Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smart Fortress 2012 and associated probles


  • This topic is locked This topic is locked
12 replies to this topic

#1 conmat

conmat

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 18 May 2012 - 09:49 PM

I got infected with the Smart Fortress 2012 yesterday. It screwed up my computer and I believe(but not 100%) that it has somehow blocked access to the net from the network in the office.
I have downloaded Mbam.exe and ran it. After several tries of getting it going it cleaned off some infections. I then was able to delete the icons for the Smart Fortress 2012.
As I have previously done in the past on other computer I ran combofix.exe. This started to load up but I got an error message C:\32788R22FWJFW\licence\ieexplorer.exe. I then researched on line and deleted the download and downloaded it again and saved to desktop as combo-fix.It still would not run.

I have downloaded Rogue killer and ran it and it cleaned up a few problems.
Lastly I have downloaded and ran TDSSkiller and it found this Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7

I still cannot get Combofix up and going which leads me to believe there is still a nasty somewhere.
I include logs of mbam, Rogue Killer and TDSSKiller

Help would be greatly appreciated.

Mbam.exe logs
2012/05/19 06:39:28 +1000 TOMDALTON-PC Tom Dalton MESSAGE Starting protection
2012/05/19 06:39:36 +1000 TOMDALTON-PC Tom Dalton MESSAGE Protection started successfully
2012/05/19 06:39:40 +1000 TOMDALTON-PC Tom Dalton MESSAGE Starting IP protection
2012/05/19 06:39:40 +1000 TOMDALTON-PC Tom Dalton ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/05/19 07:00:49 +1000 TOMDALTON-PC Tom Dalton MESSAGE Starting database refresh
2012/05/19 07:00:53 +1000 TOMDALTON-PC Tom Dalton MESSAGE Database refreshed successfully
2012/05/19 07:12:02 +1000 TOMDALTON-PC Tom Dalton MESSAGE Starting protection
2012/05/19 07:12:06 +1000 TOMDALTON-PC Tom Dalton MESSAGE Protection started successfully
2012/05/19 07:12:09 +1000 TOMDALTON-PC Tom Dalton MESSAGE Starting IP protection
2012/05/19 07:12:09 +1000 TOMDALTON-PC Tom Dalton ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/05/19 07:13:56 +1000 TOMDALTON-PC Tom Dalton DETECTION C:\Users\Tom Dalton\AppData\Local\{e133114d-9aa4-69d5-aef3-f6a18386deaf}\n Trojan.Dropper.PE4 ALLOW
2012/05/19 08:53:54 +1000 TOMDALTON-PC Tom Dalton DETECTION C:\Users\Tom Dalton\AppData\Local\{e133114d-9aa4-69d5-aef3-f6a18386deaf}\n Trojan.Dropper.PE4 ALLOW
2012/05/19 09:31:49 +1000 TOMDALTON-PC Tom Dalton DETECTION C:\Users\Tom Dalton\AppData\Local\{e133114d-9aa4-69d5-aef3-f6a18386deaf}\n Trojan.Dropper.PE4 ALLOW
2012/05/19 10:32:11 +1000 TOMDALTON-PC Tom Dalton MESSAGE Starting protection
2012/05/19 10:32:11 +1000 TOMDALTON-PC Tom Dalton MESSAGE Executing scheduled update: Daily
2012/05/19 10:32:15 +1000 TOMDALTON-PC Tom Dalton MESSAGE Protection started successfully
2012/05/19 10:32:18 +1000 TOMDALTON-PC Tom Dalton MESSAGE Starting IP protection
2012/05/19 10:32:18 +1000 TOMDALTON-PC Tom Dalton ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/05/19 10:32:48 +1000 TOMDALTON-PC Tom Dalton ERROR Scheduled update failed: Host not found failed with error code 0
2012/05/19 10:48:54 +1000 TOMDALTON-PC Tom Dalton DETECTION C:\Users\Tom Dalton\AppData\Local\{e133114d-9aa4-69d5-aef3-f6a18386deaf}\n Trojan.Dropper.PE4 ALLOW
2012/05/19 11:00:20 +1000 TOMDALTON-PC Tom Dalton DETECTION C:\Users\Tom Dalton\AppData\Local\{e133114d-9aa4-69d5-aef3-f6a18386deaf}\n Trojan.Dropper.PE4 ALLOW


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.18.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Tom Dalton :: TOMDALTON-PC [administrator]

Protection: Disabled

19/05/2012 8:02:25 AM
mbam-log-2012-05-19 (08-02-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234993
Time elapsed: 8 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.18.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Tom Dalton :: TOMDALTON-PC [administrator]

Protection: Disabled

19/05/2012 7:16:53 AM
mbam-log-2012-05-19 (07-16-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235874
Time elapsed: 8 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.18.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Tom Dalton :: TOMDALTON-PC [administrator]

Protection: Enabled

19/05/2012 7:01:29 AM
mbam-log-2012-05-19 (07-01-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 236118
Time elapsed: 6 minute(s), 4 second(s)

Memory Processes Detected: 1
C:\Users\Tom Dalton\AppData\Local\PSFactoryBuffer\PSFactoryBuffer.exe (Trojan.Agent.H) -> 4756 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Fortress 2012 (Trojan.LameShield) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|PSFactoryBuffer (Trojan.Agent.H) -> Data: "C:\Users\Tom Dalton\AppData\Local\PSFactoryBuffer\PSFactoryBuffer.exe" /c -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Tom Dalton\AppData\Local\PSFactoryBuffer\PSFactoryBuffer.exe (Trojan.Agent.H) -> Delete on reboot.
C:\ProgramData\B7E8586B016EF65A03E2E906B4EB238B\B7E8586B016EF65A03E2E906B4EB238B.exe (Trojan.LameShield) -> Quarantined and deleted successfully.
C:\Users\Tom Dalton\AppData\Local\Temp\~!#8BA5.tmp (Trojan.Agent.H) -> Quarantined and deleted successfully.

(end)

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.04.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Tom Dalton :: TOMDALTON-PC [administrator]

Protection: Enabled

19/05/2012 6:40:27 AM
mbam-log-2012-05-19 (06-40-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228337
Time elapsed: 13 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



RogueKiller V7.4.5 [05/18/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: Tom Dalton [Admin rights]
Mode: Scan -- Date: 05/19/2012 10:19:37

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 12 ¤¤¤
[BLACKLIST DLL] HKCU\[...]\Run : wpiwip (rundll32.exe "C:\Users\TOMDAL~1\AppData\Local\Temp\wpiwip.dll",SteamClient) -> FOUND
[BLACKLIST DLL] HKCU\[...]\Run : nelts (rundll32.exe "C:\Users\TOMDAL~1\AppData\Local\Temp\nelts.dll",ConvertMeshSubsetToStrips) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-2522588113-2329310617-3395018149-1000[...]\Run : wpiwip (rundll32.exe "C:\Users\TOMDAL~1\AppData\Local\Temp\wpiwip.dll",SteamClient) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-2522588113-2329310617-3395018149-1000[...]\Run : nelts (rundll32.exe "C:\Users\TOMDAL~1\AppData\Local\Temp\nelts.dll",ConvertMeshSubsetToStrips) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{038F9A8C-CDCF-4F30-A7AA-E1F86DD2E5F6} : NameServer (0.0.0.0) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{B0E3EA93-137F-463A-82ED-35F6D389C69E} : NameServer (10.4.81.103 10.4.182.20) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{038F9A8C-CDCF-4F30-A7AA-E1F86DD2E5F6} : NameServer (0.0.0.0) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{B0E3EA93-137F-463A-82ED-35F6D389C69E} : NameServer (10.4.81.103 10.4.182.20) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK1629GSGF +++++
--- User ---
[MBR] 391faa380015958c445dd74c50441904
[BSP] d830228b4163b219de068c1059362ef4 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 5888 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 12060672 | Size: 146738 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V7.4.5 [05/18/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: Tom Dalton [Admin rights]
Mode: HOSTSFix -- Date: 05/19/2012 10:20:45

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

RogueKiller V7.4.5 [05/18/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: Tom Dalton [Admin rights]
Mode: ProxyFix -- Date: 05/19/2012 10:20:49

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

RogueKiller V7.4.5 [05/18/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: Tom Dalton [Admin rights]
Mode: DNSFix -- Date: 05/19/2012 10:20:53

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{038F9A8C-CDCF-4F30-A7AA-E1F86DD2E5F6} : NameServer (0.0.0.0) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{B0E3EA93-137F-463A-82ED-35F6D389C69E} : NameServer (10.4.81.103 10.4.182.20) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{038F9A8C-CDCF-4F30-A7AA-E1F86DD2E5F6} : NameServer (0.0.0.0) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{B0E3EA93-137F-463A-82ED-35F6D389C69E} : NameServer (10.4.81.103 10.4.182.20) -> REPLACED ()

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt



12:40:14.0187 1720 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
12:40:15.0946 1720 ============================================================
12:40:15.0946 1720 Current date / time: 2012/05/19 12:40:15.0946
12:40:15.0946 1720 SystemInfo:
12:40:15.0946 1720
12:40:15.0946 1720 OS Version: 6.1.7601 ServicePack: 1.0
12:40:15.0946 1720 Product type: Workstation
12:40:15.0946 1720 ComputerName: TOMDALTON-PC
12:40:15.0946 1720 UserName: Tom Dalton
12:40:15.0946 1720 Windows directory: C:\windows
12:40:15.0947 1720 System windows directory: C:\windows
12:40:15.0947 1720 Processor architecture: Intel x86
12:40:15.0947 1720 Number of processors: 4
12:40:15.0947 1720 Page size: 0x1000
12:40:15.0947 1720 Boot type: Normal boot
12:40:15.0947 1720 ============================================================
12:40:16.0498 1720 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:40:16.0502 1720 ============================================================
12:40:16.0502 1720 \Device\Harddisk0\DR0:
12:40:16.0502 1720 MBR partitions:
12:40:16.0502 1720 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xB80000
12:40:16.0502 1720 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xB80800, BlocksNum 0x11E99000
12:40:16.0502 1720 ============================================================
12:40:16.0545 1720 C: <-> \Device\Harddisk0\DR0\Partition1
12:40:16.0545 1720 ============================================================
12:40:16.0546 1720 Initialize success
12:40:16.0546 1720 ============================================================
12:40:18.0629 5176 ============================================================
12:40:18.0629 5176 Scan started
12:40:18.0629 5176 Mode: Manual;
12:40:18.0629 5176 ============================================================
12:40:19.0565 5176 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
12:40:19.0567 5176 1394ohci - ok
12:40:19.0633 5176 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
12:40:19.0636 5176 ACPI - ok
12:40:19.0677 5176 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
12:40:19.0678 5176 AcpiPmi - ok
12:40:19.0828 5176 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:40:19.0841 5176 AdobeFlashPlayerUpdateSvc - ok
12:40:19.0934 5176 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
12:40:19.0939 5176 adp94xx - ok
12:40:19.0986 5176 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
12:40:19.0990 5176 adpahci - ok
12:40:20.0010 5176 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
12:40:20.0012 5176 adpu320 - ok
12:40:20.0044 5176 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
12:40:20.0045 5176 AeLookupSvc - ok
12:40:20.0096 5176 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
12:40:20.0101 5176 AFD - ok
12:40:20.0147 5176 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
12:40:20.0149 5176 agp440 - ok
12:40:20.0245 5176 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
12:40:20.0246 5176 aic78xx - ok
12:40:20.0595 5176 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files\common files\akamai/netsession_win_6c825ce.dll
12:40:20.0595 5176 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7
12:40:20.0603 5176 Akamai ( HiddenFile.Multi.Generic ) - warning
12:40:20.0603 5176 Akamai - detected HiddenFile.Multi.Generic (1)
12:40:20.0792 5176 akshasp (64fc197d24a2b240598f29ce0a6660c0) C:\windows\system32\DRIVERS\akshasp.sys
12:40:20.0796 5176 akshasp - ok
12:40:20.0819 5176 aksusb (cce6c56f18d214de8d66f3f2a774cd5b) C:\windows\system32\DRIVERS\aksusb.sys
12:40:20.0820 5176 aksusb - ok
12:40:20.0867 5176 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
12:40:20.0869 5176 ALG - ok
12:40:20.0919 5176 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
12:40:20.0920 5176 aliide - ok
12:40:20.0946 5176 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
12:40:20.0948 5176 amdagp - ok
12:40:20.0967 5176 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
12:40:20.0968 5176 amdide - ok
12:40:21.0003 5176 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
12:40:21.0004 5176 AmdK8 - ok
12:40:21.0023 5176 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
12:40:21.0024 5176 AmdPPM - ok
12:40:21.0080 5176 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
12:40:21.0081 5176 amdsata - ok
12:40:21.0117 5176 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
12:40:21.0120 5176 amdsbs - ok
12:40:21.0144 5176 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
12:40:21.0144 5176 amdxata - ok
12:40:21.0208 5176 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
12:40:21.0209 5176 AppID - ok
12:40:21.0282 5176 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
12:40:21.0283 5176 AppIDSvc - ok
12:40:21.0336 5176 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
12:40:21.0337 5176 Appinfo - ok
12:40:21.0479 5176 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:40:21.0481 5176 Apple Mobile Device - ok
12:40:21.0541 5176 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\windows\System32\appmgmts.dll
12:40:21.0543 5176 AppMgmt - ok
12:40:21.0618 5176 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
12:40:21.0619 5176 arc - ok
12:40:21.0638 5176 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
12:40:21.0640 5176 arcsas - ok
12:40:21.0675 5176 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
12:40:21.0676 5176 AsyncMac - ok
12:40:21.0720 5176 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
12:40:21.0721 5176 atapi - ok
12:40:21.0899 5176 ATService (782c08cd5dd5576d5d09e7ac1f651a6d) C:\Program Files\Fingerprint Sensor\AtService.exe
12:40:21.0920 5176 ATService - ok
12:40:22.0083 5176 ATSwpWDF (7cad8c2dbae7b7dc858c02de84707f68) C:\windows\system32\Drivers\ATSwpWDF.sys
12:40:22.0088 5176 ATSwpWDF - ok
12:40:22.0161 5176 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
12:40:22.0165 5176 AudioEndpointBuilder - ok
12:40:22.0172 5176 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
12:40:22.0175 5176 Audiosrv - ok
12:40:22.0303 5176 Autodesk Licensing Service (7cc8cd6f86054c563e47e7f063ce7a61) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
12:40:22.0304 5176 Autodesk Licensing Service - ok
12:40:22.0376 5176 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
12:40:22.0377 5176 AxInstSV - ok
12:40:22.0450 5176 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
12:40:22.0456 5176 b06bdrv - ok
12:40:22.0503 5176 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
12:40:22.0506 5176 b57nd60x - ok
12:40:22.0566 5176 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
12:40:22.0568 5176 BDESVC - ok
12:40:22.0595 5176 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
12:40:22.0596 5176 Beep - ok
12:40:22.0650 5176 BITS (e585445d5021971fae10393f0f1c3961) C:\windows\System32\qmgr.dll
12:40:22.0659 5176 BITS - ok
12:40:22.0675 5176 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
12:40:22.0676 5176 blbdrive - ok
12:40:22.0855 5176 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
12:40:22.0860 5176 Bonjour Service - ok
12:40:22.0899 5176 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
12:40:22.0901 5176 bowser - ok
12:40:22.0941 5176 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
12:40:22.0942 5176 BrFiltLo - ok
12:40:22.0962 5176 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
12:40:22.0963 5176 BrFiltUp - ok
12:40:23.0006 5176 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\windows\system32\DRIVERS\bridge.sys
12:40:23.0007 5176 BridgeMP - ok
12:40:23.0052 5176 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
12:40:23.0054 5176 Browser - ok
12:40:23.0086 5176 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
12:40:23.0090 5176 Brserid - ok
12:40:23.0120 5176 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
12:40:23.0121 5176 BrSerWdm - ok
12:40:23.0136 5176 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
12:40:23.0137 5176 BrUsbMdm - ok
12:40:23.0166 5176 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
12:40:23.0166 5176 BrUsbSer - ok
12:40:23.0219 5176 BthAvrcp (5d2440c7e2ec315acc34216a47d14a87) C:\windows\system32\DRIVERS\BthAvrcp.sys
12:40:23.0220 5176 BthAvrcp - ok
12:40:23.0291 5176 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
12:40:23.0292 5176 BthEnum - ok
12:40:23.0315 5176 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
12:40:23.0316 5176 BTHMODEM - ok
12:40:23.0343 5176 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
12:40:23.0345 5176 BthPan - ok
12:40:23.0440 5176 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
12:40:23.0446 5176 BTHPORT - ok
12:40:23.0504 5176 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
12:40:23.0505 5176 bthserv - ok
12:40:23.0540 5176 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
12:40:23.0542 5176 BTHUSB - ok
12:40:23.0589 5176 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
12:40:23.0590 5176 cdfs - ok
12:40:23.0642 5176 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\DRIVERS\cdrom.sys
12:40:23.0644 5176 cdrom - ok
12:40:23.0716 5176 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
12:40:23.0717 5176 CertPropSvc - ok
12:40:23.0761 5176 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
12:40:23.0762 5176 circlass - ok
12:40:23.0807 5176 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
12:40:23.0811 5176 CLFS - ok
12:40:23.0878 5176 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:40:23.0880 5176 clr_optimization_v2.0.50727_32 - ok
12:40:23.0994 5176 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:40:23.0996 5176 clr_optimization_v4.0.30319_32 - ok
12:40:24.0022 5176 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
12:40:24.0023 5176 CmBatt - ok
12:40:24.0063 5176 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
12:40:24.0064 5176 cmdide - ok
12:40:24.0129 5176 CNG (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
12:40:24.0134 5176 CNG - ok
12:40:24.0186 5176 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
12:40:24.0187 5176 Compbatt - ok
12:40:24.0231 5176 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
12:40:24.0233 5176 CompositeBus - ok
12:40:24.0245 5176 COMSysApp - ok
12:40:24.0269 5176 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
12:40:24.0270 5176 crcdisk - ok
12:40:24.0327 5176 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\windows\system32\cryptsvc.dll
12:40:24.0330 5176 CryptSvc - ok
12:40:24.0385 5176 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\windows\system32\drivers\csc.sys
12:40:24.0390 5176 CSC - ok
12:40:24.0422 5176 CscService (15f93b37f6801943360d9eb42485d5d3) C:\windows\System32\cscsvc.dll
12:40:24.0429 5176 CscService - ok
12:40:24.0569 5176 dashsvc (8c6afaa3dcf52d7875bb6163696cee74) C:\Program Files\Motion Computing\Dashboard\dashsvc.exe
12:40:24.0572 5176 dashsvc - ok
12:40:24.0634 5176 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
12:40:24.0640 5176 DcomLaunch - ok
12:40:24.0676 5176 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
12:40:24.0680 5176 defragsvc - ok
12:40:24.0751 5176 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
12:40:24.0752 5176 DfsC - ok
12:40:24.0823 5176 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
12:40:24.0827 5176 Dhcp - ok
12:40:24.0860 5176 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
12:40:24.0862 5176 discache - ok
12:40:24.0904 5176 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
12:40:24.0905 5176 Disk - ok
12:40:24.0935 5176 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
12:40:24.0938 5176 Dnscache - ok
12:40:25.0022 5176 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
12:40:25.0026 5176 dot3svc - ok
12:40:25.0076 5176 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
12:40:25.0079 5176 DPS - ok
12:40:25.0116 5176 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
12:40:25.0117 5176 drmkaud - ok
12:40:25.0173 5176 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
12:40:25.0178 5176 DXGKrnl - ok
12:40:25.0201 5176 e1kexpress (19e30c3c80d8ce29944b3f30ff9c8b76) C:\windows\system32\DRIVERS\e1k6232.sys
12:40:25.0202 5176 e1kexpress - ok
12:40:25.0248 5176 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
12:40:25.0250 5176 EapHost - ok
12:40:25.0410 5176 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
12:40:25.0480 5176 ebdrv - ok
12:40:25.0616 5176 EFS (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
12:40:25.0618 5176 EFS - ok
12:40:25.0708 5176 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\windows\ehome\ehRecvr.exe
12:40:25.0715 5176 ehRecvr - ok
12:40:25.0748 5176 ehSched (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe
12:40:25.0750 5176 ehSched - ok
12:40:25.0827 5176 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
12:40:25.0833 5176 elxstor - ok
12:40:25.0865 5176 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
12:40:25.0866 5176 ErrDev - ok
12:40:25.0921 5176 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
12:40:25.0925 5176 EventSystem - ok
12:40:26.0092 5176 EvtEng (ddebcc0aa7bd3eb02abce6b3d8536dea) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
12:40:26.0102 5176 EvtEng - ok
12:40:26.0156 5176 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
12:40:26.0157 5176 exfat - ok
12:40:26.0183 5176 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
12:40:26.0184 5176 fastfat - ok
12:40:26.0265 5176 Fax (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
12:40:26.0273 5176 Fax - ok
12:40:26.0303 5176 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
12:40:26.0304 5176 fdc - ok
12:40:26.0330 5176 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
12:40:26.0332 5176 fdPHost - ok
12:40:26.0343 5176 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
12:40:26.0345 5176 FDResPub - ok
12:40:26.0359 5176 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
12:40:26.0361 5176 FileInfo - ok
12:40:26.0375 5176 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
12:40:26.0376 5176 Filetrace - ok
12:40:26.0397 5176 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
12:40:26.0398 5176 flpydisk - ok
12:40:26.0446 5176 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
12:40:26.0449 5176 FltMgr - ok
12:40:26.0511 5176 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll
12:40:26.0521 5176 FontCache - ok
12:40:26.0591 5176 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:40:26.0592 5176 FontCache3.0.0.0 - ok
12:40:26.0611 5176 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
12:40:26.0612 5176 FsDepends - ok
12:40:26.0673 5176 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\windows\system32\DRIVERS\fssfltr.sys
12:40:26.0674 5176 fssfltr - ok
12:40:26.0857 5176 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
12:40:26.0875 5176 fsssvc - ok
12:40:27.0009 5176 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
12:40:27.0010 5176 Fs_Rec - ok
12:40:27.0065 5176 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
12:40:27.0067 5176 fvevol - ok
12:40:27.0107 5176 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
12:40:27.0108 5176 gagp30kx - ok
12:40:27.0187 5176 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
12:40:27.0188 5176 GEARAspiWDM - ok
12:40:27.0255 5176 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
12:40:27.0262 5176 gpsvc - ok
12:40:27.0370 5176 GsServer - ok
12:40:27.0453 5176 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
12:40:27.0455 5176 gupdate - ok
12:40:27.0484 5176 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
12:40:27.0485 5176 gupdatem - ok
12:40:27.0570 5176 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:40:27.0573 5176 gusvc - ok
12:40:27.0675 5176 Hardlock (d95554949082fd29a04d351b58396718) C:\windows\system32\drivers\hardlock.sys
12:40:27.0684 5176 Hardlock - ok
12:40:27.0769 5176 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\windows\system32\drivers\Haspnt.sys
12:40:27.0771 5176 Haspnt - ok
12:40:27.0803 5176 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
12:40:27.0804 5176 hcw85cir - ok
12:40:27.0855 5176 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
12:40:27.0858 5176 HdAudAddService - ok
12:40:27.0890 5176 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
12:40:27.0892 5176 HDAudBus - ok
12:40:27.0915 5176 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\windows\system32\DRIVERS\HECI.sys
12:40:27.0917 5176 HECI - ok
12:40:27.0954 5176 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
12:40:27.0955 5176 HidBatt - ok
12:40:27.0975 5176 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
12:40:27.0977 5176 HidBth - ok
12:40:28.0016 5176 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
12:40:28.0017 5176 HidIr - ok
12:40:28.0050 5176 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\System32\hidserv.dll
12:40:28.0052 5176 hidserv - ok
12:40:28.0095 5176 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys
12:40:28.0096 5176 HidUsb - ok
12:40:28.0148 5176 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
12:40:28.0151 5176 hkmsvc - ok
12:40:28.0178 5176 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
12:40:28.0181 5176 HomeGroupListener - ok
12:40:28.0226 5176 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
12:40:28.0231 5176 HomeGroupProvider - ok
12:40:28.0278 5176 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
12:40:28.0280 5176 HpSAMD - ok
12:40:28.0355 5176 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
12:40:28.0359 5176 HTTP - ok
12:40:28.0399 5176 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
12:40:28.0400 5176 hwpolicy - ok
12:40:28.0448 5176 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
12:40:28.0449 5176 i8042prt - ok
12:40:28.0499 5176 iaStor (26541a068572f650a2fa490726fe81be) C:\windows\system32\DRIVERS\iaStor.sys
12:40:28.0502 5176 iaStor - ok
12:40:28.0557 5176 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
12:40:28.0560 5176 iaStorV - ok
12:40:28.0674 5176 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:40:28.0684 5176 idsvc - ok
12:40:29.0178 5176 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\windows\system32\DRIVERS\igdkmd32.sys
12:40:29.0474 5176 igfx - ok
12:40:29.0638 5176 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
12:40:29.0639 5176 iirsp - ok
12:40:29.0721 5176 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
12:40:29.0730 5176 IKEEXT - ok
12:40:29.0791 5176 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\windows\system32\DRIVERS\Impcd.sys
12:40:29.0793 5176 Impcd - ok
12:40:29.0932 5176 IntcAzAudAddService (e61611bacbe257c26a8951d6d096a248) C:\windows\system32\drivers\RTKVHDA.sys
12:40:29.0954 5176 IntcAzAudAddService - ok
12:40:30.0087 5176 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
12:40:30.0088 5176 intelide - ok
12:40:30.0126 5176 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
12:40:30.0127 5176 intelppm - ok
12:40:30.0161 5176 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
12:40:30.0164 5176 IPBusEnum - ok
12:40:30.0182 5176 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
12:40:30.0183 5176 IpFilterDriver - ok
12:40:30.0288 5176 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll
12:40:30.0296 5176 iphlpsvc - ok
12:40:30.0333 5176 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
12:40:30.0334 5176 IPMIDRV - ok
12:40:30.0348 5176 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
12:40:30.0350 5176 IPNAT - ok
12:40:30.0452 5176 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
12:40:30.0461 5176 iPod Service - ok
12:40:30.0497 5176 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
12:40:30.0498 5176 IRENUM - ok
12:40:30.0534 5176 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
12:40:30.0535 5176 isapnp - ok
12:40:30.0585 5176 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
12:40:30.0587 5176 iScsiPrt - ok
12:40:30.0619 5176 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
12:40:30.0620 5176 kbdclass - ok
12:40:30.0652 5176 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\DRIVERS\kbdhid.sys
12:40:30.0653 5176 kbdhid - ok
12:40:30.0704 5176 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
12:40:30.0706 5176 KeyIso - ok
12:40:30.0751 5176 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
12:40:30.0753 5176 KSecDD - ok
12:40:30.0806 5176 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
12:40:30.0808 5176 KSecPkg - ok
12:40:30.0853 5176 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
12:40:30.0858 5176 KtmRm - ok
12:40:30.0912 5176 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\windows\System32\srvsvc.dll
12:40:30.0917 5176 LanmanServer - ok
12:40:30.0979 5176 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
12:40:30.0983 5176 LanmanWorkstation - ok
12:40:31.0122 5176 LBTServ (3af6b73a3ad1fc37c5933441f66ceb91) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
12:40:31.0124 5176 LBTServ - ok
12:40:31.0176 5176 LEqdUsb (70035567754bed4e6ad353ca3f175127) C:\windows\system32\Drivers\LEqdUsb.Sys
12:40:31.0177 5176 LEqdUsb - ok
12:40:31.0190 5176 LHidEqd (32491b6bae0afad1d7a62c0ef0af4321) C:\windows\system32\Drivers\LHidEqd.Sys
12:40:31.0191 5176 LHidEqd - ok
12:40:31.0206 5176 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\windows\system32\DRIVERS\LHidFilt.Sys
12:40:31.0207 5176 LHidFilt - ok
12:40:31.0263 5176 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
12:40:31.0264 5176 lltdio - ok
12:40:31.0292 5176 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
12:40:31.0296 5176 lltdsvc - ok
12:40:31.0312 5176 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
12:40:31.0314 5176 lmhosts - ok
12:40:31.0332 5176 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\windows\system32\DRIVERS\LMouFilt.Sys
12:40:31.0333 5176 LMouFilt - ok
12:40:31.0374 5176 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
12:40:31.0375 5176 LSI_FC - ok
12:40:31.0389 5176 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
12:40:31.0390 5176 LSI_SAS - ok
12:40:31.0411 5176 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
12:40:31.0412 5176 LSI_SAS2 - ok
12:40:31.0434 5176 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
12:40:31.0435 5176 LSI_SCSI - ok
12:40:31.0454 5176 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
12:40:31.0455 5176 luafv - ok
12:40:31.0498 5176 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\windows\system32\drivers\mbam.sys
12:40:31.0499 5176 MBAMProtector - ok
12:40:31.0570 5176 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:40:31.0575 5176 MBAMService - ok
12:40:31.0622 5176 MCButton (a8d918557bc4d7ee03dd7186ed0a05a5) C:\windows\system32\DRIVERS\MCButton.sys
12:40:31.0623 5176 MCButton - ok
12:40:31.0667 5176 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\windows\system32\Mcx2Svc.dll
12:40:31.0669 5176 Mcx2Svc - ok
12:40:31.0698 5176 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
12:40:31.0699 5176 megasas - ok
12:40:31.0744 5176 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
12:40:31.0746 5176 MegaSR - ok
12:40:31.0773 5176 MEMSWEEP2 - ok
12:40:31.0805 5176 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
12:40:31.0808 5176 MMCSS - ok
12:40:31.0823 5176 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
12:40:31.0825 5176 Modem - ok
12:40:31.0884 5176 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
12:40:31.0885 5176 monitor - ok
12:40:31.0936 5176 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
12:40:31.0937 5176 mouclass - ok
12:40:31.0985 5176 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
12:40:31.0986 5176 mouhid - ok
12:40:32.0042 5176 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
12:40:32.0043 5176 mountmgr - ok
12:40:32.0114 5176 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\windows\system32\DRIVERS\MpFilter.sys
12:40:32.0116 5176 MpFilter - ok
12:40:32.0154 5176 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
12:40:32.0156 5176 mpio - ok
12:40:32.0196 5176 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
12:40:32.0197 5176 mpsdrv - ok
12:40:32.0247 5176 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
12:40:32.0249 5176 MRxDAV - ok
12:40:32.0300 5176 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
12:40:32.0303 5176 mrxsmb - ok
12:40:32.0342 5176 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
12:40:32.0346 5176 mrxsmb10 - ok
12:40:32.0359 5176 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
12:40:32.0361 5176 mrxsmb20 - ok
12:40:32.0404 5176 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
12:40:32.0405 5176 msahci - ok
12:40:32.0536 5176 MSCamSvc (d98350792a7ce82e7459a7c36481beda) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
12:40:32.0539 5176 MSCamSvc - ok
12:40:32.0574 5176 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
12:40:32.0576 5176 msdsm - ok
12:40:32.0617 5176 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
12:40:32.0621 5176 MSDTC - ok
12:40:32.0663 5176 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
12:40:32.0664 5176 Msfs - ok
12:40:32.0684 5176 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
12:40:32.0685 5176 mshidkmdf - ok
12:40:32.0749 5176 MSHUSBVideo (5119ffc2a6b51089cdb0efdc75808c97) C:\windows\system32\Drivers\nx6000.sys
12:40:32.0750 5176 MSHUSBVideo - ok
12:40:32.0781 5176 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
12:40:32.0782 5176 msisadrv - ok
12:40:32.0860 5176 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
12:40:32.0863 5176 MSiSCSI - ok
12:40:32.0867 5176 msiserver - ok
12:40:32.0917 5176 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
12:40:32.0917 5176 MSKSSRV - ok
12:40:32.0929 5176 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
12:40:32.0929 5176 MSPCLOCK - ok
12:40:32.0952 5176 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
12:40:32.0953 5176 MSPQM - ok
12:40:32.0980 5176 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
12:40:32.0981 5176 MsRPC - ok
12:40:33.0018 5176 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
12:40:33.0019 5176 mssmbios - ok
12:40:33.0131 5176 MSSQL$SQLEXPRESS - ok
12:40:33.0180 5176 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
12:40:33.0181 5176 MSSQLServerADHelper - ok
12:40:33.0227 5176 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
12:40:33.0227 5176 MSTEE - ok
12:40:33.0257 5176 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
12:40:33.0258 5176 MTConfig - ok
12:40:33.0282 5176 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
12:40:33.0283 5176 Mup - ok
12:40:33.0392 5176 MyWiFiDHCPDNS (3c5083555f2be70b25e58cbf0c8e23cb) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
12:40:33.0395 5176 MyWiFiDHCPDNS - ok
12:40:33.0453 5176 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
12:40:33.0459 5176 napagent - ok
12:40:33.0517 5176 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
12:40:33.0521 5176 NativeWifiP - ok
12:40:33.0603 5176 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
12:40:33.0609 5176 NDIS - ok
12:40:33.0654 5176 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
12:40:33.0655 5176 NdisCap - ok
12:40:33.0681 5176 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
12:40:33.0683 5176 NdisTapi - ok
12:40:33.0743 5176 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
12:40:33.0744 5176 Ndisuio - ok
12:40:33.0794 5176 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
12:40:33.0797 5176 NdisWan - ok
12:40:33.0839 5176 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
12:40:33.0841 5176 NDProxy - ok
12:40:33.0880 5176 Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\Windows\system32\HPZinw12.dll
12:40:33.0882 5176 Net Driver HPZ12 - ok
12:40:33.0913 5176 Netaapl (1352e1648213551923a0a822e441553c) C:\windows\system32\DRIVERS\netaapl.sys
12:40:33.0914 5176 Netaapl - ok
12:40:33.0946 5176 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
12:40:33.0947 5176 NetBIOS - ok
12:40:34.0004 5176 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
12:40:34.0006 5176 NetBT - ok
12:40:34.0071 5176 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
12:40:34.0074 5176 Netlogon - ok
12:40:34.0124 5176 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
12:40:34.0129 5176 Netman - ok
12:40:34.0152 5176 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
12:40:34.0158 5176 netprofm - ok
12:40:34.0241 5176 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:40:34.0243 5176 NetTcpPortSharing - ok
12:40:34.0248 5176 NETw5s32 - ok
12:40:34.0542 5176 NETwNs32 (29e4f23d31fb66c7bf0014d36cf5af2a) C:\windows\system32\DRIVERS\NETwNs32.sys
12:40:34.0761 5176 NETwNs32 - ok
12:40:34.0932 5176 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
12:40:34.0933 5176 nfrd960 - ok
12:40:34.0970 5176 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\windows\system32\DRIVERS\NisDrvWFP.sys
12:40:34.0971 5176 NisDrv - ok
12:40:35.0055 5176 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
12:40:35.0058 5176 NisSrv - ok
12:40:35.0114 5176 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
12:40:35.0119 5176 NlaSvc - ok
12:40:35.0152 5176 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
12:40:35.0153 5176 Npfs - ok
12:40:35.0177 5176 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
12:40:35.0180 5176 nsi - ok
12:40:35.0187 5176 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
12:40:35.0188 5176 nsiproxy - ok
12:40:35.0259 5176 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
12:40:35.0268 5176 Ntfs - ok
12:40:35.0420 5176 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
12:40:35.0421 5176 Null - ok
12:40:35.0465 5176 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
12:40:35.0466 5176 nvraid - ok
12:40:35.0490 5176 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
12:40:35.0491 5176 nvstor - ok
12:40:35.0532 5176 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
12:40:35.0533 5176 nv_agp - ok
12:40:35.0580 5176 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
12:40:35.0581 5176 ohci1394 - ok
12:40:35.0689 5176 omniserv (f21c87685f646a6fb426838a606524bc) C:\Program Files\Softex\OmniPass\OmniServ.exe
12:40:35.0691 5176 omniserv - ok
12:40:35.0813 5176 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:40:35.0816 5176 ose - ok
12:40:36.0041 5176 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:40:36.0188 5176 osppsvc - ok
12:40:36.0323 5176 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
12:40:36.0330 5176 p2pimsvc - ok
12:40:36.0372 5176 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
12:40:36.0378 5176 p2psvc - ok
12:40:36.0426 5176 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
12:40:36.0428 5176 Parport - ok
12:40:36.0464 5176 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys
12:40:36.0466 5176 partmgr - ok
12:40:36.0483 5176 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
12:40:36.0484 5176 Parvdm - ok
12:40:36.0581 5176 pbfilter (4dfe4cef1aeec1025380d7ebf40e8e2b) C:\Program Files\PeerBlock\pbfilter.sys
12:40:36.0582 5176 pbfilter - ok
12:40:36.0616 5176 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
12:40:36.0620 5176 PcaSvc - ok
12:40:36.0659 5176 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
12:40:36.0660 5176 pci - ok
12:40:36.0683 5176 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
12:40:36.0684 5176 pciide - ok
12:40:36.0718 5176 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
12:40:36.0720 5176 pcmcia - ok
12:40:36.0757 5176 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
12:40:36.0758 5176 pcw - ok
12:40:36.0838 5176 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
12:40:36.0846 5176 PEAUTH - ok
12:40:36.0909 5176 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\windows\system32\peerdistsvc.dll
12:40:36.0922 5176 PeerDistSvc - ok
12:40:37.0036 5176 pla (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
12:40:37.0058 5176 pla - ok
12:40:37.0213 5176 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
12:40:37.0220 5176 PlugPlay - ok
12:40:37.0262 5176 Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\Windows\system32\HPZipm12.dll
12:40:37.0265 5176 Pml Driver HPZ12 - ok
12:40:37.0296 5176 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
12:40:37.0299 5176 PNRPAutoReg - ok
12:40:37.0323 5176 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
12:40:37.0328 5176 PNRPsvc - ok
12:40:37.0380 5176 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
12:40:37.0385 5176 PolicyAgent - ok
12:40:37.0437 5176 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
12:40:37.0441 5176 Power - ok
12:40:37.0502 5176 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
12:40:37.0504 5176 PptpMiniport - ok
12:40:37.0524 5176 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
12:40:37.0525 5176 Processor - ok
12:40:37.0581 5176 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\windows\system32\profsvc.dll
12:40:37.0585 5176 ProfSvc - ok
12:40:37.0637 5176 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
12:40:37.0640 5176 ProtectedStorage - ok
12:40:37.0690 5176 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
12:40:37.0692 5176 Psched - ok
12:40:37.0756 5176 qcfiltersra2k (8857c84922f219b78171e266b8c3a8dd) C:\windows\system32\DRIVERS\qcfiltersra2k.sys
12:40:37.0757 5176 qcfiltersra2k - ok
12:40:37.0804 5176 qcusbnetsra2k (9969f17f461e42ff4ec7ba2e91315fe5) C:\windows\system32\DRIVERS\qcusbnetsra2k.sys
12:40:37.0807 5176 qcusbnetsra2k - ok
12:40:37.0828 5176 qcusbsersra2k (b886803639aabd81e18f772c37a979e3) C:\windows\system32\DRIVERS\qcusbsersra2k.sys
12:40:37.0831 5176 qcusbsersra2k - ok
12:40:37.0914 5176 QDLService2kSierra (9bb30e67ea352fdc1b553bb3583f2a14) C:\Program Files\QUALCOMM\QDLService2k\QDLService2kSierra.exe
12:40:37.0918 5176 QDLService2kSierra - ok
12:40:37.0995 5176 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
12:40:38.0005 5176 ql2300 - ok
12:40:38.0158 5176 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
12:40:38.0159 5176 ql40xx - ok
12:40:38.0194 5176 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
12:40:38.0200 5176 QWAVE - ok
12:40:38.0213 5176 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
12:40:38.0214 5176 QWAVEdrv - ok
12:40:38.0233 5176 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
12:40:38.0234 5176 RasAcd - ok
12:40:38.0269 5176 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
12:40:38.0271 5176 RasAgileVpn - ok
12:40:38.0289 5176 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
12:40:38.0293 5176 RasAuto - ok
12:40:38.0314 5176 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
12:40:38.0316 5176 Rasl2tp - ok
12:40:38.0377 5176 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
12:40:38.0382 5176 RasMan - ok
12:40:38.0431 5176 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
12:40:38.0433 5176 RasPppoe - ok
12:40:38.0451 5176 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
12:40:38.0453 5176 RasSstp - ok
12:40:38.0502 5176 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
12:40:38.0506 5176 rdbss - ok
12:40:38.0522 5176 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
12:40:38.0524 5176 rdpbus - ok
12:40:38.0567 5176 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
12:40:38.0568 5176 RDPCDD - ok
12:40:38.0622 5176 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\windows\system32\drivers\rdpdr.sys
12:40:38.0624 5176 RDPDR - ok
12:40:38.0668 5176 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
12:40:38.0668 5176 RDPENCDD - ok
12:40:38.0681 5176 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
12:40:38.0682 5176 RDPREFMP - ok
12:40:38.0758 5176 RDPWD (244c83332f44589ae98fc347f11b2693) C:\windows\system32\drivers\RDPWD.sys
12:40:38.0759 5176 RDPWD - ok
12:40:38.0835 5176 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
12:40:38.0837 5176 rdyboost - ok
12:40:39.0016 5176 RegSrvc (5608ed3957105bc14e3c426bb27ac5a1) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
12:40:39.0021 5176 RegSrvc - ok
12:40:39.0074 5176 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
12:40:39.0077 5176 RemoteAccess - ok
12:40:39.0103 5176 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
12:40:39.0106 5176 RemoteRegistry - ok
12:40:39.0190 5176 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
12:40:39.0192 5176 RFCOMM - ok
12:40:39.0224 5176 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\windows\system32\Drivers\RimUsb.sys
12:40:39.0225 5176 RimUsb - ok
12:40:39.0267 5176 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\windows\system32\DRIVERS\RimSerial.sys
12:40:39.0268 5176 RimVSerPort - ok
12:40:39.0310 5176 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\windows\system32\Drivers\RootMdm.sys
12:40:39.0311 5176 ROOTMODEM - ok
12:40:39.0355 5176 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
12:40:39.0358 5176 RpcEptMapper - ok
12:40:39.0391 5176 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
12:40:39.0393 5176 RpcLocator - ok
12:40:39.0444 5176 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
12:40:39.0449 5176 RpcSs - ok
12:40:39.0486 5176 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
12:40:39.0487 5176 rspndr - ok
12:40:39.0517 5176 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\windows\system32\drivers\vms3cap.sys
12:40:39.0518 5176 s3cap - ok
12:40:39.0570 5176 SamSs (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
12:40:39.0572 5176 SamSs - ok
12:40:39.0606 5176 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
12:40:39.0608 5176 sbp2port - ok
12:40:39.0645 5176 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
12:40:39.0649 5176 SCardSvr - ok
12:40:39.0697 5176 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
12:40:39.0698 5176 scfilter - ok
12:40:39.0772 5176 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
12:40:39.0783 5176 Schedule - ok
12:40:39.0837 5176 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
12:40:39.0838 5176 SCPolicySvc - ok
12:40:39.0886 5176 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
12:40:39.0890 5176 SDRSVC - ok
12:40:39.0930 5176 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
12:40:39.0931 5176 secdrv - ok
12:40:39.0957 5176 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
12:40:39.0960 5176 seclogon - ok
12:40:40.0012 5176 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll
12:40:40.0015 5176 SENS - ok
12:40:40.0038 5176 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll
12:40:40.0041 5176 SensrSvc - ok
12:40:40.0059 5176 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
12:40:40.0060 5176 Serenum - ok
12:40:40.0085 5176 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
12:40:40.0086 5176 Serial - ok
12:40:40.0128 5176 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
12:40:40.0129 5176 sermouse - ok
12:40:40.0181 5176 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
12:40:40.0186 5176 SessionEnv - ok
12:40:40.0214 5176 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
12:40:40.0215 5176 sffdisk - ok
12:40:40.0230 5176 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
12:40:40.0231 5176 sffp_mmc - ok
12:40:40.0246 5176 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
12:40:40.0247 5176 sffp_sd - ok
12:40:40.0275 5176 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
12:40:40.0276 5176 sfloppy - ok
12:40:40.0334 5176 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
12:40:40.0340 5176 ShellHWDetection - ok
12:40:40.0368 5176 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
12:40:40.0369 5176 sisagp - ok
12:40:40.0421 5176 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
12:40:40.0422 5176 SiSRaid2 - ok
12:40:40.0441 5176 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
12:40:40.0442 5176 SiSRaid4 - ok
12:40:40.0569 5176 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
12:40:40.0571 5176 SkypeUpdate - ok
12:40:40.0602 5176 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
12:40:40.0603 5176 Smb - ok
12:40:40.0670 5176 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
12:40:40.0674 5176 SNMPTRAP - ok
12:40:40.0707 5176 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
12:40:40.0708 5176 spldr - ok
12:40:40.0775 5176 Spooler (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
12:40:40.0781 5176 Spooler - ok
12:40:41.0017 5176 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
12:40:41.0128 5176 sppsvc - ok
12:40:41.0259 5176 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
12:40:41.0262 5176 sppuinotify - ok
12:40:41.0381 5176 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
12:40:41.0384 5176 SQLBrowser - ok
12:40:41.0448 5176 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
12:40:41.0449 5176 SQLWriter - ok
12:40:41.0522 5176 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
12:40:41.0525 5176 srv - ok
12:40:41.0548 5176 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
12:40:41.0552 5176 srv2 - ok
12:40:41.0572 5176 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
12:40:41.0574 5176 srvnet - ok
12:40:41.0615 5176 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
12:40:41.0620 5176 SSDPSRV - ok
12:40:41.0644 5176 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
12:40:41.0648 5176 SstpSvc - ok
12:40:41.0685 5176 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
12:40:41.0686 5176 stexstor - ok
12:40:41.0728 5176 StillCam (edb05bd63148796f23ea78506404a538) C:\windows\system32\DRIVERS\serscan.sys
12:40:41.0729 5176 StillCam - ok
12:40:41.0788 5176 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
12:40:41.0796 5176 StiSvc - ok
12:40:41.0824 5176 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\windows\system32\drivers\vmstorfl.sys
12:40:41.0825 5176 storflt - ok
12:40:41.0855 5176 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\windows\system32\storsvc.dll
12:40:41.0859 5176 StorSvc - ok
12:40:41.0881 5176 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\windows\system32\drivers\storvsc.sys
12:40:41.0882 5176 storvsc - ok
12:40:41.0909 5176 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
12:40:41.0911 5176 swenum - ok
12:40:41.0945 5176 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
12:40:41.0951 5176 swprv - ok
12:40:42.0034 5176 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
12:40:42.0049 5176 SysMain - ok
12:40:42.0097 5176 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
12:40:42.0101 5176 TabletInputService - ok
12:40:42.0146 5176 TapiSrv (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
12:40:42.0152 5176 TapiSrv - ok
12:40:42.0183 5176 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
12:40:42.0187 5176 TBS - ok
12:40:42.0309 5176 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys
12:40:42.0319 5176 Tcpip - ok
12:40:42.0542 5176 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys
12:40:42.0551 5176 TCPIP6 - ok
12:40:42.0722 5176 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
12:40:42.0723 5176 tcpipreg - ok
12:40:42.0768 5176 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
12:40:42.0769 5176 TDPIPE - ok
12:40:42.0820 5176 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
12:40:42.0821 5176 TDTCP - ok
12:40:42.0876 5176 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
12:40:42.0878 5176 tdx - ok
12:40:42.0910 5176 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
12:40:42.0912 5176 TermDD - ok
12:40:42.0967 5176 TermService (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
12:40:42.0976 5176 TermService - ok
12:40:43.0018 5176 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
12:40:43.0022 5176 Themes - ok
12:40:43.0049 5176 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
12:40:43.0052 5176 THREADORDER - ok
12:40:43.0077 5176 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
12:40:43.0081 5176 TrkWks - ok
12:40:43.0144 5176 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
12:40:43.0147 5176 TrustedInstaller - ok
12:40:43.0203 5176 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
12:40:43.0204 5176 tssecsrv - ok
12:40:43.0261 5176 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
12:40:43.0263 5176 TsUsbFlt - ok
12:40:43.0326 5176 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
12:40:43.0328 5176 tunnel - ok
12:40:43.0359 5176 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
12:40:43.0361 5176 uagp35 - ok
12:40:43.0419 5176 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
12:40:43.0421 5176 udfs - ok
12:40:43.0464 5176 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
12:40:43.0468 5176 UI0Detect - ok
12:40:43.0515 5176 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
12:40:43.0516 5176 uliagpkx - ok
12:40:43.0559 5176 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
12:40:43.0561 5176 umbus - ok
12:40:43.0590 5176 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
12:40:43.0591 5176 UmPass - ok
12:40:43.0644 5176 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\windows\System32\umrdp.dll
12:40:43.0649 5176 UmRdpService - ok
12:40:43.0692 5176 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
12:40:43.0698 5176 upnphost - ok
12:40:43.0741 5176 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\windows\system32\Drivers\usbaapl.sys
12:40:43.0742 5176 USBAAPL - ok
12:40:43.0800 5176 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\windows\system32\drivers\usbaudio.sys
12:40:43.0801 5176 usbaudio - ok
12:40:43.0827 5176 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
12:40:43.0829 5176 usbccgp - ok
12:40:43.0873 5176 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
12:40:43.0874 5176 usbcir - ok
12:40:43.0891 5176 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\DRIVERS\usbehci.sys
12:40:43.0893 5176 usbehci - ok
12:40:43.0949 5176 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
12:40:43.0953 5176 usbhub - ok
12:40:43.0975 5176 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys
12:40:43.0976 5176 usbohci - ok
12:40:44.0013 5176 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
12:40:44.0014 5176 usbprint - ok
12:40:44.0032 5176 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
12:40:44.0033 5176 USBSTOR - ok
12:40:44.0053 5176 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
12:40:44.0054 5176 usbuhci - ok
12:40:44.0107 5176 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
12:40:44.0110 5176 usbvideo - ok
12:40:44.0137 5176 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
12:40:44.0141 5176 UxSms - ok
12:40:44.0192 5176 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
12:40:44.0194 5176 VaultSvc - ok
12:40:44.0238 5176 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
12:40:44.0239 5176 vdrvroot - ok
12:40:44.0301 5176 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
12:40:44.0308 5176 vds - ok
12:40:44.0375 5176 VFPRadioSupportService (52eb061aad0cf86cc87cd2b767c9f6b6) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
12:40:44.0376 5176 VFPRadioSupportService - ok
12:40:44.0417 5176 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
12:40:44.0418 5176 vga - ok
12:40:44.0436 5176 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
12:40:44.0438 5176 VgaSave - ok
12:40:44.0476 5176 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
12:40:44.0477 5176 vhdmp - ok
12:40:44.0520 5176 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
12:40:44.0521 5176 viaagp - ok
12:40:44.0555 5176 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
12:40:44.0556 5176 ViaC7 - ok
12:40:44.0573 5176 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
12:40:44.0575 5176 viaide - ok
12:40:44.0599 5176 vmbus (c2f2911156fdc7817c52829c86da494e) C:\windows\system32\drivers\vmbus.sys
12:40:44.0601 5176 vmbus - ok
12:40:44.0630 5176 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\windows\system32\drivers\VMBusHID.sys
12:40:44.0631 5176 VMBusHID - ok
12:40:44.0653 5176 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
12:40:44.0654 5176 volmgr - ok
12:40:44.0699 5176 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
12:40:44.0701 5176 volmgrx - ok
12:40:44.0741 5176 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
12:40:44.0743 5176 volsnap - ok
12:40:44.0799 5176 vpcbus (b26536add1d748cda104d856c979ae79) C:\windows\system32\DRIVERS\vpchbus.sys
12:40:44.0801 5176 vpcbus - ok
12:40:44.0866 5176 vpcnfltr (a0f7e923a6261760130f22b85df9040e) C:\windows\system32\DRIVERS\vpcnfltr.sys
12:40:44.0867 5176 vpcnfltr - ok
12:40:44.0926 5176 vpcusb (5f4b55e91ce7e2523c9e1e0ece858869) C:\windows\system32\DRIVERS\vpcusb.sys
12:40:44.0927 5176 vpcusb - ok
12:40:44.0968 5176 vpcuxd (c35c2c888aff276e95ad3db3b7a8d003) C:\windows\system32\DRIVERS\vpcuxd.sys
12:40:44.0968 5176 vpcuxd - ok
12:40:45.0019 5176 vpcvmm (b487191fe18d6863381a1ac55482469a) C:\windows\system32\drivers\vpcvmm.sys
12:40:45.0022 5176 vpcvmm - ok
12:40:45.0072 5176 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
12:40:45.0073 5176 vsmraid - ok
12:40:45.0148 5176 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
12:40:45.0162 5176 VSS - ok
12:40:45.0183 5176 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
12:40:45.0184 5176 vwifibus - ok
12:40:45.0199 5176 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
12:40:45.0200 5176 vwififlt - ok
12:40:45.0228 5176 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
12:40:45.0230 5176 vwifimp - ok
12:40:45.0273 5176 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
12:40:45.0279 5176 W32Time - ok
12:40:45.0314 5176 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
12:40:45.0315 5176 WacomPen - ok
12:40:45.0376 5176 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
12:40:45.0377 5176 WANARP - ok
12:40:45.0382 5176 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
12:40:45.0383 5176 Wanarpv6 - ok
12:40:45.0553 5176 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\windows\system32\Wat\WatAdminSvc.exe
12:40:45.0568 5176 WatAdminSvc - ok
12:40:45.0748 5176 wbengine (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
12:40:45.0764 5176 wbengine - ok
12:40:45.0797 5176 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
12:40:45.0802 5176 WbioSrvc - ok
12:40:45.0866 5176 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
12:40:45.0872 5176 wcncsvc - ok
12:40:45.0888 5176 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
12:40:45.0892 5176 WcsPlugInService - ok
12:40:45.0950 5176 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
12:40:45.0951 5176 Wd - ok
12:40:45.0986 5176 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
12:40:45.0990 5176 Wdf01000 - ok
12:40:46.0013 5176 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
12:40:46.0017 5176 WdiServiceHost - ok
12:40:46.0021 5176 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
12:40:46.0025 5176 WdiSystemHost - ok
12:40:46.0077 5176 WebClient (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll
12:40:46.0082 5176 WebClient - ok
12:40:46.0107 5176 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
12:40:46.0112 5176 Wecsvc - ok
12:40:46.0131 5176 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
12:40:46.0136 5176 wercplsupport - ok
12:40:46.0169 5176 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
12:40:46.0173 5176 WerSvc - ok
12:40:46.0202 5176 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
12:40:46.0203 5176 WfpLwf - ok
12:40:46.0220 5176 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
12:40:46.0221 5176 WIMMount - ok
12:40:46.0331 5176 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
12:40:46.0339 5176 WinDefend - ok
12:40:46.0346 5176 WinHttpAutoProxySvc - ok
12:40:46.0419 5176 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
12:40:46.0422 5176 Winmgmt - ok
12:40:46.0517 5176 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
12:40:46.0533 5176 WinRM - ok
12:40:46.0619 5176 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
12:40:46.0620 5176 WinUsb - ok
12:40:46.0686 5176 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
12:40:46.0698 5176 Wlansvc - ok
12:40:46.0907 5176 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:40:46.0926 5176 wlidsvc - ok
12:40:47.0072 5176 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
12:40:47.0073 5176 WmiAcpi - ok
12:40:47.0120 5176 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
12:40:47.0122 5176 wmiApSrv - ok
12:40:47.0264 5176 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
12:40:47.0277 5176 WMPNetworkSvc - ok
12:40:47.0390 5176 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
12:40:47.0393 5176 WPCSvc - ok
12:40:47.0442 5176 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
12:40:47.0445 5176 WPDBusEnum - ok
12:40:47.0509 5176 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
12:40:47.0509 5176 ws2ifsl - ok
12:40:47.0550 5176 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\system32\wscsvc.dll
12:40:47.0555 5176 wscsvc - ok
12:40:47.0603 5176 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\windows\system32\DRIVERS\WSDPrint.sys
12:40:47.0604 5176 WSDPrintDevice - ok
12:40:47.0608 5176 WSearch - ok
12:40:47.0724 5176 wuauserv (3026418a50c5b4761befa632cedb7406) C:\windows\system32\wuaueng.dll
12:40:47.0750 5176 wuauserv - ok
12:40:47.0898 5176 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
12:40:47.0899 5176 WudfPf - ok
12:40:47.0953 5176 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
12:40:47.0955 5176 WUDFRd - ok
12:40:48.0008 5176 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
12:40:48.0013 5176 wudfsvc - ok
12:40:48.0058 5176 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
12:40:48.0063 5176 WwanSvc - ok
12:40:48.0129 5176 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:40:48.0298 5176 \Device\Harddisk0\DR0 - ok
12:40:48.0303 5176 Boot (0x1200) (bdb2a2fb62ee82a9306d5082538583f8) \Device\Harddisk0\DR0\Partition0
12:40:48.0304 5176 \Device\Harddisk0\DR0\Partition0 - ok
12:40:48.0328 5176 Boot (0x1200) (f9a9b3809b77485f98dfb3c261feda2f) \Device\Harddisk0\DR0\Partition1
12:40:48.0329 5176 \Device\Harddisk0\DR0\Partition1 - ok
12:40:48.0330 5176 ============================================================
12:40:48.0330 5176 Scan finished
12:40:48.0330 5176 ============================================================
12:40:48.0345 3740 Detected object count: 1
12:40:48.0345 3740 Actual detected object count: 1
12:40:53.0346 3740 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
12:40:53.0346 3740 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:29 AM

Posted 21 May 2012 - 10:08 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===

#3 conmat

conmat
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 23 May 2012 - 01:57 AM

Thanks for that.

Update on the story first.
As I needed the computer for important work last week I battled thying to clean it up on since I posted the first post. I ran Mbam on full scan and it found 'dropper trojan' which I then deleted. This allowed Combofix to run. This has let me get the computer going again and after resetting the router it seemed back to normal, that is until I tried to delete and reload the netwrok printer drivers which I have had to do on the other computers on the network since this attack. I have found that the fire wall on this computer is not working now and cannot seem to get it going.

I am really happy for you to check over the machine to see if I have removed all of the virus/trojans.

I downloaded the OTL.exe and ran it but I kept getting this message "Exception EreadError in Module OTL.exe at 0016A6B. Error in reading DiskPartitionInfo1.Active:"

What now?

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:29 AM

Posted 23 May 2012 - 10:20 AM

Please download this ListPart.exe to a folder of you choice. Select the proper tool for your system.

For x86 (x32) bit systems please download Listparts
For x64 bit systems please download Listparts64
Run the tool as an Administrator , click Scan and copy and post the log (Result.txt) in your next reply.

===

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Please post the logs for my review.

#5 conmat

conmat
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 23 May 2012 - 02:48 PM

ListParts by Farbar Version: 12-03-2012 03
Ran by Tom Dalton (administrator) on 24-05-2012 at 05:41:09
Windows 7 (X86)
Running From: C:\Users\Tom Dalton\Desktop\VIRUS Stuff
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 47%
Total physical RAM: 2997.86 MB
Available physical RAM: 1562.98 MB
Total Pagefile: 5991.95 MB
Available Pagefile: 4389.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1956.53 MB

======================= Partitions =========================

1 Drive c: (Windows) (Fixed) (Total:143.3 GB) (Free:17.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 5888 MB 1024 KB
Partition 2 Primary 143 GB 5889 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 System NTFS Partition 5888 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Windows NTFS Partition 143 GB Healthy Boot

======================================================================================================

****** End Of Log ******


Farbar Service Scanner Version: 17-05-2012
Ran by Tom Dalton (administrator) on 24-05-2012 at 05:43:28
Running from "C:\Users\Tom Dalton\Desktop\VIRUS Stuff"
Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\windows\system32\nsisvc.dll => MD5 is legit
C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\windows\system32\dhcpcore.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\tdx.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\mpssvc.dll => MD5 is legit
C:\windows\system32\bfe.dll => MD5 is legit
C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\windows\system32\SDRSVC.dll => MD5 is legit
C:\windows\system32\vssvc.exe => MD5 is legit
C:\windows\system32\wscsvc.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuaueng.dll => MD5 is legit
C:\windows\system32\qmgr.dll => MD5 is legit
C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:29 AM

Posted 24 May 2012 - 09:11 AM

ComboFix was updated yesterday and is addressing some issues with Firewalls.

Delete your version of the ComboFix.Exe , Download a fresh copy, run it and post the log.
Let me know if the problem persists.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

#7 conmat

conmat
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 24 May 2012 - 07:00 PM

I deleted my version of Combofix and installed a new one and ran it. When it finished I checked the firewall and it is now up and running. However I was not able to open any software. I got the message
"C;\windows\system32\program name.exe
Illegal operation attempted on a registry key that has been marked for deletion"

I did a reboot of the computer but did not realise that Combofix does not automatically save the log so lost it.

I reran Combofix and below is the log from that run.


ComboFix 12-05-24.03 - Tom Dalton 25/05/2012 9:16.3.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.2998.1801 [GMT 10:00]
Running from: c:\users\Tom Dalton\Desktop\VIRUS Stuff\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-04-24 to 2012-05-24 )))))))))))))))))))))))))))))))
.
.
2012-05-24 23:27 . 2012-05-24 23:27 -------- d-----w- c:\users\King\AppData\Local\temp
2012-05-24 23:27 . 2012-05-24 23:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-21 19:57 . 2012-05-21 20:20 -------- d-----w- C:\Combo-Fix
2012-05-21 06:13 . 2012-05-21 19:51 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-21 06:13 . 2012-05-21 06:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-05-18 20:37 . 2012-05-18 20:37 -------- d-----w- c:\users\Tom Dalton\AppData\Roaming\Malwarebytes
2012-05-18 20:37 . 2012-05-18 20:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-18 20:37 . 2012-05-18 20:37 -------- d-----w- c:\programdata\Malwarebytes
2012-05-18 20:37 . 2012-04-04 05:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-18 01:14 . 2012-05-18 01:14 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-05-18 01:13 . 2012-05-18 01:13 -------- d-----w- c:\users\Tom Dalton\AppData\Local\{5496400D-A086-11E1-826F-B8AC6F996F26}
2012-05-18 01:10 . 2012-05-18 21:09 -------- d-----w- c:\users\Tom Dalton\AppData\Local\PSFactoryBuffer
2012-05-18 01:10 . 2012-05-18 01:10 -------- d-----w- c:\programdata\B7E8586B016EF65A03E2E906B4EB238B
2012-05-17 19:51 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{409F9FCA-8E59-4DA2-8292-DD4D948E28E9}\mpengine.dll
2012-05-16 06:41 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-12 01:04 . 2012-05-12 01:04 -------- d-----w- c:\program files\Common Files\Business Objects
2012-05-12 01:04 . 2012-05-12 01:04 -------- d-----w- c:\program files\Business Objects
2012-05-11 03:55 . 2012-05-11 03:55 -------- d-----w- C:\Planit
2012-05-10 23:00 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 23:00 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 23:00 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 23:00 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 23:00 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 23:00 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-10 23:00 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 23:00 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 22:59 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 22:59 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-07 10:05 . 2012-05-07 10:05 -------- d-----w- c:\program files\iPod
2012-05-07 10:05 . 2012-05-07 10:06 -------- d-----w- c:\program files\iTunes
2012-05-07 09:38 . 2012-05-07 09:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-07 09:38 . 2012-05-07 09:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-07 09:38 . 2012-05-07 09:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-07 09:38 . 2012-05-07 09:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-07 09:38 . 2012-05-07 09:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-07 09:38 . 2012-05-07 09:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-07 09:38 . 2012-05-07 09:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-05-07 09:37 . 2012-05-07 09:38 -------- d-----w- c:\program files\QuickTime
2012-05-07 06:45 . 2012-05-24 11:02 -------- d-----w- c:\users\Tom Dalton\AppData\Local\57B53D8F-53A5-46DC-B8CE-8F4FD1DBB8BC.aplzod
2012-05-06 23:08 . 2012-05-06 23:08 -------- d-----w- c:\users\Tom Dalton\AppData\Roaming\Bluebeam Software
2012-05-06 23:05 . 2010-06-01 18:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-05-06 23:05 . 2010-06-01 18:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-05-06 23:05 . 2010-05-26 01:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-05-06 23:05 . 2010-05-26 01:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-05-06 23:05 . 2010-05-26 01:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-05-06 23:05 . 2010-05-26 01:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-05-06 23:05 . 2010-05-26 01:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-05-06 23:05 . 2010-02-04 00:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2012-05-06 23:05 . 2007-04-04 08:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2012-05-06 23:03 . 2012-05-06 23:03 -------- d-----w- c:\programdata\ABBYY
2012-05-06 23:03 . 2012-05-06 23:03 -------- d-----w- c:\program files\Common Files\Bluebeam Software
2012-05-05 22:30 . 2012-05-05 22:30 -------- d-----w- c:\program files\Common Files\Skype
2012-05-04 01:07 . 2012-05-04 01:07 -------- d-----w- c:\users\Tom Dalton\AppData\Local\Windows Live Writer
2012-05-04 01:07 . 2012-05-04 01:07 -------- d-----w- c:\users\Tom Dalton\AppData\Roaming\Windows Live Writer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 07:23 . 2012-04-05 08:42 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 07:23 . 2011-10-27 12:23 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-20 10:44 . 2011-04-27 04:25 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 10:44 . 2011-04-18 02:18 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-13 22:58 . 2010-12-01 08:48 100440 ----a-w- c:\windows\system32\BBPdfPortMon.DLL
2012-03-01 05:46 . 2012-04-12 07:47 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-12 07:47 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-12 07:47 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 07:47 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 06:49 . 2012-02-29 06:49 25088 ----a-w- c:\windows\system32\BBCertLib.dll
2012-02-28 01:18 . 2012-04-12 07:51 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-12 07:51 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 07:51 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-12 07:51 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Tom Dalton\AppData\Local\Akamai\netsession_win.exe" [2012-05-07 3331872]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]
"MotionComputingMonitor"="c:\program files\Motion Computing\Dashboard\McMon.exe" [2010-05-19 283968]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2010-04-02 3301376]
"ConMgr"="c:\program files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe" [2009-12-24 504208]
"CSRBIP"="c:\program files\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe" [2009-12-24 306088]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-19 1206544]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"CSRFTP"="c:\program files\CSR\Bluetooth Feature Pack 5.0\CSRBthFtpServer.exe" [2009-12-24 331680]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"BbPrintMonitor"="c:\program files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe" [2012-02-09 167584]
"BbInstallUser"="c:\program files\Bluebeam Software\Bluebeam Revu\Pushbutton PDF\Bluebeam Admin User.exe" [2012-03-23 48216]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WWllGOC1DSzdRRy05VUJVUi03U1VMUy00NEtSMi1GS1NV&inst=NzctNzMwNjA2NzQ2LUxJQysyLUZMMTArMS1TUDErMS1TVVArNC1UVUcrMy1TUDFTNCsxLUREVCs1MzAwOS1ERDEwRisxLVNUMTBGQVBQKzEtU1QxMEZPSSsx&prod=90&ver=10.0.1410" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-28 17148552]
.
c:\users\Tom Dalton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 01:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mclaunch]
2008-12-08 19:32 60024 ----a-w- c:\windows\System32\mclaunch.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Tom Dalton^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Jacquie Lawson Advent Calendar.lnk]
path=c:\users\Tom Dalton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jacquie Lawson Advent Calendar.lnk
backup=c:\windows\pss\Jacquie Lawson Advent Calendar.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Tom Dalton^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Jacquie Lawson London Advent Calendar.lnk]
path=c:\users\Tom Dalton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jacquie Lawson London Advent Calendar.lnk
backup=c:\windows\pss\Jacquie Lawson London Advent Calendar.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Tom Dalton^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Spoon Sandbox Manager 3.24.lnk]
path=c:\users\Tom Dalton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spoon Sandbox Manager 3.24.lnk
backup=c:\windows\pss\Spoon Sandbox Manager 3.24.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CSRSkype]
2009-12-24 19:21 346512 ----a-w- c:\program files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-08-08 09:38 136176 ----atw- c:\users\Tom Dalton\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-26 19:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 04:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Download Assistant]
2010-11-03 10:50 1246544 ----a-w- c:\windows\System32\LogiLDA.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 04:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-02-26 00:02 8522272 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-28 22:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 02:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 136176]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-28 158856]
R3 AdobeFlashPlayerUpdateSvc%

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:29 AM

Posted 25 May 2012 - 08:29 AM

Good work.

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know of any remaining issues.

#9 conmat

conmat
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 25 May 2012 - 03:36 PM

The only other problem I have is that since this attack started Outlook 2010 is acting strange. It is not sending some emails, not recieving some emails and when I click on 'New Email' and the 'To' to bring up a contact there are none listed. It has also started to ask for a login password this morning which it does not as theyare all automatic.

Log as requested

Results of screen317's Security Check version 0.99.38
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 26
Java version out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Tom Dalton Desktop VIRUS Stuff SecurityCheck.exe
``````````End of Log````````````

#10 conmat

conmat
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 25 May 2012 - 07:46 PM

Ignore the post regarding problems with outlook. It was a small matter of paying the hosting bill:)

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:29 AM

Posted 26 May 2012 - 08:24 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 26


===

When all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

#12 conmat

conmat
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 26 May 2012 - 06:25 PM

Done. I guess this is it?

Thanks very much for your help during this. I really appreciate it. Hopefully now I can get back to work.

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:29 AM

Posted 01 June 2012 - 08:31 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users