Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smart Fortress 2012 virus / google redirect


  • This topic is locked This topic is locked
25 replies to this topic

#1 Tgod

Tgod

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 27 May 2012 - 07:38 AM

I encountered the problem yesterday with Smart Fortress 2012 installing itself on the desktop then it would periodically start scanning on the screen. Eventually I looked this up and managed to, I believe, get rid of it using Trojan killer which I bought. However, Im not sure whether buying over the net was a clever thing to do considering the problems with the comp.

I then used Malaware bytes to scan the comp which came up with a further 5 infected files and I also used Microsoft security essentials for a scan too which rid 7 more!

The main problem Ive got now is that the windows firewall wont come up and I constantly get redirected on Google - no matter which link I click on. I've read of a similar case on the form which involved various complicated processes :(

There is also DWM.exe and csrss.exe in my processes which I've heard of could potentially be a problem, but I don't know whether they are infected or not.

On a more minor point, the viruses have changed all the font settings on the display.

Urgent help required please :(

Thank you for reading.

Hope to hear from you soon.

Edited by Tgod, 27 May 2012 - 07:39 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:47 AM

Posted 27 May 2012 - 07:54 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Tgod

Tgod
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 27 May 2012 - 08:56 AM

Hi Gringo, while running the security check (with black command boxes) at the end its come up with a Auto ID error message. saying error Line 1: must be 'Object'

Please advise...shall I proceed to next step?

#4 Tgod

Tgod
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 27 May 2012 - 09:36 AM

Here is the log generated from DDS, I already turned off all protection, but during the scanning process an error mesg saying PEV.DAT is not working kept on popping up which i kept on closing down. Also the process took alot longer than 3 minutes maybe something like 20-30 mins.

Here is the log generated thanks for your time

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Tony at 15:07:33 on 2012-05-27
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: ExplorerBHO Class: {449d0d6e-2412-4e61-b68f-1cb625cd9e52} - c:\program files\classic shell\ClassicExplorer32.dll
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - d:\roboform\roboform.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: PricePeep: {fd6d90c0-e6ee-4bc6-b9f7-9ed319698007} - c:\program files\pricepeep\pricepeep.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Classic Explorer Bar: {553891b7-a0d5-4526-be18-d3ce461d6310} - c:\program files\classic shell\ClassicExplorer32.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - d:\roboform\roboform.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [NetworkIndicator] c:\users\tony\desktop\NetworkIndicator.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [Classic Start Menu] c:\program files\classic shell\ClassicStartMenu.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "e:\logitech\quickcam\QuickCam10.exe" /hide
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [B Register c:\program files\divx\divx plus web player\ie\divxhtml5\divxhtml5.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll",DllRegisterServer
StartupFolder: c:\users\tony\appdata\roaming\micros~1\windows\startm~1\programs\startup\tonypo~1.lnk - c:\windows\regedit.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Customize Menu - file://d:\roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - e:\micros~1\office12\EXCEL.EXE/3000
IE: Fill Forms - file://d:\roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://d:\roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://d:\roboform\RoboFormComSavePass.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - d:\roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - d:\roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - d:\roboform\RoboFormComShowToolbar.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310} - c:\program files\classic shell\ClassicExplorer32.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\micros~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.98.1
TCP: Interfaces\{2108AC7C-6283-4CE8-B564-FD8DC7A2629D} : DhcpNameServer = 192.168.98.1
TCP: Interfaces\{257CCFAD-97EC-4824-A687-8CA481568598} : DhcpNameServer = 192.168.98.1
TCP: Interfaces\{257CCFAD-97EC-4824-A687-8CA481568598}\05C65737E6564775962756C6563737 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{257CCFAD-97EC-4824-A687-8CA481568598}\07F6F6C6 : DhcpNameServer = 192.168.88.1
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
.
============= FINISH: 15:32:42.98 ===============

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:47 AM

Posted 27 May 2012 - 09:37 AM

yes move to the next item


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Tgod

Tgod
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 27 May 2012 - 09:41 AM

Gringo DDS log is above thanks

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:47 AM

Posted 27 May 2012 - 10:30 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Tgod

Tgod
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 27 May 2012 - 11:22 AM

Hi Gringo below is the Combofix log, the laptop seems to be running more smoothly now and I don't seem to be getting redirected on google anymore which is great.

Shall I turn on the Windows essential anti virus protection yet? And have we solved the issue with Windows firewall which I can't turn on. Thank you very much for your work its MASSIVELY appreicated!

ComboFix 12-05-27.02 - Tony 27/05/2012 16:52:36.1.1 - x86
Running from: c:\users\Tony\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-04-27 to 2012-05-27 )))))))))))))))))))))))))))))))
.
.
2012-05-27 16:03 . 2012-05-27 16:03 -------- d-----w- c:\users\Tony\AppData\Local\temp
2012-05-27 16:03 . 2012-05-27 16:03 -------- d-----w- c:\users\Killer\AppData\Local\temp
2012-05-27 16:03 . 2012-05-27 16:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-27 15:47 . 2012-05-27 15:47 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0EEC150-8FED-426E-8900-B9BF1640F343}\MpKsl2095dde2.sys
2012-05-27 14:39 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0EEC150-8FED-426E-8900-B9BF1640F343}\mpengine.dll
2012-05-26 23:34 . 2012-05-26 23:34 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-05-26 23:23 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-26 23:23 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-26 23:15 . 2012-05-26 23:13 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2539D29-8557-4853-A4EF-B3C73D250C96}\gapaengine.dll
2012-05-26 22:03 . 2012-05-26 22:03 -------- d-----w- c:\users\Killer\AppData\Roaming\Apple Computer
2012-05-26 21:44 . 2012-05-27 15:47 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-05-26 21:23 . 2012-05-26 21:23 -------- d-----w- c:\users\Killer\AppData\Roaming\HP
2012-05-26 21:12 . 2012-05-26 21:12 56320 ---ha-w- c:\windows\system32\disknlpa.dll
2012-05-26 21:12 . 2012-05-26 22:49 -------- d-----w- c:\programdata\529C5390000082B600041D1EB4EB238B
2012-05-26 21:11 . 2012-05-26 22:49 -------- d-----w- c:\users\Tony\AppData\Roaming\Ysboy
2012-05-26 21:11 . 2012-05-26 21:11 -------- d-----w- c:\users\Tony\AppData\Roaming\Owafihi
2012-05-12 02:01 . 2012-05-12 02:01 -------- d-----w- c:\users\Tony\AppData\Local\Apple Computer
2012-05-12 02:01 . 2012-05-12 15:09 -------- d-----w- c:\users\Tony\AppData\Roaming\Apple Computer
2012-05-12 02:01 . 2012-05-12 02:01 -------- dc----w- c:\windows\system32\DRVSTORE
2012-05-12 02:01 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-05-12 02:01 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-05-12 02:00 . 2012-05-12 02:00 -------- d-----w- c:\program files\iPod
2012-05-12 02:00 . 2012-05-12 02:01 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-05-12 02:00 . 2012-05-12 02:01 -------- d-----w- c:\program files\iTunes
2012-05-12 02:00 . 2012-05-12 02:00 -------- d-----w- c:\programdata\Apple Computer
2012-05-12 02:00 . 2012-05-12 02:00 -------- d-----w- c:\users\Tony\AppData\Local\Apple
2012-05-12 02:00 . 2012-05-12 02:00 -------- d-----w- c:\program files\Apple Software Update
2012-05-12 01:59 . 2012-05-12 01:59 -------- d-----w- c:\program files\Bonjour
2012-05-12 01:58 . 2012-05-12 02:00 -------- d-----w- c:\program files\Common Files\Apple
2012-05-12 01:58 . 2012-05-12 01:59 -------- d-----w- c:\programdata\Apple
2012-05-12 01:43 . 2012-05-12 01:43 -------- d--h--w- c:\programdata\Common Files
2012-05-07 15:23 . 2011-05-30 13:42 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2012-05-07 15:23 . 2011-05-23 09:52 153088 ----a-w- c:\windows\system32\xvid.ax
2012-05-07 15:23 . 2011-05-23 07:46 645632 ----a-w- c:\windows\system32\xvidcore.dll
2012-05-07 15:18 . 2012-05-07 15:18 -------- d-----w- c:\users\Tony\.bitrock
2012-05-05 10:22 . 2012-05-05 10:22 -------- d-----w- c:\users\Tony\AppData\Local\Babylon
2012-05-05 10:22 . 2012-05-05 10:22 -------- d-----w- c:\users\Tony\AppData\Roaming\Babylon
2012-05-05 10:22 . 2012-05-05 10:22 -------- d-----w- c:\programdata\Babylon
2012-05-05 10:15 . 2012-05-07 15:23 -------- d-----w- c:\program files\Xvid
2012-05-05 10:13 . 2012-05-05 10:27 -------- d-----w- c:\program files\Real
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 16:40 . 2012-04-09 22:10 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-05 10:13 . 2003-03-19 05:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-05-05 10:13 . 2003-02-21 12:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-04-09 11:19 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-04-04 14:56 . 2011-09-10 14:09 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-20 19:44 . 2011-04-27 14:25 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 19:44 . 2011-04-18 12:18 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-18 18:24 . 2012-03-18 18:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-06 05:59 . 2012-04-17 17:45 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-06 05:59 . 2012-04-17 17:45 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-01 05:46 . 2012-04-17 17:52 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-17 17:52 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-17 17:52 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-17 17:52 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-28 05:38 . 2012-04-17 17:33 981504 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 03:52 . 2012-04-17 17:33 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2011-04-01 04:45 501760 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetworkIndicator"="c:\users\Tony\Desktop\NetworkIndicator.exe" [2010-06-30 192512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-24 1190920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2011-04-01 91648]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="e:\logitech\quickcam\QuickCam10.exe" [2007-02-08 774168]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
tonypower.lnk - c:\windows\regedit.exe [2009-7-14 398336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-3-26 840992]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
.
R1 bfoknzrv;bfoknzrv;c:\windows\system32\drivers\bfoknzrv.sys [x]
R1 eaghxrdy;eaghxrdy;c:\windows\system32\drivers\eaghxrdy.sys [x]
R1 khlcgwjo;khlcgwjo;c:\windows\system32\drivers\khlcgwjo.sys [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-05-08 302120]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-05-08 33832]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 74112]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 RT-USB;Ross-Tech USB driver;c:\windows\system32\drivers\RT-USB.SYS [2011-08-16 62920]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\DRIVERS\gtkdrv.sys [2012-01-04 16128]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;e:\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;e:\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
S1 MpKsl2095dde2;MpKsl2095dde2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0EEC150-8FED-426E-8900-B9BF1640F343}\MpKsl2095dde2.sys [2012-05-27 29904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 lxbl_device;lxbl_device;c:\windows\system32\lxblcoms.exe [2007-04-20 537520]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 Sage SData Service;Sage SData Service;c:\program files\Common Files\Sage SData\Sage.SData.Service.exe [2009-06-08 49152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-26 c:\windows\Tasks\WebReg HP Photosmart B110 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2009-11-18 07:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://d:\roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - e:\micros~1\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://d:\roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://d:\roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://d:\roboform\RoboFormComSavePass.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.98.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - c:\program files\PricePeep\pricepeep.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-PricePeep - c:\program files\PricePeep\uninstall.exe
AddRemove-Smart Fortress 2012 - c:\programdata\529C5390000082B600041D1EB4EB238B\529C5390000082B600041D1EB4EB238B.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1380)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
c:\windows\system32\RtkCfg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\LEXBCES.EXE
c:\windows\System32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2012-05-27 17:16:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-27 16:16
.
Pre-Run: 17,148,669,952 bytes free
Post-Run: 17,316,691,968 bytes free
.
- - End Of File - - 614423E16D4F5A8FB4539A8FA2AF1679

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:47 AM

Posted 27 May 2012 - 11:32 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Tgod

Tgod
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 27 May 2012 - 11:51 AM

This is report from TDSS Killer no threats found
17:48:32.0560 3588 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
17:48:33.0013 3588 ============================================================
17:48:33.0013 3588 Current date / time: 2012/05/27 17:48:33.0013
17:48:33.0013 3588 SystemInfo:
17:48:33.0013 3588
17:48:33.0013 3588 OS Version: 6.1.7601 ServicePack: 1.0
17:48:33.0013 3588 Product type: Workstation
17:48:33.0013 3588 ComputerName: TONY-PC
17:48:33.0013 3588 UserName: Tony
17:48:33.0013 3588 Windows directory: C:\Windows
17:48:33.0013 3588 System windows directory: C:\Windows
17:48:33.0013 3588 Processor architecture: Intel x86
17:48:33.0013 3588 Number of processors: 1
17:48:33.0013 3588 Page size: 0x1000
17:48:33.0013 3588 Boot type: Normal boot
17:48:33.0013 3588 ============================================================
17:48:34.0233 3588 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:48:34.0233 3588 ============================================================
17:48:34.0233 3588 \Device\Harddisk0\DR0:
17:48:34.0233 3588 MBR partitions:
17:48:34.0233 3588 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4497800
17:48:34.0249 3588 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x4498800, BlocksNum 0x2904000
17:48:34.0264 3588 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x6D9D000, BlocksNum 0xBC7C000
17:48:34.0264 3588 ============================================================
17:48:34.0296 3588 C: <-> \Device\Harddisk0\DR0\Partition0
17:48:34.0296 3588 D: <-> \Device\Harddisk0\DR0\Partition1
17:48:34.0327 3588 E: <-> \Device\Harddisk0\DR0\Partition2
17:48:34.0327 3588 ============================================================
17:48:34.0327 3588 Initialize success
17:48:34.0327 3588 ============================================================
17:48:59.0330 3488 ============================================================
17:48:59.0330 3488 Scan started
17:48:59.0330 3488 Mode: Manual;
17:48:59.0330 3488 ============================================================
17:49:00.0252 3488 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
17:49:00.0267 3488 1394ohci - ok
17:49:00.0345 3488 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
17:49:00.0361 3488 ACPI - ok
17:49:00.0392 3488 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
17:49:00.0392 3488 AcpiPmi - ok
17:49:00.0580 3488 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:49:00.0595 3488 AdobeARMservice - ok
17:49:00.0689 3488 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
17:49:00.0689 3488 adp94xx - ok
17:49:00.0736 3488 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
17:49:00.0736 3488 adpahci - ok
17:49:00.0783 3488 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
17:49:00.0783 3488 adpu320 - ok
17:49:00.0845 3488 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
17:49:00.0845 3488 AeLookupSvc - ok
17:49:00.0939 3488 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
17:49:00.0939 3488 AFD - ok
17:49:01.0064 3488 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
17:49:01.0080 3488 AgereSoftModem - ok
17:49:01.0127 3488 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
17:49:01.0127 3488 agp440 - ok
17:49:01.0173 3488 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
17:49:01.0173 3488 aic78xx - ok
17:49:01.0486 3488 ALCXWDM (7997b6f02cbda0e31fa18cc85871b938) C:\Windows\system32\drivers\RTKVAC.SYS
17:49:01.0517 3488 ALCXWDM - ok
17:49:01.0689 3488 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
17:49:01.0705 3488 ALG - ok
17:49:01.0783 3488 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
17:49:01.0783 3488 aliide - ok
17:49:01.0830 3488 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
17:49:01.0830 3488 amdagp - ok
17:49:01.0877 3488 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
17:49:01.0877 3488 amdide - ok
17:49:01.0923 3488 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
17:49:01.0923 3488 AmdK8 - ok
17:49:01.0955 3488 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
17:49:01.0955 3488 AmdPPM - ok
17:49:02.0002 3488 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
17:49:02.0002 3488 amdsata - ok
17:49:02.0064 3488 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
17:49:02.0064 3488 amdsbs - ok
17:49:02.0095 3488 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
17:49:02.0095 3488 amdxata - ok
17:49:02.0173 3488 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
17:49:02.0173 3488 AppID - ok
17:49:02.0220 3488 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
17:49:02.0220 3488 AppIDSvc - ok
17:49:02.0298 3488 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
17:49:02.0298 3488 Appinfo - ok
17:49:02.0439 3488 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:49:02.0455 3488 Apple Mobile Device - ok
17:49:02.0517 3488 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
17:49:02.0517 3488 AppMgmt - ok
17:49:02.0580 3488 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
17:49:02.0580 3488 arc - ok
17:49:02.0611 3488 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
17:49:02.0611 3488 arcsas - ok
17:49:02.0658 3488 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
17:49:02.0658 3488 AsyncMac - ok
17:49:02.0705 3488 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
17:49:02.0705 3488 atapi - ok
17:49:02.0798 3488 Ati External Event Utility (2039e24fe00639a9123dcd6f22d42d74) C:\Windows\system32\Ati2evxx.exe
17:49:02.0798 3488 Ati External Event Utility - ok
17:49:03.0142 3488 atikmdag (d2e9acb68fa61c911cc21e07f87705bf) C:\Windows\system32\DRIVERS\atikmdag.sys
17:49:03.0189 3488 atikmdag - ok
17:49:03.0408 3488 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
17:49:03.0423 3488 AudioEndpointBuilder - ok
17:49:03.0439 3488 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
17:49:03.0455 3488 Audiosrv - ok
17:49:03.0517 3488 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
17:49:03.0517 3488 AxInstSV - ok
17:49:03.0611 3488 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
17:49:03.0627 3488 b06bdrv - ok
17:49:03.0673 3488 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
17:49:03.0673 3488 b57nd60x - ok
17:49:03.0956 3488 BCM43XX (f9ce9b5e049efc66b8e6c73c18ee8438) C:\Windows\system32\DRIVERS\bcmwl6.sys
17:49:03.0971 3488 BCM43XX - ok
17:49:04.0096 3488 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
17:49:04.0096 3488 BDESVC - ok
17:49:04.0174 3488 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
17:49:04.0174 3488 Beep - ok
17:49:04.0268 3488 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
17:49:04.0268 3488 BFE - ok
17:49:04.0299 3488 bfoknzrv - ok
17:49:04.0409 3488 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
17:49:04.0424 3488 BITS - ok
17:49:04.0456 3488 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
17:49:04.0456 3488 blbdrive - ok
17:49:04.0612 3488 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
17:49:04.0612 3488 Bonjour Service - ok
17:49:04.0674 3488 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
17:49:04.0674 3488 bowser - ok
17:49:04.0721 3488 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:49:04.0721 3488 BrFiltLo - ok
17:49:04.0753 3488 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:49:04.0753 3488 BrFiltUp - ok
17:49:04.0784 3488 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
17:49:04.0784 3488 BridgeMP - ok
17:49:04.0879 3488 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
17:49:04.0879 3488 Browser - ok
17:49:04.0925 3488 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
17:49:04.0925 3488 Brserid - ok
17:49:04.0941 3488 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
17:49:04.0941 3488 BrSerWdm - ok
17:49:04.0972 3488 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:49:04.0972 3488 BrUsbMdm - ok
17:49:04.0988 3488 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
17:49:04.0988 3488 BrUsbSer - ok
17:49:05.0066 3488 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
17:49:05.0066 3488 BthEnum - ok
17:49:05.0082 3488 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
17:49:05.0082 3488 BTHMODEM - ok
17:49:05.0129 3488 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
17:49:05.0129 3488 BthPan - ok
17:49:05.0207 3488 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
17:49:05.0207 3488 BTHPORT - ok
17:49:05.0269 3488 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
17:49:05.0269 3488 bthserv - ok
17:49:05.0316 3488 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
17:49:05.0316 3488 BTHUSB - ok
17:49:05.0410 3488 BTWAMPFL (2a0de6423d6be95c96124fc66046176e) C:\Windows\system32\DRIVERS\btwampfl.sys
17:49:05.0410 3488 BTWAMPFL - ok
17:49:05.0472 3488 btwaudio (cc0a5e69d19b5c1ecc6cf9bf3acc3969) C:\Windows\system32\drivers\btwaudio.sys
17:49:05.0472 3488 btwaudio - ok
17:49:05.0519 3488 btwavdt (9abea4dc976e3f47da2d4b169719cbaa) C:\Windows\system32\DRIVERS\btwavdt.sys
17:49:05.0519 3488 btwavdt - ok
17:49:05.0691 3488 btwdins (efcbb730c49b957d4fe973f3f6085217) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
17:49:05.0707 3488 btwdins - ok
17:49:05.0738 3488 btwl2cap (a94032a7755164e13c75e0e7409afd65) C:\Windows\system32\DRIVERS\btwl2cap.sys
17:49:05.0738 3488 btwl2cap - ok
17:49:05.0785 3488 btwrchid (1e5468447e4d18fbea5f01267d6495a5) C:\Windows\system32\DRIVERS\btwrchid.sys
17:49:05.0785 3488 btwrchid - ok
17:49:05.0942 3488 CamDrL (0f5ca31bb3fdb5c1e63c170cfbecc93b) C:\Windows\system32\DRIVERS\Camdrl.sys
17:49:05.0958 3488 CamDrL - ok
17:49:06.0020 3488 catchme - ok
17:49:06.0067 3488 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
17:49:06.0067 3488 cdfs - ok
17:49:06.0130 3488 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
17:49:06.0130 3488 cdrom - ok
17:49:06.0192 3488 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
17:49:06.0192 3488 CertPropSvc - ok
17:49:06.0223 3488 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
17:49:06.0223 3488 circlass - ok
17:49:06.0286 3488 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
17:49:06.0286 3488 CLFS - ok
17:49:06.0380 3488 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:49:06.0380 3488 clr_optimization_v2.0.50727_32 - ok
17:49:06.0426 3488 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
17:49:06.0426 3488 CmBatt - ok
17:49:06.0458 3488 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
17:49:06.0473 3488 cmdide - ok
17:49:06.0536 3488 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
17:49:06.0536 3488 CNG - ok
17:49:06.0583 3488 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
17:49:06.0598 3488 Compbatt - ok
17:49:06.0645 3488 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
17:49:06.0645 3488 CompositeBus - ok
17:49:06.0676 3488 COMSysApp - ok
17:49:06.0708 3488 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
17:49:06.0708 3488 crcdisk - ok
17:49:06.0801 3488 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
17:49:06.0801 3488 CryptSvc - ok
17:49:06.0896 3488 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
17:49:06.0896 3488 CSC - ok
17:49:06.0990 3488 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
17:49:07.0006 3488 CscService - ok
17:49:07.0052 3488 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
17:49:07.0052 3488 DcomLaunch - ok
17:49:07.0115 3488 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
17:49:07.0131 3488 defragsvc - ok
17:49:07.0209 3488 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
17:49:07.0209 3488 DfsC - ok
17:49:07.0287 3488 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
17:49:07.0287 3488 Dhcp - ok
17:49:07.0334 3488 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
17:49:07.0334 3488 discache - ok
17:49:07.0396 3488 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
17:49:07.0396 3488 Disk - ok
17:49:07.0474 3488 DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys
17:49:07.0474 3488 DKbFltr - ok
17:49:07.0537 3488 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
17:49:07.0537 3488 Dnscache - ok
17:49:07.0584 3488 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
17:49:07.0599 3488 dot3svc - ok
17:49:07.0662 3488 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
17:49:07.0662 3488 DPS - ok
17:49:07.0740 3488 DritekPortIO - ok
17:49:07.0787 3488 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
17:49:07.0787 3488 drmkaud - ok
17:49:07.0897 3488 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
17:49:07.0913 3488 DXGKrnl - ok
17:49:07.0944 3488 eaghxrdy - ok
17:49:08.0006 3488 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
17:49:08.0006 3488 EapHost - ok
17:49:08.0272 3488 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
17:49:08.0303 3488 ebdrv - ok
17:49:08.0444 3488 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
17:49:08.0444 3488 EFS - ok
17:49:08.0569 3488 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
17:49:08.0569 3488 ehRecvr - ok
17:49:08.0616 3488 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
17:49:08.0616 3488 ehSched - ok
17:49:08.0741 3488 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
17:49:08.0741 3488 elxstor - ok
17:49:08.0803 3488 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
17:49:08.0803 3488 ErrDev - ok
17:49:08.0881 3488 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
17:49:08.0881 3488 EventSystem - ok
17:49:08.0945 3488 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
17:49:08.0945 3488 exfat - ok
17:49:09.0007 3488 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
17:49:09.0007 3488 fastfat - ok
17:49:09.0101 3488 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
17:49:09.0117 3488 Fax - ok
17:49:09.0148 3488 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
17:49:09.0148 3488 fdc - ok
17:49:09.0179 3488 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
17:49:09.0195 3488 fdPHost - ok
17:49:09.0226 3488 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
17:49:09.0226 3488 FDResPub - ok
17:49:09.0257 3488 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
17:49:09.0257 3488 FileInfo - ok
17:49:09.0273 3488 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
17:49:09.0289 3488 Filetrace - ok
17:49:09.0304 3488 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
17:49:09.0304 3488 flpydisk - ok
17:49:09.0351 3488 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
17:49:09.0351 3488 FltMgr - ok
17:49:09.0461 3488 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
17:49:09.0476 3488 FontCache - ok
17:49:09.0570 3488 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:49:09.0570 3488 FontCache3.0.0.0 - ok
17:49:09.0617 3488 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
17:49:09.0617 3488 FsDepends - ok
17:49:09.0664 3488 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
17:49:09.0664 3488 Fs_Rec - ok
17:49:09.0726 3488 FTDIBUS (b283f1bc1ff852bd232449a4b3e3ce63) C:\Windows\system32\drivers\ftdibus.sys
17:49:09.0726 3488 FTDIBUS - ok
17:49:09.0773 3488 FTSER2K (678a73f56ddf84a08c31123c386e9967) C:\Windows\system32\drivers\ftser2k.sys
17:49:09.0773 3488 FTSER2K - ok
17:49:09.0836 3488 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
17:49:09.0836 3488 fvevol - ok
17:49:09.0898 3488 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:49:09.0898 3488 gagp30kx - ok
17:49:09.0962 3488 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:49:09.0962 3488 GEARAspiWDM - ok
17:49:10.0055 3488 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
17:49:10.0055 3488 gpsvc - ok
17:49:10.0087 3488 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
17:49:10.0087 3488 hcw85cir - ok
17:49:10.0133 3488 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
17:49:10.0133 3488 HDAudBus - ok
17:49:10.0149 3488 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
17:49:10.0149 3488 HidBatt - ok
17:49:10.0180 3488 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
17:49:10.0180 3488 HidBth - ok
17:49:10.0227 3488 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
17:49:10.0227 3488 HidIr - ok
17:49:10.0305 3488 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
17:49:10.0305 3488 hidserv - ok
17:49:10.0383 3488 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
17:49:10.0383 3488 HidUsb - ok
17:49:10.0446 3488 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
17:49:10.0446 3488 hkmsvc - ok
17:49:10.0508 3488 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
17:49:10.0508 3488 HomeGroupListener - ok
17:49:10.0571 3488 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
17:49:10.0571 3488 HomeGroupProvider - ok
17:49:10.0758 3488 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
17:49:10.0758 3488 hpqcxs08 - ok
17:49:10.0790 3488 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
17:49:10.0790 3488 hpqddsvc - ok
17:49:10.0868 3488 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
17:49:10.0868 3488 HpSAMD - ok
17:49:10.0963 3488 HPSLPSVC (a04f4ac48895774a2cf9d1c9eaaacef0) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
17:49:10.0978 3488 HPSLPSVC - ok
17:49:11.0056 3488 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
17:49:11.0072 3488 HTTP - ok
17:49:11.0134 3488 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
17:49:11.0134 3488 hwpolicy - ok
17:49:11.0244 3488 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
17:49:11.0244 3488 i8042prt - ok
17:49:11.0322 3488 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
17:49:11.0338 3488 iaStorV - ok
17:49:11.0541 3488 IDriverT (daf66902f08796f9c694901660e5a64a) c:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
17:49:11.0541 3488 IDriverT - ok
17:49:11.0713 3488 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:49:11.0728 3488 idsvc - ok
17:49:11.0853 3488 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
17:49:11.0869 3488 iirsp - ok
17:49:11.0963 3488 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
17:49:11.0970 3488 IKEEXT - ok
17:49:12.0035 3488 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
17:49:12.0035 3488 intelide - ok
17:49:12.0082 3488 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
17:49:12.0082 3488 intelppm - ok
17:49:12.0113 3488 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
17:49:12.0113 3488 IPBusEnum - ok
17:49:12.0144 3488 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:49:12.0144 3488 IpFilterDriver - ok
17:49:12.0222 3488 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
17:49:12.0238 3488 iphlpsvc - ok
17:49:12.0285 3488 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
17:49:12.0285 3488 IPMIDRV - ok
17:49:12.0316 3488 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
17:49:12.0316 3488 IPNAT - ok
17:49:12.0457 3488 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
17:49:12.0457 3488 iPod Service - ok
17:49:12.0519 3488 irda (9f7e491fb0ba0f9e370163834fc1fe31) C:\Windows\system32\DRIVERS\irda.sys
17:49:12.0519 3488 irda - ok
17:49:12.0566 3488 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
17:49:12.0566 3488 IRENUM - ok
17:49:12.0597 3488 Irmon (4220d2f03d5c4226d0a1aa4b84025e45) C:\Windows\System32\irmon.dll
17:49:12.0597 3488 Irmon - ok
17:49:12.0660 3488 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
17:49:12.0660 3488 isapnp - ok
17:49:12.0722 3488 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
17:49:12.0738 3488 iScsiPrt - ok
17:49:12.0785 3488 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
17:49:12.0785 3488 kbdclass - ok
17:49:12.0832 3488 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
17:49:12.0832 3488 kbdhid - ok
17:49:12.0879 3488 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:49:12.0879 3488 KeyIso - ok
17:49:12.0925 3488 khlcgwjo - ok
17:49:13.0007 3488 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
17:49:13.0009 3488 KSecDD - ok
17:49:13.0071 3488 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
17:49:13.0071 3488 KSecPkg - ok
17:49:13.0149 3488 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
17:49:13.0149 3488 KtmRm - ok
17:49:13.0227 3488 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
17:49:13.0227 3488 LanmanServer - ok
17:49:13.0290 3488 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
17:49:13.0290 3488 LanmanWorkstation - ok
17:49:13.0415 3488 LexBceS (bfadbb0b68e566f6f46b856557a68ec1) C:\Windows\System32\LEXBCES.EXE
17:49:13.0415 3488 LexBceS - ok
17:49:13.0493 3488 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
17:49:13.0493 3488 lltdio - ok
17:49:13.0555 3488 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
17:49:13.0555 3488 lltdsvc - ok
17:49:13.0587 3488 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
17:49:13.0587 3488 lmhosts - ok
17:49:13.0649 3488 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:49:13.0649 3488 LSI_FC - ok
17:49:13.0680 3488 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:49:13.0680 3488 LSI_SAS - ok
17:49:13.0712 3488 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:49:13.0712 3488 LSI_SAS2 - ok
17:49:13.0727 3488 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:49:13.0727 3488 LSI_SCSI - ok
17:49:13.0774 3488 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
17:49:13.0774 3488 luafv - ok
17:49:13.0930 3488 LVSrvLauncher (a005cee9be199c5e375faa559ca9a7a9) C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
17:49:13.0930 3488 LVSrvLauncher - ok
17:49:13.0993 3488 LVUSBSta (64bc29c3a0388bfc580bb8b1346f7659) C:\Windows\system32\drivers\LVUSBSta.sys
17:49:13.0993 3488 LVUSBSta - ok
17:49:14.0008 3488 lxbl_device - ok
17:49:14.0055 3488 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
17:49:14.0055 3488 MBAMProtector - ok
17:49:14.0201 3488 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:49:14.0216 3488 MBAMService - ok
17:49:14.0263 3488 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
17:49:14.0263 3488 Mcx2Svc - ok
17:49:14.0326 3488 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
17:49:14.0326 3488 megasas - ok
17:49:14.0388 3488 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
17:49:14.0388 3488 MegaSR - ok
17:49:14.0435 3488 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
17:49:14.0435 3488 MMCSS - ok
17:49:14.0466 3488 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
17:49:14.0466 3488 Modem - ok
17:49:14.0529 3488 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
17:49:14.0529 3488 monitor - ok
17:49:14.0607 3488 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
17:49:14.0623 3488 mouclass - ok
17:49:14.0670 3488 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
17:49:14.0670 3488 mouhid - ok
17:49:14.0716 3488 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
17:49:14.0716 3488 mountmgr - ok
17:49:14.0779 3488 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
17:49:14.0779 3488 MpFilter - ok
17:49:14.0841 3488 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
17:49:14.0841 3488 mpio - ok
17:49:15.0029 3488 MpKsl2095dde2 (a69630d039c38018689190234f866d77) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A0EEC150-8FED-426E-8900-B9BF1640F343}\MpKsl2095dde2.sys
17:49:15.0029 3488 MpKsl2095dde2 - ok
17:49:15.0092 3488 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
17:49:15.0092 3488 mpsdrv - ok
17:49:15.0202 3488 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
17:49:15.0202 3488 MpsSvc - ok
17:49:15.0249 3488 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
17:49:15.0264 3488 MRxDAV - ok
17:49:15.0327 3488 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:49:15.0327 3488 mrxsmb - ok
17:49:15.0374 3488 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:49:15.0374 3488 mrxsmb10 - ok
17:49:15.0405 3488 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:49:15.0405 3488 mrxsmb20 - ok
17:49:15.0499 3488 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
17:49:15.0499 3488 msahci - ok
17:49:15.0577 3488 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
17:49:15.0577 3488 msdsm - ok
17:49:15.0639 3488 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
17:49:15.0639 3488 MSDTC - ok
17:49:15.0702 3488 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
17:49:15.0702 3488 Msfs - ok
17:49:15.0733 3488 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
17:49:15.0733 3488 mshidkmdf - ok
17:49:15.0780 3488 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
17:49:15.0780 3488 msisadrv - ok
17:49:15.0842 3488 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
17:49:15.0842 3488 MSiSCSI - ok
17:49:15.0858 3488 msiserver - ok
17:49:15.0905 3488 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
17:49:15.0905 3488 MSKSSRV - ok
17:49:16.0014 3488 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
17:49:16.0014 3488 MsMpSvc - ok
17:49:16.0030 3488 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
17:49:16.0030 3488 MSPCLOCK - ok
17:49:16.0061 3488 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
17:49:16.0061 3488 MSPQM - ok
17:49:16.0125 3488 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
17:49:16.0125 3488 MsRPC - ok
17:49:16.0172 3488 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
17:49:16.0187 3488 mssmbios - ok
17:49:16.0218 3488 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
17:49:16.0218 3488 MSTEE - ok
17:49:16.0250 3488 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
17:49:16.0250 3488 MTConfig - ok
17:49:16.0281 3488 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
17:49:16.0281 3488 Mup - ok
17:49:16.0359 3488 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
17:49:16.0359 3488 napagent - ok
17:49:16.0422 3488 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
17:49:16.0437 3488 NativeWifiP - ok
17:49:16.0531 3488 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
17:49:16.0547 3488 NDIS - ok
17:49:16.0593 3488 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
17:49:16.0593 3488 NdisCap - ok
17:49:16.0640 3488 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
17:49:16.0640 3488 NdisTapi - ok
17:49:16.0703 3488 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
17:49:16.0703 3488 Ndisuio - ok
17:49:16.0765 3488 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
17:49:16.0765 3488 NdisWan - ok
17:49:16.0812 3488 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
17:49:16.0812 3488 NDProxy - ok
17:49:16.0906 3488 Net Driver HPZ12 (80b7a96f908da13617e7e6832c5c6a64) C:\Windows\system32\HPZinw12.dll
17:49:16.0922 3488 Net Driver HPZ12 - ok
17:49:16.0984 3488 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
17:49:16.0984 3488 NetBIOS - ok
17:49:17.0047 3488 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
17:49:17.0047 3488 NetBT - ok
17:49:17.0093 3488 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:49:17.0093 3488 Netlogon - ok
17:49:17.0190 3488 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
17:49:17.0190 3488 Netman - ok
17:49:17.0237 3488 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
17:49:17.0253 3488 netprofm - ok
17:49:17.0362 3488 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:49:17.0362 3488 NetTcpPortSharing - ok
17:49:17.0440 3488 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
17:49:17.0440 3488 nfrd960 - ok
17:49:17.0518 3488 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:49:17.0534 3488 NisDrv - ok
17:49:17.0659 3488 NisSrv (290c0d4c4889398797f8df3be00b9698) C:\Program Files\Microsoft Security Client\NisSrv.exe
17:49:17.0659 3488 NisSrv - ok
17:49:17.0737 3488 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
17:49:17.0737 3488 NlaSvc - ok
17:49:17.0768 3488 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
17:49:17.0768 3488 Npfs - ok
17:49:17.0831 3488 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
17:49:17.0831 3488 NSCIRDA - ok
17:49:17.0878 3488 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
17:49:17.0878 3488 nsi - ok
17:49:17.0924 3488 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
17:49:17.0924 3488 nsiproxy - ok
17:49:18.0081 3488 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
17:49:18.0081 3488 Ntfs - ok
17:49:18.0254 3488 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
17:49:18.0254 3488 Null - ok
17:49:18.0316 3488 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
17:49:18.0332 3488 nvraid - ok
17:49:18.0379 3488 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
17:49:18.0379 3488 nvstor - ok
17:49:18.0410 3488 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
17:49:18.0410 3488 nv_agp - ok
17:49:18.0613 3488 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:49:18.0613 3488 odserv - ok
17:49:18.0660 3488 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
17:49:18.0660 3488 ohci1394 - ok
17:49:18.0722 3488 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:49:18.0722 3488 ose - ok
17:49:18.0769 3488 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
17:49:18.0785 3488 p2pimsvc - ok
17:49:18.0832 3488 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
17:49:18.0847 3488 p2psvc - ok
17:49:18.0894 3488 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
17:49:18.0894 3488 Parport - ok
17:49:18.0957 3488 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
17:49:18.0957 3488 partmgr - ok
17:49:18.0988 3488 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
17:49:18.0988 3488 Parvdm - ok
17:49:19.0019 3488 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
17:49:19.0035 3488 PcaSvc - ok
17:49:19.0097 3488 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
17:49:19.0097 3488 pci - ok
17:49:19.0129 3488 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
17:49:19.0129 3488 pciide - ok
17:49:19.0175 3488 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
17:49:19.0175 3488 pcmcia - ok
17:49:19.0207 3488 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
17:49:19.0207 3488 pcw - ok
17:49:19.0285 3488 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
17:49:19.0285 3488 PEAUTH - ok
17:49:19.0394 3488 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
17:49:19.0410 3488 PeerDistSvc - ok
17:49:19.0629 3488 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
17:49:19.0644 3488 pla - ok
17:49:19.0832 3488 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
17:49:19.0847 3488 PlugPlay - ok
17:49:19.0925 3488 Pml Driver HPZ12 (0c155c5d8942b3cbcf9506a9d376b9ad) C:\Windows\system32\HPZipm12.dll
17:49:19.0941 3488 Pml Driver HPZ12 - ok
17:49:19.0988 3488 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
17:49:19.0988 3488 PNRPAutoReg - ok
17:49:20.0035 3488 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
17:49:20.0035 3488 PNRPsvc - ok
17:49:20.0113 3488 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
17:49:20.0113 3488 PolicyAgent - ok
17:49:20.0192 3488 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
17:49:20.0192 3488 Power - ok
17:49:20.0301 3488 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
17:49:20.0301 3488 PptpMiniport - ok
17:49:20.0333 3488 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
17:49:20.0333 3488 Processor - ok
17:49:20.0411 3488 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
17:49:20.0426 3488 ProfSvc - ok
17:49:20.0489 3488 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:49:20.0489 3488 ProtectedStorage - ok
17:49:20.0583 3488 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
17:49:20.0583 3488 Psched - ok
17:49:20.0739 3488 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
17:49:20.0739 3488 ql2300 - ok
17:49:20.0926 3488 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
17:49:20.0926 3488 ql40xx - ok
17:49:20.0973 3488 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
17:49:20.0973 3488 QWAVE - ok
17:49:21.0005 3488 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
17:49:21.0005 3488 QWAVEdrv - ok
17:49:21.0098 3488 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
17:49:21.0098 3488 RapiMgr - ok
17:49:21.0130 3488 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
17:49:21.0130 3488 RasAcd - ok
17:49:21.0209 3488 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:49:21.0209 3488 RasAgileVpn - ok
17:49:21.0240 3488 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
17:49:21.0256 3488 RasAuto - ok
17:49:21.0287 3488 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:49:21.0287 3488 Rasl2tp - ok
17:49:21.0365 3488 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
17:49:21.0365 3488 RasMan - ok
17:49:21.0412 3488 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
17:49:21.0412 3488 RasPppoe - ok
17:49:21.0459 3488 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
17:49:21.0459 3488 RasSstp - ok
17:49:21.0521 3488 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
17:49:21.0537 3488 rdbss - ok
17:49:21.0568 3488 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
17:49:21.0568 3488 rdpbus - ok
17:49:21.0615 3488 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:49:21.0615 3488 RDPCDD - ok
17:49:21.0693 3488 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
17:49:21.0693 3488 RDPDR - ok
17:49:21.0740 3488 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
17:49:21.0740 3488 RDPENCDD - ok
17:49:21.0771 3488 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
17:49:21.0771 3488 RDPREFMP - ok
17:49:21.0865 3488 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
17:49:21.0865 3488 RdpVideoMiniport - ok
17:49:21.0927 3488 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
17:49:21.0927 3488 RDPWD - ok
17:49:21.0990 3488 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
17:49:22.0006 3488 rdyboost - ok
17:49:22.0052 3488 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
17:49:22.0052 3488 RemoteAccess - ok
17:49:22.0115 3488 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
17:49:22.0115 3488 RemoteRegistry - ok
17:49:22.0162 3488 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
17:49:22.0162 3488 RFCOMM - ok
17:49:22.0215 3488 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
17:49:22.0215 3488 RpcEptMapper - ok
17:49:22.0262 3488 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
17:49:22.0262 3488 RpcLocator - ok
17:49:22.0340 3488 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\System32\rpcss.dll
17:49:22.0340 3488 RpcSs - ok
17:49:22.0403 3488 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
17:49:22.0419 3488 rspndr - ok
17:49:22.0481 3488 RT-USB (20538e147b590409b1949215a5f91bd1) C:\Windows\system32\drivers\RT-USB.SYS
17:49:22.0481 3488 RT-USB - ok
17:49:22.0528 3488 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
17:49:22.0528 3488 s3cap - ok
17:49:22.0622 3488 Sage SData Service (0fc1c66b6eb59a6bd6ea51c46d31d535) C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe
17:49:22.0622 3488 Sage SData Service - ok
17:49:22.0669 3488 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:49:22.0669 3488 SamSs - ok
17:49:22.0715 3488 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
17:49:22.0715 3488 sbp2port - ok
17:49:22.0762 3488 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
17:49:22.0778 3488 SCardSvr - ok
17:49:22.0825 3488 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
17:49:22.0825 3488 scfilter - ok
17:49:22.0919 3488 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
17:49:22.0919 3488 Schedule - ok
17:49:22.0981 3488 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
17:49:22.0981 3488 SCPolicySvc - ok
17:49:23.0044 3488 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
17:49:23.0044 3488 SDRSVC - ok
17:49:23.0090 3488 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:49:23.0090 3488 secdrv - ok
17:49:23.0153 3488 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
17:49:23.0153 3488 seclogon - ok
17:49:23.0184 3488 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
17:49:23.0200 3488 SENS - ok
17:49:23.0231 3488 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
17:49:23.0247 3488 SensrSvc - ok
17:49:23.0278 3488 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
17:49:23.0278 3488 Serenum - ok
17:49:23.0309 3488 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
17:49:23.0309 3488 Serial - ok
17:49:23.0372 3488 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
17:49:23.0372 3488 sermouse - ok
17:49:23.0450 3488 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
17:49:23.0465 3488 SessionEnv - ok
17:49:23.0512 3488 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
17:49:23.0512 3488 sffdisk - ok
17:49:23.0528 3488 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
17:49:23.0528 3488 sffp_mmc - ok
17:49:23.0559 3488 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
17:49:23.0559 3488 sffp_sd - ok
17:49:23.0590 3488 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
17:49:23.0590 3488 sfloppy - ok
17:49:23.0684 3488 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
17:49:23.0684 3488 SharedAccess - ok
17:49:23.0778 3488 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
17:49:23.0778 3488 ShellHWDetection - ok
17:49:23.0825 3488 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
17:49:23.0825 3488 sisagp - ok
17:49:23.0872 3488 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:49:23.0872 3488 SiSRaid2 - ok
17:49:23.0903 3488 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
17:49:23.0903 3488 SiSRaid4 - ok
17:49:23.0950 3488 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
17:49:23.0965 3488 Smb - ok
17:49:24.0028 3488 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
17:49:24.0028 3488 SNMPTRAP - ok
17:49:24.0075 3488 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
17:49:24.0075 3488 spldr - ok
17:49:24.0137 3488 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
17:49:24.0137 3488 Spooler - ok
17:49:24.0420 3488 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
17:49:24.0451 3488 sppsvc - ok
17:49:24.0607 3488 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
17:49:24.0607 3488 sppuinotify - ok
17:49:24.0701 3488 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
17:49:24.0701 3488 srv - ok
17:49:24.0763 3488 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
17:49:24.0763 3488 srv2 - ok
17:49:24.0795 3488 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
17:49:24.0810 3488 srvnet - ok
17:49:24.0857 3488 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
17:49:24.0857 3488 SSDPSRV - ok
17:49:24.0888 3488 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
17:49:24.0888 3488 SstpSvc - ok
17:49:24.0935 3488 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
17:49:24.0935 3488 stexstor - ok
17:49:24.0998 3488 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
17:49:24.0998 3488 StillCam - ok
17:49:25.0076 3488 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
17:49:25.0091 3488 StiSvc - ok
17:49:25.0138 3488 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
17:49:25.0138 3488 storflt - ok
17:49:25.0170 3488 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
17:49:25.0170 3488 storvsc - ok
17:49:25.0185 3488 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
17:49:25.0201 3488 swenum - ok
17:49:25.0265 3488 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
17:49:25.0281 3488 swprv - ok
17:49:25.0343 3488 Synth3dVsc - ok
17:49:25.0437 3488 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
17:49:25.0437 3488 SynTP - ok
17:49:25.0562 3488 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
17:49:25.0578 3488 SysMain - ok
17:49:25.0625 3488 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
17:49:25.0625 3488 TabletInputService - ok
17:49:25.0703 3488 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
17:49:25.0703 3488 TapiSrv - ok
17:49:25.0750 3488 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
17:49:25.0750 3488 TBS - ok
17:49:25.0937 3488 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
17:49:25.0953 3488 Tcpip - ok
17:49:26.0234 3488 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
17:49:26.0256 3488 TCPIP6 - ok
17:49:26.0444 3488 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
17:49:26.0444 3488 tcpipreg - ok
17:49:26.0522 3488 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
17:49:26.0522 3488 TDPIPE - ok
17:49:26.0538 3488 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
17:49:26.0553 3488 TDTCP - ok
17:49:26.0616 3488 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
17:49:26.0616 3488 tdx - ok
17:49:26.0663 3488 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
17:49:26.0663 3488 TermDD - ok
17:49:26.0756 3488 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
17:49:26.0756 3488 TermService - ok
17:49:26.0803 3488 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
17:49:26.0803 3488 Themes - ok
17:49:26.0850 3488 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
17:49:26.0850 3488 THREADORDER - ok
17:49:26.0913 3488 tifm21 (8778a553003a3d37a550a1f9cff6be28) C:\Windows\system32\drivers\tifm21.sys
17:49:26.0913 3488 tifm21 - ok
17:49:26.0960 3488 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
17:49:26.0960 3488 TrkWks - ok
17:49:27.0006 3488 TrojanKillerDriver (113384367c3999e084fe156b18c7625e) C:\Windows\system32\DRIVERS\gtkdrv.sys
17:49:27.0006 3488 TrojanKillerDriver - ok
17:49:27.0085 3488 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
17:49:27.0085 3488 TrustedInstaller - ok
17:49:27.0163 3488 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:49:27.0163 3488 tssecsrv - ok
17:49:27.0225 3488 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
17:49:27.0225 3488 TsUsbFlt - ok
17:49:27.0241 3488 tsusbhub - ok
17:49:27.0398 3488 TuneUp.Defrag (d30fb93baebe0e99c6a5566f0ad8079a) E:\TuneUp Utilities 2010\TuneUpDefragService.exe
17:49:27.0414 3488 TuneUp.Defrag - ok
17:49:27.0554 3488 TuneUp.UtilitiesSvc (d7e93c6d484e4809d17290d17b120a0d) E:\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
17:49:27.0570 3488 TuneUp.UtilitiesSvc - ok
17:49:27.0617 3488 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) E:\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
17:49:27.0617 3488 TuneUpUtilitiesDrv - ok
17:49:27.0695 3488 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
17:49:27.0711 3488 tunnel - ok
17:49:27.0757 3488 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
17:49:27.0757 3488 uagp35 - ok
17:49:27.0820 3488 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
17:49:27.0836 3488 udfs - ok
17:49:27.0898 3488 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
17:49:27.0898 3488 UI0Detect - ok
17:49:27.0945 3488 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
17:49:27.0945 3488 uliagpkx - ok
17:49:28.0007 3488 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
17:49:28.0007 3488 umbus - ok
17:49:28.0054 3488 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
17:49:28.0054 3488 UmPass - ok
17:49:28.0132 3488 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
17:49:28.0132 3488 UmRdpService - ok
17:49:28.0195 3488 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
17:49:28.0195 3488 upnphost - ok
17:49:28.0242 3488 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
17:49:28.0242 3488 USBAAPL - ok
17:49:28.0352 3488 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
17:49:28.0352 3488 usbaudio - ok
17:49:28.0399 3488 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
17:49:28.0399 3488 usbccgp - ok
17:49:28.0446 3488 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
17:49:28.0446 3488 usbcir - ok
17:49:28.0508 3488 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
17:49:28.0508 3488 usbehci - ok
17:49:28.0555 3488 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
17:49:28.0555 3488 usbhub - ok
17:49:28.0587 3488 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
17:49:28.0602 3488 usbohci - ok
17:49:28.0649 3488 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
17:49:28.0649 3488 usbprint - ok
17:49:28.0696 3488 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
17:49:28.0696 3488 usbscan - ok
17:49:28.0743 3488 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
17:49:28.0743 3488 USBSTOR - ok
17:49:28.0774 3488 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
17:49:28.0774 3488 usbuhci - ok
17:49:28.0821 3488 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
17:49:28.0821 3488 usb_rndisx - ok
17:49:28.0868 3488 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
17:49:28.0868 3488 UxSms - ok
17:49:28.0946 3488 UxTuneUp (d4f835e82b92a6bc7ba999949f833022) C:\Windows\System32\uxtuneup.dll
17:49:28.0946 3488 UxTuneUp - ok
17:49:28.0993 3488 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:49:29.0008 3488 VaultSvc - ok
17:49:29.0071 3488 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
17:49:29.0071 3488 vdrvroot - ok
17:49:29.0149 3488 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
17:49:29.0165 3488 vds - ok
17:49:29.0196 3488 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
17:49:29.0196 3488 vga - ok
17:49:29.0227 3488 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
17:49:29.0227 3488 VgaSave - ok
17:49:29.0258 3488 VGPU - ok
17:49:29.0322 3488 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
17:49:29.0322 3488 vhdmp - ok
17:49:29.0400 3488 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
17:49:29.0400 3488 viaagp - ok
17:49:29.0431 3488 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
17:49:29.0431 3488 ViaC7 - ok
17:49:29.0463 3488 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
17:49:29.0463 3488 viaide - ok
17:49:29.0509 3488 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
17:49:29.0509 3488 vmbus - ok
17:49:29.0588 3488 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
17:49:29.0588 3488 VMBusHID - ok
17:49:29.0634 3488 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
17:49:29.0634 3488 volmgr - ok
17:49:29.0697 3488 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
17:49:29.0697 3488 volmgrx - ok
17:49:29.0744 3488 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
17:49:29.0744 3488 volsnap - ok
17:49:29.0791 3488 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
17:49:29.0806 3488 vsmraid - ok
17:49:29.0931 3488 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
17:49:29.0947 3488 VSS - ok
17:49:29.0978 3488 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
17:49:29.0978 3488 vwifibus - ok
17:49:30.0009 3488 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
17:49:30.0009 3488 vwififlt - ok
17:49:30.0088 3488 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
17:49:30.0088 3488 W32Time - ok
17:49:30.0134 3488 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
17:49:30.0150 3488 WacomPen - ok
17:49:30.0197 3488 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
17:49:30.0197 3488 WANARP - ok
17:49:30.0213 3488 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
17:49:30.0213 3488 Wanarpv6 - ok
17:49:30.0354 3488 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
17:49:30.0370 3488 wbengine - ok
17:49:30.0417 3488 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
17:49:30.0432 3488 WbioSrvc - ok
17:49:30.0526 3488 WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll
17:49:30.0526 3488 WcesComm - ok
17:49:30.0620 3488 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
17:49:30.0620 3488 wcncsvc - ok
17:49:30.0667 3488 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
17:49:30.0667 3488 WcsPlugInService - ok
17:49:30.0729 3488 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
17:49:30.0729 3488 Wd - ok
17:49:30.0792 3488 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
17:49:30.0807 3488 Wdf01000 - ok
17:49:30.0839 3488 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
17:49:30.0839 3488 WdiServiceHost - ok
17:49:30.0854 3488 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
17:49:30.0870 3488 WdiSystemHost - ok
17:49:30.0917 3488 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
17:49:30.0932 3488 WebClient - ok
17:49:30.0964 3488 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
17:49:30.0964 3488 Wecsvc - ok
17:49:30.0995 3488 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
17:49:31.0010 3488 wercplsupport - ok
17:49:31.0057 3488 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
17:49:31.0057 3488 WerSvc - ok
17:49:31.0089 3488 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
17:49:31.0089 3488 WfpLwf - ok
17:49:31.0135 3488 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
17:49:31.0135 3488 WIMMount - ok
17:49:31.0371 3488 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
17:49:31.0386 3488 WinDefend - ok
17:49:31.0402 3488 WinHttpAutoProxySvc - ok
17:49:31.0496 3488 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
17:49:31.0496 3488 Winmgmt - ok
17:49:31.0621 3488 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
17:49:31.0636 3488 WinRM - ok
17:49:31.0761 3488 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
17:49:31.0761 3488 WinUsb - ok
17:49:31.0855 3488 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
17:49:31.0871 3488 Wlansvc - ok
17:49:32.0168 3488 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:49:32.0183 3488 wlidsvc - ok
17:49:32.0324 3488 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
17:49:32.0324 3488 WmiAcpi - ok
17:49:32.0419 3488 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
17:49:32.0419 3488 wmiApSrv - ok
17:49:32.0606 3488 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
17:49:32.0637 3488 WMPNetworkSvc - ok
17:49:32.0778 3488 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
17:49:32.0778 3488 WPCSvc - ok
17:49:32.0825 3488 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
17:49:32.0840 3488 WPDBusEnum - ok
17:49:32.0887 3488 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
17:49:32.0887 3488 ws2ifsl - ok
17:49:32.0934 3488 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
17:49:32.0934 3488 wscsvc - ok
17:49:32.0950 3488 WSearch - ok
17:49:33.0153 3488 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
17:49:33.0169 3488 wuauserv - ok
17:49:33.0340 3488 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
17:49:33.0356 3488 WudfPf - ok
17:49:33.0421 3488 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:49:33.0421 3488 WUDFRd - ok
17:49:33.0483 3488 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
17:49:33.0499 3488 wudfsvc - ok
17:49:33.0546 3488 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
17:49:33.0546 3488 WwanSvc - ok
17:49:33.0655 3488 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:49:34.0249 3488 \Device\Harddisk0\DR0 - ok
17:49:34.0280 3488 Boot (0x1200) (9ceeee2539b45130db6e2bec9d13082a) \Device\Harddisk0\DR0\Partition0
17:49:34.0280 3488 \Device\Harddisk0\DR0\Partition0 - ok
17:49:34.0311 3488 Boot (0x1200) (a2059190be0fa114b4f0791975652045) \Device\Harddisk0\DR0\Partition1
17:49:34.0311 3488 \Device\Harddisk0\DR0\Partition1 - ok
17:49:34.0342 3488 Boot (0x1200) (f69f4f0e5bbcc1323adab8c275b2f616) \Device\Harddisk0\DR0\Partition2
17:49:34.0342 3488 \Device\Harddisk0\DR0\Partition2 - ok
17:49:34.0342 3488 ============================================================
17:49:34.0342 3488 Scan finished
17:49:34.0342 3488 ============================================================
17:49:34.0374 0852 Detected object count: 0
17:49:34.0374 0852 Actual detected object count: 0

#11 Tgod

Tgod
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 27 May 2012 - 12:06 PM

This is the log from aswMBR it says 'File: C:\Windows\system32\disknlpa.dll **INFECTED** Win32:Trojan-gen' is infected. Does this need fixing on the aswMBR software?


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-27 17:52:30
-----------------------------
17:52:30.906 OS Version: Windows 6.1.7601 Service Pack 1
17:52:30.906 Number of processors: 1 586 0x2402
17:52:31.031 ComputerName: TONY-PC UserName: Tony
17:52:32.251 Initialize success
17:55:01.035 AVAST engine defs: 12052700
17:55:57.742 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:55:57.757 Disk 0 Vendor: SAMSUNG_HM160HC LQ100-10 Size: 152627MB BusType: 3
17:55:57.773 Disk 0 MBR read successfully
17:55:57.773 Disk 0 MBR scan
17:55:57.789 Disk 0 Windows 7 default MBR code
17:55:57.804 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 35119 MB offset 2048
17:55:57.804 Disk 0 Partition - 00 0F Extended LBA 117506 MB offset 71925760
17:55:57.836 Disk 0 Partition 2 00 0B FAT32 MSDOS5.0 21000 MB offset 71927808
17:55:57.851 Disk 0 Partition - 00 05 Extended 96505 MB offset 114935808
17:55:57.882 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 96504 MB offset 114937856
17:55:57.898 Disk 0 scanning sectors +312578048
17:55:57.976 Disk 0 scanning C:\Windows\system32\drivers
17:56:12.451 Service scanning
17:56:42.632 Modules scanning
17:56:54.135 Disk 0 trace - called modules:
17:56:54.151 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
17:56:54.167 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8561b030]
17:56:54.167 3 CLASSPNP.SYS[88db559e] -> nt!IofCallDriver -> [0x84830918]
17:56:54.182 5 ACPI.sys[888333d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85167030]
17:56:55.026 AVAST engine scan C:\Windows
17:56:58.414 AVAST engine scan C:\Windows\system32
17:57:30.572 File: C:\Windows\system32\disknlpa.dll **INFECTED** Win32:Trojan-gen
18:00:34.716 AVAST engine scan C:\Windows\system32\drivers
18:00:53.644 AVAST engine scan C:\Users\Tony
18:02:10.139 AVAST engine scan C:\ProgramData
18:03:58.080 Scan finished successfully
18:04:16.099 Disk 0 MBR has been saved successfully to "C:\Users\Tony\Desktop\MBR.dat"
18:04:16.099 The log file has been saved successfully to "C:\Users\Tony\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:47 AM

Posted 27 May 2012 - 12:47 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\programdata\529C5390000082B600041D1EB4EB238B
c:\users\Tony\AppData\Roaming\Ysboy
c:\users\Tony\AppData\Roaming\Owafihi
c:\users\Tony\AppData\Local\Babylon
c:\users\Tony\AppData\Roaming\Babylon
c:\programdata\Babylon

File::
c:\windows\system32\disknlpa.dll

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Tgod

Tgod
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 27 May 2012 - 01:27 PM

Hi Gringo, thank you very much for your help, the combo fix scan went fine and the internet browsing speed has really picked up again.

Heres the new log from combo fix:

ComboFix 12-05-27.02 - Tony 27/05/2012 19:04:39.2.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2047.1290 [GMT 1:00]
Running from: c:\users\Tony\Desktop\ComboFix.exe
Command switches used :: c:\users\Tony\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\system32\disknlpa.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\529C5390000082B600041D1EB4EB238B
c:\programdata\529C5390000082B600041D1EB4EB238B\529C5390000082B600041D1EB4EB238B
c:\programdata\Babylon
c:\users\Tony\AppData\Local\Babylon
c:\users\Tony\AppData\Local\Babylon\Setup\bab033.tbinst.dat
c:\users\Tony\AppData\Local\Babylon\Setup\bab091.norecovericon.dat
c:\users\Tony\AppData\Local\Babylon\Setup\Babylon.dat
c:\users\Tony\AppData\Local\Babylon\Setup\HtmlScreens\blueStar.png
c:\users\Tony\AppData\Local\Babylon\Setup\HtmlScreens\eula.html
c:\users\Tony\AppData\Local\Babylon\Setup\HtmlScreens\globe.png
c:\users\Tony\AppData\Local\Babylon\Setup\HtmlScreens\options.js
c:\users\Tony\AppData\Local\Babylon\Setup\HtmlScreens\page0.html
c:\users\Tony\AppData\Local\Babylon\Setup\HtmlScreens\page2.css
c:\users\Tony\AppData\Local\Babylon\Setup\HtmlScreens\page2.html
c:\users\Tony\AppData\Local\Babylon\Setup\HtmlScreens\page2Lrg.css
c:\users\Tony\AppData\Local\Babylon\Setup\HtmlScreens\page3.css
c:\users\Tony\AppData\Local\Babylon\Setup\HtmlScreens\page3.html
c:\users\Tony\AppData\Local\Babylon\Setup\HtmlScreens\page3Lrg.css
c:\users\Tony\AppData\Local\Babylon\Setup\HtmlScreens\pBar.gif
c:\users\Tony\AppData\Local\Babylon\Setup\HtmlScreens\progress.png
c:\users\Tony\AppData\Local\Babylon\Setup\HtmlScreens\setup.js
c:\users\Tony\AppData\Local\Babylon\Setup\HtmlScreens\title.png
c:\users\Tony\AppData\Local\Babylon\Setup\HtmlScreens\toolBar.jpg
c:\users\Tony\AppData\Local\Babylon\Setup\IECookieLow.dll
c:\users\Tony\AppData\Local\Babylon\Setup\Setup-latest-30b.zpb
c:\users\Tony\AppData\Local\Babylon\Setup\Setup-tbmntr903.zpb
c:\users\Tony\AppData\Local\Babylon\Setup\SetupStrings.dat
c:\users\Tony\AppData\Local\Babylon\Setup\sign
c:\users\Tony\AppData\Local\Babylon\Setup\sqlite3.dll
c:\users\Tony\AppData\Roaming\Babylon
c:\users\Tony\AppData\Roaming\Babylon\log_file.txt
c:\users\Tony\AppData\Roaming\Owafihi
c:\users\Tony\AppData\Roaming\Owafihi\wyaram.tmp
c:\users\Tony\AppData\Roaming\Ysboy
c:\windows\system32\disknlpa.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-27 to 2012-05-27 )))))))))))))))))))))))))))))))
.
.
2012-05-27 18:15 . 2012-05-27 18:15 -------- d-----w- c:\users\Tony\AppData\Local\temp
2012-05-27 18:15 . 2012-05-27 18:15 -------- d-----w- c:\users\Killer\AppData\Local\temp
2012-05-27 18:15 . 2012-05-27 18:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-27 18:02 . 2012-05-27 18:02 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33D39B64-D511-4E09-9D2F-63B1BB7C4C26}\MpKsl4f523c87.sys
2012-05-27 17:12 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33D39B64-D511-4E09-9D2F-63B1BB7C4C26}\mpengine.dll
2012-05-26 23:34 . 2012-05-26 23:34 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-05-26 23:23 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-26 23:23 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-26 23:15 . 2012-05-26 23:13 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2539D29-8557-4853-A4EF-B3C73D250C96}\gapaengine.dll
2012-05-26 22:03 . 2012-05-26 22:03 -------- d-----w- c:\users\Killer\AppData\Roaming\Apple Computer
2012-05-26 21:44 . 2012-05-27 15:47 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-05-26 21:23 . 2012-05-26 21:23 -------- d-----w- c:\users\Killer\AppData\Roaming\HP
2012-05-12 02:01 . 2012-05-12 02:01 -------- d-----w- c:\users\Tony\AppData\Local\Apple Computer
2012-05-12 02:01 . 2012-05-12 15:09 -------- d-----w- c:\users\Tony\AppData\Roaming\Apple Computer
2012-05-12 02:01 . 2012-05-12 02:01 -------- dc----w- c:\windows\system32\DRVSTORE
2012-05-12 02:01 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-05-12 02:01 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-05-12 02:00 . 2012-05-12 02:00 -------- d-----w- c:\program files\iPod
2012-05-12 02:00 . 2012-05-12 02:01 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-05-12 02:00 . 2012-05-12 02:01 -------- d-----w- c:\program files\iTunes
2012-05-12 02:00 . 2012-05-12 02:00 -------- d-----w- c:\programdata\Apple Computer
2012-05-12 02:00 . 2012-05-12 02:00 -------- d-----w- c:\users\Tony\AppData\Local\Apple
2012-05-12 02:00 . 2012-05-12 02:00 -------- d-----w- c:\program files\Apple Software Update
2012-05-12 01:59 . 2012-05-12 01:59 -------- d-----w- c:\program files\Bonjour
2012-05-12 01:58 . 2012-05-12 02:00 -------- d-----w- c:\program files\Common Files\Apple
2012-05-12 01:58 . 2012-05-12 01:59 -------- d-----w- c:\programdata\Apple
2012-05-12 01:43 . 2012-05-12 01:43 -------- d--h--w- c:\programdata\Common Files
2012-05-07 15:23 . 2011-05-30 13:42 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2012-05-07 15:23 . 2011-05-23 09:52 153088 ----a-w- c:\windows\system32\xvid.ax
2012-05-07 15:23 . 2011-05-23 07:46 645632 ----a-w- c:\windows\system32\xvidcore.dll
2012-05-07 15:18 . 2012-05-07 15:18 -------- d-----w- c:\users\Tony\.bitrock
2012-05-05 10:15 . 2012-05-07 15:23 -------- d-----w- c:\program files\Xvid
2012-05-05 10:13 . 2012-05-05 10:27 -------- d-----w- c:\program files\Real
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 16:40 . 2012-04-09 22:10 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-05 10:13 . 2003-03-19 05:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-05-05 10:13 . 2003-02-21 12:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-04-09 11:19 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-04-04 14:56 . 2011-09-10 14:09 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-20 19:44 . 2011-04-27 14:25 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 19:44 . 2011-04-18 12:18 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-18 18:24 . 2012-03-18 18:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-06 05:59 . 2012-04-17 17:45 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-06 05:59 . 2012-04-17 17:45 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-01 05:46 . 2012-04-17 17:52 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-17 17:52 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-17 17:52 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-17 17:52 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-28 05:38 . 2012-04-17 17:33 981504 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 03:52 . 2012-04-17 17:33 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-27_16.05.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-07 23:26 . 2012-05-27 17:54 47296 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2011-05-08 01:38 . 2012-05-27 17:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-08 01:38 . 2012-05-27 13:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-08 01:38 . 2012-05-27 13:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-08 01:38 . 2012-05-27 17:14 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-08 01:38 . 2012-05-27 13:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-08 01:38 . 2012-05-27 17:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-08 00:02 . 2012-05-27 16:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-08 00:02 . 2012-05-27 17:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-08 00:02 . 2012-05-27 16:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-08 00:02 . 2012-05-27 17:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-05-27 17:35 . 2012-05-27 17:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-27 15:22 . 2012-05-27 16:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-27 15:22 . 2012-05-27 16:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-27 17:35 . 2012-05-27 17:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:05 . 2012-05-27 16:09 621742 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2012-05-27 16:09 108792 c:\windows\System32\perfc009.dat
- 2009-07-14 04:47 . 2012-05-27 15:22 323568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:47 . 2012-05-27 17:14 323568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2011-04-01 04:45 501760 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetworkIndicator"="c:\users\Tony\Desktop\NetworkIndicator.exe" [2010-06-30 192512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-24 1190920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2011-04-01 91648]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="e:\logitech\quickcam\QuickCam10.exe" [2007-02-08 774168]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
tonypower.lnk - c:\windows\regedit.exe [2009-7-14 398336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-3-26 840992]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
.
R1 bfoknzrv;bfoknzrv;c:\windows\system32\drivers\bfoknzrv.sys [x]
R1 eaghxrdy;eaghxrdy;c:\windows\system32\drivers\eaghxrdy.sys [x]
R1 khlcgwjo;khlcgwjo;c:\windows\system32\drivers\khlcgwjo.sys [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-05-08 302120]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-05-08 33832]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 74112]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 RT-USB;Ross-Tech USB driver;c:\windows\system32\drivers\RT-USB.SYS [2011-08-16 62920]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\DRIVERS\gtkdrv.sys [2012-01-04 16128]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;e:\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;e:\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
S1 MpKsl4f523c87;MpKsl4f523c87;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33D39B64-D511-4E09-9D2F-63B1BB7C4C26}\MpKsl4f523c87.sys [2012-05-27 29904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 lxbl_device;lxbl_device;c:\windows\system32\lxblcoms.exe [2007-04-20 537520]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 Sage SData Service;Sage SData Service;c:\program files\Common Files\Sage SData\Sage.SData.Service.exe [2009-06-08 49152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL4F523C87
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-26 c:\windows\Tasks\WebReg HP Photosmart B110 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2009-11-18 07:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://d:\roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - e:\micros~1\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://d:\roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://d:\roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://d:\roboform\RoboFormComSavePass.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.98.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-27 19:23:55
ComboFix-quarantined-files.txt 2012-05-27 18:23
ComboFix2.txt 2012-05-27 16:16
.
Pre-Run: 17,307,613,184 bytes free
Post-Run: 17,324,242,944 bytes free
.
- - End Of File - - 8B4FAEB22C5F8F82771C1C5406F333F7

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:47 AM

Posted 27 May 2012 - 01:43 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Tgod

Tgod
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 27 May 2012 - 01:56 PM

Hi Gringo heres the extra report

Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
7-Zip 4.65
Accounts
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.1)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
B110
BitTorrent
bluefin 3.0.0.2
bluefin 3.6.0.1
bluefin Desktop
Bonjour
BufferChm
CCleaner
Classic Shell
Coupon Printer for Windows
D3DX10
Destinations
DeviceDiscovery
DivX Setup
FreeCommander 2009.02b
FreeMoneyFormula
FTDI USB Serial Converter Drivers
GPBaseService2
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Photo Creations
HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
HP Smart Web Printing 4.60
HP Solution Center 14.0
HPAppStudio
HPPhotoGadget
HPProductAssistant
HPSSupply
iTunes
Jasc Paint Shop Pro 8
Jasc Paint Shop Pro 8.10 Update Patch
Java Auto Updater
Java™ 6 Update 29
Launch Manager
Lexmark Z700-P700 Series
Logitech QuickCam
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
Media Player Classic - Home Cinema v1.4.2499.0
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
PS_AIO_07_B110_SW_Min
QuickTransfer
Realtek AC'97 Audio
RealUpgrade 1.1
RoboForm 7-2-7 (All Users)
Sage 50 Accounts 2010
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Status
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
TIxx21
Toolbox
TrayApp
Trojan Killer
TuneUp Utilities
TuneUp Utilities Language Pack (en-US)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 Help (KB957243)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Script Editor Help (KB957253)
VC80CRTRedist - 8.0.50727.6195
WebReg
WIDCOMM Bluetooth Software
Win7codecs
Windows Driver Package - FTDI bluefin USB Driver (03/18/2011 2.08.14)
Windows Driver Package - FTDI bluefin Virtual COM Port Driver (03/18/2011 2.08.14)
Windows Driver Package - Ross-Tech USB Driver Package (06/16/2010 2.06.02)
Windows Driver Package - Ross-Tech USB Driver Package (08/16/2011 2.08.14)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Mobile Device Center
WinRAR archiver
Xvid Video Codec




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users