Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adobe pop up add in lower right corner (host file hijack?)


  • Please log in to reply
8 replies to this topic

#1 fstforwrd

fstforwrd

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 29 May 2012 - 12:51 PM

Hello,

based on the explanation of the same problem I saw posted elsewere, I believe I have a "hosts file hijack" problem. All of my browsers: IE, Firefox, and Chrome have a pop up advertisment in the lower right corner. The one fix I saw was using OTL by Old Timer but I was hesitant to try this on my own.

Regards
Fstforwrd

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:52 AM

Posted 29 May 2012 - 12:55 PM

Hello, lets take a look at some things and we'll know.
Are you being re directed on web pages.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.





Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.




Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on [color=blue]Malwarebytes Chameleon
and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 fstforwrd

fstforwrd
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 29 May 2012 - 02:05 PM

Thank you for your help,


MiniToolBox Results:

MiniToolBox by Farbar Version: 14-01-2012
Ran by (administrator) on 29-05-2012 at 14:17:05
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost








































































































































































































149.5.18.172 www.google-analytics.com.
149.5.18.172 ad-emea.doubleclick.net.
149.5.18.172 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.

127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : ENG-WORKSTATION
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . :

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
Physical Address. . . . . . . . . : 00-25-64-C5-A5-26
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::79c9:6b68:3dd8:fb25%11(Preferred)
IPv4 Address. . . . . . . . . . . :
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, May 29, 2012 9:26:43 AM
Lease Expires . . . . . . . . . . : Wednesday, June 06, 2012 9:26:42 AM
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 234890596
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-6C-54-CA-00-25-64-C5-A5-26
DNS Servers . . . . . . . . . . . :
8.8.8.8
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.XXXXXX.local:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server:
Address:

Name: google.com
Addresses: 74.125.45.102
74.125.45.139
74.125.45.100
74.125.45.113
74.125.45.138
74.125.45.101


Pinging google.com [74.125.45.102] with 32 bytes of data:
Reply from 74.125.45.102: bytes=32 time=17ms TTL=52
Reply from 74.125.45.102: bytes=32 time=21ms TTL=52

Ping statistics for 74.125.45.102:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 17ms, Maximum = 21ms, Average = 19ms
Server: Address:

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=111ms TTL=47
Reply from 72.30.38.140: bytes=32 time=151ms TTL=47

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 111ms, Maximum = 151ms, Average = 131ms
Server: .local
Address:

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...00 25 64 c5 a5 26 ......Broadcom NetXtreme 57xx Gigabit Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 XXX.168.17.1 XXX.168.17.113 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
XXX.168.17.0 255.255.255.0 On-link XXX.168.17.113 266
xxxxxxxxxxxxxxxx 255.255.255.255 On-link XXX.168.17.113 266
XXXXXXXXXXXXXX 255.255.255.255 On-link XXX.168.17.113 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link XXX.168.17.113 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link XXX.168.17.113 266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 266 fe80::/64 On-link
11 266 fe80::79c9:6b68:3dd8:fb25/128
On-link
1 306 ff00::/8 On-link
11 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/29/2012 02:15:55 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks: Premier Manufacturing and Wholesale Edition 2010":
Could not save User Value Cache. Hr = 80004005

Error: (05/29/2012 02:15:24 PM) (Source: Symantec AntiVirus) (User:
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SavUI.exe
Event Info: Create Process
ActionTaken: Blocked
Actor Process: C:\PROGRAM FILES (X86)\COMMON FILES\SOLIDWORKS INSTALLATION MANAGER\BACKGROUNDDOWNLOADING\SLDBGDWLD.EXE (PID 4412)
Time: Tuesday, May 29, 2012 2:15:24 PM

Error: (05/29/2012 01:32:06 PM) (Source: Symantec AntiVirus) (User:
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
Event Info: Create Process
ActionTaken: Blocked
Actor Process: C:\PROGRAM FILES\LOGITECH\GAMEPANEL SOFTWARE\LCD MANAGER\APPLETS\ZZ3DXLCD20MAIL.EXE (PID 4892)
Time: Tuesday, May 29, 2012 1:32:06 PM

Error: (05/29/2012 01:32:06 PM) (Source: Symantec AntiVirus) (User:
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
Event Info: Create Process
ActionTaken: Blocked
Actor Process: C:\PROGRAM FILES\LOGITECH\GAMEPANEL SOFTWARE\LCD MANAGER\APPLETS\ZZ3DXLCD40TASK.EXE (PID 4940)
Time: Tuesday, May 29, 2012 1:32:06 PM

Error: (05/29/2012 01:32:06 PM) (Source: Symantec AntiVirus) (User:
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
Event Info: Create Process
ActionTaken: Blocked
Actor Process: C:\PROGRAM FILES\LOGITECH\GAMEPANEL SOFTWARE\LCD MANAGER\APPLETS\ZZ3DXLCD30CALENDAR.EXE (PID 4916)
Time: Tuesday, May 29, 2012 1:32:06 PM

Error: (05/29/2012 01:32:01 PM) (Source: Symantec AntiVirus) (User:
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
Event Info: Create Process
ActionTaken: Blocked
Actor Process: C:\PROGRAM FILES\LOGITECH\GAMEPANEL SOFTWARE\LCD MANAGER\APPLETS\ZZ3DXLCD20MAIL.EXE (PID 4892)
Time: Tuesday, May 29, 2012 1:32:01 PM

Error: (05/29/2012 01:32:01 PM) (Source: Symantec AntiVirus) (User:
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
Event Info: Create Process
ActionTaken: Blocked
Actor Process: C:\PROGRAM FILES\LOGITECH\GAMEPANEL SOFTWARE\LCD MANAGER\APPLETS\ZZ3DXLCD40TASK.EXE (PID 4940)
Time: Tuesday, May 29, 2012 1:32:01 PM

Error: (05/29/2012 01:32:00 PM) (Source: Symantec AntiVirus) (User:
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
Event Info: Create Process
ActionTaken: Blocked
Actor Process: C:\PROGRAM FILES\LOGITECH\GAMEPANEL SOFTWARE\LCD MANAGER\APPLETS\ZZ3DXLCD30CALENDAR.EXE (PID 4916)
Time: Tuesday, May 29, 2012 1:32:00 PM

Error: (05/29/2012 01:28:05 PM) (Source: Symantec AntiVirus) (User:
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
Event Info: Create Process
ActionTaken: Blocked
Actor Process: C:\PROGRAM FILES (X86)\COMMON FILES\SOLIDWORKS INSTALLATION MANAGER\BACKGROUNDDOWNLOADING\SLDBGDWLD.EXE (PID 4412)
Time: Tuesday, May 29, 2012 1:28:05 PM

Error: (05/29/2012 01:28:04 PM) (Source: Symantec AntiVirus) (User:
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
Event Info: Create Process
ActionTaken: Blocked
Actor Process: C:\PROGRAM FILES (X86)\COMMON FILES\SOLIDWORKS INSTALLATION MANAGER\BACKGROUNDDOWNLOADING\SLDBGDWLD.EXE (PID 4412)
Time: Tuesday, May 29, 2012 1:28:04 PM


System errors:
=============
Error: (05/29/2012 09:28:09 AM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (05/29/2012 09:26:46 AM) (Source: Service Control Manager) (User: )
Description: The RPakIO service failed to start due to the following error:
%%1275

Error: (05/29/2012 09:26:46 AM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\RPakIO.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (05/29/2012 09:26:45 AM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (05/29/2012 09:26:43 AM) (Source: Service Control Manager) (User: )
Description: The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (05/29/2012 09:24:15 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service has reported an invalid current state 32.

Error: (05/29/2012 09:23:09 AM) (Source: Service Control Manager) (User: )
Description: The Application Updater service terminated unexpectedly. It has done this 1 time(s).

Error: (05/28/2012 00:05:50 PM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (05/28/2012 00:04:27 PM) (Source: Service Control Manager) (User: )
Description: The RPakIO service failed to start due to the following error:
%%1275

Error: (05/28/2012 00:04:27 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\RPakIO.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


Microsoft Office Sessions:
=========================
Error: (01/05/2012 02:20:45 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3949 seconds with 1680 seconds of active time. This session ended with a crash.

Error: (08/24/2011 07:41:36 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10083 seconds with 120 seconds of active time. This session ended with a crash.

Error: (06/27/2011 04:35:43 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 804 seconds with 240 seconds of active time. This session ended with a crash.

Error: (05/17/2011 03:48:27 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 3253 seconds with 720 seconds of active time. This session ended with a crash.

Error: (10/25/2010 02:52:17 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1127 seconds with 720 seconds of active time. This session ended with a crash.

Error: (05/25/2010 08:18:17 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1005 seconds with 480 seconds of active time. This session ended with a crash.

Error: (05/25/2010 08:01:24 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2402 seconds with 360 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system (Version: 12.0.6612.1000)
3Dconnexion 3DxSoftware (SpacePilot PRO x64 Edition) (Version: 3.12.3)
3Dconnexion 3DxWare (x64) (Version: 6.12.0001)
3Dconnexion Add-In for AutoCAD 2007 - 2010 (Version: 4.5.1)
3Dconnexion Add-In for Inventor 11 - 2011 (Version: 1.7.0)
3Dconnexion Add-In for Solid Edge V18 - ST3 (Version: 2.17.0)
3Dconnexion Add-In for SolidWorks 2005 - 2011 (x64) (Version: 2.18.2)
3Dconnexion Add-On for XSI v5.0 - 2011 (Version: 2.6.2)
3Dconnexion Collage (Version: 1.3.0)
3Dconnexion Extension for SketchUp (Version: 3.1.2)
3Dconnexion LCD Applets for SpacePilot PRO (x64) (Version: 1.2.6)
3Dconnexion Plug-In for 3ds Max v9 - 2011 (Version: 5.1.3)
3Dconnexion Plug-in for Acrobat 3D (Version: 1.1.0)
3Dconnexion Plug-In for Maya v8.5 - 2011 (Version: 3.9.1)
3Dconnexion Plug-In for NX v3.0 - v7.5 (Version: 2.8.2)
3Dconnexion Plug-In for Photoshop CS3 - CS5 (Version: 2.2.1)
3Dconnexion Plug-In for Pro/ENGINEER WF3 - WF5 (Version: 1.7.8)
3Dconnexion Trainer (Version: 3.2.0)
43-127 File Manager Software(FMS) V1.10
64 Bit HP CIO Components Installer (Version: 4.2.1)
Adobe Acrobat 9 Standard - English, Français, Deutsch (Version: 9.4.1)
Adobe Acrobat 9.4.1 - CPSID_83708
Adobe AIR (Version: 2.0.3.13070)
Adobe Flash Player 10 Plugin (Version: 10.0.45.2)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.235)
Adobe Reader 9.3.4 (Version: 9.3.4)
Advanced Spring Design 7 (Version: 7.10)
BioAPI Framework (Version: 1.0.1)
Broadcom NetXtreme-I Netlink Driver and Management Installer (Version: 12.25.02)
BufferChm (Version: 100.0.170.000)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1)
CamDisk7 For Dynomation-5 (Version: CamDisk7)
CCleaner (Version: 3.04)
Cisco WebEx Meetings
CustomerResearchQFolder (Version: 1.00.0000)
Data Viewer (Version: 3.2.2)
DataLinkII (Version: 3.7.1)
DCP64MMWrapper (Version: 1.6.453.66)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Control Point 64 (Version: 1.6.453.66)
Dell ControlPoint Security Manager (Version: 1.6.453.66)
Dell ControlPoint System Manager (Version: 1.4.00001)
Dell Edoc Viewer (Version: 1.0.0)
Dell Embassy Trust Suite by Wave Systems (Version: 02.05.00.058)
Dell SAS RAID Storage Manager (Version: 2.66.0000)
Dell SAS RAID Storage Manager v2.66-00 (Version: 2.66.0000)
Dell Security Device Driver Pack (Version: 1.4.050)
DeviceDiscovery (Version: 100.0.190.000)
DeviceManagementQFolder (Version: 1.00.0000)
DragSim5 Vehicle Simulation v.5.01.0929 (Version: 5.01.0929)
Dynomation-5 W/ProTools v.5.01.0408 (Version: Dynomation-5 Engine Simulation ProTools v.5.01.0408)
EMBASSY Security Center Lite (Version: )
EMBASSY Security Center Lite (Version: 04.01.00.029)
EMBASSY Security Setup (Version: )
EMBASSY Security Setup (Version: 04.01.00.028)
ESC Home Page Plugin (Version: )
ESC Home Page Plugin (Version: 04.01.00.004)
FileOpen Client (x64) (Version: 3.0.47.900)
Gemalto (Version: 01.64.00.0010)
Google Chrome (Version: 19.0.1084.52)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.111)
GoToMeeting 5.2.0.952 (Version: 5.2.0.952)
HASP HL Device Driver
HP Color LaserJet CM1312 MFP Series 5.1 (Version: 5.1)
HP Customer Participation Program 10.0 (Version: 10.0)
HP Imaging Device Functions 10.0 (Version: 10.0)
HP Update (Version: 4.000.007.003)
hppCLJCM1312 (Version: 005.001.00142)
hppFaxDrvCM1312 (Version: 005.000.00001)
hppFaxUtilityCM1312 (Version: 005.001.00137)
hppFonts (Version: 001.001.00061)
hppLaserJetService (Version: 001.001.0.0)
hppManualsCM1312 (Version: 005.001.00145)
hppQFolderCM1312 (Version: 1.00.0000)
hppScanToCM1312 (Version: 005.001.00140)
hppSendFaxCM1312 (Version: 005.000.00001)
hppusgCM1312 (Version: 1.1.0.1)
HPSSupply (Version: 100.0.170.000)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 17 (64-bit) (Version: 6.0.170)
Java™ 6 Update 31 (Version: 6.0.310)
Junk Mail filter update (Version: 14.0.8089.726)
Logitech LCD Manager (Version: 3.06.109)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
MarketResearch (Version: 100.0.170.000)
MFCLOC (Version: 1.00.0000)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft IntelliPoint 8.1 (Version: 8.15.406.0)
Microsoft IntelliType Pro 8.1 (Version: 8.15.406.0)
Microsoft Office 2003 Web Components (Version: 12.0.6213.1000)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00)
Microsoft SQL Server 2005 Express Edition (UTSSQLEXPRESS) (Version: 9.4.5000.00)
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version: 8.0.52572)
Microsoft Visual Studio 2005 Tools for Applications - ENU
Microsoft Visual Studio 2005 Tools for Applications - ENU (Version: 8.0.50727.146)
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
National Instruments Software (Version: )
NI EULA Depot (Version: 2.71.128)
NI LabVIEW 2009 SP1 Run-Time Engine Web Services (Version: 9.0.234.0)
NI LabVIEW Real-Time NBFifo (Version: 9.0.222.0)
NI LabVIEW Run-Time Engine 2009 SP1 (Version: 9.0.1057.0)
NI LabVIEW Run-Time Engine Interop 2009 (Version: 9.0.129.0)
NI LabVIEW Web Server for Run-Time Engine (Version: 9.0.185.0)
NI Logos 5.1.2 (Version: 5.1.128.0)
NI Logos XT Support (Version: 5.1.69.0)
NI Logos64 5.1.2 (Version: 5.1.81.0)
NI Logos64 XT Support (Version: 5.1.66.0)
NI Math Kernel Libraries (64-bit) (Version: 1.0.14.0)
NI Math Kernel Libraries (Version: 1.0.28.0)
NI MDF Support (Version: 2.71.128)
NI Service Locator (Version: 9.0.262.0)
NI TDMS (64-bit) (Version: 2.0.173.0)
NI TDMS (Version: 2.0.173.0)
NI Trace Engine (64-bit) (Version: 9.0.128.0)
NI Trace Engine (Version: 9.0.146.0)
NI Uninstaller (Version: 2.71.128)
NI VC2005MSMs x64 (Version: 8.01.5)
NI VC2005MSMs x86 (Version: 8.01.5)
NI VC2008MSMs x64 (Version: 9.0.100)
NI VC2008MSMs x86 (Version: 9.0.100)
NTRU TCG Software Stack (Version: 2.1.29)
NVIDIA Drivers (Version: 1.4)
NVIDIA nView Desktop Manager (Version: 125.14)
NVIDIA Performance Drivers (Version: 2.0.0.18)
PDFCreator (Version: 0.9.8)
pdfforge Toolbar v5.8 (Version: 5.8)
Pipe Flow Expert 2010, v5.12
PL-2303 Vista Driver Installer (Version: 3.2.0.0)
PowerDVD DX (Version: 8.3.5424)
Preboot Manager (Version: 03.01.00.036)
QuickBooks (Version: 20.0.4013.807)
QuickBooks Premier: Mfg and Whsle Edition 2010 (Version: 20.0.4013.807)
RacePak DataLinkII (Version: 3.0.3)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE 10.3 (Version: 10.3)
Roxio Creator DE 10.3 (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio Update Manager (Version: 6.0.0)
Sentinel HASP Run-time (Version: 5.10.1.17163)
Shop for HP Supplies (Version: 10.0)
SO64MMWrapper (Version: 1.6.453.66)
SolidProfessor LMS (Version: 10.9.15.1)
SolidWorks 2011 x64 Edition SP02 (Version: 19.120.49)
SolidWorks 2011 x64 Edition SP02 (Version: 19.2.0.49)
SolidWorks eDrawings 2011 x64 Edition SP02 (Version: 11.2.113)
SolidWorks Explorer 2011 SP02 x64 Edition (Version: 19.20.49)
Spears® Tech Info Software (Version: 2.00)
Symantec Endpoint Protection (Version: 12.1.671.4971)
TrayApp (Version: 100.0.170.000)
Trusted Drive Manager (Version: 3.3.0.396)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
UPEK TouchChip Fingerprint Reader (Version: 1.2.0)
Wave Infrastructure Installer (Version: 07.65.19.0000)
Wave Support Software (Version: )
Wave Support Software (Version: 05.11.00.033)
WeatherPro (Version: 7.2.0)
WebReg (Version: 100.0.170.000)
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (Version: 09/11/2009 1.0.1.6)
Windows Driver Package - Racepak CDM Driver Package (10/22/2009 2.06.00) (Version: 10/22/2009 2.06.00)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Toolbar (Version: 14.0.8064.206)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Small Business Server 2008 ClientAgent (Version: 6.0.5601.0)
Windows Small Business Server 2008 Desktop Links Gadget (Version: 6.0.5601.0)
Windows Small Business Server 2008 WMI Provider (Version: 6.0.5601.0)

========================= Memory info: ===================================

Percentage of memory in use: 24%
Total physical RAM: 12285.58 MB
Available physical RAM: 9222.14 MB
Total Pagefile: 24569.36 MB
Available Pagefile: 21419.03 MB
Total Virtual: 4095.88 MB
Available Virtual: 3961.79 MB

========================= Partitions: =====================================

2 Drive c: (OS) (Fixed) (Total:297.28 GB) (Free:198.67 GB) NTFS
3 Drive d: (DATAPART1) (Fixed) (Total:232.83 GB) (Free:207.2 GB) NTFS
5 Drive f: (WD SmartWare) (CDROM) (Total:0.43 GB) (Free:0 GB) UDF
6 Drive g: (My Book) (Fixed) (Total:465.11 GB) (Free:436.36 GB) NTFS

========================= Users: ========================================

User accounts for \\ENG-WORKSTATION

Administrator Guest

**** End of log ****








TDSSKiller found no problems


Results of TDSSKiller:

14:42:12.0695 1672 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
14:42:12.0945 1672 ============================================================
14:42:12.0945 1672 Current date / time: 2012/05/29 14:42:12.0945
14:42:12.0945 1672 SystemInfo:
14:42:12.0945 1672
14:42:12.0945 1672 OS Version: 6.1.7601 ServicePack: 1.0
14:42:12.0945 1672 Product type: Workstation
14:42:12.0945 1672 ComputerName: ENG-WORKSTATION
14:42:12.0945 1672 UserName:
14:42:12.0945 1672 Windows directory: C:\Windows
14:42:12.0945 1672 System windows directory: C:\Windows
14:42:12.0945 1672 Running under WOW64
14:42:12.0945 1672 Processor architecture: Intel x64
14:42:12.0945 1672 Number of processors: 4
14:42:12.0945 1672 Page size: 0x1000
14:42:12.0945 1672 Boot type: Normal boot
14:42:12.0945 1672 ============================================================
14:42:14.0085 1672 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:42:14.0095 1672 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:42:14.0105 1672 Drive \Device\Harddisk2\DR2 - Size: 0x7446E00000 (465.11 Gb), SectorSize: 0x200, Cylinders: 0xED2B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:42:14.0515 1672 ============================================================
14:42:14.0515 1672 \Device\Harddisk0\DR0:
14:42:14.0515 1672 MBR partitions:
14:42:14.0515 1672 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1A8000
14:42:14.0515 1672 \Device\Harddisk1\DR1:
14:42:14.0515 1672 MBR partitions:
14:42:14.0515 1672 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x27800, BlocksNum 0x177000
14:42:14.0515 1672 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x19E800, BlocksNum 0x2528F800
14:42:14.0515 1672 \Device\Harddisk2\DR2:
14:42:14.0515 1672 MBR partitions:
14:42:14.0515 1672 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A236800
14:42:14.0515 1672 ============================================================
14:42:14.0545 1672 C: <-> \Device\Harddisk1\DR1\Partition1
14:42:14.0585 1672 D: <-> \Device\Harddisk0\DR0\Partition0
14:42:14.0605 1672 G: <-> \Device\Harddisk2\DR2\Partition0
14:42:14.0605 1672 ============================================================
14:42:14.0605 1672 Initialize success
14:42:14.0605 1672 ============================================================
14:42:23.0315 3860 ============================================================
14:42:23.0315 3860 Scan started
14:42:23.0315 3860 Mode: Manual;
14:42:23.0315 3860 ============================================================
14:42:25.0244 3860 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:42:25.0244 3860 1394ohci - ok
14:42:25.0284 3860 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:42:25.0284 3860 ACPI - ok
14:42:25.0294 3860 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:42:25.0294 3860 AcpiPmi - ok
14:42:25.0324 3860 ADIHdAudAddService (52ae4ebd1056d598b9a51990b6d829f0) C:\Windows\system32\drivers\ADIHdAud.sys
14:42:25.0334 3860 ADIHdAudAddService - ok
14:42:25.0444 3860 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:42:25.0444 3860 AdobeFlashPlayerUpdateSvc - ok
14:42:25.0494 3860 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:42:25.0494 3860 adp94xx - ok
14:42:25.0534 3860 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:42:25.0534 3860 adpahci - ok
14:42:25.0554 3860 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:42:25.0554 3860 adpu320 - ok
14:42:25.0584 3860 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:42:25.0584 3860 AeLookupSvc - ok
14:42:25.0634 3860 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
14:42:25.0644 3860 AFD - ok
14:42:25.0664 3860 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:42:25.0664 3860 agp440 - ok
14:42:25.0754 3860 aksdf (94c0972b06c75456ed574dd46417b1d8) C:\Windows\system32\DRIVERS\aksdf.sys
14:42:25.0754 3860 aksdf - ok
14:42:25.0874 3860 aksfridge (7b0bc062ca6abab23f88ea483b5a538e) C:\Windows\system32\DRIVERS\aksfridge.sys
14:42:25.0874 3860 aksfridge - ok
14:42:25.0904 3860 akshasp (a56f1b0f967aef8a82d7771e6d166def) C:\Windows\system32\DRIVERS\akshasp.sys
14:42:25.0904 3860 akshasp - ok
14:42:25.0914 3860 akshhl (67dff8c8f95cb21c9c3380dd4c0387f2) C:\Windows\system32\DRIVERS\akshhl.sys
14:42:25.0914 3860 akshhl - ok
14:42:25.0954 3860 aksusb (a9a09bc526e614ce9f29bb23c2a76ced) C:\Windows\system32\DRIVERS\aksusb.sys
14:42:25.0954 3860 aksusb - ok
14:42:25.0994 3860 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:42:25.0994 3860 ALG - ok
14:42:26.0024 3860 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:42:26.0024 3860 aliide - ok
14:42:26.0034 3860 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:42:26.0034 3860 amdide - ok
14:42:26.0054 3860 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:42:26.0054 3860 AmdK8 - ok
14:42:26.0074 3860 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:42:26.0074 3860 AmdPPM - ok
14:42:26.0094 3860 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
14:42:26.0094 3860 amdsata - ok
14:42:26.0114 3860 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:42:26.0114 3860 amdsbs - ok
14:42:26.0124 3860 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
14:42:26.0134 3860 amdxata - ok
14:42:26.0174 3860 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:42:26.0174 3860 AppID - ok
14:42:26.0194 3860 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:42:26.0204 3860 AppIDSvc - ok
14:42:26.0214 3860 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:42:26.0214 3860 Appinfo - ok
14:42:26.0314 3860 Application Updater (ba916091087e6be21d3c30eec71ed338) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
14:42:26.0354 3860 Application Updater - ok
14:42:26.0384 3860 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
14:42:26.0394 3860 AppMgmt - ok
14:42:26.0424 3860 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:42:26.0424 3860 arc - ok
14:42:26.0444 3860 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:42:26.0454 3860 arcsas - ok
14:42:26.0454 3860 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:42:26.0454 3860 AsyncMac - ok
14:42:26.0494 3860 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:42:26.0494 3860 atapi - ok
14:42:26.0554 3860 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:42:26.0564 3860 AudioEndpointBuilder - ok
14:42:26.0564 3860 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:42:26.0574 3860 AudioSrv - ok
14:42:26.0604 3860 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:42:26.0604 3860 AxInstSV - ok
14:42:26.0684 3860 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:42:26.0694 3860 b06bdrv - ok
14:42:26.0724 3860 b57nd60a (93af5ccce5145aa3c2f0a41e7f65149a) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:42:26.0724 3860 b57nd60a - ok
14:42:26.0804 3860 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
14:42:26.0804 3860 BcmSqlStartupSvc - ok
14:42:26.0834 3860 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:42:26.0834 3860 BDESVC - ok
14:42:26.0854 3860 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:42:26.0854 3860 Beep - ok
14:42:26.0914 3860 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:42:26.0924 3860 BFE - ok
14:42:27.0134 3860 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20120517.011\BHDrvx64.sys
14:42:27.0174 3860 BHDrvx64 - ok
14:42:27.0344 3860 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
14:42:27.0354 3860 BITS - ok
14:42:27.0384 3860 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:42:27.0384 3860 blbdrive - ok
14:42:27.0404 3860 Blfp (e869c8c360f3705da7875327da616f11) C:\Windows\system32\DRIVERS\basp.sys
14:42:27.0404 3860 Blfp - ok
14:42:27.0454 3860 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
14:42:27.0454 3860 bowser - ok
14:42:27.0474 3860 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:42:27.0474 3860 BrFiltLo - ok
14:42:27.0484 3860 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:42:27.0484 3860 BrFiltUp - ok
14:42:27.0524 3860 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:42:27.0524 3860 Browser - ok
14:42:27.0544 3860 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:42:27.0554 3860 Brserid - ok
14:42:27.0564 3860 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:42:27.0564 3860 BrSerWdm - ok
14:42:27.0574 3860 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:42:27.0574 3860 BrUsbMdm - ok
14:42:27.0574 3860 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:42:27.0584 3860 BrUsbSer - ok
14:42:27.0594 3860 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:42:27.0594 3860 BTHMODEM - ok
14:42:27.0634 3860 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:42:27.0634 3860 bthserv - ok
14:42:27.0644 3860 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:42:27.0654 3860 cdfs - ok
14:42:27.0684 3860 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:42:27.0684 3860 cdrom - ok
14:42:27.0724 3860 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:42:27.0724 3860 CertPropSvc - ok
14:42:27.0734 3860 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:42:27.0734 3860 circlass - ok
14:42:27.0764 3860 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:42:27.0764 3860 CLFS - ok
14:42:27.0814 3860 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:42:27.0834 3860 clr_optimization_v2.0.50727_32 - ok
14:42:27.0864 3860 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:42:27.0874 3860 clr_optimization_v2.0.50727_64 - ok
14:42:27.0904 3860 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:42:27.0904 3860 CmBatt - ok
14:42:27.0924 3860 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:42:27.0924 3860 cmdide - ok
14:42:27.0974 3860 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
14:42:27.0974 3860 CNG - ok
14:42:28.0004 3860 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:42:28.0004 3860 Compbatt - ok
14:42:28.0034 3860 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:42:28.0034 3860 CompositeBus - ok
14:42:28.0034 3860 COMSysApp - ok
14:42:28.0174 3860 CoordinatorServiceHost (20c701dcba0704e9d38829bd510cd186) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
14:42:28.0184 3860 CoordinatorServiceHost - ok
14:42:28.0214 3860 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:42:28.0224 3860 crcdisk - ok
14:42:28.0264 3860 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:42:28.0264 3860 CryptSvc - ok
14:42:28.0284 3860 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
14:42:28.0294 3860 CSC - ok
14:42:28.0344 3860 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
14:42:28.0344 3860 CscService - ok
14:42:28.0384 3860 dc3d (7f61fbe259c18666d8ddf862f13a5eb0) C:\Windows\system32\DRIVERS\dc3d.sys
14:42:28.0384 3860 dc3d - ok
14:42:28.0444 3860 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:42:28.0454 3860 DcomLaunch - ok
14:42:28.0564 3860 dcpsysmgrsvc (bdf7af2604e89e8e5cb6ae4ae88efcfa) c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
14:42:28.0574 3860 dcpsysmgrsvc - ok
14:42:28.0594 3860 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:42:28.0594 3860 defragsvc - ok
14:42:28.0654 3860 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:42:28.0654 3860 DfsC - ok
14:42:28.0684 3860 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:42:28.0684 3860 Dhcp - ok
14:42:28.0714 3860 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:42:28.0714 3860 discache - ok
14:42:28.0734 3860 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:42:28.0744 3860 Disk - ok
14:42:28.0774 3860 Dnscache (cd55f5355d8f55d44c9f4ed875705bd6) C:\Windows\System32\dnsrslvr.dll
14:42:28.0774 3860 Dnscache - ok
14:42:28.0794 3860 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:42:28.0794 3860 dot3svc - ok
14:42:28.0834 3860 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:42:28.0834 3860 DPS - ok
14:42:28.0854 3860 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:42:28.0854 3860 drmkaud - ok
14:42:28.0914 3860 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:42:28.0914 3860 DXGKrnl - ok
14:42:28.0944 3860 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:42:28.0944 3860 EapHost - ok
14:42:29.0064 3860 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:42:29.0124 3860 ebdrv - ok
14:42:29.0224 3860 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
14:42:29.0234 3860 eeCtrl - ok
14:42:29.0304 3860 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
14:42:29.0314 3860 EFS - ok
14:42:29.0384 3860 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:42:29.0384 3860 ehRecvr - ok
14:42:29.0404 3860 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:42:29.0404 3860 ehSched - ok
14:42:29.0464 3860 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:42:29.0464 3860 elxstor - ok
14:42:29.0594 3860 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:42:29.0594 3860 EraserUtilRebootDrv - ok
14:42:29.0614 3860 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:42:29.0614 3860 ErrDev - ok
14:42:29.0654 3860 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:42:29.0654 3860 EventSystem - ok
14:42:29.0684 3860 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:42:29.0694 3860 exfat - ok
14:42:29.0714 3860 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:42:29.0714 3860 fastfat - ok
14:42:29.0764 3860 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:42:29.0774 3860 Fax - ok
14:42:29.0794 3860 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:42:29.0794 3860 fdc - ok
14:42:29.0824 3860 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:42:29.0824 3860 fdPHost - ok
14:42:29.0834 3860 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:42:29.0844 3860 FDResPub - ok
14:42:29.0854 3860 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:42:29.0854 3860 FileInfo - ok
14:42:29.0954 3860 FileOpenManagerSvc (ad9d3401e1b0949dbc3e59871bc4422f) C:\ProgramData\FileOpen\Services\FileOpenManagerSvc64.exe
14:42:29.0964 3860 FileOpenManagerSvc - ok
14:42:29.0984 3860 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:42:29.0984 3860 Filetrace - ok
14:42:30.0074 3860 FLEXnet Licensing Service (73081cf28f0ae20a52ca4f67cee6e6b0) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:42:30.0104 3860 FLEXnet Licensing Service - ok
14:42:30.0204 3860 FLEXnet Licensing Service 64 (5cee6cd43ae5844c49300ea0b1e557ee) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
14:42:30.0234 3860 FLEXnet Licensing Service 64 - ok
14:42:30.0294 3860 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:42:30.0294 3860 flpydisk - ok
14:42:30.0334 3860 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:42:30.0344 3860 FltMgr - ok
14:42:30.0404 3860 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
14:42:30.0434 3860 FontCache - ok
14:42:30.0484 3860 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:42:30.0484 3860 FontCache3.0.0.0 - ok
14:42:30.0504 3860 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:42:30.0504 3860 FsDepends - ok
14:42:30.0514 3860 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:42:30.0514 3860 Fs_Rec - ok
14:42:30.0544 3860 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:42:30.0544 3860 fvevol - ok
14:42:30.0554 3860 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:42:30.0554 3860 gagp30kx - ok
14:42:30.0604 3860 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:42:30.0614 3860 gpsvc - ok
14:42:30.0694 3860 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:42:30.0694 3860 gupdate - ok
14:42:30.0724 3860 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:42:30.0734 3860 gupdatem - ok
14:42:30.0784 3860 Hardlock (d8bf3c594bd17a37960362e6c6739b90) C:\Windows\system32\drivers\hardlock.sys
14:42:30.0784 3860 Hardlock - ok
14:42:30.0794 3860 hasplms - ok
14:42:30.0814 3860 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:42:30.0814 3860 hcw85cir - ok
14:42:30.0854 3860 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:42:30.0854 3860 HDAudBus - ok
14:42:30.0884 3860 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:42:30.0884 3860 HidBatt - ok
14:42:31.0054 3860 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:42:31.0074 3860 HidBth - ok
14:42:31.0084 3860 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:42:31.0084 3860 HidIr - ok
14:42:31.0104 3860 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
14:42:31.0114 3860 hidserv - ok
14:42:31.0154 3860 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:42:31.0154 3860 HidUsb - ok
14:42:31.0184 3860 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:42:31.0184 3860 hkmsvc - ok
14:42:31.0234 3860 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:42:31.0234 3860 HomeGroupListener - ok
14:42:31.0274 3860 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:42:31.0274 3860 HomeGroupProvider - ok
14:42:31.0374 3860 HP LaserJet Service (c4154fe402d09ef5964b5b8581514d11) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
14:42:31.0384 3860 HP LaserJet Service - ok
14:42:31.0394 3860 HPFXBULK (dbd2bb97a574fc565b1eb5c0a03f917a) C:\Windows\system32\drivers\hpfx64bulk.sys
14:42:31.0404 3860 HPFXBULK - ok
14:42:31.0434 3860 HPFXFAX (219c2a07fd07023d3905c332bf6f9ba8) C:\Windows\system32\drivers\hpfx64fax.sys
14:42:31.0434 3860 HPFXFAX - ok
14:42:31.0484 3860 hpqcxs08 (f50f7984fdd151edd8a70a8dbd9e2a44) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
14:42:31.0484 3860 hpqcxs08 - ok
14:42:31.0524 3860 hpqddsvc (df446ba625cc441617843e87798ce048) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
14:42:31.0524 3860 hpqddsvc - ok
14:42:31.0564 3860 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:42:31.0564 3860 HpSAMD - ok
14:42:31.0634 3860 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:42:31.0644 3860 HTTP - ok
14:42:31.0674 3860 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:42:31.0674 3860 hwpolicy - ok
14:42:31.0704 3860 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:42:31.0704 3860 i8042prt - ok
14:42:31.0734 3860 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
14:42:31.0744 3860 iaStor - ok
14:42:31.0784 3860 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
14:42:31.0794 3860 iaStorV - ok
14:42:31.0864 3860 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
14:42:31.0874 3860 IDriverT - ok
14:42:31.0954 3860 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:42:31.0974 3860 idsvc - ok
14:42:32.0014 3860 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:42:32.0014 3860 iirsp - ok
14:42:32.0064 3860 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:42:32.0074 3860 IKEEXT - ok
14:42:32.0094 3860 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:42:32.0104 3860 intelide - ok
14:42:32.0124 3860 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:42:32.0124 3860 intelppm - ok
14:42:32.0144 3860 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:42:32.0144 3860 IPBusEnum - ok
14:42:32.0164 3860 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:42:32.0164 3860 IpFilterDriver - ok
14:42:32.0224 3860 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:42:32.0224 3860 iphlpsvc - ok
14:42:32.0254 3860 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:42:32.0254 3860 IPMIDRV - ok
14:42:32.0264 3860 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:42:32.0274 3860 IPNAT - ok
14:42:32.0294 3860 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:42:32.0294 3860 IRENUM - ok
14:42:32.0324 3860 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:42:32.0324 3860 isapnp - ok
14:42:32.0344 3860 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:42:32.0344 3860 iScsiPrt - ok
14:42:32.0364 3860 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:42:32.0364 3860 kbdclass - ok
14:42:32.0384 3860 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:42:32.0384 3860 kbdhid - ok
14:42:32.0404 3860 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
14:42:32.0404 3860 KeyIso - ok
14:42:32.0444 3860 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
14:42:32.0444 3860 KSecDD - ok
14:42:32.0454 3860 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
14:42:32.0454 3860 KSecPkg - ok
14:42:32.0474 3860 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:42:32.0474 3860 ksthunk - ok
14:42:32.0494 3860 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:42:32.0494 3860 KtmRm - ok
14:42:32.0554 3860 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
14:42:32.0554 3860 LanmanServer - ok
14:42:32.0584 3860 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:42:32.0594 3860 LanmanWorkstation - ok
14:42:32.0624 3860 LGPBTDD (f705a641c18df31b48b5dbda94b425e4) C:\Windows\system32\Drivers\LGPBTDD.sys
14:42:32.0634 3860 LGPBTDD - ok
14:42:32.0744 3860 LkCitadelServer (20cdb07017497c94a0bad253c4bafcbc) C:\Windows\SysWOW64\lkcitdl.exe
14:42:32.0754 3860 LkCitadelServer - ok
14:42:32.0764 3860 lkClassAds (99121fd465f7a65ac15eec3b4034c1e4) C:\Windows\SysWOW64\lkads.exe
14:42:32.0774 3860 lkClassAds - ok
14:42:32.0784 3860 lkTimeSync (19c8d1b03a5229cbbe1037425701f55f) C:\Windows\SysWOW64\lktsrv.exe
14:42:32.0794 3860 lkTimeSync - ok
14:42:32.0864 3860 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:42:32.0864 3860 lltdio - ok
14:42:32.0894 3860 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:42:32.0904 3860 lltdsvc - ok
14:42:32.0924 3860 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:42:32.0924 3860 lmhosts - ok
14:42:32.0944 3860 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:42:32.0944 3860 LSI_FC - ok
14:42:32.0964 3860 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:42:32.0964 3860 LSI_SAS - ok
14:42:32.0974 3860 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:42:32.0974 3860 LSI_SAS2 - ok
14:42:32.0994 3860 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:42:32.0994 3860 LSI_SCSI - ok
14:42:33.0004 3860 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:42:33.0014 3860 luafv - ok
14:42:33.0044 3860 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:42:33.0044 3860 Mcx2Svc - ok
14:42:33.0104 3860 MegaMonitorSrv (2f326a7fe67b2f8ff5fd21ea8468f393) c:\Program Files (x86)\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
14:42:33.0114 3860 MegaMonitorSrv - ok
14:42:33.0134 3860 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:42:33.0134 3860 megasas - ok
14:42:33.0164 3860 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:42:33.0164 3860 MegaSR - ok
14:42:33.0184 3860 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:42:33.0184 3860 MMCSS - ok
14:42:33.0204 3860 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:42:33.0204 3860 Modem - ok
14:42:33.0224 3860 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:42:33.0224 3860 monitor - ok
14:42:33.0264 3860 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:42:33.0264 3860 mouclass - ok
14:42:33.0284 3860 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:42:33.0284 3860 mouhid - ok
14:42:33.0314 3860 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:42:33.0314 3860 mountmgr - ok
14:42:33.0384 3860 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:42:33.0384 3860 MozillaMaintenance - ok
14:42:33.0404 3860 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:42:33.0414 3860 mpio - ok
14:42:33.0424 3860 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:42:33.0424 3860 mpsdrv - ok
14:42:33.0484 3860 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:42:33.0494 3860 MpsSvc - ok
14:42:33.0524 3860 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:42:33.0524 3860 MRxDAV - ok
14:42:33.0554 3860 mrxsmb (faf015b07e3a2874a790a39b7d2c579f) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:42:33.0554 3860 mrxsmb - ok
14:42:33.0594 3860 mrxsmb10 (08e2345df129082bcdffdc1440f9c00d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:42:33.0604 3860 mrxsmb10 - ok
14:42:33.0634 3860 mrxsmb20 (108d87409c5812ef47d81e22843e8c9d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:42:33.0644 3860 mrxsmb20 - ok
14:42:33.0664 3860 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:42:33.0664 3860 msahci - ok
14:42:33.0684 3860 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:42:33.0694 3860 msdsm - ok
14:42:33.0714 3860 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:42:33.0724 3860 MSDTC - ok
14:42:33.0744 3860 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:42:33.0744 3860 Msfs - ok
14:42:33.0764 3860 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:42:33.0764 3860 mshidkmdf - ok
14:42:33.0784 3860 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:42:33.0784 3860 msisadrv - ok
14:42:33.0814 3860 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:42:33.0814 3860 MSiSCSI - ok
14:42:33.0814 3860 msiserver - ok
14:42:33.0834 3860 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:42:33.0844 3860 MSKSSRV - ok
14:42:33.0884 3860 MSMFramework (c17a985da001ecbaaae40372db18492d) c:\Program Files (x86)\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
14:42:33.0894 3860 MSMFramework - ok
14:42:33.0914 3860 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:42:33.0914 3860 MSPCLOCK - ok
14:42:33.0914 3860 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:42:33.0914 3860 MSPQM - ok
14:42:33.0964 3860 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:42:33.0964 3860 MsRPC - ok
14:42:33.0994 3860 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:42:33.0994 3860 mssmbios - ok
14:42:34.0044 3860 MSSQL$MSSMLBIZ - ok
14:42:34.0124 3860 MSSQL$UTSSQLEXPRESS - ok
14:42:34.0154 3860 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
14:42:34.0154 3860 MSSQLServerADHelper - ok
14:42:34.0184 3860 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:42:34.0184 3860 MSTEE - ok
14:42:34.0194 3860 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:42:34.0194 3860 MTConfig - ok
14:42:34.0214 3860 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:42:34.0214 3860 Mup - ok
14:42:34.0254 3860 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:42:34.0264 3860 napagent - ok
14:42:34.0294 3860 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:42:34.0294 3860 NativeWifiP - ok
14:42:34.0474 3860 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120529.002\ENG64.SYS
14:42:34.0474 3860 NAVENG - ok
14:42:34.0554 3860 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120529.002\EX64.SYS
14:42:34.0594 3860 NAVEX15 - ok
14:42:34.0704 3860 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:42:34.0714 3860 NDIS - ok
14:42:34.0734 3860 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:42:34.0734 3860 NdisCap - ok
14:42:34.0744 3860 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:42:34.0744 3860 NdisTapi - ok
14:42:34.0764 3860 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:42:34.0764 3860 Ndisuio - ok
14:42:34.0784 3860 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:42:34.0784 3860 NdisWan - ok
14:42:34.0824 3860 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:42:34.0824 3860 NDProxy - ok
14:42:34.0864 3860 Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll
14:42:34.0864 3860 Net Driver HPZ12 - ok
14:42:34.0874 3860 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:42:34.0874 3860 NetBIOS - ok
14:42:34.0914 3860 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:42:34.0914 3860 NetBT - ok
14:42:34.0944 3860 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
14:42:34.0944 3860 Netlogon - ok
14:42:34.0964 3860 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:42:34.0964 3860 Netman - ok
14:42:34.0994 3860 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:42:34.0994 3860 netprofm - ok
14:42:35.0044 3860 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:42:35.0054 3860 NetTcpPortSharing - ok
14:42:35.0084 3860 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:42:35.0084 3860 nfrd960 - ok
14:42:35.0204 3860 NIDomainService (ceefde8face887d6dda664940404ea58) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
14:42:35.0234 3860 NIDomainService - ok
14:42:35.0294 3860 niSvcLoc - ok
14:42:35.0354 3860 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:42:35.0354 3860 NlaSvc - ok
14:42:35.0364 3860 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:42:35.0364 3860 Npfs - ok
14:42:35.0384 3860 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:42:35.0394 3860 nsi - ok
14:42:35.0404 3860 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:42:35.0404 3860 nsiproxy - ok
14:42:35.0494 3860 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
14:42:35.0524 3860 Ntfs - ok
14:42:35.0574 3860 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:42:35.0574 3860 Null - ok
14:42:35.0764 3860 NVIDIA Performance Driver Service (2ed24ce707c1cdedd6ad7a4a3dc54674) C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
14:42:35.0844 3860 NVIDIA Performance Driver Service - ok
14:42:36.0264 3860 nvlddmkm (aa0828f3223e1a2952f80a8d2047dd40) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:42:36.0444 3860 nvlddmkm - ok
14:42:36.0514 3860 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
14:42:36.0514 3860 nvraid - ok
14:42:36.0544 3860 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
14:42:36.0544 3860 nvstor - ok
14:42:36.0584 3860 nvsvc (57d0d222a9f22113fe3b55488dbfd761) C:\Windows\system32\nvvsvc.exe
14:42:36.0584 3860 nvsvc - ok
14:42:36.0604 3860 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:42:36.0604 3860 nv_agp - ok
14:42:36.0714 3860 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:42:36.0724 3860 odserv - ok
14:42:36.0734 3860 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:42:36.0734 3860 ohci1394 - ok
14:42:36.0784 3860 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:42:36.0814 3860 ose - ok
14:42:37.0034 3860 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:42:37.0114 3860 osppsvc - ok
14:42:37.0194 3860 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:42:37.0194 3860 p2pimsvc - ok
14:42:37.0224 3860 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:42:37.0224 3860 p2psvc - ok
14:42:37.0274 3860 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:42:37.0274 3860 Parport - ok
14:42:37.0304 3860 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:42:37.0304 3860 partmgr - ok
14:42:37.0354 3860 PBADRV (363b3f857abee85767e01e3044c539cd) C:\Windows\system32\DRIVERS\PBADRV.sys
14:42:37.0354 3860 PBADRV - ok
14:42:37.0384 3860 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:42:37.0384 3860 PcaSvc - ok
14:42:37.0404 3860 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:42:37.0404 3860 pci - ok
14:42:37.0424 3860 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:42:37.0434 3860 pciide - ok
14:42:37.0454 3860 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:42:37.0464 3860 pcmcia - ok
14:42:37.0464 3860 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:42:37.0474 3860 pcw - ok
14:42:37.0504 3860 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:42:37.0504 3860 PEAUTH - ok
14:42:37.0564 3860 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
14:42:37.0584 3860 PeerDistSvc - ok
14:42:37.0634 3860 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:42:37.0634 3860 PerfHost - ok
14:42:37.0724 3860 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:42:37.0744 3860 pla - ok
14:42:37.0804 3860 PlugPlay (b806e50427511bcf4ad8e8239c3e25fa) C:\Windows\system32\umpnpmgr.dll
14:42:37.0814 3860 PlugPlay - ok
14:42:37.0854 3860 Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll
14:42:37.0854 3860 Pml Driver HPZ12 - ok
14:42:37.0874 3860 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:42:37.0884 3860 PNRPAutoReg - ok
14:42:37.0894 3860 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:42:37.0904 3860 PNRPsvc - ok
14:42:37.0954 3860 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
14:42:37.0954 3860 Point64 - ok
14:42:37.0994 3860 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:42:37.0994 3860 PolicyAgent - ok
14:42:38.0014 3860 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:42:38.0024 3860 Power - ok
14:42:38.0064 3860 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:42:38.0064 3860 PptpMiniport - ok
14:42:38.0084 3860 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:42:38.0084 3860 Processor - ok
14:42:38.0124 3860 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:42:38.0134 3860 ProfSvc - ok
14:42:38.0154 3860 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
14:42:38.0154 3860 ProtectedStorage - ok
14:42:38.0204 3860 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:42:38.0214 3860 Psched - ok
14:42:38.0244 3860 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
14:42:38.0244 3860 PxHlpa64 - ok
14:42:38.0334 3860 QBCFMonitorService (ef24eccdc534eed64b9380043dd1fd59) c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
14:42:38.0334 3860 QBCFMonitorService - ok
14:42:38.0414 3860 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) c:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
14:42:38.0414 3860 QBFCService - ok
14:42:38.0474 3860 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:42:38.0504 3860 ql2300 - ok
14:42:38.0564 3860 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:42:38.0564 3860 ql40xx - ok
14:42:38.0584 3860 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:42:38.0594 3860 QWAVE - ok
14:42:38.0604 3860 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:42:38.0604 3860 QWAVEdrv - ok
14:42:38.0604 3860 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:42:38.0604 3860 RasAcd - ok
14:42:38.0644 3860 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:42:38.0644 3860 RasAgileVpn - ok
14:42:38.0654 3860 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:42:38.0654 3860 RasAuto - ok
14:42:38.0694 3860 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:42:38.0694 3860 Rasl2tp - ok
14:42:38.0724 3860 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:42:38.0724 3860 RasMan - ok
14:42:38.0744 3860 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:42:38.0744 3860 RasPppoe - ok
14:42:38.0754 3860 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:42:38.0754 3860 RasSstp - ok
14:42:38.0774 3860 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:42:38.0774 3860 rdbss - ok
14:42:38.0784 3860 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:42:38.0784 3860 rdpbus - ok
14:42:38.0804 3860 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:42:38.0804 3860 RDPCDD - ok
14:42:38.0834 3860 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
14:42:38.0844 3860 RDPDR - ok
14:42:38.0844 3860 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:42:38.0844 3860 RDPENCDD - ok
14:42:38.0854 3860 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:42:38.0854 3860 RDPREFMP - ok
14:42:38.0894 3860 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
14:42:38.0904 3860 RdpVideoMiniport - ok
14:42:38.0934 3860 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
14:42:38.0934 3860 RDPWD - ok
14:42:38.0984 3860 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:42:38.0984 3860 rdyboost - ok
14:42:39.0004 3860 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:42:39.0004 3860 RemoteAccess - ok
14:42:39.0024 3860 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:42:39.0034 3860 RemoteRegistry - ok
14:42:39.0054 3860 RPakIO - ok
14:42:39.0074 3860 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:42:39.0074 3860 RpcEptMapper - ok
14:42:39.0084 3860 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:42:39.0084 3860 RpcLocator - ok
14:42:39.0134 3860 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:42:39.0134 3860 RpcSs - ok
14:42:39.0164 3860 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:42:39.0164 3860 rspndr - ok
14:42:39.0184 3860 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
14:42:39.0184 3860 s3cap - ok
14:42:39.0194 3860 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
14:42:39.0204 3860 SamSs - ok
14:42:39.0214 3860 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:42:39.0214 3860 sbp2port - ok
14:42:39.0234 3860 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:42:39.0234 3860 SCardSvr - ok
14:42:39.0264 3860 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:42:39.0264 3860 scfilter - ok
14:42:39.0344 3860 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:42:39.0374 3860 Schedule - ok
14:42:39.0414 3860 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:42:39.0414 3860 SCPolicySvc - ok
14:42:39.0444 3860 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:42:39.0444 3860 SDRSVC - ok
14:42:39.0494 3860 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:42:39.0494 3860 secdrv - ok
14:42:39.0504 3860 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:42:39.0504 3860 seclogon - ok
14:42:39.0644 3860 SecureStorageService (9c8580d9a5f3c08556d6eca31848dc89) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
14:42:39.0714 3860 SecureStorageService - ok
14:42:39.0794 3860 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:42:39.0794 3860 SENS - ok
14:42:39.0804 3860 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:42:39.0814 3860 SensrSvc - ok
14:42:39.0954 3860 SepMasterService (7e2c360b6cc0d87b8ef38439b53dfc71) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
14:42:39.0954 3860 SepMasterService - ok
14:42:39.0994 3860 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:42:39.0994 3860 Serenum - ok
14:42:40.0004 3860 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:42:40.0014 3860 Serial - ok
14:42:40.0044 3860 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:42:40.0044 3860 sermouse - ok
14:42:40.0084 3860 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:42:40.0094 3860 SessionEnv - ok
14:42:40.0114 3860 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:42:40.0114 3860 sffdisk - ok
14:42:40.0124 3860 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:42:40.0124 3860 sffp_mmc - ok
14:42:40.0134 3860 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:42:40.0134 3860 sffp_sd - ok
14:42:40.0144 3860 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:42:40.0144 3860 sfloppy - ok
14:42:40.0174 3860 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:42:40.0184 3860 SharedAccess - ok
14:42:40.0214 3860 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:42:40.0224 3860 ShellHWDetection - ok
14:42:40.0244 3860 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:42:40.0244 3860 SiSRaid2 - ok
14:42:40.0254 3860 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:42:40.0254 3860 SiSRaid4 - ok
14:42:40.0274 3860 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:42:40.0274 3860 Smb - ok
14:42:40.0484 3860 SmcService (c9ee967406d9d5429c53718918164e8a) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe
14:42:40.0524 3860 SmcService - ok
14:42:40.0554 3860 SNAC (7d93da29d4eba331187bf5843c9b6497) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\snac64.exe
14:42:40.0564 3860 SNAC - ok
14:42:40.0664 3860 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:42:40.0664 3860 SNMPTRAP - ok
14:42:40.0714 3860 SolidWorks Licensing Service (4945020bc094c322571184a6e8056b3a) C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
14:42:40.0724 3860 SolidWorks Licensing Service - ok
14:42:40.0754 3860 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:42:40.0754 3860 spldr - ok
14:42:40.0804 3860 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:42:40.0804 3860 Spooler - ok
14:42:40.0934 3860 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:42:40.0994 3860 sppsvc - ok
14:42:41.0074 3860 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:42:41.0084 3860 sppuinotify - ok
14:42:41.0174 3860 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
14:42:41.0184 3860 SQLBrowser - ok
14:42:41.0224 3860 SQLWriter (3c432a96363097870995e2a3c8b66abd) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
14:42:41.0224 3860 SQLWriter - ok
14:42:41.0304 3860 SRTSP (02b1685a670e4d48c2d1ee3913c122a4) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SRTSP64.SYS
14:42:41.0314 3860 SRTSP - ok
14:42:41.0334 3860 SRTSPX (c27436186a99b647c38b9ea6ef36e2db) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SRTSPX64.SYS
14:42:41.0334 3860 SRTSPX - ok
14:42:41.0394 3860 srv (2098b8556d1cec2aca9a29cd479e3692) C:\Windows\system32\DRIVERS\srv.sys
14:42:41.0394 3860 srv - ok
14:42:41.0434 3860 srv2 (d0f73a42040f21f92fd314b42ac5c9e7) C:\Windows\system32\DRIVERS\srv2.sys
14:42:41.0434 3860 srv2 - ok
14:42:41.0474 3860 srvnet (2ba8f3250828ccdb4204ecf2c6f40b6a) C:\Windows\system32\DRIVERS\srvnet.sys
14:42:41.0474 3860 srvnet - ok
14:42:41.0504 3860 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:42:41.0514 3860 SSDPSRV - ok
14:42:41.0524 3860 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:42:41.0524 3860 SstpSvc - ok
14:42:41.0544 3860 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:42:41.0554 3860 stexstor - ok
14:42:41.0574 3860 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
14:42:41.0574 3860 StillCam - ok
14:42:41.0634 3860 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:42:41.0644 3860 stisvc - ok
14:42:41.0704 3860 stllssvr (e476c66713c842f58e61a95826ed1d57) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
14:42:41.0714 3860 stllssvr - ok
14:42:41.0734 3860 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
14:42:41.0734 3860 storflt - ok
14:42:41.0754 3860 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
14:42:41.0754 3860 storvsc - ok
14:42:41.0764 3860 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:42:41.0774 3860 swenum - ok
14:42:41.0794 3860 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:42:41.0794 3860 swprv - ok
14:42:41.0874 3860 SymDS (f017987b177f7bbc989318d59309d091) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMDS64.SYS
14:42:41.0874 3860 SymDS - ok
14:42:41.0914 3860 SymEFA (ba589e090506aae847f128aa6bbb376a) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMEFA64.SYS
14:42:41.0914 3860 SymEFA - ok
14:42:41.0984 3860 SymEvent (36b77f5c9e21f88a8c8ec67ad5415819) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
14:42:41.0984 3860 SymEvent - ok
14:42:42.0024 3860 SymIRON (66b80d43191ba671a9bb8254e8236eb7) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\Ironx64.SYS
14:42:42.0034 3860 SymIRON - ok
14:42:42.0044 3860 SYMNETS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMNETS.SYS
14:42:42.0054 3860 SYMNETS - ok
14:42:42.0064 3860 Synth3dVsc - ok
14:42:42.0144 3860 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:42:42.0174 3860 SysMain - ok
14:42:42.0264 3860 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:42:42.0264 3860 TabletInputService - ok
14:42:42.0294 3860 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:42:42.0304 3860 TapiSrv - ok
14:42:42.0324 3860 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:42:42.0324 3860 TBS - ok
14:42:42.0404 3860 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
14:42:42.0434 3860 Tcpip - ok
14:42:42.0554 3860 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
14:42:42.0564 3860 TCPIP6 - ok
14:42:42.0634 3860 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:42:42.0634 3860 tcpipreg - ok
14:42:42.0764 3860 tcsd_win32.exe (69f1a38a6dbfe682491cb61a596662e3) C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
14:42:42.0814 3860 tcsd_win32.exe - ok
14:42:42.0974 3860 TdmService (bf0f20805431965c47641847f33ee1a8) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
14:42:42.0994 3860 TdmService - ok
14:42:43.0094 3860 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:42:43.0094 3860 TDPIPE - ok
14:42:43.0124 3860 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
14:42:43.0124 3860 TDTCP - ok
14:42:43.0154 3860 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:42:43.0154 3860 tdx - ok
14:42:43.0174 3860 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:42:43.0174 3860 TermDD - ok
14:42:43.0224 3860 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:42:43.0234 3860 TermService - ok
14:42:43.0244 3860 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:42:43.0254 3860 Themes - ok
14:42:43.0274 3860 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:42:43.0274 3860 THREADORDER - ok
14:42:43.0284 3860 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:42:43.0294 3860 TrkWks - ok
14:42:43.0344 3860 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:42:43.0344 3860 TrustedInstaller - ok
14:42:43.0374 3860 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:42:43.0384 3860 tssecsrv - ok
14:42:43.0414 3860 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:42:43.0414 3860 TsUsbFlt - ok
14:42:43.0424 3860 tsusbhub - ok
14:42:43.0464 3860 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:42:43.0464 3860 tunnel - ok
14:42:43.0494 3860 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:42:43.0494 3860 uagp35 - ok
14:42:43.0514 3860 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:42:43.0514 3860 udfs - ok
14:42:43.0544 3860 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:42:43.0544 3860 UI0Detect - ok
14:42:43.0574 3860 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:42:43.0574 3860 uliagpkx - ok
14:42:43.0594 3860 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:42:43.0594 3860 umbus - ok
14:42:43.0614 3860 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:42:43.0614 3860 UmPass - ok
14:42:43.0654 3860 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
14:42:43.0654 3860 UmRdpService - ok
14:42:43.0684 3860 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:42:43.0684 3860 upnphost - ok
14:42:43.0714 3860 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
14:42:43.0714 3860 usbccgp - ok
14:42:43.0724 3860 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:42:43.0724 3860 usbcir - ok
14:42:43.0744 3860 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
14:42:43.0744 3860 usbehci - ok
14:42:43.0774 3860 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
14:42:43.0774 3860 usbhub - ok
14:42:43.0784 3860 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
14:42:43.0784 3860 usbohci - ok
14:42:43.0804 3860 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:42:43.0804 3860 usbprint - ok
14:42:43.0844 3860 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:42:43.0844 3860 usbscan - ok
14:42:43.0854 3860 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:42:43.0864 3860 USBSTOR - ok
14:42:43.0864 3860 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
14:42:43.0864 3860 usbuhci - ok
14:42:43.0874 3860 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:42:43.0874 3860 UxSms - ok
14:42:43.0904 3860 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
14:42:43.0904 3860 VaultSvc - ok
14:42:43.0914 3860 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:42:43.0914 3860 vdrvroot - ok
14:42:43.0964 3860 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:42:43.0974 3860 vds - ok
14:42:43.0984 3860 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:42:43.0984 3860 vga - ok
14:42:44.0004 3860 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:42:44.0004 3860 VgaSave - ok
14:42:44.0014 3860 VGPU - ok
14:42:44.0054 3860 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:42:44.0064 3860 vhdmp - ok
14:42:44.0084 3860 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:42:44.0084 3860 viaide - ok
14:42:44.0104 3860 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
14:42:44.0104 3860 vmbus - ok
14:42:44.0124 3860 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
14:42:44.0124 3860 VMBusHID - ok
14:42:44.0154 3860 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:42:44.0154 3860 volmgr - ok
14:42:44.0194 3860 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:42:44.0204 3860 volmgrx - ok
14:42:44.0224 3860 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:42:44.0224 3860 volsnap - ok
14:42:44.0254 3860 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:42:44.0254 3860 vsmraid - ok
14:42:44.0334 3860 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:42:44.0364 3860 VSS - ok
14:42:44.0414 3860 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:42:44.0424 3860 vwifibus - ok
14:42:44.0444 3860 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:42:44.0454 3860 W32Time - ok
14:42:44.0464 3860 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:42:44.0474 3860 WacomPen - ok
14:42:44.0504 3860 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:42:44.0504 3860 WANARP - ok
14:42:44.0504 3860 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:42:44.0504 3860 Wanarpv6 - ok
14:42:44.0584 3860 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:42:44.0614 3860 wbengine - ok
14:42:44.0684 3860 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:42:44.0684 3860 WbioSrvc - ok
14:42:44.0734 3860 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:42:44.0734 3860 wcncsvc - ok
14:42:44.0754 3860 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:42:44.0754 3860 WcsPlugInService - ok
14:42:44.0774 3860 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:42:44.0784 3860 Wd - ok
14:42:44.0804 3860 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:42:44.0814 3860 Wdf01000 - ok
14:42:44.0834 3860 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:42:44.0834 3860 WdiServiceHost - ok
14:42:44.0834 3860 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:42:44.0844 3860 WdiSystemHost - ok
14:42:44.0884 3860 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:42:44.0884 3860 WebClient - ok
14:42:44.0904 3860 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:42:44.0904 3860 Wecsvc - ok
14:42:44.0924 3860 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:42:44.0924 3860 wercplsupport - ok
14:42:44.0954 3860 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:42:44.0954 3860 WerSvc - ok
14:42:45.0014 3860 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:42:45.0014 3860 WfpLwf - ok
14:42:45.0054 3860 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:42:45.0054 3860 WIMMount - ok
14:42:45.0074 3860 WinDefend - ok
14:42:45.0074 3860 WinHttpAutoProxySvc - ok
14:42:45.0124 3860 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:42:45.0124 3860 Winmgmt - ok
14:42:45.0214 3860 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:42:45.0254 3860 WinRM - ok
14:42:45.0354 3860 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:42:45.0354 3860 WinUsb - ok
14:42:45.0394 3860 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:42:45.0404 3860 Wlansvc - ok
14:42:45.0424 3860 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:42:45.0424 3860 WmiAcpi - ok
14:42:45.0474 3860 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:42:45.0474 3860 wmiApSrv - ok
14:42:45.0494 3860 WMPNetworkSvc - ok
14:42:45.0504 3860 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:42:45.0514 3860 WPCSvc - ok
14:42:45.0544 3860 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:42:45.0544 3860 WPDBusEnum - ok
14:42:45.0564 3860 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:42:45.0574 3860 ws2ifsl - ok
14:42:45.0584 3860 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
14:42:45.0584 3860 wscsvc - ok
14:42:45.0584 3860 WSearch - ok
14:42:45.0664 3860 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:42:45.0704 3860 wuauserv - ok
14:42:45.0804 3860 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:42:45.0804 3860 WudfPf - ok
14:42:45.0834 3860 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:42:45.0834 3860 WUDFRd - ok
14:42:45.0854 3860 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:42:45.0864 3860 wudfsvc - ok
14:42:45.0884 3860 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:42:45.0894 3860 WwanSvc - ok
14:42:45.0894 3860 MBR (0x1B8) (93cac202e4460d8c3c119c2ab0fa138d) \Device\Harddisk0\DR0
14:42:45.0904 3860 \Device\Harddisk0\DR0 - ok
14:42:45.0914 3860 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
14:42:46.0054 3860 \Device\Harddisk1\DR1 - ok
14:42:46.0064 3860 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
14:42:46.0064 3860 \Device\Harddisk2\DR2 - ok
14:42:46.0064 3860 Boot (0x1200) (9ec0a5a5d23f8fd7682712e89b1ce516) \Device\Harddisk0\DR0\Partition0
14:42:46.0064 3860 \Device\Harddisk0\DR0\Partition0 - ok
14:42:46.0064 3860 Boot (0x1200) (f24745fc1fd4fb33072e72246ddce759) \Device\Harddisk1\DR1\Partition0
14:42:46.0074 3860 \Device\Harddisk1\DR1\Partition0 - ok
14:42:46.0094 3860 Boot (0x1200) (298459a956f4733c4a4b3cd9f4bd17d5) \Device\Harddisk1\DR1\Partition1
14:42:46.0094 3860 \Device\Harddisk1\DR1\Partition1 - ok
14:42:46.0094 3860 Boot (0x1200) (12465cb012d0ff36e8a8e89b655ef92a) \Device\Harddisk2\DR2\Partition0
14:42:46.0104 3860 \Device\Harddisk2\DR2\Partition0 - ok
14:42:46.0104 3860 ============================================================
14:42:46.0104 3860 Scan finished
14:42:46.0104 3860 ============================================================
14:42:46.0114 5732 Detected object count: 0
14:42:46.0114 5732 Actual detected object count: 0



I already had Malwarebytes installed

The result was:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.29.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
:: ENG-WORKSTATION [administrator]

5/29/2012 2:56:03 PM
mbam-log-2012-05-29 (14-56-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234272
Time elapsed: 2 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


I had already run a scan yesterday and found Trojan.Dropper.PGen which is now in quarantine. I had to runrkill before Malewarebytes could see it



I removed my name and the name of my company from the reports.

Regards
Fstforwrd

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:52 AM

Posted 29 May 2012 - 02:51 PM

Ok,yes thats the purpose of RKill it stops certain malwares so other tools can remove them.


Your HOSTS file may be infected.
Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the prompts in the Fix it wizard.



Lets see if we missed anything...


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


[color="#8B0000"]NOTE: In some instances if no malware is found there will be no log produced.[/colo
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 fstforwrd

fstforwrd
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 30 May 2012 - 06:45 AM

I reset my HOSTS file with the "Microsoft Fix It" wizard. The computer asked to reboot and I let it.


I ran the ESET online scan and the results are as follows:


C:\Windows\Installer\5b538c48.msi a variant of Win32/Toolbar.Widgi application deleted - quarantined



I apreciate your help in this as we are obviously finding things askew. I am afraid my primary problem with the ad is still there.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:52 AM

Posted 30 May 2012 - 06:27 PM

OK, lets see if the Update will fix it.
Adobe Reader and Java are outdated.

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
    64-bit OS users, should read: Which Java download should I choose for my 64-bit Windows operating system?
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u4-windows-i586.exe (or jre-7u4-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.




Similarly Update to Adobe Reader X (10.1.0)
Note UN check the box so you do not install the toolbar,unless you really want it..

Free! Google Toolbar search Google from any web page, block pop-ups

Yes, install Google Toolbar - optional

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 fstforwrd

fstforwrd
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 31 May 2012 - 07:49 AM

I updated the Adobe and Java as requested.


Full disclosure: Yesterday about mid morning all of the sudden the ads on internet explorer just stopped, but they were still there when I used Firefox or Chrome. Based on previous research on what I had observed others doing with the same problem and your diagnosis that my host file may be infected I ran the Host Fix option with the RogueKiller program. After I did that I no longer had ads in Chrome, Firefox, or IE. I apologize for taking steps without instruction.

Is there anything else you would recomend that I do?

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:52 AM

Posted 31 May 2012 - 09:37 AM

No, that should have it then..
If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 fstforwrd

fstforwrd
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 31 May 2012 - 03:29 PM

Thank you for your help :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users