Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

From SMART to hijacked and beyond


  • This topic is locked This topic is locked
27 replies to this topic

#1 imacasey

imacasey

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 22 June 2012 - 09:47 PM

My short story is that Monday I was visciously attacked by the SMART virus. In searching for cures I found this site and attempted to follow directions (using my smart phone for instructions) to rid it from my Win7(64bit) laptop.
I was able to get past the SMART beast(thank you), but now have the re-direct with a phantom that seems to be running IE(complete with songs and commercials) in a background.
The re-direct keeps sending me to Infomash.
Tdsskiller only loads when I have the computer in virtual XP mode... and doesn't see any problems. HA.
MBAM isn't seeing a problem either and AVAST sees the problem(MBR:\\.\PHYSICALDRIVE0\PARTITION4 - threat: MBR:Alureon-K(Rtk), but gives an error message when I ask it to destroy - ERROR: the remote procedure call failed (1726)


I hope I haven't screwed up things too badly.

all help is appreciated. I am resisting the suggestion by friends and fam that I format C. :(

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:39 PM

Posted 23 June 2012 - 11:27 PM

Greetings and Welcome to The Forums!!


My name is Gringo and I'll be glad to help you with your computer problems.

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

AV: avast! Antivirus
AV: Trend Micro Client/Server Security Agent Antivirus
AV: Microsoft Security Essentials


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 imacasey

imacasey
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 24 June 2012 - 12:30 AM

Phase One - check up:
Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Trend Micro Client/Server Security Agent Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 29
Java version out of Date!
````````Process Check: objlist.exe by Laurent````````
Trend Micro OfficeScan Client pccntmon.exe
Trend Micro Client Server Security Agent ntrtscan.exe
Trend Micro Client Server Security Agent HostedAgent svcGenericHost.exe
Trend Micro Client Server Security Agent tmlisten.exe
Trend Micro Client Server Security Agent HostedAgent HostedAgent.exe
Trend Micro BM TMBMSRV.exe
Trend Micro Client Server Security Agent TmProxy.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


on to phase two

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:39 PM

Posted 24 June 2012 - 12:39 AM

OK I will be around for the next report


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 imacasey

imacasey
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 24 June 2012 - 09:31 AM

You may have been around - but Combofix took over 2 hours to run and produce a report - and I crashed. LOL After 2 hours I fell asleep and left the computer to do its thing. I awoke to this report this morning. I have not turned off the computer, but just restarting my browser was much quicker - and I haven't heard any commercials in the background. It sounds like progress to me. Many thanks.
I await further instructions.


ComboFix 12-06-23.06 - newbie 06/24/2012 1:43.3.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6038.3816 [GMT -4:00]
Running from: c:\users\newbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6FHJ2UD1\ComboFix.exe
AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-05-24 to 2012-06-24 )))))))))))))))))))))))))))))))
.
.
2012-06-24 06:25 . 2012-06-24 06:25 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2012-06-24 06:25 . 2012-06-24 06:25 -------- d-----w- c:\users\TEMP.newbie-PC\AppData\Local\temp
2012-06-24 06:25 . 2012-06-24 06:25 -------- d-----w- c:\users\TEMP.newbie-PC.000\AppData\Local\temp
2012-06-24 06:25 . 2012-06-24 06:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-22 01:11 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 01:11 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 01:11 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 01:11 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 01:11 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 01:11 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 01:11 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 01:10 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 01:10 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 03:28 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-21 03:27 . 2012-06-24 05:17 -------- d-----w- c:\programdata\AVAST Software
2012-06-21 03:27 . 2012-06-21 03:27 -------- d-----w- c:\program files\AVAST Software
2012-06-21 01:57 . 2012-06-21 01:57 388096 ----a-r- c:\users\newbie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-21 01:36 . 2012-06-21 01:57 -------- d-----w- C:\HJT
2012-06-20 20:27 . 2012-06-20 20:27 -------- d-----w- c:\users\newbie\AppData\Roaming\SUPERAntiSpyware.com
2012-06-20 20:25 . 2012-06-20 20:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-20 20:25 . 2012-06-20 20:25 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-20 12:28 . 2012-06-20 12:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-20 12:24 . 2012-06-20 12:24 -------- d-----w- c:\programdata\Kaspersky Lab
2012-06-20 02:34 . 2012-06-20 02:34 116016 ----a-w- c:\windows\system32\drivers\59777965.sys
2012-06-19 20:28 . 2012-06-20 01:14 -------- d--h--w- c:\users\newbie\AppData\Roaming\C0F9A702
2012-06-19 18:56 . 2012-06-20 02:51 -------- d-----w- c:\users\newbie\tdsskiller
2012-06-19 17:34 . 2012-06-20 01:52 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-06-19 17:34 . 2012-06-20 01:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-19 00:14 . 2012-06-19 00:14 -------- d-----w- c:\users\newbie\AppData\Roaming\Malwarebytes
2012-06-19 00:14 . 2012-06-19 00:14 -------- d-----w- c:\programdata\Malwarebytes
2012-06-18 23:10 . 2012-06-20 01:56 -------- d-----w- c:\program files (x86)\PC Tools
2012-06-18 23:08 . 2012-06-20 01:56 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-06-18 23:08 . 2012-05-11 15:14 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-06-18 23:08 . 2012-06-20 01:54 -------- d-----w- c:\programdata\PC Tools
2012-06-18 23:08 . 2012-06-18 23:08 -------- d-----w- c:\users\newbie\AppData\Roaming\TestApp
2012-06-18 12:07 . 2012-06-18 12:07 -------- d-----w- C:\SkyDriveTemp
2012-06-14 20:11 . 2012-06-24 05:34 -------- d-----r- c:\users\newbie\SkyDrive
2012-06-14 20:11 . 2012-06-14 20:11 -------- d-----w- c:\programdata\Microsoft SkyDrive
2012-06-14 13:25 . 2012-06-14 13:25 -------- d-----w- c:\users\newbie\AppData\Roaming\Epson
2012-06-13 20:45 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-07 12:29 . 2012-06-07 12:33 -------- d-----w- c:\users\TEMP.newbie-PC.001
2012-06-03 14:23 . 2012-06-03 14:23 -------- d-----w- c:\program files\Common Files\Intuit
2012-06-03 14:09 . 2012-06-03 14:09 -------- d-----w- c:\users\newbie\AppData\Local\Intuit
2012-06-03 06:15 . 2012-06-03 06:15 -------- d-----w- c:\program files (x86)\Common Files\supportsoft
2012-06-03 06:15 . 2009-01-20 18:33 3833856 ----a-w- c:\windows\SysWow64\cdintf300.dll
2012-06-03 06:08 . 2012-06-03 14:23 -------- d-----w- c:\programdata\SQL Anywhere 10
2012-06-03 06:08 . 2012-06-03 06:08 -------- d-----w- c:\programdata\COMMON FILES
2012-06-03 05:20 . 2012-06-03 05:20 -------- d-----w- c:\program files (x86)\1ClickDownload
2012-06-03 01:14 . 2005-08-23 16:54 1650688 ----a-w- c:\windows\SysWow64\cdintf250.dll
2012-06-03 01:10 . 2012-06-03 01:10 -------- d-----w- c:\program files (x86)\Common Files\AnswerWorks 4.0
2012-06-03 01:10 . 2012-06-03 13:52 -------- d-----w- c:\programdata\Intuit
2012-06-03 01:10 . 2012-06-03 06:13 -------- d-----w- c:\program files (x86)\Common Files\Intuit
2012-06-03 01:10 . 2012-06-03 01:10 -------- d-----w- c:\program files (x86)\Intuit
2012-06-03 00:48 . 2012-06-03 00:48 -------- d-----w- c:\windows\SysWow64\URTTEMP
2012-06-03 00:38 . 2012-06-03 00:38 -------- d-----w- c:\program files (x86)\Common Files\SWF Studio
2012-05-30 13:51 . 2012-05-30 13:51 25 ----a-w- c:\windows\wpd99.drv
2012-05-30 13:51 . 2012-05-30 13:51 -------- d-----w- c:\programdata\pdf995
2012-05-30 13:51 . 2012-05-30 13:51 40448 ----a-w- c:\windows\SysWow64\pdf995mon64.dll
2012-05-30 13:51 . 2012-04-26 19:51 40448 ----a-w- c:\windows\system32\pdf995mon64.dll
2012-05-30 13:51 . 2012-04-18 15:18 2266624 ----a-w- c:\windows\system32\pdfmona64.dll
2012-05-30 13:51 . 2005-06-30 19:29 11264 ----a-w- c:\windows\system32\pdf995mon64ui.dll
2012-05-30 13:51 . 2012-05-30 13:52 -------- d-----w- c:\program files (x86)\pdf995
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 16:53 . 2012-04-04 12:21 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-13 16:53 . 2011-11-28 08:00 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-22 12:44 . 2011-12-22 17:32 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-05-22 12:44 . 2011-12-22 17:32 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-05-22 12:44 . 2011-12-22 17:32 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-05-04 20:12 . 2012-05-04 20:12 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-03 18:48 . 2011-12-22 17:32 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2012-03-30 11:35 . 2012-05-09 17:56 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-19_15.41.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-19 18:50 . 2012-06-23 21:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2012-06-19 13:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-24 05:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-19 13:31 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-24 05:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-24 05:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-19 13:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-06-24 05:20 70354 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-24 05:20 47940 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-06 15:03 . 2012-06-24 03:44 14078 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3512381532-902576856-812421769-1001_UserData.bin
+ 2009-07-14 05:30 . 2012-06-21 03:40 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-03-27 14:08 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-06-21 03:40 . 2012-03-06 22:44 12368 c:\windows\system32\DriverStore\FileRepository\aswndispt.inf_amd64_neutral_f73b19d2ccf2ed02\aswNdis.sys
+ 2011-12-03 03:50 . 2012-06-24 05:17 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-03 03:50 . 2012-06-19 15:17 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-03 03:50 . 2012-06-24 05:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-03 03:50 . 2012-06-19 15:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-19 15:17 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-24 05:17 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-05 03:32 . 2012-06-20 01:27 3980 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-06-19 13:31 . 2012-06-19 13:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-24 05:17 . 2012-06-24 05:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-19 13:31 . 2012-06-19 13:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-24 05:17 . 2012-06-24 05:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-10 09:13 . 2012-06-20 17:06 221424 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-06-24 05:23 784926 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-24 05:23 161734 c:\windows\system32\perfc009.dat
- 2009-07-14 05:30 . 2012-03-27 14:08 239616 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-06-21 03:40 239616 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-06-21 03:40 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-03-27 14:05 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:12 . 2012-06-24 05:17 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2012-06-19 01:23 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:46 . 2012-06-22 13:26 106016 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 05:01 . 2012-06-24 05:16 594884 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-18 20:14 594884 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-12 16:16 . 2009-07-12 16:16 223232 c:\windows\Installer\4f8a69.msi
+ 2009-07-14 04:45 . 2012-06-22 11:12 7401416 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-06-14 01:07 7401416 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-11-28 08:28 . 2012-06-24 05:16 4948720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-11-28 08:28 . 2012-06-18 20:05 4948720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-06-21 01:37 . 2012-06-21 01:37 1402880 c:\windows\Installer\9bace.msi
+ 2009-07-14 02:34 . 2012-06-22 01:25 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-06-14 00:59 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-12-03 04:54 . 2012-06-24 05:16 34061676 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3512381532-902576856-812421769-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-06-14 20:11 208608 ----a-w- c:\users\newbie\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-06-14 20:11 208608 ----a-w- c:\users\newbie\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-06-14 20:11 208608 ----a-w- c:\users\newbie\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-03 39408]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"SkyDrive"="c:\users\newbie\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-06-14 296672]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" [2012-01-09 1712656]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Acrobat Assistant 7.0"="c:\progra~2\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-08-12 520330]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]
"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2010-10-26 139264]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-06-15 1532760]
.
c:\users\newbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2011-12-9 25214]
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Microtek Scanner Finder.lnk - c:\program files (x86)\Microtek\ScanWizard 5\ScannerFinder.exe [2012-3-21 339968]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-12-22 984936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 MpKsl709c81ec;MpKsl709c81ec;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{02A24B17-66ED-4F93-B0DF-8B4314E98C77}\MpKsl709c81ec.sys [x]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-05-19 995392]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-03-24 148360]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-03 136176]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-05-30 3048136]
R2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2011-07-12 342288]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2011-07-12 42768]
R3 38034240;38034240;c:\windows\system32\drivers\59777965.sys [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-05-19 1335360]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-03 136176]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [x]
R3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [2010-07-21 596032]
R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2012-04-26 918032]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-08 1166848]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-05-19 921664]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-05-22 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-09 144672]
S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2012-02-08 50704]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-10-07 3137840]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-03 04:29]
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-03 04:29]
.
2012-05-27 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-06-23 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-06-14 20:11 232672 ----a-w- c:\users\newbie\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-06-14 20:11 232672 ----a-w- c:\users\newbie\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-06-14 20:11 232672 ----a-w- c:\users\newbie\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-04-14 6629480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-05 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-05 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-05 416024]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-10-01 727664]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-19 10365952]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Convert link target to Adobe PDF - c:\progra~2\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\progra~2\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\progra~2\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\progra~2\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\progra~2\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\progra~2\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\progra~2\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\progra~2\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-24 02:48:35
ComboFix-quarantined-files.txt 2012-06-24 06:48
ComboFix2.txt 2012-06-19 16:10
.
Pre-Run: 107,356,409,856 bytes free
Post-Run: 109,105,967,104 bytes free
.
- - End Of File - - 668F624EE044BC653A25ECBBCBBB7DB4

#6 imacasey

imacasey
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 24 June 2012 - 09:39 AM

There was a pause for concern while running combofix - shortly after it started - I think there was a preparing to run statement - the screen changed and a completely different one and I got a windows type error message that said 'pev.3exe has stopped working correctly. Windows will close the program and notify you if a solution is found'. It had me going, but I did nothing. I had not had any open programs, other than the combofix. AND, while typing this message, I heard a commerical on the computer. :(

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:39 PM

Posted 24 June 2012 - 09:49 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 imacasey

imacasey
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 24 June 2012 - 10:34 PM

Downloaded to desktop, but it kept asking what program to use to open it. had downloaded as tdsskiller_exe. Renamed tdsskiller.exe, but still won't launch. Tried to run it as administrator, but it still won't run. I vaguely remember having the same problem very early on in my battle with SMART and had been able to get it to run in XP mode, but not in 7.
I also tried to download it again and run it from the download message, but it won't go.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:39 PM

Posted 24 June 2012 - 10:40 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 imacasey

imacasey
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 24 June 2012 - 10:50 PM

23:45:44.0341 4984 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
23:45:44.0918 4984 ============================================================
23:45:44.0918 4984 Current date / time: 2012/06/24 23:45:44.0918
23:45:44.0918 4984 SystemInfo:
23:45:44.0918 4984
23:45:44.0918 4984 OS Version: 6.1.7601 ServicePack: 1.0
23:45:44.0918 4984 Product type: Workstation
23:45:44.0918 4984 ComputerName: NEWBIE-PC
23:45:44.0918 4984 UserName: newbie
23:45:44.0918 4984 Windows directory: C:\Windows
23:45:44.0918 4984 System windows directory: C:\Windows
23:45:44.0918 4984 Running under WOW64
23:45:44.0918 4984 Processor architecture: Intel x64
23:45:44.0918 4984 Number of processors: 4
23:45:44.0918 4984 Page size: 0x1000
23:45:44.0918 4984 Boot type: Normal boot
23:45:44.0918 4984 ============================================================
23:45:48.0740 4984 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:45:48.0756 4984 ============================================================
23:45:48.0756 4984 \Device\Harddisk0\DR0:
23:45:48.0756 4984 MBR partitions:
23:45:48.0756 4984 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x34000, BlocksNum 0x2710000
23:45:48.0756 4984 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2744000, BlocksNum 0x22CE5AB0
23:45:48.0756 4984 ============================================================
23:45:48.0803 4984 C: <-> \Device\Harddisk0\DR0\Partition1
23:45:48.0803 4984 ============================================================
23:45:48.0803 4984 Initialize success
23:45:48.0803 4984 ============================================================
23:45:59.0483 3652 ============================================================
23:45:59.0483 3652 Scan started
23:45:59.0483 3652 Mode: Manual;
23:45:59.0483 3652 ============================================================
23:46:02.0280 3652 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
23:46:02.0280 3652 !SASCORE - ok
23:46:02.0688 3652 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:46:02.0767 3652 1394ohci - ok
23:46:02.0853 3652 38034240 (ccde590a195cb3a02fb0bfd787ce7ac5) C:\Windows\system32\drivers\59777965.sys
23:46:02.0878 3652 38034240 - ok
23:46:02.0932 3652 Acceler (aedb94a49236f5ff060c90e09e70281f) C:\Windows\system32\DRIVERS\Accelern.sys
23:46:03.0283 3652 Acceler - ok
23:46:03.0345 3652 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:46:03.0376 3652 ACPI - ok
23:46:03.0408 3652 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:46:03.0423 3652 AcpiPmi - ok
23:46:03.0501 3652 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
23:46:03.0532 3652 Adobe LM Service - ok
23:46:03.0595 3652 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
23:46:03.0678 3652 adp94xx - ok
23:46:03.0714 3652 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
23:46:03.0731 3652 adpahci - ok
23:46:03.0757 3652 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
23:46:03.0782 3652 adpu320 - ok
23:46:03.0847 3652 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:46:03.0849 3652 AeLookupSvc - ok
23:46:03.0900 3652 AERTFilters - ok
23:46:03.0965 3652 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:46:03.0981 3652 AFD - ok
23:46:04.0012 3652 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:46:04.0028 3652 agp440 - ok
23:46:04.0059 3652 aksdf (6b1a58bec8ca355d2d35832608114480) C:\Windows\system32\drivers\aksdf.sys
23:46:04.0090 3652 aksdf - ok
23:46:04.0137 3652 aksfridge (38ce50f05146d8ce41abae8bbb29fc78) C:\Windows\system32\drivers\aksfridge.sys
23:46:04.0168 3652 aksfridge - ok
23:46:04.0231 3652 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:46:04.0262 3652 ALG - ok
23:46:04.0277 3652 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:46:04.0293 3652 aliide - ok
23:46:04.0293 3652 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:46:04.0293 3652 amdide - ok
23:46:04.0324 3652 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
23:46:04.0340 3652 AmdK8 - ok
23:46:04.0355 3652 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
23:46:04.0371 3652 AmdPPM - ok
23:46:04.0387 3652 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:46:04.0418 3652 amdsata - ok
23:46:04.0449 3652 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
23:46:04.0964 3652 amdsbs - ok
23:46:04.0995 3652 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:46:05.0011 3652 amdxata - ok
23:46:05.0073 3652 AMPPAL (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\AMPPAL.sys
23:46:05.0120 3652 AMPPAL - ok
23:46:05.0120 3652 AMPPALP (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\amppal.sys
23:46:05.0120 3652 AMPPALP - ok
23:46:05.0260 3652 AMPPALR3 (864c632b999be1237a3dc46736e71f27) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
23:46:05.0291 3652 AMPPALR3 - ok
23:46:05.0463 3652 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:46:05.0479 3652 AppID - ok
23:46:05.0494 3652 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:46:05.0510 3652 AppIDSvc - ok
23:46:05.0541 3652 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
23:46:05.0557 3652 Appinfo - ok
23:46:05.0650 3652 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
23:46:05.0681 3652 AppMgmt - ok
23:46:05.0710 3652 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
23:46:05.0720 3652 arc - ok
23:46:05.0739 3652 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
23:46:05.0778 3652 arcsas - ok
23:46:05.0875 3652 aspnet_state - ok
23:46:05.0892 3652 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:46:05.0901 3652 AsyncMac - ok
23:46:05.0932 3652 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:46:05.0948 3652 atapi - ok
23:46:06.0031 3652 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:46:06.0063 3652 AudioEndpointBuilder - ok
23:46:06.0078 3652 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:46:06.0078 3652 AudioSrv - ok
23:46:06.0125 3652 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
23:46:06.0156 3652 AxInstSV - ok
23:46:06.0219 3652 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
23:46:06.0265 3652 b06bdrv - ok
23:46:06.0390 3652 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:46:06.0437 3652 b57nd60a - ok
23:46:06.0609 3652 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
23:46:06.0687 3652 BBSvc - ok
23:46:06.0765 3652 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:46:06.0937 3652 BDESVC - ok
23:46:06.0972 3652 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:46:06.0975 3652 Beep - ok
23:46:07.0053 3652 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
23:46:07.0084 3652 BFE - ok
23:46:07.0162 3652 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
23:46:07.0193 3652 BITS - ok
23:46:07.0240 3652 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:46:07.0318 3652 blbdrive - ok
23:46:07.0505 3652 Bluetooth Device Monitor (5ff7b9916a10e8e69e7c0d16f0b4787a) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
23:46:07.0521 3652 Bluetooth Device Monitor - ok
23:46:07.0646 3652 Bluetooth Media Service (e43d73caf1023976efba1d0f0e69e271) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
23:46:07.0677 3652 Bluetooth Media Service - ok
23:46:07.0779 3652 Bluetooth OBEX Service (20427929646784a482df34ef8c4fed23) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
23:46:07.0783 3652 Bluetooth OBEX Service - ok
23:46:07.0939 3652 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:46:07.0962 3652 bowser - ok
23:46:08.0025 3652 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
23:46:08.0040 3652 BrFiltLo - ok
23:46:08.0056 3652 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
23:46:08.0072 3652 BrFiltUp - ok
23:46:08.0103 3652 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
23:46:08.0134 3652 BridgeMP - ok
23:46:08.0165 3652 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
23:46:08.0181 3652 Browser - ok
23:46:08.0228 3652 BrSerIb (6df544e72ff139e8fbbba6d0e569bea5) C:\Windows\system32\DRIVERS\BrSerIb.sys
23:46:08.0274 3652 BrSerIb - ok
23:46:08.0290 3652 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:46:08.0337 3652 Brserid - ok
23:46:08.0352 3652 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:46:08.0352 3652 BrSerWdm - ok
23:46:08.0384 3652 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:46:08.0384 3652 BrUsbMdm - ok
23:46:08.0384 3652 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:46:08.0384 3652 BrUsbSer - ok
23:46:08.0415 3652 BrUsbSIb (80082ad46578f0d3270d2e56d6433082) C:\Windows\system32\DRIVERS\BrUsbSIb.sys
23:46:08.0618 3652 BrUsbSIb - ok
23:46:08.0727 3652 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files (x86)\Browny02\BrYNSvc.exe
23:46:08.0731 3652 BrYNSvc - ok
23:46:08.0760 3652 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
23:46:08.0775 3652 BthEnum - ok
23:46:08.0799 3652 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
23:46:08.0808 3652 BTHMODEM - ok
23:46:08.0828 3652 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
23:46:08.0837 3652 BthPan - ok
23:46:08.0888 3652 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
23:46:08.0968 3652 BTHPORT - ok
23:46:08.0983 3652 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:46:08.0983 3652 bthserv - ok
23:46:09.0061 3652 BTHSSecurityMgr (9e2af97302b9f4bf97e952a865eb31ae) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
23:46:09.0061 3652 BTHSSecurityMgr - ok
23:46:09.0077 3652 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
23:46:09.0139 3652 BTHUSB - ok
23:46:09.0202 3652 btmaudio (274e47bd9c1367bdbfa9df10c2e6c544) C:\Windows\system32\drivers\btmaud.sys
23:46:09.0217 3652 btmaudio - ok
23:46:09.0233 3652 btmaux (75eab5aaf6e9f83739249ce60b4b9c39) C:\Windows\system32\DRIVERS\btmaux.sys
23:46:09.0249 3652 btmaux - ok
23:46:09.0280 3652 btmhsf (0b1cc2221dc5990e4557a78ce9afad4f) C:\Windows\system32\DRIVERS\btmhsf.sys
23:46:09.0327 3652 btmhsf - ok
23:46:09.0373 3652 catchme - ok
23:46:09.0405 3652 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:46:09.0436 3652 cdfs - ok
23:46:09.0467 3652 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
23:46:09.0514 3652 cdrom - ok
23:46:09.0545 3652 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:46:09.0561 3652 CertPropSvc - ok
23:46:09.0592 3652 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
23:46:09.0592 3652 circlass - ok
23:46:09.0639 3652 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:46:09.0639 3652 CLFS - ok
23:46:09.0760 3652 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:46:09.0777 3652 clr_optimization_v2.0.50727_32 - ok
23:46:09.0851 3652 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:46:09.0865 3652 clr_optimization_v2.0.50727_64 - ok
23:46:09.0953 3652 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:46:10.0003 3652 clr_optimization_v4.0.30319_32 - ok
23:46:10.0050 3652 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:46:10.0081 3652 clr_optimization_v4.0.30319_64 - ok
23:46:10.0128 3652 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:46:10.0175 3652 CmBatt - ok
23:46:10.0190 3652 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:46:10.0190 3652 cmdide - ok
23:46:11.0601 3652 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
23:46:11.0648 3652 CNG - ok
23:46:11.0695 3652 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:46:11.0710 3652 Compbatt - ok
23:46:11.0796 3652 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:46:11.0802 3652 CompositeBus - ok
23:46:11.0811 3652 COMSysApp - ok
23:46:11.0826 3652 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
23:46:11.0832 3652 crcdisk - ok
23:46:11.0877 3652 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
23:46:11.0882 3652 CryptSvc - ok
23:46:11.0956 3652 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
23:46:11.0976 3652 CSC - ok
23:46:12.0028 3652 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
23:46:12.0044 3652 CscService - ok
23:46:12.0122 3652 CtClsFlt (df214bff646880d0eb31bdc86136b29b) C:\Windows\system32\DRIVERS\CtClsFlt.sys
23:46:12.0153 3652 CtClsFlt - ok
23:46:12.0200 3652 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
23:46:12.0215 3652 dc3d - ok
23:46:12.0278 3652 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:46:12.0293 3652 DcomLaunch - ok
23:46:12.0340 3652 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:46:12.0371 3652 defragsvc - ok
23:46:12.0449 3652 DellDigitalDelivery (bc8362b60304a9ed9416c305f6df5247) c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
23:46:12.0449 3652 DellDigitalDelivery - ok
23:46:12.0481 3652 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:46:12.0512 3652 DfsC - ok
23:46:12.0574 3652 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
23:46:12.0605 3652 Dhcp - ok
23:46:12.0738 3652 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:46:12.0739 3652 discache - ok
23:46:12.0770 3652 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
23:46:12.0787 3652 Disk - ok
23:46:12.0815 3652 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
23:46:12.0825 3652 dmvsc - ok
23:46:12.0857 3652 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
23:46:12.0883 3652 Dnscache - ok
23:46:12.0940 3652 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
23:46:12.0999 3652 dot3svc - ok
23:46:13.0101 3652 DpHost (c43618154fc0c8480f53b04ba7a2f371) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
23:46:13.0132 3652 DpHost - ok
23:46:13.0148 3652 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
23:46:13.0163 3652 DPS - ok
23:46:13.0194 3652 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:46:13.0241 3652 drmkaud - ok
23:46:13.0335 3652 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:46:13.0366 3652 DXGKrnl - ok
23:46:13.0413 3652 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:46:13.0444 3652 EapHost - ok
23:46:13.0709 3652 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
23:46:14.0099 3652 ebdrv - ok
23:46:14.0208 3652 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
23:46:14.0224 3652 EFS - ok
23:46:14.0364 3652 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
23:46:14.0442 3652 ehRecvr - ok
23:46:14.0474 3652 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:46:14.0489 3652 ehSched - ok
23:46:14.0583 3652 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
23:46:14.0676 3652 elxstor - ok
23:46:14.0800 3652 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
23:46:14.0826 3652 EpsonBidirectionalService - ok
23:46:14.0849 3652 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:46:14.0854 3652 ErrDev - ok
23:46:14.0939 3652 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:46:14.0946 3652 EventSystem - ok
23:46:15.0171 3652 EvtEng (e3a96d5ae6e5c7b5472011ba77353368) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
23:46:15.0218 3652 EvtEng - ok
23:46:15.0576 3652 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:46:15.0623 3652 exfat - ok
23:46:15.0670 3652 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:46:15.0717 3652 fastfat - ok
23:46:15.0802 3652 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
23:46:15.0811 3652 Fax - ok
23:46:15.0832 3652 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
23:46:15.0838 3652 fdc - ok
23:46:15.0861 3652 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:46:15.0862 3652 fdPHost - ok
23:46:15.0871 3652 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:46:15.0876 3652 FDResPub - ok
23:46:15.0900 3652 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:46:15.0934 3652 FileInfo - ok
23:46:15.0957 3652 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:46:15.0965 3652 Filetrace - ok
23:46:15.0978 3652 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
23:46:15.0985 3652 flpydisk - ok
23:46:16.0015 3652 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:46:16.0029 3652 FltMgr - ok
23:46:16.0126 3652 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
23:46:16.0126 3652 FontCache - ok
23:46:16.0189 3652 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:46:16.0189 3652 FontCache3.0.0.0 - ok
23:46:16.0220 3652 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:46:16.0220 3652 FsDepends - ok
23:46:16.0267 3652 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
23:46:16.0282 3652 fssfltr - ok
23:46:16.0501 3652 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
23:46:16.0735 3652 fsssvc - ok
23:46:16.0920 3652 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
23:46:16.0930 3652 Fs_Rec - ok
23:46:16.0979 3652 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:46:16.0985 3652 fvevol - ok
23:46:17.0031 3652 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
23:46:17.0050 3652 gagp30kx - ok
23:46:17.0128 3652 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
23:46:17.0159 3652 gpsvc - ok
23:46:17.0284 3652 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:46:17.0315 3652 gupdate - ok
23:46:17.0331 3652 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:46:17.0331 3652 gupdatem - ok
23:46:17.0362 3652 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:46:17.0424 3652 gusvc - ok
23:46:17.0518 3652 hardlock (d619ba1712b83d14149850e758b835ad) C:\Windows\system32\drivers\hardlock.sys
23:46:17.0565 3652 hardlock - ok
23:46:17.0565 3652 hasplms - ok
23:46:17.0627 3652 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:46:17.0643 3652 hcw85cir - ok
23:46:17.0674 3652 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:46:17.0705 3652 HDAudBus - ok
23:46:17.0705 3652 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
23:46:17.0721 3652 HidBatt - ok
23:46:17.0752 3652 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
23:46:17.0777 3652 HidBth - ok
23:46:17.0791 3652 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
23:46:17.0798 3652 HidIr - ok
23:46:17.0816 3652 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
23:46:17.0822 3652 hidserv - ok
23:46:17.0847 3652 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:46:17.0865 3652 HidUsb - ok
23:46:18.0017 3652 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
23:46:18.0058 3652 hkmsvc - ok
23:46:18.0074 3652 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
23:46:18.0105 3652 HomeGroupListener - ok
23:46:18.0152 3652 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
23:46:18.0152 3652 HomeGroupProvider - ok
23:46:18.0183 3652 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:46:18.0183 3652 HpSAMD - ok
23:46:18.0261 3652 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:46:18.0276 3652 HTTP - ok
23:46:18.0292 3652 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:46:18.0292 3652 hwpolicy - ok
23:46:18.0339 3652 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
23:46:18.0354 3652 i8042prt - ok
23:46:18.0417 3652 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\drivers\iaStor.sys
23:46:18.0432 3652 iaStor - ok
23:46:18.0479 3652 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:46:18.0573 3652 iaStorV - ok
23:46:18.0620 3652 iBtFltCoex (8a4ec1c3f10385181b1066120c610ae5) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
23:46:18.0635 3652 iBtFltCoex - ok
23:46:18.0822 3652 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:46:18.0900 3652 idsvc - ok
23:46:19.0712 3652 igfx (0bd58366c86ef9ddc4f61afed0cada99) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:46:19.0974 3652 igfx - ok
23:46:20.0113 3652 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
23:46:20.0129 3652 iirsp - ok
23:46:20.0269 3652 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
23:46:20.0300 3652 IKEEXT - ok
23:46:20.0331 3652 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys
23:46:20.0378 3652 Impcd - ok
23:46:20.0441 3652 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\Windows\system32\drivers\intelaud.sys
23:46:20.0456 3652 intaud_WaveExtensible - ok
23:46:20.0675 3652 IntcAzAudAddService (1b491f385ee96f9d9ee4cb430c8cd29e) C:\Windows\system32\drivers\RTKVHD64.sys
23:46:20.0768 3652 IntcAzAudAddService - ok
23:46:20.0916 3652 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
23:46:20.0982 3652 IntcDAud - ok
23:46:21.0002 3652 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:46:21.0006 3652 intelide - ok
23:46:21.0037 3652 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:46:21.0054 3652 intelppm - ok
23:46:21.0075 3652 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:46:21.0091 3652 IPBusEnum - ok
23:46:21.0091 3652 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:46:21.0107 3652 IpFilterDriver - ok
23:46:21.0153 3652 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
23:46:21.0185 3652 iphlpsvc - ok
23:46:21.0200 3652 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:46:21.0216 3652 IPMIDRV - ok
23:46:21.0309 3652 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:46:21.0450 3652 IPNAT - ok
23:46:21.0465 3652 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:46:21.0481 3652 IRENUM - ok
23:46:21.0481 3652 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:46:21.0497 3652 isapnp - ok
23:46:21.0512 3652 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:46:21.0684 3652 iScsiPrt - ok
23:46:21.0715 3652 iwdbus (716f66336f10885d935b08174dc54242) C:\Windows\system32\DRIVERS\iwdbus.sys
23:46:21.0731 3652 iwdbus - ok
23:46:21.0762 3652 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:46:21.0777 3652 kbdclass - ok
23:46:21.0793 3652 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
23:46:21.0819 3652 kbdhid - ok
23:46:21.0893 3652 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:46:21.0896 3652 KeyIso - ok
23:46:21.0918 3652 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
23:46:22.0093 3652 KSecDD - ok
23:46:22.0202 3652 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
23:46:22.0234 3652 KSecPkg - ok
23:46:22.0265 3652 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:46:22.0265 3652 ksthunk - ok
23:46:22.0327 3652 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:46:22.0374 3652 KtmRm - ok
23:46:22.0421 3652 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
23:46:22.0436 3652 LanmanServer - ok
23:46:22.0561 3652 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
23:46:22.0593 3652 LanmanWorkstation - ok
23:46:22.0655 3652 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:46:22.0717 3652 lltdio - ok
23:46:22.0764 3652 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:46:22.0795 3652 lltdsvc - ok
23:46:22.0824 3652 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:46:22.0829 3652 lmhosts - ok
23:46:22.0950 3652 LMIGuardianSvc (d55a7d0553c7102f63872936c7a9d9db) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
23:46:22.0959 3652 LMIGuardianSvc - ok
23:46:22.0994 3652 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
23:46:23.0009 3652 LMIInfo - ok
23:46:23.0047 3652 LMIMaint (a7d256c8847df6e88bddb55f87e54f46) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
23:46:23.0058 3652 LMIMaint - ok
23:46:23.0074 3652 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
23:46:23.0076 3652 lmimirr - ok
23:46:23.0081 3652 LMIRfsClientNP - ok
23:46:23.0112 3652 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
23:46:23.0128 3652 LMIRfsDriver - ok
23:46:23.0190 3652 LMS (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
23:46:23.0206 3652 LMS - ok
23:46:23.0253 3652 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
23:46:23.0284 3652 LogMeIn - ok
23:46:23.0315 3652 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
23:46:23.0377 3652 LSI_FC - ok
23:46:23.0424 3652 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
23:46:23.0440 3652 LSI_SAS - ok
23:46:23.0455 3652 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
23:46:23.0471 3652 LSI_SAS2 - ok
23:46:23.0502 3652 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
23:46:23.0502 3652 LSI_SCSI - ok
23:46:23.0533 3652 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:46:23.0705 3652 luafv - ok
23:46:23.0736 3652 MBAMProtector - ok
23:46:23.0846 3652 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
23:46:23.0935 3652 MBAMService - ok
23:46:23.0967 3652 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
23:46:23.0976 3652 Mcx2Svc - ok
23:46:23.0994 3652 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
23:46:24.0000 3652 megasas - ok
23:46:24.0024 3652 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
23:46:24.0084 3652 MegaSR - ok
23:46:24.0101 3652 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
23:46:24.0148 3652 MEIx64 - ok
23:46:24.0179 3652 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:46:24.0194 3652 MMCSS - ok
23:46:24.0241 3652 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:46:24.0257 3652 Modem - ok
23:46:24.0288 3652 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:46:24.0304 3652 monitor - ok
23:46:24.0319 3652 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:46:24.0335 3652 mouclass - ok
23:46:24.0350 3652 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:46:24.0366 3652 mouhid - ok
23:46:24.0397 3652 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:46:24.0397 3652 mountmgr - ok
23:46:24.0413 3652 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:46:24.0475 3652 mpio - ok
23:46:24.0553 3652 MpKsl709c81ec - ok
23:46:24.0569 3652 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:46:24.0600 3652 mpsdrv - ok
23:46:24.0709 3652 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
23:46:24.0740 3652 MpsSvc - ok
23:46:24.0756 3652 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:46:24.0787 3652 MRxDAV - ok
23:46:24.0834 3652 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:46:24.0881 3652 mrxsmb - ok
23:46:24.0912 3652 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:46:24.0943 3652 mrxsmb10 - ok
23:46:24.0974 3652 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:46:24.0990 3652 mrxsmb20 - ok
23:46:25.0006 3652 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:46:25.0021 3652 msahci - ok
23:46:25.0068 3652 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:46:25.0130 3652 msdsm - ok
23:46:25.0162 3652 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:46:25.0193 3652 MSDTC - ok
23:46:25.0208 3652 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:46:25.0224 3652 Msfs - ok
23:46:25.0240 3652 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:46:25.0240 3652 mshidkmdf - ok
23:46:25.0271 3652 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:46:25.0271 3652 msisadrv - ok
23:46:25.0302 3652 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:46:25.0349 3652 MSiSCSI - ok
23:46:25.0349 3652 msiserver - ok
23:46:25.0380 3652 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:46:25.0396 3652 MSKSSRV - ok
23:46:25.0396 3652 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:46:25.0411 3652 MSPCLOCK - ok
23:46:25.0411 3652 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:46:25.0411 3652 MSPQM - ok
23:46:25.0442 3652 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:46:25.0489 3652 MsRPC - ok
23:46:25.0489 3652 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
23:46:25.0489 3652 mssmbios - ok
23:46:25.0489 3652 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:46:25.0505 3652 MSTEE - ok
23:46:25.0505 3652 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
23:46:25.0505 3652 MTConfig - ok
23:46:25.0552 3652 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:46:25.0567 3652 Mup - ok
23:46:25.0739 3652 MyWiFiDHCPDNS (8f57db74bf5407a4cda6c8b005dc8dd0) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
23:46:25.0770 3652 MyWiFiDHCPDNS - ok
23:46:25.0817 3652 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
23:46:25.0848 3652 napagent - ok
23:46:25.0926 3652 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:46:25.0973 3652 NativeWifiP - ok
23:46:26.0051 3652 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
23:46:26.0066 3652 NDIS - ok
23:46:26.0098 3652 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:46:26.0113 3652 NdisCap - ok
23:46:26.0113 3652 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:46:26.0113 3652 NdisTapi - ok
23:46:26.0129 3652 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:46:26.0176 3652 Ndisuio - ok
23:46:26.0207 3652 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:46:26.0285 3652 NdisWan - ok
23:46:26.0316 3652 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:46:26.0316 3652 NDProxy - ok
23:46:26.0332 3652 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:46:26.0347 3652 NetBIOS - ok
23:46:26.0378 3652 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:46:26.0378 3652 NetBT - ok
23:46:26.0425 3652 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:46:26.0425 3652 Netlogon - ok
23:46:26.0488 3652 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:46:26.0519 3652 Netman - ok
23:46:26.0659 3652 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:46:26.0722 3652 NetMsmqActivator - ok
23:46:26.0722 3652 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:46:26.0722 3652 NetPipeActivator - ok
23:46:26.0800 3652 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:46:26.0800 3652 netprofm - ok
23:46:26.0815 3652 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:46:26.0815 3652 NetTcpActivator - ok
23:46:26.0815 3652 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:46:26.0815 3652 NetTcpPortSharing - ok
23:46:26.0876 3652 netvsc (73ce12b8bdd747b0063cb0a7ef44cea7) C:\Windows\system32\DRIVERS\netvsc60.sys
23:46:26.0925 3652 netvsc - ok
23:46:27.0583 3652 NETwNs64 (50ad7f7040c22bb7caa59a0880875a21) C:\Windows\system32\DRIVERS\NETwNs64.sys
23:46:27.0942 3652 NETwNs64 - ok
23:46:28.0769 3652 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
23:46:28.0785 3652 nfrd960 - ok
23:46:28.0870 3652 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
23:46:28.0894 3652 NlaSvc - ok
23:46:29.0218 3652 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
23:46:29.0234 3652 NOBU - ok
23:46:29.0405 3652 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:46:29.0421 3652 Npfs - ok
23:46:29.0468 3652 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:46:29.0483 3652 nsi - ok
23:46:29.0499 3652 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:46:29.0499 3652 nsiproxy - ok
23:46:29.0655 3652 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:46:29.0780 3652 Ntfs - ok
23:46:29.0989 3652 ntrtscan (f632dd8aa5c388d1d0528a876a71320d) c:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe
23:46:30.0035 3652 ntrtscan - ok
23:46:30.0208 3652 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:46:30.0286 3652 Null - ok
23:46:30.0317 3652 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys
23:46:30.0333 3652 nusb3hub - ok
23:46:30.0364 3652 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys
23:46:30.0379 3652 nusb3xhc - ok
23:46:30.0411 3652 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:46:30.0442 3652 nvraid - ok
23:46:30.0473 3652 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:46:30.0489 3652 nvstor - ok
23:46:30.0520 3652 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:46:30.0535 3652 nv_agp - ok
23:46:30.0613 3652 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:46:30.0613 3652 ohci1394 - ok
23:46:30.0707 3652 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:46:30.0723 3652 ose - ok
23:46:32.0957 3652 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:46:33.0240 3652 osppsvc - ok
23:46:33.0381 3652 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:46:33.0396 3652 p2pimsvc - ok
23:46:33.0443 3652 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:46:33.0459 3652 p2psvc - ok
23:46:33.0505 3652 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
23:46:33.0537 3652 Parport - ok
23:46:33.0615 3652 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
23:46:33.0661 3652 partmgr - ok
23:46:33.0693 3652 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:46:33.0693 3652 PcaSvc - ok
23:46:33.0739 3652 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:46:33.0771 3652 pci - ok
23:46:33.0786 3652 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:46:33.0786 3652 pciide - ok
23:46:33.0817 3652 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
23:46:33.0911 3652 pcmcia - ok
23:46:33.0972 3652 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:46:33.0990 3652 pcw - ok
23:46:34.0126 3652 PDFProFiltSrvPP (c1c3baf078be5a14384a4ba2d730817d) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
23:46:34.0190 3652 PDFProFiltSrvPP - ok
23:46:34.0245 3652 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:46:34.0292 3652 PEAUTH - ok
23:46:34.0417 3652 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
23:46:34.0557 3652 PeerDistSvc - ok
23:46:34.0682 3652 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:46:34.0713 3652 PerfHost - ok
23:46:34.0885 3652 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
23:46:35.0056 3652 pla - ok
23:46:35.0110 3652 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
23:46:35.0144 3652 PlugPlay - ok
23:46:35.0160 3652 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:46:35.0166 3652 PNRPAutoReg - ok
23:46:35.0201 3652 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:46:35.0209 3652 PNRPsvc - ok
23:46:35.0267 3652 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
23:46:35.0298 3652 Point64 - ok
23:46:35.0345 3652 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
23:46:35.0361 3652 PolicyAgent - ok
23:46:35.0408 3652 Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\Windows\system32\umpo.dll
23:46:35.0423 3652 Power - ok
23:46:35.0454 3652 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:46:35.0470 3652 PptpMiniport - ok
23:46:35.0486 3652 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
23:46:35.0501 3652 Processor - ok
23:46:35.0548 3652 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
23:46:35.0579 3652 ProfSvc - ok
23:46:35.0642 3652 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:46:35.0642 3652 ProtectedStorage - ok
23:46:35.0673 3652 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:46:35.0673 3652 Psched - ok
23:46:35.0704 3652 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
23:46:35.0735 3652 PxHlpa64 - ok
23:46:35.0829 3652 QBCFMonitorService (e69cfdbcf71b95ab663d67280d763999) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
23:46:35.0876 3652 QBCFMonitorService - ok
23:46:35.0907 3652 QBFCService (2241eaf40e472c471cb80cf6b97cca11) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
23:46:35.0938 3652 QBFCService - ok
23:46:36.0049 3652 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
23:46:36.0167 3652 ql2300 - ok
23:46:36.0271 3652 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
23:46:36.0303 3652 ql40xx - ok
23:46:36.0334 3652 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:46:36.0474 3652 QWAVE - ok
23:46:36.0490 3652 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:46:36.0521 3652 QWAVEdrv - ok
23:46:36.0537 3652 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:46:36.0537 3652 RasAcd - ok
23:46:36.0568 3652 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:46:36.0583 3652 RasAgileVpn - ok
23:46:36.0630 3652 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:46:36.0661 3652 RasAuto - ok
23:46:36.0693 3652 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:46:36.0724 3652 Rasl2tp - ok
23:46:36.0771 3652 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
23:46:36.0802 3652 RasMan - ok
23:46:36.0817 3652 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:46:36.0942 3652 RasPppoe - ok
23:46:36.0973 3652 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:46:37.0005 3652 RasSstp - ok
23:46:37.0051 3652 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:46:37.0098 3652 rdbss - ok
23:46:37.0114 3652 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:46:37.0114 3652 rdpbus - ok
23:46:37.0129 3652 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:46:37.0129 3652 RDPCDD - ok
23:46:37.0161 3652 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
23:46:37.0239 3652 RDPDR - ok
23:46:37.0254 3652 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:46:37.0254 3652 RDPENCDD - ok
23:46:37.0270 3652 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:46:37.0270 3652 RDPREFMP - ok
23:46:37.0301 3652 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
23:46:37.0332 3652 RDPWD - ok
23:46:37.0363 3652 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:46:37.0457 3652 rdyboost - ok
23:46:37.0597 3652 RegSrvc (fd11c1287d38a46fb72353e14d50089c) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
23:46:37.0644 3652 RegSrvc - ok
23:46:37.0675 3652 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:46:37.0707 3652 RemoteAccess - ok
23:46:37.0738 3652 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:46:37.0925 3652 RemoteRegistry - ok
23:46:37.0997 3652 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
23:46:38.0026 3652 RFCOMM - ok
23:46:38.0178 3652 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
23:46:38.0215 3652 RoxMediaDB12OEM - ok
23:46:38.0249 3652 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
23:46:38.0249 3652 RoxWatch12 - ok
23:46:38.0343 3652 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:46:38.0374 3652 RpcEptMapper - ok
23:46:38.0374 3652 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:46:38.0389 3652 RpcLocator - ok
23:46:38.0436 3652 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:46:38.0452 3652 RpcSs - ok
23:46:38.0483 3652 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:46:38.0670 3652 rspndr - ok
23:46:38.0733 3652 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\Windows\system32\Drivers\RtsUStor.sys
23:46:38.0779 3652 RSUSBSTOR - ok
23:46:38.0842 3652 RTL8167 (a73ed14670220307874ad6bc2f279349) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:46:38.0873 3652 RTL8167 - ok
23:46:38.0889 3652 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
23:46:38.0889 3652 s3cap - ok
23:46:38.0920 3652 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:46:38.0935 3652 SamSs - ok
23:46:39.0015 3652 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
23:46:39.0016 3652 SASDIFSV - ok
23:46:39.0025 3652 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
23:46:39.0026 3652 SASKUTIL - ok
23:46:39.0046 3652 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:46:39.0055 3652 sbp2port - ok
23:46:39.0095 3652 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:46:39.0182 3652 SCardSvr - ok
23:46:39.0206 3652 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:46:39.0246 3652 scfilter - ok
23:46:39.0334 3652 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
23:46:39.0349 3652 Schedule - ok
23:46:39.0381 3652 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:46:39.0381 3652 SCPolicySvc - ok
23:46:39.0396 3652 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
23:46:39.0427 3652 SDRSVC - ok
23:46:39.0552 3652 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
23:46:39.0615 3652 SeaPort - ok
23:46:39.0677 3652 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:46:39.0708 3652 secdrv - ok
23:46:39.0708 3652 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
23:46:39.0708 3652 seclogon - ok
23:46:39.0739 3652 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
23:46:39.0739 3652 SENS - ok
23:46:39.0755 3652 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:46:39.0755 3652 SensrSvc - ok
23:46:39.0786 3652 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
23:46:39.0802 3652 Serenum - ok
23:46:39.0833 3652 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
23:46:39.0864 3652 Serial - ok
23:46:39.0895 3652 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
23:46:39.0911 3652 sermouse - ok
23:46:39.0942 3652 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
23:46:39.0973 3652 SessionEnv - ok
23:46:39.0973 3652 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:46:40.0006 3652 sffdisk - ok
23:46:40.0011 3652 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:46:40.0016 3652 sffp_mmc - ok
23:46:40.0024 3652 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:46:40.0029 3652 sffp_sd - ok
23:46:40.0032 3652 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:46:40.0038 3652 sfloppy - ok
23:46:40.0097 3652 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
23:46:40.0130 3652 SharedAccess - ok
23:46:40.0169 3652 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
23:46:40.0190 3652 ShellHWDetection - ok
23:46:40.0196 3652 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
23:46:40.0202 3652 SiSRaid2 - ok
23:46:40.0217 3652 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
23:46:40.0224 3652 SiSRaid4 - ok
23:46:40.0494 3652 Skype C2C Service (4ca43b85f22c7739311788b651a779cb) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
23:46:40.0900 3652 Skype C2C Service - ok
23:46:41.0020 3652 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:46:41.0050 3652 Smb - ok
23:46:41.0080 3652 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:46:41.0086 3652 SNMPTRAP - ok
23:46:41.0094 3652 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:46:41.0099 3652 spldr - ok
23:46:41.0138 3652 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
23:46:41.0154 3652 Spooler - ok
23:46:41.0345 3652 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
23:46:41.0423 3652 sppsvc - ok
23:46:41.0517 3652 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:46:41.0564 3652 sppuinotify - ok
23:46:41.0688 3652 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:46:41.0720 3652 srv - ok
23:46:41.0751 3652 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:46:41.0798 3652 srv2 - ok
23:46:41.0829 3652 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:46:41.0844 3652 srvnet - ok
23:46:41.0891 3652 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:46:41.0907 3652 SSDPSRV - ok
23:46:41.0922 3652 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:46:41.0938 3652 SstpSvc - ok
23:46:41.0969 3652 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
23:46:41.0985 3652 stdcfltn - ok
23:46:42.0013 3652 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
23:46:42.0019 3652 stexstor - ok
23:46:42.0086 3652 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
23:46:42.0121 3652 stisvc - ok
23:46:42.0166 3652 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
23:46:42.0196 3652 stllssvr - ok
23:46:42.0219 3652 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
23:46:42.0224 3652 StorSvc - ok
23:46:42.0247 3652 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
23:46:42.0258 3652 storvsc - ok
23:46:42.0314 3652 svcGenericHost (15323ae5d254aa1d389522166e6f4244) c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
23:46:42.0330 3652 svcGenericHost - ok
23:46:42.0345 3652 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
23:46:42.0361 3652 swenum - ok
23:46:42.0423 3652 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:46:42.0439 3652 swprv - ok
23:46:42.0455 3652 SynthVid (4cdd7df58730d23ba9cb5829a6e2ecea) C:\Windows\system32\DRIVERS\VMBusVideoM.sys
23:46:42.0501 3652 SynthVid - ok
23:46:42.0673 3652 SynTP (aad83760a0887975d8f524b4d2c86060) C:\Windows\system32\DRIVERS\SynTP.sys
23:46:42.0689 3652 SynTP - ok
23:46:42.0907 3652 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
23:46:42.0923 3652 SysMain - ok
23:46:42.0985 3652 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
23:46:43.0051 3652 TabletInputService - ok
23:46:43.0086 3652 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
23:46:43.0100 3652 TapiSrv - ok
23:46:43.0124 3652 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:46:43.0135 3652 TBS - ok
23:46:43.0304 3652 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
23:46:43.0429 3652 Tcpip - ok
23:46:43.0678 3652 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
23:46:43.0709 3652 TCPIP6 - ok
23:46:43.0772 3652 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:46:43.0850 3652 tcpipreg - ok
23:46:43.0865 3652 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:46:43.0881 3652 TDPIPE - ok
23:46:43.0912 3652 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
23:46:43.0928 3652 TDTCP - ok
23:46:43.0959 3652 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:46:43.0959 3652 tdx - ok
23:46:43.0990 3652 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
23:46:44.0008 3652 TermDD - ok
23:46:44.0082 3652 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
23:46:44.0117 3652 TermService - ok
23:46:44.0122 3652 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:46:44.0127 3652 Themes - ok
23:46:44.0154 3652 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:46:44.0155 3652 THREADORDER - ok
23:46:44.0249 3652 TMBMServer (963c903e5176c5cdcae321d48635b21f) c:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
23:46:44.0264 3652 TMBMServer - ok
23:46:44.0339 3652 TmFilter (8b97ba7e28bd39a2bc4a2bb66a83fec0) c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys
23:46:44.0370 3652 TmFilter - ok
23:46:44.0511 3652 tmlisten (e5f23152b394fdebc53b07e2b2e64c62) c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe
23:46:44.0558 3652 tmlisten - ok
23:46:44.0729 3652 tmlwf (b5c00fc8786a237937c33aabee68ca26) C:\Windows\system32\DRIVERS\tmlwf.sys
23:46:44.0745 3652 tmlwf - ok
23:46:44.0854 3652 TmPfw (48d09383511757645c0a828622ef5ab3) c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe
23:46:44.0854 3652 TmPfw - ok
23:46:44.0885 3652 TmPreFilter (1889f49a828b1cf0e2866cdd325875b0) c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys
23:46:44.0885 3652 TmPreFilter - ok
23:46:44.0948 3652 TmProxy (19d6f618802f93c0ed9ea89e5cd6e12e) c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe
23:46:44.0963 3652 TmProxy - ok
23:46:45.0123 3652 tmtdi (a42e6780c52b248af54c6010a9a93384) C:\Windows\system32\DRIVERS\tmtdi.sys
23:46:45.0181 3652 tmtdi - ok
23:46:45.0248 3652 tmwfp (5d38c32a4b093bc8190cf3fb9078c9cd) C:\Windows\system32\DRIVERS\tmwfp.sys
23:46:45.0266 3652 tmwfp - ok
23:46:45.0282 3652 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:46:45.0298 3652 TrkWks - ok
23:46:45.0344 3652 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
23:46:45.0344 3652 TrustedInstaller - ok
23:46:45.0376 3652 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:46:45.0391 3652 tssecsrv - ok
23:46:45.0422 3652 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:46:45.0422 3652 TsUsbFlt - ok
23:46:45.0438 3652 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
23:46:45.0454 3652 TsUsbGD - ok
23:46:45.0485 3652 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:46:45.0500 3652 tunnel - ok
23:46:45.0532 3652 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
23:46:45.0532 3652 TurboB - ok
23:46:45.0610 3652 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
23:46:45.0610 3652 TurboBoost - ok
23:46:45.0672 3652 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
23:46:45.0688 3652 uagp35 - ok
23:46:45.0734 3652 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:46:45.0797 3652 udfs - ok
23:46:45.0812 3652 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:46:45.0937 3652 UI0Detect - ok
23:46:45.0968 3652 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:46:45.0984 3652 uliagpkx - ok
23:46:46.0000 3652 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
23:46:46.0050 3652 umbus - ok
23:46:46.0078 3652 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
23:46:46.0083 3652 UmPass - ok
23:46:46.0121 3652 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
23:46:46.0156 3652 UmRdpService - ok
23:46:46.0380 3652 UNS (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
23:46:46.0442 3652 UNS - ok
23:46:46.0583 3652 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:46:46.0583 3652 upnphost - ok
23:46:46.0692 3652 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
23:46:46.0707 3652 usbccgp - ok
23:46:46.0739 3652 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:46:46.0770 3652 usbcir - ok
23:46:46.0770 3652 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
23:46:46.0785 3652 usbehci - ok
23:46:46.0848 3652 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:46:46.0879 3652 usbhub - ok
23:46:46.0895 3652 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
23:46:46.0910 3652 usbohci - ok
23:46:46.0926 3652 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:46:46.0941 3652 usbprint - ok
23:46:46.0957 3652 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
23:46:46.0988 3652 usbscan - ok
23:46:47.0004 3652 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:46:47.0056 3652 USBSTOR - ok
23:46:47.0082 3652 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
23:46:47.0098 3652 usbuhci - ok
23:46:47.0142 3652 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
23:46:47.0175 3652 usbvideo - ok
23:46:47.0200 3652 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:46:47.0206 3652 UxSms - ok
23:46:47.0241 3652 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:46:47.0244 3652 VaultSvc - ok
23:46:47.0447 3652 vcsFPService (20bf96c13db4ba085d98f4700f3b05fe) C:\Windows\system32\vcsFPService.exe
23:46:47.0510 3652 vcsFPService - ok
23:46:47.0635 3652 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:46:47.0650 3652 vdrvroot - ok
23:46:47.0744 3652 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
23:46:47.0806 3652 vds - ok
23:46:47.0822 3652 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:46:47.0822 3652 vga - ok
23:46:47.0837 3652 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:46:47.0837 3652 VgaSave - ok
23:46:47.0869 3652 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:46:47.0915 3652 vhdmp - ok
23:46:47.0931 3652 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:46:47.0931 3652 viaide - ok
23:46:47.0962 3652 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
23:46:47.0978 3652 VMBusHID - ok
23:46:47.0993 3652 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:46:48.0009 3652 volmgr - ok
23:46:48.0058 3652 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:46:48.0066 3652 volmgrx - ok
23:46:48.0099 3652 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:46:48.0132 3652 volsnap - ok
23:46:48.0185 3652 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
23:46:48.0218 3652 vpcbus - ok
23:46:48.0247 3652 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
23:46:48.0254 3652 vpcnfltr - ok
23:46:48.0280 3652 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
23:46:48.0358 3652 vpcusb - ok
23:46:48.0420 3652 vpcvmm (30d4243726a15a14f5c5e45898d14394) C:\Windows\system32\drivers\vpcvmm.sys
23:46:48.0436 3652 vpcvmm - ok
23:46:48.0639 3652 VSApiNt (3a5862d9a4fe4bbb2ffa1700e2b21b9b) c:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys
23:46:48.0670 3652 VSApiNt - ok
23:46:48.0826 3652 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
23:46:48.0857 3652 vsmraid - ok
23:46:48.0982 3652 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
23:46:49.0106 3652 VSS - ok
23:46:49.0185 3652 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:46:49.0193 3652 vwifibus - ok
23:46:49.0215 3652 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:46:49.0223 3652 vwififlt - ok
23:46:49.0256 3652 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
23:46:49.0262 3652 vwifimp - ok
23:46:49.0312 3652 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:46:49.0349 3652 W32Time - ok
23:46:49.0380 3652 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
23:46:49.0380 3652 WacomPen - ok
23:46:49.0411 3652 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:46:49.0411 3652 WANARP - ok
23:46:49.0411 3652 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:46:49.0411 3652 Wanarpv6 - ok
23:46:49.0536 3652 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
23:46:49.0645 3652 WatAdminSvc - ok
23:46:49.0770 3652 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
23:46:49.0879 3652 wbengine - ok
23:46:49.0988 3652 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:46:50.0004 3652 WbioSrvc - ok
23:46:50.0061 3652 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
23:46:50.0091 3652 wcncsvc - ok
23:46:50.0103 3652 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:46:50.0109 3652 WcsPlugInService - ok
23:46:50.0135 3652 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
23:46:50.0143 3652 Wd - ok
23:46:50.0200 3652 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:46:50.0225 3652 Wdf01000 - ok
23:46:50.0242 3652 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:46:50.0248 3652 WdiServiceHost - ok
23:46:50.0250 3652 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:46:50.0252 3652 WdiSystemHost - ok
23:46:50.0280 3652 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
23:46:50.0309 3652 WebClient - ok
23:46:50.0337 3652 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:46:50.0369 3652 Wecsvc - ok
23:46:50.0384 3652 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:46:50.0400 3652 wercplsupport - ok
23:46:50.0415 3652 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:46:50.0447 3652 WerSvc - ok
23:46:50.0478 3652 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:46:50.0509 3652 WfpLwf - ok
23:46:50.0525 3652 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:46:50.0540 3652 WIMMount - ok
23:46:50.0556 3652 WinDefend - ok
23:46:50.0556 3652 WinHttpAutoProxySvc - ok
23:46:50.0634 3652 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:46:50.0649 3652 Winmgmt - ok
23:46:50.0821 3652 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
23:46:50.0977 3652 WinRM - ok
23:46:51.0114 3652 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
23:46:51.0158 3652 WinUSB - ok
23:46:51.0247 3652 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:46:51.0267 3652 Wlansvc - ok
23:46:51.0316 3652 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:46:51.0322 3652 wlcrasvc - ok
23:46:51.0545 3652 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:46:51.0623 3652 wlidsvc - ok
23:46:51.0748 3652 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:46:51.0779 3652 WmiAcpi - ok
23:46:51.0842 3652 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:46:51.0889 3652 wmiApSrv - ok
23:46:51.0904 3652 WMPNetworkSvc - ok
23:46:51.0935 3652 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:46:51.0951 3652 WPCSvc - ok
23:46:51.0967 3652 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
23:46:51.0982 3652 WPDBusEnum - ok
23:46:51.0998 3652 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:46:52.0013 3652 ws2ifsl - ok
23:46:52.0029 3652 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
23:46:52.0029 3652 wscsvc - ok
23:46:52.0029 3652 WSearch - ok
23:46:52.0201 3652 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
23:46:52.0250 3652 wuauserv - ok
23:46:52.0348 3652 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:46:52.0379 3652 WudfPf - ok
23:46:52.0426 3652 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:46:52.0457 3652 WUDFRd - ok
23:46:52.0488 3652 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
23:46:52.0504 3652 wudfsvc - ok
23:46:52.0535 3652 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:46:52.0566 3652 WwanSvc - ok
23:46:52.0644 3652 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
23:46:52.0894 3652 \Device\Harddisk0\DR0 - ok
23:46:52.0909 3652 Boot (0x1200) (6ae347f57303e4514e0dc73822316cdf) \Device\Harddisk0\DR0\Partition0
23:46:52.0909 3652 \Device\Harddisk0\DR0\Partition0 - ok
23:46:52.0925 3652 Boot (0x1200) (624dedb3422a734106176e967f4277e6) \Device\Harddisk0\DR0\Partition1
23:46:52.0925 3652 \Device\Harddisk0\DR0\Partition1 - ok
23:46:52.0925 3652 ============================================================
23:46:52.0925 3652 Scan finished
23:46:52.0925 3652 ============================================================
23:46:52.0941 5600 Detected object count: 0
23:46:52.0941 5600 Actual detected object count: 0

#11 imacasey

imacasey
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 24 June 2012 - 10:53 PM

Sorry - FIXTDSS ran and initially said infected MBR fund. Ran it and it said repair successful, repair succeded. TDSSKILLER then ran fine and found no criminals.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:39 PM

Posted 24 June 2012 - 10:55 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 imacasey

imacasey
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 24 June 2012 - 11:09 PM

I did the c&p into notepad. combofix had diasappeared from my deskop, so I downloaded it again. I dragged the text into combofix, but got an error msg when trying to run. "are you trying to run CFScript? The nameCFScript appears to be incorrectly spelt"

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:39 PM

Posted 24 June 2012 - 11:23 PM

remake the script and double check the spelling



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 imacasey

imacasey
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 24 June 2012 - 11:31 PM

I'm having fun tonight.
While awaiting your reply my computer gave me the blue screen...
the message(along with more specific codes) said windows detected a modification of syscode or ciritical data detected.
I restarted... and all my passwords were gone. :(

now... the code I copied to notepad, from your message, was: ClearJavaCache::
is this correct?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users