe - ok
14:07:35.0843 7128 iirsp - ok
14:07:35.0859 7128 IJPLMSVC - ok
14:07:35.0875 7128 ikfileflt - ok
14:07:35.0890 7128 ikfilesec - ok
14:07:35.0906 7128 ikhlayer - ok
14:07:35.0921 7128 iksysflt - ok
14:07:35.0937 7128 ilicensesvc - ok
14:07:35.0937 7128 imagesrv - ok
14:07:35.0953 7128 imap4d32 - ok
14:07:36.0000 7128 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:07:36.0000 7128 Imapi - ok
14:07:36.0046 7128 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
14:07:36.0062 7128 ImapiService - ok
14:07:36.0078 7128 imaservice - ok
14:07:36.0078 7128 imonitor - ok
14:07:36.0093 7128 incdfs - ok
14:07:36.0109 7128 incdrm - ok
14:07:36.0125 7128 incdsrv - ok
14:07:36.0140 7128 infrastructure - ok
14:07:36.0187 7128 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
14:07:36.0187 7128 ini910u - ok
14:07:36.0187 7128 inorpc - ok
14:07:36.0203 7128 inort - ok
14:07:36.0218 7128 inotask - ok
14:07:36.0234 7128 inspect - ok
14:07:36.0250 7128 int15.sys - ok
14:07:36.0265 7128 intcazaudaddservice - ok
14:07:36.0281 7128 IntelC52 - ok
14:07:36.0296 7128 IntelC53 - ok
14:07:36.0343 7128 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:07:36.0343 7128 IntelIde - ok
14:07:36.0390 7128 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:07:36.0390 7128 intelppm - ok
14:07:36.0406 7128 Intels51 - ok
14:07:36.0421 7128 interactivelogon - ok
14:07:36.0421 7128 InterBaseServer - ok
14:07:36.0437 7128 IntuitUpdateService - ok
14:07:36.0453 7128 iolodmv - ok
14:07:36.0468 7128 iolo_srv - ok
14:07:36.0484 7128 iomdisk - ok
14:07:36.0500 7128 iomegaaccess - ok
14:07:36.0531 7128 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
14:07:36.0531 7128 ip6fw - ok
14:07:36.0546 7128 ipahelper.exe - ok
14:07:36.0546 7128 ipassconnectengine - ok
14:07:36.0562 7128 iPassPeriodicUpdateService - ok
14:07:36.0578 7128 ipcsvc - ok
14:07:36.0593 7128 IPFilter - ok
14:07:36.0625 7128 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:07:36.0625 7128 IpFilterDriver - ok
14:07:36.0656 7128 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:07:36.0656 7128 IpInIp - ok
14:07:36.0703 7128 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:07:36.0703 7128 IpNat - ok
14:07:36.0765 7128 iPod Service (d2e8efb8af35fcf5a7af22f5a0ce1a82) C:\Program Files\iPod\bin\iPodService.exe
14:07:36.0781 7128 iPod Service - ok
14:07:36.0796 7128 ipodservice - ok
14:07:36.0812 7128 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:07:36.0812 7128 IPSec - ok
14:07:36.0828 7128 ipsecmon - ok
14:07:36.0843 7128 ipssvc - ok
14:07:36.0859 7128 irda - ok
14:07:36.0890 7128 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:07:36.0890 7128 IRENUM - ok
14:07:36.0906 7128 irmon - ok
14:07:36.0921 7128 isamsmt - ok
14:07:36.0937 7128 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:07:36.0937 7128 isapnp - ok
14:07:36.0953 7128 isdrv120 - ok
14:07:36.0968 7128 ISODrive - ok
14:07:36.0984 7128 ispwdsvc - ok
14:07:37.0000 7128 issm - ok
14:07:37.0015 7128 itchfltr - ok
14:07:37.0031 7128 iteatapi - ok
14:07:37.0046 7128 ithsgt - ok
14:07:37.0046 7128 itmrtsvc - ok
14:07:37.0062 7128 iviaspi - ok
14:07:37.0078 7128 iviregmgr - ok
14:07:37.0093 7128 iviVD - ok
14:07:37.0109 7128 ivscheduler - ok
14:07:37.0125 7128 IWCA - ok
14:07:37.0140 7128 iwebcal - ok
14:07:37.0140 7128 iwebmsg - ok
14:07:37.0156 7128 ixiaendpoint - ok
14:07:37.0171 7128 jaguar - ok
14:07:37.0250 7128 JavaQuickStarterService (32192b4ebe8720ed8d49a455c962cb91) C:\Program Files\Java\jre6\bin\jqs.exe
14:07:37.0250 7128 JavaQuickStarterService - ok
14:07:37.0265 7128 jconfigd - ok
14:07:37.0281 7128 JiaoCap - ok
14:07:37.0296 7128 JiaoIO - ok
14:07:37.0312 7128 JL2005C - ok
14:07:37.0437 7128 jmssmbio - ok
14:07:37.0453 7128 JRAID - ok
14:07:37.0453 7128 jsdaemon - ok
14:07:37.0468 7128 jtagserver - ok
14:07:37.0484 7128 k750bus - ok
14:07:37.0500 7128 k750mdm - ok
14:07:37.0531 7128 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:07:37.0531 7128 Kbdclass - ok
14:07:37.0578 7128 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:07:37.0578 7128 kbdhid - ok
14:07:37.0593 7128 kbfiltr - ok
14:07:37.0609 7128 keriomailserver - ok
14:07:37.0625 7128 keymaestro - ok
14:07:37.0640 7128 klblmain - ok
14:07:37.0640 7128 KLOGNT - ok
14:07:37.0687 7128 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
14:07:37.0687 7128 kmixer - ok
14:07:37.0703 7128 KMWDFilter - ok
14:07:37.0718 7128 KMW_KBD - ok
14:07:37.0734 7128 KMW_SYS - ok
14:07:37.0750 7128 knobserv - ok
14:07:37.0765 7128 kodakccs - ok
14:07:37.0781 7128 kpf4 - ok
14:07:37.0796 7128 kpfwsvc - ok
14:07:37.0796 7128 KR10N - ok
14:07:37.0812 7128 KR3NPXP - ok
14:07:37.0828 7128 kraidsvc - ok
14:07:37.0843 7128 KS0108 - ok
14:07:37.0875 7128 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
14:07:37.0875 7128 KSecDD - ok
14:07:37.0890 7128 kservice - ok
14:07:37.0906 7128 ksthunk - ok
14:07:37.0921 7128 kwatchsvc - ok
14:07:37.0937 7128 L1e - ok
14:07:37.0953 7128 L8042Kbd - ok
14:07:37.0968 7128 L8042mou - ok
14:07:38.0000 7128 lanmanserver (0cb3af149a0bac0836022ca307c7a0f8) C:\WINDOWS\System32\srvsvc.dll
14:07:38.0000 7128 lanmanserver - ok
14:07:38.0046 7128 lanmanworkstation (e1f27cfcd114ec9f1e1f44674b2ff9f0) C:\WINDOWS\System32\wkssvc.dll
14:07:38.0046 7128 lanmanworkstation - ok
14:07:38.0062 7128 lanusb - ok
14:07:38.0203 7128 Lavasoft Ad-Aware Service (6df2be94d712753fb8d87495469b5262) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
14:07:38.0234 7128 Lavasoft Ad-Aware Service - ok
14:07:38.0312 7128 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
14:07:38.0312 7128 Lbd - ok
14:07:38.0328 7128 lbrtfdc - ok
14:07:38.0343 7128 lbtserv - ok
14:07:38.0359 7128 LC7981 - ok
14:07:38.0375 7128 lcs - ok
14:07:38.0390 7128 Ld51ocnucsnp - ok
14:07:38.0421 7128 ldlcserv - ok
14:07:38.0437 7128 LEX_AS_NIC_SERVICE_YNOS - ok
14:07:38.0453 7128 lfsfilt - ok
14:07:38.0453 7128 lgsnd_filter - ok
14:07:38.0468 7128 lhidflt2 - ok
14:07:38.0484 7128 LHidKe - ok
14:07:38.0500 7128 lhidusb - ok
14:07:38.0515 7128 LHidUsbK - ok
14:07:38.0531 7128 licensemanagersocket - ok
14:07:38.0562 7128 lightscribeservice - ok
14:07:38.0562 7128 lilsgt - ok
14:07:38.0578 7128 lirsgt - ok
14:07:38.0593 7128 livesrv - ok
14:07:38.0609 7128 lkclassads - ok
14:07:38.0656 7128 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
14:07:38.0656 7128 LmHosts - ok
14:07:38.0671 7128 lmimirr - ok
14:07:38.0687 7128 LMIRfsDriver - ok
14:07:38.0687 7128 LMouFilt - ok
14:07:38.0703 7128 lmouflt2 - ok
14:07:38.0718 7128 LMouKE - ok
14:07:38.0734 7128 LMS - ok
14:07:38.0750 7128 lockmgr - ok
14:07:38.0765 7128 logmein - ok
14:07:38.0781 7128 LoopBeMidi1 - ok
14:07:38.0796 7128 lp6nds35 - ok
14:07:38.0812 7128 LPCFilter - ok
14:07:38.0812 7128 lpds - ok
14:07:38.0828 7128 LPDSVC - ok
14:07:38.0843 7128 lpx - ok
14:07:38.0859 7128 LRMINIPORT - ok
14:07:38.0875 7128 ltxred - ok
14:07:38.0890 7128 LUsbFilt - ok
14:07:38.0906 7128 LUsbKbd - ok
14:07:38.0921 7128 LVBulk - ok
14:07:38.0921 7128 lvckap - ok
14:07:38.0937 7128 lvcomser - ok
14:07:38.0953 7128 lvhidsvc - ok
14:07:38.0968 7128 lvmvdrv - ok
14:07:38.0984 7128 lvpopflt - ok
14:07:39.0000 7128 lvpr2mon - ok
14:07:39.0015 7128 lvprcsrv - ok
14:07:39.0031 7128 LVRS - ok
14:07:39.0046 7128 lvselsus - ok
14:07:39.0062 7128 lvsrvlauncher - ok
14:07:39.0062 7128 lvtuner - ok
14:07:39.0078 7128 LVVI500A - ok
14:07:39.0093 7128 LXARScan - ok
14:07:39.0109 7128 lxbs_device - ok
14:07:39.0125 7128 lxbu_device - ok
14:07:39.0140 7128 lxby_device - ok
14:07:39.0156 7128 lxcccustomerconnect - ok
14:07:39.0171 7128 lxce_device - ok
14:07:39.0171 7128 lxcf_device - ok
14:07:39.0187 7128 lxcgcustomerconnect - ok
14:07:39.0203 7128 lxcg_device - ok
14:07:39.0218 7128 lxcj_device - ok
14:07:39.0234 7128 lxcz_device - ok
14:07:39.0250 7128 lxda_device - ok
14:07:39.0265 7128 lxdm_device - ok
14:07:39.0281 7128 lxrjd31d - ok
14:07:39.0296 7128 lxrsge10s - ok
14:07:39.0312 7128 lxrsii1s - ok
14:07:39.0312 7128 lyncusbserv - ok
14:07:39.0328 7128 M3AD - ok
14:07:39.0343 7128 MA-620 - ok
14:07:39.0359 7128 MA8032C - ok
14:07:39.0375 7128 MA8032M - ok
14:07:39.0390 7128 macformatservice - ok
14:07:39.0406 7128 Machnm32 - ok
14:07:39.0421 7128 magictuneengine - ok
14:07:39.0421 7128 marvinbus - ok
14:07:39.0437 7128 MASPINT - ok
14:07:39.0453 7128 MaxtorFrontPanel1 - ok
14:07:39.0468 7128 maya70docserver - ok
14:07:39.0484 7128 MA_CMIDI - ok
14:07:39.0500 7128 mbackmonitor - ok
14:07:39.0515 7128 mcafeeframework - ok
14:07:39.0625 7128 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files\Common Files\Motive\McciCMService.exe
14:07:39.0640 7128 McciCMService - ok
14:07:39.0656 7128 mcdetect.exe - ok
14:07:39.0671 7128 mclserviceatl - ok
14:07:39.0687 7128 mcmispupdmgr - ok
14:07:39.0703 7128 mcods - ok
14:07:39.0718 7128 mcp - ok
14:07:39.0734 7128 mcpromgr - ok
14:07:39.0796 7128 McShield (97addee4dc70929a8b482a7ae7842920) c:\PROGRA~1\mcafee.com\vso\mcshield.exe
14:07:39.0812 7128 McShield - ok
14:07:39.0828 7128 mcstrm - ok
14:07:39.0843 7128 mcsysmon - ok
14:07:39.0843 7128 mctskshd.exe - ok
14:07:39.0921 7128 mcupdmgr.exe (abd5b888af754e30a95b21ad885635b0) C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
14:07:39.0921 7128 mcupdmgr.exe - ok
14:07:39.0937 7128 MCVSRte - ok
14:07:39.0953 7128 mdm - ok
14:07:39.0968 7128 mdmxsdk - ok
14:07:39.0968 7128 mdvrmng - ok
14:07:39.0984 7128 mediamaxxlservice - ok
14:07:40.0000 7128 mediaviewer - ok
14:07:40.0015 7128 megamonitorsrv - ok
14:07:40.0031 7128 meiudf - ok
14:07:40.0046 7128 merakcontrol - ok
14:07:40.0062 7128 meraksmtp - ok
14:07:40.0093 7128 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
14:07:40.0093 7128 Messenger - ok
14:07:40.0109 7128 mf - ok
14:07:40.0125 7128 mfeapfk - ok
14:07:40.0140 7128 mfeavfk - ok
14:07:40.0156 7128 mferkdk - ok
14:07:40.0171 7128 mfesmfk - ok
14:07:40.0187 7128 mfetdik - ok
14:07:40.0203 7128 mgabgexe - ok
14:07:40.0203 7128 mhn - ok
14:07:40.0218 7128 mhndrv - ok
14:07:40.0234 7128 mi-raysat_3dsmax8 - ok
14:07:40.0250 7128 mi-raysat_3dsmax9_32 - ok
14:07:40.0265 7128 midisyn - ok
14:07:40.0281 7128 mindrepair - ok
14:07:40.0296 7128 minilog - ok
14:07:40.0312 7128 mirrorv3 - ok
14:07:40.0328 7128 MKEMUSB - ok
14:07:40.0343 7128 mks_scan - ok
14:07:40.0359 7128 mldserv - ok
14:07:40.0390 7128 mmc_2K (e97e3fe03b6f271336cb2fbb24734989) C:\WINDOWS\system32\drivers\mmc_2K.sys
14:07:40.0390 7128 mmc_2K - ok
14:07:40.0406 7128 MMRTKRNL - ok
14:07:40.0453 7128 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:07:40.0453 7128 mnmdd - ok
14:07:40.0500 7128 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\System32\mnmsrvc.exe
14:07:40.0500 7128 mnmsrvc - ok
14:07:40.0515 7128 mnsframework - ok
14:07:40.0531 7128 MobilePreInstallerService - ok
14:07:40.0546 7128 MobilityService - ok
14:07:40.0562 7128 mod7700 - ok
14:07:40.0593 7128 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
14:07:40.0593 7128 Modem - ok
14:07:40.0625 7128 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
14:07:40.0625 7128 MODEMCSA - ok
14:07:40.0640 7128 mohfilt - ok
14:07:40.0656 7128 motmodem - ok
14:07:40.0671 7128 motoswitchservice - ok
14:07:40.0703 7128 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:07:40.0718 7128 Mouclass - ok
14:07:40.0718 7128 moufiltr - ok
14:07:40.0765 7128 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:07:40.0765 7128 mouhid - ok
14:07:40.0828 7128 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
14:07:40.0828 7128 MountMgr - ok
14:07:40.0843 7128 mozybackup - ok
14:07:40.0843 7128 mozyFilter - ok
14:07:40.0859 7128 mpe - ok
14:07:40.0875 7128 MpFilter - ok
14:07:40.0890 7128 mpfirewl - ok
14:07:40.0906 7128 mpfp - ok
14:07:40.0921 7128 mpfservice - ok
14:07:40.0937 7128 mpservice - ok
14:07:40.0953 7128 mqdmbus - ok
14:07:40.0968 7128 mqdmserd - ok
14:07:40.0968 7128 mr2kserv - ok
14:07:40.0984 7128 mr7910 - ok
14:07:41.0015 7128 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
14:07:41.0015 7128 mraid35x - ok
14:07:41.0062 7128 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
14:07:41.0093 7128 MREMP50 - ok
14:07:41.0109 7128 MREMP50a64 - ok
14:07:41.0125 7128 MREMPR5 - ok
14:07:41.0171 7128 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
14:07:41.0171 7128 MRENDIS5 - ok
14:07:41.0187 7128 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
14:07:41.0203 7128 MRESP50 - ok
14:07:41.0203 7128 MRESP50a64 - ok
14:07:41.0218 7128 mrpostman - ok
14:07:41.0265 7128 mrtRate (6075de2ad531f6e30c9995dfda22001f) C:\WINDOWS\system32\drivers\mrtRate.sys
14:07:41.0265 7128 mrtRate - ok
14:07:41.0281 7128 mrvw245 - ok
14:07:41.0312 7128 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:07:41.0343 7128 MRxDAV - ok
14:07:41.0406 7128 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:07:41.0421 7128 MRxSmb - ok
14:07:41.0437 7128 MS1000 - ok
14:07:41.0453 7128 MSCamSvc - ok
14:07:41.0468 7128 mscsptisrv - ok
14:07:41.0515 7128 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\System32\msdtc.exe
14:07:41.0515 7128 MSDTC - ok
14:07:41.0546 7128 msdv - ok
14:07:41.0593 7128 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
14:07:41.0593 7128 Msfs - ok
14:07:41.0609 7128 msftesql - ok
14:07:41.0625 7128 MSFWDrv - ok
14:07:41.0640 7128 MSFWHLPR - ok
14:07:41.0656 7128 msfwsvc - ok
14:07:41.0671 7128 msgame - ok
14:07:41.0671 7128 msgsrvservice - ok
14:07:41.0687 7128 MSICPL - ok
14:07:41.0703 7128 MSIServer - ok
14:07:41.0718 7128 msi_wlan_service - ok
14:07:41.0750 7128 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:07:41.0750 7128 MSKSSRV - ok
14:07:41.0765 7128 msloop - ok
14:07:41.0781 7128 msmframework - ok
14:07:41.0796 7128 msmpsvc - ok
14:07:41.0812 7128 MSMQTriggers - ok
14:07:41.0828 7128 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:07:41.0828 7128 MSPCLOCK - ok
14:07:41.0859 7128 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
14:07:41.0859 7128 MSPQM - ok
14:07:41.0906 7128 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:07:41.0906 7128 mssmbios - ok
14:07:41.0906 7128 MSSQL$AUTODESKVAULT - ok
14:07:41.0937 7128 mssql$microsoftbcm - ok
14:07:41.0953 7128 mssql$microsoftsmlbiz - ok
14:07:41.0953 7128 mssql$pinnaclesys - ok
14:07:41.0968 7128 mssql$sony_mediamgr - ok
14:07:41.0984 7128 mssql$soshome22 - ok
14:07:42.0031 7128 MSSQLSERVER - ok
14:07:42.0078 7128 MSSQLServerADHelper (cb7524c21727404bd3140dca32deb7de) C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
14:07:42.0078 7128 MSSQLServerADHelper - ok
14:07:42.0093 7128 mssqlserverolapservice - ok
14:07:42.0109 7128 mstdfrgs - ok
14:07:42.0125 7128 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
14:07:42.0125 7128 MSTEE - ok
14:07:42.0140 7128 msvad_simple - ok
14:07:42.0156 7128 msvsmon90 - ok
14:07:42.0171 7128 MSW_USB - ok
14:07:42.0187 7128 ms_mpu401 - ok
14:07:42.0203 7128 MTC0001_ESB - ok
14:07:42.0218 7128 MTDVC2 - ok
14:07:42.0234 7128 MTDVC2_ENUM - ok
14:07:42.0250 7128 Mtlmnt5 - ok
14:07:42.0265 7128 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
14:07:42.0281 7128 Mup - ok
14:07:42.0281 7128 mvdcodec - ok
14:07:42.0296 7128 mvwebserver - ok
14:07:42.0312 7128 mwagent - ok
14:07:42.0328 7128 mwlsvc - ok
14:07:42.0343 7128 mwsarcpkt - ok
14:07:42.0359 7128 mwssched - ok
14:07:42.0359 7128 MxlW2k - ok
14:07:42.0375 7128 mxnic - ok
14:07:42.0390 7128 MXOPSWD - ok
14:07:42.0406 7128 mxssvr - ok
14:07:42.0421 7128 n3900 - ok
14:07:42.0453 7128 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:07:42.0453 7128 NABTSFEC - ok
14:07:42.0500 7128 NaiFiltr (102de6d24087fb53ad47ca059a32fb66) C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys
14:07:42.0500 7128 NaiFiltr - ok
14:07:42.0515 7128 naimagent32 - ok
14:07:42.0531 7128 NAL - ok
14:07:42.0546 7128 nalntservice - ok
14:07:42.0562 7128 navap - ok
14:07:42.0578 7128 navapsvc - ok
14:07:42.0593 7128 naveng - ok
14:07:42.0609 7128 navex15 - ok
14:07:42.0640 7128 Nbf (c087dd7fa47c4a43683df764fbfa30a7) C:\WINDOWS\system32\DRIVERS\nbf.sys
14:07:42.0640 7128 Nbf - ok
14:07:42.0656 7128 NCPro - ok
14:07:42.0671 7128 ncupdatesvc - ok
14:07:42.0687 7128 ndasbus - ok
14:07:42.0718 7128 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
14:07:42.0718 7128 NDIS - ok
14:07:42.0750 7128 ndiscm - ok
14:07:42.0781 7128 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:07:42.0781 7128 NdisIP - ok
14:07:42.0796 7128 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:07:42.0812 7128 NdisTapi - ok
14:07:42.0828 7128 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:07:42.0828 7128 Ndisuio - ok
14:07:42.0859 7128 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:07:42.0859 7128 NdisWan - ok
14:07:42.0875 7128 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
14:07:42.0875 7128 NDProxy - ok
14:07:42.0890 7128 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:07:42.0890 7128 NetBIOS - ok
14:07:42.0921 7128 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:07:42.0921 7128 NetBT - ok
14:07:42.0968 7128 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
14:07:42.0984 7128 NetDDE - ok
14:07:42.0984 7128 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
14:07:43.0000 7128 NetDDEdsdm - ok
14:07:43.0000 7128 netdetect - ok
14:07:43.0046 7128 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
14:07:43.0046 7128 Netlogon - ok
14:07:43.0093 7128 Netman (36739b39267914ba69ad0610a0299732) C:\WINDOWS\System32\netman.dll
14:07:43.0093 7128 Netman - ok
14:07:43.0109 7128 NETMDUSB - ok
14:07:43.0125 7128 netmnt - ok
14:07:43.0140 7128 NetPipeActivator - ok
14:07:43.0156 7128 nettcpportsharing - ok
14:07:43.0156 7128 NETw4v32 - ok
14:07:43.0171 7128 netw4x32 - ok
14:07:43.0187 7128 NETw5x32 - ok
14:07:43.0203 7128 NetwareWorkstation - ok
14:07:43.0218 7128 netwg311 - ok
14:07:43.0234 7128 nHancer - ok
14:07:43.0250 7128 nhcDriverDevice - ok
14:07:43.0265 7128 nic1394 - ok
14:07:43.0281 7128 nicconfigsvc - ok
14:07:43.0296 7128 NICM - ok
14:07:43.0296 7128 NICSer_WPC300N - ok
14:07:43.0328 7128 NICSer_WPC54G - ok
14:07:43.0343 7128 nim32 - ok
14:07:43.0343 7128 nimcdlbk - ok
14:07:43.0359 7128 nimcdldu - ok
14:07:43.0375 7128 nimcrpcsu - ok
14:07:43.0390 7128 nimdbgk - ok
14:07:43.0406 7128 nimxdfk - ok
14:07:43.0421 7128 nipxirmu - ok
14:07:43.0437 7128 nisum - ok
14:07:43.0453 7128 NITaggerService - ok
14:07:43.0468 7128 ni_nic - ok
14:07:43.0500 7128 Nla (097722f235a1fb698bf9234e01b52637) C:\WINDOWS\System32\mswsock.dll
14:07:43.0500 7128 Nla - ok
14:07:43.0531 7128 nmap - ok
14:07:43.0546 7128 nmindexingservice - ok
14:07:43.0562 7128 nmraapache - ok
14:07:43.0593 7128 NMSCFG (847d6d775524fa5e58d851ddec566a12) C:\WINDOWS\System32\drivers\NMSCFG.SYS
14:07:43.0593 7128 NMSCFG - ok
14:07:43.0718 7128 NMSSvc (89f315b13245c3dfda4438694f302b2e) C:\WINDOWS\System32\NMSSvc.exe
14:07:43.0796 7128 NMSSvc - ok
14:07:43.0812 7128 nmwcd - ok
14:07:43.0828 7128 nmwcdcj - ok
14:07:43.0843 7128 nmwcdcm - ok
14:07:43.0859 7128 nnsvc - ok
14:07:43.0875 7128 nocashio - ok
14:07:43.0890 7128 nod32krn - ok
14:07:43.0906 7128 noipducservice - ok
14:07:43.0921 7128 NOWMEMDF - ok
14:07:43.0937 7128 npapimon - ok
14:07:43.0937 7128 NPDriver - ok
14:07:43.0953 7128 npfmntor - ok
14:07:43.0968 7128 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
14:07:43.0968 7128 Npfs - ok
14:07:43.0984 7128 npkcmsvc - ok
14:07:44.0000 7128 npkcrypt - ok
14:07:44.0015 7128 npkcsvc - ok
14:07:44.0031 7128 npkcusb - ok
14:07:44.0046 7128 npptnt2 - ok
14:07:44.0062 7128 nscirda - ok
14:07:44.0078 7128 nscservice - ok
14:07:44.0093 7128 nsctop - ok
14:07:44.0109 7128 nsengine - ok
14:07:44.0125 7128 nsm1bus - ok
14:07:44.0140 7128 nsm1mdfl - ok
14:07:44.0156 7128 nsm1mdm - ok
14:07:44.0156 7128 nsm1serd - ok
14:07:44.0171 7128 NsTrcNT - ok
14:07:44.0187 7128 nsvcip - ok
14:07:44.0203 7128 nsvclog - ok
14:07:44.0218 7128 Nsynas32 - ok
14:07:44.0234 7128 NTACCESS - ok
14:07:44.0296 7128 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
14:07:44.0328 7128 Ntfs - ok
14:07:44.0328 7128 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\System32\lsass.exe
14:07:44.0343 7128 NtLmSsp - ok
14:07:44.0406 7128 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
14:07:44.0406 7128 NtmsSvc - ok
14:07:44.0421 7128 ntrtscan - ok
14:07:44.0437 7128 ntsecure - ok
14:07:44.0468 7128 ntservice1 - ok
14:07:44.0484 7128 NuidFltr - ok
14:07:44.0500 7128 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:07:44.0500 7128 Null - ok
14:07:44.0515 7128 nuvaud2 - ok
14:07:44.0656 7128 nv (225e98ae20ac0a37ee2ab89a1596b0c1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:07:44.0703 7128 nv - ok
14:07:44.0718 7128 nvax - ok
14:07:44.0734 7128 nvcap - ok
14:07:44.0750 7128 nvedavt - ok
14:07:44.0750 7128 NVENET - ok
14:07:44.0765 7128 nvenetfd - ok
14:07:44.0781 7128 nvgts - ok
14:07:44.0796 7128 nvidesm - ok
14:07:44.0812 7128 nvlddmkm - ok
14:07:44.0828 7128 nvmd - ok
14:07:44.0843 7128 NvNdis - ok
14:07:44.0859 7128 nvpvrmon - ok
14:07:44.0875 7128 NVR0Dev - ok
14:07:44.0890 7128 NVR0FLASHDev - ok
14:07:44.0906 7128 nvrd32 - ok
14:07:44.0921 7128 nvrd64 - ok
14:07:44.0937 7128 nvstor32 - ok
14:07:44.0968 7128 NVSvc (1b67a95f47c6ed78710b1c3b0cca8738) C:\WINDOWS\system32\nvsvc32.exe
14:07:44.0968 7128 NVSvc - ok
14:07:44.0984 7128 NVTCP - ok
14:07:45.0000 7128 NVXBAR - ok
14:07:45.0015 7128 nv_agp - ok
14:07:45.0031 7128 NWADI - ok
14:07:45.0031 7128 NWDHCP - ok
14:07:45.0046 7128 NWDNS - ok
14:07:45.0093 7128 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:07:45.0093 7128 NwlnkFlt - ok
14:07:45.0109 7128 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:07:45.0109 7128 NwlnkFwd - ok
14:07:45.0125 7128 nwlnkipx - ok
14:07:45.0140 7128 nwlnknb - ok
14:07:45.0156 7128 nwlnkspx - ok
14:07:45.0171 7128 NWSAP - ok
14:07:45.0187 7128 NWSIPX32 - ok
14:07:45.0203 7128 NWSNS - ok
14:07:45.0218 7128 NWUSBPort - ok
14:07:45.0234 7128 NxFsMon - ok
14:07:45.0250 7128 NxNetMon - ok
14:07:45.0265 7128 o2flash - ok
14:07:45.0265 7128 obvious - ok
14:07:45.0281 7128 odclientservice - ok
14:07:45.0453 7128 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:07:45.0453 7128 odserv - ok
14:07:45.0484 7128 OEM02Afx - ok
14:07:45.0484 7128 OEM02Dev - ok
14:07:45.0500 7128 ofcservice - ok
14:07:45.0515 7128 olcamsrv - ok
14:07:45.0562 7128 omci (1d98907d80461371437a7c898c58c8ae) C:\WINDOWS\system32\DRIVERS\omci.sys
14:07:45.0562 7128 omci - ok
14:07:45.0578 7128 omniinet - ok
14:07:45.0593 7128 omniserv - ok
14:07:45.0609 7128 omniusb - ok
14:07:45.0625 7128 omniusbl - ok
14:07:45.0640 7128 ONSIO - ok
14:07:45.0656 7128 opcenum - ok
14:07:45.0671 7128 openvpnservice - ok
14:07:45.0687 7128 oracle%oracle_home_service%clientcache80 - ok
14:07:45.0703 7128 oracleformsserver-forms60server-oraform - ok
14:07:45.0718 7128 oraclemtsrecoveryservice - ok
14:07:45.0718 7128 oracleoradb10g_home1isql*plus - ok
14:07:45.0734 7128 oracleorahome811cmadmin - ok
14:07:45.0750 7128 oracleorahome90agent - ok
14:07:45.0765 7128 oracleorahomeagent - ok
14:07:45.0781 7128 oracleorahomeclientcache - ok
14:07:45.0796 7128 oracleorahomehttpserver - ok
14:07:45.0812 7128 oracleorahomemanagementserver - ok
14:07:45.0828 7128 oracleorahomepagingserver - ok
14:07:45.0843 7128 oracleorahometnslistener - ok
14:07:45.0859 7128 oracleservicelocalora - ok
14:07:45.0875 7128 oracleservicesecinst - ok
14:07:45.0890 7128 oraclesnmppeerencapsulator - ok
14:07:45.0906 7128 oraclesnmppeermasteragent - ok
14:07:45.0921 7128 oraclexeclragent - ok
14:07:45.0937 7128 oracle_load_balancer_60_client-forms6ip14 - ok
14:07:45.0953 7128 oracle_load_balancer_60_server-forms6ip14 - ok
14:07:45.0968 7128 orbmediaservice - ok
14:07:46.0046 7128 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:07:46.0046 7128 ose - ok
14:07:46.0062 7128 ossrv - ok
14:07:46.0187 7128 OUDFS - ok
14:07:46.0203 7128 outpostfirewall - ok
14:07:46.0218 7128 ownershipprotocol - ok
14:07:46.0234 7128 ozoneinstallerservice - ok
14:07:46.0250 7128 p1110vid - ok
14:07:46.0265 7128 p1131vid - ok
14:07:46.0359 7128 P16X (e433c553d00d76fbc616294b60a7a530) C:\WINDOWS\system32\drivers\P16X.sys
14:07:46.0390 7128 P16X - ok
14:07:46.0437 7128 p17 - ok
14:07:46.0453 7128 P17xfi - ok
14:07:46.0468 7128 p17xfilt - ok
14:07:46.0484 7128 p2pgasvc - ok
14:07:46.0500 7128 p2pimsvc - ok
14:07:46.0515 7128 P3 (3e16eff2a6fed2d8d7f5a66dfe65d183) C:\WINDOWS\system32\DRIVERS\p3.sys
14:07:46.0531 7128 P3 - ok
14:07:46.0546 7128 PAC7302 - ok
14:07:46.0562 7128 pacsptisvr - ok
14:07:46.0562 7128 padfsvr - ok
14:07:46.0578 7128 pae_1394 - ok
14:07:46.0609 7128 pae_avs - ok
14:07:46.0640 7128 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\WINDOWS\system32\drivers\PalmUSBD.sys
14:07:46.0640 7128 PalmUSBD - ok
14:07:46.0656 7128 PAR1284 - ok
14:07:46.0671 7128 parallel - ok
14:07:46.0703 7128 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
14:07:46.0703 7128 Parport - ok
14:07:46.0734 7128 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
14:07:46.0734 7128 PartMgr - ok
14:07:46.0750 7128 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:07:46.0750 7128 ParVdm - ok
14:07:46.0765 7128 patrolagent - ok
14:07:46.0781 7128 pavagente - ok
14:07:46.0796 7128 pavfnsvr - ok
14:07:46.0812 7128 pavsrv - ok
14:07:46.0828 7128 pav_service - ok
14:07:46.0828 7128 PBADRV - ok
14:07:46.0843 7128 PCASp50 - ok
14:07:46.0859 7128 Pcatip - ok
14:07:46.0875 7128 PCDRSRVC - ok
14:07:46.0890 7128 pchost - ok
14:07:46.0906 7128 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
14:07:46.0906 7128 PCI - ok
14:07:46.0921 7128 pcidrv - ok
14:07:46.0937 7128 PCIDump - ok
14:07:46.0953 7128 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\System32\DRIVERS\pciide.sys
14:07:46.0953 7128 PCIIde - ok
14:07:46.0968 7128 pciSd - ok
14:07:46.0984 7128 PCISys - ok
14:07:47.0031 7128 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:07:47.0031 7128 Pcmcia - ok
14:07:47.0109 7128 PCPitstop Scheduling (9c6ae415ec245d7ec696ffd915b41573) C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
14:07:47.0125 7128 PCPitstop Scheduling - ok
14:07:47.0156 7128 pcradminserver - ok
14:07:47.0171 7128 pcscnsrv - ok
14:07:47.0187 7128 pctavsvc - ok
14:07:47.0203 7128 PCTINDIS5 - ok
14:07:47.0218 7128 Pctspk - ok
14:07:47.0218 7128 pcx1nd5 - ok
14:07:47.0234 7128 pcx1unic - ok
14:07:47.0250 7128 PD0620VID - ok
14:07:47.0265 7128 pdagent - ok
14:07:47.0281 7128 PDCOMP - ok
14:07:47.0296 7128 pdengine - ok
14:07:47.0312 7128 PDExchange - ok
14:07:47.0328 7128 pdfcreatormessages - ok
14:07:47.0343 7128 PDFRAME - ok
14:07:47.0359 7128 pdiddcci - ok
14:07:47.0375 7128 PdiPorts - ok
14:07:47.0390 7128 pdlnacom - ok
14:07:47.0406 7128 pdlnafac - ok
14:07:47.0421 7128 pdlnatcm - ok
14:07:47.0437 7128 pdlnatdl - ok
14:07:47.0453 7128 pdlncbas - ok
14:07:47.0468 7128 pdlncfwk - ok
14:07:47.0484 7128 pdlndint - ok
14:07:47.0500 7128 pdlndlpb - ok
14:07:47.0515 7128 pdlndsdl - ok
14:07:47.0515 7128 pdlnebas - ok
14:07:47.0531 7128 pdlnecfg - ok
14:07:47.0546 7128 pdlnepkt - ok
14:07:47.0562 7128 pdlnshay - ok
14:07:47.0578 7128 pdlnsx25 - ok
14:07:47.0593 7128 PDRELI - ok
14:07:47.0609 7128 PDRFRAME - ok
14:07:47.0625 7128 pdscheduler - ok
14:07:47.0640 7128 pelmouse - ok
14:07:47.0671 7128 pelusblf - ok
14:07:47.0687 7128 penrendezvous - ok
14:07:47.0734 7128 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
14:07:47.0734 7128 perc2 - ok
14:07:47.0750 7128 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
14:07:47.0750 7128 perc2hib - ok
14:07:47.0796 7128 pfc - ok
14:07:47.0843 7128 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\System32\PfModNT.sys
14:07:47.0843 7128 PfModNT - ok
14:07:47.0859 7128 pf_usb (4b31f76d5df1b1f7ece5968507334014) C:\WINDOWS\system32\DRIVERS\pf_usb.sys
14:07:47.0859 7128 pf_usb - ok
14:07:47.0875 7128 PGPsdkDriver - ok
14:07:47.0890 7128 phc600 - ok
14:07:47.0906 7128 PhilCam8116 - ok
14:07:47.0921 7128 PhilCam8116_XP - ok
14:07:47.0937 7128 phnxvcdservice - ok
14:07:47.0953 7128 pid_0928 - ok
14:07:47.0968 7128 PID_PEPI - ok
14:07:47.0984 7128 pilogsrv - ok
14:07:48.0000 7128 pimsgss - ok
14:07:48.0015 7128 pinetmgr - ok
14:07:48.0031 7128 pinnaclemarvinusb - ok
14:07:48.0031 7128 pinnaclesys.mediaserver - ok
14:07:48.0046 7128 pinnacleupdatesvc - ok
14:07:48.0062 7128 pivot - ok
14:07:48.0078 7128 pivotmou - ok
14:07:48.0093 7128 pktfilter - ok
14:07:48.0125 7128 plscsi - ok
14:07:48.0140 7128 plsremotesvc - ok
14:07:48.0203 7128 PlugPlay (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
14:07:48.0203 7128 PlugPlay - ok
14:07:48.0218 7128 pmem - ok
14:07:48.0234 7128 pmj151la - ok
14:07:48.0250 7128 pml - ok
14:07:48.0265 7128 pmshellsrv - ok
14:07:48.0265 7128 pnkbstra - ok
14:07:48.0281 7128 pnmsrv - ok
14:07:48.0296 7128 pnrouter - ok
14:07:48.0312 7128 PNRPSvc - ok
14:07:48.0343 7128 Point32 (b4f59a953ef9e507f0d00c3a68580b8b) C:\WINDOWS\system32\DRIVERS\point32.sys
14:07:48.0343 7128 Point32 - ok
14:07:48.0390 7128 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
14:07:48.0390 7128 PolicyAgent - ok
14:07:48.0406 7128 portio - ok
14:07:48.0437 7128 ppa3 - ok
14:07:48.0453 7128 ppmoucls - ok
14:07:48.0484 7128 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:07:48.0484 7128 PptpMiniport - ok
14:07:48.0500 7128 PQNTDrv - ok
14:07:48.0515 7128 prepdrvr - ok
14:07:48.0531 7128 prevxagent - ok
14:07:48.0546 7128 prevxdriver - ok
14:07:48.0562 7128 prfldsvc - ok
14:07:48.0578 7128 prism_a02 - ok
14:07:48.0625 7128 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
14:07:48.0625 7128 Processor - ok
14:07:48.0640 7128 procexp100 - ok
14:07:48.0656 7128 procexp111 - ok
14:07:48.0671 7128 procexp90 - ok
14:07:48.0687 7128 prodrv06 - ok
14:07:48.0703 7128 profos - ok
14:07:48.0718 7128 prohlp02 - ok
14:07:48.0734 7128 prosync1 - ok
14:07:48.0750 7128 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
14:07:48.0750 7128 ProtectedStorage - ok
14:07:48.0765 7128 protectionservice - ok
14:07:48.0781 7128 protexislicensing - ok
14:07:48.0796 7128 proxyhostdriver - ok
14:07:48.0812 7128 proxyhostservice - ok
14:07:48.0828 7128 proxyserverservice - ok
14:07:48.0843 7128 psadd - ok
14:07:48.0859 7128 psasrv - ok
14:07:48.0875 7128 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
14:07:48.0875 7128 PSched - ok
14:07:48.0906 7128 psdvdisk - ok
14:07:48.0921 7128 pshost - ok
14:07:48.0937 7128 psimsvc - ok
14:07:48.0953 7128 PSI_SVC_2 - ok
14:07:48.0953 7128 PSSdk23 - ok
14:07:48.0968 7128 ptbsync - ok
14:07:48.0984 7128 PTDCMdm - ok
14:07:49.0000 7128 PTDCVsp - ok
14:07:49.0046 7128 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:07:49.0046 7128 Ptilink - ok
14:07:49.0062 7128 PTproct - ok
14:07:49.0078 7128 ptserial - ok
14:07:49.0093 7128 Ptserlp - ok
14:07:49.0109 7128 purendis - ok
14:07:49.0125 7128 purgeieservice - ok
14:07:49.0140 7128 puscsrvc - ok
14:07:49.0187 7128 pwd_2k (070eddd0e4a5be55dd590d8b30dbff22) C:\WINDOWS\system32\drivers\pwd_2k.sys
14:07:49.0187 7128 pwd_2k - ok
14:07:49.0203 7128 pwisvc - ok
14:07:49.0218 7128 pxfhbus - ok
14:07:49.0234 7128 pxfhmdfl - ok
14:07:49.0250 7128 pxfhserd - ok
14:07:49.0265 7128 pxhelp20 - ok
14:07:49.0281 7128 PXRDDriver - ok
14:07:49.0296 7128 qbfcservice - ok
14:07:49.0312 7128 qbposdbservices - ok
14:07:49.0328 7128 qbreminderflash - ok
14:07:49.0343 7128 qconsvc - ok
14:07:49.0359 7128 qfcoresvc - ok
14:07:49.0375 7128 qkbfiltr - ok
14:07:49.0390 7128 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
14:07:49.0390 7128 ql1080 - ok
14:07:49.0406 7128 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
14:07:49.0406 7128 Ql10wnt - ok
14:07:49.0421 7128 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
14:07:49.0421 7128 ql12160 - ok
14:07:49.0453 7128 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
14:07:49.0453 7128 ql1240 - ok
14:07:49.0468 7128 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
14:07:49.0468 7128 ql1280 - ok
14:07:49.0484 7128 qmofiltr - ok
14:07:49.0500 7128 QPCapSvc - ok
14:07:49.0515 7128 qserver - ok
14:07:49.0531 7128 quickbooksdb - ok
14:07:49.0546 7128 QV2KUX - ok
14:07:49.0562 7128 QWAVEDRV - ok
14:07:49.0578 7128 R300 - ok
14:07:49.0593 7128 RadProbe - ok
14:07:49.0609 7128 raidmagt - ok
14:07:49.0625 7128 raidmsvr - ok
14:07:49.0640 7128 RalinkRegistryWriter - ok
14:07:49.0656 7128 rampartsvc - ok
14:07:49.0671 7128 rapapp - ok
14:07:49.0687 7128 RAPIProtocol - ok
14:07:49.0703 7128 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:07:49.0703 7128 RasAcd - ok
14:07:49.0734 7128 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
14:07:49.0734 7128 RasAuto - ok
14:07:49.0765 7128 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:07:49.0765 7128 Rasl2tp - ok
14:07:49.0812 7128 RasMan (d4bd2eeab07fef323f0a0ceecc954f51) C:\WINDOWS\System32\rasmans.dll
14:07:49.0812 7128 RasMan - ok
14:07:49.0828 7128 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:07:49.0843 7128 RasPppoe - ok
14:07:49.0859 7128 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:07:49.0859 7128 Raspti - ok
14:07:49.0875 7128 rassstp - ok
14:07:49.0890 7128 Rawwan - ok
14:07:49.0906 7128 raysatxsi5_0server - ok
14:07:49.0921 7128 razerusb - ok
14:07:49.0937 7128 rca - ok
14:07:49.0984 7128 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:07:50.0000 7128 Rdbss - ok
14:07:50.0015 7128 RDID1007 - ok
14:07:50.0031 7128 RDID1027 - ok
14:07:50.0046 7128 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:07:50.0046 7128 RDPCDD - ok
14:07:50.0093 7128 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:07:50.0093 7128 rdpdr - ok
14:07:50.0156 7128 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
14:07:50.0156 7128 RDPWD - ok
14:07:50.0187 7128 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
14:07:50.0187 7128 RDSessMgr - ok
14:07:50.0203 7128 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:07:50.0218 7128 redbook - ok
14:07:50.0234 7128 regdefend - ok
14:07:50.0250 7128 regmanserv - ok
14:07:50.0281 7128 regmon701 - ok
14:07:50.0296 7128 regservice - ok
14:07:50.0312 7128 regspy - ok
14:07:50.0343 7128 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
14:07:50.0343 7128 RemoteAccess - ok
14:07:50.0359 7128 remotelyanywhere - ok
14:07:50.0375 7128 remoterecord - ok
14:07:50.0390 7128 RESMGR - ok
14:07:50.0406 7128 retinaengine - ok
14:07:50.0421 7128 retroexplauncher - ok
14:07:50.0437 7128 REVOSENS - ok
14:07:50.0453 7128 revudfservice - ok
14:07:50.0468 7128 rfcomm - ok
14:07:50.0484 7128 rimmptsk - ok
14:07:50.0500 7128 RimSerPort - ok
14:07:50.0531 7128 rimusb - ok
14:07:50.0546 7128 rimvserport - ok
14:07:50.0562 7128 RioS30 - ok
14:07:50.0578 7128 RIOUNIV - ok
14:07:50.0609 7128 RIOXDRV - ok
14:07:50.0625 7128 risdptsk - ok
14:07:50.0640 7128 rkhdrv31 - ok
14:07:50.0656 7128 rksample - ok
14:07:50.0671 7128 RMCAST - ok
14:07:50.0687 7128 RMSvc - ok
14:07:50.0703 7128 rnadiagnosticsservice - ok
14:07:50.0718 7128 rnadiagreceiver - ok
14:07:50.0734 7128 rnadirectory - ok
14:07:50.0750 7128 roammgr - ok
14:07:50.0765 7128 ROB_A - ok
14:07:50.0781 7128 ROCKEYNT - ok
14:07:50.0796 7128 rootmodem - ok
14:07:50.0812 7128 ROOTUSB - ok
14:07:50.0828 7128 roxliveshare - ok
14:07:50.0843 7128 roxliveshare9 - ok
14:07:50.0859 7128 roxmediadb - ok
14:07:50.0875 7128 roxmediadb9 - ok
14:07:50.0890 7128 roxupnprenderer - ok
14:07:50.0906 7128 roxupnpserver - ok
14:07:50.0921 7128 roxwatch9 - ok
14:07:50.0937 7128 rp32service - ok
14:07:50.0953 7128 rpaservice - ok
14:07:50.0968 7128 rpcapd - ok
14:07:51.0000 7128 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\System32\locator.exe
14:07:51.0000 7128 RpcLocator - ok
14:07:51.0062 7128 RpcSs (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\System32\rpcss.dll
14:07:51.0078 7128 RpcSs - ok
14:07:51.0078 7128 rpskt - ok
14:07:51.0093 7128 rpsupdaterr - ok
14:07:51.0109 7128 rp_fws - ok
14:07:51.0125 7128 RR2IOMod - ok
14:07:51.0140 7128 RR2Vbi - ok
14:07:51.0171 7128 rrrspy - ok
14:07:51.0171 7128 rrspy - ok
14:07:51.0203 7128 RSAFAL - ok
14:07:51.0218 7128 rslinxng - ok
14:07:51.0234 7128 rspndr - ok
14:07:51.0250 7128 rsvchost - ok
14:07:51.0296 7128 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
14:07:51.0296 7128 RSVP - ok
14:07:51.0312 7128 rt2500usb - ok
14:07:51.0328 7128 RT25USBAP - ok
14:07:51.0343 7128 rt2870 - ok
14:07:51.0359 7128 rt73 - ok
14:07:51.0375 7128 RTHDMIAzAudService - ok
14:07:51.0390 7128 rtl8023 - ok
14:07:51.0406 7128 RTL8023xp - ok
14:07:51.0421 7128 rtl8029 - ok
14:07:51.0437 7128 rtl8139 - ok
14:07:51.0468 7128 RTL8169 - ok
14:07:51.0484 7128 rtl8185 - ok
14:07:51.0500 7128 rtl8187Se - ok
14:07:51.0515 7128 RTLE8023xp - ok
14:07:51.0531 7128 rtm - ok
14:07:51.0546 7128 RTSTOR - ok
14:07:51.0562 7128 rupsmon - ok
14:07:51.0578 7128 RushTopDevice - ok
14:07:51.0593 7128 RVIEG01 - ok
14:07:51.0609 7128 rvscc - ok
14:07:51.0625 7128 rvsinst - ok
14:07:51.0640 7128 rwbackupsrv - ok
14:07:51.0656 7128 s116bus - ok
14:07:51.0671 7128 s116mdm - ok
14:07:51.0687 7128 s116mgmt - ok
14:07:51.0703 7128 s116obex - ok
14:07:51.0718 7128 s116unic - ok
14:07:51.0734 7128 s117bus - ok
14:07:51.0750 7128 s117mdfl - ok
14:07:51.0765 7128 s117mdm - ok
14:07:51.0781 7128 s117mgmt - ok
14:07:51.0796 7128 s117nd5 - ok
14:07:51.0812 7128 s117obex - ok
14:07:51.0828 7128 s117unic - ok
14:07:51.0843 7128 s125mdfl - ok
14:07:51.0859 7128 s125mgmt - ok
14:07:51.0875 7128 s217mdm - ok
14:07:51.0890 7128 s217mgmt - ok
14:07:51.0906 7128 s24eventmonitor - ok
14:07:51.0921 7128 s24trans - ok
14:07:51.0937 7128 s3twistr - ok
14:07:51.0953 7128 s616mdm - ok
14:07:51.0968 7128 s616mgmt - ok
14:07:51.0984 7128 s616unic - ok
14:07:52.0000 7128 s716bus - ok
14:07:52.0015 7128 s716unic - ok
14:07:52.0031 7128 S7oppilx - ok
14:07:52.0046 7128 s7oppitx - ok
14:07:52.0062 7128 SABProcEnum - ok
14:07:52.0078 7128 SABSVC - ok
14:07:52.0093 7128 sagefserver - ok
14:07:52.0093 7128 SaiClass - ok
14:07:52.0109 7128 SaiH040B - ok
14:07:52.0125 7128 SaiNtBus - ok
14:07:52.0140 7128 SaiNtHid - ok
14:07:52.0156 7128 samfilt - ok
14:07:52.0203 7128 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
14:07:52.0203 7128 SamSs - ok
14:07:52.0218 7128 sandboxu - ok
14:07:52.0234 7128 sandradatasrv - ok
14:07:52.0250 7128 sandrathesrv - ok
14:07:52.0265 7128 sansaservice - ok
14:07:52.0281 7128 savscan - ok
14:07:52.0296 7128 SbcpHid - ok
14:07:52.0312 7128 sbcssvc - ok
14:07:52.0328 7128 SbieDrv - ok
14:07:52.0343 7128 sbiesvc - ok
14:07:52.0359 7128 sbp2port - ok
14:07:52.0375 7128 sbpci - ok
14:07:52.0390 7128 sbservice - ok
14:07:52.0406 7128 scan - ok
14:07:52.0421 7128 ScanUSBEMPIA - ok
14:07:52.0437 7128 scarddrv - ok
14:07:52.0468 7128 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
14:07:52.0484 7128 SCardSvr - ok
14:07:52.0500 7128 ScFBPNT3 - ok
14:07:52.0531 7128 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
14:07:52.0546 7128 Schedule - ok
14:07:52.0562 7128 scsk4 - ok
14:07:52.0578 7128 sdbus - ok
14:07:52.0593 7128 sdcoreservice - ok
14:07:52.0609 7128 SE26bus - ok
14:07:52.0625 7128 SE26mdm - ok
14:07:52.0640 7128 se26nd5 - ok
14:07:52.0656 7128 se26unic - ok
14:07:52.0671 7128 SE27bus - ok
14:07:52.0687 7128 SE27mdfl - ok
14:07:52.0703 7128 SE27obex - ok
14:07:52.0718 7128 se27unic - ok
14:07:52.0734 7128 SE2Bbus - ok
14:07:52.0750 7128 SE2Bmdfl - ok
14:07:52.0765 7128 SE2Bmgmt - ok
14:07:52.0781 7128 se2Bnd5 - ok
14:07:52.0796 7128 SE2Bobex - ok
14:07:52.0812 7128 SE2Cbus - ok
14:07:52.0828 7128 SE2Cmdm - ok
14:07:52.0843 7128 SE2Cmgmt - ok
14:07:52.0859 7128 SE2Dmdfl - ok
14:07:52.0875 7128 SE2Dmdm - ok
14:07:52.0890 7128 SE2Dmgmt - ok
14:07:52.0906 7128 se2Dnd5 - ok
14:07:52.0937 7128 se2Dunic - ok
14:07:52.0968 7128 SE2Ebus - ok
14:07:52.0984 7128 SE2Emgmt - ok
14:07:53.0000 7128 se2End5 - ok
14:07:53.0000 7128 SE2Eobex - ok
14:07:53.0015 7128 se2Eunic - ok
14:07:53.0031 7128 se44bus - ok
14:07:53.0046 7128 se44mdfl - ok
14:07:53.0062 7128 se44mdm - ok
14:07:53.0078 7128 se44mgmt - ok
14:07:53.0093 7128 se44obex - ok
14:07:53.0109 7128 se44unic - ok
14:07:53.0125 7128 se45mdfl - ok
14:07:53.0140 7128 se45nd5 - ok
14:07:53.0156 7128 se45unic - ok
14:07:53.0171 7128 se59mdfl - ok
14:07:53.0187 7128 se59mgmt - ok
14:07:53.0203 7128 se59obex - ok
14:07:53.0250 7128 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:07:53.0265 7128 Secdrv - ok
14:07:53.0296 7128 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
14:07:53.0312 7128 seclogon - ok
14:07:53.0328 7128 SenFiltService - ok
14:07:53.0343 7128 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
14:07:53.0343 7128 SENS - ok
14:07:53.0359 7128 sentinelprotectionserver - ok
14:07:53.0375 7128 ser2pl - ok
14:07:53.0390 7128 ser2plms - ok
14:07:53.0406 7128 SeratoUsb - ok
14:07:53.0468 7128 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:07:53.0468 7128 serenum - ok
14:07:53.0484 7128 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
14:07:53.0484 7128 Serial - ok
14:07:53.0500 7128 serialkeys - ok
14:07:53.0515 7128 SerTVOutCtlr - ok
14:07:53.0531 7128 server - ok
14:07:53.0546 7128 servidor - ok
14:07:53.0562 7128 SetupNT - ok
14:07:53.0578 7128 sf - ok
14:07:53.0593 7128 sfcure01 - ok
14:07:53.0609 7128 sffp_sd - ok
14:07:53.0625 7128 sfhlp01 - ok
14:07:53.0640 7128 sfilter - ok
14:07:53.0703 7128 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
14:07:53.0703 7128 Sfloppy - ok
14:07:53.0718 7128 sfman - ok
14:07:53.0734 7128 sfng32 - ok
14:07:53.0750 7128 sfsync02 - ok
14:07:53.0765 7128 sfusvc - ok
14:07:53.0781 7128 sgectl - ok
14:07:53.0796 7128 SGIR - ok
14:07:53.0828 7128 sglfb - ok
14:07:53.0890 7128 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
14:07:53.0921 7128 SharedAccess - ok
14:07:53.0937 7128 shdserv - ok
14:07:53.0984 7128 ShellHWDetection (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
14:07:53.0984 7128 ShellHWDetection - ok
14:07:54.0000 7128 ShockMgr - ok
14:07:54.0015 7128 Shockprf - ok
14:07:54.0031 7128 shuttleengine - ok
14:07:54.0046 7128 SI3112 - ok
14:07:54.0062 7128 si3114r - ok
14:07:54.0078 7128 Si3114r5 - ok
14:07:54.0093 7128 Si3132 - ok
14:07:54.0109 7128 sigfilt - ok
14:07:54.0125 7128 SilverLink - ok
14:07:54.0140 7128 Simbad - ok
14:07:54.0171 7128 SimpTcp (32933b07fc16d9f778bee12545fa1b1a) C:\WINDOWS\System32\tcpsvcs.exe
14:07:54.0171 7128 SimpTcp - ok
14:07:54.0187 7128 SIODRV - ok
14:07:54.0203 7128 SiRemFil - ok
14:07:54.0218 7128 sis162u - ok
14:07:54.0234 7128 sis315 - ok
14:07:54.0250 7128 SiS7018 - ok
14:07:54.0296 7128 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\System32\DRIVERS\sisagp.sys
14:07:54.0296 7128 sisagp - ok
14:07:54.0312 7128 siside - ok
14:07:54.0328 7128 siskp - ok
14:07:54.0343 7128 sisnic - ok
14:07:54.0359 7128 sisperf - ok
14:07:54.0375 7128 SiSRaid - ok
14:07:54.0406 7128 sit_bus - ok
14:07:54.0421 7128 sit_flt - ok
14:07:54.0437 7128 sit_mdm - ok
14:07:54.0453 7128 Sk99202k - ok
14:07:54.0468 7128 slabbus - ok
14:07:54.0484 7128 slabser - ok
14:07:54.0500 7128 slave - ok
14:07:54.0515 7128 sleepy - ok
14:07:54.0562 7128 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:07:54.0562 7128 SLIP - ok
14:07:54.0578 7128 Slntamr - ok
14:07:54.0593 7128 slpmonx - ok
14:07:54.0609 7128 slservice - ok
14:07:54.0625 7128 slssvc - ok
14:07:54.0640 7128 SlWdmSup - ok
14:07:54.0656 7128 smapint - ok
14:07:54.0671 7128 smartlinkservice - ok
14:07:54.0687 7128 smartscaps - ok
14:07:54.0703 7128 smartwiservice - ok
14:07:54.0718 7128 SMCB000 - ok
14:07:54.0734 7128 SMNDIS5 - ok
14:07:54.0750 7128 SMPLSCSI - ok
14:07:54.0765 7128 smrt - ok
14:07:54.0781 7128 smservauth - ok
14:07:54.0796 7128 smservaz - ok
14:07:54.0812 7128 smstsmgr - ok
14:07:54.0828 7128 smtpd32 - ok
14:07:54.0843 7128 snac - ok
14:07:54.0859 7128 snapman - ok
14:07:54.0875 7128 snapman380 - ok
14:07:54.0890 7128 snare - ok
14:07:54.0906 7128 snareiis - ok
14:07:54.0921 7128 SNC - ok
14:07:54.0937 7128 SNMP - ok
14:07:54.0953 7128 SNMPTRAP - ok
14:07:54.0968 7128 snmptrapdservice - ok
14:07:54.0984 7128 SNP2STD - ok
14:07:55.0000 7128 SNP2UVC - ok
14:07:55.0015 7128 snpstd - ok
14:07:55.0031 7128 sonicatheaterinstallerservice - ok
14:07:55.0046 7128 sonywbms - ok
14:07:55.0062 7128 sony_ssm.sys - ok
14:07:55.0093 7128 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
14:07:55.0109 7128 Sparrow - ok
14:07:55.0109 7128 spbbcdrv - ok
14:07:55.0140 7128 spcflt - ok
14:07:55.0156 7128 SPFDRV - ok
14:07:55.0171 7128 SPLITCAM - ok
14:07:55.0203 7128 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
14:07:55.0203 7128 splitter - ok
14:07:55.0218 7128 spmd - ok
14:07:55.0234 7128 spmgr - ok
14:07:55.0265 7128 Spooler (da81ec57acd4cdc3d4c51cf3d409af9f) C:\WINDOWS\system32\spoolsv.exe
14:07:55.0265 7128 Spooler - ok
14:07:55.0281 7128 SprintRcAppSvc - ok
14:07:55.0296 7128 sprtsvc_ddoctorv2 - ok
14:07:55.0312 7128 spsslm - ok
14:07:55.0328 7128 sptisrv - ok
14:07:55.0343 7128 SQLAgent$ABBEYIIOFFLINE - ok
14:07:55.0375 7128 SQLAgent$LG_LP2 - ok
14:07:55.0390 7128 SQLAgent$MICROSOFTBCM - ok
14:07:55.0406 7128 SQLAgent$MICROSOFTSMLBIZ - ok
14:07:55.0421 7128 sqlagent$sony_mediamgr - ok
14:07:55.0437 7128 sqlagent$soshome22 - ok
14:07:55.0515 7128 SQLSERVERAGENT - ok
14:07:55.0546 7128 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
14:07:55.0546 7128 sr - ok
14:07:55.0609 7128 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
14:07:55.0609 7128 srservice - ok
14:07:55.0625 7128 SRS_SSCFilter - ok
14:07:55.0640 7128 SRTSPL - ok
14:07:55.0687 7128 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
14:07:55.0734 7128 Srv - ok
14:07:55.0750 7128 SrvcEKIOMngr - ok
14:07:55.0765 7128 SrvcEPECioctl - ok
14:07:55.0781 7128 SrvcEPIOMngr - ok
14:07:55.0796 7128 SrvcTPIOMngr - ok
14:07:55.0812 7128 srvdpi - ok
14:07:55.0828 7128 SRVLOC - ok
14:07:55.0843 7128 sscdbhk5 - ok
14:07:55.0859 7128 sscdmdm - ok
14:07:55.0875 7128 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
14:07:55.0875 7128 SSDPSRV - ok
14:07:55.0890 7128 SSFS0BB9 - ok
14:07:55.0906 7128 ssidrv - ok
14:07:55.0921 7128 ssisvr32 - ok
14:07:55.0937 7128 ssmdrv - ok
14:07:55.0968 7128 ssm_bus - ok
14:07:55.0984 7128 ssm_mdm - ok
14:07:56.0000 7128 ssrvc - ok
14:07:56.0015 7128 ss_mdm - ok
14:07:56.0031 7128 st330service - ok
14:07:56.0046 7128 stac97 - ok
14:07:56.0062 7128 starwindservice - ok
14:07:56.0078 7128 starwindserviceae - ok
14:07:56.0093 7128 statusagent - ok
14:07:56.0109 7128 statusagent4 - ok
14:07:56.0125 7128 stcagent - ok
14:07:56.0140 7128 steamdvr - ok
14:07:56.0156 7128 StickyMesger - ok
14:07:56.0171 7128 StillCam - ok
14:07:56.0218 7128 stisvc (b6763f8534ac547cf1af98afdff2edc8) C:\WINDOWS\system32\wiaservc.dll
14:07:56.0250 7128 stisvc - ok
14:07:56.0265 7128 StkAMini - ok
14:07:56.0281 7128 StkASSrv - ok
14:07:56.0296 7128 stllssvr - ok
14:07:56.0312 7128 StreamDispatcher - ok
14:07:56.0343 7128 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:07:56.0343 7128 streamip - ok
14:07:56.0359 7128 streamloadservice - ok
14:07:56.0375 7128 stunnel - ok
14:07:56.0390 7128 STV672 - ok
14:07:56.0406 7128 stylexphelper - ok
14:07:56.0421 7128 stylexpservice - ok
14:07:56.0453 7128 Subsonic - ok
14:07:56.0468 7128 SunkFilt39 - ok
14:07:56.0484 7128 Sus2pl - ok
14:07:56.0500 7128 svcwmu - ok
14:07:56.0515 7128 svcwrsssdk - ok
14:07:56.0531 7128 svv - ok
14:07:56.0546 7128 sweepsrv.sys - ok
14:07:56.0593 7128 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:07:56.0593 7128 swenum - ok
14:07:56.0625 7128 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
14:07:56.0625 7128 swmidi - ok
14:07:56.0640 7128 swmsflt - ok
14:07:56.0656 7128 SWMX00 - ok
14:07:56.0671 7128 SWNC5E00 - ok
14:07:56.0687 7128 SWNC8U51 - ok
14:07:56.0703 7128 SwPrv - ok
14:07:56.0718 7128 SWUMX20 - ok
14:07:56.0734 7128 SWUMX51 - ok
14:07:56.0765 7128 symantecantibotagent - ok
14:07:56.0781 7128 symantecantibotshim - ok
14:07:56.0796 7128 symantecantibotwatcher - ok
14:07:56.0812 7128 symappcore - ok
14:07:56.0843 7128 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
14:07:56.0859 7128 symc810 - ok
14:07:56.0875 7128 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
14:07:56.0875 7128 symc8xx - ok
14:07:56.0890 7128 symdns - ok
14:07:56.0906 7128 symevent - ok
14:07:56.0921 7128 symfw - ok
14:07:56.0937 7128 symids - ok
14:07:56.0953 7128 symidsco - ok
14:07:56.0984 7128 symmpi - ok
14:07:57.0000 7128 sympxsvc - ok
14:07:57.0015 7128 symsecureport - ok
14:07:57.0031 7128 symsnap - ok
14:07:57.0046 7128 symtdi - ok
14:07:57.0062 7128 symwsc - ok
14:07:57.0078 7128 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
14:07:57.0078 7128 sym_hi - ok
14:07:57.0093 7128 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
14:07:57.0093 7128 sym_u3 - ok
14:07:57.0109 7128 syntp - ok
14:07:57.0125 7128 sysaidagent - ok
14:07:57.0171 7128 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
14:07:57.0171 7128 sysaudio - ok
14:07:57.0187 7128 sysdown - ok
14:07:57.0203 7128 sysenforce - ok
14:07:57.0218 7128 syslogd - ok
14:07:57.0250 7128 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
14:07:57.0265 7128 SysmonLog - ok
14:07:57.0281 7128 sysplant - ok
14:07:57.0296 7128 szkg - ok
14:07:57.0312 7128 T6963C - ok
14:07:57.0343 7128 Tablet2k - ok
14:07:57.0359 7128 tandpl - ok
14:07:57.0375 7128 tangoservice - ok
14:07:57.0390 7128 tap0901 - ok
14:07:57.0406 7128 tapeware - ok
14:07:57.0421 7128 taphss - ok
14:07:57.0468 7128 TapiSrv (fb78839b36025aa286a51289ed28b73e) C:\WINDOWS\System32\tapisrv.dll
14:07:57.0500 7128 TapiSrv - ok
14:07:57.0515 7128 tappsrv - ok
14:07:57.0531 7128 tapvpn - ok
14:07:57.0546 7128 tavsvc - ok
14:07:57.0562 7128 tb2launch - ok
14:07:57.0578 7128 Tb2RCAssist - ok
14:07:57.0593 7128 tbaspi - ok
14:07:57.0609 7128 tbhsd - ok
14:07:57.0625 7128 TBPanel - ok
14:07:57.0687 7128 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:07:57.0703 7128 Tcpip - ok
14:07:57.0718 7128 tcpip6 - ok
14:07:57.0734 7128 tcpipBM - ok
14:07:57.0750 7128 TcUsb - ok
14:07:57.0765 7128 tdimsys - ok
14:07:57.0781 7128 TdmService - ok
14:07:57.0812 7128 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:07:57.0812 7128 TDPIPE - ok
14:07:57.0828 7128 tdrpman - ok
14:07:57.0859 7128 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
14:07:57.0859 7128 TDTCP - ok
14:07:57.0875 7128 TeamViewer - ok
14:07:57.0890 7128 teefer - ok
14:07:57.0921 7128 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:07:57.0921 7128 TermDD - ok
14:07:57.0984 7128 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
14:07:58.0000 7128 TermService - ok
14:07:58.0015 7128 tfsncofs - ok
14:07:58.0031 7128 tfsndrct - ok
14:07:58.0046 7128 tfsnopio - ok
14:07:58.0062 7128 tfsnpool - ok
14:07:58.0078 7128 tfsnudf - ok
14:07:58.0093 7128 tfsnudfa - ok
14:07:58.0109 7128 tgsrvc_smartagent - ok
14:07:58.0156 7128 Themes (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
14:07:58.0156 7128 Themes - ok
14:07:58.0171 7128 thotkey - ok
14:07:58.0187 7128 thpsrv - ok
14:07:58.0203 7128 TICalc - ok
14:07:58.0218 7128 TIEHDUSB - ok
14:07:58.0250 7128 tifm - ok
14:07:58.0265 7128 tifm21 - ok
14:07:58.0281 7128 timounter - ok
14:07:58.0296 7128 tlntsvr - ok
14:07:58.0312 7128 tmactmon - ok
14:07:58.0328 7128 TMBMServer - ok
14:07:58.0343 7128 tme3srv - ok
14:07:58.0359 7128 tmesbs32 - ok
14:07:58.0375 7128 tmesrv3 - ok
14:07:58.0390 7128 TMHIDSRV - ok
14:07:58.0406 7128 TMKEmu - ok
14:07:58.0421 7128 tmlisten - ok
14:07:58.0437 7128 tmmbd - ok
14:07:58.0453 7128 TMMEmu - ok
14:07:58.0468 7128 tmxpflt - ok
14:07:58.0484 7128 TNaviSrv - ok
14:07:58.0500 7128 tnbrlds - ok
14:07:58.0515 7128 tng-doba - ok
14:07:58.0531 7128 tng-dtmg - ok
14:07:58.0546 7128 toscosrv - ok
14:07:58.0562 7128 toshidpt - ok
14:07:58.0593 7128 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
14:07:58.0593 7128 TosIde - ok
14:07:58.0609 7128 tosporte - ok
14:07:58.0625 7128 tosrfbd - ok
14:07:58.0640 7128 tosrfbnp - ok
14:07:58.0656 7128 tosrfcom - ok
14:07:58.0671 7128 tosrfec - ok
14:07:58.0687 7128 tosrfhid - ok
14:07:58.0703 7128 tosrfnds - ok
14:07:58.0718 7128 tossmbnt - ok
14:07:58.0750 7128 tos_sps32 - ok
14:07:58.0765 7128 TPECioCtl - ok
14:07:58.0781 7128 tphdexlgsvc - ok
14:07:58.0796 7128 tpkmpsvc - ok
14:07:58.0812 7128 TPM - ok
14:07:58.0828 7128 TPPWRIF - ok
14:07:58.0843 7128 tpsrv - ok
14:07:58.0859 7128 TPwSav - ok
14:07:58.0875 7128 transactional - ok
14:07:58.0890 7128 transbaseservice - ok
14:07:58.0906 7128 trayman - ok
14:07:58.0921 7128 trcboot - ok
14:07:58.0968 7128 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
14:07:58.0968 7128 TrkWks - ok
14:07:58.0984 7128 truecrypt - ok
14:07:59.0015 7128 tsdhd - ok
14:07:59.0031 7128 tsircsrv - ok
14:07:59.0046 7128 tsmapip - ok
14:07:59.0062 7128 TuneUp.Defrag - ok
14:07:59.0078 7128 TuneUp.ProgramStatisticsSvc - ok
14:07:59.0093 7128 tunmp - ok
14:07:59.0109 7128 tunnelguardservice - ok
14:07:59.0125 7128 TUWinStylerThemeSvc - ok
14:07:59.0140 7128 tvalz - ok
14:07:59.0156 7128 tversitymediaserver - ok
14:07:59.0187 7128 tvs - ok
14:07:59.0203 7128 tvtfilter - ok
14:07:59.0218 7128 tvtnetwk - ok
14:07:59.0234 7128 twotrack - ok
14:07:59.0250 7128 tzontservice - ok
14:07:59.0265 7128 U81xmdfl - ok
14:07:59.0296 7128 U81xmdm - ok
14:07:59.0312 7128 U81xmgmt - ok
14:07:59.0328 7128 uagp35 - ok
14:07:59.0343 7128 uclauncherservice - ok
14:07:59.0359 7128 UCTblHid - ok
14:07:59.0375 7128 UDFReadr - ok
14:07:59.0437 7128 UdfReadr_xp (27e66e79fd742c107fdb23280e17d869) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
14:07:59.0437 7128 UdfReadr_xp - ok
14:07:59.0500 7128 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
14:07:59.0500 7128 Udfs - ok
14:07:59.0515 7128 ufad-ws60 - ok
14:07:59.0531 7128 ufdsvc - ok
14:07:59.0546 7128 UimBus - ok
14:07:59.0562 7128 Uim_IM - ok
14:07:59.0593 7128 uisp - ok
14:07:59.0609 7128 uiusys - ok
14:07:59.0625 7128 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
14:07:59.0625 7128 ultra - ok
14:07:59.0640 7128 UMPass - ok
14:07:59.0656 7128 umxfwhlp - ok
14:07:59.0703 7128 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
14:07:59.0718 7128 Update - ok
14:07:59.0734 7128 UpdateCenterService - ok
14:07:59.0750 7128 uploadmgr - ok
14:07:59.0765 7128 upnp - ok
14:07:59.0812 7128 upnphost (aca5d98663d879c6baafcea7e2f1b710) C:\WINDOWS\System32\upnphost.dll
14:07:59.0812 7128 upnphost - ok
14:07:59.0859 7128 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
14:07:59.0859 7128 UPS - ok
14:07:59.0875 7128 upsmonservice - ok
14:07:59.0890 7128 us30service - ok
14:07:59.0906 7128 us30sys - ok
14:07:59.0921 7128 USA49W - ok
14:07:59.0937 7128 USB11LDR - ok
14:07:59.0953 7128 usb20l - ok
14:07:59.0984 7128 Usb20Scan - ok
14:08:00.0000 7128 USB28xxOEM - ok
14:08:00.0015 7128 USBAAPL - ok
14:08:00.0031 7128 usbaudio - ok
14:08:00.0046 7128 USBCamera - ok
14:08:00.0093 7128 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:08:00.0093 7128 usbccgp - ok
14:08:00.0109 7128 USBCCID - ok
14:08:00.0125 7128 usbcm - ok
14:08:00.0140 7128 USBDeviceService - ok
14:08:00.0156 7128 UsbDiag - ok
14:08:00.0203 7128 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:08:00.0203 7128 usbehci - ok
14:08:00.0218 7128 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:08:00.0234 7128 usbhub - ok
14:08:00.0250 7128 usbio - ok
14:08:00.0265 7128 usbmate - ok
14:08:00.0281 7128 USBMN1X1 - ok
14:08:00.0296 7128 USBModem - ok
14:08:00.0312 7128 usbohci - ok
14:08:00.0328 7128 usbprint - ok
14:08:00.0375 7128 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:08:00.0375 7128 usbscan - ok
14:08:00.0390 7128 usbser - ok
14:08:00.0406 7128 UsbserFilt - ok
14:08:00.0421 7128 usbsermptxp - ok
14:08:00.0453 7128 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:08:00.0453 7128 USBSTOR - ok
14:08:00.0484 7128 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:08:00.0484 7128 usbuhci - ok
14:08:00.0500 7128 usbvm321 - ok
14:08:00.0515 7128 USB_RNDIS - ok
14:08:00.0531 7128 usb_rndisx - ok
14:08:00.0562 7128 USB_RNDIS_XP - ok
14:08:00.0578 7128 uscbs108 - ok
14:08:00.0593 7128 useraccess7 - ok
14:08:00.0609 7128 USIUDF - ok
14:08:00.0625 7128 usnsvc - ok
14:08:00.0640 7128 usprserv - ok
14:08:00.0656 7128 usr11g - ok
14:08:00.0671 7128 USR1806V - ok
14:08:00.0687 7128 USRpdA - ok
14:08:00.0703 7128 utilman - ok
14:08:00.0718 7128 UVCFTR - ok
14:08:00.0734 7128 UxTuneUp - ok
14:08:00.0750 7128 V0070VID - ok
14:08:00.0765 7128 V0080Dev - ok
14:08:00.0781 7128 v124 - ok
14:08:00.0796 7128 v2imount - ok
14:08:00.0812 7128 vaiomediaplatform-integratedserver-appserver - ok
14:08:00.0828 7128 vaiomediaplatform-integratedserver-http - ok
14:08:00.0859 7128 vaiomediaplatform-musicserver-appserver - ok
14:08:00.0890 7128 VAIOMediaPlatform-MusicServer-HTTP - ok
14:08:00.0906 7128 VAIOMediaPlatform-MusicServer-UPnP - ok
14:08:00.0921 7128 vaiomediaplatform-photoserver-appserver - ok
14:08:00.0937 7128 VAIOMediaPlatform-PhotoServer-UPnP - ok
14:08:00.0953 7128 vaiomediaplatform-videoserver-appserver - ok
14:08:00.0968 7128 VAIOMediaPlatform-VideoServer-HTTP - ok
14:08:00.0984 7128 VC4CB104 - ok
14:08:01.0000 7128 vc5secs - ok
14:08:01.0015 7128 VC6SecS - ok
14:08:01.0031 7128 vc8secs - ok
14:08:01.0046 7128 vcdsecs - ok
14:08:01.0062 7128 vci - ok
14:08:01.0078 7128 vclone - ok
14:08:01.0109 7128 vcomm - ok
14:08:01.0125 7128 vcsw - ok
14:08:01.0140 7128 vds - ok
14:08:01.0156 7128 venturi2 - ok
14:08:01.0171 7128 veteboot - ok
14:08:01.0187 7128 vetfddnt - ok
14:08:01.0203 7128 vga - ok
14:08:01.0218 7128 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
14:08:01.0218 7128 VgaSave - ok
14:08:01.0234 7128 vhidmini - ok
14:08:01.0250 7128 VHidMinidrv - ok
14:08:01.0265 7128 Via4in1 - ok
14:08:01.0296 7128 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\System32\DRIVERS\viaagp.sys
14:08:01.0312 7128 viaagp - ok
14:08:01.0328 7128 viagfx - ok
14:08:01.0359 7128 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\System32\DRIVERS\viaide.sys
14:08:01.0359 7128 ViaIde - ok
14:08:01.0375 7128 viairda - ok
14:08:01.0390 7128 viamraid - ok
14:08:01.0406 7128 VIAPFD - ok
14:08:01.0421 7128 viaudio - ok
14:08:01.0437 7128 videoacceleratorengine - ok
14:08:01.0453 7128 VirtualFD - ok
14:08:01.0484 7128 VMAUDIO - ok
14:08:01.0500 7128 vmauthdservice - ok
14:08:01.0515 7128 vmkbd - ok
14:08:01.0531 7128 vmkbd2 - ok
14:08:01.0546 7128 vmnetadapter - ok
14:08:01.0562 7128 vmodem - ok
14:08:01.0578 7128 vmparport - ok
14:08:01.0593 7128 vmusb - ok
14:08:01.0609 7128 vmware - ok
14:08:01.0625 7128 vncdrv - ok
14:08:01.0640 7128 vnxservice - ok
14:08:01.0687 7128 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
14:08:01.0687 7128 VolSnap - ok
14:08:01.0703 7128 vpcbus - ok
14:08:01.0718 7128 vpctcom - ok
14:08:01.0750 7128 vpn5000service - ok
14:08:01.0765 7128 vproeventmonitor - ok
14:08:01.0781 7128 VrAcFil - ok
14:08:01.0796 7128 VRcore - ok
14:08:01.0812 7128 vrfwsvc - ok
14:08:01.0828 7128 vrmonsvc - ok
14:08:01.0843 7128 vsapint - ok
14:08:01.0859 7128 vsbus - ok
14:08:01.0875 7128 vsdatant - ok
14:08:01.0890 7128 vserial - ok
14:08:01.0953 7128 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
14:08:01.0953 7128 VSS - ok
14:08:01.0968 7128 vstor2 - ok
14:08:01.0984 7128 vstor2-ws60 - ok
14:08:02.0000 7128 vtserver - ok
14:08:02.0031 7128 vvdsvc - ok
14:08:02.0046 7128 vwlogger - ok
14:08:02.0062 7128 VX3000 - ok
14:08:02.0093 7128 vxsvc - ok
14:08:02.0109 7128 vzcdbsvc - ok
14:08:02.0125 7128 vzupsvc - ok
14:08:02.0140 7128 w200mdfl - ok
14:08:02.0171 7128 w200mdm - ok
14:08:02.0187 7128 w200mgmt - ok
14:08:02.0203 7128 w22n51 - ok
14:08:02.0218 7128 w29n51 - ok
14:08:02.0234 7128 W2acehid - ok
14:08:02.0250 7128 w300bus - ok
14:08:02.0265 7128 w300mdm - ok
14:08:02.0328 7128 w32time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
14:08:02.0328 7128 w32time - ok
14:08:02.0359 7128 w39n51 - ok
14:08:02.0390 7128 w550mdfl - ok
14:08:02.0406 7128 w550mdm - ok
14:08:02.0421 7128 w550mgmt - ok
14:08:02.0437 7128 W55U01 - ok
14:08:02.0453 7128 W700bus - ok
14:08:02.0468 7128 W700mdfl - ok
14:08:02.0500 7128 W700mdm - ok
14:08:02.0515 7128 w800bus - ok
14:08:02.0531 7128 w800mgmt - ok
14:08:02.0546 7128 W8100PCI - ok
14:08:02.0562 7128 w810mdfl - ok
14:08:02.0578 7128 w810obex - ok
14:08:02.0593 7128 W8335XP - ok
14:08:02.0609 7128 wacomvhid - ok
14:08:02.0625 7128 wampapache - ok
14:08:02.0640 7128 wampmysqld - ok
14:08:02.0671 7128 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:08:02.0671 7128 Wanarp - ok
14:08:02.0687 7128 wanatw - ok
14:08:02.0703 7128 wandrv - ok
14:08:02.0734 7128 wanminiportservice - ok
14:08:02.0750 7128 wap3gx - ok
14:08:02.0781 7128 WaveEnrollmentService - ok
14:08:02.0796 7128 WaveFDE - ok
14:08:02.0812 7128 WavxDMgr - ok
14:08:02.0828 7128 Wbutton - ok
14:08:02.0843 7128 wcontrol - ok
14:08:02.0859 7128 Wdf01000 - ok
14:08:02.0875 7128 WDICA - ok
14:08:02.0921 7128 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
14:08:02.0921 7128 wdmaud - ok
14:08:02.0937 7128 wdm_au8820 - ok
14:08:02.0953 7128 WDM_YAMAHAAC97 - ok
14:08:02.0968 7128 WD_FireWire_HID - ok
14:08:03.0015 7128 WebClient (265f534ef76832435afbf771ec97176d) C:\WINDOWS\System32\webclnt.dll
14:08:03.0015 7128 WebClient - ok
14:08:03.0031 7128 webdriveservice - ok
14:08:03.0046 7128 webrootadminconsole - ok
14:08:03.0062 7128 webrootspysweeperservice - ok
14:08:03.0093 7128 websensecamserver - ok
14:08:03.0109 7128 websenseclientdeployservice - ok
14:08:03.0125 7128 websensecommunicationagent - ok
14:08:03.0140 7128 websensecpmcommunicationagent - ok
14:08:03.0156 7128 websenselogserver - ok
14:08:03.0171 7128 websenserealtimeanalyzer - ok
14:08:03.0187 7128 websenseusagemonitor - ok
14:08:03.0203 7128 websenseuserservice - ok
14:08:03.0218 7128 webupdate - ok
14:08:03.0234 7128 wencrservice - ok
14:08:03.0250 7128 wfxsvc - ok
14:08:03.0281 7128 wg111nd5 - ok
14:08:03.0296 7128 wg3n - ok
14:08:03.0312 7128 wg5n - ok
14:08:03.0328 7128 WGX - ok
14:08:03.0343 7128 WIBUKEY - ok
14:08:03.0359 7128 WimFltr - ok
14:08:03.0375 7128 win32sl - ok
14:08:03.0390 7128 winachcf - ok
14:08:03.0406 7128 winachsf - ok
14:08:03.0421 7128 winachsx - ok
14:08:03.0437 7128 windowblinds - ok
14:08:03.0453 7128 windrvNT - ok
14:08:03.0484 7128 WINIO - ok
14:08:03.0531 7128 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
14:08:03.0531 7128 winmgmt - ok
14:08:03.0546 7128 winmtsrv - ok
14:08:03.0562 7128 winpowermanager - ok
14:08:03.0593 7128 winpowermonitor - ok
14:08:03.0609 7128 winpowerrmi - ok
14:08:03.0625 7128 winpppoverethernet - ok
14:08:03.0640 7128 winproxy - ok
14:08:03.0671 7128 winss - ok
14:08:03.0687 7128 winsshd - ok
14:08:03.0718 7128 WINUSB - ok
14:08:03.0734 7128 WinVd32 - ok
14:08:03.0750 7128 winvnc - ok
14:08:03.0765 7128 WISTechVIDCAP - ok
14:08:03.0781 7128 wkscfgsrv - ok
14:08:03.0796 7128 wlancfg - ok
14:08:03.0812 7128 wlancig - ok
14:08:03.0843 7128 wlankeeper - ok
14:08:03.0859 7128 WLAN_USB - ok
14:08:03.0875 7128 wlluc48 - ok
14:08:03.0968 7128 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
14:08:03.0984 7128 WLSetupSvc - ok
14:08:04.0000 7128 wltrysvc - ok
14:08:04.0015 7128 wltwo51b - ok
14:08:04.0031 7128 WmaCDriverV32 - ok
14:08:04.0046 7128 WmaCVideo32 - ok
14:08:04.0062 7128 WmBEnum - ok
14:08:04.0078 7128 wmccds - ok
14:08:04.0125 7128 WMDM PMSP Service (581176f60885aef8f78c6e38dcc3cdf9) C:\WINDOWS\System32\MsPMSPSv.exe
14:08:04.0125 7128 WMDM PMSP Service - ok
14:08:04.0156 7128 WmdmPmSN (c086483e3dba8c1c0a687ec8d5b3d4c1) C:\WINDOWS\System32\mspmsnsv.dll
14:08:04.0156 7128 WmdmPmSN - ok
14:08:04.0171 7128 wmdmpmsp - ok
14:08:04.0203 7128 WmFilter - ok
14:08:04.0218 7128 WmHidLo - ok
14:08:04.0234 7128 WmiAcpi - ok
14:08:04.0281 7128 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\System32\wbem\wmiapsrv.exe
14:08:04.0296 7128 WmiApSrv - ok
14:08:04.0312 7128 WMIService - ok
14:08:04.0328 7128 wmp54gsvc - ok
14:08:04.0343 7128 wmp54gv4svc - ok
14:08:04.0359 7128 WmUsbHid - ok
14:08:04.0375 7128 WmVirHid - ok
14:08:04.0390 7128 WmXlCore - ok
14:08:04.0406 7128 WNCPKT - ok
14:08:04.0421 7128 WNIPROT5 - ok
14:08:04.0453 7128 wpdusb - ok
14:08:04.0468 7128 wps - ok
14:08:04.0484 7128 wpsdrvnt - ok
14:08:04.0500 7128 wpshelper - ok
14:08:04.0531 7128 ws2ifsl (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:08:04.0531 7128 ws2ifsl - ok
14:08:04.0546 7128 WscNetDr - ok
14:08:04.0593 7128 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
14:08:04.0593 7128 wscsvc - ok
14:08:04.0609 7128 wsearch - ok
14:08:04.0625 7128 WSIMD - ok
14:08:04.0671 7128 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:08:04.0671 7128 WSTCODEC - ok
14:08:04.0687 7128 Wtcls2k - ok
14:08:04.0718 7128 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
14:08:04.0734 7128 wuauserv - ok
14:08:04.0750 7128 wudfpf - ok
14:08:04.0765 7128 wudfsvc - ok
14:08:04.0781 7128 wuolservice - ok
14:08:04.0796 7128 WUSB54GPV4SRV - ok
14:08:04.0812 7128 wusb54gv2svc - ok
14:08:04.0828 7128 wwnetdde - ok
14:08:04.0859 7128 wwsecsvc - ok
14:08:04.0906 7128 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
14:08:04.0906 7128 WZCSVC - ok
14:08:04.0921 7128 X10UIF - ok
14:08:04.0953 7128 XAudio - ok
14:08:04.0968 7128 xaudioservice - ok
14:08:04.0984 7128 XBCD - ok
14:08:05.0000 7128 xcomm - ok
14:08:05.0015 7128 XDva004 - ok
14:08:05.0031 7128 xfactorae1 - ok
14:08:05.0046 7128 xfilt - ok
14:08:05.0062 7128 XFX_program - ok
14:08:05.0093 7128 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
14:08:05.0109 7128 xmlprov - ok
14:08:05.0125 7128 xnacc - ok
14:08:05.0140 7128 xpadminserver - ok
14:08:05.0156 7128 xpagentserver - ok
14:08:05.0171 7128 Xponaut_WBD - ok
14:08:05.0187 7128 XUIF - ok
14:08:05.0218 7128 xusb21 - ok
14:08:05.0234 7128 Xyz777s - ok
14:08:05.0250 7128 YahooAUService - ok
14:08:05.0265 7128 yediex - ok
14:08:05.0281 7128 YMIDUSB - ok
14:08:05.0296 7128 yukonwlh - ok
14:08:05.0312 7128 z525bus - ok
14:08:05.0328 7128 z525mdfl - ok
14:08:05.0343 7128 z525obex - ok
14:08:05.0359 7128 z800mdm - ok
14:08:05.0375 7128 z800obex - ok
14:08:05.0406 7128 zBackupAssistService - ok
14:08:05.0421 7128 ZD1211BU(ZyDAS) - ok
14:08:05.0437 7128 ZDCNDIS5 - ok
14:08:05.0453 7128 zdeviceservice - ok
14:08:05.0468 7128 ZDPNDIS5 - ok
14:08:05.0484 7128 ZDPSp50 - ok
14:08:05.0500 7128 zebrmdm - ok
14:08:05.0515 7128 zebrmdmc - ok
14:08:05.0531 7128 zfdwm - ok
14:08:05.0562 7128 zmxpzip - ok
14:08:05.0578 7128 zntport - ok
14:08:05.0593 7128 zpaction - ok
14:08:05.0609 7128 zpcollector - ok
14:08:05.0625 7128 zpmysql - ok
14:08:05.0640 7128 zppinger - ok
14:08:05.0656 7128 zpsc - ok
14:08:05.0671 7128 ZSMC211 - ok
14:08:05.0703 7128 ZSMC301b - ok
14:08:05.0718 7128 ZTEusbmdm6k - ok
14:08:05.0734 7128 zumbus - ok
14:08:05.0750 7128 ZuneBusEnum - ok
14:08:05.0765 7128 zunenetworksvc - ok
14:08:05.0781 7128 ZuneWlanCfgSvc - ok
14:08:05.0796 7128 ZY202_XP - ok
14:08:05.0828 7128 {6080a529-897e-4629-a488-aba0c29b635e} - ok
14:08:05.0859 7128 {95808DC4-FA4A-4c74-92FE-5B863F82066B} - ok
14:08:05.0875 7128 {a7447300-8075-4b0d-83f1-3d75c8ebc623} - ok
14:08:05.0890 7128 {eda5f5d3-9e0f-4f4d-8a13-1d1cf469c9cc} - ok
14:08:05.0906 7128 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
14:08:06.0078 7128 \Device\Harddisk0\DR0 - ok
14:08:06.0093 7128 Boot (0x1200) (420e33b53d6526315421922a02ef1760) \Device\Harddisk0\DR0\Partition0
14:08:06.0093 7128 \Device\Harddisk0\DR0\Partition0 - ok
14:08:06.0093 7128 ============================================================
14:08:06.0093 7128 Scan finished
14:08:06.0093 7128 ============================================================
14:08:06.0125 5340 Detected object count: 0
14:08:06.0125 5340 Actual detected object count: 0


---------------aswMBR report---------------------------
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-10 14:11:03
-----------------------------
14:11:03.828 OS Version: Windows 5.1.2600 Service Pack 2
14:11:03.828 Number of processors: 1 586 0x207
14:11:03.828 ComputerName: 6CXF321 UserName:
14:11:04.343 Initialize success
14:12:54.828 AVAST engine defs: 12051000
14:13:44.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:13:44.656 Disk 0 Vendor: WDC_WD1200JB-75CRA0 16.06V16 Size: 114440MB BusType: 3
14:13:44.671 Disk 0 MBR read successfully
14:13:44.671 Disk 0 MBR scan
14:13:44.703 Disk 0 Windows XP default MBR code
14:13:44.703 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 31 MB offset 63
14:13:44.718 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 114408 MB offset 64260
14:13:44.718 Disk 0 scanning sectors +234372285
14:13:44.828 Disk 0 scanning C:\WINDOWS\system32\drivers
14:13:56.609 Service scanning
14:14:15.765 Modules scanning
14:14:23.484 Disk 0 trace - called modules:
14:14:23.500 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
14:14:24.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8777fab8]
14:14:24.000 3 CLASSPNP.SYS[f780a05b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x877a7b00]
14:14:24.578 AVAST engine scan C:\WINDOWS
14:14:43.921 AVAST engine scan C:\WINDOWS\system32
14:17:07.093 AVAST engine scan C:\WINDOWS\system32\drivers
14:17:26.187 AVAST engine scan C:\Documents and Settings\Julie Schwalm
14:37:16.609 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Julie Schwalm\Desktop\VirusRemoval\MBR.dat"
14:37:16.609 The log file has been saved successfully to "C:\Documents and Settings\Julie Schwalm\Desktop\VirusRemoval\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:13 PM

Posted 10 May 2012 - 03:10 PM

Hello Julie

I have attached a file to this post, I want you to download it and save it to the desktop.

double click on the file and when asked to merge into the registry please allow




:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

Attached Files


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Julie_backroads

Julie_backroads
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 10 May 2012 - 03:35 PM

OK, I got the attached registry file saved and ran it.

After dragging the script only ComboFix.exe, ComboFix launched automatically. A message appeared:

"Update
There's a newer version of ComboFix available.
Would you like to update ComboFix?"

I'm guessing I should click YES, but thought I'd better check with you first.

I've left the screen alone and that message is still visible.

Thanks -
Julie

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:13 PM

Posted 10 May 2012 - 05:53 PM

yes go ahead and update


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Julie_backroads

Julie_backroads
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 10 May 2012 - 09:10 PM

OK, I updated ComboFix and it completed. Below please find the results from ComboFix.

The computer is still running well.

Thanks!
Julie

--------------------ComboFix Results -----------------------------

ComboFix 12-05-10.04 - Julie Schwalm 05/10/2012 20:08:51.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.464 [GMT -5:00]
Running from: c:\documents and settings\Julie Schwalm\Desktop\VirusRemoval\ComboFix.exe
Command switches used :: c:\documents and settings\Julie Schwalm\Desktop\VirusRemoval\CFScript.txt
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\_detmp.2
.
.
((((((((((((((((((((((((( Files Created from 2012-04-11 to 2012-05-11 )))))))))))))))))))))))))))))))
.
.
2012-05-09 22:21 . 2008-08-14 10:34 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-05-09 22:21 . 2008-08-14 10:34 138496 ----a-w- c:\windows\system32\dllcache\afd.sys
2012-05-08 19:25 . 2012-05-08 19:25 664 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-16 17:48 . 2012-03-16 17:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2002-08-29 11:00 94784 --sh--w- c:\windows\TWAIN.DLL
2004-08-04 06:56 50688 --sh--w- c:\windows\twain_32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2003-05-15 245760]
"Motive SmartBridge"="c:\progra~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe" [2010-08-17 483415]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2012-01-27 2077536]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2004-10-25 184320]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\McAgent.exe" [2004-08-18 245760]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 14:57 12536 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=c:\windows\pss\Billminder.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dataviz Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dataviz Messenger.lnk
backup=c:\windows\pss\Dataviz Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp psc 700 series) - 1.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp psc 700 series) - 1.lnk
backup=c:\windows\pss\HPAiODevice(hp psc 700 series) - 1.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=c:\windows\pss\Quicken Startup.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Virtual Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Virtual Assistant.lnk
backup=c:\windows\pss\Virtual Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Julie Schwalm^Start Menu^Programs^Startup^HotSync Manager.LNK]
path=c:\documents and settings\Julie Schwalm\Start Menu\Programs\Startup\HotSync Manager.LNK
backup=c:\windows\pss\HotSync Manager.LNKStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Julie Schwalm^Start Menu^Programs^Startup^Palm Registration.lnk]
path=c:\documents and settings\Julie Schwalm\Start Menu\Programs\Startup\Palm Registration.lnk
backup=c:\windows\pss\Palm Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
NvQTwk [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-04-10 22:44 679936 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 10:59 122880 ----a-w- c:\windows\BCMSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-09-04 01:43 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Carbonite Backup]
2009-01-09 21:13 669840 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 06:56 15360 ------w- c:\windows\SYSTEM32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
2002-04-03 07:01 135264 ----a-w- c:\program files\Creative\SBLive\Diagnostics\diagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
2009-09-28 22:56 140640 ----a-w- c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-10-01 23:57 289576 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
2004-08-18 00:26 245760 ----a-w- c:\progra~1\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
2004-10-25 17:08 184320 ----a-w- c:\progra~1\McAfee.com\Agent\mcupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 20:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2004-12-24 16:20 204845 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2001-07-03 15:11 57344 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StrgSync.exe]
2005-10-08 03:01 3032576 ----a-w- c:\program files\StorageSync\StrgSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-01-17 18:47 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 07:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Palm\\HOTSYNC.EXE"=
"c:\\Program Files\\WS_FTP Pro\\wsftppro.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnf.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
.
R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [10/10/2009 10:52 PM 64512]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [4/18/2009 11:18 PM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [4/18/2009 11:18 PM 243152]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 9:57 AM 308136]
R2 mrtRate;mrtRate;c:\windows\SYSTEM32\DRIVERS\MrtRate.sys [12/19/2002 11:00 AM 34916]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/7/2010 9:36 AM 136176]
S3 cdiskdun;cdiskdun;\??\c:\docume~1\JULIES~1\LOCALS~1\Temp\cdiskdun.sys --> c:\docume~1\JULIES~1\LOCALS~1\Temp\cdiskdun.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/7/2010 9:36 AM 136176]
S3 jmssmbio;jmssmbio;\??\c:\docume~1\JULIES~1\LOCALS~1\Temp\jmssmbio.sys --> c:\docume~1\JULIES~1\LOCALS~1\Temp\jmssmbio.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1355968]
S3 NaiFiltr;NaiFiltr;c:\windows\SYSTEM32\DRIVERS\NaiFiltr.sys [10/26/2004 9:41 PM 23296]
S3 OUDFS;OUDFS;\??\c:\docume~1\JULIES~1\LOCALS~1\Temp\OUDFS.SYS --> c:\docume~1\JULIES~1\LOCALS~1\Temp\OUDFS.SYS [?]
S3 pf_usb;Kensington Digital Frame Service;c:\windows\SYSTEM32\DRIVERS\PF_USB.sys [12/22/2002 7:22 PM 17036]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [3/31/2009 10:35 PM 77312]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 40919994
*NewlyCreated* - ASWMBR
*Deregistered* - 40919994
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 21:01]
.
2012-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd0722835f7f6e.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 14:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mbox.backroadsdata.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html
Trusted Zone: teconline.com\mytec
TCP: DhcpNameServer = 192.168.1.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: mymicros.net Chart Client - hxxp://www.mymicros.net/mymicrosChartClient.cab
DPF: mymicros.net Reporting Client - hxxp://www.mymicros.net/rptsel.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-10 20:24
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???????X:??????x???0???X???????????0???P???? ?w? ?w)??p????????(???w????U?w????????????0??????w, ?w?M?wW??w???w)??p????????x'@?????????X????????"@?e?????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
"ServiceDll"="%systemroot%\system32\btdriver.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fah@c:+fah+fah-service+fah502-console.exe]
.
Completion time: 2012-05-10 20:29:38
ComboFix-quarantined-files.txt 2012-05-11 01:29
ComboFix2.txt 2012-05-10 02:20
.
Pre-Run: 63,791,697,920 bytes free
Post-Run: 63,912,189,952 bytes free
.
- - End Of File - - 3E440408824C608D5DEFED5624D5E5DE

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:13 PM

Posted 10 May 2012 - 09:26 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 11
Java™ 6 Update 5
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Julie_backroads

Julie_backroads
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 11 May 2012 - 04:19 PM

Hi Gringo -

I have followed your instructions and the resulting logs you requested are pasted below.

I didn't encounter any problems during these processes.

The computer is still running well -- no apparent problems.

Thanks!
Julie

------------- MBAM Log -------------------------
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.11.08

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 7.0.5730.13
Julie Schwalm :: 6CXF321 [administrator]

5/11/2012 3:49:58 PM
mbam-log-2012-05-11 (15-49-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 261468
Time elapsed: 5 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


------------- HijackThis Log -------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:11:47 PM, on 5/11/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\wuauclt.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mbox.backroadsdata.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Shockwave Updater] C:\WINDOWS\SYSTEM32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322)" -"http://www.gameonia.com/flash-games/74/4-wheel-fury-2.html?utm_source=113652&utm_campaign=267661&utm_content=7834986&utm_term=playgame&subid=113652&partnerid=113652#playgame" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Shockwave Updater] C:\WINDOWS\SYSTEM32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322)" -"http://www.gameonia.com/flash-games/74/4-wheel-fury-2.html?utm_source=113652&utm_campaign=267661&utm_content=7834986&utm_term=playgame&subid=113652&partnerid=113652#playgame" (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://mytec.teconline.com
O16 - DPF: mymicros.net Chart Client - http://www.mymicros.net/mymicrosChartClient.cab
O16 - DPF: mymicros.net Reporting Client - http://www.mymicros.net/rptsel.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B6E6EEF0-F5AA-4A4D-88EC-FF43FB2029E5} (TeleVoxAudioPlayer2.TVoxAudioPlayer) - https://www-den.mytelevox.com/labcalls/cabs/TeleVoxAudioPlayer2.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://vistageevents.webex.com/client/T26L10NSP49EP30/webex/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10320 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:13 PM

Posted 11 May 2012 - 08:39 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Julie_backroads

Julie_backroads
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 13 May 2012 - 11:33 AM

Hi Gringo -

I did remove the optional startup options by following the instructions you provided.

I ran ESET and it found two threats (log file is posted below).

Thanks!
Julie

--------------- ESET LOG -----------------------------

C:\Downloads\worldofwildcats.exe multiple threats
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\afd.sys.vir a variant of Win32/Rootkit.Kryptik.HB trojan

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:13 PM

Posted 13 May 2012 - 12:02 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Downloads\worldofwildcats.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Julie_backroads

Julie_backroads
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 13 May 2012 - 03:54 PM

Hello, Gringo -

Wonderful news!

I have followed your instructions and read the info you provided - very helpful!

I will install WinPatrol and probably switch to MS Security Essentials.

I have a couple other questions in closing:

1. I am getting a message about updating McAfee Security. McAfee was preinstalled on the PC (years ago) but I never subscribed to it. It still shows up in Add/Remove although I tried to remove it a while back. Should I use Revo on this?

2. My daughter's PC just yesterday started the re-direct from Google searches just like this PC was doing, but hers hasn't shown any AVG alerts and the AVG Scan is clean. Should I try WinPatrol there or is it best to start a new post here?

Thanks again so much -- I'll be making a donation right after this is posted!

Julie




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users