Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't remove Sireref.AK


  • This topic is locked This topic is locked
23 replies to this topic

#1 Paul Randal

Paul Randal

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 05 June 2012 - 05:06 AM

Hi,

A few days ago I suddenly got the S.M.A.R.T popup. I ran Windows Defender which seemed to get rid of it, then yesterday my IE Google search results started redirecting to random sites. I tried to run Windows Defender again but the service had been removed. The firewall is also non-operative. The hibernate function no longer works on my laptop. I downloaded MSE, which found Sireref.AK and .G, and seemed to remove them. However, the IE redirects continued. Next I tried MWBytes, which found a couple more trojans and removed them, but still the IE redirects continued. GMER didn't find anything. I tried looking for suspicious NTFS junctions but nothing popped up using Russinovich's junctions.exe. I tried Immunet too but it didn't find anything so I deinstalled it to keep things simple.

This is now beyond my skills so I'm requesting expert help.

I'm an expert at recovering from SQL Server database corruption (I wrote the DBCC CHECKDB database consistency checking and repair tool while at Microsoft) and often help people out on forums, so I really appreciate any time you can spare to help me out with my problem.

Please find attached all the requested information. Skipping GMER as I'm running 64-bit.

Thanks!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by paul at 10:47:18 on 2012-06-05
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16308.11287 [GMT 1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
c:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\ShrewSoft\VPN Client\iked.exe
C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe
c:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Logitech\ScrollApp\KhalScroll.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\7 Taskbar Tweaker x64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Program Files (x86)\ZoomIt\ZoomIt64.exe
C:\Users\paul\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Windows\explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files (x86)\Remote Desktop Connection Manager\RDCMan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\TweetDeck\TweetDeck.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = file:///C:/Play/Public%20Html/index.htm
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: Logitech Scroll App: {e11db59d-5008-42ff-9069-535843bc0be1} - C:\Program Files\Logitech\ScrollApp\32-bit\LogiSmooth.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [7 Taskbar Tweaker] "C:\Program Files\7 Taskbar Tweaker x64.exe" -hidewnd -hidetray
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [eebccfadedaffbdabadct] "C:\ProgramData\eebccfadedaffbdabadct.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [<NO NAME>]
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [AT&T Communication Manager] "C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe" -a
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BapMeQOtifykfAh.exe] C:\ProgramData\BapMeQOtifykfAh.exe
StartupFolder: C:\Users\paul\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\paul\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\paul\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLCO~1.LNK - C:\Program Files (x86)\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGOCA~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PROFIL~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TDMNOT~1.LNK - C:\Program Files (x86)\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ZOOMIT~1.LNK - C:\Program Files (x86)\ZoomIt\ZoomIt64.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: facebook.com\www
Trusted Zone: linkedin.com\www
Trusted Zone: sqlservercentral.com\www
Trusted Zone: sqlskills.com\www
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://nhavpn.heritageacademies.com/CACHE/stc/7/binaries/vpnweb.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://gailhill.webex.com/client/T27LB/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 207.68.169.104 65.54.238.85
TCP: Interfaces\{4DC3B6A2-55B1-4CA9-84A4-FC852B567480} : DhcpNameServer = 209.183.54.151 209.183.54.151
TCP: Interfaces\{55C457E7-3218-402D-A0E3-0158FAED49DA} : NameServer = 10.0.10.4,10.0.10.5
TCP: Interfaces\{750C88EF-FC31-42B0-A58C-98156E03E5F0} : DhcpNameServer = 209.183.54.151 209.183.54.151
TCP: Interfaces\{AC4EF01E-3013-4E58-AFA3-613CE04DF0E9} : DhcpNameServer = 209.183.54.151 209.183.54.151
TCP: Interfaces\{D09DDAF4-AF9E-495E-8DFF-777B1CFDCAE1} : DhcpNameServer = 209.183.54.151 209.183.54.151
TCP: Interfaces\{F7760937-91F9-48F8-B9FE-EF34C643061A} : DhcpNameServer = 207.68.169.104 65.54.238.85
TCP: Interfaces\{F7760937-91F9-48F8-B9FE-EF34C643061A}\0756E64716 : DhcpNameServer = 62.140.195.84 62.140.218.148 8.8.8.8
TCP: Interfaces\{F7760937-91F9-48F8-B9FE-EF34C643061A}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{F7760937-91F9-48F8-B9FE-EF34C643061A}\4516A7A7D616E69616 : DhcpNameServer = 68.87.69.146 68.87.85.98
TCP: Interfaces\{F7760937-91F9-48F8-B9FE-EF34C643061A}\46C696E6B6 : DhcpNameServer = 192.168.0.30
TCP: Interfaces\{F7760937-91F9-48F8-B9FE-EF34C643061A}\D416272796F647470234F6E666562756E636560224 : DhcpNameServer = 10.71.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
LSA: Authentication Packages = msv1_0 wvauth
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO-X64: Logitech Scroll App: {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\ScrollApp\32-bit\LogiSmooth.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {5802D092-1784-4908-8CDB-99B6842D353D} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [(Default)]
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [AT&T Communication Manager] "C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe" -a
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
mRun-x64: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [BapMeQOtifykfAh.exe] C:\ProgramData\BapMeQOtifykfAh.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys --> C:\Windows\system32\DRIVERS\tdrpm273.sys [?]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R1 RsFx0105;RsFx0105 Driver;C:\Windows\system32\DRIVERS\RsFx0105.sys --> C:\Windows\system32\DRIVERS\RsFx0105.sys [?]
R1 RsFx0151;RsFx0151 Driver;C:\Windows\system32\DRIVERS\RsFx0151.sys --> C:\Windows\system32\DRIVERS\RsFx0151.sys [?]
R1 RsFx0200;RsFx0200 Driver;C:\Windows\system32\DRIVERS\RsFx0200.sys --> C:\Windows\system32\DRIVERS\RsFx0200.sys [?]
R1 vflt;Shrew Soft Lightweight Filter;C:\Windows\system32\DRIVERS\vfilter.sys --> C:\Windows\system32\DRIVERS\vfilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/10/17 21:49:52];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2010-10-18 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-10-18 89600]
R2 buttonsvc64;Dell ControlPoint Button Service;C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-11-20 373024]
R2 cpuz134;cpuz134;\??\C:\Windows\system32\drivers\cpuz134_x64.sys --> C:\Windows\system32\drivers\cpuz134_x64.sys [?]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-3-24 1039776]
R2 Credential Vault Host Storage;Credential Vault Host Storage;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-3-24 31136]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2010-2-8 515952]
R2 dtpd;ShrewSoft DNS Proxy Daemon;C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service --> C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-18 13336]
R2 iked;ShrewSoft IKE Daemon;C:\Program Files\ShrewSoft\VPN Client\iked.exe -service --> C:\Program Files\ShrewSoft\VPN Client\iked.exe -service [?]
R2 ipsecd;ShrewSoft IPSEC Daemon;C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service --> C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service [?]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-12-8 6810728]
R2 NvtlService;NovaCore SDK Service;C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2010-5-20 88912]
R2 QDLService2kDell;Qualcomm Gobi 2000 Download Service (Dell);C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe [2010-4-26 330488]
R2 SMManager;Smith Micro Connection Manager Service;C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2009-12-22 77312]
R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-2-9 531328]
R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-3-15 370504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-8 369256]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-9-22 645048]
R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]
R3 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-5-14 3246040]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 cvusbdrv;Dell ControlVault;C:\Windows\system32\Drivers\cvusbdrv.sys --> C:\Windows\system32\Drivers\cvusbdrv.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 qcfilterdl2k;Gobi 2000 USB Composite Device Filter Driver(413C-8186);C:\Windows\system32\DRIVERS\qcfilterdl2k.sys --> C:\Windows\system32\DRIVERS\qcfilterdl2k.sys [?]
R3 qcusbnetdl2k;Gobi 2000 USB-NDIS miniport(413C-8186);C:\Windows\system32\DRIVERS\qcusbnetdl2k.sys --> C:\Windows\system32\DRIVERS\qcusbnetdl2k.sys [?]
R3 qcusbserdl2k;Gobi 2000 USB Device for Legacy Serial Communication(413C-8186);C:\Windows\system32\DRIVERS\qcusbserdl2k.sys --> C:\Windows\system32\DRIVERS\qcusbserdl2k.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 AMService;AMService;C:\Users\paul\AppData\Local\Temp\hnpjepoiox.exe run --> C:\Users\paul\AppData\Local\Temp\hnpjepoiox.exe run [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-10 135664]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 acpials;ALS Sensor Filter;C:\Windows\system32\DRIVERS\acpials.sys --> C:\Windows\system32\DRIVERS\acpials.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-7 257696]
S3 ATTRcAppSvc;AT&T RcAppSvc;C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe [2009-10-10 121416]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 CAATT;AT&T Con App Svc;C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [2009-10-10 125512]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-10 135664]
S3 libusb0;libusb-win32 - Kernel Driver 07/29/2010 1.2.1.0;C:\Windows\System32\drivers\libusb0.sys [2011-12-26 87488]
S3 MSSQL$SQL2012;SQL Server (SQL2012);C:\Program Files\Microsoft SQL Server\MSSQL11.SQL2012\MSSQL\Binn\sqlservr.exe [2012-2-11 191064]
S3 MSSQL$SQLDEV01;SQL Server (SQLDEV01);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLDEV01\MSSQL\Binn\sqlservr.exe [2011-6-18 62111072]
S3 MSSQL$SQLDEV02;SQL Server (SQLDEV02);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLDEV02\MSSQL\Binn\sqlservr.exe [2011-9-23 58345832]
S3 MSSQLFDLauncher$SQLDEV01;SQL Full-text Filter Daemon Launcher (SQLDEV01);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLDEV01\MSSQL\Binn\fdlauncher.exe [2010-4-3 32096]
S3 MSSQLFDLauncher$SQLDEV02;SQL Full-text Filter Daemon Launcher (SQLDEV02);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLDEV02\MSSQL\Binn\fdlauncher.exe [2008-7-10 34840]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;\??\C:\Windows\system32\PCTINDIS5X64.SYS --> C:\Windows\system32\PCTINDIS5X64.SYS [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);"C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe" --> C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [?]
S3 SeqCal;SeqCal;C:\Windows\system32\DRIVERS\SeqCal.sys --> C:\Windows\system32\DRIVERS\SeqCal.sys [?]
S3 SQL Server Distributed Replay Client;SQL Server Distributed Replay Client;C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe [2012-2-11 137304]
S3 SQL Server Distributed Replay Controller;SQL Server Distributed Replay Controller;C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe [2012-2-11 342104]
S3 SQLAgent$SQL2012;SQL Server Agent (SQL2012);C:\Program Files\Microsoft SQL Server\MSSQL11.SQL2012\MSSQL\Binn\SQLAGENT.EXE [2012-2-11 597080]
S3 SQLAgent$SQLDEV01;SQL Server Agent (SQLDEV01);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLDEV01\MSSQL\Binn\SQLAGENT.EXE [2011-6-18 431456]
S3 SQLAgent$SQLDEV02;SQL Server Agent (SQLDEV02);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLDEV02\MSSQL\Binn\SQLAGENT.EXE [2011-9-23 431464]
S3 SQLSentryServer;SQL Sentry Server;C:\Program Files\SQL Sentry\6.0\SQLSentryServer.exe [2011-11-4 39424]
S3 SWNC8U12;Sierra Wireless MUX NDIS Driver (UMTS12);C:\Windows\system32\DRIVERS\swnc8u12.sys --> C:\Windows\system32\DRIVERS\swnc8u12.sys [?]
S3 SWUMX12;Sierra Wireless USB MUX Driver (UMTS12);C:\Windows\system32\DRIVERS\swumx12.sys --> C:\Windows\system32\DRIVERS\swumx12.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vnet;Shrew Soft Virtual Adapter;C:\Windows\system32\DRIVERS\virtualnet.sys --> C:\Windows\system32\DRIVERS\virtualnet.sys [?]
S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\system32\drivers\vpcuxd.sys --> C:\Windows\system32\drivers\vpcuxd.sys [?]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-19 68440]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-11-11 306416]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
.
=============== Created Last 30 ================
.
2012-06-05 09:24:14 -------- d-----w- C:\Users\paul\AppData\Local\Immunet
2012-06-05 09:23:46 -------- d-----w- C:\Program Files\Immunet
2012-06-05 08:14:40 -------- d-----w- C:\Users\paul\AppData\Roaming\Malwarebytes
2012-06-05 08:14:30 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-05 08:14:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-05 08:00:35 98784 ----a-w- C:\ProgramData\eebccfadedaffbdabadct.exe
2012-06-05 06:16:57 -------- d-----w- C:\Disinfect
2012-06-04 19:50:41 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8F3A562F-A119-4C9C-AA30-7B0F23E12CAD}\gapaengine.dll
2012-06-04 19:50:39 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B7201F5E-83C9-4B49-9416-68F88A91EB4E}\mpengine.dll
2012-06-04 19:49:51 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-06-04 19:49:48 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-06-04 16:43:39 -------- d-----w- C:\Program Files (x86)\ESET
2012-06-03 21:12:43 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{067C42FE-18C4-47E2-BC5E-AFB89BD233E3}\offreg.dll
2012-06-03 20:40:37 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{067C42FE-18C4-47E2-BC5E-AFB89BD233E3}\mpengine.dll
2012-05-24 22:45:04 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-17 09:23:33 -------- d-----w- C:\Program Files (x86)\Amazon
.
==================== Find3M ====================
.
2012-06-05 08:18:00 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2012-06-05 08:18:00 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
2012-06-05 08:17:47 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
2012-06-05 08:17:47 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2012-06-05 08:06:05 13160 ----a-w- C:\Windows\SysWow64\Upgrd.exe
2012-06-05 08:05:58 58288 ------w- C:\Windows\SysWow64\rpcnet.exe
2012-05-24 22:45:07 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-24 22:45:07 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-03-20 19:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-20 19:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2010-03-21 00:45:42 75264 ----a-w- C:\Program Files\7 Taskbar Tweaker x64.exe
2008-04-14 07:30:00 554008 ----a-w- C:\Program Files (x86)\Common Files\dao360.dll
.
============= FINISH: 10:55:10.42 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Paul Randal

Paul Randal
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 05 June 2012 - 05:23 AM

Btw, I'm also getting new .exes created in c:\users\paul\AppData\Local\Temp with names that are strings of random letters. I delete these when they show up.

Thanks

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:01 AM

Posted 06 June 2012 - 03:19 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Paul Randal

Paul Randal
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 06 June 2012 - 08:29 AM

Hi Gringo,

Thanks for your help!

I ran the two commands (see below). I've used ComboFix before on XP so had high hopes. It took two hours altogether and removed a bunch of stuff. After rebooting, I got the dreaded 'Request not supported' from Windows logon, but solved that by booting into Safe Mode and turning off all the biometric options in the Dell security manager. I'll fix that issue once the machine is virus free.

After ComboFix finished, I rebooted once more and tried Internet Explorer. The machine boots faster now, but I'm still getting the redirects when clicking on Google results. Not sure if this is still Sireref or something else now.

Eagerly awaiting next steps (and I'll be donating when we're done - my time's valuable and I'm sure yours is too).

Cheers

<<<<< CHECKUP.TXT >>>>>>>
Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 20
Java version out of date!
Adobe Flash Player 11.2.202.235
Adobe Reader 9 Adobe Reader out of date!
Mozilla Thunderbird (7.0.1) Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials msseces.exe
Acronis TrueImageHome OnlineBackupStandalone TrueImageMonitor.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 24% Defragment your hard drive soon!
````````````````````End of Log``````````````````````


<<<<<< COMBOFIX.TXT >>>>>>>>>>>>>
ComboFix 12-06-05.04 - paul 06/06/2012 12:51:54.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16308.13654 [GMT 1:00]
Running from: c:\users\paul\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\eebccfadedaffbdabadct.exe
c:\users\paul\AppData\Local\{2592bbd7-3405-3718-84cf-0154a3e05682}
c:\users\paul\AppData\Local\{2592bbd7-3405-3718-84cf-0154a3e05682}\@
c:\users\paul\AppData\Local\{2592bbd7-3405-3718-84cf-0154a3e05682}\n
c:\users\paul\AppData\Local\assembly\tmp
c:\users\paul\AppData\Local\Temp\sttF5B3.tmp
c:\users\paul\g2mdlhlpx.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\AutoRun.ini
c:\windows\Installer\{2592bbd7-3405-3718-84cf-0154a3e05682}
c:\windows\Installer\{2592bbd7-3405-3718-84cf-0154a3e05682}\@
c:\windows\Installer\{2592bbd7-3405-3718-84cf-0154a3e05682}\L\00000004.@
c:\windows\Installer\{2592bbd7-3405-3718-84cf-0154a3e05682}\L\201d3dde
c:\windows\Installer\{2592bbd7-3405-3718-84cf-0154a3e05682}\n
c:\windows\Installer\{2592bbd7-3405-3718-84cf-0154a3e05682}\U\00000004.@
c:\windows\Installer\{2592bbd7-3405-3718-84cf-0154a3e05682}\U\000000cb.@
c:\windows\SysWow64\regobj.dll
c:\windows\SysWow64\test
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AMService
.
.
((((((((((((((((((((((((( Files Created from 2012-05-06 to 2012-06-06 )))))))))))))))))))))))))))))))
.
.
2012-06-06 12:26 . 2012-06-06 12:26 -------- d-----w- c:\users\MSSQL$SQL2012\AppData\Local\temp
2012-06-06 12:26 . 2012-06-06 12:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-06 03:04 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-06-06 03:04 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-06-06 03:03 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-06-06 03:03 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2012-06-06 02:58 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-06-06 02:58 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-06 02:58 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-06 02:58 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-06-06 02:57 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-06-06 02:57 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-06-06 02:51 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-06-06 02:50 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-06-06 02:50 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-06-06 02:49 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-06 02:49 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 02:49 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-06 02:49 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-06 02:36 . 2012-06-06 02:36 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-06-06 02:22 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-06-06 02:22 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-06-06 02:22 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-06-06 02:22 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-06-06 02:18 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-06-06 02:13 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-06-06 02:12 . 2011-08-13 05:27 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2012-06-06 02:12 . 2011-08-13 04:18 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2012-06-06 02:10 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-06 02:10 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-06-06 02:10 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-06 02:10 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-06 02:10 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-06-06 02:10 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-06-06 02:10 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-06-06 02:02 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-06-06 02:02 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-06-06 02:02 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-06-06 02:02 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-06-06 02:02 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-06-06 02:02 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-06-06 02:02 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-06-06 02:02 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-06-06 02:01 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-06-06 02:01 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-06-06 02:01 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-06-06 02:01 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-06-06 02:01 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-06 02:01 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-06-06 02:01 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-06-06 02:01 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-06-06 02:00 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-06-06 02:00 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-06-06 02:00 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-06-06 02:00 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-06-05 13:56 . 2012-06-06 12:48 -------- d-----w- c:\windows\system32\wbem\repository
2012-06-05 11:16 . 2012-06-05 11:15 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{19E417C4-16EE-476B-9F13-1FBAD20A995E}\gapaengine.dll
2012-06-05 11:15 . 2012-05-08 09:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB9B6952-F20F-4C4F-9423-7F911FFA7575}\mpengine.dll
2012-06-05 11:11 . 2012-06-05 11:11 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-05 11:11 . 2012-06-05 11:13 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-05 09:24 . 2012-06-05 09:24 -------- d-----w- c:\users\paul\AppData\Local\Immunet
2012-06-05 08:14 . 2012-06-05 08:14 -------- d-----w- c:\users\paul\AppData\Roaming\Malwarebytes
2012-06-05 08:14 . 2012-06-05 08:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-05 08:14 . 2012-06-05 08:14 -------- d-----w- c:\programdata\Malwarebytes
2012-06-05 06:16 . 2012-06-05 13:56 -------- d-----w- C:\Disinfect
2012-06-04 16:43 . 2012-06-04 16:43 -------- d-----w- c:\program files (x86)\ESET
2012-06-03 21:12 . 2012-06-03 21:12 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{067C42FE-18C4-47E2-BC5E-AFB89BD233E3}\offreg.dll
2012-06-03 20:40 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{067C42FE-18C4-47E2-BC5E-AFB89BD233E3}\mpengine.dll
2012-05-24 22:45 . 2012-05-24 22:45 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-17 09:24 . 2012-05-17 09:24 -------- d-----w- c:\users\paul\AppData\Roaming\Amazon
2012-05-17 09:23 . 2012-05-17 09:23 -------- d-----w- c:\program files (x86)\Amazon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-06 12:48 . 2010-10-29 17:32 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2012-06-06 12:48 . 2010-10-29 17:32 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-06-06 12:38 . 2010-10-29 17:33 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2012-06-06 12:38 . 2010-10-18 02:51 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2012-06-06 03:02 . 2010-10-29 22:18 2522336 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-06-05 14:20 . 2011-06-15 07:49 13160 ----a-w- c:\windows\SysWow64\Upgrd.exe
2012-06-05 14:20 . 2009-03-03 14:38 58288 ------w- c:\windows\SysWow64\rpcnet.exe
2012-05-24 22:45 . 2012-04-07 19:28 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-24 22:45 . 2011-07-03 21:57 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-20 19:44 . 2012-03-20 19:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 19:44 . 2012-03-20 19:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2010-03-21 00:45 . 2010-03-21 00:45 75264 ----a-w- c:\program files\7 Taskbar Tweaker x64.exe
2008-04-14 07:30 . 2008-04-14 07:30 554008 ----a-w- c:\program files (x86)\Common Files\dao360.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"7 Taskbar Tweaker"="c:\program files\7 Taskbar Tweaker x64.exe" [2010-03-21 75264]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-10 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]
"AT&T Communication Manager"="c:\program files (x86)\AT&T\Communication Manager\ATTCM.exe" [2009-10-10 883272]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"SAOB Monitor"="c:\program files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-11-16 2536448]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-02-02 5546376]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-20 421736]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\paul\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-10-27 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2010-2-8 1416560]
Logo Calibration Loader.lnk - c:\program files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2010-11-10 708608]
ProfileReminder.lnk - c:\program files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2010-11-10 954368]
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 185192]
ZoomIt64.exe - Shortcut.lnk - c:\program files (x86)\ZoomIt\ZoomIt64.exe [2010-11-2 290056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"Backup_DisableCAD"= undefined
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 ajyjktvr;ajyjktvr;c:\windows\system32\drivers\ajyjktvr.sys [x]
R1 cbugaxyw;cbugaxyw;c:\windows\system32\drivers\cbugaxyw.sys [x]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
R1 ejcppplc;ejcppplc;c:\windows\system32\drivers\ejcppplc.sys [x]
R1 gbzptfqp;gbzptfqp;c:\windows\system32\drivers\gbzptfqp.sys [x]
R1 hndaszew;hndaszew;c:\windows\system32\drivers\hndaszew.sys [x]
R1 hxylsscf;hxylsscf;c:\windows\system32\drivers\hxylsscf.sys [x]
R1 jretbuwk;jretbuwk;c:\windows\system32\drivers\jretbuwk.sys [x]
R1 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R1 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [x]
R1 RsFx0200;RsFx0200 Driver;c:\windows\system32\DRIVERS\RsFx0200.sys [x]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
R1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [x]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/10/17 21:49];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-05-11 20:59 146928]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2010-05-26 89600]
R2 buttonsvc64;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-11-20 373024]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [x]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-03-24 1039776]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-03-24 31136]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2010-02-08 515952]
R2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2010-10-08 56592]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10 135664]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
R2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2010-10-08 957712]
R2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2010-10-08 697616]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-12-08 6810728]
R2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2010-05-20 88912]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [x]
R2 QDLService2kDell;Qualcomm Gobi 2000 Download Service (Dell);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe [2010-04-26 330488]
R2 rpcnetp;rpcnetp;c:\windows\System32\rpcnetp.exe [2012-06-06 17920]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2009-12-22 77312]
R2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-02-09 531328]
R2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-08 369256]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-09-22 645048]
R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 257696]
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
R3 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-05-14 3246040]
R3 ALSysIO;ALSysIO;c:\users\paul\AppData\Local\Temp\ALSysIO64.sys [x]
R3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files (x86)\AT&T\Communication Manager\RcAppSvc.exe [2009-10-10 121416]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 CAATT;AT&T Con App Svc;c:\program files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [2009-10-10 125512]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10 135664]
R3 libusb0;libusb-win32 - Kernel Driver 07/29/2010 1.2.1.0;c:\windows\system32\DRIVERS\libusb0.sys [2010-07-29 42944]
R3 MSSQL$SQL2012;SQL Server (SQL2012);c:\program files\Microsoft SQL Server\MSSQL11.SQL2012\MSSQL\Binn\sqlservr.exe [2012-02-11 191064]
R3 MSSQL$SQLDEV01;SQL Server (SQLDEV01);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLDEV01\MSSQL\Binn\sqlservr.exe [2011-06-18 62111072]
R3 MSSQL$SQLDEV02;SQL Server (SQLDEV02);c:\program files\Microsoft SQL Server\MSSQL10.SQLDEV02\MSSQL\Binn\sqlservr.exe [2011-09-23 58345832]
R3 MSSQLFDLauncher$SQLDEV01;SQL Full-text Filter Daemon Launcher (SQLDEV01);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLDEV01\MSSQL\Binn\fdlauncher.exe [2010-04-03 32096]
R3 MSSQLFDLauncher$SQLDEV02;SQL Full-text Filter Daemon Launcher (SQLDEV02);c:\program files\Microsoft SQL Server\MSSQL10.SQLDEV02\MSSQL\Binn\fdlauncher.exe [2008-07-10 34840]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys [x]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 qcusbnetdl2k;Gobi 2000 USB-NDIS miniport(413C-8186);c:\windows\system32\DRIVERS\qcusbnetdl2k.sys [x]
R3 qcusbserdl2k;Gobi 2000 USB Device for Legacy Serial Communication(413C-8186);c:\windows\system32\DRIVERS\qcusbserdl2k.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [x]
R3 SeqCal;SeqCal;c:\windows\system32\DRIVERS\SeqCal.sys [x]
R3 SQL Server Distributed Replay Client;SQL Server Distributed Replay Client;c:\program files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe [2012-02-11 137304]
R3 SQL Server Distributed Replay Controller;SQL Server Distributed Replay Controller;c:\program files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe [2012-02-11 342104]
R3 SQLAgent$SQL2012;SQL Server Agent (SQL2012);c:\program files\Microsoft SQL Server\MSSQL11.SQL2012\MSSQL\Binn\SQLAGENT.EXE [2012-02-11 597080]
R3 SQLAgent$SQLDEV01;SQL Server Agent (SQLDEV01);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLDEV01\MSSQL\Binn\SQLAGENT.EXE [2011-06-18 431456]
R3 SQLAgent$SQLDEV02;SQL Server Agent (SQLDEV02);c:\program files\Microsoft SQL Server\MSSQL10.SQLDEV02\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]
R3 SQLSentryServer;SQL Sentry Server;c:\program files\SQL Sentry\6.0\SQLSentryServer.exe [2011-11-04 39424]
R3 SWNC8U12;Sierra Wireless MUX NDIS Driver (UMTS12);c:\windows\system32\DRIVERS\swnc8u12.sys [x]
R3 SWUMX12;Sierra Wireless USB MUX Driver (UMTS12);c:\windows\system32\DRIVERS\swumx12.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [x]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\drivers\vpcuxd.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-19 68440]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-11-11 306416]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 qcfilterdl2k;Gobi 2000 USB Composite Device Filter Driver(413C-8186);c:\windows\system32\DRIVERS\qcfilterdl2k.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 22:45]
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10 17:21]
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10 17:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\paul\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\paul\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\paul\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\paul\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-03-29 18:00 60784 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-03-29 18:00 60784 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-05-26 487424]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-11-02 657920]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-12-22 1845248]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-10-08 302184]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1875048]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 163568]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-02-02 390720]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
"LogiScrollApp"="c:\program files\Logitech\ScrollApp\KhalScroll.exe" [2011-07-08 43800]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"combofix"="c:\combofix\CF25540.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"combofix"="c:\combofix\CF25540.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = file:///C:/Play/Public%20Html/index.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: facebook.com\www
Trusted Zone: linkedin.com\www
Trusted Zone: sqlservercentral.com\www
Trusted Zone: sqlskills.com\www
TCP: DhcpNameServer = 207.68.169.104 65.54.238.85
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://nhavpn.heritageacademies.com/CACHE/stc/7/binaries/vpnweb.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-eebccfadedaffbdabadct - c:\programdata\eebccfadedaffbdabadct.exe
Wow6432Node-HKLM-Run-BapMeQOtifykfAh.exe - c:\programdata\BapMeQOtifykfAh.exe
SafeBoot-MsMpSvc
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3490992186-4168848730-780716277-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-3490992186-4168848730-780716277-1000)
@Denied: (2) (LocalSystem)
"Progid"="ThunderbirdEML"
.
[HKEY_USERS\S-1-5-21-3490992186-4168848730-780716277-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-06 14:11:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-06 13:11
.
Pre-Run: 87,687,655,424 bytes free
Post-Run: 87,512,018,944 bytes free
.
- - End Of File - - BE6124109CB2BBA13EF4ABA934BB8F7D

#5 Paul Randal

Paul Randal
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 06 June 2012 - 08:53 AM

Donated $100. Thanks for your free time here helping me and everyone else - much appreciated!

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:01 AM

Posted 06 June 2012 - 10:34 AM

Greetings paul

That was very nice thank you (a little bit early but very nice)

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Paul Randal

Paul Randal
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 07 June 2012 - 02:48 AM

Hey Gringo,

No problem - you've helped a ton of other people too.

I downloaded both executables and ran them. Nothing happened in either case. I watched in Task Manager and tried again - both started and then died after a few seconds.

Since we last spoke, I've had IE crash a couple of times and Explorer have to restart immediately on login a few times too.

Thanks

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:01 AM

Posted 07 June 2012 - 02:55 AM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Paul Randal

Paul Randal
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 07 June 2012 - 03:14 AM

From TDSS Fix Tool 2.1.3

***Infected MBR Detected

I clicked Repair and it said the repair was successful.

Running TDSSKiller and aswMBR.

Do you want me to allow them both to fix anything they find?

#10 Paul Randal

Paul Randal
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 07 June 2012 - 03:26 AM

Here are the TDSSKiller and awsMBR logs. TDSSKiller was clean but awsMBR found something and the FixMBR button is highlighted. Not pressing it until you give the ok or not.

TDSSKiller report


09:05:32.0770 4544 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
09:05:32.0786 4544 ============================================================
09:05:32.0786 4544 Current date / time: 2012/06/07 09:05:32.0786
09:05:32.0786 4544 SystemInfo:
09:05:32.0786 4544
09:05:32.0786 4544 OS Version: 6.1.7601 ServicePack: 1.0
09:05:32.0786 4544 Product type: Workstation
09:05:32.0786 4544 ComputerName: APPLECROSS
09:05:32.0786 4544 UserName: paul
09:05:32.0786 4544 Windows directory: C:\Windows
09:05:32.0786 4544 System windows directory: C:\Windows
09:05:32.0786 4544 Running under WOW64
09:05:32.0786 4544 Processor architecture: Intel x64
09:05:32.0786 4544 Number of processors: 8
09:05:32.0786 4544 Page size: 0x1000
09:05:32.0786 4544 Boot type: Normal boot
09:05:32.0786 4544 ============================================================
09:05:33.0534 4544 Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:05:33.0534 4544 Drive \Device\Harddisk1\DR1 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:05:33.0534 4544 Drive \Device\Harddisk2\DR2 - Size: 0x77800000 (1.87 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:05:33.0550 4544 ============================================================
09:05:33.0550 4544 \Device\Harddisk0\DR0:
09:05:33.0550 4544 MBR partitions:
09:05:33.0550 4544 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x56800, BlocksNum 0x177000
09:05:33.0550 4544 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1CD800, BlocksNum 0x1DB20AB0
09:05:33.0550 4544 \Device\Harddisk1\DR1:
09:05:33.0550 4544 MBR partitions:
09:05:33.0550 4544 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1DCF2000
09:05:33.0550 4544 \Device\Harddisk2\DR2:
09:05:33.0550 4544 MBR partitions:
09:05:33.0550 4544 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3BBFE0
09:05:33.0550 4544 ============================================================
09:05:33.0550 4544 C: <-> \Device\Harddisk0\DR0\Partition1
09:05:33.0550 4544 D: <-> \Device\Harddisk1\DR1\Partition0
09:05:33.0550 4544 ============================================================
09:05:33.0550 4544 Initialize success
09:05:33.0550 4544 ============================================================
09:05:36.0748 3200 ============================================================
09:05:36.0748 3200 Scan started
09:05:36.0748 3200 Mode: Manual;
09:05:36.0748 3200 ============================================================
09:05:36.0982 3200 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
09:05:36.0982 3200 1394ohci - ok
09:05:37.0013 3200 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
09:05:37.0013 3200 ACPI - ok
09:05:37.0013 3200 acpials (12c5274cd87449a2a37a607cdb321922) C:\Windows\system32\DRIVERS\acpials.sys
09:05:37.0013 3200 acpials - ok
09:05:37.0013 3200 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
09:05:37.0013 3200 AcpiPmi - ok
09:05:37.0091 3200 AcrSch2Svc (2fa64c2e62f1b30e2ff70578b9babdcd) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
09:05:37.0107 3200 AcrSch2Svc - ok
09:05:37.0154 3200 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:05:37.0154 3200 AdobeFlashPlayerUpdateSvc - ok
09:05:37.0200 3200 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
09:05:37.0216 3200 adp94xx - ok
09:05:37.0232 3200 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
09:05:37.0232 3200 adpahci - ok
09:05:37.0247 3200 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
09:05:37.0247 3200 adpu320 - ok
09:05:37.0247 3200 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
09:05:37.0247 3200 AeLookupSvc - ok
09:05:37.0263 3200 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
09:05:37.0263 3200 AESTFilters - ok
09:05:37.0278 3200 afcdp (ae1fce2cd1e99bea89183ba8cd320872) C:\Windows\system32\DRIVERS\afcdp.sys
09:05:37.0278 3200 afcdp - ok
09:05:37.0450 3200 afcdpsrv (af44f7e027037628f1fac3c13cde73e6) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
09:05:37.0481 3200 afcdpsrv - ok
09:05:37.0544 3200 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
09:05:37.0559 3200 AFD - ok
09:05:37.0559 3200 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
09:05:37.0559 3200 agp440 - ok
09:05:37.0575 3200 ajyjktvr - ok
09:05:37.0575 3200 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
09:05:37.0575 3200 ALG - ok
09:05:37.0575 3200 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
09:05:37.0590 3200 aliide - ok
09:05:38.0043 3200 ALSysIO - ok
09:05:38.0090 3200 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
09:05:38.0090 3200 amdide - ok
09:05:38.0105 3200 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
09:05:38.0105 3200 AmdK8 - ok
09:05:38.0105 3200 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
09:05:38.0105 3200 AmdPPM - ok
09:05:38.0121 3200 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
09:05:38.0121 3200 amdsata - ok
09:05:38.0136 3200 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
09:05:38.0136 3200 amdsbs - ok
09:05:38.0136 3200 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
09:05:38.0136 3200 amdxata - ok
09:05:38.0152 3200 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
09:05:38.0152 3200 AppID - ok
09:05:38.0152 3200 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
09:05:38.0152 3200 AppIDSvc - ok
09:05:38.0168 3200 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
09:05:38.0168 3200 Appinfo - ok
09:05:38.0183 3200 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:05:38.0183 3200 Apple Mobile Device - ok
09:05:38.0199 3200 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
09:05:38.0199 3200 AppMgmt - ok
09:05:38.0199 3200 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
09:05:38.0214 3200 arc - ok
09:05:38.0214 3200 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
09:05:38.0214 3200 arcsas - ok
09:05:38.0230 3200 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:05:38.0246 3200 aspnet_state - ok
09:05:38.0246 3200 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
09:05:38.0246 3200 AsyncMac - ok
09:05:38.0261 3200 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
09:05:38.0261 3200 atapi - ok
09:05:38.0277 3200 ATTRcAppSvc (f50b40ac2e465a245733306ebf8ebc8b) C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe
09:05:38.0277 3200 ATTRcAppSvc - ok
09:05:38.0308 3200 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:05:38.0324 3200 AudioEndpointBuilder - ok
09:05:38.0324 3200 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:05:38.0324 3200 AudioSrv - ok
09:05:38.0339 3200 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
09:05:38.0339 3200 AxInstSV - ok
09:05:38.0370 3200 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
09:05:38.0370 3200 b06bdrv - ok
09:05:38.0402 3200 b57nd60a (93af5ccce5145aa3c2f0a41e7f65149a) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:05:38.0402 3200 b57nd60a - ok
09:05:38.0402 3200 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
09:05:38.0402 3200 BDESVC - ok
09:05:38.0417 3200 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
09:05:38.0417 3200 Beep - ok
09:05:38.0464 3200 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
09:05:38.0464 3200 BITS - ok
09:05:38.0480 3200 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
09:05:38.0480 3200 blbdrive - ok
09:05:38.0480 3200 Blfp (e869c8c360f3705da7875327da616f11) C:\Windows\system32\DRIVERS\basp.sys
09:05:38.0480 3200 Blfp - ok
09:05:38.0511 3200 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
09:05:38.0511 3200 Bonjour Service - ok
09:05:38.0526 3200 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
09:05:38.0526 3200 bowser - ok
09:05:38.0526 3200 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:05:38.0526 3200 BrFiltLo - ok
09:05:38.0526 3200 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:05:38.0526 3200 BrFiltUp - ok
09:05:38.0542 3200 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
09:05:38.0542 3200 BridgeMP - ok
09:05:38.0558 3200 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
09:05:38.0558 3200 Browser - ok
09:05:38.0573 3200 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
09:05:38.0589 3200 Brserid - ok
09:05:38.0589 3200 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
09:05:38.0589 3200 BrSerWdm - ok
09:05:38.0589 3200 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:05:38.0589 3200 BrUsbMdm - ok
09:05:38.0589 3200 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
09:05:38.0604 3200 BrUsbSer - ok
09:05:38.0604 3200 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
09:05:38.0604 3200 BthEnum - ok
09:05:38.0620 3200 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
09:05:38.0620 3200 BTHMODEM - ok
09:05:38.0620 3200 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
09:05:38.0620 3200 BthPan - ok
09:05:38.0651 3200 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
09:05:38.0651 3200 BTHPORT - ok
09:05:38.0667 3200 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
09:05:38.0667 3200 bthserv - ok
09:05:38.0682 3200 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
09:05:38.0682 3200 BTHUSB - ok
09:05:38.0682 3200 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
09:05:38.0682 3200 btwaudio - ok
09:05:38.0698 3200 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\drivers\btwavdt.sys
09:05:38.0698 3200 btwavdt - ok
09:05:38.0760 3200 btwdins (6dde1e97be4d50253dfb9090a6a62524) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
09:05:38.0760 3200 btwdins - ok
09:05:38.0776 3200 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
09:05:38.0776 3200 btwl2cap - ok
09:05:38.0776 3200 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
09:05:38.0776 3200 btwrchid - ok
09:05:38.0807 3200 buttonsvc64 (f9a6deac2776a85f23b55e044cd4bc10) C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
09:05:38.0807 3200 buttonsvc64 - ok
09:05:38.0823 3200 CAATT (c8387002ed85939a4fa403032136ee3c) C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe
09:05:38.0823 3200 CAATT - ok
09:05:38.0838 3200 catchme - ok
09:05:38.0854 3200 cbugaxyw - ok
09:05:38.0854 3200 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
09:05:38.0854 3200 cdfs - ok
09:05:38.0870 3200 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
09:05:38.0870 3200 cdrom - ok
09:05:38.0885 3200 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:05:38.0885 3200 CertPropSvc - ok
09:05:38.0885 3200 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
09:05:38.0885 3200 circlass - ok
09:05:38.0916 3200 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
09:05:38.0916 3200 CLFS - ok
09:05:38.0932 3200 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:05:38.0932 3200 clr_optimization_v2.0.50727_32 - ok
09:05:38.0948 3200 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:05:38.0948 3200 clr_optimization_v2.0.50727_64 - ok
09:05:38.0963 3200 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:05:38.0994 3200 clr_optimization_v4.0.30319_32 - ok
09:05:39.0010 3200 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:05:39.0026 3200 clr_optimization_v4.0.30319_64 - ok
09:05:39.0026 3200 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
09:05:39.0026 3200 CmBatt - ok
09:05:39.0026 3200 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
09:05:39.0026 3200 cmdide - ok
09:05:39.0057 3200 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
09:05:39.0057 3200 CNG - ok
09:05:39.0072 3200 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
09:05:39.0072 3200 Compbatt - ok
09:05:39.0072 3200 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
09:05:39.0072 3200 CompositeBus - ok
09:05:39.0072 3200 COMSysApp - ok
09:05:39.0072 3200 cpuz134 (17719a7f571d4cd08223f0b30f71b8b8) C:\Windows\system32\drivers\cpuz134_x64.sys
09:05:39.0072 3200 cpuz134 - ok
09:05:39.0088 3200 cpuz135 (ccb09eb78e047c931708149992c2e435) C:\Windows\system32\drivers\cpuz135_x64.sys
09:05:39.0088 3200 cpuz135 - ok
09:05:39.0088 3200 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
09:05:39.0088 3200 crcdisk - ok
09:05:39.0150 3200 Credential Vault Host Control Service (95669e82007dbd7bc3a7093252905612) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
09:05:39.0166 3200 Credential Vault Host Control Service - ok
09:05:39.0166 3200 Credential Vault Host Storage (33bd6d2f7f3906e07913be4d05e6abfd) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
09:05:39.0166 3200 Credential Vault Host Storage - ok
09:05:39.0182 3200 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
09:05:39.0182 3200 CryptSvc - ok
09:05:39.0213 3200 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
09:05:39.0213 3200 CSC - ok
09:05:39.0260 3200 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
09:05:39.0260 3200 CscService - ok
09:05:39.0275 3200 CtClsFlt (8ce04a5bdd2ce6e62ce02a1c27093104) C:\Windows\system32\DRIVERS\CtClsFlt.sys
09:05:39.0275 3200 CtClsFlt - ok
09:05:39.0291 3200 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys
09:05:39.0291 3200 ctxusbm - ok
09:05:39.0291 3200 cvusbdrv (a84caae89b487931200b969d94018afa) C:\Windows\system32\Drivers\cvusbdrv.sys
09:05:39.0291 3200 cvusbdrv - ok
09:05:39.0322 3200 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
09:05:39.0338 3200 DcomLaunch - ok
09:05:39.0369 3200 dcpsysmgrsvc (bdf7af2604e89e8e5cb6ae4ae88efcfa) c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
09:05:39.0369 3200 dcpsysmgrsvc - ok
09:05:39.0400 3200 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
09:05:39.0400 3200 defragsvc - ok
09:05:39.0416 3200 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
09:05:39.0416 3200 DfsC - ok
09:05:39.0431 3200 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
09:05:39.0431 3200 Dhcp - ok
09:05:39.0447 3200 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
09:05:39.0447 3200 discache - ok
09:05:39.0447 3200 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
09:05:39.0447 3200 Disk - ok
09:05:39.0462 3200 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
09:05:39.0478 3200 Dnscache - ok
09:05:39.0478 3200 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
09:05:39.0494 3200 dot3svc - ok
09:05:39.0494 3200 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
09:05:39.0494 3200 DPS - ok
09:05:39.0509 3200 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
09:05:39.0509 3200 drmkaud - ok
09:05:39.0509 3200 dtpd - ok
09:05:39.0572 3200 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
09:05:39.0572 3200 DXGKrnl - ok
09:05:39.0572 3200 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
09:05:39.0587 3200 EapHost - ok
09:05:39.0759 3200 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
09:05:39.0790 3200 ebdrv - ok
09:05:39.0821 3200 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
09:05:39.0821 3200 EFS - ok
09:05:39.0868 3200 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
09:05:39.0868 3200 ehRecvr - ok
09:05:39.0884 3200 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
09:05:39.0884 3200 ehSched - ok
09:05:39.0899 3200 ejcppplc - ok
09:05:39.0930 3200 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
09:05:39.0930 3200 elxstor - ok
09:05:39.0946 3200 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
09:05:39.0946 3200 ErrDev - ok
09:05:39.0962 3200 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
09:05:39.0962 3200 EventSystem - ok
09:05:40.0055 3200 EvtEng (51643ee2712d9212e1e53ca7e8d8eb4a) c:\Program Files\Intel\WiFi\bin\EvtEng.exe
09:05:40.0071 3200 EvtEng - ok
09:05:40.0133 3200 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
09:05:40.0133 3200 exfat - ok
09:05:40.0149 3200 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
09:05:40.0149 3200 fastfat - ok
09:05:40.0196 3200 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
09:05:40.0196 3200 Fax - ok
09:05:40.0196 3200 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
09:05:40.0196 3200 fdc - ok
09:05:40.0211 3200 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
09:05:40.0211 3200 fdPHost - ok
09:05:40.0211 3200 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
09:05:40.0211 3200 FDResPub - ok
09:05:40.0211 3200 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
09:05:40.0227 3200 FileInfo - ok
09:05:40.0227 3200 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
09:05:40.0227 3200 Filetrace - ok
09:05:40.0227 3200 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
09:05:40.0227 3200 flpydisk - ok
09:05:40.0242 3200 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
09:05:40.0242 3200 FltMgr - ok
09:05:40.0305 3200 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
09:05:40.0320 3200 FontCache - ok
09:05:40.0320 3200 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:05:40.0336 3200 FontCache3.0.0.0 - ok
09:05:40.0336 3200 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
09:05:40.0336 3200 FsDepends - ok
09:05:40.0352 3200 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
09:05:40.0352 3200 Fs_Rec - ok
09:05:40.0352 3200 FTDIBUS (fa169871d8fadcc6539c4e8726610286) C:\Windows\system32\drivers\ftdibus.sys
09:05:40.0352 3200 FTDIBUS - ok
09:05:40.0367 3200 FTSER2K (37c9d167f0bd2ce0a5d5e160cc87758a) C:\Windows\system32\drivers\ftser2k.sys
09:05:40.0367 3200 FTSER2K - ok
09:05:40.0383 3200 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
09:05:40.0383 3200 fvevol - ok
09:05:40.0383 3200 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:05:40.0383 3200 gagp30kx - ok
09:05:40.0383 3200 gbzptfqp - ok
09:05:40.0398 3200 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:05:40.0398 3200 GEARAspiWDM - ok
09:05:40.0430 3200 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
09:05:40.0445 3200 gpsvc - ok
09:05:40.0461 3200 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:05:40.0461 3200 gupdate - ok
09:05:40.0461 3200 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:05:40.0461 3200 gupdatem - ok
09:05:40.0476 3200 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
09:05:40.0476 3200 gusvc - ok
09:05:40.0492 3200 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
09:05:40.0492 3200 hcw85cir - ok
09:05:40.0492 3200 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
09:05:40.0492 3200 HDAudBus - ok
09:05:40.0508 3200 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
09:05:40.0508 3200 HidBatt - ok
09:05:40.0508 3200 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
09:05:40.0508 3200 HidBth - ok
09:05:40.0523 3200 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
09:05:40.0523 3200 HidIr - ok
09:05:40.0523 3200 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
09:05:40.0523 3200 hidserv - ok
09:05:40.0539 3200 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
09:05:40.0539 3200 HidUsb - ok
09:05:40.0539 3200 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
09:05:40.0539 3200 hkmsvc - ok
09:05:40.0539 3200 hndaszew - ok
09:05:40.0554 3200 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
09:05:40.0554 3200 HomeGroupListener - ok
09:05:40.0570 3200 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
09:05:40.0570 3200 HomeGroupProvider - ok
09:05:40.0586 3200 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
09:05:40.0586 3200 HpSAMD - ok
09:05:40.0617 3200 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
09:05:40.0617 3200 HTTP - ok
09:05:40.0617 3200 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
09:05:40.0617 3200 hwpolicy - ok
09:05:40.0632 3200 hxylsscf - ok
09:05:40.0632 3200 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
09:05:40.0632 3200 i8042prt - ok
09:05:40.0664 3200 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
09:05:40.0664 3200 iaStor - ok
09:05:40.0679 3200 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
09:05:40.0679 3200 IAStorDataMgrSvc - ok
09:05:40.0695 3200 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
09:05:40.0710 3200 iaStorV - ok
09:05:40.0757 3200 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:05:40.0773 3200 idsvc - ok
09:05:40.0773 3200 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
09:05:40.0773 3200 iirsp - ok
09:05:40.0773 3200 iked - ok
09:05:40.0835 3200 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
09:05:40.0835 3200 IKEEXT - ok
09:05:40.0835 3200 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
09:05:40.0835 3200 intelide - ok
09:05:40.0851 3200 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
09:05:40.0851 3200 intelppm - ok
09:05:40.0851 3200 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
09:05:40.0866 3200 IPBusEnum - ok
09:05:40.0866 3200 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:05:40.0866 3200 IpFilterDriver - ok
09:05:40.0882 3200 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
09:05:40.0882 3200 IPMIDRV - ok
09:05:40.0882 3200 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
09:05:40.0898 3200 IPNAT - ok
09:05:40.0944 3200 iPod Service (fdf57f795098ab29af780824315c9859) C:\Program Files\iPod\bin\iPodService.exe
09:05:40.0960 3200 iPod Service - ok
09:05:40.0960 3200 ipsecd - ok
09:05:40.0960 3200 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
09:05:40.0960 3200 IRENUM - ok
09:05:40.0960 3200 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
09:05:40.0976 3200 isapnp - ok
09:05:40.0991 3200 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
09:05:40.0991 3200 iScsiPrt - ok
09:05:40.0991 3200 jretbuwk - ok
09:05:40.0991 3200 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
09:05:40.0991 3200 kbdclass - ok
09:05:41.0007 3200 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
09:05:41.0007 3200 kbdhid - ok
09:05:41.0007 3200 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:05:41.0007 3200 KeyIso - ok
09:05:41.0022 3200 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
09:05:41.0022 3200 KSecDD - ok
09:05:41.0038 3200 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
09:05:41.0038 3200 KSecPkg - ok
09:05:41.0038 3200 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
09:05:41.0038 3200 ksthunk - ok
09:05:41.0069 3200 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
09:05:41.0069 3200 KtmRm - ok
09:05:41.0085 3200 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
09:05:41.0085 3200 LanmanServer - ok
09:05:41.0100 3200 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
09:05:41.0100 3200 LanmanWorkstation - ok
09:05:41.0132 3200 LBTServ (19eff704cd16dd0429e128431f1dd631) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
09:05:41.0132 3200 LBTServ - ok
09:05:41.0147 3200 LHidFilt (1074c77a47835e03c15bf92452f9a750) C:\Windows\system32\DRIVERS\LHidFilt.Sys
09:05:41.0147 3200 LHidFilt - ok
09:05:41.0147 3200 libusb0 (458ed3dae4a8ff4ad350eae1464cf65f) C:\Windows\system32\DRIVERS\libusb0.sys
09:05:41.0147 3200 libusb0 - ok
09:05:41.0163 3200 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
09:05:41.0163 3200 lltdio - ok
09:05:41.0178 3200 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
09:05:41.0178 3200 lltdsvc - ok
09:05:41.0194 3200 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
09:05:41.0194 3200 lmhosts - ok
09:05:41.0194 3200 LMouFilt (96999c364c649e2866a268f7420a304a) C:\Windows\system32\DRIVERS\LMouFilt.Sys
09:05:41.0194 3200 LMouFilt - ok
09:05:41.0210 3200 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:05:41.0210 3200 LSI_FC - ok
09:05:41.0210 3200 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:05:41.0210 3200 LSI_SAS - ok
09:05:41.0225 3200 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:05:41.0225 3200 LSI_SAS2 - ok
09:05:41.0225 3200 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:05:41.0241 3200 LSI_SCSI - ok
09:05:41.0241 3200 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
09:05:41.0241 3200 luafv - ok
09:05:41.0256 3200 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
09:05:41.0256 3200 mcdbus - ok
09:05:41.0272 3200 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
09:05:41.0272 3200 Mcx2Svc - ok
09:05:41.0272 3200 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
09:05:41.0272 3200 megasas - ok
09:05:41.0288 3200 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
09:05:41.0288 3200 MegaSR - ok
09:05:41.0303 3200 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:05:41.0303 3200 MMCSS - ok
09:05:41.0303 3200 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
09:05:41.0303 3200 Modem - ok
09:05:41.0319 3200 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
09:05:41.0319 3200 monitor - ok
09:05:41.0319 3200 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
09:05:41.0319 3200 mouclass - ok
09:05:41.0319 3200 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
09:05:41.0319 3200 mouhid - ok
09:05:41.0334 3200 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
09:05:41.0334 3200 mountmgr - ok
09:05:41.0350 3200 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
09:05:41.0350 3200 MpFilter - ok
09:05:41.0366 3200 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
09:05:41.0366 3200 mpio - ok
09:05:41.0381 3200 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
09:05:41.0381 3200 mpsdrv - ok
09:05:41.0381 3200 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
09:05:41.0397 3200 MRxDAV - ok
09:05:41.0397 3200 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:05:41.0397 3200 mrxsmb - ok
09:05:41.0412 3200 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:05:41.0428 3200 mrxsmb10 - ok
09:05:41.0428 3200 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:05:41.0428 3200 mrxsmb20 - ok
09:05:41.0428 3200 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
09:05:41.0444 3200 msahci - ok
09:05:41.0459 3200 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
09:05:41.0459 3200 msdsm - ok
09:05:41.0459 3200 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
09:05:41.0459 3200 MSDTC - ok
09:05:41.0475 3200 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
09:05:41.0475 3200 Msfs - ok
09:05:41.0475 3200 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
09:05:41.0475 3200 mshidkmdf - ok
09:05:41.0475 3200 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
09:05:41.0475 3200 msisadrv - ok
09:05:41.0490 3200 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
09:05:41.0490 3200 MSiSCSI - ok
09:05:41.0490 3200 msiserver - ok
09:05:41.0490 3200 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
09:05:41.0490 3200 MSKSSRV - ok
09:05:41.0506 3200 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
09:05:41.0506 3200 MSPCLOCK - ok
09:05:41.0506 3200 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
09:05:41.0506 3200 MSPQM - ok
09:05:41.0522 3200 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
09:05:41.0522 3200 MsRPC - ok
09:05:41.0537 3200 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
09:05:41.0537 3200 mssmbios - ok
09:05:41.0553 3200 MSSQL$SQL2012 (3ae13c9869b7ce1135bcf21c0aaa68ed) C:\Program Files\Microsoft SQL Server\MSSQL11.SQL2012\MSSQL\Binn\sqlservr.exe
09:05:41.0553 3200 MSSQL$SQL2012 - ok
09:05:41.0568 3200 MSSQL$SQLDEV01 - ok
09:05:41.0568 3200 MSSQL$SQLDEV02 - ok
09:05:41.0584 3200 MSSQLFDLauncher$SQLDEV01 (aa511eb28672011a1d832f73e302f0a0) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLDEV01\MSSQL\Binn\fdlauncher.exe
09:05:41.0584 3200 MSSQLFDLauncher$SQLDEV01 - ok
09:05:41.0584 3200 MSSQLFDLauncher$SQLDEV02 (6286605fe7c87ddc628e3ce41a15ffa6) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLDEV02\MSSQL\Binn\fdlauncher.exe
09:05:41.0584 3200 MSSQLFDLauncher$SQLDEV02 - ok
09:05:41.0600 3200 MSSQLSERVER - ok
09:05:41.0615 3200 MSSQLServerADHelper100 (04ef36eaf5c4dbce424d81b76f1e9231) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
09:05:41.0615 3200 MSSQLServerADHelper100 - ok
09:05:41.0615 3200 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
09:05:41.0615 3200 MSTEE - ok
09:05:41.0615 3200 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
09:05:41.0615 3200 MTConfig - ok
09:05:41.0631 3200 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
09:05:41.0631 3200 Mup - ok
09:05:41.0646 3200 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
09:05:41.0662 3200 napagent - ok
09:05:41.0678 3200 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
09:05:41.0678 3200 NativeWifiP - ok
09:05:41.0740 3200 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
09:05:41.0740 3200 NDIS - ok
09:05:41.0756 3200 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
09:05:41.0756 3200 NdisCap - ok
09:05:41.0756 3200 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
09:05:41.0756 3200 NdisTapi - ok
09:05:41.0756 3200 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
09:05:41.0756 3200 Ndisuio - ok
09:05:41.0771 3200 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
09:05:41.0771 3200 NdisWan - ok
09:05:41.0787 3200 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
09:05:41.0787 3200 NDProxy - ok
09:05:41.0787 3200 Net Driver HPZ12 (b6cba9a0403e2c1a9ea03c33a4932e89) C:\Windows\system32\HPZinw12.dll
09:05:41.0802 3200 Net Driver HPZ12 - ok
09:05:41.0802 3200 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
09:05:41.0802 3200 NetBIOS - ok
09:05:41.0818 3200 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
09:05:41.0818 3200 NetBT - ok
09:05:41.0818 3200 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:05:41.0818 3200 Netlogon - ok
09:05:41.0849 3200 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
09:05:41.0849 3200 Netman - ok
09:05:41.0880 3200 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:05:41.0880 3200 NetMsmqActivator - ok
09:05:41.0896 3200 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:05:41.0896 3200 NetPipeActivator - ok
09:05:41.0927 3200 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
09:05:41.0927 3200 netprofm - ok
09:05:41.0927 3200 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:05:41.0927 3200 NetTcpActivator - ok
09:05:41.0927 3200 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:05:41.0927 3200 NetTcpPortSharing - ok
09:05:42.0286 3200 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
09:05:42.0348 3200 NETw5s64 - ok
09:05:42.0411 3200 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
09:05:42.0411 3200 nfrd960 - ok
09:05:42.0411 3200 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:05:42.0411 3200 NisDrv - ok
09:05:42.0442 3200 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
09:05:42.0442 3200 NisSrv - ok
09:05:42.0458 3200 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
09:05:42.0458 3200 NlaSvc - ok
09:05:42.0473 3200 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
09:05:42.0473 3200 Npfs - ok
09:05:42.0473 3200 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
09:05:42.0473 3200 nsi - ok
09:05:42.0473 3200 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
09:05:42.0473 3200 nsiproxy - ok
09:05:42.0567 3200 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
09:05:42.0582 3200 Ntfs - ok
09:05:42.0629 3200 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
09:05:42.0629 3200 Null - ok
09:05:42.0629 3200 nusb3hub (785298579b5f9b4032152dfbb992fdb6) C:\Windows\system32\DRIVERS\nusb3hub.sys
09:05:42.0629 3200 nusb3hub - ok
09:05:42.0645 3200 nusb3xhc (df2750481b4964814467c974f2b0eef1) C:\Windows\system32\DRIVERS\nusb3xhc.sys
09:05:42.0645 3200 nusb3xhc - ok
09:05:43.0004 3200 NVIDIA Performance Driver Service (53a7e1dea2e7fa22fd4f0c28c078f5a0) C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
09:05:43.0066 3200 NVIDIA Performance Driver Service - ok
09:05:43.0737 3200 nvlddmkm (f9efa2f16c2e2ce32918957b45037e01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:05:43.0799 3200 nvlddmkm - ok
09:05:43.0846 3200 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
09:05:43.0846 3200 nvraid - ok
09:05:43.0862 3200 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
09:05:43.0862 3200 nvstor - ok
09:05:43.0924 3200 nvsvc (cc2bc2650b1c34dc23a467d5ba1cc5f8) C:\Windows\system32\nvvsvc.exe
09:05:43.0940 3200 nvsvc - ok
09:05:43.0940 3200 NvtlService (53ad8d1a1e1ff3699cf0ba2fbd044915) C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
09:05:43.0955 3200 NvtlService - ok
09:05:43.0955 3200 NvtSp50 - ok
09:05:43.0955 3200 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
09:05:43.0971 3200 nv_agp - ok
09:05:44.0002 3200 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:05:44.0002 3200 odserv - ok
09:05:44.0018 3200 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
09:05:44.0018 3200 ohci1394 - ok
09:05:44.0033 3200 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:05:44.0033 3200 ose - ok
09:05:44.0049 3200 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:05:44.0049 3200 p2pimsvc - ok
09:05:44.0080 3200 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
09:05:44.0080 3200 p2psvc - ok
09:05:44.0096 3200 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
09:05:44.0096 3200 Parport - ok
09:05:44.0096 3200 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
09:05:44.0111 3200 partmgr - ok
09:05:44.0111 3200 PBADRV (363b3f857abee85767e01e3044c539cd) C:\Windows\system32\DRIVERS\PBADRV.sys
09:05:44.0111 3200 PBADRV - ok
09:05:44.0127 3200 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
09:05:44.0127 3200 PcaSvc - ok
09:05:44.0142 3200 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
09:05:44.0142 3200 pci - ok
09:05:44.0142 3200 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
09:05:44.0142 3200 pciide - ok
09:05:44.0158 3200 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
09:05:44.0158 3200 pcmcia - ok
09:05:44.0174 3200 PCTINDIS5X64 (b5d3c24e4ea8e6d4850e83dad8c510d4) C:\Windows\system32\PCTINDIS5X64.SYS
09:05:44.0174 3200 PCTINDIS5X64 - ok
09:05:44.0174 3200 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
09:05:44.0174 3200 pcw - ok
09:05:44.0174 3200 PDIHWCTL - ok
09:05:44.0220 3200 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
09:05:44.0220 3200 PEAUTH - ok
09:05:44.0314 3200 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
09:05:44.0330 3200 PeerDistSvc - ok
09:05:44.0361 3200 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
09:05:44.0361 3200 PerfHost - ok
09:05:44.0486 3200 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
09:05:44.0501 3200 pla - ok
09:05:44.0532 3200 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
09:05:44.0532 3200 PlugPlay - ok
09:05:44.0548 3200 Pml Driver HPZ12 (35ccb20b0d730b7764d049463e4b2ac5) C:\Windows\system32\HPZipm12.dll
09:05:44.0548 3200 Pml Driver HPZ12 - ok
09:05:44.0548 3200 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
09:05:44.0548 3200 PNRPAutoReg - ok
09:05:44.0564 3200 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:05:44.0564 3200 PNRPsvc - ok
09:05:44.0595 3200 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
09:05:44.0610 3200 PolicyAgent - ok
09:05:44.0626 3200 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
09:05:44.0626 3200 Power - ok
09:05:44.0642 3200 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
09:05:44.0642 3200 PptpMiniport - ok
09:05:44.0642 3200 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
09:05:44.0642 3200 Processor - ok
09:05:44.0657 3200 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
09:05:44.0657 3200 ProfSvc - ok
09:05:44.0657 3200 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:05:44.0657 3200 ProtectedStorage - ok
09:05:44.0673 3200 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
09:05:44.0673 3200 Psched - ok
09:05:44.0673 3200 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
09:05:44.0673 3200 PxHlpa64 - ok
09:05:44.0688 3200 qcfilterdl2k (868054a574da782027249133cf708cf4) C:\Windows\system32\DRIVERS\qcfilterdl2k.sys
09:05:44.0688 3200 qcfilterdl2k - ok
09:05:44.0704 3200 qcusbnetdl2k (4646087ffd856c4f126a942b6fe7ed50) C:\Windows\system32\DRIVERS\qcusbnetdl2k.sys
09:05:44.0704 3200 qcusbnetdl2k - ok
09:05:44.0704 3200 qcusbserdl2k (08beedeee06c19cff940feebb020bae5) C:\Windows\system32\DRIVERS\qcusbserdl2k.sys
09:05:44.0704 3200 qcusbserdl2k - ok
09:05:44.0735 3200 QDLService2kDell (e510cccc5eac0c8c2a87b500d40f6ef6) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe
09:05:44.0735 3200 QDLService2kDell - ok
09:05:44.0813 3200 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
09:05:44.0829 3200 ql2300 - ok
09:05:44.0876 3200 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
09:05:44.0876 3200 ql40xx - ok
09:05:44.0891 3200 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
09:05:44.0891 3200 QWAVE - ok
09:05:44.0907 3200 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
09:05:44.0907 3200 QWAVEdrv - ok
09:05:44.0907 3200 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
09:05:44.0907 3200 RasAcd - ok
09:05:44.0907 3200 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:05:44.0907 3200 RasAgileVpn - ok
09:05:44.0922 3200 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
09:05:44.0922 3200 RasAuto - ok
09:05:44.0938 3200 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:05:44.0938 3200 Rasl2tp - ok
09:05:44.0954 3200 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
09:05:44.0954 3200 RasMan - ok
09:05:44.0969 3200 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
09:05:44.0969 3200 RasPppoe - ok
09:05:44.0969 3200 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
09:05:44.0969 3200 RasSstp - ok
09:05:44.0985 3200 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
09:05:45.0000 3200 rdbss - ok
09:05:45.0000 3200 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
09:05:45.0000 3200 rdpbus - ok
09:05:45.0000 3200 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:05:45.0000 3200 RDPCDD - ok
09:05:45.0016 3200 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
09:05:45.0016 3200 RDPDR - ok
09:05:45.0032 3200 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
09:05:45.0032 3200 RDPENCDD - ok
09:05:45.0032 3200 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
09:05:45.0032 3200 RDPREFMP - ok
09:05:45.0032 3200 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
09:05:45.0032 3200 RdpVideoMiniport - ok
09:05:45.0047 3200 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
09:05:45.0047 3200 RDPWD - ok
09:05:45.0063 3200 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
09:05:45.0063 3200 rdyboost - ok
09:05:45.0125 3200 RegSrvc (3b71b5b91e7dca93585d5a86c897adc4) c:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
09:05:45.0125 3200 RegSrvc - ok
09:05:45.0141 3200 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
09:05:45.0141 3200 RemoteAccess - ok
09:05:45.0156 3200 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
09:05:45.0156 3200 RemoteRegistry - ok
09:05:45.0156 3200 ReportServer - ok
09:05:45.0188 3200 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
09:05:45.0188 3200 RFCOMM - ok
09:05:45.0188 3200 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
09:05:45.0188 3200 RimVSerPort - ok
09:05:45.0188 3200 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
09:05:45.0188 3200 ROOTMODEM - ok
09:05:45.0203 3200 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
09:05:45.0203 3200 RpcEptMapper - ok
09:05:45.0203 3200 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
09:05:45.0203 3200 RpcLocator - ok
09:05:45.0234 3200 Rpcnet (6684437f3628ef237c354f77d33426d1) C:\Windows\SysWOW64\rpcnet.exe
09:05:45.0234 3200 Rpcnet - ok
09:05:45.0281 3200 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
09:05:45.0281 3200 RpcSs - ok
09:05:45.0297 3200 RsFx0105 (c9fe05a63c500abe3afa5786504c4d36) C:\Windows\system32\DRIVERS\RsFx0105.sys
09:05:45.0297 3200 RsFx0105 - ok
09:05:45.0328 3200 RsFx0151 (c606c5f712a3761896ceffa4af6b1268) C:\Windows\system32\DRIVERS\RsFx0151.sys
09:05:45.0328 3200 RsFx0151 - ok
09:05:45.0344 3200 RsFx0200 (5aa85332cb1694871b2f0704e0fc9113) C:\Windows\system32\DRIVERS\RsFx0200.sys
09:05:45.0344 3200 RsFx0200 - ok
09:05:45.0344 3200 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
09:05:45.0359 3200 rspndr - ok
09:05:45.0359 3200 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
09:05:45.0359 3200 s3cap - ok
09:05:45.0359 3200 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:05:45.0359 3200 SamSs - ok
09:05:45.0375 3200 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
09:05:45.0375 3200 sbp2port - ok
09:05:45.0390 3200 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
09:05:45.0390 3200 SCardSvr - ok
09:05:45.0390 3200 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
09:05:45.0390 3200 scfilter - ok
09:05:45.0453 3200 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
09:05:45.0468 3200 Schedule - ok
09:05:45.0468 3200 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:05:45.0468 3200 SCPolicySvc - ok
09:05:45.0484 3200 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
09:05:45.0484 3200 sdbus - ok
09:05:45.0515 3200 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
09:05:45.0515 3200 SDRSVC - ok
09:05:45.0531 3200 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
09:05:45.0531 3200 SeaPort - ok
09:05:45.0546 3200 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:05:45.0546 3200 secdrv - ok
09:05:45.0546 3200 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
09:05:45.0546 3200 seclogon - ok
09:05:45.0624 3200 SecureStorageService (38a40e111abdf0862b72bb37a8bd5e62) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
09:05:45.0640 3200 SecureStorageService - ok
09:05:45.0671 3200 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
09:05:45.0671 3200 SENS - ok
09:05:45.0687 3200 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
09:05:45.0687 3200 SensrSvc - ok
09:05:45.0687 3200 SeqCal (a33e0921d0c256e348e0f6d66c77b7f7) C:\Windows\system32\DRIVERS\SeqCal.sys
09:05:45.0687 3200 SeqCal - ok
09:05:45.0702 3200 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
09:05:45.0702 3200 Serenum - ok
09:05:45.0702 3200 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
09:05:45.0702 3200 Serial - ok
09:05:45.0702 3200 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
09:05:45.0718 3200 sermouse - ok
09:05:45.0718 3200 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
09:05:45.0718 3200 SessionEnv - ok
09:05:45.0734 3200 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
09:05:45.0734 3200 sffdisk - ok
09:05:45.0734 3200 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
09:05:45.0734 3200 sffp_mmc - ok
09:05:45.0734 3200 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
09:05:45.0734 3200 sffp_sd - ok
09:05:45.0734 3200 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
09:05:45.0749 3200 sfloppy - ok
09:05:45.0765 3200 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
09:05:45.0765 3200 ShellHWDetection - ok
09:05:45.0780 3200 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:05:45.0780 3200 SiSRaid2 - ok
09:05:45.0780 3200 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
09:05:45.0780 3200 SiSRaid4 - ok
09:05:45.0796 3200 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
09:05:45.0796 3200 SkypeUpdate - ok
09:05:45.0812 3200 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
09:05:45.0812 3200 Smb - ok
09:05:45.0827 3200 SMManager (86fd0dc0f68f439bb45d640d2706cac4) C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
09:05:45.0827 3200 SMManager - ok
09:05:45.0843 3200 snapman (10450f432811d7fda60a97fcc674d7b2) C:\Windows\system32\DRIVERS\snapman.sys
09:05:45.0843 3200 snapman - ok
09:05:45.0858 3200 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
09:05:45.0858 3200 SNMPTRAP - ok
09:05:45.0890 3200 SplashtopRemoteService (ccf611a259882d8cf4dbabae2341ee31) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
09:05:45.0890 3200 SplashtopRemoteService - ok
09:05:45.0905 3200 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
09:05:45.0905 3200 spldr - ok
09:05:45.0936 3200 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
09:05:45.0936 3200 Spooler - ok
09:05:46.0124 3200 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
09:05:46.0155 3200 sppsvc - ok
09:05:46.0202 3200 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
09:05:46.0202 3200 sppuinotify - ok
09:05:46.0217 3200 SQL Server Distributed Replay Client (bfbf5b7808b471d90a8e100463b80d34) C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe
09:05:46.0233 3200 SQL Server Distributed Replay Client - ok
09:05:46.0248 3200 SQL Server Distributed Replay Controller (5bef14cb9463370ecba6e129c7f609c9) C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe
09:05:46.0248 3200 SQL Server Distributed Replay Controller - ok
09:05:46.0295 3200 SQLAgent$SQL2012 (b70faf0c7c5737aa6973e14b45477730) C:\Program Files\Microsoft SQL Server\MSSQL11.SQL2012\MSSQL\Binn\SQLAGENT.EXE
09:05:46.0295 3200 SQLAgent$SQL2012 - ok
09:05:46.0342 3200 SQLAgent$SQLDEV01 (3420e0482ad95120b471b7328a8d7d08) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLDEV01\MSSQL\Binn\SQLAGENT.EXE
09:05:46.0342 3200 SQLAgent$SQLDEV01 - ok
09:05:46.0373 3200 SQLAgent$SQLDEV02 (45e65fb17a4cd5facbd3ca16c8334c82) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLDEV02\MSSQL\Binn\SQLAGENT.EXE
09:05:46.0389 3200 SQLAgent$SQLDEV02 - ok
09:05:46.0404 3200 SQLBrowser (e9254892a2d74e537bad3092f0f8ee40) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
09:05:46.0420 3200 SQLBrowser - ok
09:05:46.0436 3200 SQLSentryServer (d60adc88ecdac9b716effd1a124f31e7) C:\Program Files\SQL Sentry\6.0\SQLSentryServer.exe
09:05:46.0436 3200 SQLSentryServer - ok
09:05:46.0467 3200 SQLSERVERAGENT (3420e0482ad95120b471b7328a8d7d08) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
09:05:46.0482 3200 SQLSERVERAGENT - ok
09:05:46.0482 3200 SQLWriter (ead5300c93946b0250a309e2bf2be4cf) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
09:05:46.0498 3200 SQLWriter - ok
09:05:46.0560 3200 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
09:05:46.0576 3200 srv - ok
09:05:46.0592 3200 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
09:05:46.0607 3200 srv2 - ok
09:05:46.0607 3200 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
09:05:46.0623 3200 srvnet - ok
09:05:46.0623 3200 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
09:05:46.0638 3200 SSDPSRV - ok
09:05:46.0638 3200 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
09:05:46.0638 3200 SstpSvc - ok
09:05:46.0670 3200 SSUService (1cfa4a1f3c7bb4c8f299e00428eb8677) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
09:05:46.0670 3200 SSUService - ok
09:05:46.0685 3200 STacSV (82611146bae413cd44a66b8da6da9945) C:\Program Files\IDT\WDM\STacSV64.exe
09:05:46.0685 3200 STacSV - ok
09:05:46.0716 3200 Stereo Service (24341e7270c2fdd7557fd34b5a058a6b) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
09:05:46.0716 3200 Stereo Service - ok
09:05:46.0732 3200 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
09:05:46.0732 3200 stexstor - ok
09:05:46.0763 3200 STHDA (7f43422bee65cd1284fed6c4fa577d5e) C:\Windows\system32\DRIVERS\stwrt64.sys
09:05:46.0763 3200 STHDA - ok
09:05:46.0763 3200 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
09:05:46.0763 3200 StillCam - ok
09:05:46.0794 3200 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
09:05:46.0810 3200 stisvc - ok
09:05:46.0826 3200 stllssvr (e476c66713c842f58e61a95826ed1d57) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
09:05:46.0826 3200 stllssvr - ok
09:05:46.0826 3200 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
09:05:46.0826 3200 storflt - ok
09:05:46.0826 3200 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
09:05:46.0841 3200 storvsc - ok
09:05:46.0841 3200 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
09:05:46.0841 3200 swenum - ok
09:05:46.0841 3200 swmsflt (179de6936fbb0702f89535b27e311b1f) C:\Windows\System32\drivers\swmsflt.sys
09:05:46.0841 3200 swmsflt - ok
09:05:46.0857 3200 SWNC8U12 (808cb62212dd7a934074ed65d3106948) C:\Windows\system32\DRIVERS\swnc8u12.sys
09:05:46.0857 3200 SWNC8U12 - ok
09:05:46.0888 3200 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
09:05:46.0904 3200 swprv - ok
09:05:46.0919 3200 SWUMX12 (df3f437a890a77cce5e3fd7b7bb93585) C:\Windows\system32\DRIVERS\swumx12.sys
09:05:46.0919 3200 SWUMX12 - ok
09:05:46.0935 3200 Synth3dVsc - ok
09:05:46.0950 3200 SynTP (064a2530a4a7c7cec1be6a1945645be4) C:\Windows\system32\DRIVERS\SynTP.sys
09:05:46.0950 3200 SynTP - ok
09:05:47.0028 3200 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
09:05:47.0060 3200 SysMain - ok
09:05:47.0091 3200 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
09:05:47.0091 3200 TabletInputService - ok
09:05:47.0122 3200 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
09:05:47.0122 3200 TapiSrv - ok
09:05:47.0122 3200 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
09:05:47.0122 3200 TBS - ok
09:05:47.0247 3200 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
09:05:47.0262 3200 Tcpip - ok
09:05:47.0403 3200 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
09:05:47.0403 3200 TCPIP6 - ok
09:05:47.0450 3200 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
09:05:47.0450 3200 tcpipreg - ok
09:05:47.0528 3200 tcsd_win32.exe (69f1a38a6dbfe682491cb61a596662e3) C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
09:05:47.0528 3200 tcsd_win32.exe - ok
09:05:47.0684 3200 TdmService (8c6740f641a1c3d56a1a396aeb0158e7) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
09:05:47.0715 3200 TdmService - ok
09:05:47.0762 3200 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
09:05:47.0762 3200 TDPIPE - ok
09:05:47.0840 3200 tdrpman273 (99527d49ee0a96fc25537c61b270a372) C:\Windows\system32\DRIVERS\tdrpm273.sys
09:05:47.0855 3200 tdrpman273 - ok
09:05:47.0855 3200 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
09:05:47.0855 3200 TDTCP - ok
09:05:47.0871 3200 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
09:05:47.0871 3200 tdx - ok
09:05:47.0871 3200 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
09:05:47.0871 3200 TermDD - ok
09:05:47.0902 3200 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
09:05:47.0918 3200 TermService - ok
09:05:47.0918 3200 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
09:05:47.0918 3200 Themes - ok
09:05:47.0933 3200 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:05:47.0933 3200 THREADORDER - ok
09:05:47.0949 3200 tifm21 (8a76949e0f461fddc147491b0c5b28c3) C:\Windows\system32\drivers\tifm21.sys
09:05:47.0949 3200 tifm21 - ok
09:05:47.0996 3200 timounter (ebbaea02f0095a798000c7e06b16d41b) C:\Windows\system32\DRIVERS\timntr.sys
09:05:47.0996 3200 timounter - ok
09:05:48.0011 3200 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
09:05:48.0011 3200 TrkWks - ok
09:05:48.0027 3200 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
09:05:48.0027 3200 TrustedInstaller - ok
09:05:48.0027 3200 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:05:48.0027 3200 tssecsrv - ok
09:05:48.0042 3200 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
09:05:48.0042 3200 TsUsbFlt - ok
09:05:48.0042 3200 tsusbhub - ok
09:05:48.0339 3200 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
09:05:48.0339 3200 tunnel - ok
09:05:48.0339 3200 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
09:05:48.0354 3200 uagp35 - ok
09:05:48.0370 3200 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
09:05:48.0370 3200 udfs - ok
09:05:48.0370 3200 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
09:05:48.0386 3200 UI0Detect - ok
09:05:48.0386 3200 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
09:05:48.0386 3200 uliagpkx - ok
09:05:48.0386 3200 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
09:05:48.0386 3200 umbus - ok
09:05:48.0401 3200 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
09:05:48.0401 3200 UmPass - ok
09:05:48.0417 3200 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
09:05:48.0417 3200 UmRdpService - ok
09:05:48.0432 3200 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
09:05:48.0448 3200 upnphost - ok
09:05:48.0448 3200 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
09:05:48.0448 3200 USBAAPL64 - ok
09:05:48.0464 3200 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
09:05:48.0464 3200 usbaudio - ok
09:05:48.0479 3200 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
09:05:48.0479 3200 usbccgp - ok
09:05:48.0479 3200 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
09:05:48.0495 3200 usbcir - ok
09:05:48.0495 3200 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
09:05:48.0495 3200 usbehci - ok
09:05:48.0510 3200 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
09:05:48.0526 3200 usbhub - ok
09:05:48.0526 3200 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
09:05:48.0526 3200 usbohci - ok
09:05:48.0526 3200 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
09:05:48.0542 3200 usbprint - ok
09:05:48.0542 3200 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
09:05:48.0542 3200 usbscan - ok
09:05:48.0542 3200 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:05:48.0557 3200 USBSTOR - ok
09:05:48.0557 3200 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
09:05:48.0557 3200 usbuhci - ok
09:05:48.0573 3200 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
09:05:48.0573 3200 usbvideo - ok
09:05:48.0573 3200 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
09:05:48.0573 3200 UxSms - ok
09:05:48.0573 3200 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:05:48.0573 3200 VaultSvc - ok
09:05:48.0604 3200 VBoxDrv (c30f3d43ceb6f79ade9b805387e5f63c) C:\Windows\system32\DRIVERS\VBoxDrv.sys
09:05:48.0604 3200 VBoxDrv - ok
09:05:48.0604 3200 VBoxNetAdp (8acf22b86ce4e85c23e3e9513bf45c37) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
09:05:48.0604 3200 VBoxNetAdp - ok
09:05:48.0620 3200 VBoxNetFlt (7b657669c53a0e6583f07ebaa303d9ea) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
09:05:48.0620 3200 VBoxNetFlt - ok
09:05:48.0635 3200 VBoxUSBMon (cf3ee68cd9723e9f21e3198a0f690400) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
09:05:48.0635 3200 VBoxUSBMon - ok
09:05:48.0635 3200 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
09:05:48.0635 3200 vdrvroot - ok
09:05:48.0666 3200 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
09:05:48.0666 3200 vds - ok
09:05:48.0666 3200 vflt (00c7df4f50962ba218ab60d32869100b) C:\Windows\system32\DRIVERS\vfilter.sys
09:05:48.0666 3200 vflt - ok
09:05:48.0682 3200 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
09:05:48.0682 3200 vga - ok
09:05:48.0682 3200 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
09:05:48.0682 3200 VgaSave - ok
09:05:48.0682 3200 VGPU - ok
09:05:48.0698 3200 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
09:05:48.0698 3200 vhdmp - ok
09:05:48.0698 3200 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
09:05:48.0698 3200 viaide - ok
09:05:48.0713 3200 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
09:05:48.0713 3200 vmbus - ok
09:05:48.0729 3200 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
09:05:48.0729 3200 VMBusHID - ok
09:05:48.0729 3200 vnet (a99ca064ad11266fe7067a79bf78bbb5) C:\Windows\system32\DRIVERS\virtualnet.sys
09:05:48.0729 3200 vnet - ok
09:05:48.0729 3200 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
09:05:48.0729 3200 volmgr - ok
09:05:48.0744 3200 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
09:05:48.0760 3200 volmgrx - ok
09:05:48.0760 3200 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
09:05:48.0776 3200 volsnap - ok
09:05:48.0776 3200 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
09:05:48.0776 3200 vpcbus - ok
09:05:48.0791 3200 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
09:05:48.0791 3200 vpcnfltr - ok
09:05:48.0791 3200 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
09:05:48.0791 3200 vpcusb - ok
09:05:48.0807 3200 vpcuxd (63f4e10873beb4124028c6d1a66b0968) C:\Windows\system32\drivers\vpcuxd.sys
09:05:48.0807 3200 vpcuxd - ok
09:05:48.0822 3200 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
09:05:48.0822 3200 vpcvmm - ok
09:05:48.0854 3200 vpnagent (3b98ab9849754cb88265111422441df7) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
09:05:48.0869 3200 vpnagent - ok
09:05:48.0869 3200 vpnva (13e6d95e7ac67abb7a1196557ef8849f) C:\Windows\system32\DRIVERS\vpnva64.sys
09:05:48.0869 3200 vpnva - ok
09:05:48.0885 3200 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
09:05:48.0885 3200 vsmraid - ok
09:05:48.0885 3200 VSPerfDrv100 (ca64a8838b4674d14bdf88aba2f253ea) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
09:05:48.0900 3200 VSPerfDrv100 - ok
09:05:48.0978 3200 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
09:05:48.0994 3200 VSS - ok
09:05:49.0041 3200 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
09:05:49.0041 3200 vwifibus - ok
09:05:49.0041 3200 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
09:05:49.0041 3200 vwififlt - ok
09:05:49.0041 3200 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
09:05:49.0056 3200 vwifimp - ok
09:05:49.0072 3200 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
09:05:49.0072 3200 W32Time - ok
09:05:49.0088 3200 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
09:05:49.0088 3200 WacomPen - ok
09:05:49.0088 3200 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:05:49.0088 3200 WANARP - ok
09:05:49.0088 3200 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:05:49.0088 3200 Wanarpv6 - ok
09:05:49.0166 3200 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
09:05:49.0181 3200 WatAdminSvc - ok
09:05:49.0259 3200 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
09:05:49.0275 3200 wbengine - ok
09:05:49.0322 3200 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
09:05:49.0322 3200 WbioSrvc - ok
09:05:49.0337 3200 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
09:05:49.0353 3200 wcncsvc - ok
09:05:49.0353 3200 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
09:05:49.0353 3200 WcsPlugInService - ok
09:05:49.0368 3200 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
09:05:49.0368 3200 Wd - ok
09:05:49.0368 3200 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
09:05:49.0368 3200 WDC_SAM - ok
09:05:49.0400 3200 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:05:49.0415 3200 Wdf01000 - ok
09:05:49.0415 3200 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:05:49.0415 3200 WdiServiceHost - ok
09:05:49.0415 3200 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:05:49.0431 3200 WdiSystemHost - ok
09:05:49.0446 3200 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
09:05:49.0446 3200 WebClient - ok
09:05:49.0446 3200 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
09:05:49.0462 3200 Wecsvc - ok
09:05:49.0462 3200 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
09:05:49.0462 3200 wercplsupport - ok
09:05:49.0478 3200 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
09:05:49.0478 3200 WerSvc - ok
09:05:49.0478 3200 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
09:05:49.0478 3200 WfpLwf - ok
09:05:49.0493 3200 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
09:05:49.0493 3200 WIMMount - ok
09:05:49.0493 3200 WinHttpAutoProxySvc - ok
09:05:49.0509 3200 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
09:05:49.0509 3200 Winmgmt - ok
09:05:49.0618 3200 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
09:05:49.0634 3200 WinRM - ok
09:05:49.0680 3200 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
09:05:49.0680 3200 WinUsb - ok
09:05:49.0727 3200 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
09:05:49.0727 3200 Wlansvc - ok
09:05:49.0868 3200 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:05:49.0883 3200 wlidsvc - ok
09:05:49.0930 3200 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
09:05:49.0930 3200 WmiAcpi - ok
09:05:49.0961 3200 WmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\System32\wbem\WmiApSrv.exe
09:05:49.0961 3200 WmiApSrv - ok
09:05:49.0961 3200 WMPNetworkSvc - ok
09:05:49.0992 3200 WMZuneComm (58540037a4a3eeeefa47c84100e1694f) C:\Program Files\Zune\WMZuneComm.exe
09:05:49.0992 3200 WMZuneComm - ok
09:05:49.0992 3200 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
09:05:50.0008 3200 WPCSvc - ok
09:05:50.0008 3200 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
09:05:50.0008 3200 WPDBusEnum - ok
09:05:50.0024 3200 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
09:05:50.0024 3200 ws2ifsl - ok
09:05:50.0024 3200 WSearch - ok
09:05:50.0133 3200 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
09:05:50.0164 3200 wuauserv - ok
09:05:50.0211 3200 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
09:05:50.0211 3200 WudfPf - ok
09:05:50.0226 3200 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:05:50.0226 3200 WUDFRd - ok
09:05:50.0226 3200 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
09:05:50.0242 3200 wudfsvc - ok
09:05:50.0258 3200 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
09:05:50.0258 3200 WwanSvc - ok
09:05:50.0663 3200 ZuneNetworkSvc (d6ef205269c2a584af6b56b9f95010f8) C:\Program Files\Zune\ZuneNss.exe
09:05:50.0741 3200 ZuneNetworkSvc - ok
09:05:50.0772 3200 ZuneWlanCfgSvc (7a565afe58f3822a9e622868e5cc0e5c) C:\Program Files\Zune\ZuneWlanCfgSvc.exe
09:05:50.0788 3200 ZuneWlanCfgSvc - ok
09:05:50.0804 3200 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl
09:05:50.0804 3200 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} - ok
09:05:50.0819 3200 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:05:50.0960 3200 \Device\Harddisk0\DR0 - ok
09:05:50.0960 3200 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
09:05:50.0960 3200 \Device\Harddisk1\DR1 - ok
09:05:50.0960 3200 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
09:05:52.0988 3200 \Device\Harddisk2\DR2 - ok
09:05:52.0988 3200 Boot (0x1200) (9363fff6462da8d7eb17d85859d1401a) \Device\Harddisk0\DR0\Partition0
09:05:53.0003 3200 \Device\Harddisk0\DR0\Partition0 - ok
09:05:53.0003 3200 Boot (0x1200) (771d327442911de893b09b9cd92502b9) \Device\Harddisk0\DR0\Partition1
09:05:53.0003 3200 \Device\Harddisk0\DR0\Partition1 - ok
09:05:53.0003 3200 Boot (0x1200) (7fff45e2b37cd5bd97cd630601f6641a) \Device\Harddisk1\DR1\Partition0
09:05:53.0003 3200 \Device\Harddisk1\DR1\Partition0 - ok
09:05:53.0003 3200 Boot (0x1200) (6b11b337d556573ff52c4d58900c1b5a) \Device\Harddisk2\DR2\Partition0
09:05:53.0003 3200 \Device\Harddisk2\DR2\Partition0 - ok
09:05:53.0003 3200 ============================================================
09:05:53.0003 3200 Scan finished
09:05:53.0003 3200 ============================================================
09:05:53.0003 1672 Detected object count: 0
09:05:53.0003 1672 Actual detected object count: 0



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-07 09:06:12
-----------------------------
09:06:12.940 OS Version: Windows x64 6.1.7601 Service Pack 1
09:06:12.940 Number of processors: 8 586 0x1E05
09:06:12.940 ComputerName: APPLECROSS UserName: paul
09:06:13.548 Initialize success
09:14:36.745 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:14:36.745 Disk 0 Vendor: SAMSUNG_ VBM2 Size: 244198MB BusType: 8
09:14:36.745 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
09:14:36.745 Disk 1 Vendor: SAMSUNG_ VBM2 Size: 244198MB BusType: 8
09:14:36.745 Disk 0 MBR read successfully
09:14:36.745 Disk 0 MBR scan
09:14:36.745 Disk 0 Windows 7 default MBR code
09:14:36.745 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 172 MB offset 63
09:14:36.760 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 750 MB offset 354304
09:14:36.760 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 243265 MB offset 1890304
09:14:36.901 Disk 0 scanning C:\Windows\system32\drivers
09:14:38.461 Service scanning
09:14:44.514 Modules scanning
09:14:44.514 Disk 0 trace - called modules:
09:14:44.529 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
09:14:44.529 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800ed66790]
09:14:44.529 3 CLASSPNP.SYS[fffff88001e0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800cd16050]
09:14:44.529 Scan finished successfully
09:15:18.444 Disk 0 MBR has been saved successfully to "C:\Users\paul\Desktop\MBR.dat"
09:15:18.444 The log file has been saved successfully to "C:\Users\paul\Desktop\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:01 AM

Posted 07 June 2012 - 03:29 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Paul Randal

Paul Randal
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 07 June 2012 - 03:30 AM

Windows firewall was disabled again and a Secure Shield virus installed. I had to remove ti with malwarebytes to stop the popups as I'm teaching and recording on my laptop (only one with me on UK trip from US). I don't think this will interfere with our efforts to remove the rootkit. Every so often I notice PING.EXEs running - these are downlaoding more viruses I suspect.

Thanks

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:01 AM

Posted 07 June 2012 - 03:49 AM

see my last post (we cross posted) and run combofix for me


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Paul Randal

Paul Randal
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 07 June 2012 - 04:02 AM

I had to reboot and now it bsod every boot attempt. Repair couldnt fix it so now trying a system restore from booting with F8. Safe mode boot doesn't work either.

Amy other suggestions to get it to boot? I'll have to get a Win7 disk and reformat at some point today if it won't boot as I have to be able to work on it.

I have access to other PCs in the hotel if there's anything I can stick on a USB drive to try.

Thanks!

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:01 AM

Posted 07 June 2012 - 07:20 AM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users