Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Intermittent rapidly flickering icons


  • This topic is locked This topic is locked
17 replies to this topic

#1 AndrewOS

AndrewOS

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 14 May 2012 - 09:24 AM

Recently I've started to have intermittent but almost daily problems with rapidly flickering icons, menu bars and in IE8 the urls also flicker rapidly. The problem seems to start in IE8 (but not on start up of IE8) and I presume is triggered by something but I do not know what. Once it starts in IE8 it then seems to transfer itself to other open programmes - most noticeably MS Outlook. Once the flickering starts it is impossible to enter text anywhere, or to close the computer down via the "Start" button. The only way is via Task Manager. When I do this, and reboot, the flickering icon problem has gone.

AV (McAfee) and Malwarebyte scans, and Housecall online scan do not show up any infection.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by aosd at 9:47:43 on 2012-05-14
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3510.2117 [GMT 3:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CapaInstaller\Services\sis\ciinstsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\locator.exe
C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Skype\Updater\Updater.exe
C:\Program Files\ScriptLogic\Desktop Authority\Client Files\8.08004.63486\SLClient.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Windows\Explorer.EXE
C:\Program Files\Orange\bin\MonServiceUDisk.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\Windows\system32\conhost.exe
C:\Program Files\ScriptLogic\Desktop Authority\Client Files\8.08004.63486\CBM\ScriptLogic.CBM.Agent.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\ScriptLogic\Desktop Authority\Client Files\8.08004.63486\CBM\ScriptLogic.CBM.UserExperience.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\CapaInstaller\Client\Util\CapaInstaller InfoCenter.exe
C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: QUICKfind BHO Object: {c08df07a-3e49-4e25-9ab0-d3882835f153} - c:\progra~1\textware\quickf~1\plugins\IEHelp.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [DesktopAuthority User Experience] "c:\program files\scriptlogic\desktop authority\client files\8.08004.63486\cbm\ScriptLogic.CBM.UserExperience.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [CapaInstaller Info Center] "c:\program files\capainstaller\client\util\CapaInstaller InfoCenter.exe"
mRun: [ToolboxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
mRun: [HP LaserJet Professional CM1410 Series Fax] c:\program files\hp\digital imaging\fax\fax driver 0.6 base\hppfaxprintersrv.exe "HP LaserJet Professional CM1410 Series Fax"
mRun: [<NO NAME>]
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
mRun: [Trend Micro RUBotted V2.0 Beta] c:\program files\trend micro\rubotted\RUBottedGUI.exe
StartupFolder: c:\users\aosd\appdata\roaming\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office14\GROOVE.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{51fb15f4-ad27-43bc-ad4b-dd0354fb6bbd}\Icon3E5562ED7.ico
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: S&end til OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
TCP: DhcpNameServer = 10.10.5.3 10.10.5.1 41.203.208.18 41.203.208.19 41.203.208.88
TCP: Interfaces\{5D760BD7-0AF1-4C3C-B89C-3712A67A0007} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{68666D75-2317-4547-AD75-D7F441EFD1FA} : DhcpNameServer = 10.10.5.3 10.10.5.1 41.203.208.18 41.203.208.19 41.203.208.88
TCP: Interfaces\{FB0CC835-2182-41AB-B41D-6BF6FE15F6AF} : DhcpNameServer = 41.212.3.2 62.8.64.6 8.8.8.8
TCP: Interfaces\{FB0CC835-2182-41AB-B41D-6BF6FE15F6AF}\7457563747 : DhcpNameServer = 10.104.11.2
TCP: Interfaces\{FB0CC835-2182-41AB-B41D-6BF6FE15F6AF}\94642534A4552414 : DhcpNameServer = 80.88.128.149 80.88.128.23 8.8.8.8
TCP: Interfaces\{FB0CC835-2182-41AB-B41D-6BF6FE15F6AF}\A757B6570486F6D656 : DhcpNameServer = 41.212.3.2 62.8.64.6 8.8.8.8
TCP: Interfaces\{FB0CC835-2182-41AB-B41D-6BF6FE15F6AF}\E4544574541425 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{FB0CC835-2182-41AB-B41D-6BF6FE15F6AF}\E4545564F583345403 : DhcpNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
SEH: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - SABShellExecuteHook Class
mASetup: {7C4A304B-E6E0-4AE7-B4AF-2C90CFCB8F33} - wScript "c:\program files\capainstaller\client\usersetup\MICROSOFT OFFICE 2010_us.cis"
mASetup: {Capa-PostJob-2008-10} - wScript "c:\program files\capainstaller\client\usersetup\PostJob_us.cis"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\aosd\appdata\roaming\mozilla\firefox\profiles\v7z4xhsb.default\
FF - component: c:\program files\adobe\acrobat 10.0\acrobat\browser\wcfirefoxextn\components\WCFirefoxExtn.dll
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - component: c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\npjpi160_31.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\users\aosd\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\aosd\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\aosd\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: FEBE: {4BBDD651-70CF-4821-84F8-2B918CF89CA3} - %profile%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
FF - Ext: CLEO: CLEO@guid.customsoftwareconsult.com - %profile%\extensions\CLEO@guid.customsoftwareconsult.com
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: Noia 2.0 eXtreme OPT: noia2_option@kk.noia - %profile%\extensions\noia2_option@kk.noia
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Clipmarks: {e1170235-2845-420c-acc3-42261a29dd46} - %profile%\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - %profile%\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF - Ext: printpdf: printpdf@pavlov.net - %profile%\extensions\printpdf@pavlov.net
FF - Ext: Adobe Acrobat - Create PDF: web2pdfextension@web2pdf.adobedotcom - c:\program files\adobe\acrobat 10.0\acrobat\browser\WCFirefoxExtn
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-1-12 343920]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-7-19 64712]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2011-2-22 42672]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2011-2-22 33832]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2010-11-16 224424]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-2-22 232960]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-1-12 91832]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-1-12 43288]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [2010-10-3 20504]
S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hppcfaxio.sys [2011-11-25 21528]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-1-12 66600]
.
=============== Created Last 30 ================
.
2012-05-10 18:03:27 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0f738660-834c-4294-a766-d1f8c1c89e16}\mpengine.dll
2012-05-10 17:13:36 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 17:13:35 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-10 17:13:33 2342400 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 17:09:20 56688 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 17:09:16 1287024 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 17:09:10 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-10 17:09:08 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-05-10 17:09:07 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-05-10 17:09:06 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-05-10 17:08:14 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 17:08:13 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-10 17:08:12 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-05-10 17:08:12 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-10 17:08:11 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-10 07:42:36 -------- d-----w- c:\programdata\Trend Micro
2012-05-10 07:32:30 -------- d-----w- c:\program files\WinPcap
2012-05-10 07:32:08 -------- d-----w- c:\program files\Trend Micro
2012-05-03 09:30:33 -------- d-----w- c:\programdata\boost_interprocess
2012-05-02 00:46:28 4472832 ----a-w- c:\windows\system32\GPhotos.scr
2012-05-01 08:52:04 -------- d-----w- c:\users\aosd\appdata\roaming\SUPERAntiSpyware.com
2012-05-01 08:51:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-25 13:02:52 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-25 13:02:52 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-25 13:02:52 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-25 13:02:51 158720 ----a-w- c:\windows\system32\imagehlp.dll
.
==================== Find3M ====================
.
2012-05-05 18:29:44 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 18:29:43 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 12:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-26 07:10:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-11 10:48:50 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 07:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 08:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 08:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-15 05:44:57 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22:43 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22:18 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 09:09:44 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
.
============= FINISH: 9:51:01.22 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,259 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:36 AM

Posted 16 May 2012 - 08:33 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Nothing suspicious was found on your DDS log.

I suspect that you may have some hardware problem. When the system is powered it the computer get work. This could lead to some problem. (Not sure)

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

Please post the logs for my review.

#3 AndrewOS

AndrewOS
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 16 May 2012 - 10:54 AM

Not quite going according to plan !

Disabled Windows Firewall and McAfee AV (and exited RUBotted). Ran ComboFix. Fairly early on get a dialogue box "presence of rootkit activity". I'll add list of files separately below.

ComboFix says it has to reboot computer to proceed. Following the reboot, ComboFix kicked in again - but states that it cannot find the file "C:\ComboFix\NIRKMD.3XE" I clicked the OK button and ComboFix started - but at each Stage in stopped to give the "cannot find the file NIRKMD.3XE" dialogue box. Also it seemed that McAfee AV had restarted: as a McAfee dialogue box came up detailing 2 infections: av-test.txt and NIRKMD.3XE - both of which it said it deleted. I remember from your help on my desktop recently that there are some 50 stages to ComboFix - so after getting to Stage 3 and this happening 3 times, I figured I better stop and see what you think. I exited ComboFix and rebooted. I checked the McAfee AV - in the system tray the icon was normal (i.e. enabled) but when I checked the console it gave both the "Access Protection" and "on access scanner" as disabled. I enable them both manually. I rebooted again: making the same check - McAfee icon in the system tray giving enabled, but in the console the "Access Protection" was disabled whilst the "on access scanner" was now enabled. I've now enabled the "access protection".

So, in short would like your advice as to how to proceed safely with ComboFix.

The list of possible rootkit infected files (?) generated in the first ComboFix dialogue box are all executable files and are all located at C:\Users\aosd\AppData\Roaming\...

ntos
oembios
twext
twex
sdra64
intel64
wsnpoema
swin32
localsys64
64dlls
sdra73
kernel32

There is no ComboFix log file generated yet. Thanks.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,259 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:36 AM

Posted 16 May 2012 - 12:32 PM

Wee need to run these tools before proceeding further.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#5 AndrewOS

AndrewOS
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 16 May 2012 - 02:49 PM

TDSSKiller didn't indicate any infections:

21:14:54.0367 8004 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
21:14:54.0976 8004 ============================================================
21:14:54.0976 8004 Current date / time: 2012/05/16 21:14:54.0976
21:14:54.0976 8004 SystemInfo:
21:14:54.0976 8004
21:14:54.0976 8004 OS Version: 6.1.7600 ServicePack: 0.0
21:14:54.0976 8004 Product type: Workstation
21:14:54.0976 8004 ComputerName: DRK-1104
21:14:54.0976 8004 UserName: aosd
21:14:54.0976 8004 Windows directory: C:\Windows
21:14:54.0976 8004 System windows directory: C:\Windows
21:14:54.0976 8004 Processor architecture: Intel x86
21:14:54.0976 8004 Number of processors: 4
21:14:54.0976 8004 Page size: 0x1000
21:14:54.0976 8004 Boot type: Normal boot
21:14:54.0976 8004 ============================================================
21:14:56.0099 8004 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:14:56.0099 8004 ============================================================
21:14:56.0099 8004 \Device\Harddisk0\DR0:
21:14:56.0099 8004 MBR partitions:
21:14:56.0099 8004 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:14:56.0099 8004 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6400000
21:14:56.0099 8004 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x6432800, BlocksNum 0xC5E6800
21:14:56.0099 8004 ============================================================
21:14:56.0130 8004 C: <-> \Device\Harddisk0\DR0\Partition1
21:14:56.0161 8004 D: <-> \Device\Harddisk0\DR0\Partition2
21:14:56.0161 8004 ============================================================
21:14:56.0161 8004 Initialize success
21:14:56.0161 8004 ============================================================
21:15:12.0978 3864 ============================================================
21:15:12.0978 3864 Scan started
21:15:12.0978 3864 Mode: Manual;
21:15:12.0978 3864 ============================================================
21:15:13.0243 3864 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:15:13.0384 3864 !SASCORE - ok
21:15:13.0540 3864 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
21:15:13.0540 3864 1394ohci - ok
21:15:13.0571 3864 Acceler (af1f178b0218b44876e63bf0b019e96b) C:\Windows\system32\DRIVERS\Accelern.sys
21:15:13.0680 3864 Acceler - ok
21:15:13.0727 3864 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
21:15:13.0727 3864 ACPI - ok
21:15:13.0743 3864 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
21:15:13.0758 3864 AcpiPmi - ok
21:15:13.0852 3864 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:15:13.0867 3864 AdobeFlashPlayerUpdateSvc - ok
21:15:13.0899 3864 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:15:13.0930 3864 adp94xx - ok
21:15:13.0961 3864 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:15:13.0977 3864 adpahci - ok
21:15:14.0008 3864 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:15:14.0023 3864 adpu320 - ok
21:15:14.0070 3864 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
21:15:14.0070 3864 AeLookupSvc - ok
21:15:14.0117 3864 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\Program Files\IDT\WDM\aestsrv.exe
21:15:14.0257 3864 AESTFilters - ok
21:15:14.0320 3864 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
21:15:14.0476 3864 AFD - ok
21:15:14.0523 3864 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
21:15:14.0538 3864 agp440 - ok
21:15:14.0554 3864 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:15:14.0569 3864 aic78xx - ok
21:15:14.0585 3864 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
21:15:14.0601 3864 ALG - ok
21:15:14.0616 3864 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
21:15:14.0632 3864 aliide - ok
21:15:14.0632 3864 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
21:15:14.0647 3864 amdagp - ok
21:15:14.0663 3864 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
21:15:14.0679 3864 amdide - ok
21:15:14.0679 3864 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:15:14.0694 3864 AmdK8 - ok
21:15:14.0694 3864 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:15:14.0710 3864 AmdPPM - ok
21:15:14.0757 3864 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
21:15:15.0022 3864 amdsata - ok
21:15:15.0069 3864 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:15:15.0069 3864 amdsbs - ok
21:15:15.0100 3864 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
21:15:15.0100 3864 amdxata - ok
21:15:15.0147 3864 ApfiltrService (e8a8e6072cb7e2032e85e7735daa511f) C:\Windows\system32\DRIVERS\Apfiltr.sys
21:15:15.0271 3864 ApfiltrService - ok
21:15:15.0303 3864 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
21:15:15.0303 3864 AppID - ok
21:15:15.0334 3864 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
21:15:15.0349 3864 AppIDSvc - ok
21:15:15.0365 3864 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
21:15:15.0365 3864 Appinfo - ok
21:15:15.0490 3864 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:15:15.0646 3864 Apple Mobile Device - ok
21:15:15.0677 3864 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
21:15:15.0693 3864 AppMgmt - ok
21:15:15.0708 3864 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:15:15.0708 3864 arc - ok
21:15:15.0739 3864 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:15:15.0755 3864 arcsas - ok
21:15:15.0771 3864 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:15:15.0771 3864 AsyncMac - ok
21:15:15.0802 3864 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
21:15:15.0802 3864 atapi - ok
21:15:15.0849 3864 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
21:15:15.0880 3864 AudioEndpointBuilder - ok
21:15:15.0880 3864 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
21:15:15.0895 3864 Audiosrv - ok
21:15:15.0911 3864 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
21:15:15.0927 3864 AxInstSV - ok
21:15:15.0973 3864 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:15:15.0989 3864 b06bdrv - ok
21:15:16.0020 3864 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:15:16.0036 3864 b57nd60x - ok
21:15:16.0067 3864 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
21:15:16.0083 3864 BDESVC - ok
21:15:16.0098 3864 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:15:16.0098 3864 Beep - ok
21:15:16.0145 3864 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
21:15:16.0161 3864 BFE - ok
21:15:16.0239 3864 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\System32\qmgr.dll
21:15:16.0254 3864 BITS - ok
21:15:16.0270 3864 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:15:16.0285 3864 blbdrive - ok
21:15:16.0410 3864 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:15:16.0551 3864 Bonjour Service - ok
21:15:16.0582 3864 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
21:15:16.0597 3864 bowser - ok
21:15:16.0613 3864 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:15:16.0629 3864 BrFiltLo - ok
21:15:16.0644 3864 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:15:16.0660 3864 BrFiltUp - ok
21:15:16.0675 3864 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
21:15:16.0691 3864 BridgeMP - ok
21:15:16.0722 3864 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
21:15:16.0722 3864 Browser - ok
21:15:16.0769 3864 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:15:16.0769 3864 Brserid - ok
21:15:16.0800 3864 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:15:16.0800 3864 BrSerWdm - ok
21:15:16.0816 3864 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:15:16.0831 3864 BrUsbMdm - ok
21:15:16.0831 3864 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:15:16.0847 3864 BrUsbSer - ok
21:15:16.0878 3864 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
21:15:16.0894 3864 BthEnum - ok
21:15:16.0909 3864 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:15:16.0925 3864 BTHMODEM - ok
21:15:16.0941 3864 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
21:15:16.0941 3864 BthPan - ok
21:15:17.0003 3864 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\Windows\system32\Drivers\BTHport.sys
21:15:17.0112 3864 BTHPORT - ok
21:15:17.0143 3864 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
21:15:17.0159 3864 bthserv - ok
21:15:17.0175 3864 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\Windows\system32\Drivers\BTHUSB.sys
21:15:17.0440 3864 BTHUSB - ok
21:15:17.0471 3864 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
21:15:17.0705 3864 btusbflt - ok
21:15:17.0814 3864 catchme - ok
21:15:17.0830 3864 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:15:17.0845 3864 cdfs - ok
21:15:17.0861 3864 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
21:15:17.0877 3864 cdrom - ok
21:15:17.0923 3864 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
21:15:17.0939 3864 CertPropSvc - ok
21:15:18.0033 3864 CIBITS (e0ed132159063b84504921761cbeb724) C:\Program Files\CapaInstaller\Client\Util\ciBITSSvc.exe
21:15:18.0173 3864 CIBITS - ok
21:15:18.0220 3864 ciinstsvc (02c044784272a7f7403c1b5bbc82e87c) C:\Program Files\CapaInstaller\Services\sis\ciinstsvc.exe
21:15:18.0423 3864 ciinstsvc - ok
21:15:18.0454 3864 CIPROGRESS (87fcb057eb9daf02430659eddd29e00c) C:\Windows\CiMsg.exe
21:15:18.0594 3864 CIPROGRESS - ok
21:15:18.0610 3864 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:15:18.0625 3864 circlass - ok
21:15:18.0672 3864 CIStub (c9338d048101aeddc3e46e5ad55af6c7) C:\Program Files\CapaInstaller\Services\CiStub\CIStub.exe
21:15:18.0797 3864 CIStub - ok
21:15:18.0828 3864 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:15:18.0828 3864 CLFS - ok
21:15:18.0906 3864 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:15:18.0922 3864 clr_optimization_v2.0.50727_32 - ok
21:15:18.0969 3864 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:15:19.0078 3864 clr_optimization_v4.0.30319_32 - ok
21:15:19.0093 3864 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:15:19.0109 3864 CmBatt - ok
21:15:19.0125 3864 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
21:15:19.0125 3864 cmdide - ok
21:15:19.0187 3864 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
21:15:19.0187 3864 CNG - ok
21:15:19.0218 3864 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:15:19.0218 3864 Compbatt - ok
21:15:19.0234 3864 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:15:19.0249 3864 CompositeBus - ok
21:15:19.0249 3864 COMSysApp - ok
21:15:19.0265 3864 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:15:19.0265 3864 crcdisk - ok
21:15:19.0312 3864 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
21:15:19.0327 3864 CryptSvc - ok
21:15:19.0390 3864 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
21:15:19.0405 3864 CSC - ok
21:15:19.0452 3864 CscService (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll
21:15:19.0468 3864 CscService - ok
21:15:19.0499 3864 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys
21:15:19.0639 3864 ctxusbm - ok
21:15:19.0671 3864 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
21:15:19.0811 3864 CVirtA - ok
21:15:19.0967 3864 CVPND (8b8b082010775093081debe9621bedf0) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
21:15:20.0154 3864 CVPND - ok
21:15:20.0279 3864 CVPNDRVA (720482888c3778f26eeb83d286a6cdc3) C:\Windows\system32\Drivers\CVPNDRVA.sys
21:15:20.0388 3864 CVPNDRVA - ok
21:15:20.0419 3864 cvusbdrv (d1697063e2cdb6575aa46d668ffee825) C:\Windows\system32\Drivers\cvusbdrv.sys
21:15:20.0544 3864 cvusbdrv - ok
21:15:20.0575 3864 dc3d (7caaf4af453ef3582fef65dd72caa0aa) C:\Windows\system32\DRIVERS\dc3d.sys
21:15:20.0700 3864 dc3d - ok
21:15:20.0763 3864 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
21:15:20.0778 3864 DcomLaunch - ok
21:15:20.0825 3864 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
21:15:20.0825 3864 defragsvc - ok
21:15:20.0856 3864 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
21:15:20.0856 3864 DfsC - ok
21:15:20.0887 3864 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
21:15:20.0919 3864 Dhcp - ok
21:15:20.0950 3864 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:15:20.0950 3864 discache - ok
21:15:20.0981 3864 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:15:20.0981 3864 Disk - ok
21:15:21.0028 3864 DNE (86d52c32a308f84bbc626bff7c1fb710) C:\Windows\system32\DRIVERS\dne2000.sys
21:15:21.0262 3864 DNE - ok
21:15:21.0324 3864 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
21:15:21.0402 3864 Dnscache - ok
21:15:21.0449 3864 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
21:15:21.0465 3864 dot3svc - ok
21:15:21.0480 3864 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
21:15:21.0496 3864 DPS - ok
21:15:21.0511 3864 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:15:21.0511 3864 drmkaud - ok
21:15:21.0589 3864 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
21:15:21.0745 3864 DXGKrnl - ok
21:15:21.0792 3864 e1kexpress (19e30c3c80d8ce29944b3f30ff9c8b76) C:\Windows\system32\DRIVERS\e1k6232.sys
21:15:22.0042 3864 e1kexpress - ok
21:15:22.0104 3864 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
21:15:22.0104 3864 EapHost - ok
21:15:22.0323 3864 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:15:22.0416 3864 ebdrv - ok
21:15:22.0557 3864 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
21:15:22.0697 3864 EFS - ok
21:15:22.0791 3864 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
21:15:22.0931 3864 ehRecvr - ok
21:15:22.0947 3864 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
21:15:22.0962 3864 ehSched - ok
21:15:23.0025 3864 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:15:23.0040 3864 elxstor - ok
21:15:23.0056 3864 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
21:15:23.0056 3864 ErrDev - ok
21:15:23.0134 3864 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
21:15:23.0134 3864 EventSystem - ok
21:15:23.0165 3864 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:15:23.0181 3864 exfat - ok
21:15:23.0196 3864 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:15:23.0212 3864 fastfat - ok
21:15:23.0274 3864 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
21:15:23.0290 3864 Fax - ok
21:15:23.0305 3864 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:15:23.0321 3864 fdc - ok
21:15:23.0352 3864 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
21:15:23.0352 3864 fdPHost - ok
21:15:23.0383 3864 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
21:15:23.0399 3864 FDResPub - ok
21:15:23.0415 3864 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:15:23.0415 3864 FileInfo - ok
21:15:23.0446 3864 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:15:23.0446 3864 Filetrace - ok
21:15:23.0477 3864 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:15:23.0477 3864 flpydisk - ok
21:15:23.0508 3864 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:15:23.0524 3864 FltMgr - ok
21:15:23.0602 3864 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
21:15:23.0727 3864 FontCache - ok
21:15:23.0820 3864 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:15:23.0836 3864 FontCache3.0.0.0 - ok
21:15:23.0867 3864 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:15:23.0883 3864 FsDepends - ok
21:15:23.0929 3864 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\Windows\system32\drivers\Fs_Rec.sys
21:15:24.0070 3864 Fs_Rec - ok
21:15:24.0085 3864 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
21:15:24.0101 3864 fvevol - ok
21:15:24.0132 3864 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:15:24.0132 3864 gagp30kx - ok
21:15:24.0195 3864 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:15:24.0335 3864 GEARAspiWDM - ok
21:15:24.0397 3864 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
21:15:24.0413 3864 gpsvc - ok
21:15:24.0507 3864 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:15:24.0507 3864 gupdate - ok
21:15:24.0522 3864 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:15:24.0522 3864 gupdatem - ok
21:15:24.0569 3864 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:15:24.0741 3864 gusvc - ok
21:15:24.0772 3864 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:15:24.0787 3864 hcw85cir - ok
21:15:24.0819 3864 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
21:15:24.0834 3864 HdAudAddService - ok
21:15:24.0865 3864 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:15:24.0865 3864 HDAudBus - ok
21:15:24.0881 3864 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:15:24.0881 3864 HidBatt - ok
21:15:24.0897 3864 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:15:24.0912 3864 HidBth - ok
21:15:24.0928 3864 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:15:24.0943 3864 HidIr - ok
21:15:24.0959 3864 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
21:15:24.0975 3864 hidserv - ok
21:15:24.0975 3864 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
21:15:24.0990 3864 HidUsb - ok
21:15:25.0021 3864 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
21:15:25.0037 3864 hkmsvc - ok
21:15:25.0068 3864 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
21:15:25.0084 3864 HomeGroupListener - ok
21:15:25.0115 3864 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
21:15:25.0131 3864 HomeGroupProvider - ok
21:15:25.0240 3864 HP LaserJet Service (d1e9cb573a9edf7be12e9c57f32e97f7) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
21:15:25.0365 3864 HP LaserJet Service - ok
21:15:25.0411 3864 HPFXBULKLEDM (6f98a555acf3c1b68fcc1f50e0fd2091) C:\Windows\system32\drivers\hppcbulkio.sys
21:15:25.0536 3864 HPFXBULKLEDM - ok
21:15:25.0567 3864 HPFXFAX (7f854bd9c113b4569ce6579ea3847a2a) C:\Windows\system32\drivers\hppcfaxio.sys
21:15:25.0692 3864 HPFXFAX - ok
21:15:25.0723 3864 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:15:25.0723 3864 HpSAMD - ok
21:15:25.0755 3864 HTCAND32 (950cc1e6ae3a6cd23e0945cde089b02c) C:\Windows\system32\Drivers\ANDROIDUSB.sys
21:15:25.0864 3864 HTCAND32 - ok
21:15:25.0895 3864 htcnprot (339adefad60353f960e3ca67ce468c24) C:\Windows\system32\DRIVERS\htcnprot.sys
21:15:26.0020 3864 htcnprot - ok
21:15:26.0067 3864 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
21:15:26.0098 3864 HTTP - ok
21:15:26.0129 3864 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
21:15:26.0129 3864 hwpolicy - ok
21:15:26.0160 3864 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
21:15:26.0176 3864 i8042prt - ok
21:15:26.0238 3864 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys
21:15:26.0238 3864 iaStor - ok
21:15:26.0301 3864 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
21:15:26.0301 3864 iaStorV - ok
21:15:26.0394 3864 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:15:26.0410 3864 IDriverT - ok
21:15:26.0550 3864 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:15:26.0581 3864 idsvc - ok
21:15:27.0237 3864 igfx (0dab2d553be272359bcce55c3449937e) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:15:27.0439 3864 igfx - ok
21:15:27.0564 3864 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:15:27.0580 3864 iirsp - ok
21:15:27.0642 3864 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
21:15:27.0673 3864 IKEEXT - ok
21:15:27.0736 3864 IntcDAud (bf31740828a26ab451803e3b35432651) C:\Windows\system32\DRIVERS\IntcDAud.sys
21:15:27.0970 3864 IntcDAud - ok
21:15:28.0017 3864 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
21:15:28.0032 3864 intelide - ok
21:15:28.0048 3864 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:15:28.0048 3864 intelppm - ok
21:15:28.0063 3864 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
21:15:28.0079 3864 IPBusEnum - ok
21:15:28.0110 3864 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:15:28.0126 3864 IpFilterDriver - ok
21:15:28.0188 3864 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
21:15:28.0188 3864 iphlpsvc - ok
21:15:28.0219 3864 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:15:28.0235 3864 IPMIDRV - ok
21:15:28.0266 3864 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:15:28.0266 3864 IPNAT - ok
21:15:28.0407 3864 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
21:15:28.0578 3864 iPod Service - ok
21:15:28.0609 3864 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:15:28.0609 3864 IRENUM - ok
21:15:28.0656 3864 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
21:15:28.0672 3864 isapnp - ok
21:15:28.0703 3864 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
21:15:28.0703 3864 iScsiPrt - ok
21:15:28.0734 3864 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:15:28.0734 3864 kbdclass - ok
21:15:28.0750 3864 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
21:15:28.0765 3864 kbdhid - ok
21:15:28.0812 3864 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
21:15:28.0812 3864 KeyIso - ok
21:15:28.0828 3864 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
21:15:28.0843 3864 KSecDD - ok
21:15:28.0859 3864 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
21:15:28.0875 3864 KSecPkg - ok
21:15:28.0937 3864 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
21:15:28.0953 3864 KtmRm - ok
21:15:28.0999 3864 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\System32\srvsvc.dll
21:15:29.0109 3864 LanmanServer - ok
21:15:29.0140 3864 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
21:15:29.0155 3864 LanmanWorkstation - ok
21:15:29.0187 3864 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:15:29.0202 3864 lltdio - ok
21:15:29.0233 3864 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
21:15:29.0265 3864 lltdsvc - ok
21:15:29.0280 3864 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
21:15:29.0296 3864 lmhosts - ok
21:15:29.0327 3864 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:15:29.0343 3864 LSI_FC - ok
21:15:29.0389 3864 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:15:29.0405 3864 LSI_SAS - ok
21:15:29.0421 3864 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:15:29.0436 3864 LSI_SAS2 - ok
21:15:29.0452 3864 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:15:29.0467 3864 LSI_SCSI - ok
21:15:29.0499 3864 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:15:29.0499 3864 luafv - ok
21:15:29.0499 3864 LVcKap - ok
21:15:29.0514 3864 LVMVDrv - ok
21:15:29.0561 3864 lvpopflt (9fb982de1c8dd769f8ed681dd878b12f) C:\Windows\system32\DRIVERS\lvpopflt.sys
21:15:29.0779 3864 lvpopflt - ok
21:15:29.0795 3864 LVPr2Mon - ok
21:15:29.0873 3864 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\Windows\system32\DRIVERS\lvrs.sys
21:15:30.0107 3864 LVRS - ok
21:15:30.0591 3864 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\Windows\system32\DRIVERS\lvuvc.sys
21:15:30.0793 3864 LVUVC - ok
21:15:30.0903 3864 McAfeeEngineService (ee0a38ded998b259635e9fd84dbf3bbf) C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
21:15:31.0043 3864 McAfeeEngineService - ok
21:15:31.0121 3864 McAfeeFramework (1b963d79740b187795407cd03e2f7b4d) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
21:15:31.0277 3864 McAfeeFramework - ok
21:15:31.0339 3864 McShield (e36380699de374a52f7cf0bb2a09dc05) C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
21:15:31.0464 3864 McShield - ok
21:15:31.0527 3864 McTaskManager (f199668780c3d208930257a7ce655c27) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
21:15:31.0636 3864 McTaskManager - ok
21:15:31.0761 3864 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
21:15:31.0776 3864 Mcx2Svc - ok
21:15:31.0823 3864 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:15:31.0839 3864 megasas - ok
21:15:31.0870 3864 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:15:31.0885 3864 MegaSR - ok
21:15:31.0932 3864 mfeapfk (5cbf9d2fab2abc461b2f67c802f52543) C:\Windows\system32\drivers\mfeapfk.sys
21:15:32.0073 3864 mfeapfk - ok
21:15:32.0119 3864 mfeavfk (10718b3eeb9e98c5b4aad7c0a23a9efa) C:\Windows\system32\drivers\mfeavfk.sys
21:15:32.0244 3864 mfeavfk - ok
21:15:32.0275 3864 mfebopk (e665cff48e376b48d2cc84be1559f131) C:\Windows\system32\drivers\mfebopk.sys
21:15:32.0275 3864 mfebopk - ok
21:15:32.0322 3864 mfehidk (e2f200d38b72e47b88489e2c97dfd6d8) C:\Windows\system32\drivers\mfehidk.sys
21:15:32.0338 3864 mfehidk - ok
21:15:32.0385 3864 mfenlfk (805b04f90e734e0580efd41fe47b0847) C:\Windows\system32\DRIVERS\mfenlfk.sys
21:15:32.0509 3864 mfenlfk - ok
21:15:32.0541 3864 mferkdet (ef04236d1a4f9f672b5258de83e2ee35) C:\Windows\system32\drivers\mferkdet.sys
21:15:32.0650 3864 mferkdet - ok
21:15:32.0681 3864 mfetdik (d5a4b1ae4958ccfc66c1d17c1f42ba08) C:\Windows\system32\drivers\mfetdik.sys
21:15:32.0806 3864 mfetdik - ok
21:15:32.0821 3864 mfevtp (fe2546e790e2e38e404b136c8bd25b8b) C:\Windows\system32\mfevtps.exe
21:15:32.0946 3864 mfevtp - ok
21:15:33.0040 3864 Microsoft SharePoint Workspace Audit Service - ok
21:15:33.0071 3864 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:15:33.0087 3864 MMCSS - ok
21:15:33.0102 3864 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:15:33.0118 3864 Modem - ok
21:15:33.0165 3864 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:15:33.0165 3864 monitor - ok
21:15:33.0180 3864 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
21:15:33.0196 3864 mouclass - ok
21:15:33.0211 3864 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:15:33.0211 3864 mouhid - ok
21:15:33.0243 3864 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
21:15:33.0243 3864 mountmgr - ok
21:15:33.0274 3864 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
21:15:33.0289 3864 mpio - ok
21:15:33.0321 3864 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:15:33.0336 3864 mpsdrv - ok
21:15:33.0414 3864 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
21:15:33.0414 3864 MpsSvc - ok
21:15:33.0461 3864 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
21:15:33.0461 3864 MRxDAV - ok
21:15:33.0508 3864 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:15:33.0508 3864 mrxsmb - ok
21:15:33.0570 3864 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:15:33.0570 3864 mrxsmb10 - ok
21:15:33.0601 3864 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:15:33.0601 3864 mrxsmb20 - ok
21:15:33.0617 3864 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
21:15:33.0633 3864 msahci - ok
21:15:33.0664 3864 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
21:15:33.0679 3864 msdsm - ok
21:15:33.0711 3864 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
21:15:33.0726 3864 MSDTC - ok
21:15:33.0789 3864 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:15:33.0789 3864 Msfs - ok
21:15:33.0804 3864 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:15:33.0820 3864 mshidkmdf - ok
21:15:33.0835 3864 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
21:15:33.0851 3864 msisadrv - ok
21:15:33.0898 3864 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
21:15:33.0913 3864 MSiSCSI - ok
21:15:33.0929 3864 msiserver - ok
21:15:33.0945 3864 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:15:33.0960 3864 MSKSSRV - ok
21:15:33.0991 3864 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:15:34.0007 3864 MSPCLOCK - ok
21:15:34.0023 3864 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:15:34.0038 3864 MSPQM - ok
21:15:34.0085 3864 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:15:34.0085 3864 MsRPC - ok
21:15:34.0116 3864 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
21:15:34.0116 3864 mssmbios - ok
21:15:34.0132 3864 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:15:34.0147 3864 MSTEE - ok
21:15:34.0163 3864 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:15:34.0179 3864 MTConfig - ok
21:15:34.0194 3864 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:15:34.0194 3864 Mup - ok
21:15:34.0225 3864 NAL (428c611928df3e96538a482117e659f7) C:\Windows\system32\Drivers\iqvw32.sys
21:15:34.0662 3864 NAL - ok
21:15:34.0725 3864 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
21:15:34.0725 3864 napagent - ok
21:15:34.0787 3864 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:15:34.0803 3864 NativeWifiP - ok
21:15:34.0865 3864 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
21:15:34.0881 3864 NDIS - ok
21:15:34.0896 3864 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:15:34.0912 3864 NdisCap - ok
21:15:34.0943 3864 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:15:34.0959 3864 NdisTapi - ok
21:15:34.0974 3864 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
21:15:34.0990 3864 Ndisuio - ok
21:15:35.0021 3864 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
21:15:35.0037 3864 NdisWan - ok
21:15:35.0052 3864 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
21:15:35.0068 3864 NDProxy - ok
21:15:35.0115 3864 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
21:15:35.0208 3864 Net Driver HPZ12 - ok
21:15:35.0224 3864 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:15:35.0239 3864 NetBIOS - ok
21:15:35.0271 3864 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
21:15:35.0286 3864 NetBT - ok
21:15:35.0333 3864 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
21:15:35.0333 3864 Netlogon - ok
21:15:35.0380 3864 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
21:15:35.0411 3864 Netman - ok
21:15:35.0442 3864 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
21:15:35.0458 3864 netprofm - ok
21:15:35.0551 3864 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:15:35.0567 3864 NetTcpPortSharing - ok
21:15:35.0988 3864 NETw5s32 (ef51b405ad8acaae6f0231290d20f516) C:\Windows\system32\DRIVERS\NETw5s32.sys
21:15:36.0207 3864 NETw5s32 - ok
21:15:36.0331 3864 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:15:36.0347 3864 nfrd960 - ok
21:15:36.0394 3864 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
21:15:36.0409 3864 NlaSvc - ok
21:15:36.0487 3864 NPF (b9730495e0cf674680121e34bd95a73b) C:\Windows\system32\drivers\npf.sys
21:15:36.0737 3864 NPF - ok
21:15:36.0768 3864 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:15:36.0768 3864 Npfs - ok
21:15:36.0784 3864 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
21:15:36.0799 3864 nsi - ok
21:15:36.0815 3864 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:15:36.0831 3864 nsiproxy - ok
21:15:36.0955 3864 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
21:15:36.0971 3864 Ntfs - ok
21:15:37.0096 3864 NuidFltr (37be10ff10a92031fc5a01e8363925cc) C:\Windows\system32\DRIVERS\NuidFltr.sys
21:15:37.0221 3864 NuidFltr - ok
21:15:37.0252 3864 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:15:37.0267 3864 Null - ok
21:15:37.0299 3864 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
21:15:37.0455 3864 nvraid - ok
21:15:37.0501 3864 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
21:15:37.0767 3864 nvstor - ok
21:15:37.0813 3864 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
21:15:37.0829 3864 nv_agp - ok
21:15:37.0860 3864 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
21:15:37.0876 3864 ohci1394 - ok
21:15:37.0938 3864 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:15:38.0079 3864 ose - ok
21:15:38.0437 3864 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:15:38.0609 3864 osppsvc - ok
21:15:38.0812 3864 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:15:38.0812 3864 p2pimsvc - ok
21:15:38.0859 3864 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
21:15:38.0874 3864 p2psvc - ok
21:15:38.0921 3864 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:15:38.0937 3864 Parport - ok
21:15:38.0983 3864 partmgr (66d3415c159741ade7038a277efff99f) C:\Windows\system32\drivers\partmgr.sys
21:15:38.0999 3864 partmgr - ok
21:15:39.0015 3864 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:15:39.0030 3864 Parvdm - ok
21:15:39.0124 3864 PassThru Service (39b9dcd7040654c2e57d7396736c718e) C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
21:15:39.0249 3864 PassThru Service - ok
21:15:39.0280 3864 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
21:15:39.0295 3864 PcaSvc - ok
21:15:39.0327 3864 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
21:15:39.0342 3864 pci - ok
21:15:39.0358 3864 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
21:15:39.0373 3864 pciide - ok
21:15:39.0405 3864 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:15:39.0420 3864 pcmcia - ok
21:15:39.0436 3864 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:15:39.0451 3864 pcw - ok
21:15:39.0498 3864 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:15:39.0529 3864 PEAUTH - ok
21:15:39.0639 3864 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
21:15:39.0654 3864 PeerDistSvc - ok
21:15:39.0826 3864 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
21:15:39.0873 3864 pla - ok
21:15:40.0044 3864 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
21:15:40.0138 3864 PlugPlay - ok
21:15:40.0263 3864 PMBDeviceInfoProvider (ae6c778717de2f6b0c0b5335036d3363) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
21:15:40.0419 3864 PMBDeviceInfoProvider - ok
21:15:40.0481 3864 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
21:15:40.0559 3864 Pml Driver HPZ12 - ok
21:15:40.0606 3864 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
21:15:40.0621 3864 PNRPAutoReg - ok
21:15:40.0653 3864 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:15:40.0668 3864 PNRPsvc - ok
21:15:40.0715 3864 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys
21:15:40.0824 3864 Point32 - ok
21:15:40.0888 3864 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
21:15:40.0903 3864 PolicyAgent - ok
21:15:40.0950 3864 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
21:15:40.0966 3864 Power - ok
21:15:40.0997 3864 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:15:41.0012 3864 PptpMiniport - ok
21:15:41.0044 3864 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:15:41.0044 3864 Processor - ok
21:15:41.0090 3864 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
21:15:41.0106 3864 ProfSvc - ok
21:15:41.0153 3864 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
21:15:41.0153 3864 ProtectedStorage - ok
21:15:41.0184 3864 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:15:41.0184 3864 Psched - ok
21:15:41.0215 3864 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
21:15:41.0215 3864 PxHelp20 - ok
21:15:41.0324 3864 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:15:41.0371 3864 ql2300 - ok
21:15:41.0496 3864 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:15:41.0512 3864 ql40xx - ok
21:15:41.0558 3864 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
21:15:41.0574 3864 QWAVE - ok
21:15:41.0590 3864 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:15:41.0605 3864 QWAVEdrv - ok
21:15:41.0714 3864 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
21:15:41.0902 3864 RapportCerberus_34302 - ok
21:15:41.0980 3864 RapportEI (43b9aa1423bf54367c5a3de1559780e8) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
21:15:42.0198 3864 RapportEI - ok
21:15:42.0292 3864 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\programdata\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
21:15:42.0432 3864 RapportIaso - ok
21:15:42.0463 3864 RapportKELL (118600ab8f15fe27f2c865f3fb4efa58) C:\Windows\system32\Drivers\RapportKELL.sys
21:15:42.0463 3864 RapportKELL - ok
21:15:42.0604 3864 RapportMgmtService (d9ef54568fafcb4be4637068e768409a) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
21:15:42.0760 3864 RapportMgmtService - ok
21:15:42.0822 3864 RapportPG (4af05a67b643a5190dfcbb793273e0bc) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
21:15:43.0103 3864 RapportPG - ok
21:15:43.0243 3864 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:15:43.0259 3864 RasAcd - ok
21:15:43.0290 3864 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:15:43.0306 3864 RasAgileVpn - ok
21:15:43.0352 3864 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
21:15:43.0368 3864 RasAuto - ok
21:15:43.0415 3864 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:15:43.0415 3864 Rasl2tp - ok
21:15:43.0493 3864 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
21:15:43.0524 3864 RasMan - ok
21:15:43.0555 3864 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:15:43.0571 3864 RasPppoe - ok
21:15:43.0602 3864 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:15:43.0602 3864 RasSstp - ok
21:15:43.0649 3864 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
21:15:43.0649 3864 rdbss - ok
21:15:43.0680 3864 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:15:43.0680 3864 rdpbus - ok
21:15:43.0711 3864 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:15:43.0727 3864 RDPCDD - ok
21:15:43.0774 3864 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
21:15:43.0789 3864 RDPDR - ok
21:15:43.0805 3864 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:15:43.0805 3864 RDPENCDD - ok
21:15:43.0852 3864 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:15:43.0867 3864 RDPREFMP - ok
21:15:43.0914 3864 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\Windows\system32\drivers\RDPWD.sys
21:15:44.0164 3864 RDPWD - ok
21:15:44.0226 3864 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
21:15:44.0226 3864 rdyboost - ok
21:15:44.0273 3864 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
21:15:44.0288 3864 RemoteAccess - ok
21:15:44.0335 3864 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
21:15:44.0351 3864 RemoteRegistry - ok
21:15:44.0382 3864 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
21:15:44.0398 3864 RFCOMM - ok
21:15:44.0491 3864 rpcapd (a780d3eaa74582ea1deb6bd9c7a3d9c9) C:\Program Files\WinPcap\rpcapd.exe
21:15:44.0663 3864 rpcapd - ok
21:15:44.0710 3864 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
21:15:44.0725 3864 RpcEptMapper - ok
21:15:44.0756 3864 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
21:15:44.0772 3864 RpcLocator - ok
21:15:44.0819 3864 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
21:15:44.0819 3864 RpcSs - ok
21:15:44.0850 3864 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:15:44.0866 3864 rspndr - ok
21:15:44.0944 3864 RUBotSrv (a0eea6f631349d0e0b7a6caa7e099cb0) C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
21:15:45.0146 3864 RUBotSrv - ok
21:15:45.0193 3864 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
21:15:45.0209 3864 s3cap - ok
21:15:45.0256 3864 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
21:15:45.0256 3864 SamSs - ok
21:15:45.0334 3864 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:15:45.0458 3864 SASDIFSV - ok
21:15:45.0505 3864 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:15:45.0614 3864 SASKUTIL - ok
21:15:45.0646 3864 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
21:15:45.0661 3864 sbp2port - ok
21:15:45.0708 3864 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
21:15:45.0724 3864 SCardSvr - ok
21:15:45.0755 3864 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
21:15:45.0770 3864 scfilter - ok
21:15:45.0864 3864 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
21:15:45.0989 3864 Schedule - ok
21:15:46.0020 3864 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
21:15:46.0036 3864 SCPolicySvc - ok
21:15:46.0145 3864 ScriptLogic CBM Service (8140203b5d8a78fabf5b42a19ec19357) C:\Program Files\ScriptLogic\Desktop Authority\Client Files\8.08004.63486\CBM\ScriptLogic.CBM.Agent.exe
21:15:46.0270 3864 ScriptLogic CBM Service - ok
21:15:46.0316 3864 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\DRIVERS\sdbus.sys
21:15:46.0550 3864 sdbus - ok
21:15:46.0582 3864 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
21:15:46.0613 3864 SDRSVC - ok
21:15:46.0628 3864 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:15:46.0644 3864 secdrv - ok
21:15:46.0660 3864 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
21:15:46.0675 3864 seclogon - ok
21:15:46.0722 3864 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
21:15:46.0722 3864 SENS - ok
21:15:46.0753 3864 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
21:15:46.0769 3864 SensrSvc - ok
21:15:46.0816 3864 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:15:46.0831 3864 Serenum - ok
21:15:46.0862 3864 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:15:46.0862 3864 Serial - ok
21:15:46.0894 3864 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:15:46.0909 3864 sermouse - ok
21:15:46.0987 3864 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
21:15:47.0003 3864 SessionEnv - ok
21:15:47.0018 3864 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
21:15:47.0034 3864 sffdisk - ok
21:15:47.0065 3864 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:15:47.0065 3864 sffp_mmc - ok
21:15:47.0096 3864 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:15:47.0221 3864 sffp_sd - ok
21:15:47.0252 3864 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:15:47.0252 3864 sfloppy - ok
21:15:47.0330 3864 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
21:15:47.0346 3864 SharedAccess - ok
21:15:47.0393 3864 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
21:15:47.0408 3864 ShellHWDetection - ok
21:15:47.0440 3864 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
21:15:47.0455 3864 sisagp - ok
21:15:47.0486 3864 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:15:47.0486 3864 SiSRaid2 - ok
21:15:47.0518 3864 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:15:47.0533 3864 SiSRaid4 - ok
21:15:47.0830 3864 Skype C2C Service (192d93ee7ae6a3c599c96cd8d736e914) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
21:15:48.0048 3864 Skype C2C Service - ok
21:15:48.0142 3864 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
21:15:53.0024 3864 SkypeUpdate - ok
21:15:53.0087 3864 SLClient (61181eefb05eaf1c3e131af44f121be6) C:\Program Files\ScriptLogic\Desktop Authority\Client Files\8.08004.63486\SLClient.exe
21:15:53.0180 3864 SLClient - ok
21:15:53.0305 3864 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:15:53.0321 3864 Smb - ok
21:15:53.0414 3864 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
21:15:53.0430 3864 SNMPTRAP - ok
21:15:53.0446 3864 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:15:53.0446 3864 spldr - ok
21:15:53.0492 3864 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
21:15:53.0633 3864 Spooler - ok
21:15:53.0867 3864 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
21:15:53.0960 3864 sppsvc - ok
21:15:54.0054 3864 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
21:15:54.0054 3864 sppuinotify - ok
21:15:54.0116 3864 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
21:15:54.0132 3864 srv - ok
21:15:54.0179 3864 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
21:15:54.0179 3864 srv2 - ok
21:15:54.0210 3864 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
21:15:54.0210 3864 srvnet - ok
21:15:54.0241 3864 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
21:15:54.0257 3864 SSDPSRV - ok
21:15:54.0288 3864 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
21:15:54.0304 3864 SstpSvc - ok
21:15:54.0382 3864 STacSV (7aefc130355aa99307b31ee678614380) C:\Program Files\IDT\WDM\STacSV.exe
21:15:54.0553 3864 STacSV - ok
21:15:54.0584 3864 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:15:54.0600 3864 stexstor - ok
21:15:54.0662 3864 STHDA (ec4b4125ba14f7436b1740f63f7bff21) C:\Windows\system32\DRIVERS\stwrt.sys
21:15:54.0865 3864 STHDA - ok
21:15:54.0928 3864 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
21:15:54.0928 3864 StillCam - ok
21:15:54.0990 3864 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
21:15:55.0021 3864 StiSvc - ok
21:15:55.0052 3864 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
21:15:55.0052 3864 storflt - ok
21:15:55.0084 3864 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
21:15:55.0193 3864 StorSvc - ok
21:15:55.0208 3864 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
21:15:55.0224 3864 storvsc - ok
21:15:55.0240 3864 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
21:15:55.0255 3864 swenum - ok
21:15:55.0364 3864 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:15:55.0520 3864 SwitchBoard - ok
21:15:55.0583 3864 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
21:15:55.0598 3864 swprv - ok
21:15:55.0692 3864 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
21:15:55.0708 3864 SysMain - ok
21:15:55.0739 3864 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
21:15:55.0754 3864 TabletInputService - ok
21:15:55.0817 3864 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
21:15:55.0942 3864 taphss - ok
21:15:55.0988 3864 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
21:15:56.0004 3864 TapiSrv - ok
21:15:56.0035 3864 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
21:15:56.0035 3864 TBS - ok
21:15:56.0160 3864 Tcpip (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\drivers\tcpip.sys
21:15:56.0191 3864 Tcpip - ok
21:15:56.0378 3864 TCPIP6 (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\DRIVERS\tcpip.sys
21:15:56.0394 3864 TCPIP6 - ok
21:15:56.0519 3864 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
21:15:56.0534 3864 tcpipreg - ok
21:15:56.0581 3864 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
21:15:56.0581 3864 TDPIPE - ok
21:15:56.0628 3864 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
21:15:56.0862 3864 TDTCP - ok
21:15:56.0924 3864 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
21:15:56.0940 3864 tdx - ok
21:15:56.0971 3864 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
21:15:56.0971 3864 TermDD - ok
21:15:57.0049 3864 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
21:15:57.0065 3864 TermService - ok
21:15:57.0096 3864 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
21:15:57.0112 3864 Themes - ok
21:15:57.0158 3864 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:15:57.0158 3864 THREADORDER - ok
21:15:57.0190 3864 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
21:15:57.0205 3864 TrkWks - ok
21:15:57.0252 3864 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
21:15:57.0268 3864 TrustedInstaller - ok
21:15:57.0314 3864 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:15:57.0314 3864 tssecsrv - ok
21:15:57.0424 3864 TuneUp.Defrag (2a3e1ee21d4d8e779e61e1921b329f83) C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
21:15:57.0580 3864 TuneUp.Defrag - ok
21:15:57.0689 3864 TuneUp.UtilitiesSvc (03f6f5043f9cec86aa901369b1953293) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
21:15:57.0704 3864 TuneUp.UtilitiesSvc - ok
21:15:57.0736 3864 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
21:15:57.0938 3864 TuneUpUtilitiesDrv - ok
21:15:58.0079 3864 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
21:15:58.0094 3864 tunnel - ok
21:15:58.0141 3864 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:15:58.0141 3864 uagp35 - ok
21:15:58.0188 3864 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
21:15:58.0204 3864 udfs - ok
21:15:58.0297 3864 UDisk Monitor (7b47b3b69bd9579ca5d6acf26c18fe86) C:\Program Files\Orange\bin\MonServiceUDisk.exe
21:15:58.0531 3864 UDisk Monitor - ok
21:15:58.0609 3864 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
21:15:58.0625 3864 UI0Detect - ok
21:15:58.0656 3864 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:15:58.0672 3864 uliagpkx - ok
21:15:58.0703 3864 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
21:15:58.0718 3864 umbus - ok
21:15:58.0734 3864 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:15:58.0750 3864 UmPass - ok
21:15:58.0796 3864 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll
21:15:58.0796 3864 UmRdpService - ok
21:15:58.0843 3864 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
21:15:58.0859 3864 upnphost - ok
21:15:58.0921 3864 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
21:15:59.0171 3864 USBAAPL - ok
21:15:59.0233 3864 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
21:15:59.0233 3864 usbaudio - ok
21:15:59.0280 3864 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
21:15:59.0420 3864 usbccgp - ok
21:15:59.0452 3864 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
21:15:59.0467 3864 usbcir - ok
21:15:59.0514 3864 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\drivers\usbehci.sys
21:15:59.0717 3864 usbehci - ok
21:15:59.0779 3864 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
21:16:00.0013 3864 usbhub - ok
21:16:00.0107 3864 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
21:16:00.0356 3864 usbohci - ok
21:16:00.0403 3864 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:16:00.0403 3864 usbprint - ok
21:16:00.0466 3864 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
21:16:00.0466 3864 usbscan - ok
21:16:00.0512 3864 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:16:00.0731 3864 USBSTOR - ok
21:16:00.0762 3864 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
21:16:00.0980 3864 usbuhci - ok
21:16:01.0027 3864 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys
21:16:01.0261 3864 usbvideo - ok
21:16:01.0292 3864 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
21:16:01.0308 3864 usb_rndisx - ok
21:16:01.0339 3864 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
21:16:01.0355 3864 UxSms - ok
21:16:01.0402 3864 UxTuneUp (9c96639537cacff5b2e0256998df3c21) C:\Windows\System32\uxtuneup.dll
21:16:01.0480 3864 UxTuneUp - ok
21:16:01.0526 3864 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
21:16:01.0542 3864 VaultSvc - ok
21:16:01.0558 3864 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:16:01.0573 3864 vdrvroot - ok
21:16:01.0620 3864 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
21:16:01.0651 3864 vds - ok
21:16:01.0682 3864 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:16:01.0698 3864 vga - ok
21:16:01.0714 3864 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:16:01.0729 3864 VgaSave - ok
21:16:01.0776 3864 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
21:16:01.0792 3864 vhdmp - ok
21:16:01.0838 3864 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
21:16:01.0854 3864 viaagp - ok
21:16:01.0885 3864 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:16:01.0885 3864 ViaC7 - ok
21:16:01.0916 3864 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
21:16:01.0932 3864 viaide - ok
21:16:01.0963 3864 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
21:16:01.0979 3864 vmbus - ok
21:16:02.0010 3864 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
21:16:02.0026 3864 VMBusHID - ok
21:16:02.0057 3864 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
21:16:02.0057 3864 volmgr - ok
21:16:02.0104 3864 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:16:02.0119 3864 volmgrx - ok
21:16:02.0166 3864 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
21:16:02.0166 3864 volsnap - ok
21:16:02.0197 3864 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:16:02.0213 3864 vsmraid - ok
21:16:02.0306 3864 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
21:16:02.0322 3864 VSS - ok
21:16:02.0353 3864 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
21:16:02.0369 3864 vwifibus - ok
21:16:02.0400 3864 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
21:16:02.0416 3864 vwififlt - ok
21:16:02.0447 3864 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
21:16:02.0447 3864 vwifimp - ok
21:16:02.0525 3864 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
21:16:02.0540 3864 W32Time - ok
21:16:02.0603 3864 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:16:02.0603 3864 WacomPen - ok
21:16:02.0650 3864 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
21:16:02.0665 3864 WANARP - ok
21:16:02.0681 3864 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
21:16:02.0696 3864 Wanarpv6 - ok
21:16:02.0806 3864 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
21:16:02.0930 3864 WatAdminSvc - ok
21:16:03.0133 3864 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
21:16:03.0180 3864 wbengine - ok
21:16:03.0211 3864 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
21:16:03.0227 3864 WbioSrvc - ok
21:16:03.0289 3864 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
21:16:03.0414 3864 wcncsvc - ok
21:16:03.0445 3864 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
21:16:03.0461 3864 WcsPlugInService - ok
21:16:03.0508 3864 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:16:03.0523 3864 Wd - ok
21:16:03.0570 3864 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:16:03.0586 3864 Wdf01000 - ok
21:16:03.0617 3864 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:16:03.0632 3864 WdiServiceHost - ok
21:16:03.0648 3864 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:16:03.0648 3864 WdiSystemHost - ok
21:16:03.0710 3864 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
21:16:03.0820 3864 WebClient - ok
21:16:03.0866 3864 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
21:16:03.0882 3864 Wecsvc - ok
21:16:03.0929 3864 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
21:16:03.0929 3864 wercplsupport - ok
21:16:03.0976 3864 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
21:16:03.0991 3864 WerSvc - ok
21:16:04.0007 3864 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:16:04.0022 3864 WfpLwf - ok
21:16:04.0054 3864 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:16:04.0054 3864 WIMMount - ok
21:16:04.0163 3864 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
21:16:04.0178 3864 WinDefend - ok
21:16:04.0210 3864 WinHttpAutoProxySvc - ok
21:16:04.0288 3864 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
21:16:04.0288 3864 Winmgmt - ok
21:16:04.0412 3864 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
21:16:04.0459 3864 WinRM - ok
21:16:04.0553 3864 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys
21:16:04.0568 3864 WinUsb - ok
21:16:04.0646 3864 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
21:16:04.0662 3864 Wlansvc - ok
21:16:04.0709 3864 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:16:04.0709 3864 WmiAcpi - ok
21:16:04.0771 3864 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
21:16:04.0771 3864 wmiApSrv - ok
21:16:04.0912 3864 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:16:04.0943 3864 WMPNetworkSvc - ok
21:16:05.0052 3864 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
21:16:05.0068 3864 WPCSvc - ok
21:16:05.0099 3864 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
21:16:05.0114 3864 WPDBusEnum - ok
21:16:05.0146 3864 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:16:05.0161 3864 ws2ifsl - ok
21:16:05.0208 3864 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
21:16:05.0348 3864 WsAudio_DeviceS(1) - ok
21:16:05.0395 3864 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
21:16:05.0520 3864 WsAudio_DeviceS(2) - ok
21:16:05.0567 3864 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
21:16:05.0692 3864 WsAudio_DeviceS(3) - ok
21:16:05.0723 3864 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
21:16:05.0832 3864 WsAudio_DeviceS(4) - ok
21:16:05.0863 3864 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
21:16:05.0972 3864 WsAudio_DeviceS(5) - ok
21:16:06.0019 3864 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\system32\wscsvc.dll
21:16:06.0097 3864 wscsvc - ok
21:16:06.0113 3864 WSearch - ok
21:16:06.0300 3864 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
21:16:06.0347 3864 wuauserv - ok
21:16:06.0487 3864 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
21:16:06.0503 3864 WudfPf - ok
21:16:06.0534 3864 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:16:06.0550 3864 WUDFRd - ok
21:16:06.0596 3864 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
21:16:06.0612 3864 wudfsvc - ok
21:16:06.0659 3864 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
21:16:06.0674 3864 WwanSvc - ok
21:16:06.0752 3864 ztemtusbser (0032c7cd295fb084862785f219970329) C:\Windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys
21:16:06.0986 3864 ztemtusbser - ok
21:16:07.0158 3864 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:16:07.0782 3864 \Device\Harddisk0\DR0 - ok
21:16:07.0782 3864 Boot (0x1200) (768a079fa0b2ff5d96830867bfdfd74b) \Device\Harddisk0\DR0\Partition0
21:16:07.0782 3864 \Device\Harddisk0\DR0\Partition0 - ok
21:16:07.0829 3864 Boot (0x1200) (7d8361a69758f599917eb268e5926532) \Device\Harddisk0\DR0\Partition1
21:16:07.0829 3864 \Device\Harddisk0\DR0\Partition1 - ok
21:16:07.0844 3864 Boot (0x1200) (ee03fd3c635da76e6fbd254d294d3cbd) \Device\Harddisk0\DR0\Partition2
21:16:07.0844 3864 \Device\Harddisk0\DR0\Partition2 - ok
21:16:07.0844 3864 ============================================================
21:16:07.0844 3864 Scan finished
21:16:07.0844 3864 ============================================================
21:16:07.0860 5052 Detected object count: 0
21:16:07.0860 5052 Actual detected object count: 0
21:16:33.0350 5188 Deinitialize success


I downloaded AVAST and the updated definitions. AVAST started to run and then stopped working/crashed - giving a dialogue box to close the programme the following information:
Problem signature:
Problem Event Name: APPCRASH
Application Name: aswMBR.exe
Application Version: 0.9.9.1665
Application Timestamp: 4f5f9c86
Fault Module Name: ntdll.dll
Fault Module Version: 6.1.7600.16915
Fault Module Timestamp: 4ec49caf
Exception Code: c0000005
Exception Offset: 00051e86
OS Version: 6.1.7600.2.0.0.256.48
Locale ID: 2057
Additional Information 1: 0a9e
Additional Information 2: 0a9e372d3b4ad19135b953a78882e789
Additional Information 3: 0a9e
Additional Information 4: 0a9e372d3b4ad19135b953a78882e789


Should I try running AVAST again?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,259 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:36 AM

Posted 17 May 2012 - 06:51 AM

Delete your version of aswMBR and any files/folder related to AVAST.

Download aswMRB again but this time do not download AVAST.

if that fails.

Delete your version for ComboFix.exe

Download ComboFix from any of the links below but rename it to iexplore.exe before saving it to your desktop. <- Important.

Link 1
Link 2
==================================

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    Double click on the renamed ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click combofix's window while it's running. That may cause it to stall
====

#7 AndrewOS

AndrewOS
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 21 May 2012 - 01:41 AM

weird. I sent a reply to this on 17th May (with attachments) and it clearly has not arrived! So below (apart from the attachment) is from memory.

Deleted asWMB & related folders. Downloaded asWMBR again - without downloading AVAST update. Similar result to before (can't remember the details) - with AsWMBR closing and no log file produced.
Deleted previous ComboFix, re-downloaded from link, renamed it iexplore.exe before saving it in "desktop". ComboFix cycled through the stages (no requirement for Recovery Console) and on rebotting produced the log file attached. I have a feeling that there were again issues with McAfee AV re-enabling itself. Curiously the iexplore file on my desktop has renamed itself back to ComboFix.

Thanks.

Attached Files


Edited by AndrewOS, 21 May 2012 - 01:43 AM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,259 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:36 AM

Posted 21 May 2012 - 08:07 AM

Please download and run this Sophos Anti-Rootkit
http://www.sophos.com/en-us/products/free-tools/sophos-anti-rootkit.aspx

Post the log if you can.

#9 AndrewOS

AndrewOS
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 21 May 2012 - 11:45 PM

Sophos installed fine: no threats detected ... so as far as I can tell/find ... no log produced.

Does this mean the computer's clean?

Thanks, again.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,259 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:36 AM

Posted 22 May 2012 - 08:26 AM

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

ComboFix was updated recently. Delete the ComboFix.exe and download the new version.

Run it and post the log for my review.

#11 AndrewOS

AndrewOS
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 22 May 2012 - 12:56 PM

Ran the security check: log as follows ...

Results of screen317's Security Check version 0.99.34
Windows 7 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
McAfee VirusScan Enterprise
Sophos Virus Removal Tool
McAfee AntiSpyware Enterprise Module
McAfee Agent
Trend Micro RUBotted 2.0 Beta
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

McAfee AntiSpyware Enterprise Module
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.61.0.1400
TuneUp Utilities
TuneUp Utilities Language Pack (en-GB)
TuneUp Utilities
CCleaner
Java™ 6 Update 31
Java version out of date!
Adobe Flash Player 11.2.202.235
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (3.6.18) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

McAfee VirusScan Enterprise EngineServer.exe
McAfee VirusScan Enterprise VsTskMgr.exe
McAfee VirusScan Enterprise Mcshield.exe
McAfee VirusScan Enterprise mfeann.exe
McAfee VirusScan Enterprise shstat.exe
Trend Micro RUBotted RUBotSrv.exe
Trend Micro RUBotted RUBottedGUI.exe
``````````End of Log````````````


Then deleted old ComboFix, downloaded again and updated to new version of ComboFix. I figured you would have said "rename it to iexplore" if you had wanted me to do so .. so I instead saved the file as ComboFix on the desktop as per original instructions. Disabled McAfee and ran ComboFix. This time it seemed to work fine, no issues with McAfee re-enabling, no crashing of ComboFix and a log was produced (attached). However, and I knew I should have waited to do all of this until the morning, as I closed the ComboFix.txt file there appeared a dialogue box stating "C:\ProgramFile\InternetExplorer\iexplore.exe" "illegal operation on a registry key iexplore that had been marked for deletion". It gave only one option in the dialogue box .. that of "OK". In my tiredness I assumed this was something to so with the "renaming" of ComboFix that we had done previously .. so I just clicked OK. And of course the Internet Explore.exe icon was deleted and I couldn't access IE9 anymore. So I've just used system restore to restore windows/setttings to the last restore point - which happened to be earlier today. On rebooting the IE9 icon had returned and I'm able to access IE9 and the internet no problem.

I assume the security check & ComboFix logs (here) are still relevant despire reverting to a slightly earlier system state.

Attached Files



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,259 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:36 AM

Posted 22 May 2012 - 01:20 PM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 31


===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

Your logs are clean.

Any remaining issues with this computer?

#13 AndrewOS

AndrewOS
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 22 May 2012 - 02:36 PM

No more issues as far as I'm aware of. Good to know the logs are clean.

Thank you so much for your help and patience ... really appreciated.

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,259 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:36 AM

Posted 23 May 2012 - 07:55 AM

Glad we could help.

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

#15 AndrewOS

AndrewOS
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 23 May 2012 - 08:25 AM

err ... I stoooopidly deleted ComboFix.exe on the desktop before I saw you reply. So of course the housekeeping uninstall will not now work. What do you suggest (other than I follow your instructions properly in future !)?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users