Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

W64\Sirefef.W and 80000000.@ HELP ME!!!!


  • This topic is locked This topic is locked
25 replies to this topic

#1 LadybugComputer

LadybugComputer

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 06 June 2012 - 02:59 PM

Hello!

I dont know what to do ....
I have symentec poping up evey 4 to 5 minutes (started 2 days ago) with the following message:

Scan type: Auto-Protect Scan
Event: Security Risk Found!
Security risk detected: Trojan.Gen.2
File: C:\Windows\Installer\{40122d1d-5cda-c293-c00c-c29575ecc641}\U\80000000.@
Location: C:\Windows\Installer\{40122d1d-5cda-c293-c00c-c29575ecc641}\U
Computer: CMILLWAPC1
User: SYSTEM
Action taken: Delete succeeded : Access denied
Date found: Wednesday, June 06, 2012 2:54:48 PM

I ran dds.scr, and here is the txt:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by cmillwa at 14:42:24 on 2012-06-06
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.8142.5206 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
c:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files (x86)\SAP\SAPsetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\SysWOW64\CCM\CcmExec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Altiris\Altiris Agent\AeXAgentUIHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\IBM\Lotus\Notes\NLNOTES.EXE
C:\Program Files (x86)\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.1.2.200808010926\win32\x86\eclipse.exe
C:\Program Files (x86)\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.6.0.20080709-200808010926\jre\bin\notes2w.exe
C:\Program Files (x86)\IBM\Lotus\Notes\ntaskldr.EXE
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000&st=10
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [ccApp] "c:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [AeXAgentLogon] C:\Program Files (x86)\Altiris\Altiris Agent\AeXAgentActivate.exe /logon
mRun: [SAP_WUS_UNT] "C:\Program Files (x86)\SAP\SAPsetup\Setup\Updater\NwSapSetupUserNotificationTool.exe"
mRun: [NUSB3MON] "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagIt32.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: johnsoncontrols.com\sslpilot
DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124}
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 10.15.96.10 10.10.43.87 10.10.46.53
TCP: Interfaces\{50BBCA62-E4CE-48B7-8A65-1247A6D9EDA3} : DhcpNameServer = 10.15.96.10 10.10.43.87 10.10.46.53
TCP: Interfaces\{875EC3AC-01EA-47D1-99F0-7146B1924865} : DhcpNameServer = 10.15.96.10 10.10.43.87 10.10.46.53
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [ccApp] "c:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [AeXAgentLogon] C:\Program Files (x86)\Altiris\Altiris Agent\AeXAgentActivate.exe /logon
mRun-x64: [SAP_WUS_UNT] "C:\Program Files (x86)\SAP\SAPsetup\Setup\Updater\NwSapSetupUserNotificationTool.exe"
mRun-x64: [NUSB3MON] "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Teefer3;Symantec Endpoint Protection Firewall;C:\Windows\system32\DRIVERS\Teefer3.sys --> C:\Windows\system32\DRIVERS\Teefer3.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 NWSAPAutoWorkstationUpdateSvc;SAPSetup Automatic Workstation Update Service;C:\Program Files (x86)\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe [2012-1-5 131736]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2011-12-9 1851224]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-6-4 138912]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-16 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 257696]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-16 136176]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2010-3-19 1120752]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 RsFx0150;RsFx0150 Driver;C:\Windows\system32\DRIVERS\RsFx0150.sys --> C:\Windows\system32\DRIVERS\RsFx0150.sys [?]
.
=============== Created Last 30 ================
.
2012-06-06 18:59:09 -------- d-----w- C:\Users\cmillwa\AppData\Roaming\smkits
2012-06-06 18:54:11 37540 ----a-w- C:\SNParser.tmp
2012-06-06 18:54:11 172032 ----a-w- C:\WBEMCLIENT.EXE
2012-06-06 18:51:44 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-06 16:58:26 98816 ----a-w- C:\Windows\sed.exe
2012-06-06 16:58:26 518144 ----a-w- C:\Windows\SWREG.exe
2012-06-06 16:58:26 256000 ----a-w- C:\Windows\PEV.exe
2012-06-06 16:58:26 208896 ----a-w- C:\Windows\MBR.exe
2012-06-06 15:01:29 -------- d-----w- C:\Program Files (x86)\ESET
2012-06-06 14:46:02 -------- d-----w- C:\Users\cmillwa\AppData\Local\{2E940762-17AD-4B5C-A4BD-3DE4CFBC9842}
2012-06-06 14:45:52 -------- d-----w- C:\Users\cmillwa\AppData\Local\{5ABCA449-82E4-4DEC-B0B0-2F9BCD0ABDEB}
2012-06-05 16:04:36 -------- d-----w- C:\Users\cmillwa\AppData\Roaming\Malwarebytes
2012-06-05 16:04:30 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-05 16:04:30 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-05 16:04:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-05 14:11:05 -------- d-----w- C:\Users\cmillwa\AppData\Local\{F2CDC3E6-D2A2-4901-A4BE-C23A93FFC08B}
2012-06-05 14:10:54 -------- d-----w- C:\Users\cmillwa\AppData\Local\{B77CAFD0-743A-4EB6-BA5B-37373B22FB25}
2012-06-04 22:14:06 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-06-04 15:03:01 -------- d-----w- C:\Users\cmillwa\AppData\Local\{7F313EED-87E9-4D96-AEE3-B560F2D45D50}
2012-06-04 15:02:49 -------- d-----w- C:\Users\cmillwa\AppData\Local\{A001CAEB-6F41-4FF1-B104-B91EC1A5DB61}
2012-06-04 14:30:51 930160 ----a-w- C:\Windows\System32\ccmcore.dll
2012-06-04 14:30:51 26464 ----a-w- C:\Windows\System32\xprslib.dll
2012-06-04 14:30:10 -------- d-----w- C:\Windows\ms
2012-05-23 14:17:58 -------- d-----w- C:\Users\cmillwa\AppData\Local\{1A8AC554-03D1-408C-94C2-E0CC237EC542}
2012-05-23 14:17:45 -------- d-----w- C:\Users\cmillwa\AppData\Local\{F210A1F7-1D99-41D6-8339-999D0E37F9A1}
2012-05-22 14:14:34 -------- d-----w- C:\Users\cmillwa\AppData\Local\{95A8210F-A86E-4475-A120-2F309381ACD5}
2012-05-22 14:14:20 -------- d-----w- C:\Users\cmillwa\AppData\Local\{3E0A88C0-BC3E-45AB-8401-20DC6E13D705}
2012-05-18 16:07:41 -------- d-----w- C:\Users\cmillwa\AppData\Local\{F5A52F84-7344-4EDB-97BB-F9ED32B303CE}
2012-05-18 16:07:30 -------- d-----w- C:\Users\cmillwa\AppData\Local\{60200CDA-C5CE-41AD-B4BA-588B53E6D57C}
2012-05-17 15:08:36 -------- d-----w- C:\Users\cmillwa\AppData\Local\{0350614D-FF94-4200-8434-A3673FB39018}
2012-05-17 15:08:23 -------- d-----w- C:\Users\cmillwa\AppData\Local\{DA4CAC94-352B-4132-80BE-7B53D5482B7C}
2012-05-11 16:07:53 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-11 16:07:53 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-11 16:07:40 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-11 16:07:39 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-11 16:07:39 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-11 16:07:39 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-11 16:00:52 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-11 16:00:31 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-11 16:00:14 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 16:00:14 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 16:00:13 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-11 16:00:12 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-11 16:00:12 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-11 14:19:55 -------- d-----w- C:\Users\cmillwa\AppData\Local\{4ABD407D-5465-4B77-A01C-4C7B52B2F4B4}
2012-05-11 14:19:43 -------- d-----w- C:\Users\cmillwa\AppData\Local\{F63E5621-20FB-4859-9981-8AC889FACB87}
2012-05-10 14:25:57 -------- d-----w- C:\Users\cmillwa\AppData\Local\{F7DBEEAB-BDF9-417C-8D95-DBAD3DDBDC39}
2012-05-10 14:25:43 -------- d-----w- C:\Users\cmillwa\AppData\Local\{1142BC73-D883-4655-AF86-61DAB7BE33E0}
2012-05-09 14:29:40 -------- d-----w- C:\Users\cmillwa\AppData\Local\{53ADE145-3522-4970-B573-55098511B970}
2012-05-09 14:29:29 -------- d-----w- C:\Users\cmillwa\AppData\Local\{178C8DC1-C488-4C80-933A-6218AE429E35}
.
==================== Find3M ====================
.
2012-06-04 14:32:25 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-04 14:32:24 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-09 14:51:06 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-03-08 23:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
.
============= FINISH: 14:42:38.90 ===============

Attached Files


Edited by LadybugComputer, 06 June 2012 - 03:11 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:19 AM

Posted 07 June 2012 - 02:26 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 LadybugComputer

LadybugComputer
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 07 June 2012 - 02:14 PM

Hello!

I apparently do not have the authority to be an admin on this win 7 machine so I cannot use repair mode. I called my local IT who would rather just wipe my machine, and I do not want to loose any data.

Can I run this from safe mode and get the same results as in repair mode?

Thanks!

#4 LadybugComputer

LadybugComputer
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 07 June 2012 - 02:30 PM

Also as another note - Symantec is now showing a notification about a blackhole toolkit. It does not show up in the logs, just as a system tray pop up, so I have not got the whole name yet.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:19 AM

Posted 07 June 2012 - 02:34 PM

Hello

I apparently do not have the authority to be an admin on this win 7 machine so I cannot use repair mode.

That may make it very difficult, I would start backing up anything you may want to keep between posts

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 LadybugComputer

LadybugComputer
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 07 June 2012 - 05:19 PM

Bad news. When I try and run combofix from my desktop I get an error "Error opening file for writing C:\32788R22FWJFW\License\iexplorer.exe

I tried to retry multiple times, and tried to ignore as well - but comobofix will never actually run - I only get the installer with the green font. I never get to the screen where it attempts to scan. I have tried rerunning again and again, and waiting up to 30 minutes to see if anything will run, and it does not.

I tried booting in safe mode and running it, still no luck. It looks like it is trying to work, as my windows toolbar (start bar) changes color and such and then nothing ever happens.

I keep getting system tray notifications that symentac is stopping a WebAttack: Balckhole Toolkit Website ## (the numbers are different, 17, 3, 21) It seems that these notifications are more frequent when I am trying to use the computer - as long as I just close all windows and stare at my computer like it is a paperweight it works fine. ha.

I am no longer getting the pop up about the 80000000.@ file from symantec, at first I thought this might be a good sign, but then I started to get the notifictions about the blackhole toolkit.

In looking at my add/remove programs I notice that on the day my issues started I had both an Adobe Flash Player 11 Active x update and a Microsoft Office 2003 Web Components installed. I do not recall doing any updates or downloads on Monday - but thought I would pass that info along.

I have also noticed that in my task manager I have 15-17 svchost.exe processes running. Some from system, network, and local. One is using 233,048K memory.

At this point I will be backing up my files on an external drive and will try what you want me to next, but I am preped to call our local IT guys and let them wipe the computer if needed. Let me know what I should try next.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:19 AM

Posted 07 June 2012 - 08:31 PM

Greetings

lets try and run these and see what happens


tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 LadybugComputer

LadybugComputer
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 08 June 2012 - 09:38 AM

Both ran just fine.

Here is the log for TDSS - it said it didnt find anything and it did not require a reboot

09:10:35.0139 7040 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
09:10:35.0561 7040 ============================================================
09:10:35.0561 7040 Current date / time: 2012/06/08 09:10:35.0561
09:10:35.0561 7040 SystemInfo:
09:10:35.0561 7040
09:10:35.0561 7040 OS Version: 6.1.7601 ServicePack: 1.0
09:10:35.0561 7040 Product type: Workstation
09:10:35.0561 7040 ComputerName: CMILLWAPC1
09:10:35.0561 7040 UserName: cmillwa
09:10:35.0561 7040 Windows directory: C:\Windows
09:10:35.0561 7040 System windows directory: C:\Windows
09:10:35.0561 7040 Running under WOW64
09:10:35.0561 7040 Processor architecture: Intel x64
09:10:35.0561 7040 Number of processors: 8
09:10:35.0561 7040 Page size: 0x1000
09:10:35.0561 7040 Boot type: Normal boot
09:10:35.0561 7040 ============================================================
09:10:37.0370 7040 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:10:37.0386 7040 ============================================================
09:10:37.0386 7040 \Device\Harddisk0\DR0:
09:10:37.0386 7040 MBR partitions:
09:10:37.0386 7040 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
09:10:37.0386 7040 ============================================================
09:10:37.0526 7040 C: <-> \Device\Harddisk0\DR0\Partition0
09:10:37.0526 7040 ============================================================
09:10:37.0526 7040 Initialize success
09:10:37.0526 7040 ============================================================
09:10:41.0505 4860 ============================================================
09:10:41.0505 4860 Scan started
09:10:41.0505 4860 Mode: Manual;
09:10:41.0505 4860 ============================================================
09:10:43.0283 4860 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
09:10:43.0283 4860 1394ohci - ok
09:10:43.0314 4860 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
09:10:43.0314 4860 Accelerometer - ok
09:10:43.0392 4860 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
09:10:43.0392 4860 ACPI - ok
09:10:43.0424 4860 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
09:10:43.0424 4860 AcpiPmi - ok
09:10:43.0580 4860 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:10:43.0595 4860 AdobeARMservice - ok
09:10:43.0845 4860 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:10:43.0861 4860 AdobeFlashPlayerUpdateSvc - ok
09:10:44.0001 4860 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
09:10:44.0001 4860 adp94xx - ok
09:10:44.0079 4860 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
09:10:44.0079 4860 adpahci - ok
09:10:44.0126 4860 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
09:10:44.0126 4860 adpu320 - ok
09:10:44.0173 4860 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
09:10:44.0173 4860 AeLookupSvc - ok
09:10:44.0297 4860 AeXNSClient (9203ad68320587889ddddc0df6648c29) C:\Program Files (x86)\Altiris\Altiris Agent\AeXNSAgent.exe
09:10:44.0313 4860 AeXNSClient - ok
09:10:44.0422 4860 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
09:10:44.0422 4860 AFD - ok
09:10:44.0531 4860 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
09:10:44.0547 4860 AgereSoftModem - ok
09:10:44.0578 4860 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
09:10:44.0594 4860 agp440 - ok
09:10:44.0625 4860 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
09:10:44.0625 4860 ALG - ok
09:10:44.0656 4860 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
09:10:44.0656 4860 aliide - ok
09:10:44.0672 4860 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
09:10:44.0672 4860 amdide - ok
09:10:44.0703 4860 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
09:10:44.0703 4860 AmdK8 - ok
09:10:44.0719 4860 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
09:10:44.0719 4860 AmdPPM - ok
09:10:44.0750 4860 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
09:10:44.0750 4860 amdsata - ok
09:10:44.0797 4860 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
09:10:44.0797 4860 amdsbs - ok
09:10:44.0812 4860 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
09:10:44.0812 4860 amdxata - ok
09:10:44.0921 4860 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
09:10:44.0921 4860 AppHostSvc - ok
09:10:44.0968 4860 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
09:10:44.0968 4860 AppID - ok
09:10:44.0999 4860 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
09:10:44.0999 4860 AppIDSvc - ok
09:10:45.0015 4860 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
09:10:45.0015 4860 Appinfo - ok
09:10:45.0046 4860 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
09:10:45.0046 4860 AppMgmt - ok
09:10:45.0077 4860 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
09:10:45.0077 4860 arc - ok
09:10:45.0109 4860 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
09:10:45.0109 4860 arcsas - ok
09:10:45.0140 4860 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
09:10:45.0140 4860 AsyncMac - ok
09:10:45.0171 4860 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
09:10:45.0171 4860 atapi - ok
09:10:45.0296 4860 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:10:45.0311 4860 AudioEndpointBuilder - ok
09:10:45.0327 4860 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:10:45.0327 4860 AudioSrv - ok
09:10:45.0389 4860 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
09:10:45.0389 4860 AxInstSV - ok
09:10:45.0467 4860 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
09:10:45.0483 4860 b06bdrv - ok
09:10:45.0530 4860 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:10:45.0530 4860 b57nd60a - ok
09:10:45.0577 4860 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
09:10:45.0577 4860 BDESVC - ok
09:10:45.0592 4860 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
09:10:45.0592 4860 Beep - ok
09:10:45.0686 4860 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
09:10:45.0686 4860 BFE - ok
09:10:45.0795 4860 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
09:10:45.0811 4860 BITS - ok
09:10:45.0858 4860 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
09:10:45.0858 4860 blbdrive - ok
09:10:45.0904 4860 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
09:10:45.0904 4860 bowser - ok
09:10:45.0936 4860 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:10:45.0936 4860 BrFiltLo - ok
09:10:45.0936 4860 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:10:45.0951 4860 BrFiltUp - ok
09:10:45.0982 4860 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
09:10:45.0982 4860 BridgeMP - ok
09:10:46.0060 4860 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
09:10:46.0060 4860 Browser - ok
09:10:46.0092 4860 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
09:10:46.0107 4860 Brserid - ok
09:10:46.0123 4860 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
09:10:46.0123 4860 BrSerWdm - ok
09:10:46.0154 4860 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:10:46.0154 4860 BrUsbMdm - ok
09:10:46.0154 4860 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
09:10:46.0154 4860 BrUsbSer - ok
09:10:46.0201 4860 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
09:10:46.0201 4860 BthEnum - ok
09:10:46.0216 4860 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
09:10:46.0216 4860 BTHMODEM - ok
09:10:46.0263 4860 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
09:10:46.0263 4860 BthPan - ok
09:10:46.0310 4860 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
09:10:46.0310 4860 BTHPORT - ok
09:10:46.0357 4860 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
09:10:46.0357 4860 bthserv - ok
09:10:46.0372 4860 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
09:10:46.0372 4860 BTHUSB - ok
09:10:46.0388 4860 catchme - ok
09:10:46.0575 4860 ccEvtMgr (bda4e1060947fb60585e6cec32b18353) c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
09:10:46.0575 4860 ccEvtMgr - ok
09:10:46.0840 4860 CcmExec (a454a9baa25b8c8e76735dd86bd4b017) C:\Windows\SysWOW64\CCM\CcmExec.exe
09:10:46.0856 4860 CcmExec - ok
09:10:46.0856 4860 ccSetMgr (bda4e1060947fb60585e6cec32b18353) c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
09:10:46.0856 4860 ccSetMgr - ok
09:10:47.0012 4860 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
09:10:47.0012 4860 cdfs - ok
09:10:47.0090 4860 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
09:10:47.0090 4860 cdrom - ok
09:10:47.0168 4860 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:10:47.0168 4860 CertPropSvc - ok
09:10:47.0230 4860 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
09:10:47.0230 4860 circlass - ok
09:10:47.0324 4860 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
09:10:47.0340 4860 CLFS - ok
09:10:47.0433 4860 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:10:47.0449 4860 clr_optimization_v2.0.50727_32 - ok
09:10:47.0480 4860 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:10:47.0480 4860 clr_optimization_v2.0.50727_64 - ok
09:10:47.0542 4860 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:10:47.0558 4860 clr_optimization_v4.0.30319_32 - ok
09:10:47.0589 4860 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:10:47.0589 4860 clr_optimization_v4.0.30319_64 - ok
09:10:47.0636 4860 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
09:10:47.0636 4860 CmBatt - ok
09:10:47.0667 4860 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
09:10:47.0667 4860 cmdide - ok
09:10:47.0745 4860 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
09:10:47.0761 4860 CNG - ok
09:10:47.0792 4860 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
09:10:47.0792 4860 Compbatt - ok
09:10:47.0823 4860 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
09:10:47.0823 4860 CompositeBus - ok
09:10:47.0839 4860 COMSysApp - ok
09:10:47.0870 4860 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
09:10:47.0870 4860 crcdisk - ok
09:10:47.0932 4860 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
09:10:47.0932 4860 CryptSvc - ok
09:10:47.0995 4860 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
09:10:48.0010 4860 CSC - ok
09:10:48.0120 4860 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
09:10:48.0135 4860 CscService - ok
09:10:48.0213 4860 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
09:10:48.0213 4860 CVirtA - ok
09:10:48.0385 4860 CVPND (66257cb4e4fb69887cddc71663741435) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
09:10:48.0401 4860 CVPND - ok
09:10:48.0635 4860 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
09:10:48.0635 4860 CVPNDRVA - ok
09:10:48.0697 4860 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
09:10:48.0697 4860 dc3d - ok
09:10:48.0806 4860 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
09:10:48.0822 4860 DcomLaunch - ok
09:10:48.0869 4860 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
09:10:48.0869 4860 defragsvc - ok
09:10:48.0947 4860 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
09:10:48.0962 4860 DfsC - ok
09:10:49.0009 4860 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
09:10:49.0025 4860 Dhcp - ok
09:10:49.0056 4860 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
09:10:49.0056 4860 discache - ok
09:10:49.0118 4860 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
09:10:49.0118 4860 Disk - ok
09:10:49.0181 4860 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
09:10:49.0181 4860 DNE - ok
09:10:49.0290 4860 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
09:10:49.0321 4860 Dnscache - ok
09:10:49.0383 4860 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
09:10:49.0399 4860 dot3svc - ok
09:10:49.0446 4860 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
09:10:49.0461 4860 DPS - ok
09:10:49.0493 4860 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
09:10:49.0493 4860 drmkaud - ok
09:10:49.0633 4860 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
09:10:49.0649 4860 DXGKrnl - ok
09:10:49.0727 4860 e1cexpress (faf4969bddee7786862bbd75f4b499de) C:\Windows\system32\DRIVERS\e1c62x64.sys
09:10:49.0742 4860 e1cexpress - ok
09:10:49.0789 4860 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
09:10:49.0789 4860 E1G60 - ok
09:10:49.0820 4860 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
09:10:49.0820 4860 EapHost - ok
09:10:50.0273 4860 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
09:10:50.0351 4860 ebdrv - ok
09:10:50.0538 4860 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
09:10:50.0538 4860 eeCtrl - ok
09:10:50.0741 4860 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
09:10:50.0741 4860 EFS - ok
09:10:50.0866 4860 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
09:10:50.0881 4860 ehRecvr - ok
09:10:50.0912 4860 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
09:10:50.0912 4860 ehSched - ok
09:10:51.0022 4860 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
09:10:51.0037 4860 elxstor - ok
09:10:51.0162 4860 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
09:10:51.0162 4860 EraserUtilRebootDrv - ok
09:10:51.0209 4860 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
09:10:51.0209 4860 ErrDev - ok
09:10:51.0287 4860 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
09:10:51.0302 4860 EventSystem - ok
09:10:51.0334 4860 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
09:10:51.0334 4860 exfat - ok
09:10:51.0349 4860 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
09:10:51.0365 4860 fastfat - ok
09:10:51.0458 4860 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
09:10:51.0474 4860 Fax - ok
09:10:51.0490 4860 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
09:10:51.0490 4860 fdc - ok
09:10:51.0521 4860 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
09:10:51.0521 4860 fdPHost - ok
09:10:51.0536 4860 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
09:10:51.0536 4860 FDResPub - ok
09:10:51.0568 4860 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
09:10:51.0568 4860 FileInfo - ok
09:10:51.0583 4860 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
09:10:51.0583 4860 Filetrace - ok
09:10:51.0958 4860 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:10:51.0989 4860 FLEXnet Licensing Service - ok
09:10:52.0020 4860 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
09:10:52.0020 4860 flpydisk - ok
09:10:52.0082 4860 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
09:10:52.0082 4860 FltMgr - ok
09:10:52.0160 4860 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
09:10:52.0176 4860 FontCache - ok
09:10:52.0285 4860 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:10:52.0285 4860 FontCache3.0.0.0 - ok
09:10:52.0363 4860 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
09:10:52.0363 4860 FsDepends - ok
09:10:52.0426 4860 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
09:10:52.0426 4860 Fs_Rec - ok
09:10:52.0472 4860 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
09:10:52.0488 4860 fvevol - ok
09:10:52.0519 4860 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:10:52.0519 4860 gagp30kx - ok
09:10:52.0675 4860 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
09:10:52.0691 4860 gpsvc - ok
09:10:52.0863 4860 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:10:52.0894 4860 gupdate - ok
09:10:52.0909 4860 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:10:52.0909 4860 gupdatem - ok
09:10:53.0050 4860 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
09:10:53.0065 4860 gusvc - ok
09:10:53.0097 4860 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
09:10:53.0097 4860 hcw85cir - ok
09:10:53.0175 4860 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
09:10:53.0175 4860 HdAudAddService - ok
09:10:53.0253 4860 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
09:10:53.0253 4860 HDAudBus - ok
09:10:53.0284 4860 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
09:10:53.0284 4860 HidBatt - ok
09:10:53.0299 4860 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
09:10:53.0299 4860 HidBth - ok
09:10:53.0315 4860 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
09:10:53.0315 4860 HidIr - ok
09:10:53.0346 4860 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
09:10:53.0346 4860 hidserv - ok
09:10:53.0362 4860 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
09:10:53.0362 4860 HidUsb - ok
09:10:53.0424 4860 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
09:10:53.0424 4860 hkmsvc - ok
09:10:53.0487 4860 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
09:10:53.0502 4860 HomeGroupListener - ok
09:10:53.0565 4860 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
09:10:53.0565 4860 HomeGroupProvider - ok
09:10:53.0627 4860 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
09:10:53.0627 4860 hpdskflt - ok
09:10:53.0689 4860 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
09:10:53.0705 4860 HpSAMD - ok
09:10:53.0736 4860 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
09:10:53.0736 4860 hpsrv - ok
09:10:53.0877 4860 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
09:10:53.0892 4860 HTTP - ok
09:10:53.0923 4860 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
09:10:53.0923 4860 hwpolicy - ok
09:10:53.0986 4860 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
09:10:53.0986 4860 i8042prt - ok
09:10:54.0048 4860 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
09:10:54.0048 4860 iaStorV - ok
09:10:54.0298 4860 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:10:54.0360 4860 idsvc - ok
09:10:54.0391 4860 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
09:10:54.0407 4860 iirsp - ok
09:10:54.0563 4860 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
09:10:54.0579 4860 IKEEXT - ok
09:10:54.0625 4860 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
09:10:54.0625 4860 intelide - ok
09:10:54.0672 4860 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
09:10:54.0672 4860 intelppm - ok
09:10:54.0735 4860 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
09:10:54.0750 4860 IPBusEnum - ok
09:10:54.0828 4860 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:10:54.0828 4860 IpFilterDriver - ok
09:10:54.0984 4860 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
09:10:55.0000 4860 iphlpsvc - ok
09:10:55.0031 4860 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
09:10:55.0031 4860 IPMIDRV - ok
09:10:55.0078 4860 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
09:10:55.0078 4860 IPNAT - ok
09:10:55.0140 4860 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
09:10:55.0156 4860 IRENUM - ok
09:10:55.0203 4860 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
09:10:55.0203 4860 isapnp - ok
09:10:55.0281 4860 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
09:10:55.0281 4860 iScsiPrt - ok
09:10:55.0406 4860 IviRegMgr (f415a88162d23977b5edae4f0410e903) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
09:10:55.0421 4860 IviRegMgr - ok
09:10:55.0468 4860 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
09:10:55.0468 4860 kbdclass - ok
09:10:55.0499 4860 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
09:10:55.0499 4860 kbdhid - ok
09:10:55.0530 4860 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:10:55.0546 4860 KeyIso - ok
09:10:55.0562 4860 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
09:10:55.0562 4860 KSecDD - ok
09:10:55.0608 4860 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
09:10:55.0608 4860 KSecPkg - ok
09:10:55.0640 4860 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
09:10:55.0640 4860 ksthunk - ok
09:10:55.0702 4860 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
09:10:55.0718 4860 KtmRm - ok
09:10:55.0811 4860 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
09:10:55.0827 4860 LanmanServer - ok
09:10:55.0874 4860 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
09:10:55.0874 4860 LanmanWorkstation - ok
09:10:56.0248 4860 LiveUpdate (9e25ffba1ee26abfe7b9319f8ef3f771) C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
09:10:56.0279 4860 LiveUpdate - ok
09:10:56.0435 4860 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
09:10:56.0451 4860 lltdio - ok
09:10:56.0513 4860 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
09:10:56.0529 4860 lltdsvc - ok
09:10:56.0544 4860 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
09:10:56.0544 4860 lmhosts - ok
09:10:56.0622 4860 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:10:56.0622 4860 LSI_FC - ok
09:10:56.0638 4860 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:10:56.0638 4860 LSI_SAS - ok
09:10:56.0654 4860 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:10:56.0669 4860 LSI_SAS2 - ok
09:10:56.0685 4860 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:10:56.0685 4860 LSI_SCSI - ok
09:10:56.0716 4860 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
09:10:56.0716 4860 luafv - ok
09:10:56.0763 4860 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
09:10:56.0763 4860 Mcx2Svc - ok
09:10:56.0872 4860 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
09:10:56.0872 4860 MDM - ok
09:10:56.0903 4860 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
09:10:56.0903 4860 megasas - ok
09:10:56.0934 4860 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
09:10:56.0950 4860 MegaSR - ok
09:10:56.0981 4860 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
09:10:56.0981 4860 MEIx64 - ok
09:10:57.0028 4860 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:10:57.0028 4860 MMCSS - ok
09:10:57.0075 4860 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
09:10:57.0091 4860 Modem - ok
09:10:57.0153 4860 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
09:10:57.0153 4860 monitor - ok
09:10:57.0184 4860 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
09:10:57.0200 4860 mouclass - ok
09:10:57.0247 4860 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
09:10:57.0262 4860 mouhid - ok
09:10:57.0309 4860 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
09:10:57.0309 4860 mountmgr - ok
09:10:57.0340 4860 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
09:10:57.0340 4860 mpio - ok
09:10:57.0356 4860 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
09:10:57.0356 4860 mpsdrv - ok
09:10:57.0481 4860 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
09:10:57.0496 4860 MpsSvc - ok
09:10:57.0543 4860 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
09:10:57.0559 4860 MRxDAV - ok
09:10:57.0605 4860 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:10:57.0605 4860 mrxsmb - ok
09:10:57.0668 4860 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:10:57.0668 4860 mrxsmb10 - ok
09:10:57.0715 4860 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:10:57.0730 4860 mrxsmb20 - ok
09:10:57.0746 4860 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
09:10:57.0746 4860 msahci - ok
09:10:57.0839 4860 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
09:10:57.0855 4860 msdsm - ok
09:10:57.0902 4860 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
09:10:57.0902 4860 MSDTC - ok
09:10:57.0949 4860 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
09:10:57.0949 4860 Msfs - ok
09:10:57.0964 4860 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
09:10:57.0964 4860 mshidkmdf - ok
09:10:57.0980 4860 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
09:10:57.0980 4860 msisadrv - ok
09:10:58.0011 4860 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
09:10:58.0027 4860 MSiSCSI - ok
09:10:58.0042 4860 msiserver - ok
09:10:58.0089 4860 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
09:10:58.0089 4860 MSKSSRV - ok
09:10:58.0105 4860 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
09:10:58.0105 4860 MSPCLOCK - ok
09:10:58.0120 4860 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
09:10:58.0120 4860 MSPQM - ok
09:10:58.0292 4860 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
09:10:58.0307 4860 MsRPC - ok
09:10:58.0339 4860 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
09:10:58.0339 4860 mssmbios - ok
09:10:58.0573 4860 MSSQLSERVER - ok
09:10:58.0775 4860 MSSQLServerADHelper100 (04ef36eaf5c4dbce424d81b76f1e9231) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
09:10:58.0791 4860 MSSQLServerADHelper100 - ok
09:10:58.0838 4860 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
09:10:58.0853 4860 MSTEE - ok
09:10:58.0885 4860 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
09:10:58.0885 4860 MTConfig - ok
09:10:58.0994 4860 Multi-user Cleanup Service (7db7d43561fb4c426aef308462062196) C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe
09:10:58.0994 4860 Multi-user Cleanup Service - ok
09:10:59.0041 4860 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
09:10:59.0041 4860 Mup - ok
09:10:59.0150 4860 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
09:10:59.0165 4860 napagent - ok
09:10:59.0259 4860 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
09:10:59.0275 4860 NativeWifiP - ok
09:10:59.0509 4860 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120607.003\ENG64.SYS
09:10:59.0509 4860 NAVENG - ok
09:11:00.0601 4860 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120607.003\EX64.SYS
09:11:00.0616 4860 NAVEX15 - ok
09:11:01.0209 4860 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
09:11:01.0256 4860 NDIS - ok
09:11:01.0350 4860 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
09:11:01.0365 4860 NdisCap - ok
09:11:01.0396 4860 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
09:11:01.0412 4860 NdisTapi - ok
09:11:01.0490 4860 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
09:11:01.0490 4860 Ndisuio - ok
09:11:01.0553 4860 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
09:11:01.0553 4860 NdisWan - ok
09:11:01.0646 4860 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
09:11:01.0646 4860 NDProxy - ok
09:11:01.0693 4860 Net Driver HPZ12 (59267d2f0328599aa3b5408c2e06126f) C:\Windows\system32\HPZinw12.dll
09:11:01.0693 4860 Net Driver HPZ12 - ok
09:11:01.0724 4860 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
09:11:01.0724 4860 NetBIOS - ok
09:11:01.0849 4860 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
09:11:01.0865 4860 NetBT - ok
09:11:01.0896 4860 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:11:01.0896 4860 Netlogon - ok
09:11:02.0067 4860 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
09:11:02.0099 4860 Netman - ok
09:11:02.0192 4860 NetMsmqActivator (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:11:02.0192 4860 NetMsmqActivator - ok
09:11:02.0208 4860 NetPipeActivator (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:11:02.0208 4860 NetPipeActivator - ok
09:11:02.0333 4860 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
09:11:02.0364 4860 netprofm - ok
09:11:02.0379 4860 NetTcpActivator (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:11:02.0379 4860 NetTcpActivator - ok
09:11:02.0395 4860 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:11:02.0395 4860 NetTcpPortSharing - ok
09:11:03.0659 4860 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
09:11:03.0799 4860 NETw5s64 - ok
09:11:04.0096 4860 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
09:11:04.0096 4860 nfrd960 - ok
09:11:04.0189 4860 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
09:11:04.0189 4860 NlaSvc - ok
09:11:04.0220 4860 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
09:11:04.0220 4860 Npfs - ok
09:11:04.0252 4860 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
09:11:04.0252 4860 nsi - ok
09:11:04.0252 4860 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
09:11:04.0267 4860 nsiproxy - ok
09:11:04.0564 4860 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
09:11:04.0595 4860 Ntfs - ok
09:11:04.0907 4860 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys
09:11:04.0907 4860 NuidFltr - ok
09:11:04.0985 4860 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
09:11:04.0985 4860 Null - ok
09:11:05.0063 4860 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
09:11:05.0063 4860 nusb3hub - ok
09:11:05.0219 4860 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
09:11:05.0219 4860 nusb3xhc - ok
09:11:09.0275 4860 nvlddmkm (9fc53830053787fad2078f39d3ab68dc) C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:11:09.0322 4860 nvlddmkm - ok
09:11:09.0806 4860 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
09:11:09.0806 4860 nvraid - ok
09:11:09.0852 4860 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
09:11:09.0852 4860 nvstor - ok
09:11:10.0040 4860 nvsvc (9943f143d62c6a546c0995feae4b4784) C:\Windows\system32\nvvsvc.exe
09:11:10.0055 4860 nvsvc - ok
09:11:10.0102 4860 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
09:11:10.0102 4860 nv_agp - ok
09:11:10.0305 4860 NWSAPAutoWorkstationUpdateSvc (855851ec6705299d6c71b84a452c083c) C:\Program Files (x86)\SAP\SAPsetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe
09:11:10.0320 4860 NWSAPAutoWorkstationUpdateSvc - ok
09:11:10.0539 4860 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:11:10.0555 4860 odserv - ok
09:11:10.0601 4860 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
09:11:10.0617 4860 ohci1394 - ok
09:11:10.0664 4860 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:11:10.0664 4860 ose - ok
09:11:10.0711 4860 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:11:10.0726 4860 p2pimsvc - ok
09:11:10.0757 4860 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
09:11:10.0757 4860 p2psvc - ok
09:11:10.0804 4860 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
09:11:10.0804 4860 Parport - ok
09:11:10.0882 4860 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
09:11:10.0882 4860 partmgr - ok
09:11:10.0929 4860 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
09:11:10.0929 4860 PcaSvc - ok
09:11:10.0976 4860 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
09:11:10.0991 4860 pci - ok
09:11:11.0038 4860 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
09:11:11.0038 4860 pciide - ok
09:11:11.0085 4860 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
09:11:11.0085 4860 pcmcia - ok
09:11:11.0101 4860 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
09:11:11.0101 4860 pcw - ok
09:11:11.0163 4860 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
09:11:11.0179 4860 PEAUTH - ok
09:11:11.0366 4860 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
09:11:11.0428 4860 PeerDistSvc - ok
09:11:11.0553 4860 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
09:11:11.0553 4860 PerfHost - ok
09:11:11.0912 4860 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
09:11:11.0927 4860 pla - ok
09:11:12.0037 4860 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
09:11:12.0052 4860 PlugPlay - ok
09:11:12.0099 4860 Pml Driver HPZ12 (5261a2fd55183ac6993145ab6662cddf) C:\Windows\system32\HPZipm12.dll
09:11:12.0130 4860 Pml Driver HPZ12 - ok
09:11:12.0161 4860 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
09:11:12.0161 4860 PNRPAutoReg - ok
09:11:12.0193 4860 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:11:12.0208 4860 PNRPsvc - ok
09:11:12.0286 4860 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
09:11:12.0286 4860 Point64 - ok
09:11:12.0505 4860 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
09:11:12.0536 4860 PolicyAgent - ok
09:11:12.0583 4860 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
09:11:12.0583 4860 Power - ok
09:11:12.0630 4860 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
09:11:12.0630 4860 PptpMiniport - ok
09:11:12.0770 4860 prepdrvr (3a603dd6466569970bd99dfb4c63bbc7) C:\Windows\SysWOW64\CCM\prepdrv.sys
09:11:12.0817 4860 prepdrvr - ok
09:11:12.0864 4860 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
09:11:12.0864 4860 Processor - ok
09:11:12.0910 4860 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
09:11:12.0926 4860 ProfSvc - ok
09:11:12.0942 4860 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:11:12.0957 4860 ProtectedStorage - ok
09:11:13.0004 4860 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
09:11:13.0004 4860 Psched - ok
09:11:13.0098 4860 PSI_SVC_2 (f036cfb275d0c55f4e45fbbf5f98b3c8) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
09:11:13.0098 4860 PSI_SVC_2 - ok
09:11:13.0176 4860 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
09:11:13.0176 4860 PxHlpa64 - ok
09:11:13.0285 4860 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
09:11:13.0300 4860 ql2300 - ok
09:11:13.0456 4860 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
09:11:13.0456 4860 ql40xx - ok
09:11:13.0768 4860 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
09:11:13.0784 4860 QWAVE - ok
09:11:13.0940 4860 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
09:11:13.0987 4860 QWAVEdrv - ok
09:11:14.0034 4860 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
09:11:14.0034 4860 RasAcd - ok
09:11:14.0049 4860 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:11:14.0065 4860 RasAgileVpn - ok
09:11:14.0096 4860 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
09:11:14.0096 4860 RasAuto - ok
09:11:14.0127 4860 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:11:14.0127 4860 Rasl2tp - ok
09:11:14.0158 4860 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
09:11:14.0158 4860 RasMan - ok
09:11:14.0205 4860 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
09:11:14.0205 4860 RasPppoe - ok
09:11:14.0252 4860 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
09:11:14.0252 4860 RasSstp - ok
09:11:14.0299 4860 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
09:11:14.0314 4860 rdbss - ok
09:11:14.0330 4860 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
09:11:14.0330 4860 rdpbus - ok
09:11:14.0361 4860 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:11:14.0361 4860 RDPCDD - ok
09:11:14.0408 4860 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
09:11:14.0408 4860 RDPDR - ok
09:11:14.0424 4860 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
09:11:14.0424 4860 RDPENCDD - ok
09:11:14.0439 4860 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
09:11:14.0439 4860 RDPREFMP - ok
09:11:14.0502 4860 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
09:11:14.0502 4860 RdpVideoMiniport - ok
09:11:14.0564 4860 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
09:11:14.0580 4860 RDPWD - ok
09:11:14.0642 4860 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
09:11:14.0642 4860 rdyboost - ok
09:11:14.0689 4860 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
09:11:14.0689 4860 RemoteAccess - ok
09:11:14.0720 4860 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
09:11:14.0720 4860 RemoteRegistry - ok
09:11:14.0767 4860 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
09:11:14.0767 4860 RFCOMM - ok
09:11:15.0313 4860 RoxMediaDB10 (d2d4d149ab1f6ee7eb0a7afce47a66e0) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
09:11:15.0360 4860 RoxMediaDB10 - ok
09:11:15.0641 4860 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
09:11:15.0656 4860 RpcEptMapper - ok
09:11:15.0687 4860 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
09:11:15.0703 4860 RpcLocator - ok
09:11:15.0953 4860 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
09:11:15.0968 4860 RpcSs - ok
09:11:16.0296 4860 RsFx0150 (eb1c539e621a35a49f7692b0eb565ab9) C:\Windows\system32\DRIVERS\RsFx0150.sys
09:11:16.0311 4860 RsFx0150 - ok
09:11:16.0358 4860 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
09:11:16.0358 4860 rspndr - ok
09:11:16.0405 4860 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
09:11:16.0405 4860 s3cap - ok
09:11:16.0452 4860 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:11:16.0452 4860 SamSs - ok
09:11:16.0483 4860 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
09:11:16.0483 4860 sbp2port - ok
09:11:16.0530 4860 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
09:11:16.0530 4860 SCardSvr - ok
09:11:16.0639 4860 SCDEmu (3ac948640421e3891a49aa83c6b77b7a) C:\Windows\system32\drivers\SCDEmu.sys
09:11:16.0639 4860 SCDEmu - ok
09:11:16.0670 4860 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
09:11:16.0670 4860 scfilter - ok
09:11:16.0889 4860 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
09:11:16.0935 4860 Schedule - ok
09:11:16.0998 4860 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:11:16.0998 4860 SCPolicySvc - ok
09:11:17.0045 4860 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
09:11:17.0045 4860 sdbus - ok
09:11:17.0201 4860 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
09:11:17.0216 4860 SDRSVC - ok
09:11:17.0263 4860 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:11:17.0263 4860 secdrv - ok
09:11:17.0310 4860 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
09:11:17.0310 4860 seclogon - ok
09:11:17.0372 4860 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
09:11:17.0372 4860 SENS - ok
09:11:17.0404 4860 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
09:11:17.0404 4860 SensrSvc - ok
09:11:17.0435 4860 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
09:11:17.0435 4860 Serenum - ok
09:11:17.0482 4860 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
09:11:17.0482 4860 Serial - ok
09:11:17.0513 4860 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
09:11:17.0528 4860 sermouse - ok
09:11:17.0575 4860 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
09:11:17.0575 4860 SessionEnv - ok
09:11:17.0606 4860 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
09:11:17.0606 4860 sffdisk - ok
09:11:17.0606 4860 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
09:11:17.0622 4860 sffp_mmc - ok
09:11:17.0622 4860 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
09:11:17.0622 4860 sffp_sd - ok
09:11:17.0653 4860 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
09:11:17.0653 4860 sfloppy - ok
09:11:17.0809 4860 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
09:11:17.0840 4860 SharedAccess - ok
09:11:18.0012 4860 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
09:11:18.0028 4860 ShellHWDetection - ok
09:11:18.0074 4860 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:11:18.0074 4860 SiSRaid2 - ok
09:11:18.0090 4860 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
09:11:18.0090 4860 SiSRaid4 - ok
09:11:18.0121 4860 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
09:11:18.0121 4860 Smb - ok
09:11:18.0870 4860 SmcService (0ee26bc07c4dfb9fe24646a75ceadb99) c:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
09:11:18.0901 4860 SmcService - ok
09:11:19.0135 4860 smstsmgr - ok
09:11:19.0323 4860 SNAC (9d9ce74f9741cc1964647ce29b4d8e9c) c:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
09:11:19.0323 4860 SNAC - ok
09:11:19.0541 4860 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
09:11:19.0541 4860 SNMPTRAP - ok
09:11:19.0650 4860 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
09:11:19.0650 4860 spldr - ok
09:11:19.0962 4860 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
09:11:20.0025 4860 Spooler - ok
09:11:20.0508 4860 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
09:11:20.0524 4860 sppsvc - ok
09:11:20.0805 4860 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
09:11:20.0805 4860 sppuinotify - ok
09:11:21.0054 4860 SQLBrowser (7d67c07c63796775cc5492bcfeaff125) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
09:11:21.0085 4860 SQLBrowser - ok
09:11:21.0241 4860 SQLSERVERAGENT (70f05e8ece922c20e785a46224e12183) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
09:11:21.0241 4860 SQLSERVERAGENT - ok
09:11:21.0413 4860 SQLWriter (f98ddfbfe0ee66d4c4b00693512b9527) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
09:11:21.0413 4860 SQLWriter - ok
09:11:21.0678 4860 SRTSP (fc3bedf38ecbf2deeaa84c49cf974f9b) C:\Windows\system32\Drivers\SRTSP64.SYS
09:11:21.0678 4860 SRTSP - ok
09:11:21.0834 4860 SRTSPL (a09cbe44f24f1297000bf0b08d169752) C:\Windows\system32\Drivers\SRTSPL64.SYS
09:11:21.0850 4860 SRTSPL - ok
09:11:21.0881 4860 SRTSPX (b9ba096dbb3045798b0b51591a6cf248) C:\Windows\system32\Drivers\SRTSPX64.SYS
09:11:21.0881 4860 SRTSPX - ok
09:11:21.0928 4860 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
09:11:21.0944 4860 srv - ok
09:11:21.0990 4860 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
09:11:21.0990 4860 srv2 - ok
09:11:22.0022 4860 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
09:11:22.0022 4860 srvnet - ok
09:11:22.0068 4860 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
09:11:22.0068 4860 SSDPSRV - ok
09:11:22.0084 4860 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
09:11:22.0100 4860 SstpSvc - ok
09:11:22.0131 4860 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
09:11:22.0131 4860 stexstor - ok
09:11:22.0318 4860 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
09:11:22.0334 4860 stisvc - ok
09:11:22.0490 4860 stllssvr (ad989072596ab313d7fa13bcf69573f7) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
09:11:22.0490 4860 stllssvr - ok
09:11:22.0521 4860 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
09:11:22.0521 4860 storflt - ok
09:11:22.0568 4860 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
09:11:22.0568 4860 StorSvc - ok
09:11:22.0583 4860 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
09:11:22.0583 4860 storvsc - ok
09:11:22.0599 4860 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
09:11:22.0599 4860 swenum - ok
09:11:22.0646 4860 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
09:11:22.0661 4860 swprv - ok
09:11:22.0926 4860 Symantec AntiVirus (dc358448cd60f6739c58361a0a5fda0b) c:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
09:11:22.0958 4860 Symantec AntiVirus - ok
09:11:23.0285 4860 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
09:11:23.0285 4860 SymEvent - ok
09:11:23.0316 4860 Synth3dVsc - ok
09:11:23.0394 4860 SynTP (0b0ae2373ff3b31cd02f30bd71c7d14c) C:\Windows\system32\DRIVERS\SynTP.sys
09:11:23.0394 4860 SynTP - ok
09:11:23.0675 4860 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
09:11:23.0722 4860 SysMain - ok
09:11:23.0909 4860 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
09:11:23.0925 4860 TabletInputService - ok
09:11:23.0987 4860 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
09:11:23.0987 4860 TapiSrv - ok
09:11:24.0019 4860 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
09:11:24.0019 4860 TBS - ok
09:11:24.0471 4860 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
09:11:24.0549 4860 Tcpip - ok
09:11:25.0376 4860 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
09:11:25.0391 4860 TCPIP6 - ok
09:11:25.0813 4860 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
09:11:25.0828 4860 tcpipreg - ok
09:11:25.0859 4860 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
09:11:25.0859 4860 TDPIPE - ok
09:11:25.0906 4860 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
09:11:25.0906 4860 TDTCP - ok
09:11:25.0969 4860 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
09:11:25.0984 4860 tdx - ok
09:11:26.0031 4860 Teefer3 (dc5476215dce4dde72819840130ddf41) C:\Windows\system32\DRIVERS\Teefer3.sys
09:11:26.0047 4860 Teefer3 - ok
09:11:26.0078 4860 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
09:11:26.0078 4860 TermDD - ok
09:11:26.0187 4860 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
09:11:26.0203 4860 TermService - ok
09:11:26.0234 4860 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
09:11:26.0250 4860 Themes - ok
09:11:26.0281 4860 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:11:26.0281 4860 THREADORDER - ok
09:11:26.0312 4860 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
09:11:26.0312 4860 TPM - ok
09:11:26.0359 4860 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
09:11:26.0359 4860 TrkWks - ok
09:11:26.0468 4860 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
09:11:26.0484 4860 TrustedInstaller - ok
09:11:26.0546 4860 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:11:26.0562 4860 tssecsrv - ok
09:11:26.0593 4860 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
09:11:26.0593 4860 TsUsbFlt - ok
09:11:26.0608 4860 tsusbhub - ok
09:11:26.0655 4860 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
09:11:26.0655 4860 tunnel - ok
09:11:26.0702 4860 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
09:11:26.0702 4860 uagp35 - ok
09:11:26.0764 4860 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
09:11:26.0780 4860 udfs - ok
09:11:26.0811 4860 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
09:11:26.0811 4860 UI0Detect - ok
09:11:26.0874 4860 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
09:11:26.0874 4860 uliagpkx - ok
09:11:26.0905 4860 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
09:11:26.0920 4860 umbus - ok
09:11:26.0952 4860 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
09:11:26.0952 4860 UmPass - ok
09:11:27.0030 4860 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
09:11:27.0030 4860 UmRdpService - ok
09:11:27.0092 4860 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
09:11:27.0108 4860 upnphost - ok
09:11:27.0154 4860 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
09:11:27.0170 4860 usbccgp - ok
09:11:27.0201 4860 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
09:11:27.0201 4860 usbcir - ok
09:11:27.0232 4860 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
09:11:27.0232 4860 usbehci - ok
09:11:27.0326 4860 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
09:11:27.0342 4860 usbhub - ok
09:11:27.0373 4860 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
09:11:27.0373 4860 usbohci - ok
09:11:27.0404 4860 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
09:11:27.0404 4860 usbprint - ok
09:11:27.0420 4860 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:11:27.0420 4860 USBSTOR - ok
09:11:27.0451 4860 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
09:11:27.0451 4860 usbuhci - ok
09:11:27.0498 4860 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
09:11:27.0498 4860 usbvideo - ok
09:11:27.0529 4860 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
09:11:27.0529 4860 UxSms - ok
09:11:27.0576 4860 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:11:27.0576 4860 VaultSvc - ok
09:11:27.0607 4860 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
09:11:27.0607 4860 vdrvroot - ok
09:11:27.0778 4860 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
09:11:27.0794 4860 vds - ok
09:11:27.0841 4860 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
09:11:27.0841 4860 vga - ok
09:11:27.0856 4860 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
09:11:27.0856 4860 VgaSave - ok
09:11:27.0872 4860 VGPU - ok
09:11:27.0919 4860 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
09:11:27.0934 4860 vhdmp - ok
09:11:27.0950 4860 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
09:11:27.0950 4860 viaide - ok
09:11:27.0997 4860 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
09:11:27.0997 4860 vmbus - ok
09:11:28.0012 4860 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
09:11:28.0012 4860 VMBusHID - ok
09:11:28.0044 4860 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
09:11:28.0044 4860 volmgr - ok
09:11:28.0184 4860 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
09:11:28.0200 4860 volmgrx - ok
09:11:28.0262 4860 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
09:11:28.0278 4860 volsnap - ok
09:11:28.0356 4860 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
09:11:28.0356 4860 vsmraid - ok
09:11:28.0761 4860 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
09:11:28.0808 4860 VSS - ok
09:11:29.0089 4860 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
09:11:29.0089 4860 vwifibus - ok
09:11:29.0136 4860 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
09:11:29.0136 4860 vwififlt - ok
09:11:29.0167 4860 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
09:11:29.0167 4860 vwifimp - ok
09:11:29.0214 4860 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
09:11:29.0229 4860 W32Time - ok
09:11:29.0370 4860 W3SVC (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
09:11:29.0385 4860 W3SVC - ok
09:11:29.0432 4860 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
09:11:29.0432 4860 WacomPen - ok
09:11:29.0495 4860 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:11:29.0495 4860 WANARP - ok
09:11:29.0510 4860 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:11:29.0510 4860 Wanarpv6 - ok
09:11:29.0526 4860 WAS (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
09:11:29.0526 4860 WAS - ok
09:11:29.0666 4860 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
09:11:29.0697 4860 WatAdminSvc - ok
09:11:29.0838 4860 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
09:11:29.0853 4860 wbengine - ok
09:11:29.0978 4860 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
09:11:29.0978 4860 WbioSrvc - ok
09:11:30.0056 4860 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
09:11:30.0072 4860 wcncsvc - ok
09:11:30.0087 4860 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
09:11:30.0103 4860 WcsPlugInService - ok
09:11:30.0134 4860 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
09:11:30.0134 4860 Wd - ok
09:11:30.0197 4860 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:11:30.0212 4860 Wdf01000 - ok
09:11:30.0243 4860 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:11:30.0243 4860 WdiServiceHost - ok
09:11:30.0243 4860 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:11:30.0243 4860 WdiSystemHost - ok
09:11:30.0306 4860 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
09:11:30.0306 4860 WebClient - ok
09:11:30.0337 4860 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
09:11:30.0337 4860 Wecsvc - ok
09:11:30.0384 4860 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
09:11:30.0399 4860 wercplsupport - ok
09:11:30.0462 4860 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
09:11:30.0462 4860 WerSvc - ok
09:11:30.0509 4860 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
09:11:30.0509 4860 WfpLwf - ok
09:11:30.0524 4860 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
09:11:30.0540 4860 WIMMount - ok
09:11:30.0556 4860 WinDefend - ok
09:11:30.0571 4860 WinHttpAutoProxySvc - ok
09:11:30.0712 4860 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
09:11:30.0727 4860 Winmgmt - ok
09:11:31.0070 4860 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
09:11:31.0133 4860 WinRM - ok
09:11:31.0320 4860 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
09:11:31.0320 4860 WinUsb - ok
09:11:31.0538 4860 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
09:11:31.0554 4860 Wlansvc - ok
09:11:32.0318 4860 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:11:32.0350 4860 wlidsvc - ok
09:11:32.0490 4860 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
09:11:32.0490 4860 WmiAcpi - ok
09:11:32.0677 4860 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
09:11:32.0693 4860 wmiApSrv - ok
09:11:32.0724 4860 WMPNetworkSvc - ok
09:11:32.0771 4860 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
09:11:32.0771 4860 WPCSvc - ok
09:11:32.0818 4860 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
09:11:32.0833 4860 WPDBusEnum - ok
09:11:32.0865 4860 WPS (5be84568d91521dc2225072698e14956) C:\Windows\system32\drivers\wpsdrvnt.sys
09:11:32.0865 4860 WPS - ok
09:11:32.0974 4860 WpsHelper (d9b5a13804b7d97770c42da484a9d86e) C:\Windows\system32\drivers\WpsHelper.sys
09:11:32.0974 4860 WpsHelper - ok
09:11:33.0005 4860 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
09:11:33.0021 4860 ws2ifsl - ok
09:11:33.0067 4860 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
09:11:33.0067 4860 wscsvc - ok
09:11:33.0083 4860 WSearch - ok
09:11:33.0520 4860 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
09:11:33.0613 4860 wuauserv - ok
09:11:33.0988 4860 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
09:11:33.0988 4860 WudfPf - ok
09:11:34.0050 4860 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:11:34.0050 4860 WUDFRd - ok
09:11:34.0081 4860 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
09:11:34.0081 4860 wudfsvc - ok
09:11:34.0144 4860 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
09:11:34.0159 4860 WwanSvc - ok
09:11:34.0222 4860 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:11:35.0252 4860 \Device\Harddisk0\DR0 - ok
09:11:35.0283 4860 Boot (0x1200) (8dd2cedda5554d659fb0233dee282ece) \Device\Harddisk0\DR0\Partition0
09:11:35.0314 4860 \Device\Harddisk0\DR0\Partition0 - ok
09:11:35.0314 4860 ============================================================
09:11:35.0314 4860 Scan finished
09:11:35.0314 4860 ============================================================
09:11:35.0423 4956 Detected object count: 0
09:11:35.0423 4956 Actual detected object count: 0

Here is the other log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-08 09:13:01
-----------------------------
09:13:01.402 OS Version: Windows x64 6.1.7601 Service Pack 1
09:13:01.402 Number of processors: 8 586 0x2A07
09:13:01.402 ComputerName: CMILLWAPC1 UserName: cmillwa
09:13:02.651 Initialize success
09:13:53.680 AVAST engine defs: 12060800
09:14:00.751 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:14:00.751 Disk 0 Vendor: Hitachi_HTS723232A7A364 EC2OA60W Size: 305245MB BusType: 11
09:14:00.781 Disk 0 MBR read successfully
09:14:00.781 Disk 0 MBR scan
09:14:00.781 Disk 0 Windows 7 default MBR code
09:14:00.841 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305243 MB offset 2048
09:14:00.871 Disk 0 scanning C:\Windows\system32\drivers
09:14:13.692 Service scanning
09:14:50.194 Modules scanning
09:14:50.204 Disk 0 trace - called modules:
09:14:50.224 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:14:50.224 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007a10790]
09:14:50.234 3 CLASSPNP.SYS[fffff88001bae43f] -> nt!IofCallDriver -> [0xfffffa8007928b10]
09:14:50.234 5 hpdskflt.sys[fffff88001b55189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80077b01f0]
09:14:52.384 AVAST engine scan C:\Windows
09:14:56.845 AVAST engine scan C:\Windows\system32
09:19:15.485 AVAST engine scan C:\Windows\system32\drivers
09:19:30.862 AVAST engine scan C:\Users\cmillwa
09:29:10.170 AVAST engine scan C:\ProgramData
09:29:39.778 Disk 0 MBR has been saved successfully to "C:\Users\cmillwa\Desktop\MBR.dat"
09:29:39.778 The log file has been saved successfully to "C:\Users\cmillwa\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-08 09:13:01
-----------------------------
09:13:01.402 OS Version: Windows x64 6.1.7601 Service Pack 1
09:13:01.402 Number of processors: 8 586 0x2A07
09:13:01.402 ComputerName: CMILLWAPC1 UserName: cmillwa
09:13:02.651 Initialize success
09:13:53.680 AVAST engine defs: 12060800
09:14:00.751 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:14:00.751 Disk 0 Vendor: Hitachi_HTS723232A7A364 EC2OA60W Size: 305245MB BusType: 11
09:14:00.781 Disk 0 MBR read successfully
09:14:00.781 Disk 0 MBR scan
09:14:00.781 Disk 0 Windows 7 default MBR code
09:14:00.841 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305243 MB offset 2048
09:14:00.871 Disk 0 scanning C:\Windows\system32\drivers
09:14:13.692 Service scanning
09:14:50.194 Modules scanning
09:14:50.204 Disk 0 trace - called modules:
09:14:50.224 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:14:50.224 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007a10790]
09:14:50.234 3 CLASSPNP.SYS[fffff88001bae43f] -> nt!IofCallDriver -> [0xfffffa8007928b10]
09:14:50.234 5 hpdskflt.sys[fffff88001b55189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80077b01f0]
09:14:52.384 AVAST engine scan C:\Windows
09:14:56.845 AVAST engine scan C:\Windows\system32
09:19:15.485 AVAST engine scan C:\Windows\system32\drivers
09:19:30.862 AVAST engine scan C:\Users\cmillwa
09:29:10.170 AVAST engine scan C:\ProgramData
09:29:39.778 Disk 0 MBR has been saved successfully to "C:\Users\cmillwa\Desktop\MBR.dat"
09:29:39.778 The log file has been saved successfully to "C:\Users\cmillwa\Desktop\aswMBR.txt"
09:30:49.593 Scan finished successfully
09:32:25.205 Disk 0 MBR has been saved successfully to "C:\Users\cmillwa\Desktop\MBR.dat"
09:32:25.221 The log file has been saved successfully to "C:\Users\cmillwa\Desktop\aswMBR.txt"


I have received the notification again about the blackhole toolkit this morning while running the tdsskiller, I am not sure if it would have impacted the scan, but it made me realize that Symantec had turned back on again. Let me know if you want me to kill symantec and redo again. I did kill it when I saw the notification.

Thank you for your help!

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:19 AM

Posted 08 June 2012 - 12:44 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 LadybugComputer

LadybugComputer
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 08 June 2012 - 01:21 PM

Hello!

Thank you for your help! I really appreciate it!

Here is the log from OTL

OTL logfile created on: 6/8/2012 1:12:34 PM - Run 1
OTL by OldTimer - Version 3.2.47.0 Folder = C:\Users\cmillwa\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 5.67 Gb Available Physical Memory | 71.27% Memory free
15.90 Gb Paging File | 13.70 Gb Available in Paging File | 86.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 206.63 Gb Free Space | 69.32% Space Free | Partition Type: NTFS
Drive U: | 5587.81 Gb Total Space | 3115.73 Gb Free Space | 55.76% Space Free | Partition Type: NTFS

Computer Name: CMILLWAPC1 | User Name: cmillwa | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\cmillwa\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - c:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - c:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
PRC - C:\Program Files (x86)\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe (SAP AG)
PRC - C:\Program Files (x86)\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe (SAP AG)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Altiris\Altiris Agent\AeXNSAgent.exe (Altiris, Inc.)
PRC - C:\Program Files (x86)\Altiris\Altiris Agent\AeXAgentUIHost.exe (Altiris, Inc.)
PRC - C:\Windows\SysWOW64\CCM\CcmExec.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe (IBM Corp)
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\TechSmith\SnagIt 9\TscHelp.exe (TechSmith Corporation)
PRC - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItEditor.exe (TechSmith Corporation)
PRC - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagIt32.exe (TechSmith Corporation)
PRC - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagPriv.exe (TechSmith Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\NVIDIA Corporation\nView\nView.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ccSetMgr) -- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SmcService) -- c:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- c:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE (Symantec Corporation)
SRV - (Symantec AntiVirus) -- c:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (NWSAPAutoWorkstationUpdateSvc) -- C:\Program Files (x86)\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe (SAP AG)
SRV - (LiveUpdate) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (RoxMediaDB10) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (AeXNSClient) -- C:\Program Files (x86)\Altiris\Altiris Agent\AeXNSAgent.exe (Altiris, Inc.)
SRV - (CcmExec) -- C:\Windows\SysWOW64\CCM\CcmExec.exe (Microsoft Corporation)
SRV - (smstsmgr) -- C:\Windows\SysWOW64\CCM\TSManager.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Multi-user Cleanup Service) -- C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe (IBM Corp)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (WPS) -- C:\Windows\SysNative\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV:64bit: - (SRTSPL) -- C:\Windows\SysNative\drivers\srtspl64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (Teefer3) -- C:\Windows\SysNative\drivers\Teefer3.sys (Symantec Corporation)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (Power Software Ltd)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (WpsHelper) -- C:\Windows\SysNative\drivers\wpshelper.sys (Symantec Corporation)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (e1cexpress) Intel® -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RsFx0150) -- C:\Windows\SysNative\drivers\RsFx0150.sys (Microsoft Corporation)
DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (NETw5s64) Intel® -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120607.003\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120607.003\ENG64.SYS (Symantec Corporation)
DRV - (SRTSPL) -- C:\Windows\SysWOW64\drivers\srtspl64.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\SysWOW64\drivers\srtspx64.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\SysWOW64\drivers\srtsp64.sys (Symantec Corporation)
DRV - (prepdrvr) -- C:\Windows\SysWOW64\CCM\PrepDrv.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000&st=10
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1390067357-1202660629-682003330-77678\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1390067357-1202660629-682003330-77678\..\SearchScopes,DefaultScope = {DF1B92CF-1054-4FC4-82A7-900303830E46}
IE - HKU\S-1-5-21-1390067357-1202660629-682003330-77678\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1390067357-1202660629-682003330-77678\..\SearchScopes\{DF1B92CF-1054-4FC4-82A7-900303830E46}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADRA_enUS467
IE - HKU\S-1-5-21-1390067357-1202660629-682003330-77678\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms}
IE - HKU\S-1-5-21-1390067357-1202660629-682003330-77678\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@emc.com/NpDmDataTransfer: C:\Program Files (x86)\eRoom 7\npeRoom7.dll (Documentum, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\cmillwa\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\cmillwa\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: SweetIM Search (Enabled)
CHR - default_search_provider: search_url = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\cmillwa\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\cmillwa\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\cmillwa\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: eRoom (Enabled) = C:\Program Files (x86)\eRoom 7\npeRoom7.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\cmillwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\cmillwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Users\cmillwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/06 13:51:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1390067357-1202660629-682003330-77678\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AeXAgentLogon] C:\Program Files (x86)\Altiris\Altiris Agent\AeXAgentActivate.exe (Altiris, Inc.)
O4 - HKLM..\Run: [ccApp] c:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [SAP_WUS_UNT] C:\Program Files (x86)\SAP\SAPsetup\Setup\Updater\NwSapSetupUserNotificationTool.exe (SAP AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-1390067357-1202660629-682003330-77678\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1390067357-1202660629-682003330-77678\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-1390067357-1202660629-682003330-77678\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1390067357-1202660629-682003330-77678\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O15 - HKU\S-1-5-21-1390067357-1202660629-682003330-77678\..Trusted Domains: jci.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-1390067357-1202660629-682003330-77678\..Trusted Domains: johnsoncontrols.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-1390067357-1202660629-682003330-77678\..Trusted Domains: johnsoncontrols.com ([sslpilot] https in Trusted sites)
O16 - DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} Reg Error: Key error. (ERPageAddin Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.15.96.10 10.10.43.87 10.10.46.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cg.na.jci.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50BBCA62-E4CE-48B7-8A65-1247A6D9EDA3}: DhcpNameServer = 10.15.96.10 10.10.43.87 10.10.46.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{875EC3AC-01EA-47D1-99F0-7146B1924865}: DhcpNameServer = 10.15.96.10 10.10.43.87 10.10.46.53
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\AMInit64.dll) - C:\Windows\SysNative\AMInit64.dll (Altiris, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/08 13:10:15 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\cmillwa\Desktop\OTL.exe
[2012/06/08 09:10:18 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\cmillwa\Desktop\aswMBR.exe
[2012/06/08 09:09:46 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\cmillwa\Desktop\tdsskiller.exe
[2012/06/08 09:05:38 | 000,000,000 | ---D | C] -- C:\Users\cmillwa\AppData\Local\{137C1240-C72D-40AB-BB4D-C9127E85DCC4}
[2012/06/08 09:05:23 | 000,000,000 | ---D | C] -- C:\Users\cmillwa\AppData\Local\{61FD9DD6-8B9A-44CF-81E3-BD7A543B7CF5}
[2012/06/07 16:22:07 | 000,000,000 | ---D | C] -- C:\Users\cmillwa\AppData\Local\MigWiz
[2012/06/07 15:48:21 | 004,538,022 | R--- | C] (Swearware) -- C:\Users\cmillwa\Desktop\ComboFix.exe
[2012/06/07 14:32:44 | 000,000,000 | ---D | C] -- C:\Users\cmillwa\AppData\Roaming\SPE
[2012/06/07 14:31:33 | 005,678,424 | ---- | C] (Symantec Corporation) -- C:\Users\cmillwa\Desktop\Sep_SupportTool.exe
[2012/06/07 10:57:01 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/07 09:03:02 | 000,000,000 | ---D | C] -- C:\Users\cmillwa\AppData\Local\{7AB04736-E343-45F6-AAC8-837CEA94A16F}
[2012/06/07 09:02:50 | 000,000,000 | ---D | C] -- C:\Users\cmillwa\AppData\Local\{1972CDCC-ECD2-4D34-91B4-65A55689D0AA}
[2012/06/06 16:28:59 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/06/06 14:42:20 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\cmillwa\Desktop\dds.scr
[2012/06/06 13:56:36 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/06 13:51:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/06 11:58:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/06 11:58:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/06 11:58:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/06 11:58:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/06/06 11:53:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/06 09:46:02 | 000,000,000 | ---D | C] -- C:\Users\cmillwa\AppData\Local\{2E940762-17AD-4B5C-A4BD-3DE4CFBC9842}
[2012/06/06 09:45:52 | 000,000,000 | ---D | C] -- C:\Users\cmillwa\AppData\Local\{5ABCA449-82E4-4DEC-B0B0-2F9BCD0ABDEB}
[2012/06/05 11:04:36 | 000,000,000 | ---D | C] -- C:\Users\cmillwa\AppData\Roaming\Malwarebytes
[2012/06/05 11:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/05 11:04:30 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/05 11:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/05 11:04:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/05 09:11:05 | 000,000,000 | ---D | C] -- C:\Users\cmillwa\AppData\Local\{F2CDC3E6-D2A2-4901-A4BE-C23A93FFC08B}
[2012/06/05 09:10:54 | 000,000,000 | ---D | C] -- C:\Users\cmillwa\AppData\Local\{B77CAFD0-743A-4EB6-BA5B-37373B22FB25}
[2012/06/04 17:14:06 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/06/04 10:03:01 | 000,000,000 | ---D | C] -- C:\Users\cmillwa\AppData\Local\{7F313EED-87E9-4D96-AEE3-B560F2D45D50}
[2012/06/04 10:02:49 | 000,000,000 | ---D | C] -- C:\Users\cmillwa\AppData\Local\{A001CAEB-6F41-4FF1-B104-B91EC1A5DB61}
[2012/06/04 09:30:51 | 000,930,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ccmcore.dll
[2012/06/04 09:30:51 | 000,026,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xprslib.dll
[2012/06/04 09:30:10 | 000,000,000 | ---D | C] -- C:\Windows\ms
[2012/05/23 09:17:58 | 000,000,000 | ---D | C] -- C:\Users\cmillwa\AppData\Local\{1A8AC554-03D1-408C-94C2-E0CC237EC542}
[2012/05/23 09:17:45 | 000,000,000 | ---D | C] -- C:\Users\cmillwa\AppData\Local\{F210A1F7-1D99-41D6-8339-999D0E37F9A1}
[2012/05/22 09:14:34 | 000,000,000 | ---D | C] -- C:\Users\cmillwa\AppData\Local\{95A8210F-A86E-4475-A120-2F309381ACD5}
[2012/05/22 09:14:20 | 000,000,000 | ---D | C] -- C:\Users\cmillwa\AppData\Local\{3E0A88C0-BC3E-45AB-8401-20DC6E13D705}
[2012/05/18 11:07:41 | 000,000,000 | ---D | C] -- C:\Users\cmillwa\AppData\Local\{F5A52F84-7344-4EDB-97BB-F9ED32B303CE}
[2012/05/18 11:07:30 | 000,000,000 | ---D | C] -- C:\Users\cmillwa\AppData\Local\{60200CDA-C5CE-41AD-B4BA-588B53E6D57C}
[2012/05/17 10:08:36 | 000,000,000 | ---D | C] -- C:\Users\cmillwa\AppData\Local\{0350614D-FF94-4200-8434-A3673FB39018}
[2012/05/17 10:08:23 | 000,000,000 | ---D | C] -- C:\Users\cmillwa\AppData\Local\{DA4CAC94-352B-4132-80BE-7B53D5482B7C}
[2012/05/11 11:07:53 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/11 11:07:39 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/11 11:07:39 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/11 11:07:39 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/05/11 09:19:55 | 000,000,000 | ---D | C] -- C:\Users\cmillwa\AppData\Local\{4ABD407D-5465-4B77-A01C-4C7B52B2F4B4}
[2012/05/11 09:19:43 | 000,000,000 | ---D | C] -- C:\Users\cmillwa\AppData\Local\{F63E5621-20FB-4859-9981-8AC889FACB87}
[2012/05/10 09:25:57 | 000,000,000 | ---D | C] -- C:\Users\cmillwa\AppData\Local\{F7DBEEAB-BDF9-417C-8D95-DBAD3DDBDC39}
[2012/05/10 09:25:43 | 000,000,000 | ---D | C] -- C:\Users\cmillwa\AppData\Local\{1142BC73-D883-4655-AF86-61DAB7BE33E0}

========== Files - Modified Within 30 Days ==========

[2012/06/08 13:12:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/08 13:10:16 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\cmillwa\Desktop\OTL.exe
[2012/06/08 13:03:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1202660629-682003330-77678UA.job
[2012/06/08 12:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/08 11:49:18 | 000,012,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/08 11:49:18 | 000,012,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/08 10:12:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/08 09:32:25 | 000,000,512 | ---- | M] () -- C:\Users\cmillwa\Desktop\MBR.dat
[2012/06/08 09:10:24 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\cmillwa\Desktop\aswMBR.exe
[2012/06/08 09:09:47 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\cmillwa\Desktop\tdsskiller.exe
[2012/06/08 09:06:30 | 000,014,128 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/06/08 09:06:27 | 000,000,475 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2012/06/08 09:03:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/08 09:02:43 | 2108,440,575 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/07 17:43:52 | 000,007,624 | ---- | M] () -- C:\Users\cmillwa\AppData\Local\Resmon.ResmonCfg
[2012/06/07 15:48:29 | 004,538,022 | R--- | M] (Swearware) -- C:\Users\cmillwa\Desktop\ComboFix.exe
[2012/06/07 15:03:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1202660629-682003330-77678Core.job
[2012/06/07 14:31:42 | 005,678,424 | ---- | M] (Symantec Corporation) -- C:\Users\cmillwa\Desktop\Sep_SupportTool.exe
[2012/06/07 14:04:56 | 000,556,658 | ---- | M] () -- C:\Users\cmillwa\Desktop\communication-policy-en.pdf
[2012/06/07 11:05:27 | 000,002,592 | RHS- | M] () -- C:\Users\cmillwa\ntuser.pol
[2012/06/06 16:25:11 | 000,942,400 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/06 16:25:11 | 000,778,722 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/06 16:25:11 | 000,162,218 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/06 14:58:23 | 000,004,476 | ---- | M] () -- C:\Users\cmillwa\Desktop\Attach.zip
[2012/06/06 14:42:23 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\cmillwa\Desktop\dds.scr
[2012/06/06 14:39:06 | 000,050,477 | ---- | M] () -- C:\Users\cmillwa\Desktop\Defogger.exe
[2012/06/06 13:51:35 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/05 11:04:31 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/04 10:04:09 | 000,002,379 | ---- | M] () -- C:\Users\cmillwa\Desktop\Google Chrome.lnk
[2012/06/04 09:32:25 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/04 09:32:24 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/04 09:30:57 | 000,001,798 | ---- | M] () -- C:\Windows\SMSAdvancedClient.sccm2007ac-sp2-kb2516517-x86-icp2.mif
[2012/06/04 09:30:51 | 000,957,394 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/04 09:30:51 | 000,091,154 | ---- | M] () -- C:\Windows\SysWow64\CcmFramework.ini
[2012/06/04 09:30:51 | 000,000,621 | ---- | M] () -- C:\Windows\SysWow64\CcmFramework.h
[2012/05/17 10:04:51 | 000,401,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/15 13:00:39 | 000,000,048 | ---- | M] () -- C:\Windows\SysWow64\mms.cfg

========== Files Created - No Company Name ==========

[2012/06/08 09:29:39 | 000,000,512 | ---- | C] () -- C:\Users\cmillwa\Desktop\MBR.dat
[2012/06/07 17:43:52 | 000,007,624 | ---- | C] () -- C:\Users\cmillwa\AppData\Local\Resmon.ResmonCfg
[2012/06/07 14:04:56 | 000,556,658 | ---- | C] () -- C:\Users\cmillwa\Desktop\communication-policy-en.pdf
[2012/06/06 16:21:20 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{40122d1d-5cda-c293-c00c-c29575ecc641}\U\80000000.@
[2012/06/06 14:58:23 | 000,004,476 | ---- | C] () -- C:\Users\cmillwa\Desktop\Attach.zip
[2012/06/06 14:38:15 | 000,050,477 | ---- | C] () -- C:\Users\cmillwa\Desktop\Defogger.exe
[2012/06/06 11:58:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/06 11:58:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/06 11:58:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/06 11:58:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/06 11:58:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/06 10:17:38 | 000,022,016 | ---- | C] () -- C:\Windows\Installer\{40122d1d-5cda-c293-c00c-c29575ecc641}\U\800000cb.@
[2012/06/05 11:04:31 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/04 17:10:48 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{40122d1d-5cda-c293-c00c-c29575ecc641}\U\00000001.@
[2012/06/04 09:32:28 | 000,000,048 | ---- | C] () -- C:\Windows\SysWow64\mms.cfg
[2012/06/04 09:30:57 | 000,001,798 | ---- | C] () -- C:\Windows\SMSAdvancedClient.sccm2007ac-sp2-kb2516517-x86-icp2.mif
[2012/06/04 09:30:51 | 000,091,154 | ---- | C] () -- C:\Windows\SysWow64\CcmFramework.ini
[2012/06/04 09:30:51 | 000,000,621 | ---- | C] () -- C:\Windows\SysWow64\CcmFramework.h
[2012/01/27 10:30:02 | 000,000,475 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2012/01/24 13:26:56 | 000,001,353 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012/01/18 17:40:07 | 000,957,394 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/16 11:41:01 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{40122d1d-5cda-c293-c00c-c29575ecc641}\@
[2012/01/05 17:48:25 | 001,064,960 | ---- | C] () -- C:\Windows\SysWow64\h5krnl32.dll
[2012/01/05 17:48:25 | 000,188,928 | ---- | C] () -- C:\Windows\SysWow64\h5icon32.dll
[2012/01/05 17:48:25 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\h5menu32.dll
[2012/01/05 17:48:25 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\h5rtf32.dll
[2012/01/05 17:48:25 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\h5tool32.dll
[2012/01/05 17:34:49 | 000,000,653 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/01/05 16:34:04 | 000,014,128 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/04 11:10:57 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini

< End of report >

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:19 AM

Posted 08 June 2012 - 01:24 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :Files
    C:\Windows\Installer\{40122d1d-5cda-c293-c00c-c29575ecc641}
    C:\Users\cmillwa\AppData\Local\{40122d1d-5cda-c293-c00c-c29575ecc641}
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 LadybugComputer

LadybugComputer
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 08 June 2012 - 02:00 PM

Ok, did that - no reboot required

========== FILES ==========
C:\Windows\Installer\{40122d1d-5cda-c293-c00c-c29575ecc641}\U folder moved successfully.
C:\Windows\Installer\{40122d1d-5cda-c293-c00c-c29575ecc641}\L folder moved successfully.
C:\Windows\Installer\{40122d1d-5cda-c293-c00c-c29575ecc641} folder moved successfully.
C:\Users\cmillwa\AppData\Local\{40122d1d-5cda-c293-c00c-c29575ecc641}\U folder moved successfully.
C:\Users\cmillwa\AppData\Local\{40122d1d-5cda-c293-c00c-c29575ecc641}\L folder moved successfully.
C:\Users\cmillwa\AppData\Local\{40122d1d-5cda-c293-c00c-c29575ecc641} folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\cmillwa\Desktop\cmd.bat deleted successfully.
C:\Users\cmillwa\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: cjonesj4

User: cmillwa
->Java cache emptied: 14214996 bytes

User: cwhitetl

User: Default

User: Default User

User: DefaultAppPool

User: Public

Total Java Files Cleaned = 14.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: cjonesj4
->Flash cache emptied: 56475 bytes

User: cmillwa
->Flash cache emptied: 1553 bytes

User: cwhitetl

User: Default
->Flash cache emptied: 56475 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: DefaultAppPool
->Flash cache emptied: 56475 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.47.0 log created on 06082012_135913

I have not been using the computer too much today except to run the scans - so I do not know if it working any better / worse than yesterday.

#13 LadybugComputer

LadybugComputer
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 08 June 2012 - 03:46 PM

I also checked my task manager and I still have 17 svchost.exes running right now.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:19 AM

Posted 08 June 2012 - 04:43 PM

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:19 AM

Posted 10 June 2012 - 11:36 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users