Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Engine Redirect problems


  • This topic is locked This topic is locked
18 replies to this topic

#1 Dracule

Dracule

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 07 June 2012 - 01:18 PM

Good Day,

I have been having major problems with a search engine redirect virus recently. The problem is affecting Google, Bing, and IE. A majority of my searches are being redirected to bidding websites and random Ads. In addition, if left on any redirected site for too long, a false security system attempts to load onto my computer. I have ran numerous scans from Malware and Trend Micro in both normal and safe modes with little to no result. Any advice would be greatly appreciated.

Thank-you

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:15 AM

Posted 07 June 2012 - 11:47 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Dracule

Dracule
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 08 June 2012 - 12:33 PM

Security Check Results

Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Trend Micro Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 29
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
Google Chrome 18.0.1025.162
````````Process Check: objlist.exe by Laurent````````
Trend Micro Internet Security SfCtlCom.exe
Trend Micro Internet Security UfSeAgnt.exe
Trend Micro Internet Security TMAS_OE TMAS_OEMon.exe
Trend Micro Internet Security TmPfw.exe
Trend Micro Internet Security TmProxy.exe
Trend Micro BM TMBMSRV.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

DDS Log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Chris at 13:21:41 on 2012-06-08
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4054.1927 [GMT -4:00]
.
AV: Trend Micro Internet Security *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Internet Security *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dldtcoms.exe
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Dell V305\dldtmon.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Dell V305\dldtMsdMon.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = *.local;<local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
mRun: [PCMService] "C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
mRun: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini
mRun: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: marshall.edu\certificates
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cab
DPF: {76CBDDBA-3897-4EAC-A1D3-CCC47DE82EFB} - hxxps://munacsri.marshall.edu/auth/taweb.cab
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxps://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} - hxxps://munacsri.marshall.edu/auth/CCALogin.CAB
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.13.0.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://clients.futuremark.com/calico/systeminfodeploy/FMSI_v410.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{4D0D197A-8051-495E-9222-09C85D06933A} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C8BC1166-25D9-40D3-A709-B645BBB017B3} : DhcpNameServer = 10.101.4.36 10.101.7.30 10.101.4.33
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
mRun-x64: [PCMService] "C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe"
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
mRun-x64: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini
mRun-x64: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\system32\DRIVERS\tmlwf.sys --> C:\Windows\system32\DRIVERS\tmlwf.sys [?]
R2 AbsoluteNotifier;Absolute Notifier;C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-8 10408]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe [?]
R2 dldt_device;dldt_device;C:\Windows\system32\dldtcoms.exe -service --> C:\Windows\system32\dldtcoms.exe -service [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-7-23 296808]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 NACAgent;Cisco NAC Agent;C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2012-4-16 1257400]
R2 tmpreflt;tmpreflt;C:\Windows\system32\DRIVERS\tmpreflt.sys --> C:\Windows\system32\DRIVERS\tmpreflt.sys [?]
R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\system32\DRIVERS\tmwfp.sys --> C:\Windows\system32\DRIVERS\tmwfp.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 NETwNv64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETwNv64.sys --> C:\Windows\system32\DRIVERS\NETwNv64.sys [?]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA001Ufd.sys --> C:\Windows\system32\DRIVERS\OA001Ufd.sys [?]
R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\system32\DRIVERS\OA001Vid.sys --> C:\Windows\system32\DRIVERS\OA001Vid.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\dldtserv.exe [2008-2-25 33448]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-5 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-13 257696]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-5 135664]
S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-06-01 07:13:34 -------- d-----w- C:\$RECYCLE.BIN
2012-06-01 06:05:58 98816 ----a-w- C:\Windows\sed.exe
2012-06-01 06:05:58 518144 ----a-w- C:\Windows\SWREG.exe
2012-06-01 06:05:58 256000 ----a-w- C:\Windows\PEV.exe
2012-06-01 06:05:58 208896 ----a-w- C:\Windows\MBR.exe
2012-06-01 06:04:50 -------- d-----w- C:\ComboFix
2012-05-31 01:07:21 -------- d-----w- C:\ProgramData\HitmanPro
2012-05-28 21:05:18 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-05-28 21:05:18 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-05-28 21:05:18 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-05-28 21:04:03 -------- d-----w- C:\Program Files\iPod
2012-05-28 21:04:00 -------- d-----w- C:\Program Files\iTunes
2012-05-24 17:56:41 -------- d-----w- C:\sh4ldr
2012-05-24 17:56:41 -------- d-----w- C:\Program Files\Enigma Software Group
2012-05-24 17:56:02 -------- d-----w- C:\Windows\82478B3DFD8E450182AC6C864BD60483.TMP
2012-05-24 17:54:41 -------- d-----w- C:\Users\Chris\AppData\Roaming\SpeedyPC Software
2012-05-24 17:54:41 -------- d-----w- C:\Users\Chris\AppData\Roaming\DriverCure
2012-05-24 17:54:24 -------- d-----w- C:\ProgramData\SpeedyPC Software
2012-05-19 23:55:45 -------- d-----w- C:\Program Files\iPod(197)
2012-05-09 20:46:10 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2012-05-06 00:25:41 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-06 00:25:40 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-06 00:25:34 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-03 08:22:15 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-02 13:59:51 2766848 ----a-w- C:\Windows\System32\win32k.sys
2012-03-20 23:34:30 72576 ----a-w- C:\Windows\System32\drivers\partmgr.sys
.
============= FINISH: 13:29:14.90 ===============

DDS Attach Logs


.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 5/5/2009 9:14:46 AM
System Uptime: 6/8/2012 1:00:56 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0P792H
Processor: Intel® Core™2 Duo CPU T6400 @ 2.00GHz | U2E1 | 2000/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 126.903 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 2.016 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0007
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0007
Service: tunmp
.
==== System Restore Points ===================
.
RP601: 6/1/2012 5:08:47 AM - Windows Modules Installer
RP602: 6/2/2012 6:19:11 PM - Scheduled Checkpoint
RP603: 6/4/2012 1:57:55 PM - Windows Update
RP604: 6/5/2012 4:30:48 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
ABBYY FineReader 6.0 Sprint
Absolute Notifier
Acrobat.com
Adobe AIR
Adobe Reader 9.4.6
Adobe Shockwave Player 11.5
Advanced Audio FX Engine
Apple Application Support
Apple Software Update
Banctec Service Agreement
Bing Rewards Client Installer
Carbonite Online Backup Setup
Choice Guard
Cisco NAC Agent
Company of Heroes
Company of Heroes - FAKEMSI
Complete Care Consumer Service Agreement
Dell-eBay
Dell DataSafe Online
Dell Getting Started Guide
Dell Video Chat
Dell Webcam Central
Dragon NaturallySpeaking 11
Eastern Front
Game Booster 3
Google Update Helper
GoToAssist 8.0.0.514
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ITECIR
Java Auto Updater
Java™ 6 Update 29
Junk Mail filter update
Live! Cam Avatar Creator
Malwarebytes Anti-Malware version 1.61.0.1400
MediaDirect
Microsoft Default Manager
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NHCmod v2.602b
Project S
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Spelling Dictionaries Support For Adobe Reader 9
Star Wars®: Knights of the Old Republic ™
System Requirements Lab
System Requirements Lab CYRI
System Requirements Lab for Intel
TomTom HOME 2.7.5.2014
TomTom HOME Visual Studio Merge Modules
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
World of Tanks Closed Beta v.0.6.2.7
Yahoo! Detect
.
==== End Of File ===========================

All three programs you requested that I perform went without a single problem.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:15 AM

Posted 08 June 2012 - 01:16 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Dracule

Dracule
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 09 June 2012 - 01:38 PM

Hello,

Combo Log

ComboFix 12-06-08.02 - Chris 06/09/2012 2:20.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4054.2326 [GMT -4:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-05-09 to 2012-06-09 )))))))))))))))))))))))))))))))
.
.
2012-06-09 06:55 . 2012-06-09 06:55 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
2012-06-09 06:55 . 2012-06-09 06:55 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-06-09 06:55 . 2012-06-09 06:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-31 01:07 . 2012-05-31 01:07 -------- d-----w- c:\programdata\HitmanPro
2012-05-28 21:05 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-05-28 21:05 . 2008-04-17 16:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-05-28 21:05 . 2008-04-17 16:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-05-28 21:04 . 2012-05-28 21:04 -------- d-----w- c:\program files\iPod
2012-05-28 21:04 . 2012-05-28 21:05 -------- d-----w- c:\program files\iTunes
2012-05-24 17:56 . 2012-05-24 21:31 -------- d-----w- C:\sh4ldr
2012-05-24 17:56 . 2012-05-24 17:56 -------- d-----w- c:\program files\Enigma Software Group
2012-05-24 17:56 . 2012-05-24 21:31 -------- d-----w- c:\windows\82478B3DFD8E450182AC6C864BD60483.TMP
2012-05-24 17:54 . 2012-05-24 17:54 -------- d-----w- c:\users\Chris\AppData\Roaming\SpeedyPC Software
2012-05-24 17:54 . 2012-05-24 17:54 -------- d-----w- c:\users\Chris\AppData\Roaming\DriverCure
2012-05-24 17:54 . 2012-05-24 21:21 -------- d-----w- c:\programdata\SpeedyPC Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 00:25 . 2012-04-14 00:24 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-06 00:25 . 2011-06-01 18:11 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-06 00:25 . 2012-05-06 00:25 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-04 19:56 . 2010-04-28 15:17 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 08:22 . 2012-05-09 20:45 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 13:59 . 2012-05-09 20:45 2766848 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 12:45 . 2012-05-09 20:46 1423744 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-20 23:34 . 2012-05-09 20:45 72576 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-01_07.14.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:23 . 2012-06-09 07:00 91386 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-06-09 07:00 88366 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-05-28 01:50 . 2012-06-09 07:00 24688 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2165328798-1726097458-2915134791-1000_UserData.bin
- 2009-05-28 01:52 . 2012-06-01 02:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-05-28 01:52 . 2012-06-07 18:18 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-05-28 01:52 . 2012-06-01 02:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-28 01:52 . 2012-06-07 18:18 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-28 01:52 . 2012-06-01 02:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-05-28 01:52 . 2012-06-07 18:18 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-06-18 05:40 . 2012-05-25 07:14 3454 c:\windows\system32\WDI\ERCQueuedResolutions.dat
+ 2009-06-18 05:40 . 2012-06-07 19:21 3454 c:\windows\system32\WDI\ERCQueuedResolutions.dat
- 2012-06-01 07:11 . 2012-06-01 07:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-09 06:58 . 2012-06-09 06:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-01 07:11 . 2012-06-01 07:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-09 06:58 . 2012-06-09 06:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-28 22:48 . 2012-06-08 06:13 258684 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 15:21 . 2012-06-01 17:51 232640 c:\windows\system32\FNTCACHE.DAT
+ 2011-02-11 09:29 . 2012-06-09 06:57 210400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-10-29 00:03 . 2012-06-08 06:14 976532 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2165328798-1726097458-2915134791-1000-12288.dat
- 2006-11-02 15:22 . 2011-02-10 20:04 4537166 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2006-11-02 15:22 . 2012-06-01 09:10 4537166 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2011-10-29 00:03 . 2012-06-09 06:57 7448983 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2165328798-1726097458-2915134791-1000-8192.dat
- 2006-11-02 12:33 . 2012-05-10 19:17 11272192 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2006-11-02 12:33 . 2012-06-04 21:47 11272192 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2010-06-24 247144]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-07-23 222496]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-02-19 438403]
"PCMService"="c:\program files (x86)\Dell\MediaDirect\PCMService.exe" [2008-07-04 132392]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Absolute Notifier"="c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2010-10-08 86184]
"CarboniteSetupLite"="c:\program files (x86)\Carbonite\CarbonitePreinstaller.exe" [2010-11-21 283792]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]
"NACAgentUI"="c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2012-04-16 593848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-12-4 0]
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-31 1995344]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
S2 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-08 10408]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 00:25]
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-06 02:35]
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-06 02:35]
.
2012-06-09 c:\windows\Tasks\User_Feed_Synchronization-{17144D44-60FC-4DF7-A29D-65516267550E}.job
- c:\windows\system32\msfeedssync.exe [2011-10-28 17:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-08-25 272896]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"dldtmon.exe"="c:\program files (x86)\Dell V305\dldtmon.exe" [2008-06-24 668912]
"dldtamon"="c:\program files (x86)\Dell V305\dldtamon.exe" [2008-06-24 16624]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1023416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://search.myheritage.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: marshall.edu\certificates
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {76CBDDBA-3897-4EAC-A1D3-CCC47DE82EFB} - hxxps://munacsri.marshall.edu/auth/taweb.cab
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxps://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} - hxxps://munacsri.marshall.edu/auth/CCALogin.CAB
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{048DBD20-445E8C82-05040104}]
"ImagePath"="\??\c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2165328798-1726097458-2915134791-1000\Software\SecuROM\License information*]
"datasecu"=hex:39,61,2c,72,7f,1a,b8,c6,f2,40,e7,93,8b,d8,ec,3a,95,0e,0d,8e,6b,
06,1e,22,13,40,23,41,b5,4b,a2,88,9b,83,56,a8,da,10,69,ec,44,e8,8a,9c,5b,31,\
"rkeysecu"=hex:e9,4e,a2,c9,da,49,8d,bb,33,f7,95,aa,93,8c,f3,7b
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Nuance\dgnsvc.exe
c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe
c:\program files (x86)\IObit\Game Booster 3\gbtray.exe
c:\program files (x86)\Dell V305\dldtMsdMon.exe
.
**************************************************************************
.
Completion time: 2012-06-09 03:23:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-09 07:22
ComboFix2.txt 2012-06-01 07:38
.
Pre-Run: 135,759,990,784 bytes free
Post-Run: 156,541,972,480 bytes free
.
- - End Of File - - 36E1C178FE5923D64D373C612FDDA1A1


The process went through without a problem. However,Combofix did seem to take a fairly long time, roughly 40 minutes to complete.

My computer seemed to perform fine after Combofix was run. It was much faster and 20 minutes of random internet searches produced no redirects. However, after being shut off for a night, the computer seems to have become infected once again. It has slowed down and begun to redirect my searches once again.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:15 AM

Posted 09 June 2012 - 03:02 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Dracule

Dracule
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 09 June 2012 - 04:32 PM

I downloaded both tdsskiller and aswMBR to my desktop. However, when i attempt to run tdss killer it will not run. Right after I double click on the icon, I get a "This program needs your permission to continue" message. I click the continue button and it appears that tdsskiller loads for a couple seconds then it just completely disappears.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:15 AM

Posted 09 June 2012 - 06:02 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Dracule

Dracule
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 09 June 2012 - 07:50 PM

Hello,

fixTDSS was successfully ran without a problem. It did say it found one infection but it was cleared. I then restared the computer and ran TDSSkiller and it came back clean.

TDSSkiller log

20:42:00.0119 4864 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
20:42:00.0712 4864 ============================================================
20:42:00.0712 4864 Current date / time: 2012/06/09 20:42:00.0712
20:42:00.0712 4864 SystemInfo:
20:42:00.0712 4864
20:42:00.0712 4864 OS Version: 6.0.6002 ServicePack: 2.0
20:42:00.0712 4864 Product type: Workstation
20:42:00.0712 4864 ComputerName: CHRIS-LAPTOP
20:42:00.0712 4864 UserName: Chris
20:42:00.0712 4864 Windows directory: C:\Windows
20:42:00.0712 4864 System windows directory: C:\Windows
20:42:00.0712 4864 Running under WOW64
20:42:00.0712 4864 Processor architecture: Intel x64
20:42:00.0712 4864 Number of processors: 2
20:42:00.0712 4864 Page size: 0x1000
20:42:00.0712 4864 Boot type: Normal boot
20:42:00.0712 4864 ============================================================
20:42:02.0350 4864 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:42:02.0366 4864 ============================================================
20:42:02.0366 4864 \Device\Harddisk0\DR0:
20:42:02.0366 4864 MBR partitions:
20:42:02.0366 4864 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x27800, BlocksNum 0x1400000
20:42:02.0366 4864 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1427800, BlocksNum 0x24006800
20:42:02.0366 4864 ============================================================
20:42:02.0397 4864 C: <-> \Device\Harddisk0\DR0\Partition1
20:42:02.0428 4864 D: <-> \Device\Harddisk0\DR0\Partition0
20:42:02.0428 4864 ============================================================
20:42:02.0428 4864 Initialize success
20:42:02.0428 4864 ============================================================
20:42:12.0786 4252 ============================================================
20:42:12.0786 4252 Scan started
20:42:12.0786 4252 Mode: Manual;
20:42:12.0786 4252 ============================================================
20:42:13.0988 4252 AbsoluteNotifier (426e0e8127bac7d5ddee8251f104e053) C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
20:42:14.0003 4252 AbsoluteNotifier - ok
20:42:14.0580 4252 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
20:42:14.0580 4252 ACPI - ok
20:42:15.0064 4252 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:42:15.0392 4252 AdobeFlashPlayerUpdateSvc - ok
20:42:15.0579 4252 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
20:42:15.0657 4252 adp94xx - ok
20:42:15.0735 4252 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
20:42:15.0813 4252 adpahci - ok
20:42:15.0844 4252 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
20:42:15.0969 4252 adpu160m - ok
20:42:16.0094 4252 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
20:42:16.0109 4252 adpu320 - ok
20:42:16.0312 4252 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
20:42:16.0328 4252 AeLookupSvc - ok
20:42:16.0936 4252 AESTFilters (9cac9e19d71e4af99920fcc3eca0e3f1) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe
20:42:16.0952 4252 AESTFilters - ok
20:42:17.0108 4252 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
20:42:17.0264 4252 AFD - ok
20:42:17.0326 4252 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
20:42:17.0342 4252 agp440 - ok
20:42:17.0404 4252 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
20:42:17.0420 4252 aic78xx - ok
20:42:17.0451 4252 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
20:42:17.0451 4252 ALG - ok
20:42:17.0498 4252 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
20:42:17.0498 4252 aliide - ok
20:42:17.0529 4252 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
20:42:17.0544 4252 amdide - ok
20:42:17.0576 4252 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
20:42:17.0576 4252 AmdK8 - ok
20:42:17.0654 4252 ApfiltrService (8c85c812569df851e7a2159147323dfa) C:\Windows\system32\DRIVERS\Apfiltr.sys
20:42:17.0669 4252 ApfiltrService - ok
20:42:17.0919 4252 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
20:42:17.0919 4252 Appinfo - ok
20:42:18.0184 4252 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:42:18.0200 4252 Apple Mobile Device - ok
20:42:18.0215 4252 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
20:42:18.0231 4252 arc - ok
20:42:18.0340 4252 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
20:42:18.0356 4252 arcsas - ok
20:42:18.0418 4252 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
20:42:18.0418 4252 AsyncMac - ok
20:42:18.0558 4252 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
20:42:18.0558 4252 atapi - ok
20:42:18.0761 4252 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
20:42:18.0761 4252 AudioEndpointBuilder - ok
20:42:18.0777 4252 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
20:42:18.0777 4252 AudioSrv - ok
20:42:18.0808 4252 Beep - ok
20:42:18.0995 4252 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
20:42:19.0058 4252 BFE - ok
20:42:19.0338 4252 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
20:42:19.0416 4252 BITS - ok
20:42:19.0557 4252 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
20:42:19.0557 4252 blbdrive - ok
20:42:19.0884 4252 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:42:19.0900 4252 Bonjour Service - ok
20:42:20.0165 4252 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
20:42:20.0181 4252 bowser - ok
20:42:20.0774 4252 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
20:42:20.0774 4252 BrFiltLo - ok
20:42:21.0039 4252 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
20:42:21.0039 4252 BrFiltUp - ok
20:42:21.0101 4252 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
20:42:21.0117 4252 Browser - ok
20:42:21.0210 4252 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
20:42:21.0226 4252 Brserid - ok
20:42:21.0710 4252 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
20:42:21.0725 4252 BrSerWdm - ok
20:42:22.0146 4252 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
20:42:22.0162 4252 BrUsbMdm - ok
20:42:23.0738 4252 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
20:42:23.0738 4252 BrUsbSer - ok
20:42:23.0878 4252 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
20:42:23.0894 4252 BTHMODEM - ok
20:42:24.0221 4252 catchme - ok
20:42:24.0268 4252 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
20:42:24.0284 4252 cdfs - ok
20:42:24.0424 4252 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
20:42:24.0424 4252 cdrom - ok
20:42:24.0533 4252 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
20:42:24.0549 4252 CertPropSvc - ok
20:42:24.0736 4252 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
20:42:24.0752 4252 circlass - ok
20:42:25.0220 4252 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
20:42:25.0251 4252 CLFS - ok
20:42:25.0360 4252 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:42:25.0376 4252 clr_optimization_v2.0.50727_32 - ok
20:42:25.0407 4252 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:42:25.0422 4252 clr_optimization_v2.0.50727_64 - ok
20:42:25.0547 4252 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:42:25.0610 4252 clr_optimization_v4.0.30319_32 - ok
20:42:26.0764 4252 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:42:26.0967 4252 clr_optimization_v4.0.30319_64 - ok
20:42:26.0998 4252 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
20:42:27.0014 4252 CmBatt - ok
20:42:27.0045 4252 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
20:42:27.0060 4252 cmdide - ok
20:42:27.0092 4252 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
20:42:27.0092 4252 Compbatt - ok
20:42:27.0107 4252 COMSysApp - ok
20:42:27.0154 4252 cpuz135 - ok
20:42:27.0263 4252 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
20:42:27.0279 4252 crcdisk - ok
20:42:27.0310 4252 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
20:42:27.0310 4252 CryptSvc - ok
20:42:27.0528 4252 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
20:42:27.0528 4252 DcomLaunch - ok
20:42:27.0575 4252 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
20:42:27.0591 4252 DfsC - ok
20:42:28.0480 4252 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
20:42:28.0589 4252 DFSR - ok
20:42:28.0948 4252 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
20:42:28.0948 4252 Dhcp - ok
20:42:29.0010 4252 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
20:42:29.0010 4252 disk - ok
20:42:29.0104 4252 dldtCATSCustConnectService (1e53c9d46995487dae3fa9f4236dcef1) C:\Windows\system32\spool\DRIVERS\x64\3\\dldtserv.exe
20:42:29.0104 4252 dldtCATSCustConnectService - ok
20:42:29.0120 4252 dldt_device - ok
20:42:29.0166 4252 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
20:42:29.0198 4252 Dnscache - ok
20:42:29.0338 4252 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
20:42:29.0369 4252 DockLoginService - ok
20:42:29.0432 4252 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
20:42:29.0447 4252 dot3svc - ok
20:42:29.0634 4252 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
20:42:29.0634 4252 DPS - ok
20:42:29.0790 4252 DragonSvc (bb45013a0e6ec0f39be4ef663ff2e993) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
20:42:29.0822 4252 DragonSvc - ok
20:42:29.0853 4252 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
20:42:29.0868 4252 drmkaud - ok
20:42:29.0993 4252 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
20:42:29.0993 4252 DXGKrnl - ok
20:42:30.0087 4252 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
20:42:30.0134 4252 e1express - ok
20:42:30.0180 4252 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
20:42:30.0212 4252 E1G60 - ok
20:42:30.0243 4252 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
20:42:30.0258 4252 EapHost - ok
20:42:30.0290 4252 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
20:42:30.0305 4252 Ecache - ok
20:42:30.0383 4252 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
20:42:30.0430 4252 ehRecvr - ok
20:42:30.0446 4252 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
20:42:30.0477 4252 ehSched - ok
20:42:30.0508 4252 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
20:42:30.0508 4252 ehstart - ok
20:42:30.0602 4252 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
20:42:30.0633 4252 elxstor - ok
20:42:30.0695 4252 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
20:42:30.0742 4252 EMDMgmt - ok
20:42:30.0742 4252 ErrDev (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys
20:42:30.0758 4252 ErrDev - ok
20:42:30.0820 4252 esgiguard - ok
20:42:30.0898 4252 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
20:42:30.0898 4252 EventSystem - ok
20:42:30.0945 4252 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
20:42:30.0960 4252 exfat - ok
20:42:31.0023 4252 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
20:42:31.0070 4252 fastfat - ok
20:42:31.0116 4252 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
20:42:31.0116 4252 fdc - ok
20:42:31.0163 4252 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
20:42:31.0179 4252 fdPHost - ok
20:42:31.0194 4252 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
20:42:31.0194 4252 FDResPub - ok
20:42:31.0241 4252 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
20:42:31.0257 4252 FileInfo - ok
20:42:31.0272 4252 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
20:42:31.0288 4252 Filetrace - ok
20:42:31.0319 4252 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:42:31.0319 4252 flpydisk - ok
20:42:31.0366 4252 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
20:42:31.0397 4252 FltMgr - ok
20:42:31.0584 4252 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
20:42:31.0616 4252 FontCache - ok
20:42:31.0694 4252 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:42:31.0709 4252 FontCache3.0.0.0 - ok
20:42:31.0772 4252 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
20:42:31.0772 4252 Fs_Rec - ok
20:42:31.0818 4252 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
20:42:31.0834 4252 gagp30kx - ok
20:42:31.0865 4252 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:42:31.0865 4252 GEARAspiWDM - ok
20:42:32.0021 4252 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
20:42:32.0021 4252 GoToAssist - ok
20:42:32.0255 4252 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
20:42:32.0271 4252 gpsvc - ok
20:42:32.0474 4252 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:42:32.0474 4252 gupdate - ok
20:42:32.0520 4252 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:42:32.0520 4252 gupdatem - ok
20:42:32.0895 4252 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:42:32.0910 4252 HDAudBus - ok
20:42:32.0957 4252 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
20:42:32.0957 4252 HidBth - ok
20:42:32.0988 4252 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
20:42:33.0004 4252 HidIr - ok
20:42:33.0035 4252 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
20:42:33.0051 4252 hidserv - ok
20:42:33.0082 4252 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
20:42:33.0082 4252 HidUsb - ok
20:42:33.0113 4252 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
20:42:33.0129 4252 hkmsvc - ok
20:42:33.0160 4252 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
20:42:33.0176 4252 HpCISSs - ok
20:42:33.0316 4252 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
20:42:33.0363 4252 HTTP - ok
20:42:33.0394 4252 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
20:42:33.0394 4252 i2omp - ok
20:42:33.0441 4252 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
20:42:33.0456 4252 i8042prt - ok
20:42:33.0503 4252 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
20:42:33.0519 4252 iaStorV - ok
20:42:33.0862 4252 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:42:33.0924 4252 idsvc - ok
20:42:36.0998 4252 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:42:37.0341 4252 igfx - ok
20:42:38.0136 4252 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
20:42:38.0152 4252 iirsp - ok
20:42:38.0246 4252 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
20:42:38.0277 4252 IKEEXT - ok
20:42:38.0339 4252 IntcHdmiAddService (dea2ab452b4fa773187369c4b6517320) C:\Windows\system32\drivers\IntcHdmi.sys
20:42:38.0370 4252 IntcHdmiAddService - ok
20:42:38.0402 4252 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
20:42:38.0402 4252 intelide - ok
20:42:38.0417 4252 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
20:42:38.0417 4252 intelppm - ok
20:42:38.0464 4252 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
20:42:38.0480 4252 IPBusEnum - ok
20:42:38.0526 4252 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:42:38.0542 4252 IpFilterDriver - ok
20:42:38.0589 4252 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
20:42:38.0604 4252 iphlpsvc - ok
20:42:38.0604 4252 IpInIp - ok
20:42:38.0651 4252 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
20:42:38.0667 4252 IPMIDRV - ok
20:42:38.0729 4252 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
20:42:38.0745 4252 IPNAT - ok
20:42:39.0119 4252 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
20:42:39.0135 4252 iPod Service - ok
20:42:39.0182 4252 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
20:42:39.0182 4252 IRENUM - ok
20:42:39.0228 4252 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
20:42:39.0228 4252 isapnp - ok
20:42:39.0275 4252 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
20:42:39.0275 4252 iScsiPrt - ok
20:42:39.0525 4252 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
20:42:39.0540 4252 iteatapi - ok
20:42:39.0587 4252 itecir (e157d6b89d87a1b467ecdd66d280a1c2) C:\Windows\system32\DRIVERS\itecir.sys
20:42:39.0587 4252 itecir - ok
20:42:39.0650 4252 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
20:42:39.0650 4252 iteraid - ok
20:42:39.0712 4252 k57nd60a (2798447996feb5a58b584c8443acad02) C:\Windows\system32\DRIVERS\k57nd60a.sys
20:42:39.0743 4252 k57nd60a - ok
20:42:39.0759 4252 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
20:42:39.0759 4252 kbdclass - ok
20:42:40.0133 4252 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
20:42:40.0149 4252 kbdhid - ok
20:42:40.0289 4252 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
20:42:40.0336 4252 KeyIso - ok
20:42:40.0554 4252 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
20:42:40.0586 4252 KSecDD - ok
20:42:40.0617 4252 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
20:42:40.0632 4252 ksthunk - ok
20:42:40.0710 4252 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
20:42:40.0710 4252 KtmRm - ok
20:42:40.0757 4252 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
20:42:40.0773 4252 LanmanServer - ok
20:42:40.0820 4252 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
20:42:40.0835 4252 LanmanWorkstation - ok
20:42:40.0866 4252 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
20:42:40.0866 4252 lltdio - ok
20:42:40.0929 4252 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
20:42:40.0944 4252 lltdsvc - ok
20:42:40.0976 4252 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
20:42:40.0976 4252 lmhosts - ok
20:42:41.0007 4252 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
20:42:41.0038 4252 LSI_FC - ok
20:42:41.0054 4252 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
20:42:41.0069 4252 LSI_SAS - ok
20:42:41.0116 4252 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
20:42:41.0116 4252 LSI_SCSI - ok
20:42:41.0147 4252 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
20:42:41.0178 4252 luafv - ok
20:42:41.0210 4252 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
20:42:41.0210 4252 Mcx2Svc - ok
20:42:41.0241 4252 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
20:42:41.0241 4252 megasas - ok
20:42:41.0303 4252 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
20:42:41.0334 4252 MegaSR - ok
20:42:41.0350 4252 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
20:42:41.0350 4252 MMCSS - ok
20:42:41.0381 4252 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
20:42:41.0381 4252 Modem - ok
20:42:41.0397 4252 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
20:42:41.0397 4252 monitor - ok
20:42:41.0444 4252 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
20:42:41.0459 4252 mouclass - ok
20:42:41.0506 4252 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
20:42:41.0506 4252 mouhid - ok
20:42:41.0522 4252 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
20:42:41.0522 4252 MountMgr - ok
20:42:41.0568 4252 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
20:42:41.0600 4252 mpio - ok
20:42:41.0615 4252 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
20:42:41.0631 4252 mpsdrv - ok
20:42:41.0818 4252 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
20:42:41.0880 4252 MpsSvc - ok
20:42:41.0896 4252 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
20:42:41.0912 4252 Mraid35x - ok
20:42:41.0958 4252 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
20:42:42.0005 4252 MRxDAV - ok
20:42:42.0052 4252 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:42:42.0083 4252 mrxsmb - ok
20:42:42.0130 4252 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:42:42.0161 4252 mrxsmb10 - ok
20:42:42.0177 4252 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:42:42.0177 4252 mrxsmb20 - ok
20:42:42.0239 4252 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
20:42:42.0239 4252 msahci - ok
20:42:42.0286 4252 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
20:42:42.0333 4252 msdsm - ok
20:42:42.0380 4252 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
20:42:42.0395 4252 MSDTC - ok
20:42:42.0426 4252 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
20:42:42.0426 4252 Msfs - ok
20:42:42.0458 4252 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
20:42:42.0458 4252 msisadrv - ok
20:42:42.0520 4252 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
20:42:42.0536 4252 MSiSCSI - ok
20:42:42.0536 4252 msiserver - ok
20:42:42.0567 4252 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
20:42:42.0567 4252 MSKSSRV - ok
20:42:42.0598 4252 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
20:42:42.0598 4252 MSPCLOCK - ok
20:42:42.0614 4252 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
20:42:42.0614 4252 MSPQM - ok
20:42:42.0676 4252 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
20:42:42.0707 4252 MsRPC - ok
20:42:42.0723 4252 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
20:42:42.0723 4252 mssmbios - ok
20:42:42.0738 4252 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
20:42:42.0754 4252 MSTEE - ok
20:42:42.0785 4252 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
20:42:42.0785 4252 Mup - ok
20:42:43.0066 4252 NACAgent (83a04637c5404cc54564c9fecd907406) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
20:42:43.0144 4252 NACAgent - ok
20:42:45.0125 4252 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
20:42:45.0141 4252 napagent - ok
20:42:45.0203 4252 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
20:42:45.0250 4252 NativeWifiP - ok
20:42:45.0344 4252 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
20:42:45.0359 4252 NDIS - ok
20:42:45.0375 4252 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
20:42:45.0390 4252 NdisTapi - ok
20:42:45.0406 4252 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
20:42:45.0406 4252 Ndisuio - ok
20:42:45.0453 4252 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
20:42:45.0484 4252 NdisWan - ok
20:42:45.0500 4252 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
20:42:45.0500 4252 NDProxy - ok
20:42:45.0515 4252 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
20:42:45.0531 4252 NetBIOS - ok
20:42:45.0578 4252 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
20:42:45.0640 4252 netbt - ok
20:42:45.0640 4252 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
20:42:45.0640 4252 Netlogon - ok
20:42:45.0734 4252 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
20:42:45.0765 4252 Netman - ok
20:42:45.0796 4252 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
20:42:45.0827 4252 netprofm - ok
20:42:46.0202 4252 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:42:46.0233 4252 NetTcpPortSharing - ok
20:42:46.0872 4252 NETw5v64 (f17eda58c8c5b1a4f873b322729168ff) C:\Windows\system32\DRIVERS\NETw5v64.sys
20:42:47.0013 4252 NETw5v64 - ok
20:42:50.0445 4252 NETwNv64 (bac576b1be99efe5ef6a6228404cd1c4) C:\Windows\system32\DRIVERS\NETwNv64.sys
20:42:50.0757 4252 NETwNv64 - ok
20:42:50.0944 4252 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
20:42:50.0960 4252 nfrd960 - ok
20:42:50.0991 4252 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
20:42:51.0006 4252 NlaSvc - ok
20:42:51.0038 4252 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
20:42:51.0053 4252 Npfs - ok
20:42:51.0053 4252 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
20:42:51.0069 4252 nsi - ok
20:42:51.0069 4252 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
20:42:51.0084 4252 nsiproxy - ok
20:42:51.0256 4252 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
20:42:51.0318 4252 Ntfs - ok
20:42:51.0818 4252 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
20:42:51.0818 4252 Null - ok
20:42:51.0864 4252 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
20:42:51.0896 4252 nvraid - ok
20:42:51.0911 4252 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
20:42:51.0927 4252 nvstor - ok
20:42:51.0958 4252 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
20:42:51.0974 4252 nv_agp - ok
20:42:51.0989 4252 NwlnkFlt - ok
20:42:51.0989 4252 NwlnkFwd - ok
20:42:52.0052 4252 OA001Ufd (404b0121ae1a75d9a63b6934eb07c258) C:\Windows\system32\DRIVERS\OA001Ufd.sys
20:42:52.0067 4252 OA001Ufd - ok
20:42:52.0130 4252 OA001Vid (4b69d156db42b26425ab3b172fa50d92) C:\Windows\system32\DRIVERS\OA001Vid.sys
20:42:52.0145 4252 OA001Vid - ok
20:42:52.0317 4252 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:42:52.0379 4252 odserv - ok
20:42:52.0426 4252 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
20:42:52.0426 4252 ohci1394 - ok
20:42:52.0488 4252 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:42:52.0520 4252 ose - ok
20:42:52.0629 4252 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
20:42:52.0676 4252 p2pimsvc - ok
20:42:52.0676 4252 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
20:42:52.0691 4252 p2psvc - ok
20:42:52.0707 4252 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
20:42:52.0722 4252 Parport - ok
20:42:52.0769 4252 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
20:42:52.0769 4252 partmgr - ok
20:42:52.0800 4252 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
20:42:52.0816 4252 PcaSvc - ok
20:42:52.0832 4252 PCD5SRVC{048DBD20-445E8C82-05040104} - ok
20:42:52.0863 4252 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
20:42:52.0878 4252 pci - ok
20:42:52.0910 4252 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
20:42:52.0910 4252 pciide - ok
20:42:52.0956 4252 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
20:42:52.0972 4252 pcmcia - ok
20:42:53.0066 4252 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
20:42:53.0097 4252 PEAUTH - ok
20:42:53.0300 4252 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
20:42:53.0315 4252 PerfHost - ok
20:42:53.0877 4252 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
20:42:53.0939 4252 pla - ok
20:42:54.0002 4252 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
20:42:54.0033 4252 PlugPlay - ok
20:42:54.0142 4252 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
20:42:54.0142 4252 PNRPAutoReg - ok
20:42:54.0158 4252 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
20:42:54.0173 4252 PNRPsvc - ok
20:42:54.0345 4252 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
20:42:54.0392 4252 PolicyAgent - ok
20:42:54.0454 4252 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
20:42:54.0501 4252 PptpMiniport - ok
20:42:54.0516 4252 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
20:42:54.0532 4252 Processor - ok
20:42:54.0563 4252 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
20:42:54.0563 4252 ProfSvc - ok
20:42:54.0610 4252 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
20:42:54.0610 4252 ProtectedStorage - ok
20:42:54.0657 4252 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
20:42:54.0672 4252 PSched - ok
20:42:54.0735 4252 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
20:42:54.0735 4252 PxHlpa64 - ok
20:42:54.0906 4252 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
20:42:54.0984 4252 ql2300 - ok
20:42:55.0000 4252 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
20:42:55.0031 4252 ql40xx - ok
20:42:55.0078 4252 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
20:42:55.0094 4252 QWAVE - ok
20:42:55.0109 4252 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
20:42:55.0125 4252 QWAVEdrv - ok
20:42:55.0406 4252 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
20:42:55.0515 4252 R300 - ok
20:42:55.0686 4252 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
20:42:55.0702 4252 RasAcd - ok
20:42:55.0749 4252 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
20:42:55.0764 4252 RasAuto - ok
20:42:55.0796 4252 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:42:55.0827 4252 Rasl2tp - ok
20:42:55.0858 4252 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
20:42:55.0889 4252 RasMan - ok
20:42:55.0920 4252 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
20:42:55.0936 4252 RasPppoe - ok
20:42:55.0983 4252 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
20:42:55.0998 4252 RasSstp - ok
20:42:56.0061 4252 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
20:42:56.0076 4252 rdbss - ok
20:42:56.0092 4252 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:42:56.0108 4252 RDPCDD - ok
20:42:56.0139 4252 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
20:42:56.0170 4252 rdpdr - ok
20:42:56.0170 4252 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
20:42:56.0186 4252 RDPENCDD - ok
20:42:56.0232 4252 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
20:42:56.0279 4252 RDPWD - ok
20:42:56.0295 4252 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
20:42:56.0326 4252 RemoteAccess - ok
20:42:56.0373 4252 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
20:42:56.0388 4252 RemoteRegistry - ok
20:42:56.0435 4252 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
20:42:56.0451 4252 rimmptsk - ok
20:42:56.0466 4252 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
20:42:56.0466 4252 rimsptsk - ok
20:42:56.0498 4252 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
20:42:56.0513 4252 rismxdp - ok
20:42:56.0529 4252 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
20:42:56.0544 4252 RpcLocator - ok
20:42:56.0669 4252 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
20:42:56.0685 4252 RpcSs - ok
20:42:56.0825 4252 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
20:42:56.0841 4252 rspndr - ok
20:42:57.0060 4252 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
20:42:57.0060 4252 SamSs - ok
20:42:57.0091 4252 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
20:42:57.0091 4252 sbp2port - ok
20:42:57.0154 4252 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
20:42:57.0169 4252 SCardSvr - ok
20:42:57.0310 4252 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
20:42:57.0357 4252 Schedule - ok
20:42:57.0403 4252 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
20:42:57.0403 4252 SCPolicySvc - ok
20:42:57.0513 4252 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
20:42:57.0559 4252 sdbus - ok
20:42:57.0591 4252 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
20:42:57.0637 4252 SDRSVC - ok
20:42:57.0669 4252 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:42:57.0669 4252 secdrv - ok
20:42:57.0700 4252 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
20:42:57.0700 4252 seclogon - ok
20:42:57.0731 4252 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
20:42:57.0731 4252 SENS - ok
20:42:57.0747 4252 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
20:42:57.0747 4252 Serenum - ok
20:42:57.0793 4252 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
20:42:57.0825 4252 Serial - ok
20:42:57.0856 4252 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
20:42:57.0856 4252 sermouse - ok
20:42:57.0934 4252 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
20:42:57.0934 4252 SessionEnv - ok
20:42:58.0121 4252 SfCtlCom (52c525bf4d78125a5064d0d1705f04b6) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
20:42:58.0137 4252 SfCtlCom - ok
20:42:58.0168 4252 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
20:42:58.0168 4252 sffdisk - ok
20:42:58.0215 4252 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
20:42:58.0215 4252 sffp_mmc - ok
20:42:58.0230 4252 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
20:42:58.0230 4252 sffp_sd - ok
20:42:58.0261 4252 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
20:42:58.0277 4252 sfloppy - ok
20:42:58.0293 4252 SftService - ok
20:42:58.0355 4252 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
20:42:58.0386 4252 SharedAccess - ok
20:42:58.0449 4252 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
20:42:58.0480 4252 ShellHWDetection - ok
20:42:58.0495 4252 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
20:42:58.0511 4252 SiSRaid2 - ok
20:42:58.0542 4252 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
20:42:58.0558 4252 SiSRaid4 - ok
20:42:58.0870 4252 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
20:42:58.0979 4252 slsvc - ok
20:42:59.0229 4252 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
20:42:59.0229 4252 SLUINotify - ok
20:42:59.0307 4252 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
20:42:59.0307 4252 Smb - ok
20:42:59.0353 4252 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
20:42:59.0353 4252 SNMPTRAP - ok
20:42:59.0385 4252 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
20:42:59.0385 4252 spldr - ok
20:42:59.0447 4252 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
20:42:59.0478 4252 Spooler - ok
20:42:59.0821 4252 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
20:42:59.0868 4252 srv - ok
20:42:59.0915 4252 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
20:42:59.0931 4252 srv2 - ok
20:42:59.0977 4252 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
20:42:59.0993 4252 srvnet - ok
20:43:00.0040 4252 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
20:43:00.0055 4252 SSDPSRV - ok
20:43:00.0087 4252 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
20:43:00.0118 4252 SstpSvc - ok
20:43:00.0289 4252 STacSV (2080477f89f82fbd12436bf9770e29a1) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe
20:43:00.0321 4252 STacSV - ok
20:43:00.0414 4252 STHDA (3281204b2e6049100d0ff04270c2aea5) C:\Windows\system32\DRIVERS\stwrt64.sys
20:43:00.0445 4252 STHDA - ok
20:43:00.0523 4252 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
20:43:00.0570 4252 stisvc - ok
20:43:00.0648 4252 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
20:43:00.0664 4252 stllssvr - ok
20:43:00.0711 4252 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
20:43:00.0711 4252 swenum - ok
20:43:00.0820 4252 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
20:43:00.0851 4252 swprv - ok
20:43:00.0867 4252 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
20:43:00.0882 4252 Symc8xx - ok
20:43:00.0898 4252 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
20:43:00.0913 4252 Sym_hi - ok
20:43:00.0929 4252 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
20:43:00.0929 4252 Sym_u3 - ok
20:43:01.0179 4252 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
20:43:01.0225 4252 SysMain - ok
20:43:01.0257 4252 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
20:43:01.0272 4252 TabletInputService - ok
20:43:01.0319 4252 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
20:43:01.0350 4252 TapiSrv - ok
20:43:01.0366 4252 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
20:43:01.0381 4252 TBS - ok
20:43:01.0615 4252 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
20:43:01.0662 4252 Tcpip - ok
20:43:02.0239 4252 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
20:43:02.0255 4252 Tcpip6 - ok
20:43:02.0442 4252 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
20:43:02.0458 4252 tcpipreg - ok
20:43:02.0473 4252 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
20:43:02.0489 4252 TDPIPE - ok
20:43:02.0505 4252 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
20:43:02.0520 4252 TDTCP - ok
20:43:02.0551 4252 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
20:43:02.0567 4252 tdx - ok
20:43:02.0598 4252 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
20:43:02.0614 4252 TermDD - ok
20:43:02.0739 4252 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
20:43:02.0754 4252 TermService - ok
20:43:02.0801 4252 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
20:43:02.0801 4252 Themes - ok
20:43:02.0832 4252 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
20:43:02.0832 4252 THREADORDER - ok
20:43:02.0973 4252 TMBMServer (963c903e5176c5cdcae321d48635b21f) C:\Program Files\Trend Micro\BM\TMBMSRV.exe
20:43:02.0973 4252 TMBMServer - ok
20:43:03.0051 4252 tmlwf (35a6aeb61c7cf21b10cc05bda47339b5) C:\Windows\system32\DRIVERS\tmlwf.sys
20:43:03.0066 4252 tmlwf - ok
20:43:03.0160 4252 TmPfw (c52867f238ef1aafcd35f8d134b8ab10) C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
20:43:03.0160 4252 TmPfw - ok
20:43:03.0238 4252 tmpreflt (1889f49a828b1cf0e2866cdd325875b0) C:\Windows\system32\DRIVERS\tmpreflt.sys
20:43:03.0253 4252 tmpreflt - ok
20:43:03.0456 4252 TmProxy (3ae913b4fbf06ee49831ff9db2330830) C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
20:43:03.0472 4252 TmProxy - ok
20:43:03.0519 4252 tmtdi (21cc12b7f8b44e91d03ead5b17aaf0b2) C:\Windows\system32\DRIVERS\tmtdi.sys
20:43:03.0519 4252 tmtdi - ok
20:43:03.0581 4252 tmwfp (a4670e50c15d7bce7226e4b62700df09) C:\Windows\system32\DRIVERS\tmwfp.sys
20:43:03.0597 4252 tmwfp - ok
20:43:03.0675 4252 tmxpflt (8b97ba7e28bd39a2bc4a2bb66a83fec0) C:\Windows\system32\DRIVERS\tmxpflt.sys
20:43:03.0675 4252 tmxpflt - ok
20:43:03.0815 4252 TomTomHOMEService (f32e7cd2339c66760aa5178924b21e6b) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
20:43:03.0831 4252 TomTomHOMEService - ok
20:43:03.0862 4252 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
20:43:03.0877 4252 TrkWks - ok
20:43:03.0940 4252 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
20:43:03.0940 4252 TrustedInstaller - ok
20:43:03.0971 4252 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:43:03.0987 4252 tssecsrv - ok
20:43:04.0002 4252 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
20:43:04.0002 4252 tunmp - ok
20:43:04.0033 4252 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
20:43:04.0049 4252 tunnel - ok
20:43:04.0065 4252 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
20:43:04.0080 4252 uagp35 - ok
20:43:04.0158 4252 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
20:43:04.0205 4252 udfs - ok
20:43:04.0252 4252 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
20:43:04.0252 4252 UI0Detect - ok
20:43:04.0283 4252 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
20:43:04.0283 4252 uliagpkx - ok
20:43:04.0330 4252 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
20:43:04.0345 4252 uliahci - ok
20:43:04.0377 4252 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
20:43:04.0392 4252 UlSata - ok
20:43:04.0439 4252 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
20:43:04.0470 4252 ulsata2 - ok
20:43:04.0501 4252 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
20:43:04.0517 4252 umbus - ok
20:43:04.0548 4252 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys
20:43:04.0548 4252 UMPass - ok
20:43:04.0595 4252 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
20:43:04.0642 4252 upnphost - ok
20:43:04.0689 4252 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
20:43:04.0689 4252 USBAAPL64 - ok
20:43:04.0767 4252 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
20:43:04.0767 4252 usbccgp - ok
20:43:04.0782 4252 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
20:43:04.0798 4252 usbcir - ok
20:43:04.0829 4252 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
20:43:04.0845 4252 usbehci - ok
20:43:04.0907 4252 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
20:43:04.0938 4252 usbhub - ok
20:43:04.0954 4252 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
20:43:04.0969 4252 usbohci - ok
20:43:05.0001 4252 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
20:43:05.0001 4252 usbprint - ok
20:43:05.0032 4252 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
20:43:05.0047 4252 usbscan - ok
20:43:05.0219 4252 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:43:05.0235 4252 USBSTOR - ok
20:43:05.0266 4252 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
20:43:05.0281 4252 usbuhci - ok
20:43:05.0313 4252 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
20:43:05.0328 4252 UxSms - ok
20:43:05.0422 4252 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
20:43:05.0469 4252 vds - ok
20:43:05.0500 4252 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
20:43:05.0515 4252 vga - ok
20:43:05.0531 4252 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
20:43:05.0547 4252 VgaSave - ok
20:43:05.0562 4252 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
20:43:05.0562 4252 viaide - ok
20:43:05.0609 4252 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
20:43:05.0609 4252 volmgr - ok
20:43:05.0687 4252 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
20:43:05.0718 4252 volmgrx - ok
20:43:05.0765 4252 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
20:43:05.0859 4252 volsnap - ok
20:43:06.0233 4252 vsapint (3a5862d9a4fe4bbb2ffa1700e2b21b9b) C:\Windows\system32\DRIVERS\vsapint.sys
20:43:06.0264 4252 vsapint - ok
20:43:06.0514 4252 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
20:43:06.0545 4252 vsmraid - ok
20:43:06.0748 4252 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
20:43:06.0841 4252 VSS - ok
20:43:06.0982 4252 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
20:43:07.0029 4252 W32Time - ok
20:43:07.0075 4252 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
20:43:07.0075 4252 WacomPen - ok
20:43:07.0122 4252 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
20:43:07.0138 4252 Wanarp - ok
20:43:07.0153 4252 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
20:43:07.0153 4252 Wanarpv6 - ok
20:43:07.0216 4252 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
20:43:07.0263 4252 wcncsvc - ok
20:43:07.0278 4252 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
20:43:07.0294 4252 WcsPlugInService - ok
20:43:07.0309 4252 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
20:43:07.0309 4252 Wd - ok
20:43:07.0481 4252 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
20:43:07.0528 4252 Wdf01000 - ok
20:43:07.0543 4252 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
20:43:07.0543 4252 WdiServiceHost - ok
20:43:07.0559 4252 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
20:43:07.0559 4252 WdiSystemHost - ok
20:43:07.0590 4252 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
20:43:07.0621 4252 WebClient - ok
20:43:07.0668 4252 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
20:43:07.0684 4252 Wecsvc - ok
20:43:07.0699 4252 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
20:43:07.0715 4252 wercplsupport - ok
20:43:07.0731 4252 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
20:43:07.0746 4252 WerSvc - ok
20:43:07.0777 4252 WinDefend - ok
20:43:07.0793 4252 WinHttpAutoProxySvc - ok
20:43:07.0871 4252 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
20:43:07.0887 4252 Winmgmt - ok
20:43:08.0089 4252 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
20:43:08.0152 4252 WinRM - ok
20:43:08.0355 4252 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
20:43:08.0370 4252 Wlansvc - ok
20:43:08.0745 4252 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:43:08.0838 4252 wlidsvc - ok
20:43:09.0213 4252 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:43:09.0213 4252 WmiAcpi - ok
20:43:09.0478 4252 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
20:43:09.0540 4252 wmiApSrv - ok
20:43:09.0587 4252 WMPNetworkSvc - ok
20:43:09.0634 4252 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
20:43:09.0665 4252 WPCSvc - ok
20:43:09.0712 4252 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
20:43:09.0712 4252 WPDBusEnum - ok
20:43:10.0398 4252 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:43:10.0445 4252 WPFFontCache_v0400 - ok
20:43:10.0507 4252 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
20:43:10.0507 4252 ws2ifsl - ok
20:43:10.0554 4252 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
20:43:10.0554 4252 wscsvc - ok
20:43:10.0554 4252 WSearch - ok
20:43:10.0913 4252 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
20:43:10.0944 4252 wuauserv - ok
20:43:11.0116 4252 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:43:11.0147 4252 WUDFRd - ok
20:43:11.0178 4252 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
20:43:11.0194 4252 wudfsvc - ok
20:43:11.0225 4252 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:43:11.0677 4252 \Device\Harddisk0\DR0 - ok
20:43:11.0724 4252 Boot (0x1200) (8143f2fb0032c3d047361fc73159fc04) \Device\Harddisk0\DR0\Partition0
20:43:11.0724 4252 \Device\Harddisk0\DR0\Partition0 - ok
20:43:11.0740 4252 Boot (0x1200) (1bc297e59c978e51db00d920c84917cc) \Device\Harddisk0\DR0\Partition1
20:43:11.0740 4252 \Device\Harddisk0\DR0\Partition1 - ok
20:43:11.0740 4252 ============================================================
20:43:11.0740 4252 Scan finished
20:43:11.0740 4252 ============================================================
20:43:11.0755 0852 Detected object count: 0
20:43:11.0755 0852 Actual detected object count: 0
20:44:28.0476 4324 ============================================================
20:44:28.0476 4324 Scan started
20:44:28.0476 4324 Mode: Manual;
20:44:28.0476 4324 ============================================================
20:44:30.0052 4324 AbsoluteNotifier (426e0e8127bac7d5ddee8251f104e053) C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
20:44:30.0052 4324 AbsoluteNotifier - ok
20:44:30.0099 4324 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
20:44:30.0114 4324 ACPI - ok
20:44:31.0113 4324 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:44:31.0113 4324 AdobeFlashPlayerUpdateSvc - ok
20:44:31.0206 4324 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
20:44:31.0206 4324 adp94xx - ok
20:44:31.0471 4324 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
20:44:31.0487 4324 adpahci - ok
20:44:31.0659 4324 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
20:44:31.0659 4324 adpu160m - ok
20:44:31.0690 4324 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
20:44:31.0690 4324 adpu320 - ok
20:44:31.0861 4324 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
20:44:31.0861 4324 AeLookupSvc - ok
20:44:32.0080 4324 AESTFilters (9cac9e19d71e4af99920fcc3eca0e3f1) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe
20:44:32.0080 4324 AESTFilters - ok
20:44:32.0173 4324 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
20:44:32.0173 4324 AFD - ok
20:44:32.0329 4324 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
20:44:32.0329 4324 agp440 - ok
20:44:32.0345 4324 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
20:44:32.0345 4324 aic78xx - ok
20:44:32.0376 4324 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
20:44:32.0376 4324 ALG - ok
20:44:32.0423 4324 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
20:44:32.0423 4324 aliide - ok
20:44:32.0439 4324 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
20:44:32.0439 4324 amdide - ok
20:44:32.0454 4324 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
20:44:32.0454 4324 AmdK8 - ok
20:44:32.0579 4324 ApfiltrService (8c85c812569df851e7a2159147323dfa) C:\Windows\system32\DRIVERS\Apfiltr.sys
20:44:32.0579 4324 ApfiltrService - ok
20:44:32.0673 4324 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
20:44:32.0673 4324 Appinfo - ok
20:44:32.0829 4324 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:44:32.0829 4324 Apple Mobile Device - ok
20:44:32.0875 4324 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
20:44:32.0875 4324 arc - ok
20:44:32.0907 4324 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
20:44:32.0907 4324 arcsas - ok
20:44:33.0000 4324 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
20:44:33.0000 4324 AsyncMac - ok
20:44:33.0031 4324 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
20:44:33.0031 4324 atapi - ok
20:44:33.0109 4324 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
20:44:33.0109 4324 AudioEndpointBuilder - ok
20:44:33.0109 4324 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
20:44:33.0109 4324 AudioSrv - ok
20:44:33.0125 4324 Beep - ok
20:44:33.0265 4324 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
20:44:33.0281 4324 BFE - ok
20:44:33.0499 4324 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
20:44:33.0499 4324 BITS - ok
20:44:33.0577 4324 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
20:44:33.0577 4324 blbdrive - ok
20:44:33.0702 4324 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:44:33.0702 4324 Bonjour Service - ok
20:44:33.0765 4324 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
20:44:33.0765 4324 bowser - ok
20:44:33.0827 4324 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
20:44:33.0827 4324 BrFiltLo - ok
20:44:33.0843 4324 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
20:44:33.0843 4324 BrFiltUp - ok
20:44:33.0874 4324 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
20:44:33.0874 4324 Browser - ok
20:44:33.0921 4324 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
20:44:33.0921 4324 Brserid - ok
20:44:33.0967 4324 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
20:44:33.0967 4324 BrSerWdm - ok
20:44:33.0983 4324 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
20:44:33.0983 4324 BrUsbMdm - ok
20:44:33.0983 4324 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
20:44:33.0983 4324 BrUsbSer - ok
20:44:34.0061 4324 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
20:44:34.0061 4324 BTHMODEM - ok
20:44:34.0186 4324 catchme - ok
20:44:34.0326 4324 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
20:44:34.0326 4324 cdfs - ok
20:44:34.0420 4324 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
20:44:34.0420 4324 cdrom - ok
20:44:34.0467 4324 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
20:44:34.0467 4324 CertPropSvc - ok
20:44:34.0482 4324 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
20:44:34.0482 4324 circlass - ok
20:44:34.0529 4324 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
20:44:34.0545 4324 CLFS - ok
20:44:34.0701 4324 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:44:34.0701 4324 clr_optimization_v2.0.50727_32 - ok
20:44:34.0747 4324 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:44:34.0747 4324 clr_optimization_v2.0.50727_64 - ok
20:44:34.0857 4324 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:44:34.0857 4324 clr_optimization_v4.0.30319_32 - ok
20:44:35.0137 4324 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:44:35.0137 4324 clr_optimization_v4.0.30319_64 - ok
20:44:35.0200 4324 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
20:44:35.0200 4324 CmBatt - ok
20:44:35.0262 4324 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
20:44:35.0262 4324 cmdide - ok
20:44:35.0309 4324 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
20:44:35.0309 4324 Compbatt - ok
20:44:35.0325 4324 COMSysApp - ok
20:44:35.0356 4324 cpuz135 - ok
20:44:35.0371 4324 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
20:44:35.0371 4324 crcdisk - ok
20:44:35.0465 4324 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
20:44:35.0465 4324 CryptSvc - ok
20:44:35.0715 4324 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
20:44:35.0730 4324 DcomLaunch - ok
20:44:35.0777 4324 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
20:44:35.0777 4324 DfsC - ok
20:44:36.0713 4324 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
20:44:36.0744 4324 DFSR - ok
20:44:37.0181 4324 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
20:44:37.0181 4324 Dhcp - ok
20:44:37.0275 4324 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
20:44:37.0275 4324 disk - ok
20:44:37.0399 4324 dldtCATSCustConnectService (1e53c9d46995487dae3fa9f4236dcef1) C:\Windows\system32\spool\DRIVERS\x64\3\\dldtserv.exe
20:44:37.0399 4324 dldtCATSCustConnectService - ok
20:44:37.0399 4324 dldt_device - ok
20:44:37.0477 4324 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
20:44:37.0477 4324 Dnscache - ok
20:44:37.0805 4324 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
20:44:37.0805 4324 DockLoginService - ok
20:44:38.0023 4324 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
20:44:38.0023 4324 dot3svc - ok
20:44:38.0304 4324 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
20:44:38.0304 4324 DPS - ok
20:44:38.0382 4324 DragonSvc (bb45013a0e6ec0f39be4ef663ff2e993) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
20:44:38.0382 4324 DragonSvc - ok
20:44:38.0429 4324 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
20:44:38.0429 4324 drmkaud - ok
20:44:38.0803 4324 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
20:44:38.0803 4324 DXGKrnl - ok
20:44:38.0866 4324 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
20:44:38.0881 4324 e1express - ok
20:44:39.0646 4324 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
20:44:39.0646 4324 E1G60 - ok
20:44:39.0771 4324 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
20:44:39.0771 4324 EapHost - ok
20:44:39.0817 4324 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
20:44:39.0817 4324 Ecache - ok
20:44:40.0098 4324 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
20:44:40.0098 4324 ehRecvr - ok
20:44:40.0410 4324 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
20:44:40.0410 4324 ehSched - ok
20:44:40.0894 4324 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
20:44:40.0894 4324 ehstart - ok
20:44:40.0956 4324 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
20:44:40.0972 4324 elxstor - ok
20:44:41.0502 4324 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
20:44:41.0502 4324 EMDMgmt - ok
20:44:41.0596 4324 ErrDev (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys
20:44:41.0596 4324 ErrDev - ok
20:44:41.0674 4324 esgiguard - ok
20:44:41.0799 4324 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
20:44:41.0799 4324 EventSystem - ok
20:44:41.0861 4324 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
20:44:41.0861 4324 exfat - ok
20:44:41.0955 4324 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
20:44:41.0955 4324 fastfat - ok
20:44:42.0017 4324 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
20:44:42.0017 4324 fdc - ok
20:44:42.0064 4324 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
20:44:42.0064 4324 fdPHost - ok
20:44:42.0079 4324 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
20:44:42.0079 4324 FDResPub - ok
20:44:42.0095 4324 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
20:44:42.0095 4324 FileInfo - ok
20:44:42.0142 4324 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
20:44:42.0142 4324 Filetrace - ok
20:44:42.0157 4324 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:44:42.0157 4324 flpydisk - ok
20:44:42.0235 4324 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
20:44:42.0235 4324 FltMgr - ok
20:44:42.0594 4324 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
20:44:42.0594 4324 FontCache - ok
20:44:42.0703 4324 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:44:42.0703 4324 FontCache3.0.0.0 - ok
20:44:42.0766 4324 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
20:44:42.0766 4324 Fs_Rec - ok
20:44:42.0813 4324 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
20:44:42.0813 4324 gagp30kx - ok
20:44:42.0844 4324 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:44:42.0844 4324 GEARAspiWDM - ok
20:44:42.0984 4324 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
20:44:42.0984 4324 GoToAssist - ok
20:44:43.0156 4324 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
20:44:43.0156 4324 gpsvc - ok
20:44:43.0327 4324 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:44:43.0327 4324 gupdate - ok
20:44:43.0327 4324 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:44:43.0327 4324 gupdatem - ok
20:44:43.0577 4324 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:44:43.0577 4324 HDAudBus - ok
20:44:43.0624 4324 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
20:44:43.0624 4324 HidBth - ok
20:44:43.0639 4324 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
20:44:43.0639 4324 HidIr - ok
20:44:43.0671 4324 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
20:44:43.0671 4324 hidserv - ok
20:44:43.0702 4324 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
20:44:43.0702 4324 HidUsb - ok
20:44:43.0717 4324 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
20:44:43.0733 4324 hkmsvc - ok
20:44:43.0780 4324 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
20:44:43.0780 4324 HpCISSs - ok
20:44:43.0858 4324 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
20:44:43.0858 4324 HTTP - ok
20:44:43.0889 4324 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
20:44:43.0889 4324 i2omp - ok
20:44:43.0905 4324 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
20:44:43.0905 4324 i8042prt - ok
20:44:43.0983 4324 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
20:44:43.0983 4324 iaStorV - ok
20:44:44.0232 4324 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:44:44.0232 4324 idsvc - ok
20:44:45.0543 4324 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:44:45.0636 4324 igfx - ok
20:44:45.0886 4324 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
20:44:45.0886 4324 iirsp - ok
20:44:45.0979 4324 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
20:44:45.0995 4324 IKEEXT - ok
20:44:46.0104 4324 IntcHdmiAddService (dea2ab452b4fa773187369c4b6517320) C:\Windows\system32\drivers\IntcHdmi.sys
20:44:46.0104 4324 IntcHdmiAddService - ok
20:44:46.0151 4324 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
20:44:46.0151 4324 intelide - ok
20:44:46.0198 4324 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
20:44:46.0198 4324 intelppm - ok
20:44:46.0229 4324 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
20:44:46.0229 4324 IPBusEnum - ok
20:44:46.0276 4324 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:44:46.0276 4324 IpFilterDriver - ok
20:44:46.0369 4324 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
20:44:46.0369 4324 iphlpsvc - ok
20:44:46.0369 4324 IpInIp - ok
20:44:46.0416 4324 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
20:44:46.0416 4324 IPMIDRV - ok
20:44:46.0432 4324 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
20:44:46.0447 4324 IPNAT - ok
20:44:46.0759 4324 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
20:44:46.0759 4324 iPod Service - ok
20:44:46.0853 4324 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
20:44:46.0869 4324 IRENUM - ok
20:44:46.0869 4324 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
20:44:46.0869 4324 isapnp - ok
20:44:46.0915 4324 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
20:44:46.0915 4324 iScsiPrt - ok
20:44:46.0931 4324 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
20:44:46.0931 4324 iteatapi - ok
20:44:46.0962 4324 itecir (e157d6b89d87a1b467ecdd66d280a1c2) C:\Windows\system32\DRIVERS\itecir.sys
20:44:46.0962 4324 itecir - ok
20:44:47.0056 4324 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
20:44:47.0056 4324 iteraid - ok
20:44:47.0165 4324 k57nd60a (2798447996feb5a58b584c8443acad02) C:\Windows\system32\DRIVERS\k57nd60a.sys
20:44:47.0165 4324 k57nd60a - ok
20:44:47.0290 4324 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
20:44:47.0290 4324 kbdclass - ok
20:44:47.0539 4324 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
20:44:47.0539 4324 kbdhid - ok
20:44:47.0586 4324 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
20:44:47.0586 4324 KeyIso - ok
20:44:47.0929 4324 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
20:44:47.0929 4324 KSecDD - ok
20:44:48.0070 4324 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
20:44:48.0070 4324 ksthunk - ok
20:44:48.0163 4324 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
20:44:48.0163 4324 KtmRm - ok
20:44:48.0304 4324 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
20:44:48.0304 4324 LanmanServer - ok
20:44:48.0616 4324 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
20:44:48.0616 4324 LanmanWorkstation - ok
20:44:48.0694 4324 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
20:44:48.0694 4324 lltdio - ok
20:44:48.0772 4324 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
20:44:48.0772 4324 lltdsvc - ok
20:44:48.0787 4324 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
20:44:48.0787 4324 lmhosts - ok
20:44:48.0819 4324 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
20:44:48.0819 4324 LSI_FC - ok
20:44:48.0850 4324 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
20:44:48.0865 4324 LSI_SAS - ok
20:44:48.0897 4324 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
20:44:48.0897 4324 LSI_SCSI - ok
20:44:48.0912 4324 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
20:44:48.0912 4324 luafv - ok
20:44:48.0959 4324 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
20:44:48.0959 4324 Mcx2Svc - ok
20:44:49.0162 4324 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
20:44:49.0162 4324 megasas - ok
20:44:49.0240 4324 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
20:44:49.0255 4324 MegaSR - ok
20:44:49.0552 4324 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
20:44:49.0552 4324 MMCSS - ok
20:44:49.0692 4324 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
20:44:49.0692 4324 Modem - ok
20:44:49.0708 4324 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
20:44:49.0708 4324 monitor - ok
20:44:49.0755 4324 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
20:44:49.0755 4324 mouclass - ok
20:44:49.0770 4324 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
20:44:49.0770 4324 mouhid - ok
20:44:49.0786 4324 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
20:44:49.0786 4324 MountMgr - ok
20:44:49.0833 4324 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
20:44:49.0833 4324 mpio - ok
20:44:49.0879 4324 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
20:44:49.0879 4324 mpsdrv - ok
20:44:49.0957 4324 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
20:44:49.0973 4324 MpsSvc - ok
20:44:50.0129 4324 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
20:44:50.0129 4324 Mraid35x - ok
20:44:50.0191 4324 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
20:44:50.0191 4324 MRxDAV - ok
20:44:50.0238 4324 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:44:50.0254 4324 mrxsmb - ok
20:44:50.0316 4324 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:44:50.0332 4324 mrxsmb10 - ok
20:44:50.0332 4324 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:44:50.0347 4324 mrxsmb20 - ok
20:44:50.0394 4324 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
20:44:50.0394 4324 msahci - ok
20:44:50.0441 4324 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
20:44:50.0441 4324 msdsm - ok
20:44:51.0970 4324 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
20:44:51.0970 4324 MSDTC - ok
20:44:52.0968 4324 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
20:44:52.0968 4324 Msfs - ok
20:44:52.0999 4324 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
20:44:52.0999 4324 msisadrv - ok
20:44:53.0031 4324 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
20:44:53.0031 4324 MSiSCSI - ok
20:44:53.0046 4324 msiserver - ok
20:44:53.0109 4324 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
20:44:53.0109 4324 MSKSSRV - ok
20:44:53.0140 4324 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
20:44:53.0140 4324 MSPCLOCK - ok
20:44:53.0140 4324 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
20:44:53.0140 4324 MSPQM - ok
20:44:53.0202 4324 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
20:44:53.0218 4324 MsRPC - ok
20:44:53.0233 4324 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
20:44:53.0233 4324 mssmbios - ok
20:44:53.0265 4324 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
20:44:53.0265 4324 MSTEE - ok
20:44:53.0327 4324 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
20:44:53.0327 4324 Mup - ok
20:44:53.0795 4324 NACAgent (83a04637c5404cc54564c9fecd907406) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
20:44:53.0795 4324 NACAgent - ok
20:44:53.0982 4324 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
20:44:53.0982 4324 napagent - ok
20:44:54.0060 4324 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
20:44:54.0060 4324 NativeWifiP - ok
20:44:54.0591 4324 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
20:44:54.0606 4324 NDIS - ok
20:44:54.0637 4324 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
20:44:54.0637 4324 NdisTapi - ok
20:44:54.0637 4324 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
20:44:54.0653 4324 Ndisuio - ok
20:44:54.0684 4324 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
20:44:54.0684 4324 NdisWan - ok
20:44:54.0731 4324 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
20:44:54.0731 4324 NDProxy - ok
20:44:54.0778 4324 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
20:44:54.0778 4324 NetBIOS - ok
20:44:54.0903 4324 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
20:44:54.0918 4324 netbt - ok
20:44:55.0012 4324 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
20:44:55.0012 4324 Netlogon - ok
20:44:55.0074 4324 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
20:44:55.0074 4324 Netman - ok
20:44:55.0293 4324 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
20:44:55.0293 4324 netprofm - ok
20:44:55.0386 4324 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:44:55.0402 4324 NetTcpPortSharing - ok
20:44:56.0275 4324 NETw5v64 (f17eda58c8c5b1a4f873b322729168ff) C:\Windows\system32\DRIVERS\NETw5v64.sys
20:44:56.0307 4324 NETw5v64 - ok
20:44:57.0383 4324 NETwNv64 (bac576b1be99efe5ef6a6228404cd1c4) C:\Windows\system32\DRIVERS\NETwNv64.sys
20:44:57.0430 4324 NETwNv64 - ok
20:44:57.0664 4324 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
20:44:57.0664 4324 nfrd960 - ok
20:44:57.0711 4324 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
20:44:57.0711 4324 NlaSvc - ok
20:44:57.0789 4324 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
20:44:57.0789 4324 Npfs - ok
20:44:57.0804 4324 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
20:44:57.0804 4324 nsi - ok
20:44:57.0804 4324 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
20:44:57.0804 4324 nsiproxy - ok
20:44:58.0054 4324 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
20:44:58.0069 4324 Ntfs - ok
20:44:58.0257 4324 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
20:44:58.0257 4324 Null - ok
20:44:58.0272 4324 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
20:44:58.0272 4324 nvraid - ok
20:44:58.0319 4324 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
20:44:58.0319 4324 nvstor - ok
20:44:58.0350 4324 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
20:44:58.0350 4324 nv_agp - ok
20:44:58.0366 4324 NwlnkFlt - ok
20:44:58.0366 4324 NwlnkFwd - ok
20:44:58.0459 4324 OA001Ufd (404b0121ae1a75d9a63b6934eb07c258) C:\Windows\system32\DRIVERS\OA001Ufd.sys
20:44:58.0459 4324 OA001Ufd - ok
20:44:58.0522 4324 OA001Vid (4b69d156db42b26425ab3b172fa50d92) C:\Windows\system32\DRIVERS\OA001Vid.sys
20:44:58.0522 4324 OA001Vid - ok
20:44:58.0740 4324 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:44:58.0740 4324 odserv - ok
20:44:58.0834 4324 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
20:44:58.0834 4324 ohci1394 - ok
20:44:58.0943 4324 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:44:58.0943 4324 ose - ok
20:44:59.0115 4324 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
20:44:59.0115 4324 p2pimsvc - ok
20:44:59.0130 4324 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
20:44:59.0146 4324 p2psvc - ok
20:44:59.0177 4324 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
20:44:59.0177 4324 Parport - ok
20:44:59.0286 4324 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
20:44:59.0286 4324 partmgr - ok
20:44:59.0317 4324 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
20:44:59.0317 4324 PcaSvc - ok
20:44:59.0317 4324 PCD5SRVC{048DBD20-445E8C82-05040104} - ok
20:44:59.0395 4324 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
20:44:59.0411 4324 pci - ok
20:44:59.0427 4324 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
20:44:59.0427 4324 pciide - ok
20:44:59.0473 4324 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
20:44:59.0473 4324 pcmcia - ok
20:44:59.0567 4324 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
20:44:59.0567 4324 PEAUTH - ok
20:44:59.0754 4324 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
20:44:59.0754 4324 PerfHost - ok
20:44:59.0957 4324 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
20:44:59.0973 4324 pla - ok
20:45:00.0113 4324 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
20:45:00.0129 4324 PlugPlay - ok
20:45:00.0253 4324 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
20:45:00.0253 4324 PNRPAutoReg - ok
20:45:00.0269 4324 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
20:45:00.0285 4324 PNRPsvc - ok
20:45:00.0472 4324 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
20:45:00.0472 4324 PolicyAgent - ok
20:45:00.0893 4324 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
20:45:00.0893 4324 PptpMiniport - ok
20:45:00.0909 4324 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
20:45:00.0909 4324 Processor - ok
20:45:01.0080 4324 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
20:45:01.0080 4324 ProfSvc - ok
20:45:01.0127 4324 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
20:45:01.0127 4324 ProtectedStorage - ok
20:45:01.0236 4324 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
20:45:01.0236 4324 PSched - ok
20:45:01.0283 4324 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
20:45:01.0283 4324 PxHlpa64 - ok
20:45:01.0533 4324 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
20:45:01.0533 4324 ql2300 - ok
20:45:01.0595 4324 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
20:45:01.0595 4324 ql40xx - ok
20:45:01.0657 4324 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
20:45:01.0657 4324 QWAVE - ok
20:45:01.0735 4324 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
20:45:01.0735 4324 QWAVEdrv - ok
20:45:02.0032 4324 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
20:45:02.0047 4324 R300 - ok
20:45:02.0250 4324 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
20:45:02.0250 4324 RasAcd - ok
20:45:02.0313 4324 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
20:45:02.0313 4324 RasAuto - ok
20:45:02.0500 4324 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:45:02.0500 4324 Rasl2tp - ok
20:45:02.0593 4324 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
20:45:02.0593 4324 RasMan - ok
20:45:02.0656 4324 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
20:45:02.0656 4324 RasPppoe - ok
20:45:02.0687 4324 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
20:45:02.0687 4324 RasSstp - ok
20:45:02.0781 4324 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
20:45:02.0781 4324 rdbss - ok
20:45:02.0812 4324 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:45:02.0812 4324 RDPCDD - ok
20:45:02.0859 4324 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
20:45:02.0859 4324 rdpdr - ok
20:45:02.0874 4324 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
20:45:02.0874 4324 RDPENCDD - ok
20:45:02.0937 4324 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
20:45:02.0937 4324 RDPWD - ok
20:45:02.0968 4324 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
20:45:02.0968 4324 RemoteAccess - ok
20:45:03.0093 4324 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
20:45:03.0093 4324 RemoteRegistry - ok
20:45:03.0171 4324 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
20:45:03.0171 4324 rimmptsk - ok
20:45:03.0186 4324 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
20:45:03.0186 4324 rimsptsk - ok
20:45:03.0202 4324 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
20:45:03.0202 4324 rismxdp - ok
20:45:03.0264 4324 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
20:45:03.0264 4324 RpcLocator - ok
20:45:03.0670 4324 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
20:45:03.0670 4324 RpcSs - ok
20:45:03.0717 4324 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
20:45:03.0717 4324 rspndr - ok
20:45:03.0748 4324 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
20:45:03.0763 4324 SamSs - ok
20:45:03.0779 4324 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
20:45:03.0779 4324 sbp2port - ok
20:45:03.0841 4324 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
20:45:03.0841 4324 SCardSvr - ok
20:45:04.0013 4324 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
20:45:04.0029 4324 Schedule - ok
20:45:04.0107 4324 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
20:45:04.0107 4324 SCPolicySvc - ok
20:45:04.0153 4324 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
20:45:04.0153 4324 sdbus - ok
20:45:04.0231 4324 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
20:45:04.0231 4324 SDRSVC - ok
20:45:04.0309 4324 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:45:04.0309 4324 secdrv - ok
20:45:04.0309 4324 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
20:45:04.0309 4324 seclogon - ok
20:45:04.0341 4324 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
20:45:04.0341 4324 SENS - ok
20:45:04.0387 4324 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
20:45:04.0403 4324 Serenum - ok
20:45:04.0497 4324 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
20:45:04.0497 4324 Serial - ok
20:45:04.0528 4324 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
20:45:04.0528 4324 sermouse - ok
20:45:04.0621 4324 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
20:45:04.0621 4324 SessionEnv - ok
20:45:05.0152 4324 SfCtlCom (52c525bf4d78125a5064d0d1705f04b6) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
20:45:05.0167 4324 SfCtlCom - ok
20:45:06.0135 4324 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
20:45:06.0135 4324 sffdisk - ok
20:45:06.0166 4324 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
20:45:06.0166 4324 sffp_mmc - ok
20:45:06.0181 4324 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
20:45:06.0181 4324 sffp_sd - ok
20:45:07.0164 4324 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
20:45:07.0164 4324 sfloppy - ok
20:45:07.0195 4324 SftService - ok
20:45:07.0585 4324 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
20:45:07.0601 4324 SharedAccess - ok
20:45:07.0695 4324 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
20:45:07.0710 4324 ShellHWDetection - ok
20:45:07.0741 4324 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
20:45:07.0741 4324 SiSRaid2 - ok
20:45:07.0773 4324 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
20:45:07.0773 4324 SiSRaid4 - ok
20:45:08.0287 4324 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
20:45:08.0303 4324 slsvc - ok
20:45:08.0443 4324 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
20:45:08.0443 4324 SLUINotify - ok
20:45:08.0537 4324 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
20:45:08.0537 4324 Smb - ok
20:45:08.0802 4324 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
20:45:08.0802 4324 SNMPTRAP - ok
20:45:08.0927 4324 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
20:45:08.0927 4324 spldr - ok
20:45:08.0974 4324 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
20:45:08.0974 4324 Spooler - ok
20:45:09.0083 4324 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
20:45:09.0083 4324 srv - ok
20:45:09.0145 4324 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
20:45:09.0145 4324 srv2 - ok
20:45:09.0223 4324 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
20:45:09.0223 4324 srvnet - ok
20:45:09.0286 4324 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
20:45:09.0286 4324 SSDPSRV - ok
20:45:09.0317 4324 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
20:45:09.0317 4324 SstpSvc - ok
20:45:09.0473 4324 STacSV (2080477f89f82fbd12436bf9770e29a1) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe
20:45:09.0473 4324 STacSV - ok
20:45:09.0754 4324 STHDA (3281204b2e6049100d0ff04270c2aea5) C:\Windows\system32\DRIVERS\stwrt64.sys
20:45:09.0769 4324 STHDA - ok
20:45:09.0847 4324 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
20:45:09.0847 4324 stisvc - ok
20:45:09.0988 4324 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
20:45:09.0988 4324 stllssvr - ok
20:45:10.0066 4324 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
20:45:10.0066 4324 swenum - ok
20:45:10.0144 4324 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
20:45:10.0144 4324 swprv - ok
20:45:10.0175 4324 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
20:45:10.0175 4324 Symc8xx - ok
20:45:10.0191 4324 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
20:45:10.0191 4324 Sym_hi - ok
20:45:10.0206 4324 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
20:45:10.0206 4324 Sym_u3 - ok
20:45:10.0471 4324 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
20:45:10.0487 4324 SysMain - ok
20:45:10.0627 4324 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
20:45:10.0627 4324 TabletInputService - ok
20:45:10.0721 4324 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
20:45:10.0721 4324 TapiSrv - ok
20:45:10.0783 4324 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
20:45:10.0799 4324 TBS - ok
20:45:11.0111 4324 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
20:45:11.0127 4324 Tcpip - ok
20:45:11.0797 4324 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
20:45:11.0813 4324 Tcpip6 - ok
20:45:12.0484 4324 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
20:45:12.0484 4324 tcpipreg - ok
20:45:12.0687 4324 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
20:45:12.0687 4324 TDPIPE - ok
20:45:12.0702 4324 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
20:45:12.0702 4324 TDTCP - ok
20:45:12.0780 4324 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
20:45:12.0780 4324 tdx - ok
20:45:12.0874 4324 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
20:45:12.0874 4324 TermDD - ok
20:45:13.0030 4324 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
20:45:13.0045 4324 TermService - ok
20:45:13.0233 4324 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
20:45:13.0233 4324 Themes - ok
20:45:13.0264 4324 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
20:45:13.0264 4324 THREADORDER - ok
20:45:13.0576 4324 TMBMServer (963c903e5176c5cdcae321d48635b21f) C:\Program Files\Trend Micro\BM\TMBMSRV.exe
20:45:13.0576 4324 TMBMServer - ok
20:45:13.0732 4324 tmlwf (35a6aeb61c7cf21b10cc05bda47339b5) C:\Windows\system32\DRIVERS\tmlwf.sys
20:45:13.0732 4324 tmlwf - ok
20:45:14.0215 4324 TmPfw (c52867f238ef1aafcd35f8d134b8ab10) C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
20:45:14.0231 4324 TmPfw - ok
20:45:14.0278 4324 tmpreflt (1889f49a828b1cf0e2866cdd325875b0) C:\Windows\system32\DRIVERS\tmpreflt.sys
20:45:14.0278 4324 tmpreflt - ok
20:45:15.0323 4324 TmProxy (3ae913b4fbf06ee49831ff9db2330830) C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
20:45:15.0323 4324 TmProxy - ok
20:45:15.0385 4324 tmtdi (21cc12b7f8b44e91d03ead5b17aaf0b2) C:\Windows\system32\DRIVERS\tmtdi.sys
20:45:15.0385 4324 tmtdi - ok
20:45:15.0448 4324 tmwfp (a4670e50c15d7bce7226e4b62700df09) C:\Windows\system32\DRIVERS\tmwfp.sys
20:45:15.0448 4324 tmwfp - ok
20:45:15.0510 4324 tmxpflt (8b97ba7e28bd39a2bc4a2bb66a83fec0) C:\Windows\system32\DRIVERS\tmxpflt.sys
20:45:15.0510 4324 tmxpflt - ok
20:45:15.0651 4324 TomTomHOMEService (f32e7cd2339c66760aa5178924b21e6b) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
20:45:15.0651 4324 TomTomHOMEService - ok
20:45:15.0729 4324 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
20:45:15.0744 4324 TrkWks - ok
20:45:15.0885 4324 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
20:45:15.0885 4324 TrustedInstaller - ok
20:45:15.0931 4324 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:45:15.0931 4324 tssecsrv - ok
20:45:15.0947 4324 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
20:45:15.0947 4324 tunmp - ok
20:45:16.0009 4324 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
20:45:16.0009 4324 tunnel - ok
20:45:16.0025 4324 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
20:45:16.0025 4324 uagp35 - ok
20:45:16.0087 4324 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
20:45:16.0087 4324 udfs - ok
20:45:16.0150 4324 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
20:45:16.0150 4324 UI0Detect - ok
20:45:16.0165 4324 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
20:45:16.0181 4324 uliagpkx - ok
20:45:16.0243 4324 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
20:45:16.0243 4324 uliahci - ok
20:45:16.0290 4324 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
20:45:16.0290 4324 UlSata - ok
20:45:16.0337 4324 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
20:45:16.0337 4324 ulsata2 - ok
20:45:16.0384 4324 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
20:45:16.0384 4324 umbus - ok
20:45:16.0399 4324 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys
20:45:16.0399 4324 UMPass - ok
20:45:16.0446 4324 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
20:45:16.0446 4324 upnphost - ok
20:45:16.0509 4324 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
20:45:16.0509 4324 USBAAPL64 - ok
20:45:16.0555 4324 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
20:45:16.0555 4324 usbccgp - ok
20:45:16.0602 4324 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
20:45:16.0602 4324 usbcir - ok
20:45:16.0665 4324 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
20:45:16.0665 4324 usbehci - ok
20:45:16.0743 4324 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
20:45:16.0743 4324 usbhub - ok
20:45:16.0774 4324 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
20:45:16.0789 4324 usbohci - ok
20:45:16.0821 4324 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
20:45:16.0821 4324 usbprint - ok
20:45:16.0867 4324 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
20:45:16.0867 4324 usbscan - ok
20:45:16.0899 4324 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:45:16.0899 4324 USBSTOR - ok
20:45:17.0023 4324 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
20:45:17.0023 4324 usbuhci - ok
20:45:17.0070 4324 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
20:45:17.0070 4324 UxSms - ok
20:45:17.0148 4324 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
20:45:17.0148 4324 vds - ok
20:45:17.0195 4324 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
20:45:17.0195 4324 vga - ok
20:45:17.0257 4324 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
20:45:17.0273 4324 VgaSave - ok
20:45:17.0273 4324 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
20:45:17.0273 4324 viaide - ok
20:45:17.0320 4324 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
20:45:17.0320 4324 volmgr - ok
20:45:17.0476 4324 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
20:45:17.0476 4324 volmgrx - ok
20:45:17.0569 4324 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
20:45:17.0569 4324 volsnap - ok
20:45:17.0835 4324 vsapint (3a5862d9a4fe4bbb2ffa1700e2b21b9b) C:\Windows\system32\DRIVERS\vsapint.sys
20:45:17.0850 4324 vsapint - ok
20:45:18.0084 4324 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
20:45:18.0084 4324 vsmraid - ok
20:45:18.0256 4324 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
20:45:18.0271 4324 VSS - ok
20:45:18.0505 4324 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
20:45:18.0521 4324 W32Time - ok
20:45:18.0630 4324 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
20:45:18.0630 4324 WacomPen - ok
20:45:18.0833 4324 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
20:45:18.0833 4324 Wanarp - ok
20:45:18.0849 4324 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
20:45:18.0849 4324 Wanarpv6 - ok
20:45:18.0927 4324 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
20:45:18.0942 4324 wcncsvc - ok
20:45:19.0005 4324 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
20:45:19.0005 4324 WcsPlugInService - ok
20:45:19.0098 4324 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
20:45:19.0098 4324 Wd - ok
20:45:19.0270 4324 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
20:45:19.0270 4324 Wdf01000 - ok
20:45:19.0317 4324 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
20:45:19.0317 4324 WdiServiceHost - ok
20:45:19.0317 4324 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
20:45:19.0317 4324 WdiSystemHost - ok
20:45:19.0395 4324 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
20:45:19.0395 4324 WebClient - ok
20:45:19.0519 4324 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
20:45:19.0519 4324 Wecsvc - ok
20:45:19.0566 4324 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
20:45:19.0566 4324 wercplsupport - ok
20:45:19.0597 4324 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
20:45:19.0597 4324 WerSvc - ok
20:45:19.0644 4324 WinDefend - ok
20:45:19.0660 4324 WinHttpAutoProxySvc - ok
20:45:19.0769 4324 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
20:45:19.0769 4324 Winmgmt - ok
20:45:20.0221 4324 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
20:45:20.0237 4324 WinRM - ok
20:45:20.0689 4324 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
20:45:20.0689 4324 Wlansvc - ok
20:45:21.0126 4324 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:45:21.0142 4324 wlidsvc - ok
20:45:21.0438 4324 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:45:21.0438 4324 WmiAcpi - ok
20:45:21.0875 4324 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
20:45:21.0875 4324 wmiApSrv - ok
20:45:22.0000 4324 WMPNetworkSvc - ok
20:45:22.0062 4324 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
20:45:22.0078 4324 WPCSvc - ok
20:45:22.0140 4324 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
20:45:22.0140 4324 WPDBusEnum - ok
20:45:22.0405 4324 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:45:22.0421 4324 WPFFontCache_v0400 - ok
20:45:22.0515 4324 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
20:45:22.0515 4324 ws2ifsl - ok
20:45:22.0608 4324 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
20:45:22.0608 4324 wscsvc - ok
20:45:22.0624 4324 WSearch - ok
20:45:23.0061 4324 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
20:45:23.0092 4324 wuauserv - ok
20:45:23.0466 4324 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:45:23.0466 4324 WUDFRd - ok
20:45:23.0778 4324 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
20:45:23.0778 4324 wudfsvc - ok
20:45:23.0841 4324 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:45:24.0496 4324 \Device\Harddisk0\DR0 - ok
20:45:24.0527 4324 Boot (0x1200) (8143f2fb0032c3d047361fc73159fc04) \Device\Harddisk0\DR0\Partition0
20:45:24.0527 4324 \Device\Harddisk0\DR0\Partition0 - ok
20:45:24.0589 4324 Boot (0x1200) (1bc297e59c978e51db00d920c84917cc) \Device\Harddisk0\DR0\Partition1
20:45:24.0589 4324 \Device\Harddisk0\DR0\Partition1 - ok
20:45:24.0589 4324 ============================================================
20:45:24.0589 4324 Scan finished
20:45:24.0589 4324 ============================================================
20:45:24.0605 4860 Detected object count: 0
20:45:24.0605 4860 Actual detected object count: 0

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:15 AM

Posted 09 June 2012 - 08:29 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\users\Chris\AppData\Roaming\SpeedyPC Software
c:\users\Chris\AppData\Roaming\DriverCure
c:\programdata\SpeedyPC Software

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Dracule

Dracule
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 09 June 2012 - 09:53 PM

Greetings,

Here is the report from Combo Log.

ComboFix 12-06-09.02 - Chris 06/09/2012 22:05:10.3.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4054.2181 [GMT -4:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
Command switches used :: c:\users\Chris\Desktop\CFScript.txt
AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SpeedyPC Software
c:\users\Chris\AppData\Roaming\DriverCure
c:\users\Chris\AppData\Roaming\DriverCure\LogFile.txt
c:\users\Chris\AppData\Roaming\SpeedyPC Software
.
.
((((((((((((((((((((((((( Files Created from 2012-05-10 to 2012-06-10 )))))))))))))))))))))))))))))))
.
.
2012-06-10 02:13 . 2012-06-10 02:13 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
2012-06-10 02:13 . 2012-06-10 02:13 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-06-10 02:13 . 2012-06-10 02:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-31 01:07 . 2012-05-31 01:07 -------- d-----w- c:\programdata\HitmanPro
2012-05-28 21:05 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-05-28 21:05 . 2008-04-17 16:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-05-28 21:05 . 2008-04-17 16:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-05-28 21:04 . 2012-05-28 21:04 -------- d-----w- c:\program files\iPod
2012-05-28 21:04 . 2012-05-28 21:05 -------- d-----w- c:\program files\iTunes
2012-05-24 17:56 . 2012-05-24 21:31 -------- d-----w- C:\sh4ldr
2012-05-24 17:56 . 2012-05-24 17:56 -------- d-----w- c:\program files\Enigma Software Group
2012-05-24 17:56 . 2012-05-24 21:31 -------- d-----w- c:\windows\82478B3DFD8E450182AC6C864BD60483.TMP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 00:25 . 2012-04-14 00:24 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-06 00:25 . 2011-06-01 18:11 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-06 00:25 . 2012-05-06 00:25 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-04 19:56 . 2010-04-28 15:17 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 08:22 . 2012-05-09 20:45 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 13:59 . 2012-05-09 20:45 2766848 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 12:45 . 2012-05-09 20:46 1423744 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-20 23:34 . 2012-05-09 20:45 72576 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-01_07.14.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:23 . 2012-06-10 02:16 91810 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-06-10 02:16 88450 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-05-28 01:50 . 2012-06-10 02:16 24712 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2165328798-1726097458-2915134791-1000_UserData.bin
- 2009-05-28 01:52 . 2012-06-01 02:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-05-28 01:52 . 2012-06-09 18:28 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-05-28 01:52 . 2012-06-01 02:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-28 01:52 . 2012-06-09 18:28 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-28 01:52 . 2012-06-01 02:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-05-28 01:52 . 2012-06-09 18:28 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-06-18 05:40 . 2012-05-25 07:14 3454 c:\windows\system32\WDI\ERCQueuedResolutions.dat
+ 2009-06-18 05:40 . 2012-06-07 19:21 3454 c:\windows\system32\WDI\ERCQueuedResolutions.dat
- 2012-06-01 07:11 . 2012-06-01 07:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-10 02:14 . 2012-06-10 02:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-01 07:11 . 2012-06-01 07:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-10 02:14 . 2012-06-10 02:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-28 22:48 . 2012-06-08 06:13 258684 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 15:21 . 2012-06-01 17:51 232640 c:\windows\system32\FNTCACHE.DAT
+ 2011-02-11 09:29 . 2012-06-10 02:14 210400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-10-29 00:03 . 2012-06-08 06:14 976532 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2165328798-1726097458-2915134791-1000-12288.dat
- 2006-11-02 15:22 . 2011-02-10 20:04 4537166 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2006-11-02 15:22 . 2012-06-01 09:10 4537166 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2011-10-29 00:03 . 2012-06-10 02:14 7461024 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2165328798-1726097458-2915134791-1000-8192.dat
- 2006-11-02 12:33 . 2012-05-10 19:17 11272192 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2006-11-02 12:33 . 2012-06-04 21:47 11272192 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2010-06-24 247144]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-07-23 222496]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-02-19 438403]
"PCMService"="c:\program files (x86)\Dell\MediaDirect\PCMService.exe" [2008-07-04 132392]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Absolute Notifier"="c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2010-10-08 86184]
"CarboniteSetupLite"="c:\program files (x86)\Carbonite\CarbonitePreinstaller.exe" [2010-11-21 283792]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]
"NACAgentUI"="c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2012-04-16 593848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-12-4 0]
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-31 1995344]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
S2 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-08 10408]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 00:25]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-06 02:35]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-06 02:35]
.
2012-06-10 c:\windows\Tasks\User_Feed_Synchronization-{17144D44-60FC-4DF7-A29D-65516267550E}.job
- c:\windows\system32\msfeedssync.exe [2011-10-28 17:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-08-25 272896]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"dldtmon.exe"="c:\program files (x86)\Dell V305\dldtmon.exe" [2008-06-24 668912]
"dldtamon"="c:\program files (x86)\Dell V305\dldtamon.exe" [2008-06-24 16624]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1023416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://search.myheritage.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: marshall.edu\certificates
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {76CBDDBA-3897-4EAC-A1D3-CCC47DE82EFB} - hxxps://munacsri.marshall.edu/auth/taweb.cab
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxps://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} - hxxps://munacsri.marshall.edu/auth/CCALogin.CAB
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{048DBD20-445E8C82-05040104}]
"ImagePath"="\??\c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2165328798-1726097458-2915134791-1000\Software\SecuROM\License information*]
"datasecu"=hex:39,61,2c,72,7f,1a,b8,c6,f2,40,e7,93,8b,d8,ec,3a,95,0e,0d,8e,6b,
06,1e,22,13,40,23,41,b5,4b,a2,88,9b,83,56,a8,da,10,69,ec,44,e8,8a,9c,5b,31,\
"rkeysecu"=hex:e9,4e,a2,c9,da,49,8d,bb,33,f7,95,aa,93,8c,f3,7b
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Nuance\dgnsvc.exe
c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe
c:\program files (x86)\IObit\Game Booster 3\gbtray.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
.
**************************************************************************
.
Completion time: 2012-06-09 22:24:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-10 02:24
ComboFix2.txt 2012-06-09 07:23
ComboFix3.txt 2012-06-01 07:38
.
Pre-Run: 154,399,293,440 bytes free
Post-Run: 154,490,941,440 bytes free
.
- - End Of File - - B6284A5B1B6A9237A27CCE2DBCA7FE3E

The entire process went smoothly with no problems. In addition, after 20 minutes of random internet searches there has not been one redirect case. PC speed has also been increased to its normal levels. If it begins redirecting again I will report on it as soon as possible.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:15 AM

Posted 09 June 2012 - 10:09 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.4.6
Bing Rewards Client Installer
Java™ 6 Update 29
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Dracule

Dracule
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 10 June 2012 - 03:59 PM

Greetings,

I had no problems running the programs you requested.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.10.08

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Chris :: CHRIS-LAPTOP [administrator]

6/10/2012 4:34:46 PM
mbam-log-2012-06-10 (16-34-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 247321
Time elapsed: 6 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:53:26 PM, on 6/10/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe
C:\Program Files (x86)\Dell V305\dldtmon.exe
C:\Program Files (x86)\Dell V305\dldtMsdMon.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\IObit\Game Booster 3\GameBooster.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [PCMService] "C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini
O4 - HKLM\..\Run: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: CurseClientStartup.ccip
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cab
O16 - DPF: {76CBDDBA-3897-4EAC-A1D3-CCC47DE82EFB} (Cisco NAC Web Agent Control) - https://munacsri.marshall.edu/auth/taweb.cab
O16 - DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} (20-20 3D Viewer for WEB) - https://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
O16 - DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} (CCAWebLogin Control) - https://munacsri.marshall.edu/auth/CCALogin.CAB
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.13.0.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - http://clients.futuremark.com/calico/systeminfodeploy/FMSI_v410.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: dldtCATSCustConnectService - Unknown owner - C:\Windows\system32\spool\DRIVERS\x64\3\\dldtserv.exe
O23 - Service: dldt_device - - C:\Windows\system32\dldtcoms.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Cisco NAC Agent (NACAgent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SoftThinks Agent Service (SftService) - Unknown owner - C:\Windows\sminst\sftservice.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12320 bytes


The computer seems to be operating very well. Speed is much improved and there still has yet to be a single redirect. Internet is running faster than it has in a long time.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:15 AM

Posted 10 June 2012 - 04:01 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
      O4 - HKLM\..\Run: [PCMService] "C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe"
      O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
      O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
      O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
      O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
      O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
      O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Dracule

Dracule
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 10 June 2012 - 09:52 PM

I am having problems with the Eset online scanner. Right after I accept the Terms of Service and attempt to start the scan, I get an "Internet Explorer has stopped working" message. The page then automatically closes. I have made several attempts at this at different times with the same result. Any idea what is causing it?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users