Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware infection causing crashing and boot loop


  • This topic is locked This topic is locked
20 replies to this topic

#1 chogun1726

chogun1726

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 09 May 2012 - 07:45 PM

HI,
several days ago my computer began crashing at random intervals. i run avast and noticed it was disabled and not able to complete a scan. As this was the free version i uninstall and reinstalled. At this point i was able to carry out a full scan which uncovered several threats incuding Win32:sirefef-fq, Win32:sirefef-ho, Win32:Bitcoinminer-r. Once this scan was complete i ran the boot time scan and my computer went into a boot loop. I was able to reboot from and earlier point which had the avast version which was disabled. This repeated itself until i stumbled upon your website and read an almost identical account posted by 'Goldfish' on the 22nd of april. Please Help me at at my wits end!!
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20
Run by Carla Stelma at 10:11:56 on 2012-05-10
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.4087.2294 [GMT 10:00]
.
AV: Trend Micro Internet Security Pro *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Internet Security Pro *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ParetoLogic\FileCure\FileCure.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Carla Stelma\AppData\Roaming\Relupo\ufax.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\splwow64.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\WinRAR\WinRAR.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/home?AF=10588
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [{1A6C0005-2331-75A0-6106-D1E1425DE532}] "C:\Users\Carla Stelma\AppData\Roaming\Relupo\ufax.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\Users\CARLAS~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLRE~1.LNK - c:\Windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{43ECB066-2C7D-42C1-AA75-A66185D96639} : DhcpNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
BHO-X64: Trend Micro Toolbar BHO - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Carla Stelma\AppData\Roaming\Mozilla\Firefox\Profiles\xbqzh82p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2392836&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2392836&q=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension\components\FFTMUFEHelper.dll
FF - component: C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension\components\FFToolbarComm.dll
FF - component: C:\Users\Carla Stelma\AppData\Roaming\Mozilla\Firefox\Profiles\xbqzh82p.default\extensions\{00bf7b9c-acd2-4080-bea8-b1c41987070f}\components\FFExternalAlert.dll
FF - component: C:\Users\Carla Stelma\AppData\Roaming\Mozilla\Firefox\Profiles\xbqzh82p.default\extensions\{00bf7b9c-acd2-4080-bea8-b1c41987070f}\components\RadioWMPCore.dll
FF - component: C:\Users\Carla Stelma\AppData\Roaming\Mozilla\Firefox\Profiles\xbqzh82p.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: C:\Users\Carla Stelma\AppData\Roaming\Mozilla\Firefox\Profiles\xbqzh82p.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - component: C:\Users\Carla Stelma\AppData\Roaming\Mozilla\Firefox\Profiles\xbqzh82p.default\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}\components\FFExternalAlert.dll
FF - component: C:\Users\Carla Stelma\AppData\Roaming\Mozilla\Firefox\Profiles\xbqzh82p.default\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}\components\RadioWMPCore.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\system32\DRIVERS\tmlwf.sys --> C:\Windows\system32\DRIVERS\tmlwf.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-12-16 92160]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-5-9 44768]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-21 133104]
R2 tmpreflt;tmpreflt;C:\Windows\system32\DRIVERS\tmpreflt.sys --> C:\Windows\system32\DRIVERS\tmpreflt.sys [?]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\system32\DRIVERS\tmwfp.sys --> C:\Windows\system32\DRIVERS\tmwfp.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-8 257696]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-21 133104]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech Webcam 500(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 TmPfw;Trend Micro Personal Firewall;C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [2010-2-9 595960]
S3 TmProxy;Trend Micro Proxy Service;C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2010-2-9 917768]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-05-10 00:03:28 -------- d-----w- C:\Program Files (x86)\Runtime Software
2012-05-09 23:59:19 -------- d-----w- C:\Program Files (x86)\Cobian Backup 11
2012-05-09 10:55:52 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-05-09 10:55:48 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-05-09 10:55:45 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-05-09 10:55:23 41184 ----a-w- C:\Windows\avastSS.scr
2012-05-08 09:04:14 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-08 08:50:42 -------- d-----w- C:\Users\Carla Stelma\AppData\Roaming\Relupo
2012-05-08 08:50:42 -------- d-----w- C:\Users\Carla Stelma\AppData\Roaming\Owsui
2012-05-08 08:38:55 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-05-08 08:38:01 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-08 08:37:46 -------- d-----we C:\Windows\system64
2012-05-08 08:30:15 -------- d-----w- C:\ProgramData\AVAST Software
2012-05-08 08:30:15 -------- d-----w- C:\Program Files\AVAST Software
2012-05-01 09:26:45 -------- d-----w- C:\Program Files (x86)\MSECache
2012-04-11 17:00:41 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-11 17:00:41 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-11 17:00:41 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-11 17:00:40 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-11 17:00:40 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-11 17:00:40 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-11 17:00:39 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
.
==================== Find3M ====================
.
2012-05-08 09:04:16 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-06 06:43:21 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:41 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-15 06:27:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-15 05:44:57 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-15 04:47:21 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-15 04:46:59 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:18:10 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 06:17:55 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-10 06:17:54 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-10 06:17:54 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-10 06:17:54 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-10 05:41:38 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-10 05:41:20 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41:20 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-10 05:41:20 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-10 05:41:19 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
.
============= FINISH: 10:13:36.01 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:38 PM

Posted 09 May 2012 - 11:24 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 chogun1726

chogun1726
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 10 May 2012 - 02:15 AM

Hi Gringo here is the FRST log requested thanks

Scan result of Farbar Recovery Scan Tool Version: 09-05-2012
Ran by SYSTEM at 10-05-2012 16:44:41
Running from K:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-23] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [x]
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16327712 2009-06-26] (NVIDIA Corporation)
HKLM\...\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [1023416 2010-01-26] (Trend Micro Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248040 2010-02-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2009-07-17] (Alcor Micro Corp.)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807600 2009-11-12] ()
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-20] (SupportSoft, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-09-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-04-13] (Apple Inc.)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4241512 2012-03-06] (AVAST Software)
HKU\Carla Stelma\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3883856 2009-07-26] (Microsoft Corporation)
HKU\Carla Stelma\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [17351304 2011-10-12] (Skype Technologies S.A.)
HKU\Carla Stelma\...\Run: [{1A6C0005-2331-75A0-6106-D1E1425DE532}] "C:\Users\Carla Stelma\AppData\Roaming\Relupo\ufax.exe" [136192 2011-02-26] ()
HKLM-x32\...\runonceex: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-25] (Sonic Solutions)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
SubSystems: [Windows] ATTENTION! ====> ZeroAccess

==================== Services (Whitelisted) ======

3 Adobe LM Service; "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [68096 2010-08-11] ()
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44768 2012-03-06] (AVAST Software)
2 sf; C:\Windows\System32\PSSdk21.dll [6656 2009-07-13] (Oak Technology Inc.)
2 SfCtlCom; "C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe" [836504 2010-11-08] (Trend Micro Inc.)
3 TMBMServer; "C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service [570632 2009-07-29] (Trend Micro Inc.)
3 TmPfw; "C:\Program Files\Trend Micro\Internet Security\TmPfw.exe" [595960 2009-07-29] (Trend Micro Inc.)
3 TmProxy; "C:\Program Files\Trend Micro\Internet Security\TmProxy.exe" [917768 2009-07-29] (Trend Micro Inc.)
2 hnmsvc; "c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe" [x]
3 RoxMediaDB10; "c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [x]
2 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
3 stllssvr; "c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [x]

========================== Drivers (Whitelisted) =============

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2012-03-06] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [69976 2012-03-06] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [53080 2012-03-06] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [819032 2012-03-06] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337240 2012-03-06] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59224 2012-03-06] (AVAST Software)
2 Packet; C:\Windows\System32\Drivers\Packet.sys [34640 2009-06-10] (SingleClick Systems)
2 Packet; C:\Windows\SysWow64\Drivers\Packet.sys [27472 2009-06-10] (SingleClick Systems)
1 RxFilter; C:\Windows\SysWow64\Drivers\RxFilter.sys [65520 2009-06-25] (Sonic Solutions)
1 tmlwf; C:\Windows\System32\Drivers\tmlwf.sys [200720 2009-07-29] (Trend Micro Inc.)
2 tmpreflt; C:\Windows\System32\Drivers\tmpreflt.sys [42576 2010-07-30] (Trend Micro Inc.)
1 tmtdi; C:\Windows\System32\Drivers\tmtdi.sys [107536 2009-07-29] (Trend Micro Inc.)
2 tmwfp; C:\Windows\System32\Drivers\tmwfp.sys [339984 2009-07-29] (Trend Micro Inc.)
2 tmxpflt; C:\Windows\System32\Drivers\tmxpflt.sys [309840 2010-07-30] (Trend Micro Inc.)
2 vsapint; C:\Windows\System32\Drivers\vsapint.sys [1988176 2010-07-30] (Trend Micro Inc.)
3 Ascdinps; [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: sf

============ One Month Created Files and Folders ==============

2012-05-09 22:20 - 2012-05-09 22:21 - 1387251 ____A C:\Users\Carla Stelma\Desktop\FRST64.exe
2012-05-09 21:51 - 2012-05-09 21:52 - 0000000 ____D C:\Users\Carla Stelma\Documents\Backup c drive
2012-05-09 21:50 - 2012-05-09 21:51 - 173345716 ____A C:\Users\Carla Stelma\Documents\Drive_C.dat
2012-05-09 20:13 - 2012-05-09 20:13 - 0000152 ____A C:\Users\Carla Stelma\Desktop\Continue iMesh installation.url
2012-05-09 20:12 - 2012-05-09 20:12 - 0000000 ____D C:\Users\Carla Stelma\AppData\Local\PackageAware
2012-05-09 20:04 - 2012-05-09 20:04 - 0359689 ____A C:\Users\Carla Stelma\Documents\Untitled.wma
2012-05-09 16:44 - 2012-05-09 16:44 - 0000379 ____A C:\Users\Carla Stelma\Desktop\ark.txt
2012-05-09 16:14 - 2012-05-09 16:14 - 0008955 ____A C:\Users\Carla Stelma\Desktop\Attach.txt
2012-05-09 16:12 - 2011-07-16 04:21 - 0302592 ____A C:\Users\Carla Stelma\Desktop\gmer.exe
2012-05-09 16:09 - 2012-05-09 16:14 - 0021897 ____A C:\Users\Carla Stelma\Desktop\DDS.txt
2012-05-09 16:04 - 2012-05-09 16:04 - 0607260 ____R (Swearware) C:\Users\Carla Stelma\Downloads\dds.scr
2012-05-09 16:03 - 2012-05-09 16:03 - 0001113 ____A C:\Users\Public\Desktop\DriveImage XML.lnk
2012-05-09 16:03 - 2012-05-09 16:03 - 0000000 ____D C:\Program Files (x86)\Runtime Software
2012-05-09 16:02 - 2012-05-09 16:02 - 2013115 ____A C:\Users\Carla Stelma\Downloads\dixmlsetup.exe
2012-05-09 16:00 - 2012-05-09 16:00 - 0000000 ____A C:\Users\Carla Stelma\defogger_reenable
2012-05-09 15:59 - 2012-05-09 16:02 - 0000000 ____D C:\Program Files (x86)\Cobian Backup 11
2012-05-09 15:58 - 2012-05-09 15:58 - 0050477 ____A C:\Users\Carla Stelma\Downloads\Defogger.exe
2012-05-09 15:41 - 2012-05-09 15:43 - 19577856 ____A (Luis Cobian, CobianSoft) C:\Users\Carla Stelma\Downloads\cbSetup.exe
2012-05-09 02:57 - 2012-05-09 02:57 - 0002261 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-05-09 02:56 - 2012-05-09 02:56 - 0001843 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-05-09 02:56 - 2012-03-06 17:04 - 0337240 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-05-09 02:56 - 2012-03-06 17:01 - 0024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-05-09 02:55 - 2012-03-06 17:15 - 0201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-05-09 02:55 - 2012-03-06 17:15 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-05-09 02:55 - 2012-03-06 17:04 - 0819032 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-05-09 02:55 - 2012-03-06 17:02 - 0053080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-05-09 02:55 - 2012-03-06 17:01 - 0069976 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-05-09 02:55 - 2012-03-06 17:01 - 0059224 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-05-08 01:04 - 2012-05-08 01:04 - 8744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-08 00:50 - 2012-05-09 15:46 - 0000000 ____D C:\Users\Carla Stelma\AppData\Roaming\Owsui
2012-05-08 00:50 - 2012-05-08 00:50 - 0136192 ____A C:\Users\Default\Start Menu\Programs\Startup\tuwez.exe
2012-05-08 00:50 - 2012-05-08 00:50 - 0136192 ____A C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tuwez.exe
2012-05-08 00:50 - 2012-05-08 00:50 - 0136192 ____A C:\Users\Default User\Start Menu\Programs\Startup\tuwez.exe
2012-05-08 00:50 - 2012-05-08 00:50 - 0136192 ____A C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tuwez.exe
2012-05-08 00:50 - 2012-05-08 00:50 - 0000000 ____D C:\Users\Carla Stelma\AppData\Roaming\Relupo
2012-05-08 00:38 - 2012-05-09 22:04 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-05-08 00:38 - 2012-05-09 02:53 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-05-08 00:38 - 2012-05-08 01:04 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-08 00:37 - 2012-05-08 00:37 - 0000000 ____D C:\Windows\system64
2012-05-08 00:30 - 2012-05-09 02:55 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-05-08 00:30 - 2012-05-09 02:55 - 0000000 ____D C:\ProgramData\AVAST Software
2012-05-08 00:30 - 2012-05-09 02:55 - 0000000 ____D C:\Program Files\AVAST Software
2012-05-08 00:25 - 2012-05-08 00:29 - 74761776 ____A C:\Users\Carla Stelma\Downloads\avast_free_antivirus_setup.exe
2012-05-05 00:01 - 2012-05-05 00:05 - 0011842 ____A C:\Users\Carla Stelma\Documents\MC contacts.docx
2012-05-02 00:43 - 2012-05-02 00:43 - 0284608 ____A C:\Windows\Minidump\050212-19250-01.dmp
2012-05-01 01:26 - 2012-05-01 01:26 - 1483584 ____A (Microsoft Corporation) C:\Users\Carla Stelma\Downloads\WorksConv.exe
2012-05-01 01:26 - 2012-05-01 01:26 - 0000000 ____D C:\Program Files (x86)\MSECache
2012-04-29 23:37 - 2012-05-07 00:11 - 0014451 ____A C:\Users\Carla Stelma\Documents\table menus.docx
2012-04-26 21:26 - 2012-04-26 21:35 - 0013221 ____A C:\Users\Carla Stelma\Documents\wedding guest list menu.xlsx
2012-04-11 12:20 - 2012-04-11 23:47 - 0015819 ____A C:\Users\Carla Stelma\Documents\labels menu wedding.docx
2012-04-11 09:02 - 2012-03-05 22:43 - 5504880 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-11 09:02 - 2012-03-05 21:59 - 3958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-04-11 09:02 - 2012-03-05 21:59 - 3902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-11 09:02 - 2012-02-27 23:34 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-11 09:02 - 2012-02-27 23:02 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-11 09:02 - 2012-02-27 22:56 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-11 09:02 - 2012-02-27 22:50 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-11 09:02 - 2012-02-27 22:49 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-11 09:02 - 2012-02-27 22:48 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-11 09:02 - 2012-02-27 22:48 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-11 09:02 - 2012-02-27 22:47 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-11 09:02 - 2012-02-27 22:45 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-11 09:02 - 2012-02-27 22:43 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-11 09:02 - 2012-02-27 22:43 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-11 09:02 - 2012-02-27 22:42 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-11 09:02 - 2012-02-27 22:39 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-11 09:02 - 2012-02-27 17:52 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-11 09:02 - 2012-02-27 17:27 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-11 09:02 - 2012-02-27 17:18 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-11 09:02 - 2012-02-27 17:12 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-11 09:02 - 2012-02-27 17:11 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-11 09:02 - 2012-02-27 17:11 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-11 09:02 - 2012-02-27 17:09 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-11 09:02 - 2012-02-27 17:08 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-11 09:02 - 2012-02-27 17:06 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-11 09:02 - 2012-02-27 17:04 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-11 09:02 - 2012-02-27 17:03 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-11 09:02 - 2012-02-27 17:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-11 09:02 - 2012-02-27 16:59 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-11 09:00 - 2012-02-29 22:54 - 0022896 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-11 09:00 - 2012-02-29 22:45 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-11 09:00 - 2012-02-29 22:40 - 0080896 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-11 09:00 - 2012-02-29 22:35 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-11 09:00 - 2012-02-29 21:49 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-11 09:00 - 2012-02-29 21:45 - 0158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-11 09:00 - 2012-02-29 21:40 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll


============ 3 Months Modified Files and Folders =============

2012-05-10 16:44 - 2012-05-09 22:28 - 0000000 ____D C:\FRST
2012-05-09 22:39 - 2010-06-11 01:50 - 0000418 ____A C:\Windows\Tasks\FileCure Startup.job
2012-05-09 22:39 - 2009-07-13 21:10 - 1253052 ____A C:\Windows\WindowsUpdate.log
2012-05-09 22:21 - 2012-05-09 22:20 - 1387251 ____A C:\Users\Carla Stelma\Desktop\FRST64.exe
2012-05-09 22:04 - 2012-05-08 00:38 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-05-09 21:52 - 2012-05-09 21:51 - 0000000 ____D C:\Users\Carla Stelma\Documents\Backup c drive
2012-05-09 21:51 - 2012-05-09 21:50 - 173345716 ____A C:\Users\Carla Stelma\Documents\Drive_C.dat
2012-05-09 21:47 - 2009-07-13 21:13 - 0726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-09 21:45 - 2010-04-21 02:44 - 0000910 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-05-09 21:44 - 2010-05-01 00:18 - 0000416 ___AH C:\Windows\Tasks\Norton Security Scan for Carla Stelma.job
2012-05-09 20:51 - 2010-04-21 02:43 - 0000000 ____D C:\Program Files (x86)\Google
2012-05-09 20:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-05-09 20:13 - 2012-05-09 20:13 - 0000152 ____A C:\Users\Carla Stelma\Desktop\Continue iMesh installation.url
2012-05-09 20:12 - 2012-05-09 20:12 - 0000000 ____D C:\Users\Carla Stelma\AppData\Local\PackageAware
2012-05-09 20:04 - 2012-05-09 20:04 - 0359689 ____A C:\Users\Carla Stelma\Documents\Untitled.wma
2012-05-09 18:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-05-09 17:07 - 2010-03-06 17:04 - 0000000 ____D C:\Users\Carla Stelma\AppData\Roaming\Azureus
2012-05-09 17:01 - 2010-03-06 17:07 - 0000000 ____D C:\Users\Carla Stelma\Documents\Vuze Downloads
2012-05-09 16:44 - 2012-05-09 16:44 - 0000379 ____A C:\Users\Carla Stelma\Desktop\ark.txt
2012-05-09 16:14 - 2012-05-09 16:14 - 0008955 ____A C:\Users\Carla Stelma\Desktop\Attach.txt
2012-05-09 16:14 - 2012-05-09 16:09 - 0021897 ____A C:\Users\Carla Stelma\Desktop\DDS.txt
2012-05-09 16:04 - 2012-05-09 16:04 - 0607260 ____R (Swearware) C:\Users\Carla Stelma\Downloads\dds.scr
2012-05-09 16:03 - 2012-05-09 16:03 - 0001113 ____A C:\Users\Public\Desktop\DriveImage XML.lnk
2012-05-09 16:03 - 2012-05-09 16:03 - 0000000 ____D C:\Program Files (x86)\Runtime Software
2012-05-09 16:02 - 2012-05-09 16:02 - 2013115 ____A C:\Users\Carla Stelma\Downloads\dixmlsetup.exe
2012-05-09 16:02 - 2012-05-09 15:59 - 0000000 ____D C:\Program Files (x86)\Cobian Backup 11
2012-05-09 16:00 - 2012-05-09 16:00 - 0000000 ____A C:\Users\Carla Stelma\defogger_reenable
2012-05-09 16:00 - 2010-02-08 02:57 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-05-09 16:00 - 2010-02-08 01:59 - 0000000 ____D C:\users\Carla Stelma
2012-05-09 15:58 - 2012-05-09 15:58 - 0050477 ____A C:\Users\Carla Stelma\Downloads\Defogger.exe
2012-05-09 15:46 - 2012-05-08 00:50 - 0000000 ____D C:\Users\Carla Stelma\AppData\Roaming\Owsui
2012-05-09 15:43 - 2012-05-09 15:41 - 19577856 ____A (Luis Cobian, CobianSoft) C:\Users\Carla Stelma\Downloads\cbSetup.exe
2012-05-09 14:45 - 2010-04-21 02:44 - 0000906 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-05-09 03:00 - 2009-07-13 20:45 - 0019520 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-09 03:00 - 2009-07-13 20:45 - 0019520 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-09 02:57 - 2012-05-09 02:57 - 0002261 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-05-09 02:56 - 2012-05-09 02:56 - 0001843 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-05-09 02:55 - 2012-05-08 00:30 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-05-09 02:55 - 2012-05-08 00:30 - 0000000 ____D C:\ProgramData\AVAST Software
2012-05-09 02:55 - 2012-05-08 00:30 - 0000000 ____D C:\Program Files\AVAST Software
2012-05-09 02:55 - 2010-04-21 02:43 - 0000000 ____A C:\Windows\SysWOW64\config.nt
2012-05-09 02:54 - 2010-02-19 18:53 - 0000000 ____D C:\Users\Carla Stelma\AppData\Roaming\Skype
2012-05-09 02:53 - 2012-05-08 00:38 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-05-09 02:53 - 2010-03-03 22:45 - 0000000 ____D C:\Users\Carla Stelma\Tracing
2012-05-09 02:52 - 2009-12-15 21:17 - 3214237696 __ASH C:\hiberfil.sys
2012-05-09 02:52 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-09 02:52 - 2009-07-13 20:51 - 0095521 ____A C:\Windows\setupact.log
2012-05-09 02:52 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-05-09 01:00 - 2009-12-15 21:17 - 0524634 ____A C:\Windows\PFRO.log
2012-05-08 21:14 - 2010-03-27 04:57 - 0000000 ____D C:\Users\Carla Stelma\AppData\Roaming\vlc
2012-05-08 01:04 - 2012-05-08 01:04 - 8744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-08 01:04 - 2012-05-08 00:38 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-08 01:04 - 2011-12-03 23:11 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-08 00:50 - 2012-05-08 00:50 - 0136192 ____A C:\Users\Default\Start Menu\Programs\Startup\tuwez.exe
2012-05-08 00:50 - 2012-05-08 00:50 - 0136192 ____A C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tuwez.exe
2012-05-08 00:50 - 2012-05-08 00:50 - 0136192 ____A C:\Users\Default User\Start Menu\Programs\Startup\tuwez.exe
2012-05-08 00:50 - 2012-05-08 00:50 - 0136192 ____A C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tuwez.exe
2012-05-08 00:50 - 2012-05-08 00:50 - 0000000 ____D C:\Users\Carla Stelma\AppData\Roaming\Relupo
2012-05-08 00:48 - 2010-02-09 02:07 - 0327680 ____A C:\Windows\System32\Ikeext.etl
2012-05-08 00:37 - 2012-05-08 00:37 - 0000000 ____D C:\Windows\system64
2012-05-08 00:29 - 2012-05-08 00:25 - 74761776 ____A C:\Users\Carla Stelma\Downloads\avast_free_antivirus_setup.exe
2012-05-08 00:23 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\tracing
2012-05-07 00:11 - 2012-04-29 23:37 - 0014451 ____A C:\Users\Carla Stelma\Documents\table menus.docx
2012-05-07 00:00 - 2010-06-10 21:05 - 0000482 ____A C:\Windows\Tasks\ParetoLogic Registration3.job
2012-05-06 10:34 - 2010-06-10 21:04 - 0000456 ____A C:\Windows\Tasks\ParetoLogic Update Version3.job
2012-05-05 06:18 - 2010-06-11 01:50 - 0000402 ____A C:\Windows\Tasks\FileCure Default.job
2012-05-05 00:05 - 2012-05-05 00:01 - 0011842 ____A C:\Users\Carla Stelma\Documents\MC contacts.docx
2012-05-02 02:45 - 2010-12-01 22:36 - 0027614 ____A C:\Users\Carla Stelma\Documents\Camerons Documants.docx
2012-05-02 00:43 - 2012-05-02 00:43 - 0284608 ____A C:\Windows\Minidump\050212-19250-01.dmp
2012-05-02 00:43 - 2011-11-26 01:48 - 0000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2012-05-02 00:43 - 2010-02-25 00:45 - 489269871 ____A C:\Windows\MEMORY.DMP
2012-05-02 00:43 - 2010-02-25 00:45 - 0000000 ____D C:\Windows\Minidump
2012-05-01 01:26 - 2012-05-01 01:26 - 1483584 ____A (Microsoft Corporation) C:\Users\Carla Stelma\Downloads\WorksConv.exe
2012-05-01 01:26 - 2012-05-01 01:26 - 0000000 ____D C:\Program Files (x86)\MSECache
2012-05-01 01:25 - 2010-02-20 16:45 - 0044068 ____A C:\Users\Carla Stelma\AppData\Roaming\wklnhst.dat
2012-05-01 01:25 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\FxsTmp
2012-04-28 04:08 - 2010-06-10 21:04 - 0000418 ____A C:\Windows\Tasks\DriverCure.job
2012-04-27 10:16 - 2010-06-10 21:04 - 0000000 ____D C:\Users\All Users\DriverCure
2012-04-27 10:16 - 2010-06-10 21:04 - 0000000 ____D C:\ProgramData\DriverCure
2012-04-26 21:35 - 2012-04-26 21:26 - 0013221 ____A C:\Users\Carla Stelma\Documents\wedding guest list menu.xlsx
2012-04-25 04:24 - 2012-01-28 20:10 - 0051299 ____A C:\Users\Carla Stelma\Documents\VY Commodore.docx
2012-04-24 13:43 - 2010-06-11 01:50 - 0000000 ____D C:\Users\All Users\FileCure
2012-04-24 13:43 - 2010-06-11 01:50 - 0000000 ____D C:\ProgramData\FileCure
2012-04-11 23:47 - 2012-04-11 12:20 - 0015819 ____A C:\Users\Carla Stelma\Documents\labels menu wedding.docx
2012-04-11 09:03 - 2010-03-06 16:39 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-04-11 09:03 - 2010-03-06 16:39 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-04-11 09:01 - 2010-02-15 00:33 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-09 19:07 - 2012-04-09 19:07 - 0265728 ____A C:\Users\Carla Stelma\Downloads\Roberts food menu A3 24-04-10.doc
2012-04-09 19:07 - 2012-04-09 19:07 - 0265728 ____A C:\Users\Carla Stelma\Downloads\Roberts food menu A3 24-04-10 (1).doc
2012-04-06 19:26 - 2012-04-03 17:18 - 0016874 ____A C:\Users\Carla Stelma\Documents\wedding list 2.docx
2012-04-06 17:00 - 2012-04-06 17:00 - 0013647 ____A C:\Users\Carla Stelma\Documents\place cards wedding.docx
2012-04-06 14:19 - 2012-04-06 14:19 - 0016746 ____A C:\Users\Carla Stelma\Documents\April 2012.docx
2012-04-05 00:52 - 2012-04-05 00:52 - 0112552 ____A C:\Users\Carla Stelma\Downloads\[isoHunt] A FEW BEST MEN (2012) DVDScr [H264 MP4][RoB]PR3DATOR RG (1).torrent
2012-04-05 00:51 - 2012-04-05 00:51 - 0112552 ____A C:\Users\Carla Stelma\Downloads\[isoHunt] A FEW BEST MEN (2012) DVDScr [H264 MP4][RoB]PR3DATOR RG.torrent
2012-04-05 00:47 - 2012-04-05 00:47 - 0015177 ____A C:\Users\Carla Stelma\Downloads\[isoHunt] The Muppets {2011} DVDRIP. Jaybob.torrent
2012-04-03 23:25 - 2012-04-03 23:25 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-04-03 17:56 - 2012-04-03 17:50 - 0012658 ____A C:\Users\Carla Stelma\Documents\invitation menu.docx
2012-04-03 17:13 - 2012-01-16 12:55 - 0023101 ____A C:\Users\Carla Stelma\Documents\Guest List for wedding.docx
2012-03-28 01:05 - 2012-03-28 01:05 - 0000000 ____D C:\Windows\System32\Service
2012-03-23 15:29 - 2012-03-17 16:34 - 0012149 ____A C:\Users\Carla Stelma\Documents\invitation.docx
2012-03-19 01:55 - 2011-07-06 04:19 - 0000000 ____D C:\Users\Carla Stelma\Desktop\Rescue Dawn
2012-03-14 12:25 - 2009-07-13 20:45 - 0386616 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-06 17:15 - 2012-05-09 02:55 - 0201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-03-06 17:15 - 2012-05-09 02:55 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-03-06 17:04 - 2012-05-09 02:56 - 0337240 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-03-06 17:04 - 2012-05-09 02:55 - 0819032 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-03-06 17:02 - 2012-05-09 02:55 - 0053080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-03-06 17:01 - 2012-05-09 02:56 - 0024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-03-06 17:01 - 2012-05-09 02:55 - 0069976 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-03-06 17:01 - 2012-05-09 02:55 - 0059224 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-03-06 16:15 - 2011-12-02 13:32 - 0258520 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-03-05 22:43 - 2012-04-11 09:02 - 5504880 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-05 21:59 - 2012-04-11 09:02 - 3958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-05 21:59 - 2012-04-11 09:02 - 3902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-02-29 22:54 - 2012-04-11 09:00 - 0022896 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 22:45 - 2012-04-11 09:00 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 22:40 - 2012-04-11 09:00 - 0080896 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 22:35 - 2012-04-11 09:00 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 21:49 - 2012-04-11 09:00 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 21:45 - 2012-04-11 09:00 - 0158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 21:40 - 2012-04-11 09:00 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-27 23:34 - 2012-04-11 09:02 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 23:02 - 2012-04-11 09:02 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 22:56 - 2012-04-11 09:02 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 22:50 - 2012-04-11 09:02 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 22:49 - 2012-04-11 09:02 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 22:48 - 2012-04-11 09:02 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 22:48 - 2012-04-11 09:02 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 22:47 - 2012-04-11 09:02 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 22:45 - 2012-04-11 09:02 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 22:43 - 2012-04-11 09:02 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 22:43 - 2012-04-11 09:02 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 22:42 - 2012-04-11 09:02 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 22:39 - 2012-04-11 09:02 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 18:56 - 2012-02-27 18:50 - 0012213 ____A C:\Users\Carla Stelma\Documents\Edgeware Medical Centre david.docx
2012-02-27 17:52 - 2012-04-11 09:02 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 17:27 - 2012-04-11 09:02 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 17:18 - 2012-04-11 09:02 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-27 17:12 - 2012-04-11 09:02 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 17:11 - 2012-04-11 09:02 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-27 17:11 - 2012-04-11 09:02 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 17:09 - 2012-04-11 09:02 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 17:08 - 2012-04-11 09:02 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 17:06 - 2012-04-11 09:02 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-27 17:04 - 2012-04-11 09:02 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 17:03 - 2012-04-11 09:02 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 17:03 - 2012-04-11 09:02 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 16:59 - 2012-04-11 09:02 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-22 00:51 - 2012-02-21 19:53 - 0023675 ____A C:\Users\Carla Stelma\Documents\david vegh resume.docx
2012-02-17 13:10 - 2012-02-17 13:10 - 0000805 ____A C:\Users\Carla Stelma\Downloads\avoca-beachside-markets.ics
2012-02-15 20:22 - 2010-02-08 02:18 - 0000174 ___SH C:\Users\Carla Stelma\Start Menu\Programs\Startup\desktop.ini
2012-02-15 20:22 - 2010-02-08 02:18 - 0000174 ___SH C:\Users\Carla Stelma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-15 08:23 - 2009-12-15 05:36 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-14 22:27 - 2012-03-13 18:52 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-14 21:44 - 2012-03-13 18:52 - 0826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-14 20:47 - 2012-03-13 18:52 - 0204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-14 20:46 - 2012-03-13 18:52 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe
[2009-07-13 15:34] - [2009-07-13 17:14] - 0026112 ____A (Microsoft Corporation) 6DE80F60D7DE9CE6B8C2DDFDF79EF175

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 4087.12 MB
Available physical RAM: 3457.28 MB
Total Pagefile: 4085.27 MB
Available Pagefile: 3438.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:921.84 GB) (Free:413.88 GB) NTFS
7 Drive j: (VERBATIM HD) (Fixed) (Total:298.02 GB) (Free:293.96 GB) FAT32
8 Drive k: () (Removable) (Total:7.52 GB) (Free:3.06 GB) FAT32
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
11 Drive y: (RECOVERY) (Fixed) (Total:9.61 GB) (Free:4.7 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 298 GB 1024 KB
Disk 6 Online 7712 MB 0 B
Disk 7 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 62 MB 31 KB
Partition 2 Primary 9 GB 63 MB
Partition 3 Primary 921 GB 9 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 10 FAT Partition 62 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 9 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 921 GB Healthy

======================================================================================================

Partitions of Disk 5:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 298 GB 31 KB

======================================================================================================

Disk: 5
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 J VERBATIM HD FAT32 Partition 298 GB Healthy

======================================================================================================

Partitions of Disk 6:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 7712 MB 0 B

======================================================================================================

Disk: 6
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

======================================================================================================

==========================================================

Last Boot: 2012-05-09 03:53

======================= End Of Log ==========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:38 PM

Posted 10 May 2012 - 02:21 AM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ATTENTION! ====> ZeroAccess
2 sf; C:\Windows\System32\PSSdk21.dll [6656 2009-07-13] (Oak Technology Inc.)
C:\Windows\System32\PSSdk21.dll
NETSVC: sf 


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 chogun1726

chogun1726
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 10 May 2012 - 02:47 AM

Hi Gringo fixlog as follows,

Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 09-05-2012
Ran by SYSTEM at 2012-05-10 17:36:50 Run:1
Running from K:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
sf service deleted successfully.
C:\Windows\System32\PSSdk21.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs sf not found.

==== End of Fixlog ====

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:38 PM

Posted 10 May 2012 - 02:51 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 chogun1726

chogun1726
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 10 May 2012 - 03:45 AM

Hi Gringo, i encounted no problems with the combofix scan. The computer seems to be rebooting and running fine at the moment. here is the report.


ComboFix 12-05-09.01 - Carla Stelma 10/05/2012 18:00:59.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.4087.2315 [GMT 10:00]
Running from: c:\users\Carla Stelma\Downloads\ComboFix.exe
AV: Trend Micro Internet Security Pro *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Trend Micro Internet Security Pro *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Realtek\Audio\HDA\AERTSr64.exe
c:\program files\Realtek\Audio\HDA\RAVCpl64.exe
c:\users\Carla Stelma\AppData\Roaming\Relupo
c:\users\Carla Stelma\AppData\Roaming\Relupo\ufax.exe
c:\users\Carla Stelma\Documents\~WRL0003.tmp
c:\users\Carla Stelma\Documents\~WRL0005.tmp
c:\users\Carla Stelma\Documents\~WRL0006.tmp
c:\users\Carla Stelma\Documents\~WRL0433.tmp
c:\users\Carla Stelma\Documents\~WRL2388.tmp
c:\users\Carla Stelma\Documents\~WRL2447.tmp
c:\users\Carla Stelma\Documents\~WRL3072.tmp
c:\users\Carla Stelma\Documents\~WRL3295.tmp
c:\users\Carla Stelma\Documents\~WRL3849.tmp
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\system32\dds_trash_log.cmd
c:\windows\System32\DriverStore\FileRepository\hdx861a.inf_amd64_neutral_0590b229b4b01c34\AERTSr64.exe
c:\windows\System32\DriverStore\FileRepository\hdx861a.inf_amd64_neutral_0590b229b4b01c34\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdx861a.inf_amd64_neutral_0590b229b4b01c34\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxasusc.inf_amd64_neutral_eab2e55c5abcaead\AERTSr64.exe
c:\windows\System32\DriverStore\FileRepository\hdxasusc.inf_amd64_neutral_eab2e55c5abcaead\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxasusc.inf_amd64_neutral_eab2e55c5abcaead\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxcpc.inf_amd64_neutral_91b6a2c1a20f73b4\AERTSr64.exe
c:\windows\System32\DriverStore\FileRepository\hdxcpc.inf_amd64_neutral_91b6a2c1a20f73b4\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxcpc.inf_amd64_neutral_91b6a2c1a20f73b4\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxdell.inf_amd64_neutral_c0bcd1217e014881\AERTSr64.exe
c:\windows\System32\DriverStore\FileRepository\hdxdell.inf_amd64_neutral_c0bcd1217e014881\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxdell.inf_amd64_neutral_c0bcd1217e014881\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxgb.inf_amd64_neutral_14e137f7ba77f922\AERTSr64.exe
c:\windows\System32\DriverStore\FileRepository\hdxgb.inf_amd64_neutral_14e137f7ba77f922\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxgb.inf_amd64_neutral_14e137f7ba77f922\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxgw.inf_amd64_neutral_3e4e867688aa7836\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxgw.inf_amd64_neutral_3e4e867688aa7836\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpai1.inf_amd64_neutral_cf090b635a693759\AERTSr64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpai1.inf_amd64_neutral_cf090b635a693759\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpai1.inf_amd64_neutral_cf090b635a693759\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpai2.inf_amd64_neutral_08ff8439c8119cf3\AERTSr64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpai2.inf_amd64_neutral_08ff8439c8119cf3\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpai2.inf_amd64_neutral_08ff8439c8119cf3\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpnb.inf_amd64_neutral_b43f06adf486913d\AERTSr64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpnb.inf_amd64_neutral_b43f06adf486913d\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpnb.inf_amd64_neutral_b43f06adf486913d\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxlc.inf_amd64_neutral_e0216f1c80b07a18\AERTSr64.exe
c:\windows\System32\DriverStore\FileRepository\hdxlc.inf_amd64_neutral_e0216f1c80b07a18\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxlc.inf_amd64_neutral_e0216f1c80b07a18\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxlc2.inf_amd64_neutral_c4e5cebbd06f87ad\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxlc3.inf_amd64_neutral_18d6bdedc2abe6eb\AERTSr64.exe
c:\windows\System32\DriverStore\FileRepository\hdxlc3.inf_amd64_neutral_18d6bdedc2abe6eb\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxlc3.inf_amd64_neutral_18d6bdedc2abe6eb\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxmsi.inf_amd64_neutral_11410f156984398a\AERTSr64.exe
c:\windows\System32\DriverStore\FileRepository\hdxmsi.inf_amd64_neutral_11410f156984398a\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxmsi.inf_amd64_neutral_11410f156984398a\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxprmau.inf_amd64_neutral_e13c1772f815f60c\AERTSr64.exe
c:\windows\System32\DriverStore\FileRepository\hdxprmau.inf_amd64_neutral_e13c1772f815f60c\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxprmau.inf_amd64_neutral_e13c1772f815f60c\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\AERTSr64.exe
c:\windows\System32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxrt9.inf_amd64_neutral_06b2dc37ccb51998\AERTSr64.exe
c:\windows\System32\DriverStore\FileRepository\hdxrt9.inf_amd64_neutral_06b2dc37ccb51998\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxrt9.inf_amd64_neutral_06b2dc37ccb51998\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrsd.inf_amd64_neutral_592fa22519566371\AERTSr64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrsd.inf_amd64_neutral_592fa22519566371\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrsd.inf_amd64_neutral_592fa22519566371\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrss.inf_amd64_neutral_f7ea0511a093a14b\AERTSr64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrss.inf_amd64_neutral_f7ea0511a093a14b\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrss.inf_amd64_neutral_f7ea0511a093a14b\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxtoshiba.inf_amd64_neutral_e7a9cc2eb75ac13b\AERTSr64.exe
c:\windows\System32\DriverStore\FileRepository\hdxtoshiba.inf_amd64_neutral_e7a9cc2eb75ac13b\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxtoshiba.inf_amd64_neutral_e7a9cc2eb75ac13b\RtlUpd64.exe
c:\windows\system32\fxsst.dll . . . . Failed to delete
c:\windows\system32\slwga.dll . . . . Failed to delete
c:\windows\system32\srrstr.dll . . . . Failed to delete
c:\windows\system32\systemcpl.dll . . . . Failed to delete
c:\windows\system32\termsrv.dll . . . . Failed to delete
c:\windows\system64\DriverStore\FileRepository\hdx861a.inf_amd64_neutral_0590b229b4b01c34\AERTSr64.exe
c:\windows\system64\DriverStore\FileRepository\hdx861a.inf_amd64_neutral_0590b229b4b01c34\RAVCpl64.exe
c:\windows\system64\DriverStore\FileRepository\hdx861a.inf_amd64_neutral_0590b229b4b01c34\RtlUpd64.exe
c:\windows\system64\DriverStore\FileRepository\hdxasusc.inf_amd64_neutral_eab2e55c5abcaead\AERTSr64.exe
c:\windows\system64\DriverStore\FileRepository\hdxasusc.inf_amd64_neutral_eab2e55c5abcaead\RAVCpl64.exe
c:\windows\system64\DriverStore\FileRepository\hdxasusc.inf_amd64_neutral_eab2e55c5abcaead\RtlUpd64.exe
c:\windows\system64\DriverStore\FileRepository\hdxcpc.inf_amd64_neutral_91b6a2c1a20f73b4\AERTSr64.exe
c:\windows\system64\DriverStore\FileRepository\hdxcpc.inf_amd64_neutral_91b6a2c1a20f73b4\RAVCpl64.exe
c:\windows\system64\DriverStore\FileRepository\hdxcpc.inf_amd64_neutral_91b6a2c1a20f73b4\RtlUpd64.exe
c:\windows\system64\DriverStore\FileRepository\hdxdell.inf_amd64_neutral_c0bcd1217e014881\AERTSr64.exe
c:\windows\system64\DriverStore\FileRepository\hdxdell.inf_amd64_neutral_c0bcd1217e014881\RAVCpl64.exe
c:\windows\system64\DriverStore\FileRepository\hdxdell.inf_amd64_neutral_c0bcd1217e014881\RtlUpd64.exe
c:\windows\system64\DriverStore\FileRepository\hdxgb.inf_amd64_neutral_14e137f7ba77f922\AERTSr64.exe
c:\windows\system64\DriverStore\FileRepository\hdxgb.inf_amd64_neutral_14e137f7ba77f922\RAVCpl64.exe
c:\windows\system64\DriverStore\FileRepository\hdxgb.inf_amd64_neutral_14e137f7ba77f922\RtlUpd64.exe
c:\windows\system64\DriverStore\FileRepository\hdxgw.inf_amd64_neutral_3e4e867688aa7836\RAVCpl64.exe
c:\windows\system64\DriverStore\FileRepository\hdxgw.inf_amd64_neutral_3e4e867688aa7836\RtlUpd64.exe
c:\windows\system64\DriverStore\FileRepository\hdxhpai1.inf_amd64_neutral_cf090b635a693759\AERTSr64.exe
c:\windows\system64\DriverStore\FileRepository\hdxhpai1.inf_amd64_neutral_cf090b635a693759\RAVCpl64.exe
c:\windows\system64\DriverStore\FileRepository\hdxhpai1.inf_amd64_neutral_cf090b635a693759\RtlUpd64.exe
c:\windows\system64\DriverStore\FileRepository\hdxhpai2.inf_amd64_neutral_08ff8439c8119cf3\AERTSr64.exe
c:\windows\system64\DriverStore\FileRepository\hdxhpai2.inf_amd64_neutral_08ff8439c8119cf3\RAVCpl64.exe
c:\windows\system64\DriverStore\FileRepository\hdxhpai2.inf_amd64_neutral_08ff8439c8119cf3\RtlUpd64.exe
c:\windows\system64\DriverStore\FileRepository\hdxhpnb.inf_amd64_neutral_b43f06adf486913d\AERTSr64.exe
c:\windows\system64\DriverStore\FileRepository\hdxhpnb.inf_amd64_neutral_b43f06adf486913d\RAVCpl64.exe
c:\windows\system64\DriverStore\FileRepository\hdxhpnb.inf_amd64_neutral_b43f06adf486913d\RtlUpd64.exe
c:\windows\system64\DriverStore\FileRepository\hdxlc.inf_amd64_neutral_e0216f1c80b07a18\AERTSr64.exe
c:\windows\system64\DriverStore\FileRepository\hdxlc.inf_amd64_neutral_e0216f1c80b07a18\RAVCpl64.exe
c:\windows\system64\DriverStore\FileRepository\hdxlc.inf_amd64_neutral_e0216f1c80b07a18\RtlUpd64.exe
c:\windows\system64\DriverStore\FileRepository\hdxlc2.inf_amd64_neutral_c4e5cebbd06f87ad\RtlUpd64.exe
c:\windows\system64\DriverStore\FileRepository\hdxlc3.inf_amd64_neutral_18d6bdedc2abe6eb\AERTSr64.exe
c:\windows\system64\DriverStore\FileRepository\hdxlc3.inf_amd64_neutral_18d6bdedc2abe6eb\RAVCpl64.exe
c:\windows\system64\DriverStore\FileRepository\hdxlc3.inf_amd64_neutral_18d6bdedc2abe6eb\RtlUpd64.exe
c:\windows\system64\DriverStore\FileRepository\hdxmsi.inf_amd64_neutral_11410f156984398a\AERTSr64.exe
c:\windows\system64\DriverStore\FileRepository\hdxmsi.inf_amd64_neutral_11410f156984398a\RAVCpl64.exe
c:\windows\system64\DriverStore\FileRepository\hdxmsi.inf_amd64_neutral_11410f156984398a\RtlUpd64.exe
c:\windows\system64\DriverStore\FileRepository\hdxprmau.inf_amd64_neutral_e13c1772f815f60c\AERTSr64.exe
c:\windows\system64\DriverStore\FileRepository\hdxprmau.inf_amd64_neutral_e13c1772f815f60c\RAVCpl64.exe
c:\windows\system64\DriverStore\FileRepository\hdxprmau.inf_amd64_neutral_e13c1772f815f60c\RtlUpd64.exe
c:\windows\system64\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\AERTSr64.exe
c:\windows\system64\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RAVCpl64.exe
c:\windows\system64\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RtlUpd64.exe
c:\windows\system64\DriverStore\FileRepository\hdxrt9.inf_amd64_neutral_06b2dc37ccb51998\AERTSr64.exe
c:\windows\system64\DriverStore\FileRepository\hdxrt9.inf_amd64_neutral_06b2dc37ccb51998\RAVCpl64.exe
c:\windows\system64\DriverStore\FileRepository\hdxrt9.inf_amd64_neutral_06b2dc37ccb51998\RtlUpd64.exe
c:\windows\system64\DriverStore\FileRepository\hdxsrsd.inf_amd64_neutral_592fa22519566371\AERTSr64.exe
c:\windows\system64\DriverStore\FileRepository\hdxsrsd.inf_amd64_neutral_592fa22519566371\RAVCpl64.exe
c:\windows\system64\DriverStore\FileRepository\hdxsrsd.inf_amd64_neutral_592fa22519566371\RtlUpd64.exe
c:\windows\system64\DriverStore\FileRepository\hdxsrss.inf_amd64_neutral_f7ea0511a093a14b\AERTSr64.exe
c:\windows\system64\DriverStore\FileRepository\hdxsrss.inf_amd64_neutral_f7ea0511a093a14b\RAVCpl64.exe
c:\windows\system64\DriverStore\FileRepository\hdxsrss.inf_amd64_neutral_f7ea0511a093a14b\RtlUpd64.exe
c:\windows\system64\DriverStore\FileRepository\hdxtoshiba.inf_amd64_neutral_e7a9cc2eb75ac13b\AERTSr64.exe
c:\windows\system64\DriverStore\FileRepository\hdxtoshiba.inf_amd64_neutral_e7a9cc2eb75ac13b\RAVCpl64.exe
c:\windows\system64\DriverStore\FileRepository\hdxtoshiba.inf_amd64_neutral_e7a9cc2eb75ac13b\RtlUpd64.exe
c:\windows\SysWow64\odbcad32.exe
.
----- File Replicators -----
.
c:\drivers\audio\R230371\Vista64\AERTSr64.exe
c:\drivers\audio\R230371\Vista64\RAVCpl64.exe
c:\drivers\audio\R230371\Vista64\RtlUpd64.exe
c:\program files\Realtek\Audio\HDA\AERTSr64.exe
c:\program files\Realtek\Audio\HDA\RAVCpl64.exe
c:\program files\Realtek\Audio\HDA\RtlUpd64.exe
c:\programdata\Adobe\Reader\9.4\ARM\13268\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.4\ARM\13268\AdobeARMHelper.exe
c:\programdata\Adobe\Reader\9.4\ARM\13268\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.4\ARM\14597\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.4\ARM\14597\AdobeARMHelper.exe
c:\programdata\Adobe\Reader\9.4\ARM\14597\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.4\ARM\1905\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.4\ARM\1905\AdobeARMHelper.exe
c:\programdata\Adobe\Reader\9.4\ARM\1905\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.4\ARM\21129\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.4\ARM\21129\AdobeARMHelper.exe
c:\programdata\Adobe\Reader\9.4\ARM\21129\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.4\ARM\21770\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.4\ARM\21770\AdobeARMHelper.exe
c:\programdata\Adobe\Reader\9.4\ARM\21770\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.4\ARM\23825\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.4\ARM\23825\AdobeARMHelper.exe
c:\programdata\Adobe\Reader\9.4\ARM\23825\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.4\ARM\24062\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.4\ARM\24062\AdobeARMHelper.exe
c:\programdata\Adobe\Reader\9.4\ARM\24062\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.4\ARM\26584\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.4\ARM\26584\AdobeARMHelper.exe
c:\programdata\Adobe\Reader\9.4\ARM\26584\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.4\ARM\27850\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.4\ARM\27850\AdobeARMHelper.exe
c:\programdata\Adobe\Reader\9.4\ARM\27850\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.4\ARM\27867\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.4\ARM\27867\AdobeARMHelper.exe
c:\programdata\Adobe\Reader\9.4\ARM\27867\ReaderUpdater.exe
c:\programdata\Adobe\Reader\9.4\ARM\32562\AcrobatUpdater.exe
c:\programdata\Adobe\Reader\9.4\ARM\32562\AdobeARMHelper.exe
c:\programdata\Adobe\Reader\9.4\ARM\32562\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\13268\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\13268\AdobeARMHelper.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\13268\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\14597\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\14597\AdobeARMHelper.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\14597\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\1905\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\1905\AdobeARMHelper.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\1905\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\21129\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\21129\AdobeARMHelper.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\21129\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\21770\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\21770\AdobeARMHelper.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\21770\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\23825\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\23825\AdobeARMHelper.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\23825\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\24062\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\24062\AdobeARMHelper.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\24062\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\26584\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\26584\AdobeARMHelper.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\26584\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\27850\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\27850\AdobeARMHelper.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\27850\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\27867\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\27867\AdobeARMHelper.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\27867\ReaderUpdater.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\32562\AcrobatUpdater.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\32562\AdobeARMHelper.exe
c:\users\All Users\Adobe\Reader\9.4\ARM\32562\ReaderUpdater.exe
c:\users\Carla Stelma\Desktop\Joes Movies\2012\Jaybob's_Movies_Toolbar.exe
c:\users\Carla Stelma\Desktop\Joes Movies\500 Days Of Summer\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Desktop\Joes Movies\9 (Pixar)\Jaybob's_Movies_Toolbar.exe
c:\users\Carla Stelma\Desktop\Joes Movies\Armored\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Desktop\Joes Movies\Baby On Board\Jaybob's_Movies_Toolbar.exe
c:\users\Carla Stelma\Desktop\Joes Movies\Brothers\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Desktop\Joes Movies\Cloudy With A Chance Of Meatballs (Pixar)\Jaybob's_Movies_Toolbar.exe
c:\users\Carla Stelma\Desktop\Joes Movies\Couples Retreat\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Desktop\Joes Movies\Dorian Gray\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Desktop\Joes Movies\Extract\Jaybob's_Movies_Toolbar.exe
c:\users\Carla Stelma\Desktop\Joes Movies\Happily Never After 2 (Pixar)\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Desktop\Joes Movies\House Broken\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Desktop\Joes Movies\I Hope They Serve Beer In Hell\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Desktop\Joes Movies\Jarhead\House Broken\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Desktop\Joes Movies\Julie & Julia\Jaybob's_Movies_Toolbar.exe
c:\users\Carla Stelma\Desktop\Joes Movies\Never Surrender\Jaybob's_Movies_Toolbar.exe
c:\users\Carla Stelma\Desktop\Joes Movies\New York I Love You\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Desktop\Joes Movies\Nine Miles Down\Jaybob's_Movies_Toolbar.exe
c:\users\Carla Stelma\Desktop\Joes Movies\Paranormal Activity\Jaybob's_Movies_Toolbar.exe
c:\users\Carla Stelma\Desktop\Joes Movies\Post Grad\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Desktop\Joes Movies\Princess Of Mars\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Desktop\Joes Movies\Smokin Aces 2 Assassins' Ball\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Desktop\Joes Movies\Surrogates\Jaybob's_Movies_Toolbar.exe
c:\users\Carla Stelma\Desktop\Joes Movies\The Donner Party {2009} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Desktop\Joes Movies\The Final Destination 4\2012\Jaybob's_Movies_Toolbar.exe
c:\users\Carla Stelma\Desktop\Joes Movies\The Final Destination 4\Surrogates\Jaybob's_Movies_Toolbar.exe
c:\users\Carla Stelma\Desktop\Joes Movies\The Goods Live Hard, Sell Hard\Jaybob's_Movies_Toolbar.exe
c:\users\Carla Stelma\Desktop\Joes Movies\The Invention of Lying\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Desktop\Joes Movies\The Rebound\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Desktop\Joes Movies\The Time Traveler's Wife\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Desktop\Joes Movies\Where The Wild Things Are\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Desktop\Joes Movies\Whiteout\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Desktop\Joes Movies\X-Men Origins - Wolverine\Jaybob's_Movies_Toolbar.exe
c:\users\Carla Stelma\Desktop\Love & Basketball\The Donner Party {2009} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Desktop\The Goods Live Hard, Sell Hard\Jaybob's_Movies_Toolbar.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\30 Minutes Or Less {2011} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\Abduction {2011} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\Alice In Wonderland {2010} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\Arthur {2011} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\Battle Los Angeles {2011} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\Black Swan {2010} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\Bridesmaids {2011} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\Chick Magnet {2011} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\Conan The Barbarian {2011} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\Contraband {2012} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\Costa Rican Summer {2009} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\Doghouse {2009} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\Flypaper {2011} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\From Paris With Love {2010} DVDRIP. Jaybob {2010}\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\Green Zone {2010} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\Hanna {2011} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\Killer Elite {2011} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\MacGruber {2010} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\Mission Impossible Ghost Protocol {2011} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\Mystery Team {2009} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\Rampage {2009} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\Resident Evil Afterlife {2010} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\Stone {2010} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\Sucker Punch {2011} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\The Big Year {2011} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\The Change Up {2011} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\The Darkest Hour {2011} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\The Double {2011} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\The Expendables {2010} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\The Girl With The Dragon Tattoo {2011} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\The Sitter {2011} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\Tinker Tailor Soldier Spy {2011} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\Tower Heist {2011} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\Toy Story 3 {2010} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\True Grit {2010} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\Unstoppable {2010} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\Unthinkable {2010} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\Wall Street Money Never Sleeps {2010} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\Water For Elephants {2011} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\Young Adult {2011} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Documents\Vuze Downloads\Your Highness {2011} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Downloads\Did You Hear About The Morgans {2009} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Downloads\Larry The Cable Guy Tailgate Party {2010} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Downloads\The Blind Side {2009} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\users\Carla Stelma\Downloads\The Road {2009} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
c:\windows\System32\DriverStore\FileRepository\hdx861a.inf_amd64_neutral_0590b229b4b01c34\AERTSr64.exe
c:\windows\System32\DriverStore\FileRepository\hdx861a.inf_amd64_neutral_0590b229b4b01c34\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdx861a.inf_amd64_neutral_0590b229b4b01c34\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxasusc.inf_amd64_neutral_eab2e55c5abcaead\AERTSr64.exe
c:\windows\System32\DriverStore\FileRepository\hdxasusc.inf_amd64_neutral_eab2e55c5abcaead\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxasusc.inf_amd64_neutral_eab2e55c5abcaead\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxcpc.inf_amd64_neutral_91b6a2c1a20f73b4\AERTSr64.exe
c:\windows\System32\DriverStore\FileRepository\hdxcpc.inf_amd64_neutral_91b6a2c1a20f73b4\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxcpc.inf_amd64_neutral_91b6a2c1a20f73b4\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxdell.inf_amd64_neutral_c0bcd1217e014881\AERTSr64.exe
c:\windows\System32\DriverStore\FileRepository\hdxdell.inf_amd64_neutral_c0bcd1217e014881\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxdell.inf_amd64_neutral_c0bcd1217e014881\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxgb.inf_amd64_neutral_14e137f7ba77f922\AERTSr64.exe
c:\windows\System32\DriverStore\FileRepository\hdxgb.inf_amd64_neutral_14e137f7ba77f922\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxgb.inf_amd64_neutral_14e137f7ba77f922\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxgw.inf_amd64_neutral_3e4e867688aa7836\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxgw.inf_amd64_neutral_3e4e867688aa7836\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpai1.inf_amd64_neutral_cf090b635a693759\AERTSr64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpai1.inf_amd64_neutral_cf090b635a693759\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpai1.inf_amd64_neutral_cf090b635a693759\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpai2.inf_amd64_neutral_08ff8439c8119cf3\AERTSr64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpai2.inf_amd64_neutral_08ff8439c8119cf3\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpai2.inf_amd64_neutral_08ff8439c8119cf3\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpnb.inf_amd64_neutral_b43f06adf486913d\AERTSr64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpnb.inf_amd64_neutral_b43f06adf486913d\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpnb.inf_amd64_neutral_b43f06adf486913d\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxlc.inf_amd64_neutral_e0216f1c80b07a18\AERTSr64.exe
c:\windows\System32\DriverStore\FileRepository\hdxlc.inf_amd64_neutral_e0216f1c80b07a18\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxlc.inf_amd64_neutral_e0216f1c80b07a18\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxlc2.inf_amd64_neutral_c4e5cebbd06f87ad\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxlc3.inf_amd64_neutral_18d6bdedc2abe6eb\AERTSr64.exe
c:\windows\System32\DriverStore\FileRepository\hdxlc3.inf_amd64_neutral_18d6bdedc2abe6eb\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxlc3.inf_amd64_neutral_18d6bdedc2abe6eb\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxmsi.inf_amd64_neutral_11410f156984398a\AERTSr64.exe
c:\windows\System32\DriverStore\FileRepository\hdxmsi.inf_amd64_neutral_11410f156984398a\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxmsi.inf_amd64_neutral_11410f156984398a\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxprmau.inf_amd64_neutral_e13c1772f815f60c\AERTSr64.exe
c:\windows\System32\DriverStore\FileRepository\hdxprmau.inf_amd64_neutral_e13c1772f815f60c\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxprmau.inf_amd64_neutral_e13c1772f815f60c\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\AERTSr64.exe
c:\windows\System32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxrt9.inf_amd64_neutral_06b2dc37ccb51998\AERTSr64.exe
c:\windows\System32\DriverStore\FileRepository\hdxrt9.inf_amd64_neutral_06b2dc37ccb51998\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxrt9.inf_amd64_neutral_06b2dc37ccb51998\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrsd.inf_amd64_neutral_592fa22519566371\AERTSr64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrsd.inf_amd64_neutral_592fa22519566371\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrsd.inf_amd64_neutral_592fa22519566371\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrss.inf_amd64_neutral_f7ea0511a093a14b\AERTSr64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrss.inf_amd64_neutral_f7ea0511a093a14b\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrss.inf_amd64_neutral_f7ea0511a093a14b\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxtoshiba.inf_amd64_neutral_e7a9cc2eb75ac13b\AERTSr64.exe
c:\windows\System32\DriverStore\FileRepository\hdxtoshiba.inf_amd64_neutral_e7a9cc2eb75ac13b\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxtoshiba.inf_amd64_neutral_e7a9cc2eb75ac13b\RtlUpd64.exe
c:\windows\system64\DriverStore\FileRepository\hdx861a.inf_amd64_neutral_0590b229b4b01c34\AERTSr64.exe
c:\windows\system64\DriverStore\FileRepository\hdx861a.inf_amd64_neutral_0590b229b4b01c34\RAVCpl64.exe
c:\windows\system64\DriverStore\FileRepository\hdx861a.inf_amd64_neutral_0590b229b4b01c34\RtlUpd64.exe
c:\windows\system64\DriverStore\FileRepository\hdxasusc.inf_amd64_neutral_eab2e55c5abcaead\AERTSr64.exe
c:\windows\system64\DriverStore\FileRepository\hdxasusc.inf_amd64_neutral_eab2e55c5abcaead\RAVCpl64.exe
c:\windows\system64\DriverStore\FileRepository\hdxasusc.inf_amd64_neutral_eab2e55c5abcaead\RtlUpd64.exe
c:\windows\system64\DriverStore\FileRepository\hdxcpc.inf_amd64_neutral_91b6a2c1a20f73b4\AERTSr64.exe
c:\windows\system64\DriverStore\FileRepository\hdxcpc.inf_amd64_neutral_91b6a2c1a20f73b4\RAVCpl64.exe
c:\windows\system64\DriverStore\FileRepository\hdxcpc.inf_amd64_neutral_91b6a2c1a20f73b4\RtlUpd64.exe
c:\windows\system64\DriverStore\FileRepository\hdxdell.inf_amd64_neutral_c0bcd1217e014881\AERTSr64.exe
c:\windows\system64\DriverStore\FileRepository\hdxdell.inf_amd64_neutral_c0bcd1217e014881\RAVCpl64.exe
c:\windows\system64\DriverStore\FileRepository\hdxdell.inf_amd64_neutral_c0bcd1217e014881\RtlUpd64.exe
c:\windows\system64\DriverStore\FileRepository\hdxgb.inf_amd64_neutral_14e137f7ba77f922\AERTSr64.exe
c:\windows\system64\DriverStore\FileRepository\hdxgb.inf_amd64_neutral_14e137f7ba77f922\RAVCpl64.exe
c:\windows\system64\DriverStore\FileRepository\hdxgb.inf_amd64_neutral_14e137f7ba77f922\RtlUpd64.exe
c:\windows\system64\DriverStore\FileRepository\hdxgw.inf_amd64_neutral_3e4e867688aa7836\RAVCpl64.exe
c:\windows\system64\DriverStore\FileRepository\hdxgw.inf_amd64_neutral_3e4e867688aa7836\RtlUpd64.exe
c:\windows\system64\DriverStore\FileRepository\hdxhpai1.inf_amd64_neutral_cf090b635a693759\AERTSr64.exe
c:\windows\system64\DriverStore\FileRepository\hdxhpai1.inf_amd64_neutral_cf090b635a693759\RAVCpl64.exe
c:\windows\system64\DriverStore\FileRepository\hdxhpai1.inf_amd64_neutral_cf090b635a693759\RtlUpd64.exe
c:\windows\system64\DriverStore\FileRepository\hdxhpai2.inf_amd64_neutral_08ff8439c8119cf3\AERTSr64.exe
c:\windows\system64\DriverStore\FileRepository\hdxhpai2.inf_amd64_neutral_08ff8439c8119cf3\RAVCpl64.exe
c:\windows\system64\DriverStore\FileRepository\hdxhpai2.inf_amd64_neutral_08ff8439c8119cf3\RtlUpd64.exe
c:\windows\system64\DriverStore\FileRepository\hdxhpnb.inf_amd64_neutral_b43f06adf486913d\AERTSr64.exe
c:\windows\system64\DriverStore\FileRepository\hdxhpnb.inf_amd64_neutral_b43f06adf486913d\RAVCpl64.exe
c:\windows\system64\DriverStore\FileRepository\hdxhpnb.inf_amd64_neutral_b43f06adf486913d\RtlUpd64.exe
c:\windows\system64\DriverStore\FileRepository\hdxlc.inf_amd64_neutral_e0216f1c80b07a18\AERTSr64.exe
c:\windows\system64\DriverStore\FileRepository\hdxlc.inf_amd64_neutral_e0216f1c80b07a18\RAVCpl64.exe
c:\windows\system64\DriverStore\FileRepository\hdxlc.inf_amd64_neutral_e0216f1c80b07a18\RtlUpd64.exe
c:\windows\system64\DriverStore\FileRepository\hdxlc2.inf_amd64_neutral_c4e5cebbd06f87ad\RtlUpd64.exe
c:\windows\system64\DriverStore\FileRepository\hdxlc3.inf_amd64_neutral_18d6bdedc2abe6eb\AERTSr64.exe
c:\windows\system64\DriverStore\FileRepository\hdxlc3.inf_amd64_neutral_18d6bdedc2abe6eb\RAVCpl64.exe
c:\windows\system64\DriverStore\FileRepository\hdxlc3.inf_amd64_neutral_18d6bdedc2abe6eb\RtlUpd64.exe
c:\windows\system64\DriverStore\FileRepository\hdxmsi.inf_amd64_neutral_11410f156984398a\AERTSr64.exe
c:\windows\system64\DriverStore\FileRepository\hdxmsi.inf_amd64_neutral_11410f156984398a\RAVCpl64.exe
c:\windows\system64\DriverStore\FileRepository\hdxmsi.inf_amd64_neutral_11410f156984398a\RtlUpd64.exe
c:\windows\system64\DriverStore\FileRepository\hdxprmau.inf_amd64_neutral_e13c1772f815f60c\AERTSr64.exe
c:\windows\system64\DriverStore\FileRepository\hdxprmau.inf_amd64_neutral_e13c1772f815f60c\RAVCpl64.exe
c:\windows\system64\DriverStore\FileRepository\hdxprmau.inf_amd64_neutral_e13c1772f815f60c\RtlUpd64.exe
c:\windows\system64\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\AERTSr64.exe
c:\windows\system64\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RAVCpl64.exe
c:\windows\system64\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_a921ba2fbbeed1b2\RtlUpd64.exe
c:\windows\system64\DriverStore\FileRepository\hdxrt9.inf_amd64_neutral_06b2dc37ccb51998\AERTSr64.exe
c:\windows\system64\DriverStore\FileRepository\hdxrt9.inf_amd64_neutral_06b2dc37ccb51998\RAVCpl64.exe
c:\windows\system64\DriverStore\FileRepository\hdxrt9.inf_amd64_neutral_06b2dc37ccb51998\RtlUpd64.exe
c:\windows\system64\DriverStore\FileRepository\hdxsrsd.inf_amd64_neutral_592fa22519566371\AERTSr64.exe
c:\windows\system64\DriverStore\FileRepository\hdxsrsd.inf_amd64_neutral_592fa22519566371\RAVCpl64.exe
c:\windows\system64\DriverStore\FileRepository\hdxsrsd.inf_amd64_neutral_592fa22519566371\RtlUpd64.exe
c:\windows\system64\DriverStore\FileRepository\hdxsrss.inf_amd64_neutral_f7ea0511a093a14b\AERTSr64.exe
c:\windows\system64\DriverStore\FileRepository\hdxsrss.inf_amd64_neutral_f7ea0511a093a14b\RAVCpl64.exe
c:\windows\system64\DriverStore\FileRepository\hdxsrss.inf_amd64_neutral_f7ea0511a093a14b\RtlUpd64.exe
c:\windows\system64\DriverStore\FileRepository\hdxtoshiba.inf_amd64_neutral_e7a9cc2eb75ac13b\AERTSr64.exe
c:\windows\system64\DriverStore\FileRepository\hdxtoshiba.inf_amd64_neutral_e7a9cc2eb75ac13b\RAVCpl64.exe
c:\windows\system64\DriverStore\FileRepository\hdxtoshiba.inf_amd64_neutral_e7a9cc2eb75ac13b\RtlUpd64.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AERTFilters
.
.
((((((((((((((((((((((((( Files Created from 2012-04-10 to 2012-05-10 )))))))))))))))))))))))))))))))
.
.
2012-05-10 08:06 . 2012-05-10 08:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-10 06:28 . 2012-05-11 00:45 -------- d-----w- C:\FRST
2012-05-10 04:12 . 2012-05-10 04:12 -------- d-----w- c:\users\Carla Stelma\AppData\Local\PackageAware
2012-05-10 00:03 . 2012-05-10 00:03 -------- d-----w- c:\program files (x86)\Runtime Software
2012-05-08 09:04 . 2012-05-08 09:04 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-08 08:50 . 2012-05-09 23:46 -------- d-----w- c:\users\Carla Stelma\AppData\Roaming\Owsui
2012-05-08 08:50 . 2012-05-08 08:50 136192 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tuwez.exe
2012-05-08 08:38 . 2012-05-08 09:04 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-08 08:37 . 2012-05-08 08:37 -------- d-----we c:\windows\system64
2012-05-08 08:30 . 2012-05-09 10:55 -------- d-----w- c:\programdata\AVAST Software
2012-05-08 08:30 . 2012-05-09 10:55 -------- d-----w- c:\program files\AVAST Software
2012-05-01 09:26 . 2012-05-01 09:26 -------- d-----w- c:\program files (x86)\MSECache
2012-04-11 17:00 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 17:00 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 17:00 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 17:00 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 17:00 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 17:00 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 17:00 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 09:04 . 2011-12-04 07:11 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-07 00:15 . 2011-12-02 21:32 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-15 06:27 . 2012-03-14 02:52 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 05:44 . 2012-03-14 02:52 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-15 04:47 . 2012-03-14 02:52 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:46 . 2012-03-14 02:52 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-02-22 2353176]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-02-22 01:05 2353176 ----a-w- c:\program files (x86)\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-02-22 2353176]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-12 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-24 140520]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
c:\users\Carla Stelma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-8-12 113664]
Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe [2009-12-15 53248]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
tuwez.exe [2012-5-8 136192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-21 133104]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 257696]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-21 133104]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam 500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2009-07-29 595960]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-07-29 917768]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [x]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-18 450848]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 09:04]
.
2012-04-28 c:\windows\Tasks\DriverCure.job
- c:\program files (x86)\ParetoLogic\DriverCure\DriverCure.exe [2010-06-17 21:28]
.
2012-05-05 c:\windows\Tasks\FileCure Default.job
- c:\program files (x86)\ParetoLogic\FileCure\FileCure.exe [2011-03-01 23:00]
.
2012-05-10 c:\windows\Tasks\FileCure Startup.job
- c:\program files (x86)\ParetoLogic\FileCure\FileCure.exe [2011-03-01 23:00]
.
2012-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-21 10:43]
.
2012-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-21 10:43]
.
2012-05-07 c:\windows\Tasks\Norton Security Scan for Carla Stelma.job
- c:\progra~2\NORTON~2\Engine\301~1.8\Nss.exe [2011-01-24 16:45]
.
2012-05-10 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-05-06 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2010-04-06 21:30]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-26 16327712]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1023416]
"combofix"="c:\combofix\CF31939.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
sf
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/home?AF=10588
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Carla Stelma\AppData\Roaming\Mozilla\Firefox\Profiles\xbqzh82p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2392836&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2392836&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-{1A6C0005-2331-75A0-6106-D1E1425DE532} - c:\users\Carla Stelma\AppData\Roaming\Relupo\ufax.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
HKLM-Run-RtHDVCpl - c:\program files\Realtek\Audio\HDA\RAVCpl64.exe
HKLM-Run-Skytel - c:\program files\Realtek\Audio\HDA\Skytel.exe
AddRemove-{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} - c:\program files\Realtek\Audio\HDA\RtlUpd64.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\04\06\08\02#?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
c:\program files (x86)\Dell Remote Access\ezi_ra.exe
.
**************************************************************************
.
Completion time: 2012-05-10 18:16:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-10 08:16
.
Pre-Run: 452,213,137,408 bytes free
Post-Run: 452,774,469,632 bytes free
.
- - End Of File - - 392D565F0520E136F58787F755D03A1D

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:38 PM

Posted 10 May 2012 - 03:55 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 chogun1726

chogun1726
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 10 May 2012 - 04:43 AM

Hi Gringo no problems with the scans here you go



19:09:31.0214 1056 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
19:09:32.0263 1056 ============================================================
19:09:32.0263 1056 Current date / time: 2012/05/10 19:09:32.0263
19:09:32.0263 1056 SystemInfo:
19:09:32.0263 1056
19:09:32.0264 1056 OS Version: 6.1.7600 ServicePack: 0.0
19:09:32.0264 1056 Product type: Workstation
19:09:32.0264 1056 ComputerName: CARLASTELMA-PC
19:09:32.0264 1056 UserName: Carla Stelma
19:09:32.0264 1056 Windows directory: C:\Windows
19:09:32.0264 1056 System windows directory: C:\Windows
19:09:32.0264 1056 Running under WOW64
19:09:32.0264 1056 Processor architecture: Intel x64
19:09:32.0264 1056 Number of processors: 4
19:09:32.0264 1056 Page size: 0x1000
19:09:32.0264 1056 Boot type: Normal boot
19:09:32.0264 1056 ============================================================
19:09:33.0169 1056 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:09:33.0192 1056 Drive \Device\Harddisk7\DR7 - Size: 0x1E2000000 (7.53 Gb), SectorSize: 0x200, Cylinders: 0x3D7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:09:33.0193 1056 ============================================================
19:09:33.0193 1056 \Device\Harddisk0\DR0:
19:09:33.0193 1056 MBR partitions:
19:09:33.0194 1056 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F800, BlocksNum 0x1339000
19:09:33.0194 1056 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1358800, BlocksNum 0x733AD800
19:09:33.0194 1056 \Device\Harddisk7\DR7:
19:09:33.0194 1056 MBR partitions:
19:09:33.0194 1056 ============================================================
19:09:33.0213 1056 C: <-> \Device\Harddisk0\DR0\Partition1
19:09:33.0213 1056 ============================================================
19:09:33.0213 1056 Initialize success
19:09:33.0213 1056 ============================================================
19:16:15.0343 4468 ============================================================
19:16:15.0343 4468 Scan started
19:16:15.0343 4468 Mode: Manual;
19:16:15.0343 4468 ============================================================
19:16:15.0827 4468 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
19:16:15.0829 4468 1394ohci - ok
19:16:15.0870 4468 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
19:16:15.0875 4468 ACPI - ok
19:16:15.0890 4468 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
19:16:15.0892 4468 AcpiPmi - ok
19:16:15.0990 4468 Adobe LM Service (5ddc0a8d2cd60bda593ddaf45821ce08) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
19:16:15.0992 4468 Adobe LM Service - ok
19:16:16.0073 4468 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:16:16.0075 4468 AdobeFlashPlayerUpdateSvc - ok
19:16:16.0103 4468 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:16:16.0110 4468 adp94xx - ok
19:16:16.0122 4468 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:16:16.0125 4468 adpahci - ok
19:16:16.0133 4468 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:16:16.0135 4468 adpu320 - ok
19:16:16.0159 4468 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:16:16.0160 4468 AeLookupSvc - ok
19:16:16.0218 4468 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
19:16:16.0225 4468 AFD - ok
19:16:16.0233 4468 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
19:16:16.0234 4468 agp440 - ok
19:16:16.0247 4468 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:16:16.0248 4468 ALG - ok
19:16:16.0256 4468 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
19:16:16.0257 4468 aliide - ok
19:16:16.0260 4468 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
19:16:16.0260 4468 amdide - ok
19:16:16.0267 4468 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:16:16.0268 4468 AmdK8 - ok
19:16:16.0276 4468 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:16:16.0278 4468 AmdPPM - ok
19:16:16.0290 4468 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
19:16:16.0292 4468 amdsata - ok
19:16:16.0308 4468 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:16:16.0310 4468 amdsbs - ok
19:16:16.0326 4468 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
19:16:16.0326 4468 amdxata - ok
19:16:16.0349 4468 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
19:16:16.0351 4468 AppID - ok
19:16:16.0381 4468 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:16:16.0381 4468 AppIDSvc - ok
19:16:16.0396 4468 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
19:16:16.0397 4468 Appinfo - ok
19:16:16.0495 4468 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:16:16.0496 4468 Apple Mobile Device - ok
19:16:16.0547 4468 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:16:16.0549 4468 arc - ok
19:16:16.0557 4468 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:16:16.0559 4468 arcsas - ok
19:16:16.0562 4468 Ascdinps - ok
19:16:16.0619 4468 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:16:16.0621 4468 AsyncMac - ok
19:16:16.0635 4468 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
19:16:16.0636 4468 atapi - ok
19:16:16.0662 4468 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
19:16:16.0670 4468 AudioEndpointBuilder - ok
19:16:16.0679 4468 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
19:16:16.0683 4468 AudioSrv - ok
19:16:16.0694 4468 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
19:16:16.0696 4468 AxInstSV - ok
19:16:16.0720 4468 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:16:16.0727 4468 b06bdrv - ok
19:16:16.0768 4468 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:16:16.0772 4468 b57nd60a - ok
19:16:16.0795 4468 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:16:16.0796 4468 BDESVC - ok
19:16:16.0805 4468 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:16:16.0806 4468 Beep - ok
19:16:16.0858 4468 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
19:16:16.0866 4468 BFE - ok
19:16:16.0904 4468 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
19:16:16.0915 4468 BITS - ok
19:16:16.0939 4468 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:16:16.0940 4468 blbdrive - ok
19:16:17.0037 4468 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
19:16:17.0038 4468 Bonjour Service - ok
19:16:17.0076 4468 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
19:16:17.0078 4468 bowser - ok
19:16:17.0091 4468 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:16:17.0092 4468 BrFiltLo - ok
19:16:17.0109 4468 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:16:17.0110 4468 BrFiltUp - ok
19:16:17.0161 4468 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
19:16:17.0163 4468 BridgeMP - ok
19:16:17.0224 4468 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
19:16:17.0225 4468 Browser - ok
19:16:17.0243 4468 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:16:17.0246 4468 Brserid - ok
19:16:17.0250 4468 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:16:17.0251 4468 BrSerWdm - ok
19:16:17.0267 4468 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:16:17.0268 4468 BrUsbMdm - ok
19:16:17.0272 4468 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:16:17.0272 4468 BrUsbSer - ok
19:16:17.0286 4468 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:16:17.0287 4468 BTHMODEM - ok
19:16:17.0303 4468 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:16:17.0305 4468 bthserv - ok
19:16:17.0325 4468 catchme - ok
19:16:17.0355 4468 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:16:17.0356 4468 cdfs - ok
19:16:17.0386 4468 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
19:16:17.0388 4468 cdrom - ok
19:16:17.0426 4468 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
19:16:17.0428 4468 CertPropSvc - ok
19:16:17.0444 4468 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:16:17.0445 4468 circlass - ok
19:16:17.0465 4468 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:16:17.0468 4468 CLFS - ok
19:16:17.0526 4468 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:16:17.0528 4468 clr_optimization_v2.0.50727_32 - ok
19:16:17.0553 4468 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:16:17.0555 4468 clr_optimization_v2.0.50727_64 - ok
19:16:17.0635 4468 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:16:17.0637 4468 clr_optimization_v4.0.30319_32 - ok
19:16:17.0654 4468 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:16:17.0656 4468 clr_optimization_v4.0.30319_64 - ok
19:16:17.0674 4468 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:16:17.0675 4468 CmBatt - ok
19:16:17.0688 4468 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
19:16:17.0689 4468 cmdide - ok
19:16:17.0738 4468 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
19:16:17.0745 4468 CNG - ok
19:16:17.0750 4468 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:16:17.0751 4468 Compbatt - ok
19:16:17.0779 4468 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:16:17.0780 4468 CompositeBus - ok
19:16:17.0781 4468 COMSysApp - ok
19:16:17.0791 4468 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:16:17.0792 4468 crcdisk - ok
19:16:17.0819 4468 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
19:16:17.0822 4468 CryptSvc - ok
19:16:17.0861 4468 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
19:16:17.0868 4468 DcomLaunch - ok
19:16:17.0896 4468 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:16:17.0899 4468 defragsvc - ok
19:16:17.0939 4468 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
19:16:17.0941 4468 DfsC - ok
19:16:17.0987 4468 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
19:16:17.0991 4468 Dhcp - ok
19:16:18.0001 4468 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:16:18.0002 4468 discache - ok
19:16:18.0027 4468 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:16:18.0027 4468 Disk - ok
19:16:18.0063 4468 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
19:16:18.0067 4468 Dnscache - ok
19:16:18.0148 4468 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
19:16:18.0151 4468 DockLoginService - ok
19:16:18.0167 4468 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
19:16:18.0171 4468 dot3svc - ok
19:16:18.0185 4468 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
19:16:18.0188 4468 DPS - ok
19:16:18.0225 4468 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:16:18.0226 4468 drmkaud - ok
19:16:18.0288 4468 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
19:16:18.0297 4468 DXGKrnl - ok
19:16:18.0315 4468 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:16:18.0316 4468 EapHost - ok
19:16:18.0422 4468 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:16:18.0484 4468 ebdrv - ok
19:16:18.0568 4468 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
19:16:18.0569 4468 EFS - ok
19:16:18.0626 4468 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
19:16:18.0635 4468 ehRecvr - ok
19:16:18.0657 4468 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:16:18.0659 4468 ehSched - ok
19:16:18.0716 4468 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:16:18.0723 4468 elxstor - ok
19:16:18.0738 4468 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
19:16:18.0739 4468 ErrDev - ok
19:16:18.0768 4468 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:16:18.0772 4468 EventSystem - ok
19:16:18.0805 4468 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:16:18.0808 4468 exfat - ok
19:16:18.0828 4468 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:16:18.0832 4468 fastfat - ok
19:16:18.0878 4468 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
19:16:18.0884 4468 Fax - ok
19:16:18.0899 4468 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:16:18.0900 4468 fdc - ok
19:16:18.0913 4468 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:16:18.0914 4468 fdPHost - ok
19:16:18.0925 4468 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:16:18.0926 4468 FDResPub - ok
19:16:18.0935 4468 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:16:18.0936 4468 FileInfo - ok
19:16:18.0975 4468 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:16:18.0976 4468 Filetrace - ok
19:16:18.0991 4468 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:16:18.0992 4468 flpydisk - ok
19:16:19.0016 4468 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
19:16:19.0019 4468 FltMgr - ok
19:16:19.0083 4468 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
19:16:19.0105 4468 FontCache - ok
19:16:19.0169 4468 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:16:19.0171 4468 FontCache3.0.0.0 - ok
19:16:19.0348 4468 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:16:19.0349 4468 FsDepends - ok
19:16:19.0373 4468 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
19:16:19.0374 4468 Fs_Rec - ok
19:16:19.0429 4468 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:16:19.0431 4468 fvevol - ok
19:16:19.0441 4468 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:16:19.0443 4468 gagp30kx - ok
19:16:19.0478 4468 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:16:19.0479 4468 GEARAspiWDM - ok
19:16:19.0551 4468 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
19:16:19.0553 4468 GoToAssist - ok
19:16:19.0598 4468 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
19:16:19.0609 4468 gpsvc - ok
19:16:19.0615 4468 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:16:19.0616 4468 hcw85cir - ok
19:16:19.0658 4468 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:16:19.0660 4468 HDAudBus - ok
19:16:19.0666 4468 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:16:19.0667 4468 HidBatt - ok
19:16:19.0683 4468 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:16:19.0685 4468 HidBth - ok
19:16:19.0721 4468 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:16:19.0723 4468 HidIr - ok
19:16:19.0738 4468 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
19:16:19.0740 4468 hidserv - ok
19:16:19.0750 4468 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
19:16:19.0750 4468 HidUsb - ok
19:16:19.0762 4468 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
19:16:19.0763 4468 hkmsvc - ok
19:16:19.0862 4468 hnmsvc (583431a6989fd8b901d1883c0299c471) c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
19:16:19.0865 4468 hnmsvc - ok
19:16:19.0879 4468 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
19:16:19.0881 4468 HomeGroupListener - ok
19:16:19.0902 4468 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
19:16:19.0906 4468 HomeGroupProvider - ok
19:16:19.0951 4468 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
19:16:19.0953 4468 HpSAMD - ok
19:16:20.0003 4468 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
19:16:20.0013 4468 HTTP - ok
19:16:20.0035 4468 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
19:16:20.0035 4468 hwpolicy - ok
19:16:20.0050 4468 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:16:20.0052 4468 i8042prt - ok
19:16:20.0079 4468 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
19:16:20.0083 4468 iaStor - ok
19:16:20.0123 4468 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
19:16:20.0129 4468 iaStorV - ok
19:16:20.0215 4468 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:16:20.0225 4468 idsvc - ok
19:16:20.0230 4468 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:16:20.0231 4468 iirsp - ok
19:16:20.0303 4468 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
19:16:20.0311 4468 IKEEXT - ok
19:16:20.0375 4468 IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys
19:16:20.0382 4468 IntcAzAudAddService - ok
19:16:20.0447 4468 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
19:16:20.0449 4468 intelide - ok
19:16:20.0514 4468 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:16:20.0515 4468 intelppm - ok
19:16:20.0542 4468 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:16:20.0544 4468 IPBusEnum - ok
19:16:20.0560 4468 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:16:20.0561 4468 IpFilterDriver - ok
19:16:20.0626 4468 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
19:16:20.0631 4468 iphlpsvc - ok
19:16:20.0657 4468 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:16:20.0659 4468 IPMIDRV - ok
19:16:20.0678 4468 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:16:20.0680 4468 IPNAT - ok
19:16:20.0781 4468 iPod Service (a3bda1a8a016b5e5a525bcf684894ebe) C:\Program Files\iPod\bin\iPodService.exe
19:16:20.0793 4468 iPod Service - ok
19:16:20.0824 4468 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:16:20.0825 4468 IRENUM - ok
19:16:20.0856 4468 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
19:16:20.0857 4468 isapnp - ok
19:16:20.0876 4468 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
19:16:20.0879 4468 iScsiPrt - ok
19:16:20.0934 4468 k57nd60a (249ee2d26cb1530f3bede0ac8b9e3099) C:\Windows\system32\DRIVERS\k57nd60a.sys
19:16:20.0937 4468 k57nd60a - ok
19:16:20.0974 4468 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:16:20.0975 4468 kbdclass - ok
19:16:20.0986 4468 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
19:16:20.0987 4468 kbdhid - ok
19:16:21.0017 4468 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:16:21.0019 4468 KeyIso - ok
19:16:21.0037 4468 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
19:16:21.0038 4468 KSecDD - ok
19:16:21.0059 4468 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
19:16:21.0061 4468 KSecPkg - ok
19:16:21.0065 4468 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:16:21.0065 4468 ksthunk - ok
19:16:21.0105 4468 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:16:21.0111 4468 KtmRm - ok
19:16:21.0159 4468 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
19:16:21.0162 4468 LanmanServer - ok
19:16:21.0200 4468 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
19:16:21.0204 4468 LanmanWorkstation - ok
19:16:21.0242 4468 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:16:21.0243 4468 lltdio - ok
19:16:21.0268 4468 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:16:21.0273 4468 lltdsvc - ok
19:16:21.0286 4468 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:16:21.0287 4468 lmhosts - ok
19:16:21.0324 4468 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:16:21.0326 4468 LSI_FC - ok
19:16:21.0346 4468 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:16:21.0349 4468 LSI_SAS - ok
19:16:21.0367 4468 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:16:21.0368 4468 LSI_SAS2 - ok
19:16:21.0379 4468 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:16:21.0381 4468 LSI_SCSI - ok
19:16:21.0410 4468 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:16:21.0411 4468 luafv - ok
19:16:21.0459 4468 LVRS64 (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys
19:16:21.0464 4468 LVRS64 - ok
19:16:21.0611 4468 LVUVC64 (ac22f92c6078640fe8a70d662a2f3ad5) C:\Windows\system32\DRIVERS\lvuvc64.sys
19:16:21.0697 4468 LVUVC64 - ok
19:16:21.0796 4468 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
19:16:21.0798 4468 Mcx2Svc - ok
19:16:21.0819 4468 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:16:21.0820 4468 megasas - ok
19:16:21.0838 4468 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:16:21.0841 4468 MegaSR - ok
19:16:21.0867 4468 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:16:21.0868 4468 MMCSS - ok
19:16:21.0886 4468 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:16:21.0887 4468 Modem - ok
19:16:21.0905 4468 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:16:21.0906 4468 monitor - ok
19:16:21.0949 4468 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:16:21.0950 4468 mouclass - ok
19:16:21.0957 4468 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:16:21.0958 4468 mouhid - ok
19:16:21.0997 4468 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
19:16:21.0999 4468 mountmgr - ok
19:16:22.0022 4468 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
19:16:22.0024 4468 mpio - ok
19:16:22.0044 4468 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:16:22.0046 4468 mpsdrv - ok
19:16:22.0117 4468 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
19:16:22.0128 4468 MpsSvc - ok
19:16:22.0145 4468 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
19:16:22.0147 4468 MRxDAV - ok
19:16:22.0183 4468 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:16:22.0186 4468 mrxsmb - ok
19:16:22.0231 4468 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:16:22.0235 4468 mrxsmb10 - ok
19:16:22.0248 4468 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:16:22.0250 4468 mrxsmb20 - ok
19:16:22.0283 4468 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
19:16:22.0285 4468 msahci - ok
19:16:22.0304 4468 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
19:16:22.0306 4468 msdsm - ok
19:16:22.0351 4468 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:16:22.0354 4468 MSDTC - ok
19:16:22.0402 4468 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:16:22.0403 4468 Msfs - ok
19:16:22.0414 4468 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:16:22.0414 4468 mshidkmdf - ok
19:16:22.0432 4468 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
19:16:22.0433 4468 msisadrv - ok
19:16:22.0452 4468 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:16:22.0455 4468 MSiSCSI - ok
19:16:22.0466 4468 msiserver - ok
19:16:22.0507 4468 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:16:22.0508 4468 MSKSSRV - ok
19:16:22.0540 4468 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:16:22.0541 4468 MSPCLOCK - ok
19:16:22.0551 4468 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:16:22.0552 4468 MSPQM - ok
19:16:22.0575 4468 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
19:16:22.0578 4468 MsRPC - ok
19:16:22.0587 4468 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:16:22.0587 4468 mssmbios - ok
19:16:22.0595 4468 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:16:22.0596 4468 MSTEE - ok
19:16:22.0602 4468 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:16:22.0603 4468 MTConfig - ok
19:16:22.0615 4468 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:16:22.0616 4468 Mup - ok
19:16:22.0648 4468 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
19:16:22.0654 4468 napagent - ok
19:16:22.0691 4468 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:16:22.0694 4468 NativeWifiP - ok
19:16:22.0730 4468 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
19:16:22.0739 4468 NDIS - ok
19:16:22.0760 4468 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:16:22.0761 4468 NdisCap - ok
19:16:22.0798 4468 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:16:22.0799 4468 NdisTapi - ok
19:16:22.0818 4468 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
19:16:22.0819 4468 Ndisuio - ok
19:16:22.0834 4468 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:16:22.0837 4468 NdisWan - ok
19:16:22.0852 4468 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
19:16:22.0854 4468 NDProxy - ok
19:16:22.0868 4468 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:16:22.0869 4468 NetBIOS - ok
19:16:22.0888 4468 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
19:16:22.0892 4468 NetBT - ok
19:16:22.0923 4468 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:16:22.0925 4468 Netlogon - ok
19:16:22.0950 4468 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:16:22.0956 4468 Netman - ok
19:16:22.0984 4468 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:16:22.0991 4468 netprofm - ok
19:16:23.0066 4468 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:16:23.0068 4468 NetTcpPortSharing - ok
19:16:23.0112 4468 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:16:23.0113 4468 nfrd960 - ok
19:16:23.0155 4468 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
19:16:23.0160 4468 NlaSvc - ok
19:16:23.0169 4468 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:16:23.0170 4468 Npfs - ok
19:16:23.0175 4468 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:16:23.0178 4468 nsi - ok
19:16:23.0198 4468 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:16:23.0198 4468 nsiproxy - ok
19:16:23.0264 4468 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
19:16:23.0301 4468 Ntfs - ok
19:16:23.0419 4468 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:16:23.0420 4468 Null - ok
19:16:23.0490 4468 NVHDA (cb599955ce2ce9694721562f9481cd84) C:\Windows\system32\drivers\nvhda64v.sys
19:16:23.0491 4468 NVHDA - ok
19:16:23.0819 4468 nvlddmkm (51bd7ef17f0b525994ad5b3748c8288b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:16:23.0860 4468 nvlddmkm - ok
19:16:23.0936 4468 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
19:16:23.0938 4468 nvraid - ok
19:16:23.0958 4468 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
19:16:23.0961 4468 nvstor - ok
19:16:23.0989 4468 nvsvc (fce8537bf5d504680212d536a3bfe5e2) C:\Windows\system32\nvvsvc.exe
19:16:23.0996 4468 nvsvc - ok
19:16:24.0036 4468 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
19:16:24.0039 4468 nv_agp - ok
19:16:24.0122 4468 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:16:24.0127 4468 odserv - ok
19:16:24.0139 4468 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
19:16:24.0140 4468 ohci1394 - ok
19:16:24.0182 4468 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:16:24.0184 4468 ose - ok
19:16:24.0214 4468 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:16:24.0218 4468 p2pimsvc - ok
19:16:24.0240 4468 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:16:24.0246 4468 p2psvc - ok
19:16:24.0282 4468 Packet (99e6aa0ae2d05389ba7f7dff6866b569) C:\Windows\system32\DRIVERS\packet.sys
19:16:24.0283 4468 Packet - ok
19:16:24.0304 4468 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:16:24.0306 4468 Parport - ok
19:16:24.0322 4468 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
19:16:24.0323 4468 partmgr - ok
19:16:24.0336 4468 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:16:24.0338 4468 PcaSvc - ok
19:16:24.0375 4468 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
19:16:24.0378 4468 pci - ok
19:16:24.0386 4468 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
19:16:24.0387 4468 pciide - ok
19:16:24.0410 4468 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:16:24.0413 4468 pcmcia - ok
19:16:24.0426 4468 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:16:24.0427 4468 pcw - ok
19:16:24.0453 4468 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:16:24.0457 4468 PEAUTH - ok
19:16:24.0514 4468 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:16:24.0516 4468 PerfHost - ok
19:16:24.0576 4468 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
19:16:24.0599 4468 pla - ok
19:16:24.0669 4468 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
19:16:24.0674 4468 PlugPlay - ok
19:16:24.0687 4468 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:16:24.0688 4468 PNRPAutoReg - ok
19:16:24.0702 4468 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:16:24.0704 4468 PNRPsvc - ok
19:16:24.0750 4468 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
19:16:24.0758 4468 PolicyAgent - ok
19:16:24.0794 4468 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:16:24.0796 4468 Power - ok
19:16:24.0877 4468 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
19:16:24.0879 4468 PptpMiniport - ok
19:16:24.0899 4468 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:16:24.0900 4468 Processor - ok
19:16:24.0921 4468 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
19:16:24.0924 4468 ProfSvc - ok
19:16:24.0963 4468 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:16:24.0964 4468 ProtectedStorage - ok
19:16:24.0982 4468 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
19:16:24.0984 4468 Psched - ok
19:16:25.0004 4468 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
19:16:25.0005 4468 PxHlpa64 - ok
19:16:25.0083 4468 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:16:25.0105 4468 ql2300 - ok
19:16:25.0186 4468 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:16:25.0188 4468 ql40xx - ok
19:16:25.0213 4468 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:16:25.0218 4468 QWAVE - ok
19:16:25.0232 4468 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:16:25.0233 4468 QWAVEdrv - ok
19:16:25.0243 4468 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:16:25.0244 4468 RasAcd - ok
19:16:25.0258 4468 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:16:25.0259 4468 RasAgileVpn - ok
19:16:25.0314 4468 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:16:25.0317 4468 RasAuto - ok
19:16:25.0362 4468 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:16:25.0365 4468 Rasl2tp - ok
19:16:25.0421 4468 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
19:16:25.0428 4468 RasMan - ok
19:16:25.0440 4468 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:16:25.0442 4468 RasPppoe - ok
19:16:25.0454 4468 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:16:25.0455 4468 RasSstp - ok
19:16:25.0528 4468 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
19:16:25.0532 4468 rdbss - ok
19:16:25.0553 4468 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:16:25.0554 4468 rdpbus - ok
19:16:25.0589 4468 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:16:25.0590 4468 RDPCDD - ok
19:16:25.0606 4468 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:16:25.0607 4468 RDPENCDD - ok
19:16:25.0619 4468 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:16:25.0620 4468 RDPREFMP - ok
19:16:25.0663 4468 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
19:16:25.0665 4468 RDPWD - ok
19:16:25.0685 4468 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
19:16:25.0688 4468 rdyboost - ok
19:16:25.0721 4468 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:16:25.0723 4468 RemoteAccess - ok
19:16:25.0750 4468 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:16:25.0754 4468 RemoteRegistry - ok
19:16:25.0909 4468 RoxMediaDB10 (05fc44d32a144925eae45570029fd6e1) c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
19:16:25.0934 4468 RoxMediaDB10 - ok
19:16:25.0950 4468 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:16:25.0953 4468 RpcEptMapper - ok
19:16:25.0965 4468 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:16:25.0967 4468 RpcLocator - ok
19:16:25.0991 4468 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
19:16:25.0994 4468 RpcSs - ok
19:16:26.0029 4468 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:16:26.0030 4468 rspndr - ok
19:16:26.0034 4468 RxFilter - ok
19:16:26.0062 4468 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:16:26.0063 4468 SamSs - ok
19:16:26.0077 4468 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
19:16:26.0079 4468 sbp2port - ok
19:16:26.0095 4468 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:16:26.0099 4468 SCardSvr - ok
19:16:26.0112 4468 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
19:16:26.0113 4468 scfilter - ok
19:16:26.0179 4468 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
19:16:26.0197 4468 Schedule - ok
19:16:26.0216 4468 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
19:16:26.0217 4468 SCPolicySvc - ok
19:16:26.0244 4468 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
19:16:26.0248 4468 SDRSVC - ok
19:16:26.0272 4468 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:16:26.0273 4468 secdrv - ok
19:16:26.0299 4468 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
19:16:26.0301 4468 seclogon - ok
19:16:26.0336 4468 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
19:16:26.0337 4468 SENS - ok
19:16:26.0345 4468 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:16:26.0347 4468 SensrSvc - ok
19:16:26.0365 4468 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:16:26.0366 4468 Serenum - ok
19:16:26.0380 4468 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:16:26.0382 4468 Serial - ok
19:16:26.0396 4468 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:16:26.0397 4468 sermouse - ok
19:16:26.0419 4468 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
19:16:26.0421 4468 SessionEnv - ok
19:16:26.0438 4468 SessionLauncher - ok
19:16:26.0554 4468 SfCtlCom (52c525bf4d78125a5064d0d1705f04b6) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
19:16:26.0562 4468 SfCtlCom - ok
19:16:26.0589 4468 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
19:16:26.0591 4468 sffdisk - ok
19:16:26.0595 4468 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:16:26.0596 4468 sffp_mmc - ok
19:16:26.0607 4468 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:16:26.0608 4468 sffp_sd - ok
19:16:26.0623 4468 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:16:26.0624 4468 sfloppy - ok
19:16:26.0662 4468 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:16:26.0668 4468 SharedAccess - ok
19:16:26.0688 4468 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
19:16:26.0694 4468 ShellHWDetection - ok
19:16:26.0728 4468 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:16:26.0729 4468 SiSRaid2 - ok
19:16:26.0744 4468 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:16:26.0746 4468 SiSRaid4 - ok
19:16:26.0781 4468 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:16:26.0783 4468 Smb - ok
19:16:26.0809 4468 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:16:26.0811 4468 SNMPTRAP - ok
19:16:26.0823 4468 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:16:26.0824 4468 spldr - ok
19:16:26.0875 4468 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
19:16:26.0883 4468 Spooler - ok
19:16:26.0980 4468 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
19:16:27.0033 4468 sppsvc - ok
19:16:27.0100 4468 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:16:27.0103 4468 sppuinotify - ok
19:16:27.0173 4468 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
19:16:27.0175 4468 sprtsvc_DellSupportCenter - ok
19:16:27.0235 4468 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
19:16:27.0241 4468 srv - ok
19:16:27.0268 4468 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
19:16:27.0273 4468 srv2 - ok
19:16:27.0315 4468 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
19:16:27.0317 4468 srvnet - ok
19:16:27.0351 4468 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:16:27.0355 4468 SSDPSRV - ok
19:16:27.0371 4468 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:16:27.0373 4468 SstpSvc - ok
19:16:27.0391 4468 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:16:27.0392 4468 stexstor - ok
19:16:27.0451 4468 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
19:16:27.0459 4468 stisvc - ok
19:16:27.0526 4468 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
19:16:27.0527 4468 stllssvr - ok
19:16:27.0535 4468 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:16:27.0536 4468 swenum - ok
19:16:27.0561 4468 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:16:27.0571 4468 swprv - ok
19:16:27.0624 4468 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
19:16:27.0656 4468 SysMain - ok
19:16:27.0697 4468 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
19:16:27.0700 4468 TabletInputService - ok
19:16:27.0724 4468 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
19:16:27.0727 4468 TapiSrv - ok
19:16:27.0751 4468 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:16:27.0752 4468 TBS - ok
19:16:27.0860 4468 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
19:16:27.0867 4468 Tcpip - ok
19:16:28.0009 4468 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
19:16:28.0024 4468 TCPIP6 - ok
19:16:28.0078 4468 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
19:16:28.0079 4468 tcpipreg - ok
19:16:28.0084 4468 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:16:28.0085 4468 TDPIPE - ok
19:16:28.0134 4468 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
19:16:28.0135 4468 TDTCP - ok
19:16:28.0149 4468 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
19:16:28.0151 4468 tdx - ok
19:16:28.0185 4468 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
19:16:28.0185 4468 TermDD - ok
19:16:28.0227 4468 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
19:16:28.0233 4468 TermService - ok
19:16:28.0251 4468 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:16:28.0252 4468 Themes - ok
19:16:28.0292 4468 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:16:28.0293 4468 THREADORDER - ok
19:16:28.0390 4468 TMBMServer (963c903e5176c5cdcae321d48635b21f) C:\Program Files\Trend Micro\BM\TMBMSRV.exe
19:16:28.0395 4468 TMBMServer - ok
19:16:28.0417 4468 tmlwf (35a6aeb61c7cf21b10cc05bda47339b5) C:\Windows\system32\DRIVERS\tmlwf.sys
19:16:28.0418 4468 tmlwf - ok
19:16:28.0458 4468 TmPfw (c52867f238ef1aafcd35f8d134b8ab10) C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
19:16:28.0466 4468 TmPfw - ok
19:16:28.0514 4468 tmpreflt (803ee35df92815ea5d41cee7410c8cc1) C:\Windows\system32\DRIVERS\tmpreflt.sys
19:16:28.0515 4468 tmpreflt - ok
19:16:28.0583 4468 TmProxy (3ae913b4fbf06ee49831ff9db2330830) C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
19:16:28.0601 4468 TmProxy - ok
19:16:28.0620 4468 tmtdi (21cc12b7f8b44e91d03ead5b17aaf0b2) C:\Windows\system32\DRIVERS\tmtdi.sys
19:16:28.0621 4468 tmtdi - ok
19:16:28.0643 4468 tmwfp (a4670e50c15d7bce7226e4b62700df09) C:\Windows\system32\DRIVERS\tmwfp.sys
19:16:28.0644 4468 tmwfp - ok
19:16:28.0694 4468 tmxpflt (9bd32132a3470cefb3cbea5fa492bd6f) C:\Windows\system32\DRIVERS\tmxpflt.sys
19:16:28.0697 4468 tmxpflt - ok
19:16:28.0710 4468 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:16:28.0713 4468 TrkWks - ok
19:16:28.0754 4468 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
19:16:28.0757 4468 TrustedInstaller - ok
19:16:28.0779 4468 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:16:28.0780 4468 tssecsrv - ok
19:16:28.0830 4468 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
19:16:28.0832 4468 tunnel - ok
19:16:28.0846 4468 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:16:28.0848 4468 uagp35 - ok
19:16:28.0865 4468 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
19:16:28.0867 4468 udfs - ok
19:16:28.0885 4468 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:16:28.0887 4468 UI0Detect - ok
19:16:28.0918 4468 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
19:16:28.0920 4468 uliagpkx - ok
19:16:28.0930 4468 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
19:16:28.0931 4468 umbus - ok
19:16:28.0959 4468 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:16:28.0960 4468 UmPass - ok
19:16:29.0076 4468 UMVPFSrv (927754abf077aeb5504be4e0f2c60c1b) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
19:16:29.0081 4468 UMVPFSrv - ok
19:16:29.0107 4468 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:16:29.0113 4468 upnphost - ok
19:16:29.0150 4468 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
19:16:29.0152 4468 USBAAPL64 - ok
19:16:29.0207 4468 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
19:16:29.0209 4468 usbaudio - ok
19:16:29.0242 4468 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
19:16:29.0244 4468 usbccgp - ok
19:16:29.0264 4468 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
19:16:29.0266 4468 usbcir - ok
19:16:29.0288 4468 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
19:16:29.0289 4468 usbehci - ok
19:16:29.0328 4468 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
19:16:29.0332 4468 usbhub - ok
19:16:29.0338 4468 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
19:16:29.0340 4468 usbohci - ok
19:16:29.0465 4468 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:16:29.0467 4468 usbprint - ok
19:16:29.0661 4468 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:16:29.0662 4468 usbscan - ok
19:16:29.0697 4468 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:16:29.0698 4468 USBSTOR - ok
19:16:29.0716 4468 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
19:16:29.0717 4468 usbuhci - ok
19:16:29.0733 4468 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:16:29.0736 4468 UxSms - ok
19:16:29.0766 4468 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:16:29.0768 4468 VaultSvc - ok
19:16:29.0781 4468 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
19:16:29.0781 4468 vdrvroot - ok
19:16:29.0803 4468 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
19:16:29.0808 4468 vds - ok
19:16:29.0823 4468 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:16:29.0824 4468 vga - ok
19:16:29.0834 4468 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:16:29.0834 4468 VgaSave - ok
19:16:29.0851 4468 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
19:16:29.0854 4468 vhdmp - ok
19:16:29.0867 4468 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
19:16:29.0869 4468 viaide - ok
19:16:29.0910 4468 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
19:16:29.0911 4468 volmgr - ok
19:16:29.0931 4468 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
19:16:29.0934 4468 volmgrx - ok
19:16:29.0953 4468 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
19:16:29.0956 4468 volsnap - ok
19:16:30.0075 4468 vsapint (b01ce1f5a44126892240d179a6dbd43f) C:\Windows\system32\DRIVERS\vsapint.sys
19:16:30.0087 4468 vsapint - ok
19:16:30.0196 4468 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:16:30.0199 4468 vsmraid - ok
19:16:30.0253 4468 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
19:16:30.0275 4468 VSS - ok
19:16:30.0328 4468 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
19:16:30.0329 4468 vwifibus - ok
19:16:30.0374 4468 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:16:30.0381 4468 W32Time - ok
19:16:30.0400 4468 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:16:30.0400 4468 WacomPen - ok
19:16:30.0435 4468 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:16:30.0437 4468 WANARP - ok
19:16:30.0442 4468 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:16:30.0443 4468 Wanarpv6 - ok
19:16:30.0522 4468 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:16:30.0545 4468 WatAdminSvc - ok
19:16:30.0597 4468 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
19:16:30.0622 4468 wbengine - ok
19:16:30.0678 4468 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:16:30.0683 4468 WbioSrvc - ok
19:16:30.0731 4468 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
19:16:30.0738 4468 wcncsvc - ok
19:16:30.0753 4468 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:16:30.0756 4468 WcsPlugInService - ok
19:16:30.0775 4468 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:16:30.0777 4468 Wd - ok
19:16:30.0809 4468 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:16:30.0813 4468 Wdf01000 - ok
19:16:30.0825 4468 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:16:30.0827 4468 WdiServiceHost - ok
19:16:30.0830 4468 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:16:30.0832 4468 WdiSystemHost - ok
19:16:30.0870 4468 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
19:16:30.0875 4468 WebClient - ok
19:16:30.0895 4468 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:16:30.0900 4468 Wecsvc - ok
19:16:30.0914 4468 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:16:30.0916 4468 wercplsupport - ok
19:16:30.0956 4468 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:16:30.0959 4468 WerSvc - ok
19:16:30.0972 4468 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:16:30.0973 4468 WfpLwf - ok
19:16:30.0978 4468 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:16:30.0980 4468 WIMMount - ok
19:16:31.0024 4468 WinDefend - ok
19:16:31.0028 4468 WinHttpAutoProxySvc - ok
19:16:31.0067 4468 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:16:31.0069 4468 Winmgmt - ok
19:16:31.0136 4468 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
19:16:31.0170 4468 WinRM - ok
19:16:31.0273 4468 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
19:16:31.0274 4468 WinUsb - ok
19:16:31.0306 4468 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:16:31.0316 4468 Wlansvc - ok
19:16:31.0433 4468 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:16:31.0462 4468 wlidsvc - ok
19:16:31.0515 4468 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:16:31.0516 4468 WmiAcpi - ok
19:16:31.0547 4468 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:16:31.0550 4468 wmiApSrv - ok
19:16:31.0566 4468 WMPNetworkSvc - ok
19:16:31.0581 4468 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:16:31.0582 4468 WPCSvc - ok
19:16:31.0595 4468 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
19:16:31.0597 4468 WPDBusEnum - ok
19:16:31.0611 4468 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:16:31.0611 4468 ws2ifsl - ok
19:16:31.0661 4468 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
19:16:31.0662 4468 wscsvc - ok
19:16:31.0664 4468 WSearch - ok
19:16:31.0735 4468 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
19:16:31.0773 4468 wuauserv - ok
19:16:31.0831 4468 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
19:16:31.0833 4468 WudfPf - ok
19:16:31.0847 4468 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:16:31.0849 4468 WUDFRd - ok
19:16:31.0866 4468 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
19:16:31.0868 4468 wudfsvc - ok
19:16:31.0888 4468 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:16:31.0892 4468 WwanSvc - ok
19:16:31.0906 4468 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:16:31.0955 4468 \Device\Harddisk0\DR0 - ok
19:16:31.0962 4468 MBR (0x1B8) (c09991114578573da4794fefd4a11b20) \Device\Harddisk7\DR7
19:16:33.0615 4468 \Device\Harddisk7\DR7 - ok
19:16:33.0619 4468 Boot (0x1200) (ad17c5475dc0ed2687e931c2f96b53ee) \Device\Harddisk0\DR0\Partition0
19:16:33.0620 4468 \Device\Harddisk0\DR0\Partition0 - ok
19:16:33.0624 4468 Boot (0x1200) (208845e9b7ed746d90e8852c6d94010c) \Device\Harddisk0\DR0\Partition1
19:16:33.0626 4468 \Device\Harddisk0\DR0\Partition1 - ok
19:16:33.0627 4468 ============================================================
19:16:33.0627 4468 Scan finished
19:16:33.0627 4468 ============================================================
19:16:33.0636 1064 Detected object count: 0
19:16:33.0636 1064 Actual detected object count: 0
19:16:36.0550 4892 ============================================================
19:16:36.0550 4892 Scan started
19:16:36.0550 4892 Mode: Manual;
19:16:36.0550 4892 ============================================================
19:16:36.0763 4892 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
19:16:36.0764 4892 1394ohci - ok
19:16:36.0777 4892 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
19:16:36.0779 4892 ACPI - ok
19:16:36.0794 4892 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
19:16:36.0794 4892 AcpiPmi - ok
19:16:36.0868 4892 Adobe LM Service (5ddc0a8d2cd60bda593ddaf45821ce08) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
19:16:36.0869 4892 Adobe LM Service - ok
19:16:36.0959 4892 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:16:36.0961 4892 AdobeFlashPlayerUpdateSvc - ok
19:16:36.0991 4892 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:16:36.0995 4892 adp94xx - ok
19:16:37.0010 4892 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:16:37.0013 4892 adpahci - ok
19:16:37.0021 4892 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:16:37.0022 4892 adpu320 - ok
19:16:37.0044 4892 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:16:37.0044 4892 AeLookupSvc - ok
19:16:37.0095 4892 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
19:16:37.0099 4892 AFD - ok
19:16:37.0107 4892 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
19:16:37.0108 4892 agp440 - ok
19:16:37.0116 4892 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:16:37.0117 4892 ALG - ok
19:16:37.0126 4892 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
19:16:37.0127 4892 aliide - ok
19:16:37.0129 4892 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
19:16:37.0130 4892 amdide - ok
19:16:37.0135 4892 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:16:37.0135 4892 AmdK8 - ok
19:16:37.0139 4892 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:16:37.0140 4892 AmdPPM - ok
19:16:37.0150 4892 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
19:16:37.0151 4892 amdsata - ok
19:16:37.0168 4892 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:16:37.0169 4892 amdsbs - ok
19:16:37.0179 4892 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
19:16:37.0179 4892 amdxata - ok
19:16:37.0187 4892 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
19:16:37.0187 4892 AppID - ok
19:16:37.0200 4892 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:16:37.0201 4892 AppIDSvc - ok
19:16:37.0215 4892 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
19:16:37.0216 4892 Appinfo - ok
19:16:37.0265 4892 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:16:37.0266 4892 Apple Mobile Device - ok
19:16:37.0283 4892 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:16:37.0284 4892 arc - ok
19:16:37.0291 4892 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:16:37.0292 4892 arcsas - ok
19:16:37.0294 4892 Ascdinps - ok
19:16:37.0306 4892 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:16:37.0306 4892 AsyncMac - ok
19:16:37.0314 4892 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
19:16:37.0315 4892 atapi - ok
19:16:37.0339 4892 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
19:16:37.0342 4892 AudioEndpointBuilder - ok
19:16:37.0347 4892 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
19:16:37.0350 4892 AudioSrv - ok
19:16:37.0365 4892 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
19:16:37.0365 4892 AxInstSV - ok
19:16:37.0390 4892 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:16:37.0395 4892 b06bdrv - ok
19:16:37.0413 4892 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:16:37.0414 4892 b57nd60a - ok
19:16:37.0440 4892 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:16:37.0440 4892 BDESVC - ok
19:16:37.0451 4892 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:16:37.0452 4892 Beep - ok
19:16:37.0472 4892 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
19:16:37.0476 4892 BFE - ok
19:16:37.0515 4892 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
19:16:37.0520 4892 BITS - ok
19:16:37.0543 4892 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:16:37.0543 4892 blbdrive - ok
19:16:37.0625 4892 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
19:16:37.0629 4892 Bonjour Service - ok
19:16:37.0663 4892 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
19:16:37.0663 4892 bowser - ok
19:16:37.0671 4892 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:16:37.0671 4892 BrFiltLo - ok
19:16:37.0680 4892 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:16:37.0680 4892 BrFiltUp - ok
19:16:37.0698 4892 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
19:16:37.0699 4892 BridgeMP - ok
19:16:37.0720 4892 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
19:16:37.0722 4892 Browser - ok
19:16:37.0741 4892 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:16:37.0744 4892 Brserid - ok
19:16:37.0749 4892 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:16:37.0750 4892 BrSerWdm - ok
19:16:37.0764 4892 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:16:37.0764 4892 BrUsbMdm - ok
19:16:37.0769 4892 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:16:37.0770 4892 BrUsbSer - ok
19:16:37.0781 4892 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:16:37.0781 4892 BTHMODEM - ok
19:16:37.0790 4892 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:16:37.0791 4892 bthserv - ok
19:16:37.0792 4892 catchme - ok
19:16:37.0809 4892 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:16:37.0810 4892 cdfs - ok
19:16:37.0823 4892 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
19:16:37.0823 4892 cdrom - ok
19:16:37.0838 4892 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
19:16:37.0839 4892 CertPropSvc - ok
19:16:37.0856 4892 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:16:37.0857 4892 circlass - ok
19:16:37.0878 4892 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:16:37.0881 4892 CLFS - ok
19:16:37.0938 4892 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:16:37.0940 4892 clr_optimization_v2.0.50727_32 - ok
19:16:37.0966 4892 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:16:37.0968 4892 clr_optimization_v2.0.50727_64 - ok
19:16:38.0031 4892 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:16:38.0032 4892 clr_optimization_v4.0.30319_32 - ok
19:16:38.0050 4892 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:16:38.0052 4892 clr_optimization_v4.0.30319_64 - ok
19:16:38.0063 4892 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:16:38.0063 4892 CmBatt - ok
19:16:38.0077 4892 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
19:16:38.0077 4892 cmdide - ok
19:16:38.0122 4892 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
19:16:38.0123 4892 CNG - ok
19:16:38.0126 4892 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:16:38.0127 4892 Compbatt - ok
19:16:38.0133 4892 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:16:38.0134 4892 CompositeBus - ok
19:16:38.0136 4892 COMSysApp - ok
19:16:38.0146 4892 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:16:38.0147 4892 crcdisk - ok
19:16:38.0183 4892 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
19:16:38.0184 4892 CryptSvc - ok
19:16:38.0221 4892 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
19:16:38.0225 4892 DcomLaunch - ok
19:16:38.0252 4892 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:16:38.0254 4892 defragsvc - ok
19:16:38.0292 4892 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
19:16:38.0294 4892 DfsC - ok
19:16:38.0314 4892 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
19:16:38.0316 4892 Dhcp - ok
19:16:38.0322 4892 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:16:38.0322 4892 discache - ok
19:16:38.0340 4892 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:16:38.0340 4892 Disk - ok
19:16:38.0376 4892 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
19:16:38.0378 4892 Dnscache - ok
19:16:38.0443 4892 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
19:16:38.0444 4892 DockLoginService - ok
19:16:38.0461 4892 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
19:16:38.0462 4892 dot3svc - ok
19:16:38.0471 4892 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
19:16:38.0473 4892 DPS - ok
19:16:38.0488 4892 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:16:38.0489 4892 drmkaud - ok
19:16:38.0548 4892 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
19:16:38.0553 4892 DXGKrnl - ok
19:16:38.0568 4892 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:16:38.0569 4892 EapHost - ok
19:16:38.0651 4892 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:16:38.0663 4892 ebdrv - ok
19:16:38.0740 4892 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
19:16:38.0742 4892 EFS - ok
19:16:38.0805 4892 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
19:16:38.0811 4892 ehRecvr - ok
19:16:38.0836 4892 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:16:38.0836 4892 ehSched - ok
19:16:38.0879 4892 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:16:38.0884 4892 elxstor - ok
19:16:38.0902 4892 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
19:16:38.0902 4892 ErrDev - ok
19:16:38.0929 4892 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:16:38.0931 4892 EventSystem - ok
19:16:38.0948 4892 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:16:38.0949 4892 exfat - ok
19:16:38.0963 4892 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:16:38.0964 4892 fastfat - ok
19:16:38.0988 4892 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
19:16:38.0991 4892 Fax - ok
19:16:39.0004 4892 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:16:39.0005 4892 fdc - ok
19:16:39.0018 4892 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:16:39.0019 4892 fdPHost - ok
19:16:39.0030 4892 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:16:39.0030 4892 FDResPub - ok
19:16:39.0039 4892 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:16:39.0040 4892 FileInfo - ok
19:16:39.0054 4892 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:16:39.0055 4892 Filetrace - ok
19:16:39.0064 4892 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:16:39.0064 4892 flpydisk - ok
19:16:39.0086 4892 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
19:16:39.0088 4892 FltMgr - ok
19:16:39.0146 4892 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
19:16:39.0155 4892 FontCache - ok
19:16:39.0199 4892 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:16:39.0200 4892 FontCache3.0.0.0 - ok
19:16:39.0218 4892 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:16:39.0219 4892 FsDepends - ok
19:16:39.0245 4892 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
19:16:39.0246 4892 Fs_Rec - ok
19:16:39.0283 4892 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:16:39.0284 4892 fvevol - ok
19:16:39.0296 4892 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:16:39.0296 4892 gagp30kx - ok
19:16:39.0325 4892 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:16:39.0325 4892 GEARAspiWDM - ok
19:16:39.0365 4892 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
19:16:39.0365 4892 GoToAssist - ok
19:16:39.0398 4892 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
19:16:39.0401 4892 gpsvc - ok
19:16:39.0405 4892 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:16:39.0405 4892 hcw85cir - ok
19:16:39.0429 4892 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:16:39.0429 4892 HDAudBus - ok
19:16:39.0433 4892 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:16:39.0433 4892 HidBatt - ok
19:16:39.0445 4892 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:16:39.0446 4892 HidBth - ok
19:16:39.0459 4892 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:16:39.0460 4892 HidIr - ok
19:16:39.0476 4892 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
19:16:39.0477 4892 hidserv - ok
19:16:39.0488 4892 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
19:16:39.0489 4892 HidUsb - ok
19:16:39.0509 4892 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
19:16:39.0510 4892 hkmsvc - ok
19:16:39.0589 4892 hnmsvc (583431a6989fd8b901d1883c0299c471) c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
19:16:39.0594 4892 hnmsvc - ok
19:16:39.0608 4892 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
19:16:39.0609 4892 HomeGroupListener - ok
19:16:39.0630 4892 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
19:16:39.0631 4892 HomeGroupProvider - ok
19:16:39.0646 4892 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
19:16:39.0647 4892 HpSAMD - ok
19:16:39.0682 4892 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
19:16:39.0689 4892 HTTP - ok
19:16:39.0698 4892 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
19:16:39.0698 4892 hwpolicy - ok
19:16:39.0712 4892 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:16:39.0712 4892 i8042prt - ok
19:16:39.0741 4892 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
19:16:39.0743 4892 iaStor - ok
19:16:39.0784 4892 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
19:16:39.0788 4892 iaStorV - ok
19:16:40.0028 4892 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:16:40.0035 4892 idsvc - ok
19:16:40.0042 4892 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:16:40.0043 4892 iirsp - ok
19:16:40.0092 4892 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
19:16:40.0096 4892 IKEEXT - ok
19:16:40.0155 4892 IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys
19:16:40.0162 4892 IntcAzAudAddService - ok
19:16:40.0218 4892 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
19:16:40.0219 4892 intelide - ok
19:16:40.0235 4892 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:16:40.0235 4892 intelppm - ok
19:16:40.0244 4892 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:16:40.0246 4892 IPBusEnum - ok
19:16:40.0263 4892 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:16:40.0264 4892 IpFilterDriver - ok
19:16:40.0292 4892 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
19:16:40.0295 4892 iphlpsvc - ok
19:16:40.0311 4892 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:16:40.0311 4892 IPMIDRV - ok
19:16:40.0322 4892 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:16:40.0323 4892 IPNAT - ok
19:16:40.0378 4892 iPod Service (a3bda1a8a016b5e5a525bcf684894ebe) C:\Program Files\iPod\bin\iPodService.exe
19:16:40.0383 4892 iPod Service - ok
19:16:40.0396 4892 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:16:40.0396 4892 IRENUM - ok
19:16:40.0411 4892 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
19:16:40.0411 4892 isapnp - ok
19:16:40.0436 4892 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
19:16:40.0437 4892 iScsiPrt - ok
19:16:40.0453 4892 k57nd60a (249ee2d26cb1530f3bede0ac8b9e3099) C:\Windows\system32\DRIVERS\k57nd60a.sys
19:16:40.0454 4892 k57nd60a - ok
19:16:40.0461 4892 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:16:40.0461 4892 kbdclass - ok
19:16:40.0474 4892 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
19:16:40.0475 4892 kbdhid - ok
19:16:40.0505 4892 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:16:40.0505 4892 KeyIso - ok
19:16:40.0516 4892 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
19:16:40.0516 4892 KSecDD - ok
19:16:40.0528 4892 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
19:16:40.0528 4892 KSecPkg - ok
19:16:40.0531 4892 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:16:40.0531 4892 ksthunk - ok
19:16:40.0556 4892 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:16:40.0558 4892 KtmRm - ok
19:16:40.0597 4892 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
19:16:40.0599 4892 LanmanServer - ok
19:16:40.0620 4892 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
19:16:40.0622 4892 LanmanWorkstation - ok
19:16:40.0637 4892 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:16:40.0638 4892 lltdio - ok
19:16:40.0662 4892 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:16:40.0664 4892 lltdsvc - ok
19:16:40.0675 4892 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:16:40.0675 4892 lmhosts - ok
19:16:40.0694 4892 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:16:40.0695 4892 LSI_FC - ok
19:16:40.0707 4892 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:16:40.0708 4892 LSI_SAS - ok
19:16:40.0723 4892 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:16:40.0724 4892 LSI_SAS2 - ok
19:16:40.0731 4892 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:16:40.0732 4892 LSI_SCSI - ok
19:16:40.0746 4892 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:16:40.0746 4892 luafv - ok
19:16:40.0811 4892 LVRS64 (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys
19:16:40.0813 4892 LVRS64 - ok
19:16:40.0930 4892 LVUVC64 (ac22f92c6078640fe8a70d662a2f3ad5) C:\Windows\system32\DRIVERS\lvuvc64.sys
19:16:40.0948 4892 LVUVC64 - ok
19:16:41.0017 4892 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
19:16:41.0019 4892 Mcx2Svc - ok
19:16:41.0041 4892 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:16:41.0041 4892 megasas - ok
19:16:41.0055 4892 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:16:41.0057 4892 MegaSR - ok
19:16:41.0072 4892 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:16:41.0073 4892 MMCSS - ok
19:16:41.0082 4892 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:16:41.0082 4892 Modem - ok
19:16:41.0093 4892 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:16:41.0094 4892 monitor - ok
19:16:41.0104 4892 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:16:41.0105 4892 mouclass - ok
19:16:41.0112 4892 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:16:41.0113 4892 mouhid - ok
19:16:41.0125 4892 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
19:16:41.0126 4892 mountmgr - ok
19:16:41.0142 4892 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
19:16:41.0143 4892 mpio - ok
19:16:41.0156 4892 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:16:41.0157 4892 mpsdrv - ok
19:16:41.0183 4892 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
19:16:41.0187 4892 MpsSvc - ok
19:16:41.0199 4892 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
19:16:41.0200 4892 MRxDAV - ok
19:16:41.0238 4892 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:16:41.0239 4892 mrxsmb - ok
19:16:41.0276 4892 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:16:41.0279 4892 mrxsmb10 - ok
19:16:41.0294 4892 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:16:41.0296 4892 mrxsmb20 - ok
19:16:41.0313 4892 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
19:16:41.0314 4892 msahci - ok
19:16:41.0333 4892 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
19:16:41.0334 4892 msdsm - ok
19:16:41.0356 4892 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:16:41.0358 4892 MSDTC - ok
19:16:41.0374 4892 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:16:41.0375 4892 Msfs - ok
19:16:41.0386 4892 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:16:41.0386 4892 mshidkmdf - ok
19:16:41.0396 4892 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
19:16:41.0397 4892 msisadrv - ok
19:16:41.0422 4892 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:16:41.0423 4892 MSiSCSI - ok
19:16:41.0424 4892 msiserver - ok
19:16:41.0437 4892 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:16:41.0437 4892 MSKSSRV - ok
19:16:41.0453 4892 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:16:41.0454 4892 MSPCLOCK - ok
19:16:41.0465 4892 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:16:41.0465 4892 MSPQM - ok
19:16:41.0488 4892 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
19:16:41.0490 4892 MsRPC - ok
19:16:41.0501 4892 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:16:41.0501 4892 mssmbios - ok
19:16:41.0509 4892 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:16:41.0510 4892 MSTEE - ok
19:16:41.0516 4892 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:16:41.0517 4892 MTConfig - ok
19:16:41.0528 4892 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:16:41.0529 4892 Mup - ok
19:16:41.0559 4892 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
19:16:41.0561 4892 napagent - ok
19:16:41.0579 4892 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:16:41.0580 4892 NativeWifiP - ok
19:16:41.0615 4892 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
19:16:41.0618 4892 NDIS - ok
19:16:41.0639 4892 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:16:41.0640 4892 NdisCap - ok
19:16:41.0653 4892 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:16:41.0653 4892 NdisTapi - ok
19:16:41.0664 4892 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
19:16:41.0665 4892 Ndisuio - ok
19:16:41.0680 4892 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:16:41.0680 4892 NdisWan - ok
19:16:41.0689 4892 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
19:16:41.0689 4892 NDProxy - ok
19:16:41.0694 4892 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:16:41.0694 4892 NetBIOS - ok
19:16:41.0708 4892 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
19:16:41.0709 4892 NetBT - ok
19:16:41.0737 4892 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:16:41.0737 4892 Netlogon - ok
19:16:41.0752 4892 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:16:41.0754 4892 Netman - ok
19:16:41.0777 4892 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:16:41.0780 4892 netprofm - ok
19:16:41.0853 4892 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:16:41.0854 4892 NetTcpPortSharing - ok
19:16:41.0866 4892 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:16:41.0866 4892 nfrd960 - ok
19:16:41.0883 4892 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
19:16:41.0884 4892 NlaSvc - ok
19:16:41.0898 4892 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:16:41.0899 4892 Npfs - ok
19:16:41.0906 4892 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:16:41.0907 4892 nsi - ok
19:16:41.0921 4892 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:16:41.0921 4892 nsiproxy - ok
19:16:41.0981 4892 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
19:16:41.0987 4892 Ntfs - ok
19:16:42.0059 4892 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:16:42.0059 4892 Null - ok
19:16:42.0078 4892 NVHDA (cb599955ce2ce9694721562f9481cd84) C:\Windows\system32\drivers\nvhda64v.sys
19:16:42.0079 4892 NVHDA - ok
19:16:42.0320 4892 nvlddmkm (51bd7ef17f0b525994ad5b3748c8288b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:16:42.0364 4892 nvlddmkm - ok
19:16:42.0425 4892 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
19:16:42.0425 4892 nvraid - ok
19:16:42.0461 4892 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
19:16:42.0462 4892 nvstor - ok
19:16:42.0519 4892 nvsvc (fce8537bf5d504680212d536a3bfe5e2) C:\Windows\system32\nvvsvc.exe
19:16:42.0524 4892 nvsvc - ok
19:16:42.0542 4892 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
19:16:42.0543 4892 nv_agp - ok
19:16:42.0618 4892 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:16:42.0623 4892 odserv - ok
19:16:42.0636 4892 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
19:16:42.0637 4892 ohci1394 - ok
19:16:42.0661 4892 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:16:42.0662 4892 ose - ok
19:16:42.0693 4892 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:16:42.0695 4892 p2pimsvc - ok
19:16:42.0709 4892 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:16:42.0711 4892 p2psvc - ok
19:16:42.0729 4892 Packet (99e6aa0ae2d05389ba7f7dff6866b569) C:\Windows\system32\DRIVERS\packet.sys
19:16:42.0730 4892 Packet - ok
19:16:42.0742 4892 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:16:42.0743 4892 Parport - ok
19:16:42.0761 4892 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
19:16:42.0762 4892 partmgr - ok
19:16:42.0776 4892 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:16:42.0779 4892 PcaSvc - ok
19:16:42.0798 4892 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
19:16:42.0799 4892 pci - ok
19:16:42.0809 4892 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
19:16:42.0809 4892 pciide - ok
19:16:42.0832 4892 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:16:42.0834 4892 pcmcia - ok
19:16:42.0848 4892 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:16:42.0849 4892 pcw - ok
19:16:42.0875 4892 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:16:42.0880 4892 PEAUTH - ok
19:16:42.0937 4892 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:16:42.0938 4892 PerfHost - ok
19:16:42.0994 4892 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
19:16:42.0999 4892 pla - ok
19:16:43.0042 4892 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
19:16:43.0045 4892 PlugPlay - ok
19:16:43.0059 4892 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:16:43.0060 4892 PNRPAutoReg - ok
19:16:43.0077 4892 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:16:43.0079 4892 PNRPsvc - ok
19:16:43.0111 4892 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
19:16:43.0114 4892 PolicyAgent - ok
19:16:43.0141 4892 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:16:43.0144 4892 Power - ok
19:16:43.0174 4892 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
19:16:43.0175 4892 PptpMiniport - ok
19:16:43.0188 4892 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:16:43.0189 4892 Processor - ok
19:16:43.0212 4892 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
19:16:43.0215 4892 ProfSvc - ok
19:16:43.0244 4892 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:16:43.0245 4892 ProtectedStorage - ok
19:16:43.0253 4892 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
19:16:43.0253 4892 Psched - ok
19:16:43.0270 4892 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
19:16:43.0271 4892 PxHlpa64 - ok
19:16:43.0325 4892 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:16:43.0331 4892 ql2300 - ok
19:16:43.0381 4892 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:16:43.0382 4892 ql40xx - ok
19:16:43.0402 4892 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:16:43.0405 4892 QWAVE - ok
19:16:43.0413 4892 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:16:43.0414 4892 QWAVEdrv - ok
19:16:43.0424 4892 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:16:43.0425 4892 RasAcd - ok
19:16:43.0447 4892 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:16:43.0448 4892 RasAgileVpn - ok
19:16:43.0460 4892 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:16:43.0461 4892 RasAuto - ok
19:16:43.0476 4892 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:16:43.0478 4892 Rasl2tp - ok
19:16:43.0502 4892 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
19:16:43.0506 4892 RasMan - ok
19:16:43.0521 4892 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:16:43.0522 4892 RasPppoe - ok
19:16:43.0535 4892 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:16:43.0536 4892 RasSstp - ok
19:16:43.0553 4892 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
19:16:43.0555 4892 rdbss - ok
19:16:43.0567 4892 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:16:43.0568 4892 rdpbus - ok
19:16:43.0579 4892 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:16:43.0579 4892 RDPCDD - ok
19:16:43.0588 4892 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:16:43.0588 4892 RDPENCDD - ok
19:16:43.0601 4892 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:16:43.0601 4892 RDPREFMP - ok
19:16:43.0629 4892 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
19:16:43.0631 4892 RDPWD - ok
19:16:43.0649 4892 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
19:16:43.0651 4892 rdyboost - ok
19:16:43.0659 4892 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:16:43.0660 4892 RemoteAccess - ok
19:16:43.0673 4892 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:16:43.0674 4892 RemoteRegistry - ok
19:16:43.0786 4892 RoxMediaDB10 (05fc44d32a144925eae45570029fd6e1) c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
19:16:43.0790 4892 RoxMediaDB10 - ok
19:16:43.0814 4892 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:16:43.0815 4892 RpcEptMapper - ok
19:16:43.0830 4892 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:16:43.0831 4892 RpcLocator - ok
19:16:43.0858 4892 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
19:16:43.0863 4892 RpcSs - ok
19:16:43.0884 4892 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:16:43.0884 4892 rspndr - ok
19:16:43.0886 4892 RxFilter - ok
19:16:43.0909 4892 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:16:43.0910 4892 SamSs - ok
19:16:43.0926 4892 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
19:16:43.0927 4892 sbp2port - ok
19:16:43.0943 4892 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:16:43.0946 4892 SCardSvr - ok
19:16:43.0960 4892 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
19:16:43.0960 4892 scfilter - ok
19:16:44.0020 4892 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
19:16:44.0025 4892 Schedule - ok
19:16:44.0039 4892 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
19:16:44.0040 4892 SCPolicySvc - ok
19:16:44.0049 4892 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
19:16:44.0051 4892 SDRSVC - ok
19:16:44.0064 4892 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:16:44.0065 4892 secdrv - ok
19:16:44.0073 4892 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
19:16:44.0074 4892 seclogon - ok
19:16:44.0084 4892 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
19:16:44.0085 4892 SENS - ok
19:16:44.0093 4892 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:16:44.0094 4892 SensrSvc - ok
19:16:44.0105 4892 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:16:44.0105 4892 Serenum - ok
19:16:44.0119 4892 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:16:44.0119 4892 Serial - ok
19:16:44.0127 4892 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:16:44.0128 4892 sermouse - ok
19:16:44.0142 4892 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
19:16:44.0143 4892 SessionEnv - ok
19:16:44.0161 4892 SessionLauncher - ok
19:16:44.0223 4892 SfCtlCom (52c525bf4d78125a5064d0d1705f04b6) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
19:16:44.0226 4892 SfCtlCom - ok
19:16:44.0237 4892 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
19:16:44.0238 4892 sffdisk - ok
19:16:44.0240 4892 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:16:44.0240 4892 sffp_mmc - ok
19:16:44.0247 4892 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:16:44.0247 4892 sffp_sd - ok
19:16:44.0254 4892 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:16:44.0255 4892 sfloppy - ok
19:16:44.0301 4892 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:16:44.0305 4892 SharedAccess - ok
19:16:44.0326 4892 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
19:16:44.0328 4892 ShellHWDetection - ok
19:16:44.0343 4892 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:16:44.0343 4892 SiSRaid2 - ok
19:16:44.0357 4892 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:16:44.0358 4892 SiSRaid4 - ok
19:16:44.0370 4892 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:16:44.0370 4892 Smb - ok
19:16:44.0383 4892 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:16:44.0385 4892 SNMPTRAP - ok
19:16:44.0397 4892 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:16:44.0397 4892 spldr - ok
19:16:44.0448 4892 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
19:16:44.0454 4892 Spooler - ok
19:16:44.0541 4892 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
19:16:44.0555 4892 sppsvc - ok
19:16:44.0614 4892 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:16:44.0616 4892 sppuinotify - ok
19:16:44.0671 4892 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
19:16:44.0672 4892 sprtsvc_DellSupportCenter - ok
19:16:44.0732 4892 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
19:16:44.0736 4892 srv - ok
19:16:44.0757 4892 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
19:16:44.0761 4892 srv2 - ok
19:16:44.0771 4892 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
19:16:44.0772 4892 srvnet - ok
19:16:44.0788 4892 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:16:44.0790 4892 SSDPSRV - ok
19:16:44.0803 4892 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:16:44.0804 4892 SstpSvc - ok
19:16:44.0823 4892 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:16:44.0823 4892 stexstor - ok
19:16:44.0857 4892 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
19:16:44.0862 4892 stisvc - ok
19:16:44.0899 4892 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
19:16:44.0900 4892 stllssvr - ok
19:16:44.0909 4892 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:16:44.0910 4892 swenum - ok
19:16:44.0933 4892 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:16:44.0937 4892 swprv - ok
19:16:44.0988 4892 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
19:16:44.0998 4892 SysMain - ok
19:16:45.0202 4892 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
19:16:45.0205 4892 TabletInputService - ok
19:16:45.0221 4892 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
19:16:45.0222 4892 TapiSrv - ok
19:16:45.0232 4892 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:16:45.0233 4892 TBS - ok
19:16:45.0314 4892 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
19:16:45.0320 4892 Tcpip - ok
19:16:45.0396 4892 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
19:16:45.0403 4892 TCPIP6 - ok
19:16:45.0443 4892 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
19:16:45.0444 4892 tcpipreg - ok
19:16:45.0448 4892 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:16:45.0448 4892 TDPIPE - ok
19:16:45.0475 4892 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
19:16:45.0475 4892 TDTCP - ok
19:16:45.0490 4892 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
19:16:45.0491 4892 tdx - ok
19:16:45.0502 4892 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
19:16:45.0503 4892 TermDD - ok
19:16:45.0528 4892 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
19:16:45.0531 4892 TermService - ok
19:16:45.0545 4892 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:16:45.0546 4892 Themes - ok
19:16:45.0567 4892 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:16:45.0568 4892 THREADORDER - ok
19:16:45.0627 4892 TMBMServer (963c903e5176c5cdcae321d48635b21f) C:\Program Files\Trend Micro\BM\TMBMSRV.exe
19:16:45.0632 4892 TMBMServer - ok
19:16:45.0657 4892 tmlwf (35a6aeb61c7cf21b10cc05bda47339b5) C:\Windows\system32\DRIVERS\tmlwf.sys
19:16:45.0658 4892 tmlwf - ok
19:16:45.0698 4892 TmPfw (c52867f238ef1aafcd35f8d134b8ab10) C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
19:16:45.0703 4892 TmPfw - ok
19:16:45.0739 4892 tmpreflt (803ee35df92815ea5d41cee7410c8cc1) C:\Windows\system32\DRIVERS\tmpreflt.sys
19:16:45.0740 4892 tmpreflt - ok
19:16:45.0783 4892 TmProxy (3ae913b4fbf06ee49831ff9db2330830) C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
19:16:45.0787 4892 TmProxy - ok
19:16:45.0811 4892 tmtdi (21cc12b7f8b44e91d03ead5b17aaf0b2) C:\Windows\system32\DRIVERS\tmtdi.sys
19:16:45.0812 4892 tmtdi - ok
19:16:45.0825 4892 tmwfp (a4670e50c15d7bce7226e4b62700df09) C:\Windows\system32\DRIVERS\tmwfp.sys
19:16:45.0826 4892 tmwfp - ok
19:16:45.0867 4892 tmxpflt (9bd32132a3470cefb3cbea5fa492bd6f) C:\Windows\system32\DRIVERS\tmxpflt.sys
19:16:45.0870 4892 tmxpflt - ok
19:16:45.0884 4892 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:16:45.0886 4892 TrkWks - ok
19:16:45.0918 4892 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
19:16:45.0920 4892 TrustedInstaller - ok
19:16:45.0945 4892 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:16:45.0945 4892 tssecsrv - ok
19:16:45.0960 4892 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
19:16:45.0962 4892 tunnel - ok
19:16:45.0977 4892 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:16:45.0978 4892 uagp35 - ok
19:16:45.0999 4892 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
19:16:46.0002 4892 udfs - ok
19:16:46.0025 4892 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:16:46.0027 4892 UI0Detect - ok
19:16:46.0042 4892 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
19:16:46.0043 4892 uliagpkx - ok
19:16:46.0054 4892 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
19:16:46.0055 4892 umbus - ok
19:16:46.0066 4892 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:16:46.0067 4892 UmPass - ok
19:16:46.0133 4892 UMVPFSrv (927754abf077aeb5504be4e0f2c60c1b) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
19:16:46.0138 4892 UMVPFSrv - ok
19:16:46.0153 4892 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:16:46.0156 4892 upnphost - ok
19:16:46.0182 4892 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
19:16:46.0183 4892 USBAAPL64 - ok
19:16:46.0205 4892 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
19:16:46.0206 4892 usbaudio - ok
19:16:46.0240 4892 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
19:16:46.0241 4892 usbccgp - ok
19:16:46.0255 4892 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
19:16:46.0256 4892 usbcir - ok
19:16:46.0292 4892 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
19:16:46.0293 4892 usbehci - ok
19:16:46.0334 4892 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
19:16:46.0337 4892 usbhub - ok
19:16:46.0342 4892 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
19:16:46.0343 4892 usbohci - ok
19:16:46.0355 4892 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:16:46.0355 4892 usbprint - ok
19:16:46.0374 4892 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:16:46.0375 4892 usbscan - ok
19:16:46.0411 4892 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:16:46.0413 4892 USBSTOR - ok
19:16:46.0432 4892 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
19:16:46.0432 4892 usbuhci - ok
19:16:46.0441 4892 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:16:46.0442 4892 UxSms - ok
19:16:46.0465 4892 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:16:46.0467 4892 VaultSvc - ok
19:16:46.0480 4892 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
19:16:46.0480 4892 vdrvroot - ok
19:16:46.0504 4892 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
19:16:46.0507 4892 vds - ok
19:16:46.0522 4892 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:16:46.0522 4892 vga - ok
19:16:46.0533 4892 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:16:46.0534 4892 VgaSave - ok
19:16:46.0551 4892 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
19:16:46.0553 4892 vhdmp - ok
19:16:46.0567 4892 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
19:16:46.0567 4892 viaide - ok
19:16:46.0577 4892 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
19:16:46.0577 4892 volmgr - ok
19:16:46.0598 4892 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
19:16:46.0602 4892 volmgrx - ok
19:16:46.0619 4892 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
19:16:46.0622 4892 volsnap - ok
19:16:46.0702 4892 vsapint (b01ce1f5a44126892240d179a6dbd43f) C:\Windows\system32\DRIVERS\vsapint.sys
19:16:46.0709 4892 vsapint - ok
19:16:46.0842 4892 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:16:46.0843 4892 vsmraid - ok
19:16:46.0895 4892 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
19:16:46.0902 4892 VSS - ok
19:16:46.0944 4892 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
19:16:46.0945 4892 vwifibus - ok
19:16:46.0962 4892 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:16:46.0964 4892 W32Time - ok
19:16:46.0974 4892 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:16:46.0974 4892 WacomPen - ok
19:16:46.0991 4892 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:16:46.0991 4892 WANARP - ok
19:16:46.0993 4892 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:16:46.0994 4892 Wanarpv6 - ok
19:16:47.0052 4892 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:16:47.0059 4892 WatAdminSvc - ok
19:16:47.0116 4892 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
19:16:47.0127 4892 wbengine - ok
19:16:47.0168 4892 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:16:47.0172 4892 WbioSrvc - ok
19:16:47.0213 4892 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
19:16:47.0218 4892 wcncsvc - ok
19:16:47.0227 4892 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:16:47.0230 4892 WcsPlugInService - ok
19:16:47.0250 4892 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:16:47.0251 4892 Wd - ok
19:16:47.0285 4892 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:16:47.0287 4892 Wdf01000 - ok
19:16:47.0298 4892 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:16:47.0299 4892 WdiServiceHost - ok
19:16:47.0301 4892 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:16:47.0302 4892 WdiSystemHost - ok
19:16:47.0335 4892 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
19:16:47.0337 4892 WebClient - ok
19:16:47.0352 4892 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:16:47.0356 4892 Wecsvc - ok
19:16:47.0371 4892 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:16:47.0374 4892 wercplsupport - ok
19:16:47.0388 4892 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:16:47.0390 4892 WerSvc - ok
19:16:47.0405 4892 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:16:47.0405 4892 WfpLwf - ok
19:16:47.0410 4892 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:16:47.0410 4892 WIMMount - ok
19:16:47.0415 4892 WinDefend - ok
19:16:47.0420 4892 WinHttpAutoProxySvc - ok
19:16:47.0458 4892 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:16:47.0459 4892 Winmgmt - ok
19:16:47.0593 4892 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
19:16:47.0608 4892 WinRM - ok
19:16:47.0664 4892 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
19:16:47.0665 4892 WinUsb - ok
19:16:47.0701 4892 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:16:47.0706 4892 Wlansvc - ok
19:16:47.0789 4892 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:16:47.0798 4892 wlidsvc - ok
19:16:47.0840 4892 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:16:47.0841 4892 WmiAcpi - ok
19:16:47.0862 4892 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:16:47.0864 4892 wmiApSrv - ok
19:16:47.0877 4892 WMPNetworkSvc - ok
19:16:47.0889 4892 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:16:47.0891 4892 WPCSvc - ok
19:16:47.0904 4892 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
19:16:47.0906 4892 WPDBusEnum - ok
19:16:47.0919 4892 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:16:47.0920 4892 ws2ifsl - ok
19:16:47.0953 4892 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
19:16:47.0955 4892 wscsvc - ok
19:16:47.0958 4892 WSearch - ok
19:16:48.0027 4892 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
19:16:48.0036 4892 wuauserv - ok
19:16:48.0079 4892 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
19:16:48.0080 4892 WudfPf - ok
19:16:48.0097 4892 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:16:48.0099 4892 WUDFRd - ok
19:16:48.0115 4892 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
19:16:48.0118 4892 wudfsvc - ok
19:16:48.0155 4892 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:16:48.0159 4892 WwanSvc - ok
19:16:48.0173 4892 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:16:48.0231 4892 \Device\Harddisk0\DR0 - ok
19:16:48.0236 4892 MBR (0x1B8) (c09991114578573da4794fefd4a11b20) \Device\Harddisk7\DR7
19:16:49.0878 4892 \Device\Harddisk7\DR7 - ok
19:16:49.0920 4892 Boot (0x1200) (ad17c5475dc0ed2687e931c2f96b53ee) \Device\Harddisk0\DR0\Partition0
19:16:49.0922 4892 \Device\Harddisk0\DR0\Partition0 - ok
19:16:49.0925 4892 Boot (0x1200) (208845e9b7ed746d90e8852c6d94010c) \Device\Harddisk0\DR0\Partition1
19:16:49.0926 4892 \Device\Harddisk0\DR0\Partition1 - ok
19:16:49.0927 4892 ============================================================
19:16:49.0927 4892 Scan finished
19:16:49.0927 4892 ============================================================
19:16:49.0936 2088 Detected object count: 0
19:16:49.0936 2088 Actual detected object count: 0




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-10 19:19:44
-----------------------------
19:19:44.645 OS Version: Windows x64 6.1.7600
19:19:44.645 Number of processors: 4 586 0x1E05
19:19:44.645 ComputerName: CARLASTELMA-PC UserName: Carla Stelma
19:19:47.481 Initialize success
19:21:54.224 AVAST engine defs: 12050901
19:27:54.071 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:27:54.075 Disk 0 Vendor: ST31000528AS CC45 Size: 953869MB BusType: 3
19:27:54.104 Disk 0 MBR read successfully
19:27:54.109 Disk 0 MBR scan
19:27:54.115 Disk 0 Windows 7 default MBR code
19:27:54.121 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
19:27:54.136 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 9842 MB offset 129024
19:27:54.148 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 943963 MB offset 20285440
19:27:54.164 Disk 0 scanning C:\Windows\system32\drivers
19:28:02.713 Service scanning
19:28:16.325 Modules scanning
19:28:16.340 Disk 0 trace - called modules:
19:28:16.355 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
19:28:16.361 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b83060]
19:28:16.364 3 CLASSPNP.SYS[fffff880016fe43f] -> nt!IofCallDriver -> [0xfffffa8004a6e520]
19:28:16.367 5 ACPI.sys[fffff88000f08781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004a6a680]
19:28:34.979 AVAST engine scan C:\Windows
19:28:40.582 AVAST engine scan C:\Windows\system32
19:28:48.808 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
19:30:43.704 AVAST engine scan C:\Windows\system32\drivers
19:30:53.478 AVAST engine scan C:\Users\Carla Stelma
19:36:14.367 AVAST engine scan C:\ProgramData
19:38:58.195 Scan finished successfully
19:39:24.131 Disk 0 MBR has been saved successfully to "C:\Users\Carla Stelma\Desktop\MBR.dat"
19:39:24.135 The log file has been saved successfully to "C:\Users\Carla Stelma\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-10 19:19:44
-----------------------------
19:19:44.645 OS Version: Windows x64 6.1.7600
19:19:44.645 Number of processors: 4 586 0x1E05
19:19:44.645 ComputerName: CARLASTELMA-PC UserName: Carla Stelma
19:19:47.481 Initialize success
19:21:54.224 AVAST engine defs: 12050901
19:27:54.071 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:27:54.075 Disk 0 Vendor: ST31000528AS CC45 Size: 953869MB BusType: 3
19:27:54.104 Disk 0 MBR read successfully
19:27:54.109 Disk 0 MBR scan
19:27:54.115 Disk 0 Windows 7 default MBR code
19:27:54.121 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
19:27:54.136 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 9842 MB offset 129024
19:27:54.148 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 943963 MB offset 20285440
19:27:54.164 Disk 0 scanning C:\Windows\system32\drivers
19:28:02.713 Service scanning
19:28:16.325 Modules scanning
19:28:16.340 Disk 0 trace - called modules:
19:28:16.355 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
19:28:16.361 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b83060]
19:28:16.364 3 CLASSPNP.SYS[fffff880016fe43f] -> nt!IofCallDriver -> [0xfffffa8004a6e520]
19:28:16.367 5 ACPI.sys[fffff88000f08781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004a6a680]
19:28:34.979 AVAST engine scan C:\Windows
19:28:40.582 AVAST engine scan C:\Windows\system32
19:28:48.808 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
19:30:43.704 AVAST engine scan C:\Windows\system32\drivers
19:30:53.478 AVAST engine scan C:\Users\Carla Stelma
19:36:14.367 AVAST engine scan C:\ProgramData
19:38:58.195 Scan finished successfully
19:39:24.131 Disk 0 MBR has been saved successfully to "C:\Users\Carla Stelma\Desktop\MBR.dat"
19:39:24.135 The log file has been saved successfully to "C:\Users\Carla Stelma\Desktop\aswMBR.txt"
19:40:33.564 Disk 0 MBR has been saved successfully to "C:\Users\Carla Stelma\Desktop\MBR.dat"
19:40:33.568 The log file has been saved successfully to "C:\Users\Carla Stelma\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:38 PM

Posted 10 May 2012 - 07:25 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\Vuze_Remote

File::
C:\Windows\system32\consrv.dll

DDS::
uStart Page = hxxp://search.babylon.com/home?AF=10588

Firefox::
FF - ProfilePath - c:\users\Carla Stelma\AppData\Roaming\Mozilla\Firefox\Profiles\xbqzh82p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2392836&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2392836&q=

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 chogun1726

chogun1726
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 10 May 2012 - 05:47 PM

Hi Gringo, The combo scan worked fine. I also reinstalled avast and rebooted the computer as i noticed doing this was what would cause the boot loop previously. It worked fine!!
here is the combofix log

ComboFix 12-05-10.04 - Carla Stelma 11/05/2012 8:20.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.4087.2656 [GMT 10:00]
Running from: c:\users\Carla Stelma\Downloads\ComboFix.exe
Command switches used :: c:\users\Carla Stelma\Desktop\CFScript.txt
AV: Trend Micro Internet Security Pro *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Trend Micro Internet Security Pro *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\consrv.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Vuze_Remote
c:\program files (x86)\Vuze_Remote\INSTALL.LOG
c:\program files (x86)\Vuze_Remote\tbVuze.dll
c:\program files (x86)\Vuze_Remote\toolbar.cfg
c:\program files (x86)\Vuze_Remote\UNWISE.EXE
c:\program files (x86)\Vuze_Remote\Vuze_RemoteToolbarHelper.exe
c:\windows\system32\consrv.dll
c:\windows\system32\fxsst.dll . . . . Failed to delete
c:\windows\system32\slwga.dll . . . . Failed to delete
c:\windows\system32\srrstr.dll . . . . Failed to delete
c:\windows\system32\systemcpl.dll . . . . Failed to delete
c:\windows\system32\termsrv.dll . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2012-04-10 to 2012-05-10 )))))))))))))))))))))))))))))))
.
.
2012-05-10 22:25 . 2012-05-10 22:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-10 06:28 . 2012-05-11 00:45 -------- d-----w- C:\FRST
2012-05-10 04:12 . 2012-05-10 04:12 -------- d-----w- c:\users\Carla Stelma\AppData\Local\PackageAware
2012-05-10 00:03 . 2012-05-10 00:03 -------- d-----w- c:\program files (x86)\Runtime Software
2012-05-08 09:04 . 2012-05-08 09:04 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-08 08:50 . 2012-05-09 23:46 -------- d-----w- c:\users\Carla Stelma\AppData\Roaming\Owsui
2012-05-08 08:50 . 2012-05-08 08:50 136192 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tuwez.exe
2012-05-08 08:38 . 2012-05-08 09:04 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-08 08:37 . 2012-05-08 08:37 -------- d-----we c:\windows\system64
2012-05-08 08:30 . 2012-05-10 08:41 -------- d-----w- c:\programdata\AVAST Software
2012-05-08 08:30 . 2012-05-10 08:17 -------- d-----w- c:\program files\AVAST Software
2012-05-01 09:26 . 2012-05-01 09:26 -------- d-----w- c:\program files (x86)\MSECache
2012-04-11 17:00 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 17:00 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 17:00 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 17:00 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 17:00 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 17:00 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 17:00 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 09:04 . 2011-12-04 07:11 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-07 00:15 . 2011-12-02 21:32 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-15 06:27 . 2012-03-14 02:52 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 05:44 . 2012-03-14 02:52 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-15 04:47 . 2012-03-14 02:52 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:46 . 2012-03-14 02:52 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-10_08.12.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-15 13:47 . 2012-05-10 22:27 46496 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-10 22:27 30234 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-09 08:19 . 2012-05-10 22:27 16844 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4016739829-3194363765-2541999883-1000_UserData.bin
+ 2009-12-15 13:47 . 2012-05-10 22:27 46496 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-10 22:27 30234 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-09 08:19 . 2012-05-10 22:27 16844 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4016739829-3194363765-2541999883-1000_UserData.bin
+ 2009-07-14 04:46 . 2012-05-10 08:15 78720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-05-10 10:04 . 2012-05-10 10:04 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\4add87007e0864467659e6a248a7fe06\UIAutomationProvider.ni.dll
+ 2012-05-10 10:05 . 2012-05-10 10:05 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\28caa2ab8a4999900321b653e8b6ddc1\System.Windows.Presentation.ni.dll
+ 2012-05-10 10:05 . 2012-05-10 10:05 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\4967f3e8b106851802f212e963bb8735\System.Web.ApplicationServices.ni.dll
+ 2012-05-10 10:05 . 2012-05-10 10:05 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\7f49661d0e79763b30e9e99e714409a3\System.ServiceModel.Channels.ni.dll
+ 2012-05-10 10:04 . 2012-05-10 10:04 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\a5c37bc9caf315df294f8b680a1ccd6f\System.AddIn.Contract.ni.dll
+ 2012-05-10 10:03 . 2012-05-10 10:03 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\5ccc57bb582bf753166610089f204601\Microsoft.VisualC.ni.dll
+ 2012-05-10 10:03 . 2012-05-10 10:03 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\414da765b5d5bb7fde97c0ea22de7d74\Accessibility.ni.dll
- 2012-05-10 08:07 . 2012-05-10 08:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-10 22:26 . 2012-05-10 22:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-10 08:07 . 2012-05-10 08:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-10 22:26 . 2012-05-10 22:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-10 10:05 . 2012-05-10 10:05 9216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\5d0529cca67ada47749f5373ae050a4a\System.Xml.Serialization.ni.dll
+ 2012-05-10 10:03 . 2012-05-10 10:03 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\1361a05238cfe45d7da6cb4b367a986c\dfsvc.ni.exe
- 2009-07-14 04:54 . 2012-05-10 08:10 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-10 22:15 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-10 22:15 786432 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-10 08:10 786432 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:36 . 2012-05-10 08:12 628414 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-10 22:17 628414 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-10 22:17 110598 c:\windows\system64\perfc009.dat
- 2009-07-14 02:36 . 2012-05-10 08:12 110598 c:\windows\system64\perfc009.dat
+ 2009-07-14 02:36 . 2012-05-10 22:17 628414 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-10 08:12 628414 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-10 08:12 110598 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-05-10 22:17 110598 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-05-10 22:25 344692 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-10 08:06 344692 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-11-06 11:29 . 2012-05-10 08:06 345460 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4016739829-3194363765-2541999883-1000-12288.dat
+ 2011-11-06 11:29 . 2012-05-10 22:25 345460 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4016739829-3194363765-2541999883-1000-12288.dat
+ 2012-05-10 10:05 . 2012-05-10 10:05 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\2b8468e27c6b45ac2e6a58811b7e8f9e\WindowsFormsIntegration.ni.dll
+ 2012-05-10 10:04 . 2012-05-10 10:04 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\6823effdbb0434f96511748697349862\UIAutomationTypes.ni.dll
+ 2012-05-10 10:05 . 2012-05-10 10:05 484352 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\021651282dda157fbe5a1f3575c67534\UIAutomationClient.ni.dll
+ 2012-05-10 10:03 . 2012-05-10 10:03 393216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8f0cf05d2b1e46a772312143227cb6ed\System.Xml.Linq.ni.dll
+ 2012-05-10 10:04 . 2012-05-10 10:04 189440 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\5fc7ab2af170ab1217c5e1a7328b999b\System.Windows.Input.Manipulations.ni.dll
+ 2012-05-10 10:03 . 2012-05-10 10:03 649728 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\6cb2089f1eaf08c3d94a54031cf1313a\System.Transactions.ni.dll
+ 2012-05-10 10:05 . 2012-05-10 10:05 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\0c9be85e41445175a85178cfadb56955\System.ServiceProcess.ni.dll
+ 2012-05-10 10:05 . 2012-05-10 10:05 369664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8e3ba21dc083837fdc1c8b9f98c5f4bf\System.ServiceModel.Routing.ni.dll
+ 2012-05-10 10:04 . 2012-05-10 10:04 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\490f9ea2b1a2e738d203af00c5c9b735\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-05-10 10:04 . 2012-05-10 10:04 762880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e5f1db35163684e821bca4a2fb0311b1\System.Runtime.Remoting.ni.dll
+ 2012-05-10 10:05 . 2012-05-10 10:05 657408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\62a6ed6942237e009110ffa55adbb77a\System.Net.ni.dll
+ 2012-05-10 10:05 . 2012-05-10 10:05 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\6e750741719093e396cd2eaa96ec1e3e\System.Messaging.ni.dll
+ 2012-05-10 10:05 . 2012-05-10 10:05 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\0eb2dedcc5b7f32e7886b83635d22dbc\System.Management.Instrumentation.ni.dll
+ 2012-05-10 10:05 . 2012-05-10 10:05 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\54f78c72dbc55f90983ee1a887b27547\System.IO.Log.ni.dll
+ 2012-05-10 10:05 . 2012-05-10 10:05 229888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\7cfdedf408ac80e153d7988e308c7caa\System.IdentityModel.Selectors.ni.dll
+ 2012-05-10 10:03 . 2012-05-10 10:03 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\058fc53adeb7f06708bb4fa9f92fab5c\System.EnterpriseServices.Wrapper.dll
+ 2012-05-10 10:03 . 2012-05-10 10:03 787456 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\058fc53adeb7f06708bb4fa9f92fab5c\System.EnterpriseServices.ni.dll
+ 2012-05-10 10:05 . 2012-05-10 10:05 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\41173dd435cb9e35b406e5ee17894cd1\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-05-10 10:05 . 2012-05-10 10:05 470528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\40466b947e5932c0c96529915fef0c45\System.DirectoryServices.Protocols.ni.dll
+ 2012-05-10 10:04 . 2012-05-10 10:04 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\e38e62fe185dbc8344fc242b2093aee2\System.Device.ni.dll
+ 2012-05-10 10:04 . 2012-05-10 10:04 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\bc5bf4e71af4c7689ffed22f5187d922\System.Data.DataSetExtensions.ni.dll
+ 2012-05-10 10:04 . 2012-05-10 10:04 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\951ece575b9f8ed9a4abde6e58df473c\System.Configuration.Install.ni.dll
+ 2012-05-10 10:04 . 2012-05-10 10:04 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\41a21613a657cc7d9ea10386f271d388\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-05-10 10:04 . 2012-05-10 10:04 624128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\cdd87ceeb66eb0db86b02c27372cc31c\System.AddIn.ni.dll
+ 2012-05-10 10:04 . 2012-05-10 10:04 411136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\139ec162dfa0903f5b00d623d2e944be\System.Activities.DurableInstancing.ni.dll
+ 2012-05-10 10:03 . 2012-05-10 10:03 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\01c8de400571afc3469fb99c6b7edecc\SMSvcHost.ni.exe
+ 2012-05-10 10:03 . 2012-05-10 10:03 143360 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4dd48e938a8834fe950cf0cd11603c71\SMDiagnostics.ni.dll
+ 2012-05-10 10:03 . 2012-05-10 10:03 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\98c7d75f34262d17bf167d1ffe88b1d5\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-05-10 10:03 . 2012-05-10 10:03 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\dd47533d2837e1d78400f759f5f05e41\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-05-10 10:03 . 2012-05-10 10:03 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\8f0e78c2aa12e929ecf3b0c912ac8406\CustomMarshalers.ni.dll
- 2009-07-14 04:54 . 2012-05-10 08:10 1998848 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-10 22:15 1998848 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-28 12:09 . 2012-05-10 08:06 2571392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4016739829-3194363765-2541999883-1000-8192.dat
+ 2011-05-28 12:09 . 2012-05-10 22:25 2571392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4016739829-3194363765-2541999883-1000-8192.dat
+ 2012-05-10 10:05 . 2012-05-10 10:05 1063424 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\551f143f078d91ce131d3007f16d0b19\UIAutomationClientsideProviders.ni.dll
+ 2012-05-10 10:03 . 2012-05-10 10:03 1782272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a181199f8dec15116e1c2eb4a79ec22b\System.Xaml.ni.dll
+ 2012-05-10 10:05 . 2012-05-10 10:05 4587008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\0c4c4826beb82b5088f685523d3567ec\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-05-10 10:05 . 2012-05-10 10:05 1885696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\9c2da5bc8e93845d80dc6768efa78de7\System.Web.Services.ni.dll
+ 2012-05-10 10:05 . 2012-05-10 10:05 2012160 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\6f608e64178e985270abbf3b5776fcca\System.Speech.ni.dll
+ 2012-05-10 10:05 . 2012-05-10 10:05 1140736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\a4345e4ff74ec912a5219576049df7fe\System.ServiceModel.Discovery.ni.dll
+ 2012-05-10 10:05 . 2012-05-10 10:05 1393152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\509dab10fd00e66d750ac92101fa3d7b\System.ServiceModel.Activities.ni.dll
+ 2012-05-10 10:03 . 2012-05-10 10:03 2647040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\3fe3910474b3e2a08fca9b09330a74f7\System.Runtime.Serialization.ni.dll
+ 2012-05-10 10:03 . 2012-05-10 10:03 1021952 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\ac5d04fd61df57da0f9976440a8c6c58\System.Runtime.DurableInstancing.ni.dll
+ 2012-05-10 10:04 . 2012-05-10 10:04 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\33f3848cc6829d74d7414cfd2752a179\System.Printing.ni.dll
+ 2012-05-10 10:05 . 2012-05-10 10:05 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\e72d56a0f58bcf95890614700f925609\System.Management.ni.dll
+ 2012-05-10 10:05 . 2012-05-10 10:05 1072640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\2f4ce144f88caf780421d66027355f77\System.IdentityModel.ni.dll
+ 2012-05-10 10:04 . 2012-05-10 10:04 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\6cd7a0ee3583e91326c73ca8e934a99c\System.DirectoryServices.ni.dll
+ 2012-05-10 10:04 . 2012-05-10 10:04 1880064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\edfac26fdb2ed44310e9f22665a1ef95\System.Deployment.ni.dll
+ 2012-05-10 10:04 . 2012-05-10 10:04 1343488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\743d8f183ebfb457d773fc178bdf450d\System.Data.Services.Client.ni.dll
+ 2012-05-10 10:04 . 2012-05-10 10:04 4129280 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\5efc7ead86507fe65d83cde64c1f659d\System.Activities.ni.dll
+ 2012-05-10 10:04 . 2012-05-10 10:04 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\12935eb9d9d2967fbde3ee5bb6b23a4b\System.Activities.Presentation.ni.dll
+ 2012-05-10 10:04 . 2012-05-10 10:04 1546752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\3dc813516761fde757cba8adfbe86bd7\System.Activities.Core.Presentation.ni.dll
+ 2012-05-10 10:04 . 2012-05-10 10:04 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\913d7bd3ff289060005a1de83284a7ab\ReachFramework.ni.dll
+ 2012-05-10 10:03 . 2012-05-10 10:03 1641984 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\a715b7b6bf6fc0b8d2ede1d02fb5cf9d\PresentationUI.ni.dll
+ 2012-05-10 10:03 . 2012-05-10 10:03 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\f6cf3977264d8c5bdc613da0f55da575\Microsoft.VisualBasic.ni.dll
+ 2012-05-10 10:03 . 2012-05-10 10:03 1139712 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\c1a268a385c3debb226b731e62aa3fc7\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-05-10 10:03 . 2012-05-10 10:03 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\8b670069b8d6cd402bef08a90b42b0be\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-05-10 10:03 . 2012-05-10 10:03 1085952 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\15e239f82d2be50ebf7b4ab8364d4320\Microsoft.Transactions.Bridge.ni.dll
+ 2012-05-10 10:05 . 2012-05-10 10:05 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\d58c3dcfe00d95d9b397cd0d3d5db5a7\Microsoft.JScript.ni.dll
+ 2009-07-14 02:34 . 2012-05-10 10:59 10485760 c:\windows\system64\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-05-10 07:51 10485760 c:\windows\system64\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-05-10 07:51 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-05-10 10:59 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-05-10 10:05 . 2012-05-10 10:05 18058752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\4f8ecf03aa4a4165e6850d1d67dc445f\System.ServiceModel.ni.dll
+ 2012-05-10 10:04 . 2012-05-10 10:04 13345792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\31df9a0b86a3259cb02bbe741e501b85\System.Data.Entity.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-12 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-24 140520]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
c:\users\Carla Stelma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-8-12 113664]
Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe [2009-12-15 53248]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
tuwez.exe [2012-5-8 136192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 257696]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam 500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2009-07-29 595960]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-07-29 917768]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [x]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-18 450848]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 09:04]
.
2012-04-28 c:\windows\Tasks\DriverCure.job
- c:\program files (x86)\ParetoLogic\DriverCure\DriverCure.exe [2010-06-17 21:28]
.
2012-05-05 c:\windows\Tasks\FileCure Default.job
- c:\program files (x86)\ParetoLogic\FileCure\FileCure.exe [2011-03-01 23:00]
.
2012-05-10 c:\windows\Tasks\FileCure Startup.job
- c:\program files (x86)\ParetoLogic\FileCure\FileCure.exe [2011-03-01 23:00]
.
2012-05-07 c:\windows\Tasks\Norton Security Scan for Carla Stelma.job
- c:\progra~2\NORTON~2\Engine\301~1.8\Nss.exe [2011-01-24 16:45]
.
2012-05-10 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-05-06 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2010-04-06 21:30]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [BU]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [BU]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-26 16327712]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1023416]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
sf
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Carla Stelma\AppData\Roaming\Mozilla\Firefox\Profiles\xbqzh82p.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\Vuze_Remote\tbVuze.dll
BHO-{ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\Vuze_Remote\tbVuze.dll
Toolbar-Locked - (no file)
Toolbar-{ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\Vuze_Remote\tbVuze.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
AddRemove-Vuze_Remote Toolbar - c:\progra~2\VUZE_R~1\UNWISE.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\04\06\08\02#?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
c:\program files (x86)\Dell Remote Access\ezi_ra.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-05-11 08:29:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-10 22:29
ComboFix2.txt 2012-05-10 08:16
.
Pre-Run: 452,455,198,720 bytes free
Post-Run: 452,273,893,376 bytes free
.
- - End Of File - - D5054D6EEE13BB20A315E73DCABF8B3F

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:38 PM

Posted 10 May 2012 - 06:08 PM

Blitzblank.

Download BlitzBlank and save it to your desktop. Open Blitzblank.exe

  • Click OK at the warning (and take note of it, this is a VERY powerful tool!).
  • Click the Script tab and copy/paste the following text there:
DeleteFile:
c:\windows\system32\fxsst.dll
c:\windows\system32\slwga.dll
c:\windows\system32\srrstr.dll
c:\windows\system32\systemcpl.dll
c:\windows\system32\termsrv.dll
  • Click Execute Now. Your computer will need to reboot in order to replace the files.
  • When done, post me the report created by Blitzblank. you can find it at the root of the drive Normaly C:\

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 chogun1726

chogun1726
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 10 May 2012 - 06:19 PM

Gringo,
Tried to do as you said but recieved an error message
Syntax error in line 2, invaled file path

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:38 PM

Posted 10 May 2012 - 06:40 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 9.4.0
Java™ 6 Update 20
Vuze
Vuze_Remote Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 chogun1726

chogun1726
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 10 May 2012 - 07:37 PM

Gringo,
here is the two logs.
Computer seems to be running fine atm
Was it a problem that Blitzblank did not work??

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.11.01

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Carla Stelma :: CARLASTELMA-PC [administrator]

Protection: Enabled

11/05/2012 10:19:17 AM
mbam-log-2012-05-11 (10-19-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220864
Time elapsed: 3 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:34:09 AM, on 11/05/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ParetoLogic\FileCure\FileCure.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O3 - Toolbar: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - .DEFAULT User Startup: tuwez.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Dell Remote Access.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SessionLauncher - Unknown owner - c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13093 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users