Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows has encountered a critical error... computer keeps shutting down


  • This topic is locked This topic is locked
25 replies to this topic

#1 gbalestr

gbalestr

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 04 July 2012 - 09:31 PM

My problem is very similar to this topic: http://www.bleepingcomputer.com/forums/topic458953.html and here http://www.bleepingcomputer.com/forums/topic458990.html

Soon after installing MSE, I got one message saying that threats had been cleaned off the computer and then another saying that 2 threats had been quarentined. Now every time I try to start my computer I get a window open telling me that Windows has encountered a critical error and will shut down in one minute.

This has happened mutiple times, twice on regular startup and once more on Safe Mode with Networking.

In anticipation of being asked; I'm running Windows 7. Can anyone give me some help???

I can't run any of the scans as my computer will not stay on long enough.

I did dl and install first.exe and ran the scan which produced this log.


========================= Memory info ======================

Percentage of memory in use: 28%
Total physical RAM: 3240.93 MB
Available physical RAM: 2326.35 MB
Total Pagefile: 6480.15 MB
Available Pagefile: 5586.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1943.99 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:297.32 GB) (Free:260.58 GB) NTFS
3 Drive e: (BMW WELCOME) (Removable) (Total:1.87 GB) (Free:1.21 GB) FAT

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 1911 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 752 MB 40 MB
Partition 3 Primary 297 GB 792 MB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 RECOVERY NTFS Partition 752 MB Healthy System (partition with boot components)

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 297 GB Healthy Boot

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1919 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E BMW WELCOME FAT Removable 1919 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-05-22 18:16

======================= End Of Log ==========================

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:38 AM

Posted 05 July 2012 - 08:32 AM

Greetings And Welcome To The Forums!!


You only sent a small part of the report - I will need the whole report and I need to know if it is 64 bit or 32 bit windows



My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flash-drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gbalestr

gbalestr
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 05 July 2012 - 08:49 PM

Hey Gringo,

Thanks for the help. To confirm I'm running 32bit. I reran First.exe and the file first.txt contains only the following.


========================= Memory info ======================

Percentage of memory in use: 31%
Total physical RAM: 3240.93 MB
Available physical RAM: 2233.96 MB
Total Pagefile: 6480.15 MB
Available Pagefile: 5410.13 MB
Total Virtual: 2047.88 MB
Available Virtual: 1962.07 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:297.32 GB) (Free:260.55 GB) NTFS
3 Drive e: (BMW WELCOME) (Removable) (Total:1.87 GB) (Free:1.21 GB) FAT

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 1911 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 752 MB 40 MB
Partition 3 Primary 297 GB 792 MB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 RECOVERY NTFS Partition 752 MB Healthy System (partition with boot components)

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 297 GB Healthy Boot

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1919 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E BMW WELCOME FAT Removable 1919 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-05-22 18:16

======================= End Of Log ==========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:38 AM

Posted 05 July 2012 - 09:20 PM

Hello

I want you to remove the frst you are using now and download it again from the link below and follow the instructions to get me the report that i need to see

download Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flash drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gbalestr

gbalestr
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 05 July 2012 - 09:49 PM

Sorry about that Please see below,

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 06-07-2012
Ran by SYSTEM at 05-07-2012 22:46:43
Running from F:\
Windows 7 Professional (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [488816 2011-01-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe [536668 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [143384 2011-03-30] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [177176 2011-03-30] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [178200 2011-03-30] (Intel Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5955072 2011-01-15] (Dell Inc.)
HKLM\...\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2009-07-06] (CyberLink Corp.)
HKLM\...\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe" [50472 2010-04-29] (CyberLink Corp.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM\...\Run: [Desktop Disc Tool] "C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1318816 2012-03-21] (McAfee, Inc.)
HKLM\...\Run: [McPvTray_exe] "C:\Program Files\McAfee\MAT\McPvTray.exe" [419904 2011-04-08] (McAfee, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\Candy\...\Run: [Google Update] "C:\Users\Candy\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-06-23] (Google Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll [X]
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Lsa: [Authentication Packages] msv1_0
wvauth
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Dell System Manager.lnk
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )

================================ Services (Whitelisted) ==================

2 AESTFilters; C:\Program Files\IDT\WDM\aestsrv.exe [81920 2009-03-03] (Andrea Electronics Corporation)
2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1803584 2010-05-10] (AuthenTec, Inc.)
2 BBSvc; C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [193816 2012-02-10] (Microsoft Corporation.)
3 BBUpdate; C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [240408 2012-02-10] (Microsoft Corporation.)
2 BrcmMgmtAgent; "C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe" -service [127488 2010-06-29] (Broadcom Corporation)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 jhi_service; C:\Program Files\Intel\Services\IPT\jhi_service.exe [210896 2010-11-29] (Intel Corporation)
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [361976 2012-04-19] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [166320 2012-05-25] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [161664 2012-05-25] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [151912 2012-05-25] (McAfee, Inc.)
2 MOBKbackup; "C:\Program Files\McAfee Online Backup\MOBKbackup.exe" [229688 2010-04-13] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)
2 O2FLASH; C:\Windows\System32\DRIVERS\o2flash.exe [72296 2010-02-10] (O2Micro International)
3 osppsvc; "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [4640000 2010-01-09] (Microsoft Corporation)
2 RapportMgmtService; "C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe" [976728 2012-06-08] (Trusteer Ltd.)
3 RoxMediaDB12OEM; "C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe" [1116656 2010-11-25] (Sonic Solutions)
2 RoxWatch12; "C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-11-25] (Sonic Solutions)
3 SecureStorageService; "C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe" [1477632 2010-11-03] (Wave Systems Corp.)
2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [274514 2011-01-25] (IDT, Inc.)
4 tcsd_win32.exe; "C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe" [1629696 2010-07-13] ()
2 TdmService; "C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe" [2337136 2011-03-04] (Wave Systems Corp.)
2 wltrysvc; "C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE" "C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe" [5210112 2011-01-15] (Dell Inc.)
2 dcpsysmgrsvc; "c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe" [x]
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
2 O2SDIOAssist; c:\Windows\system32\srvany.exe [x]

========================== Drivers (Whitelisted) =============

3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [43888 2010-12-13] (ST Microelectronics)
3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18496 2011-01-15] (Broadcom Corporation)
3 Blfp; C:\Windows\System32\DRIVERS\basp.sys [88064 2010-09-03] (Broadcom Corporation)
3 cfwids; C:\Windows\System32\drivers\cfwids.sys [57600 2012-02-22] (McAfee, Inc.)
0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [64048 2011-04-11] (McAfee, Inc.)
3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121544 2012-02-22] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [180848 2012-02-22] (McAfee, Inc.)
3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [59456 2012-02-22] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [340920 2012-02-22] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [464304 2012-02-22] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [64912 2012-02-22] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [87656 2012-02-22] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [169608 2012-02-22] (McAfee, Inc.)
1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [54776 2010-04-13] (Mozy, Inc.)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
1 MpKslfac6e260; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AC41B74D-6790-46A7-833A-9D1FA91D0986}\MpKslfac6e260.sys [29904 2012-07-03] (Microsoft Corporation)
3 O2MDFRDR; C:\Windows\system32\DRIVERS\O2MDFw7.sys [60904 2011-01-04] (O2Micro )
3 O2MDRRDR; C:\Windows\System32\DRIVERS\O2MDRw7.sys [62440 2011-01-04] (O2Micro )
3 O2SDJRDR; C:\Windows\System32\DRIVERS\o2sdjw7.sys [63976 2011-03-23] (O2Micro )
0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
1 RapportCerberus_34302; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_34302.sys [228208 2012-06-19] ()
1 RapportEI; \??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [71480 2012-06-08] (Trusteer Ltd.)
3 RapportIaso; \??\c:\programdata\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys [21520 2012-06-14] (Trusteer Ltd.)
0 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [65720 2012-06-08] (Trusteer Ltd.)
1 RapportPG; \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [166840 2012-06-08] (Trusteer Ltd.)
0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17648 2010-08-20] (ST Microelectronics)
3 mfeavfk01; [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-05 17:47 - 2012-07-05 18:20 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pcmkbqkt.sys
2012-07-04 18:31 - 2012-07-04 18:31 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hndggena.sys
2012-07-04 18:02 - 2012-07-05 17:46 - 00000000 ____D C:\FRST
2012-07-04 17:37 - 2012-07-04 17:37 - 00000000 ____D C:\5a6cdeef52d7420137af08
2012-07-04 17:33 - 2012-07-04 17:33 - 00000000 ____D C:\961649abdcb119c8f46db4f351a23c
2012-07-04 06:01 - 2012-07-04 17:27 - 00000361 ____A C:\rkill.log
2012-07-04 05:55 - 2012-07-04 05:55 - 00043480 ____A C:\Windows\System32\Drivers\hotmiwwa.sys
2012-07-04 05:42 - 2012-07-04 05:42 - 01012656 ____A C:\Users\Candy\Downloads\Unconfirmed 42571.crdownload
2012-07-04 05:39 - 2012-07-04 05:39 - 00000000 ____A C:\Users\Candy\Downloads\3C0.tmp
2012-07-04 05:32 - 2012-07-04 05:32 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tsdzjzzd.sys
2012-07-03 20:35 - 2012-07-03 20:35 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-03 20:33 - 2012-07-03 20:34 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-03 20:32 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-07-03 20:14 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-03 20:14 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-03 20:14 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-03 20:14 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-03 20:14 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-03 20:14 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-03 20:14 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-03 20:14 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-03 20:14 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-03 20:14 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-03 20:14 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-03 20:14 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-03 20:14 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-03 20:14 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-03 20:13 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-07-03 20:13 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-07-03 20:13 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-07-03 20:10 - 2012-04-30 20:44 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-07-03 20:10 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-07-03 20:09 - 2012-05-14 17:05 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-03 20:09 - 2012-04-27 19:17 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-07-03 19:47 - 2012-07-03 19:47 - 00000000 ____D C:\Windows\System32\SPReview
2012-07-03 19:46 - 2012-07-03 19:46 - 00000000 ____D C:\Windows\System32\EventProviders
2012-07-03 19:42 - 2012-07-03 19:42 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-07-03 19:41 - 2012-07-03 19:41 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Candy\Downloads\tdsskiller.exe
2012-07-03 19:22 - 2012-07-03 19:22 - 00131072 ____A C:\Windows\Minidump\070312-16894-01.dmp
2012-07-03 19:20 - 2012-07-03 19:20 - 00141824 ____A C:\Windows\Minidump\070312-21559-01.dmp
2012-07-03 19:12 - 2012-07-03 19:12 - 00000000 ____D C:\Windows\pss
2012-07-03 18:59 - 2012-07-03 18:59 - 00131072 ____A C:\Windows\Minidump\070312-22339-01.dmp
2012-07-03 18:57 - 2012-07-03 18:57 - 00131072 ____A C:\Windows\Minidump\070312-24289-01.dmp
2012-07-03 18:53 - 2012-07-03 18:53 - 00131072 ____A C:\Windows\Minidump\070312-21325-01.dmp
2012-07-03 18:50 - 2012-07-03 18:51 - 00131072 ____A C:\Windows\Minidump\070312-21886-01.dmp
2012-07-03 18:48 - 2012-07-03 18:48 - 00131072 ____A C:\Windows\Minidump\070312-24632-01.dmp
2012-07-03 18:40 - 2012-07-03 18:42 - 00000000 ____D C:\Users\All Users\McAfee Anti-Theft
2012-07-03 18:39 - 2012-07-03 20:32 - 00001830 ____A C:\Users\Public\Desktop\McAfee Total Protection.lnk
2012-07-03 18:38 - 2012-07-05 17:46 - 00000000 __RSD C:\Users\Candy\Documents\McAfee Vaults
2012-07-03 18:38 - 2012-07-03 18:42 - 00000000 ____D C:\Users\Candy\AppData\Local\McAfee Anti-Theft
2012-07-03 18:38 - 2012-07-03 18:38 - 00000000 ____D C:\Program Files\McAfeeMOBK
2012-07-03 18:38 - 2012-07-03 18:38 - 00000000 ____D C:\Program Files\McAfee Online Backup
2012-07-03 18:38 - 2011-04-11 10:29 - 00064048 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\McPvDrv.sys
2012-07-03 18:38 - 2010-04-13 16:10 - 00054776 ____A (Mozy, Inc.) C:\Windows\System32\Drivers\MOBK.sys
2012-07-03 18:37 - 2012-07-03 18:47 - 00000000 ____D C:\Program Files\McAfee
2012-07-03 18:37 - 2012-07-03 18:38 - 00000000 ____D C:\Program Files\Common Files\Mcafee
2012-07-03 18:37 - 2012-07-03 18:37 - 00000000 ____D C:\Program Files\McAfee.com
2012-07-03 18:37 - 2012-02-22 09:29 - 00340920 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfefirek.sys
2012-07-03 18:37 - 2012-02-22 09:29 - 00180848 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeavfk.sys
2012-07-03 18:37 - 2012-02-22 09:29 - 00169608 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfewfpk.sys
2012-07-03 18:37 - 2012-02-22 09:29 - 00087656 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mferkdet.sys
2012-07-03 18:37 - 2012-02-22 09:29 - 00064912 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfenlfk.sys
2012-07-03 18:37 - 2012-02-22 09:29 - 00059456 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfebopk.sys
2012-07-03 18:37 - 2012-02-22 09:29 - 00057600 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\cfwids.sys
2012-07-03 18:37 - 2012-02-22 09:29 - 00009608 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeclnk.sys
2012-07-03 18:30 - 2012-07-03 19:06 - 00000000 ____D C:\Users\All Users\McAfee
2012-07-03 18:30 - 2012-07-03 18:30 - 04285248 ____A (McAfee, Inc.) C:\Users\Candy\Downloads\McAfeeSetup.exe
2012-07-03 18:30 - 2012-05-25 13:13 - 00151912 ____A (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
2012-07-02 19:10 - 2012-07-02 19:10 - 00131072 ____A C:\Windows\Minidump\070212-26161-01.dmp
2012-07-02 12:35 - 2012-07-02 12:35 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-02 12:28 - 2012-07-02 12:28 - 00000000 ____D C:\Windows\Sun
2012-07-02 05:24 - 2012-07-02 05:24 - 00131072 ____A C:\Windows\Minidump\070212-23400-01.dmp
2012-07-02 05:16 - 2012-07-02 05:16 - 00131072 ____A C:\Windows\Minidump\070212-28173-01.dmp
2012-07-01 15:01 - 2012-07-01 15:02 - 00131072 ____A C:\Windows\Minidump\070112-33119-01.dmp
2012-07-01 10:09 - 2012-07-01 10:09 - 00131072 ____A C:\Windows\Minidump\070112-37034-01.dmp
2012-06-29 18:19 - 2012-06-29 18:19 - 00131072 ____A C:\Windows\Minidump\062912-20155-01.dmp
2012-06-28 16:30 - 2012-06-28 16:30 - 00001230 ____A C:\Users\Candy\Desktop\Calculator.lnk
2012-06-27 18:50 - 2012-06-27 18:50 - 00005330 ____A C:\Users\Candy\Downloads\ItemSetupResults157.csv
2012-06-27 18:35 - 2012-06-27 18:35 - 00023040 ____A C:\Users\Candy\Downloads\NEW SKU DATA SHEET (1).xls
2012-06-27 18:34 - 2012-06-27 18:35 - 00023040 ____A C:\Users\Candy\Downloads\NEW SKU DATA SHEET.xls
2012-06-24 20:17 - 2012-06-24 20:17 - 00062622 ____A C:\Users\Candy\Downloads\Candy.com open bills report 2012 only.xlsx
2012-06-24 18:15 - 2012-06-24 18:15 - 00009349 ____A C:\Users\Candy\Downloads\InSight_Customized_View_Download_Tracking UJpdate (1).csv
2012-06-24 18:12 - 2012-06-24 18:12 - 00104901 ____A C:\Users\Candy\Downloads\InSight_Customized_View_Download_Tracking UJpdate.csv
2012-06-24 18:00 - 2012-06-24 18:00 - 00257826 ____A C:\Users\Candy\Downloads\InSight_Outbound_View_Download.csv
2012-06-24 18:00 - 2012-06-24 18:00 - 00257826 ____A C:\Users\Candy\Downloads\InSight_Outbound_View_Download (1).csv
2012-06-24 13:23 - 2012-06-03 19:35 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-24 13:17 - 2012-06-24 13:17 - 00131072 ____A C:\Windows\Minidump\062412-24336-01.dmp
2012-06-24 12:48 - 2012-06-24 12:48 - 00131072 ____A C:\Windows\Minidump\062412-29827-01.dmp
2012-06-23 14:38 - 2012-06-23 14:38 - 00131072 ____A C:\Windows\Minidump\062312-19749-01.dmp
2012-06-23 14:36 - 2012-06-23 14:36 - 00131072 ____A C:\Windows\Minidump\062312-27955-01.dmp
2012-06-23 12:26 - 2012-06-23 12:26 - 00131072 ____A C:\Windows\Minidump\062312-28220-01.dmp
2012-06-22 04:36 - 2012-06-22 04:36 - 00003202 ____A C:\Users\Candy\Downloads\CN_shipments_20120622.csv
2012-06-21 18:36 - 2012-06-21 18:36 - 00000284 ____A C:\Users\Candy\Downloads\fulfillment file template (1) (2).csv
2012-06-21 18:35 - 2012-06-21 18:36 - 00000284 ____A C:\Users\Candy\Downloads\fulfillment file template (1) (1).csv
2012-06-21 04:45 - 2012-06-21 04:45 - 00131072 ____A C:\Windows\Minidump\062112-21216-01.dmp
2012-06-20 19:54 - 2012-06-20 19:54 - 00001443 ____A C:\Users\Candy\Downloads\results (5).csv
2012-06-20 17:42 - 2012-06-20 18:25 - 00147396 ____A C:\Users\Candy\Desktop\CustomItemSearchResults973.csv
2012-06-20 17:42 - 2012-06-20 17:42 - 00970389 ____A C:\Users\Candy\Downloads\CustomItemSearchResults973.csv
2012-06-20 17:29 - 2012-06-20 17:29 - 00004618 ____A C:\Users\Candy\Desktop\Warehouse Record (2).csv
2012-06-20 16:59 - 2012-06-20 16:59 - 00000974 ____A C:\Users\Candy\Downloads\Warehouse Record (2).csv
2012-06-20 16:59 - 2012-06-20 16:59 - 00000974 ____A C:\Users\Candy\Downloads\Warehouse Record (1).csv
2012-06-20 16:58 - 2012-06-20 16:58 - 00000974 ____A C:\Users\Candy\Downloads\Warehouse Record.csv
2012-06-20 16:52 - 2012-06-20 16:52 - 00935740 ____A C:\Users\Candy\Downloads\candy.com-Site-findings.xlsx
2012-06-20 15:56 - 2012-06-20 15:56 - 00131072 ____A C:\Windows\Minidump\062012-24414-01.dmp
2012-06-19 21:07 - 2012-06-19 21:07 - 00004886 ____A C:\Users\Candy\Downloads\WarehouseSettingsList822.csv
2012-06-19 18:15 - 2012-06-19 18:15 - 00079677 ____A C:\Users\Candy\Downloads\G061912.xml
2012-06-19 18:14 - 2012-06-19 18:14 - 00114857 ____A C:\Users\Candy\Downloads\Garvey618.xml
2012-06-19 18:14 - 2012-06-19 18:14 - 00045836 ____A C:\Users\Candy\Downloads\Garvey615.xml
2012-06-19 18:14 - 2012-06-19 18:14 - 00016689 ____A C:\Users\Candy\Downloads\garvey615.CSV
2012-06-19 14:26 - 2012-06-19 14:26 - 00000000 ____D C:\Users\Default\AppData\Local\Trusteer
2012-06-19 14:26 - 2012-06-19 14:26 - 00000000 ____D C:\Users\Default User\AppData\Local\Trusteer
2012-06-19 14:21 - 2012-06-19 14:21 - 00131072 ____A C:\Windows\Minidump\061912-23540-01.dmp
2012-06-17 06:29 - 2012-06-17 06:29 - 00007446 ____A C:\Users\Candy\Downloads\Candy_SO_UE_V1.js
2012-06-16 06:01 - 2012-06-16 06:01 - 00000240 ____A C:\Users\Candy\Desktop\Journal_Entry_Template.csv
2012-06-16 05:59 - 2012-06-16 05:59 - 00004908 ____A C:\Users\Candy\Downloads\Journal_Entry_Template.csv
2012-06-16 05:44 - 2012-06-16 05:44 - 00000709 ____A C:\Users\Candy\Downloads\Journal_Template.csv
2012-06-15 18:08 - 2012-06-15 18:08 - 00012106 ____A C:\Users\Candy\Desktop\HC Flavor Selection 2013.xlsx
2012-06-15 18:06 - 2012-06-15 18:06 - 00011513 ____A C:\Users\Candy\Downloads\HC Flavor Selection 2013.xlsx
2012-06-15 14:57 - 2012-06-15 14:57 - 00131072 ____A C:\Windows\Minidump\061512-19468-01.dmp
2012-06-14 21:11 - 2012-06-14 21:11 - 00001189 ____A C:\Users\Candy\Downloads\3PLFile.CSV
2012-06-14 21:09 - 2012-06-14 21:09 - 00001275 ____A C:\Users\Candy\Downloads\TestFile.CSV
2012-06-14 21:08 - 2012-06-14 21:08 - 00000284 ____A C:\Users\Candy\Downloads\fulfillment file template (1).csv
2012-06-14 20:09 - 2012-06-14 20:09 - 00000140 ____A C:\Users\Candy\Downloads\results (4).csv
2012-06-14 20:07 - 2012-06-14 20:07 - 00000140 ____A C:\Users\Candy\Downloads\results (3).csv
2012-06-14 20:07 - 2012-06-14 20:07 - 00000098 ____A C:\Users\Candy\Desktop\westerros.csv
2012-06-14 20:06 - 2012-06-14 20:06 - 00000117 ____A C:\Users\Candy\Downloads\results (2).csv
2012-06-14 20:01 - 2012-06-14 20:04 - 00000432 ____A C:\Users\Candy\Desktop\EastErrors614.csv
2012-06-14 19:54 - 2012-06-14 19:54 - 00000823 ____A C:\Users\Candy\Downloads\results (1).csv
2012-06-14 19:49 - 2012-06-14 19:49 - 00000140 ____A C:\Users\Candy\Downloads\results.csv
2012-06-14 19:29 - 2012-06-14 19:30 - 00061911 ____A C:\Users\Candy\Desktop\WestInventoryJune14.csv
2012-06-14 18:03 - 2012-06-14 18:05 - 00021593 ____A C:\Users\Candy\Desktop\EastInventoryJune14.csv
2012-06-14 17:29 - 2012-06-14 17:29 - 00147968 ____A C:\Users\Candy\Downloads\Daily Candy Inventory Report (1).xls
2012-06-14 17:26 - 2012-06-14 17:26 - 00147968 ____A C:\Users\Candy\Downloads\Daily Candy Inventory Report.xls
2012-06-14 17:25 - 2012-06-14 17:25 - 00081163 ____A C:\Users\Candy\Downloads\CN_inventory_20120614.csv
2012-06-14 17:14 - 2012-06-14 17:14 - 00131072 ____A C:\Windows\Minidump\061412-20716-01.dmp
2012-06-14 16:02 - 2012-06-14 16:02 - 00131072 ____A C:\Windows\Minidump\061412-16941-01.dmp
2012-06-14 03:05 - 2012-06-14 03:05 - 00000000 ____D C:\Users\Candy\AppData\Local\Trusteer
2012-06-14 03:05 - 2012-06-14 03:05 - 00000000 ____D C:\Program Files\Trusteer
2012-06-14 03:04 - 2012-06-14 03:04 - 00000000 ____D C:\Users\All Users\Trusteer
2012-06-14 03:03 - 2012-06-14 03:03 - 00239448 ____A (Trusteer Ltd.) C:\Users\Candy\Downloads\RapportSetup.exe
2012-06-13 17:12 - 2012-06-13 17:12 - 00065621 ____A C:\Users\Candy\Desktop\BP2012Finial.xlsx
2012-06-13 17:05 - 2012-06-13 17:05 - 00065627 ____A C:\Users\Candy\Downloads\BP2012 (3) Revised (2).xlsx
2012-06-13 17:05 - 2012-06-13 17:05 - 00065627 ____A C:\Users\Candy\Downloads\BP2012 (3) Revised (1).xlsx
2012-06-13 17:00 - 2012-06-13 17:00 - 01646387 ____A C:\Users\Candy\Downloads\Candy eCommerce Program Outline - Blank.pptx
2012-06-13 16:50 - 2012-06-13 16:50 - 00065586 ____A C:\Users\Candy\Downloads\BP2012 (3) Revised.xlsx
2012-06-13 14:17 - 2012-06-13 14:17 - 00131072 ____A C:\Windows\Minidump\061312-18096-01.dmp
2012-06-12 18:51 - 2012-06-12 18:51 - 00001274 ____A C:\Users\Candy\Downloads\Bills_WestInventory1_06_12_errors.csv
2012-06-12 18:28 - 2012-06-12 18:28 - 00131072 ____A C:\Windows\Minidump\061212-37674-01.dmp
2012-06-12 14:56 - 2012-06-12 14:56 - 00131072 ____A C:\Windows\Minidump\061212-23072-01.dmp
2012-06-12 12:32 - 2012-06-12 12:32 - 00131072 ____A C:\Windows\Minidump\061212-23509-01.dmp
2012-06-11 17:10 - 2012-06-11 17:10 - 00010919 ____A C:\Users\Candy\Downloads\report_6-11-2012_91018.csv
2012-06-11 16:43 - 2012-06-11 16:43 - 00131072 ____A C:\Windows\Minidump\061112-23025-01.dmp
2012-06-11 16:40 - 2012-06-11 16:40 - 00131072 ____A C:\Windows\Minidump\061112-22510-01.dmp
2012-06-10 12:36 - 2012-07-03 19:22 - 288597696 ____A C:\Windows\MEMORY.DMP
2012-06-10 12:36 - 2012-07-03 19:22 - 00000000 ____D C:\Windows\Minidump
2012-06-10 12:36 - 2012-06-10 12:36 - 00131072 ____A C:\Windows\Minidump\061012-25272-01.dmp
2012-06-10 11:41 - 2012-06-10 11:41 - 00021063 ____A C:\Users\Candy\Downloads\Candy.com Trial Balance.xlsx
2012-06-08 19:04 - 2012-06-08 19:04 - 14952119 ____A C:\Users\Candy\Downloads\portfolio.zip
2012-06-08 17:42 - 2012-06-08 17:42 - 00065720 ____A (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKELL.sys
2012-06-08 15:17 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-08 15:17 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-08 15:17 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-08 15:17 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-08 15:17 - 2012-06-02 11:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-08 15:17 - 2012-06-02 11:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-07 16:45 - 2012-06-07 16:45 - 00000301 ____A C:\Users\Candy\Downloads\fulfillment file template.csv
2012-06-07 04:11 - 2012-06-07 04:11 - 00016738 ____A C:\Users\Candy\Downloads\DropShipPurchaseOrderResults584.csv
2012-06-06 18:18 - 2012-06-06 18:18 - 00001163 ____A C:\Users\Candy\Downloads\06-06-2012 0914.CSV
2012-06-05 18:37 - 2012-06-05 18:37 - 00077238 ____A C:\Users\Candy\Downloads\CN_inventory_20120605.csv
2012-06-05 05:14 - 2012-06-05 05:14 - 00028986 ____A C:\Users\Candy\Downloads\searchresults.xls


============ 3 Months Modified Files ========================

2012-07-05 18:28 - 2012-07-05 18:28 - 00043480 ____A C:\Windows\System32\Drivers\vvwvglft.sys
2012-07-05 18:27 - 2011-06-08 00:08 - 00026986 ____A C:\Windows\PFRO.log
2012-07-05 18:20 - 2012-07-05 17:47 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pcmkbqkt.sys
2012-07-05 17:46 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-05 17:46 - 2009-07-13 20:39 - 00033707 ____A C:\Windows\setupact.log
2012-07-04 18:31 - 2012-07-04 18:31 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hndggena.sys
2012-07-04 18:24 - 2011-06-23 16:52 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-694695831-314743353-759112457-1000UA.job
2012-07-04 18:24 - 2011-06-23 16:52 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-694695831-314743353-759112457-1000Core.job
2012-07-04 17:27 - 2012-07-04 06:01 - 00000361 ____A C:\rkill.log
2012-07-04 06:02 - 2011-06-07 22:25 - 00729688 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-04 05:55 - 2012-07-04 05:55 - 00043480 ____A C:\Windows\System32\Drivers\hotmiwwa.sys
2012-07-04 05:42 - 2012-07-04 05:42 - 01012656 ____A C:\Users\Candy\Downloads\Unconfirmed 42571.crdownload
2012-07-04 05:39 - 2012-07-04 05:39 - 00000000 ____A C:\Users\Candy\Downloads\3C0.tmp
2012-07-04 05:32 - 2012-07-04 05:32 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tsdzjzzd.sys
2012-07-03 21:31 - 2009-07-13 20:55 - 02021214 ____A C:\Windows\WindowsUpdate.log
2012-07-03 21:18 - 2009-07-13 20:53 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-03 21:09 - 2009-07-13 15:11 - 00259072 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-03 20:35 - 2012-07-03 20:35 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-03 20:32 - 2012-07-03 18:39 - 00001830 ____A C:\Users\Public\Desktop\McAfee Total Protection.lnk
2012-07-03 20:32 - 2009-07-13 20:34 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-03 20:32 - 2009-07-13 20:34 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-03 20:28 - 2009-07-13 20:33 - 01732568 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-03 19:55 - 2009-07-13 18:05 - 00152576 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2012-07-03 19:41 - 2012-07-03 19:41 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Candy\Downloads\tdsskiller.exe
2012-07-03 19:22 - 2012-07-03 19:22 - 00131072 ____A C:\Windows\Minidump\070312-16894-01.dmp
2012-07-03 19:22 - 2012-06-10 12:36 - 288597696 ____A C:\Windows\MEMORY.DMP
2012-07-03 19:20 - 2012-07-03 19:20 - 00141824 ____A C:\Windows\Minidump\070312-21559-01.dmp
2012-07-03 18:59 - 2012-07-03 18:59 - 00131072 ____A C:\Windows\Minidump\070312-22339-01.dmp
2012-07-03 18:57 - 2012-07-03 18:57 - 00131072 ____A C:\Windows\Minidump\070312-24289-01.dmp
2012-07-03 18:53 - 2012-07-03 18:53 - 00131072 ____A C:\Windows\Minidump\070312-21325-01.dmp
2012-07-03 18:51 - 2012-07-03 18:50 - 00131072 ____A C:\Windows\Minidump\070312-21886-01.dmp
2012-07-03 18:48 - 2012-07-03 18:48 - 00131072 ____A C:\Windows\Minidump\070312-24632-01.dmp
2012-07-03 18:30 - 2012-07-03 18:30 - 04285248 ____A (McAfee, Inc.) C:\Users\Candy\Downloads\McAfeeSetup.exe
2012-07-03 15:41 - 2011-06-07 22:39 - 00000390 _RASH C:\Users\All Users\ntuser.pol
2012-07-02 19:10 - 2012-07-02 19:10 - 00131072 ____A C:\Windows\Minidump\070212-26161-01.dmp
2012-07-02 05:24 - 2012-07-02 05:24 - 00131072 ____A C:\Windows\Minidump\070212-23400-01.dmp
2012-07-02 05:16 - 2012-07-02 05:16 - 00131072 ____A C:\Windows\Minidump\070212-28173-01.dmp
2012-07-01 15:02 - 2012-07-01 15:01 - 00131072 ____A C:\Windows\Minidump\070112-33119-01.dmp
2012-07-01 10:09 - 2012-07-01 10:09 - 00131072 ____A C:\Windows\Minidump\070112-37034-01.dmp
2012-06-29 18:19 - 2012-06-29 18:19 - 00131072 ____A C:\Windows\Minidump\062912-20155-01.dmp
2012-06-28 16:30 - 2012-06-28 16:30 - 00001230 ____A C:\Users\Candy\Desktop\Calculator.lnk
2012-06-27 18:50 - 2012-06-27 18:50 - 00005330 ____A C:\Users\Candy\Downloads\ItemSetupResults157.csv
2012-06-27 18:35 - 2012-06-27 18:35 - 00023040 ____A C:\Users\Candy\Downloads\NEW SKU DATA SHEET (1).xls
2012-06-27 18:35 - 2012-06-27 18:34 - 00023040 ____A C:\Users\Candy\Downloads\NEW SKU DATA SHEET.xls
2012-06-24 20:17 - 2012-06-24 20:17 - 00062622 ____A C:\Users\Candy\Downloads\Candy.com open bills report 2012 only.xlsx
2012-06-24 18:15 - 2012-06-24 18:15 - 00009349 ____A C:\Users\Candy\Downloads\InSight_Customized_View_Download_Tracking UJpdate (1).csv
2012-06-24 18:12 - 2012-06-24 18:12 - 00104901 ____A C:\Users\Candy\Downloads\InSight_Customized_View_Download_Tracking UJpdate.csv
2012-06-24 18:00 - 2012-06-24 18:00 - 00257826 ____A C:\Users\Candy\Downloads\InSight_Outbound_View_Download.csv
2012-06-24 18:00 - 2012-06-24 18:00 - 00257826 ____A C:\Users\Candy\Downloads\InSight_Outbound_View_Download (1).csv
2012-06-24 13:17 - 2012-06-24 13:17 - 00131072 ____A C:\Windows\Minidump\062412-24336-01.dmp
2012-06-24 12:48 - 2012-06-24 12:48 - 00131072 ____A C:\Windows\Minidump\062412-29827-01.dmp
2012-06-23 14:38 - 2012-06-23 14:38 - 00131072 ____A C:\Windows\Minidump\062312-19749-01.dmp
2012-06-23 14:36 - 2012-06-23 14:36 - 00131072 ____A C:\Windows\Minidump\062312-27955-01.dmp
2012-06-23 12:26 - 2012-06-23 12:26 - 00131072 ____A C:\Windows\Minidump\062312-28220-01.dmp
2012-06-22 04:36 - 2012-06-22 04:36 - 00003202 ____A C:\Users\Candy\Downloads\CN_shipments_20120622.csv
2012-06-21 18:36 - 2012-06-21 18:36 - 00000284 ____A C:\Users\Candy\Downloads\fulfillment file template (1) (2).csv
2012-06-21 18:36 - 2012-06-21 18:35 - 00000284 ____A C:\Users\Candy\Downloads\fulfillment file template (1) (1).csv
2012-06-21 04:45 - 2012-06-21 04:45 - 00131072 ____A C:\Windows\Minidump\062112-21216-01.dmp
2012-06-20 19:54 - 2012-06-20 19:54 - 00001443 ____A C:\Users\Candy\Downloads\results (5).csv
2012-06-20 18:25 - 2012-06-20 17:42 - 00147396 ____A C:\Users\Candy\Desktop\CustomItemSearchResults973.csv
2012-06-20 17:42 - 2012-06-20 17:42 - 00970389 ____A C:\Users\Candy\Downloads\CustomItemSearchResults973.csv
2012-06-20 17:29 - 2012-06-20 17:29 - 00004618 ____A C:\Users\Candy\Desktop\Warehouse Record (2).csv
2012-06-20 16:59 - 2012-06-20 16:59 - 00000974 ____A C:\Users\Candy\Downloads\Warehouse Record (2).csv
2012-06-20 16:59 - 2012-06-20 16:59 - 00000974 ____A C:\Users\Candy\Downloads\Warehouse Record (1).csv
2012-06-20 16:58 - 2012-06-20 16:58 - 00000974 ____A C:\Users\Candy\Downloads\Warehouse Record.csv
2012-06-20 16:52 - 2012-06-20 16:52 - 00935740 ____A C:\Users\Candy\Downloads\candy.com-Site-findings.xlsx
2012-06-20 15:56 - 2012-06-20 15:56 - 00131072 ____A C:\Windows\Minidump\062012-24414-01.dmp
2012-06-19 21:07 - 2012-06-19 21:07 - 00004886 ____A C:\Users\Candy\Downloads\WarehouseSettingsList822.csv
2012-06-19 18:15 - 2012-06-19 18:15 - 00079677 ____A C:\Users\Candy\Downloads\G061912.xml
2012-06-19 18:14 - 2012-06-19 18:14 - 00114857 ____A C:\Users\Candy\Downloads\Garvey618.xml
2012-06-19 18:14 - 2012-06-19 18:14 - 00045836 ____A C:\Users\Candy\Downloads\Garvey615.xml
2012-06-19 18:14 - 2012-06-19 18:14 - 00016689 ____A C:\Users\Candy\Downloads\garvey615.CSV
2012-06-19 14:21 - 2012-06-19 14:21 - 00131072 ____A C:\Windows\Minidump\061912-23540-01.dmp
2012-06-17 06:29 - 2012-06-17 06:29 - 00007446 ____A C:\Users\Candy\Downloads\Candy_SO_UE_V1.js
2012-06-16 06:01 - 2012-06-16 06:01 - 00000240 ____A C:\Users\Candy\Desktop\Journal_Entry_Template.csv
2012-06-16 05:59 - 2012-06-16 05:59 - 00004908 ____A C:\Users\Candy\Downloads\Journal_Entry_Template.csv
2012-06-16 05:44 - 2012-06-16 05:44 - 00000709 ____A C:\Users\Candy\Downloads\Journal_Template.csv
2012-06-15 18:08 - 2012-06-15 18:08 - 00012106 ____A C:\Users\Candy\Desktop\HC Flavor Selection 2013.xlsx
2012-06-15 18:06 - 2012-06-15 18:06 - 00011513 ____A C:\Users\Candy\Downloads\HC Flavor Selection 2013.xlsx
2012-06-15 14:57 - 2012-06-15 14:57 - 00131072 ____A C:\Windows\Minidump\061512-19468-01.dmp
2012-06-14 21:11 - 2012-06-14 21:11 - 00001189 ____A C:\Users\Candy\Downloads\3PLFile.CSV
2012-06-14 21:09 - 2012-06-14 21:09 - 00001275 ____A C:\Users\Candy\Downloads\TestFile.CSV
2012-06-14 21:08 - 2012-06-14 21:08 - 00000284 ____A C:\Users\Candy\Downloads\fulfillment file template (1).csv
2012-06-14 20:09 - 2012-06-14 20:09 - 00000140 ____A C:\Users\Candy\Downloads\results (4).csv
2012-06-14 20:07 - 2012-06-14 20:07 - 00000140 ____A C:\Users\Candy\Downloads\results (3).csv
2012-06-14 20:07 - 2012-06-14 20:07 - 00000098 ____A C:\Users\Candy\Desktop\westerros.csv
2012-06-14 20:06 - 2012-06-14 20:06 - 00000117 ____A C:\Users\Candy\Downloads\results (2).csv
2012-06-14 20:04 - 2012-06-14 20:01 - 00000432 ____A C:\Users\Candy\Desktop\EastErrors614.csv
2012-06-14 19:54 - 2012-06-14 19:54 - 00000823 ____A C:\Users\Candy\Downloads\results (1).csv
2012-06-14 19:49 - 2012-06-14 19:49 - 00000140 ____A C:\Users\Candy\Downloads\results.csv
2012-06-14 19:30 - 2012-06-14 19:29 - 00061911 ____A C:\Users\Candy\Desktop\WestInventoryJune14.csv
2012-06-14 18:05 - 2012-06-14 18:03 - 00021593 ____A C:\Users\Candy\Desktop\EastInventoryJune14.csv
2012-06-14 17:29 - 2012-06-14 17:29 - 00147968 ____A C:\Users\Candy\Downloads\Daily Candy Inventory Report (1).xls
2012-06-14 17:26 - 2012-06-14 17:26 - 00147968 ____A C:\Users\Candy\Downloads\Daily Candy Inventory Report.xls
2012-06-14 17:25 - 2012-06-14 17:25 - 00081163 ____A C:\Users\Candy\Downloads\CN_inventory_20120614.csv
2012-06-14 17:14 - 2012-06-14 17:14 - 00131072 ____A C:\Windows\Minidump\061412-20716-01.dmp
2012-06-14 16:02 - 2012-06-14 16:02 - 00131072 ____A C:\Windows\Minidump\061412-16941-01.dmp
2012-06-14 03:03 - 2012-06-14 03:03 - 00239448 ____A (Trusteer Ltd.) C:\Users\Candy\Downloads\RapportSetup.exe
2012-06-13 17:12 - 2012-06-13 17:12 - 00065621 ____A C:\Users\Candy\Desktop\BP2012Finial.xlsx
2012-06-13 17:05 - 2012-06-13 17:05 - 00065627 ____A C:\Users\Candy\Downloads\BP2012 (3) Revised (2).xlsx
2012-06-13 17:05 - 2012-06-13 17:05 - 00065627 ____A C:\Users\Candy\Downloads\BP2012 (3) Revised (1).xlsx
2012-06-13 17:00 - 2012-06-13 17:00 - 01646387 ____A C:\Users\Candy\Downloads\Candy eCommerce Program Outline - Blank.pptx
2012-06-13 16:50 - 2012-06-13 16:50 - 00065586 ____A C:\Users\Candy\Downloads\BP2012 (3) Revised.xlsx
2012-06-13 14:17 - 2012-06-13 14:17 - 00131072 ____A C:\Windows\Minidump\061312-18096-01.dmp
2012-06-12 18:51 - 2012-06-12 18:51 - 00001274 ____A C:\Users\Candy\Downloads\Bills_WestInventory1_06_12_errors.csv
2012-06-12 18:28 - 2012-06-12 18:28 - 00131072 ____A C:\Windows\Minidump\061212-37674-01.dmp
2012-06-12 14:56 - 2012-06-12 14:56 - 00131072 ____A C:\Windows\Minidump\061212-23072-01.dmp
2012-06-12 12:32 - 2012-06-12 12:32 - 00131072 ____A C:\Windows\Minidump\061212-23509-01.dmp
2012-06-11 17:10 - 2012-06-11 17:10 - 00010919 ____A C:\Users\Candy\Downloads\report_6-11-2012_91018.csv
2012-06-11 16:43 - 2012-06-11 16:43 - 00131072 ____A C:\Windows\Minidump\061112-23025-01.dmp
2012-06-11 16:40 - 2012-06-11 16:40 - 00131072 ____A C:\Windows\Minidump\061112-22510-01.dmp
2012-06-10 12:36 - 2012-06-10 12:36 - 00131072 ____A C:\Windows\Minidump\061012-25272-01.dmp
2012-06-10 11:41 - 2012-06-10 11:41 - 00021063 ____A C:\Users\Candy\Downloads\Candy.com Trial Balance.xlsx
2012-06-08 19:04 - 2012-06-08 19:04 - 14952119 ____A C:\Users\Candy\Downloads\portfolio.zip
2012-06-08 17:42 - 2012-06-08 17:42 - 00065720 ____A (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKELL.sys
2012-06-07 16:45 - 2012-06-07 16:45 - 00000301 ____A C:\Users\Candy\Downloads\fulfillment file template.csv
2012-06-07 04:11 - 2012-06-07 04:11 - 00016738 ____A C:\Users\Candy\Downloads\DropShipPurchaseOrderResults584.csv
2012-06-06 18:18 - 2012-06-06 18:18 - 00001163 ____A C:\Users\Candy\Downloads\06-06-2012 0914.CSV
2012-06-05 18:37 - 2012-06-05 18:37 - 00077238 ____A C:\Users\Candy\Downloads\CN_inventory_20120605.csv
2012-06-05 05:14 - 2012-06-05 05:14 - 00028986 ____A C:\Users\Candy\Downloads\searchresults.xls
2012-06-03 19:35 - 2012-06-24 13:23 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-02 14:19 - 2012-06-08 15:17 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-08 15:17 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-08 15:17 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:12 - 2012-06-08 15:17 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 11:19 - 2012-06-08 15:17 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:12 - 2012-06-08 15:17 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-31 17:41 - 2012-05-31 17:41 - 00002233 ____A C:\Users\Candy\Downloads\2012-05-31T21-37-30.csv
2012-05-31 17:00 - 2012-05-31 17:00 - 00014536 ____A C:\Users\Candy\Downloads\Checkmates Order 5-10-12.xlsx
2012-05-30 18:05 - 2012-05-30 18:05 - 00014906 ____A C:\Users\Candy\Downloads\Hershey Order 5-23-12.xlsx
2012-05-25 13:13 - 2012-07-03 18:30 - 00151912 ____A (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
2012-05-17 19:44 - 2012-05-17 19:44 - 00302560 ____A C:\Users\Candy\Downloads\M5Scribe.wav
2012-05-17 15:11 - 2012-07-03 20:14 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 14:48 - 2012-07-03 20:14 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 14:45 - 2012-07-03 20:14 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 14:36 - 2012-07-03 20:14 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 14:35 - 2012-07-03 20:14 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 14:35 - 2012-07-03 20:14 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 14:33 - 2012-07-03 20:14 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 14:31 - 2012-07-03 20:14 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 14:29 - 2012-07-03 20:14 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 14:29 - 2012-07-03 20:14 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 14:27 - 2012-07-03 20:14 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 14:25 - 2012-07-03 20:14 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 14:24 - 2012-07-03 20:14 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 14:20 - 2012-07-03 20:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-16 18:04 - 2012-05-16 18:04 - 05747998 ____A C:\Users\Candy\Downloads\Orders_5-16-2012_100317.csv
2012-05-16 18:04 - 2012-05-16 18:04 - 00423501 ____A C:\Users\Candy\Downloads\report_5-16-2012_100341 (1).csv
2012-05-16 18:03 - 2012-05-16 18:03 - 00423501 ____A C:\Users\Candy\Downloads\report_5-16-2012_100341.csv
2012-05-16 17:52 - 2012-05-16 17:52 - 00423501 ____A C:\Users\Candy\Downloads\report_5-16-2012_95226.csv
2012-05-14 17:05 - 2012-07-03 20:09 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-12 19:01 - 2012-05-12 19:01 - 00118433 ____A C:\Users\Candy\Downloads\Vistar_ItemSearchByClass.csv
2012-05-04 01:59 - 2012-07-03 20:32 - 00514560 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-04-30 20:44 - 2012-07-03 20:10 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-29 06:16 - 2012-04-29 06:16 - 00030446 ____A C:\Users\Candy\Downloads\Analytics www.candy.com Organic Search Traffic 20110329-20120428 (3).csv
2012-04-29 06:15 - 2012-04-29 06:15 - 00007046 ____A C:\Users\Candy\Downloads\Analytics www.candy.com Organic Search Traffic 20110329-20120428 (2).csv
2012-04-29 06:15 - 2012-04-29 06:15 - 00007046 ____A C:\Users\Candy\Downloads\Analytics www.candy.com Organic Search Traffic 20110329-20120428 (1).csv
2012-04-29 06:13 - 2012-04-29 06:13 - 00029951 ____A C:\Users\Candy\Downloads\Analytics www.candy.com Paid Search Traffic 20110329-20120428.csv
2012-04-29 06:13 - 2012-04-29 06:13 - 00029951 ____A C:\Users\Candy\Downloads\Analytics www.candy.com Paid Search Traffic 20110329-20120428 (1).csv
2012-04-29 06:11 - 2012-04-29 06:11 - 00014524 ____A C:\Users\Candy\Downloads\Analytics www.candy.com Organic Search Traffic 20110329-20120428.csv
2012-04-29 06:10 - 2012-04-29 06:10 - 00029046 ____A C:\Users\Candy\Downloads\Analytics www.candy.com Organic Search Traffic 20110329-20120428.tsv
2012-04-27 19:17 - 2012-07-03 20:09 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-23 20:36 - 2012-07-03 20:13 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 20:36 - 2012-07-03 20:13 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 20:36 - 2012-07-03 20:13 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-22 18:17 - 2012-04-22 18:17 - 00004136 ____A C:\Users\Candy\Downloads\report_4-22-2012_101741.csv
2012-04-18 18:37 - 2012-04-18 18:37 - 22743709 ____A C:\Users\Candy\Downloads\Products_4-18-2012_42115.csv
2012-04-18 17:57 - 2012-04-18 17:57 - 00119643 ____A C:\Users\Candy\Downloads\candy-Orders-2012-04-18 18 04 45.csv
2012-04-12 18:13 - 2012-04-12 18:13 - 00001534 ____A C:\user.js
2012-04-12 18:12 - 2012-04-12 18:12 - 00643680 ____A (OptimumInstaller) C:\Users\Candy\Downloads\Xvid_130_RC1_02012011_Setup.exe
2012-04-07 03:26 - 2012-07-03 20:10 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll

ZeroAccess:
C:\Windows\Installer\{eaa6061f-6a3e-e80d-7052-d2fcda147dae}
C:\Windows\Installer\{eaa6061f-6a3e-e80d-7052-d2fcda147dae}\@
C:\Windows\Installer\{eaa6061f-6a3e-e80d-7052-d2fcda147dae}\L
C:\Windows\Installer\{eaa6061f-6a3e-e80d-7052-d2fcda147dae}\n
C:\Windows\Installer\{eaa6061f-6a3e-e80d-7052-d2fcda147dae}\U
C:\Windows\Installer\{eaa6061f-6a3e-e80d-7052-d2fcda147dae}\L\00000004.@
C:\Windows\Installer\{eaa6061f-6a3e-e80d-7052-d2fcda147dae}\L\201d3dde
C:\Windows\Installer\{eaa6061f-6a3e-e80d-7052-d2fcda147dae}\L\55490ac4
C:\Windows\Installer\{eaa6061f-6a3e-e80d-7052-d2fcda147dae}\U\00000004.@
C:\Windows\Installer\{eaa6061f-6a3e-e80d-7052-d2fcda147dae}\U\000000cb.@
C:\Windows\Installer\{eaa6061f-6a3e-e80d-7052-d2fcda147dae}\U\80000000.@
C:\Windows\Installer\{eaa6061f-6a3e-e80d-7052-d2fcda147dae}\U\80000032.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 12%
Total physical RAM: 3992.93 MB
Available physical RAM: 3484.68 MB
Total Pagefile: 3991.21 MB
Available Pagefile: 3493.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1977.62 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:297.32 GB) (Free:260.49 GB) NTFS
3 Drive f: (BMW WELCOME) (Removable) (Total:1.87 GB) (Free:1.21 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (RECOVERY) (Fixed) (Total:0.73 GB) (Free:0.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 1911 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 752 MB 40 MB
Partition 3 Primary 297 GB 792 MB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 752 MB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 297 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1919 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F BMW WELCOME FAT Removable 1919 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-05-22 14:16

======================= End Of Log ==========================

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:38 AM

Posted 05 July 2012 - 09:59 PM

Greetings

yes that is the report I need to see

Ok lets see if we can find a replacement for the infected file

In Vista or Windows 7: Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gbalestr

gbalestr
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 05 July 2012 - 10:08 PM

Here you go.

Farbar Recovery Scan Tool Version: 06-07-2012
Ran by SYSTEM at 2012-07-05 23:03:36
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2012-07-03 21:09] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

=== End Of Search ===

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:38 AM

Posted 05 July 2012 - 10:34 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe C:\Windows\System32\services.exe
C:\Windows\Installer\{eaa6061f-6a3e-e80d-7052-d2fcda147dae}


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gbalestr

gbalestr
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 05 July 2012 - 10:40 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 06-07-2012
Ran by SYSTEM at 2012-07-05 23:39:59 Run:2
Running from F:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\Installer\{eaa6061f-6a3e-e80d-7052-d2fcda147dae} moved successfully.

==== End of Fixlog ====

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:38 AM

Posted 05 July 2012 - 10:46 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gbalestr

gbalestr
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 05 July 2012 - 11:14 PM

The computer seems to be running much better now.

Here is the results of the scan.



ComboFix 12-07-05.04 - Candy 07/05/2012 23:53:25.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3241.1878 [GMT -4:00]
Running from: c:\users\Candy\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\PrivacySafeGuard\PrIVacysafeguard.dllA
c:\users\Candy\Documents\~WRL0005.tmp
c:\users\Candy\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-06 to 2012-07-06 )))))))))))))))))))))))))))))))
.
.
2012-07-06 02:28 . 2012-07-06 02:28 43480 ----a-w- c:\windows\system32\drivers\vvwvglft.sys
2012-07-06 01:47 . 2012-07-06 02:20 43480 ----a-w- c:\windows\system32\drivers\pcmkbqkt.sys
2012-07-05 02:31 . 2012-07-05 02:31 43480 ----a-w- c:\windows\system32\drivers\hndggena.sys
2012-07-05 02:02 . 2012-07-06 01:46 -------- d-----w- C:\FRST
2012-07-05 01:37 . 2012-07-05 01:37 -------- d-----w- C:\5a6cdeef52d7420137af08
2012-07-05 01:33 . 2012-07-05 01:33 -------- d-----w- C:\961649abdcb119c8f46db4f351a23c
2012-07-04 13:55 . 2012-07-04 13:55 43480 ----a-w- c:\windows\system32\drivers\hotmiwwa.sys
2012-07-04 13:32 . 2012-07-04 13:32 43480 ----a-w- c:\windows\system32\drivers\tsdzjzzd.sys
2012-07-04 05:15 . 2012-07-06 04:04 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AC41B74D-6790-46A7-833A-9D1FA91D0986}\offreg.dll
2012-07-04 05:10 . 2012-07-04 05:11 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AC41B74D-6790-46A7-833A-9D1FA91D0986}\MpKslfac6e260.sys
2012-07-04 04:37 . 2012-07-04 04:37 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6256DEB7-FCDE-467B-969E-0393D35620C7}\gapaengine.dll
2012-07-04 04:37 . 2012-05-31 00:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AC41B74D-6790-46A7-833A-9D1FA91D0986}\mpengine.dll
2012-07-04 04:33 . 2012-07-04 04:34 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-04 04:32 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-07-04 04:13 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-07-04 04:13 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-07-04 04:13 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-07-04 04:10 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-07-04 04:10 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-07-04 04:09 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-04 04:09 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 03:47 . 2012-07-04 03:47 -------- d-----w- c:\windows\system32\SPReview
2012-07-04 03:46 . 2012-07-04 03:46 -------- d-----w- c:\windows\system32\EventProviders
2012-07-04 03:42 . 2012-07-04 03:42 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-04 02:40 . 2012-07-04 02:42 -------- d-----w- c:\programdata\McAfee Anti-Theft
2012-07-04 02:37 . 2012-07-06 03:50 -------- d-----w- c:\program files\McAfee
2012-07-04 02:30 . 2012-05-25 21:13 151912 ----a-w- c:\windows\system32\mfevtps.exe
2012-07-04 02:30 . 2012-07-04 03:06 -------- d-----w- c:\programdata\McAfee
2012-07-02 20:35 . 2012-07-02 20:35 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-02 20:28 . 2012-07-02 20:28 -------- d-----w- c:\windows\Sun
2012-06-19 22:26 . 2012-06-19 22:26 -------- d-----w- c:\users\Default\AppData\Local\Trusteer
2012-06-14 11:05 . 2012-06-14 11:05 -------- d-----w- c:\users\Candy\AppData\Local\Trusteer
2012-06-14 11:05 . 2012-06-14 11:05 -------- d-----w- c:\program files\Trusteer
2012-06-14 11:04 . 2012-06-14 11:04 -------- d-----w- c:\programdata\Trusteer
2012-06-09 01:42 . 2012-06-09 01:42 65720 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-06-08 23:17 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-08 23:17 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-08 23:17 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-08 23:17 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-08 23:17 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-08 23:17 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-04 03:55 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-06-10 12:14 . 2012-06-10 12:14 138752 ----a-w- c:\programdata\Microsoft\Windows\DRM\6875.tmp
2012-05-08 16:40 . 2012-06-08 23:20 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{29E99306-86D1-4A37-961E-9D3D35C800AD}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-03-04 21:07 120184 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 00:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 00:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 00:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-03-04 21:07 120184 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-05 488816]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-01-25 536668]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 143384]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 177176]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 178200]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2011-01-15 5955072]
"FreeFallProtection"="c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]
"McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 419904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1459056]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2011-6-8 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2010-09-15 16:11 1971536 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^Candy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^eFax 4.4.lnk]
path=c:\users\Candy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk
backup=c:\windows\pss\eFax 4.4.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.4]
2010-07-02 18:24 95744 ----a-w- c:\program files\eFax Messenger 4.4\J2GDllCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R1 MpKslfac6e260;MpKslfac6e260;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AC41B74D-6790-46A7-833A-9D1FA91D0986}\MpKslfac6e260.sys [x]
R2 0090381341546617mcinstcleanup;McAfee Application Installer Cleanup (0090381341546617);c:\windows\TEMP\009038~1.EXE [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\DRIVERS\O2MDFw7.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [x]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_34302.sys [x]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [x]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [x]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]
S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [x]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [x]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files\Intel\Services\IPT\jhi_service.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [x]
S2 O2SDIOAssist;O2SDIOAssist;c:\windows\system32\srvany.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7.sys [x]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - CFWIDS
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-694695831-314743353-759112457-1000Core.job
- c:\users\Candy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-24 00:52]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-694695831-314743353-759112457-1000UA.job
- c:\users\Candy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-24 00:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?affID=110014&tt=050412_30b&babsrc=HP_ss&mntrId=041dc9ce000000000000c0f8da90b80e
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(640)
c:\windows\system32\wvauth.DLL
.
- - - - - - - > 'Explorer.exe'(4444)
c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
c:\program files\McAfee Online Backup\MOBKshell.dll
c:\windows\system32\msxml4.dll
c:\program files\Roxio\OEM\Virtual Drive 12\DC_ShellExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\IDT\WDM\STacSV.exe
c:\program files\Dell\DW WLAN Card\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Dell\DW WLAN Card\bcmwltry.exe
c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
c:\program files\Common Files\SPBA\upeksvr.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\windows\system32\SDIOAssist.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\taskhost.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\DllHost.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\system32\vssvc.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee\VIRUSS~1\mcvsshld.exe
c:\progra~1\mcafee\VIRUSS~1\mcvsmap.exe
c:\windows\system32\prevhost.exe
.
**************************************************************************
.
Completion time: 2012-07-06 00:10:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-06 04:10
.
Pre-Run: 279,637,159,936 bytes free
Post-Run: 282,055,098,368 bytes free
.
- - End Of File - - 6E4661B80326262813CA13504CAD56EC

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:38 AM

Posted 05 July 2012 - 11:26 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gbalestr

gbalestr
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 06 July 2012 - 06:18 PM

Hey Gringo,

Everything appears to be working fine now. Now errors with either of these programs. Please see below.


09:10:00.0473 5968 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
09:10:01.0603 5968 ============================================================
09:10:01.0603 5968 Current date / time: 2012/07/06 09:10:01.0603
09:10:01.0603 5968 SystemInfo:
09:10:01.0603 5968
09:10:01.0603 5968 OS Version: 6.1.7601 ServicePack: 1.0
09:10:01.0603 5968 Product type: Workstation
09:10:01.0603 5968 ComputerName: CANDY-PC
09:10:01.0603 5968 UserName: Candy
09:10:01.0603 5968 Windows directory: C:\Windows
09:10:01.0603 5968 System windows directory: C:\Windows
09:10:01.0603 5968 Processor architecture: Intel x86
09:10:01.0603 5968 Number of processors: 4
09:10:01.0603 5968 Page size: 0x1000
09:10:01.0603 5968 Boot type: Normal boot
09:10:01.0603 5968 ============================================================
09:10:03.0275 5968 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:10:03.0285 5968 ============================================================
09:10:03.0285 5968 \Device\Harddisk0\DR0:
09:10:03.0285 5968 MBR partitions:
09:10:03.0285 5968 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x178000
09:10:03.0285 5968 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x18C000, BlocksNum 0x252A2000
09:10:03.0285 5968 ============================================================
09:10:03.0425 5968 C: <-> \Device\Harddisk0\DR0\Partition1
09:10:03.0425 5968 ============================================================
09:10:03.0425 5968 Initialize success
09:10:03.0425 5968 ============================================================
09:10:07.0820 4744 ============================================================
09:10:07.0820 4744 Scan started
09:10:07.0820 4744 Mode: Manual;
09:10:07.0820 4744 ============================================================
09:10:09.0487 4744 0090381341546617mcinstcleanup - ok
09:10:09.0537 4744 0159241341558760mcinstcleanup - ok
09:10:11.0667 4744 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
09:10:11.0977 4744 1394ohci - ok
09:10:12.0177 4744 Acceler (3e58933198689f24cfa6ed4b93a80deb) C:\Windows\system32\DRIVERS\Accelern.sys
09:10:12.0227 4744 Acceler - ok
09:10:12.0357 4744 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
09:10:12.0417 4744 ACPI - ok
09:10:12.0477 4744 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
09:10:12.0547 4744 AcpiPmi - ok
09:10:12.0977 4744 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:10:13.0117 4744 AdobeARMservice - ok
09:10:13.0247 4744 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
09:10:13.0267 4744 adp94xx - ok
09:10:13.0417 4744 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
09:10:13.0467 4744 adpahci - ok
09:10:13.0497 4744 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
09:10:13.0507 4744 adpu320 - ok
09:10:13.0537 4744 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
09:10:13.0537 4744 AeLookupSvc - ok
09:10:13.0667 4744 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\Program Files\IDT\WDM\aestsrv.exe
09:10:13.0717 4744 AESTFilters - ok
09:10:13.0857 4744 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
09:10:13.0957 4744 AFD - ok
09:10:14.0037 4744 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
09:10:14.0047 4744 agp440 - ok
09:10:14.0127 4744 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
09:10:14.0137 4744 aic78xx - ok
09:10:14.0278 4744 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
09:10:14.0278 4744 ALG - ok
09:10:14.0325 4744 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
09:10:14.0366 4744 aliide - ok
09:10:14.0366 4744 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
09:10:14.0376 4744 amdagp - ok
09:10:14.0426 4744 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
09:10:14.0426 4744 amdide - ok
09:10:14.0526 4744 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
09:10:14.0536 4744 AmdK8 - ok
09:10:14.0536 4744 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
09:10:14.0536 4744 AmdPPM - ok
09:10:14.0616 4744 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
09:10:14.0896 4744 amdsata - ok
09:10:15.0006 4744 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
09:10:15.0006 4744 amdsbs - ok
09:10:15.0106 4744 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
09:10:15.0346 4744 amdxata - ok
09:10:15.0486 4744 ApfiltrService (9910a9c7d307a9e156d951248601c33e) C:\Windows\system32\DRIVERS\Apfiltr.sys
09:10:15.0656 4744 ApfiltrService - ok
09:10:15.0936 4744 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
09:10:16.0116 4744 AppID - ok
09:10:16.0406 4744 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
09:10:16.0416 4744 AppIDSvc - ok
09:10:16.0663 4744 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
09:10:16.0663 4744 Appinfo - ok
09:10:16.0953 4744 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
09:10:16.0953 4744 AppMgmt - ok
09:10:17.0043 4744 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
09:10:17.0053 4744 arc - ok
09:10:17.0063 4744 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
09:10:17.0073 4744 arcsas - ok
09:10:17.0113 4744 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
09:10:17.0113 4744 AsyncMac - ok
09:10:17.0313 4744 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
09:10:17.0323 4744 atapi - ok
09:10:17.0863 4744 ATService (ff270313c14fc180b6c49bb0b302e0fb) C:\Program Files\Fingerprint Sensor\AtService.exe
09:10:17.0953 4744 ATService - ok
09:10:19.0042 4744 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
09:10:19.0042 4744 AudioEndpointBuilder - ok
09:10:19.0052 4744 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
09:10:19.0052 4744 Audiosrv - ok
09:10:19.0142 4744 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
09:10:19.0272 4744 AxInstSV - ok
09:10:19.0562 4744 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
09:10:19.0572 4744 b06bdrv - ok
09:10:19.0892 4744 b57nd60x (68fb5af4534aa98b364ea585703d2456) C:\Windows\system32\DRIVERS\b57nd60x.sys
09:10:19.0902 4744 b57nd60x - ok
09:10:20.0412 4744 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
09:10:20.0422 4744 BBSvc - ok
09:10:20.0832 4744 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
09:10:20.0910 4744 BBUpdate - ok
09:10:20.0991 4744 BCM42RLY (63e991fcb420a3b06e86c58bcfb994bb) C:\Windows\system32\drivers\BCM42RLY.sys
09:10:21.0161 4744 BCM42RLY - ok
09:10:22.0661 4744 BCM43XX (684320e13cff66cbac085654e26ed712) C:\Windows\system32\DRIVERS\bcmwl6.sys
09:10:22.0761 4744 BCM43XX - ok
09:10:23.0321 4744 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
09:10:23.0331 4744 BDESVC - ok
09:10:23.0621 4744 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
09:10:23.0631 4744 Beep - ok
09:10:23.0861 4744 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
09:10:23.0921 4744 BFE - ok
09:10:24.0031 4744 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
09:10:24.0221 4744 BITS - ok
09:10:24.0361 4744 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
09:10:24.0381 4744 blbdrive - ok
09:10:24.0611 4744 Blfp (a1115d933e7e3588e6dd53b03219f808) C:\Windows\system32\DRIVERS\basp.sys
09:10:24.0931 4744 Blfp - ok
09:10:25.0161 4744 Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files\Bonjour\mDNSResponder.exe
09:10:25.0331 4744 Bonjour Service - ok
09:10:25.0451 4744 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
09:10:25.0521 4744 bowser - ok
09:10:25.0661 4744 BrcmMgmtAgent (e7ca80fa5a7e82ed87e8140e0bdfa13b) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
09:10:25.0761 4744 BrcmMgmtAgent - ok
09:10:25.0811 4744 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:10:25.0821 4744 BrFiltLo - ok
09:10:25.0821 4744 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:10:25.0841 4744 BrFiltUp - ok
09:10:25.0931 4744 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
09:10:25.0931 4744 BridgeMP - ok
09:10:26.0031 4744 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
09:10:26.0031 4744 Browser - ok
09:10:26.0091 4744 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
09:10:26.0101 4744 Brserid - ok
09:10:26.0151 4744 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
09:10:26.0161 4744 BrSerWdm - ok
09:10:26.0211 4744 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:10:26.0211 4744 BrUsbMdm - ok
09:10:26.0221 4744 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
09:10:26.0231 4744 BrUsbSer - ok
09:10:26.0241 4744 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
09:10:26.0251 4744 BTHMODEM - ok
09:10:26.0409 4744 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
09:10:26.0425 4744 bthserv - ok
09:10:26.0771 4744 catchme - ok
09:10:26.0851 4744 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
09:10:26.0871 4744 cdfs - ok
09:10:27.0041 4744 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
09:10:27.0201 4744 cdrom - ok
09:10:27.0291 4744 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
09:10:27.0341 4744 CertPropSvc - ok
09:10:27.0451 4744 cfwids (1c7b1e36f3ced9e4b0b13385e627fe8b) C:\Windows\system32\drivers\cfwids.sys
09:10:27.0691 4744 cfwids - ok
09:10:27.0741 4744 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
09:10:27.0751 4744 circlass - ok
09:10:27.0831 4744 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
09:10:27.0851 4744 CLFS - ok
09:10:28.0041 4744 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:10:28.0051 4744 clr_optimization_v2.0.50727_32 - ok
09:10:28.0728 4744 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:10:28.0808 4744 clr_optimization_v4.0.30319_32 - ok
09:10:28.0858 4744 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
09:10:28.0868 4744 CmBatt - ok
09:10:28.0898 4744 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
09:10:28.0908 4744 cmdide - ok
09:10:29.0028 4744 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
09:10:29.0318 4744 CNG - ok
09:10:29.0378 4744 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
09:10:29.0388 4744 Compbatt - ok
09:10:29.0478 4744 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
09:10:29.0538 4744 CompositeBus - ok
09:10:29.0558 4744 COMSysApp - ok
09:10:29.0558 4744 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
09:10:29.0568 4744 crcdisk - ok
09:10:29.0698 4744 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
09:10:29.0708 4744 CryptSvc - ok
09:10:29.0828 4744 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
09:10:29.0968 4744 CSC - ok
09:10:30.0138 4744 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
09:10:30.0148 4744 CscService - ok
09:10:30.0238 4744 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
09:10:30.0248 4744 DcomLaunch - ok
09:10:30.0558 4744 dcpsysmgrsvc (658894a9500b789512e7f16c6f3a707d) c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
09:10:30.0628 4744 dcpsysmgrsvc - ok
09:10:30.0688 4744 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
09:10:30.0708 4744 defragsvc - ok
09:10:30.0948 4744 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
09:10:31.0010 4744 DfsC - ok
09:10:31.0186 4744 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
09:10:31.0196 4744 Dhcp - ok
09:10:31.0246 4744 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
09:10:31.0256 4744 discache - ok
09:10:31.0386 4744 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
09:10:31.0396 4744 Disk - ok
09:10:31.0446 4744 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
09:10:31.0446 4744 Dnscache - ok
09:10:31.0526 4744 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
09:10:31.0626 4744 dot3svc - ok
09:10:31.0686 4744 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
09:10:31.0736 4744 DPS - ok
09:10:31.0796 4744 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
09:10:31.0806 4744 drmkaud - ok
09:10:31.0946 4744 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
09:10:32.0056 4744 DXGKrnl - ok
09:10:32.0246 4744 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
09:10:32.0256 4744 EapHost - ok
09:10:32.0936 4744 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
09:10:33.0106 4744 ebdrv - ok
09:10:33.0596 4744 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
09:10:33.0606 4744 EFS - ok
09:10:33.0796 4744 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
09:10:33.0846 4744 ehRecvr - ok
09:10:33.0906 4744 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
09:10:33.0926 4744 ehSched - ok
09:10:34.0316 4744 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
09:10:34.0346 4744 elxstor - ok
09:10:34.0416 4744 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
09:10:34.0426 4744 ErrDev - ok
09:10:34.0516 4744 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
09:10:34.0526 4744 EventSystem - ok
09:10:34.0606 4744 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
09:10:34.0616 4744 exfat - ok
09:10:34.0636 4744 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
09:10:34.0646 4744 fastfat - ok
09:10:34.0796 4744 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
09:10:34.0906 4744 Fax - ok
09:10:34.0926 4744 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
09:10:34.0926 4744 fdc - ok
09:10:34.0996 4744 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
09:10:35.0006 4744 fdPHost - ok
09:10:35.0026 4744 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
09:10:35.0036 4744 FDResPub - ok
09:10:35.0036 4744 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
09:10:35.0046 4744 FileInfo - ok
09:10:35.0056 4744 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
09:10:35.0066 4744 Filetrace - ok
09:10:35.0316 4744 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:10:35.0416 4744 FLEXnet Licensing Service - ok
09:10:35.0446 4744 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
09:10:35.0446 4744 flpydisk - ok
09:10:35.0566 4744 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
09:10:35.0576 4744 FltMgr - ok
09:10:35.0686 4744 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
09:10:35.0726 4744 FontCache - ok
09:10:35.0876 4744 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:10:35.0886 4744 FontCache3.0.0.0 - ok
09:10:35.0916 4744 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
09:10:35.0926 4744 FsDepends - ok
09:10:35.0996 4744 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
09:10:36.0046 4744 Fs_Rec - ok
09:10:36.0146 4744 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
09:10:36.0366 4744 fvevol - ok
09:10:36.0406 4744 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:10:36.0406 4744 gagp30kx - ok
09:10:36.0536 4744 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
09:10:36.0536 4744 gpsvc - ok
09:10:36.0616 4744 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
09:10:36.0616 4744 hcw85cir - ok
09:10:36.0696 4744 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
09:10:36.0766 4744 HDAudBus - ok
09:10:36.0766 4744 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
09:10:36.0776 4744 HidBatt - ok
09:10:36.0776 4744 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
09:10:36.0786 4744 HidBth - ok
09:10:36.0826 4744 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
09:10:36.0836 4744 HidIr - ok
09:10:36.0876 4744 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
09:10:36.0886 4744 hidserv - ok
09:10:36.0916 4744 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
09:10:37.0046 4744 HidUsb - ok
09:10:37.0126 4744 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
09:10:37.0206 4744 hkmsvc - ok
09:10:37.0256 4744 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
09:10:37.0306 4744 HomeGroupListener - ok
09:10:37.0366 4744 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
09:10:37.0376 4744 HomeGroupProvider - ok
09:10:37.0466 4744 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
09:10:37.0466 4744 HpSAMD - ok
09:10:37.0666 4744 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
09:10:37.0846 4744 HTTP - ok
09:10:37.0896 4744 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
09:10:37.0976 4744 hwpolicy - ok
09:10:38.0036 4744 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
09:10:38.0046 4744 i8042prt - ok
09:10:38.0146 4744 iaStor (f4037a3fedb92dd97c95f320766ea5c9) C:\Windows\system32\DRIVERS\iaStor.sys
09:10:38.0146 4744 iaStor - ok
09:10:38.0436 4744 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
09:10:38.0606 4744 iaStorV - ok
09:10:38.0956 4744 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:10:39.0096 4744 idsvc - ok
09:10:42.0226 4744 igfx (398b3e63a5ed485c5bee4b575dec4bb4) C:\Windows\system32\DRIVERS\igdkmd32.sys
09:10:42.0536 4744 igfx - ok
09:10:44.0586 4744 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
09:10:44.0596 4744 iirsp - ok
09:10:44.0706 4744 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
09:10:44.0716 4744 IKEEXT - ok
09:10:44.0776 4744 IntcDAud (5576ad2f0039d2bccca3567fc0bf981c) C:\Windows\system32\DRIVERS\IntcDAud.sys
09:10:44.0886 4744 IntcDAud - ok
09:10:44.0986 4744 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
09:10:44.0996 4744 intelide - ok
09:10:45.0046 4744 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
09:10:45.0066 4744 intelppm - ok
09:10:45.0106 4744 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
09:10:45.0116 4744 IPBusEnum - ok
09:10:45.0126 4744 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:10:45.0146 4744 IpFilterDriver - ok
09:10:45.0366 4744 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
09:10:45.0396 4744 iphlpsvc - ok
09:10:45.0446 4744 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
09:10:45.0506 4744 IPMIDRV - ok
09:10:45.0536 4744 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
09:10:45.0546 4744 IPNAT - ok
09:10:45.0586 4744 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
09:10:45.0596 4744 IRENUM - ok
09:10:45.0646 4744 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
09:10:45.0656 4744 isapnp - ok
09:10:45.0736 4744 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
09:10:45.0836 4744 iScsiPrt - ok
09:10:46.0206 4744 jhi_service (3b794ca0de73790420deba3c759f1502) C:\Program Files\Intel\Services\IPT\jhi_service.exe
09:10:46.0286 4744 jhi_service - ok
09:10:46.0356 4744 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
09:10:46.0366 4744 kbdclass - ok
09:10:46.0426 4744 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
09:10:46.0516 4744 kbdhid - ok
09:10:46.0556 4744 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:10:46.0556 4744 KeyIso - ok
09:10:46.0626 4744 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
09:10:46.0736 4744 KSecDD - ok
09:10:46.0756 4744 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
09:10:46.0856 4744 KSecPkg - ok
09:10:47.0016 4744 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
09:10:47.0046 4744 KtmRm - ok
09:10:47.0116 4744 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
09:10:47.0126 4744 LanmanServer - ok
09:10:47.0186 4744 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
09:10:47.0186 4744 LanmanWorkstation - ok
09:10:47.0316 4744 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
09:10:47.0316 4744 lltdio - ok
09:10:47.0386 4744 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
09:10:47.0396 4744 lltdsvc - ok
09:10:47.0406 4744 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
09:10:47.0416 4744 lmhosts - ok
09:10:47.0606 4744 LMS (5f5899711df18a02162b6d518c17b0d7) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
09:10:47.0726 4744 LMS - ok
09:10:47.0786 4744 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:10:47.0796 4744 LSI_FC - ok
09:10:47.0816 4744 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:10:47.0816 4744 LSI_SAS - ok
09:10:47.0826 4744 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:10:47.0826 4744 LSI_SAS2 - ok
09:10:47.0836 4744 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:10:47.0836 4744 LSI_SCSI - ok
09:10:47.0846 4744 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
09:10:47.0876 4744 luafv - ok
09:10:48.0066 4744 McAfee SiteAdvisor Service (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
09:10:48.0066 4744 McAfee SiteAdvisor Service - ok
09:10:48.0086 4744 McMPFSvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
09:10:48.0086 4744 McMPFSvc - ok
09:10:48.0096 4744 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
09:10:48.0096 4744 mcmscsvc - ok
09:10:48.0106 4744 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
09:10:48.0106 4744 McNaiAnn - ok
09:10:48.0136 4744 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
09:10:48.0136 4744 McNASvc - ok
09:10:48.0486 4744 McODS (135aa9e9e7047b7dc1f753205d421a26) C:\Program Files\McAfee\VirusScan\mcods.exe
09:10:48.0536 4744 McODS - ok
09:10:48.0546 4744 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
09:10:48.0546 4744 McProxy - ok
09:10:48.0616 4744 McPvDrv (000751813ecef491689176e72b3a8bee) C:\Windows\system32\drivers\McPvDrv.sys
09:10:48.0766 4744 McPvDrv - ok
09:10:48.0846 4744 McShield (85db8ddd2d664716bb5b2d3405f9ef92) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
09:10:48.0856 4744 McShield - ok
09:10:48.0906 4744 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
09:10:48.0956 4744 Mcx2Svc - ok
09:10:48.0986 4744 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
09:10:48.0996 4744 megasas - ok
09:10:49.0036 4744 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
09:10:49.0046 4744 MegaSR - ok
09:10:49.0096 4744 MEI (d86ac00883b9c98b570e7643aaf8e554) C:\Windows\system32\DRIVERS\HECI.sys
09:10:49.0196 4744 MEI - ok
09:10:49.0276 4744 mfeapfk (43c31bdf404a6d7a7ac1bfd5ead2a566) C:\Windows\system32\drivers\mfeapfk.sys
09:10:49.0376 4744 mfeapfk - ok
09:10:49.0426 4744 mfeavfk (c1dc5f42d3367f33b6451be78b38bd46) C:\Windows\system32\drivers\mfeavfk.sys
09:10:49.0516 4744 mfeavfk - ok
09:10:49.0556 4744 mfeavfk01 - ok
09:10:49.0586 4744 mfebopk (0435c43f4c2be01b84868ad2a906397b) C:\Windows\system32\drivers\mfebopk.sys
09:10:49.0696 4744 mfebopk - ok
09:10:49.0766 4744 mfefire (183ab9dce971e029c50223765671839c) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
09:10:49.0766 4744 mfefire - ok
09:10:49.0836 4744 mfefirek (4ea6ff90015424517843e931448e00f1) C:\Windows\system32\drivers\mfefirek.sys
09:10:49.0916 4744 mfefirek - ok
09:10:50.0026 4744 mfehidk (d1e998748ba24a731106611d535c6bbf) C:\Windows\system32\drivers\mfehidk.sys
09:10:50.0156 4744 mfehidk - ok
09:10:50.0206 4744 mfenlfk (ac04a618aef3de0fce91c766f9e069da) C:\Windows\system32\DRIVERS\mfenlfk.sys
09:10:50.0346 4744 mfenlfk - ok
09:10:50.0416 4744 mferkdet (f454a13377f0a006d20a8c14a753c432) C:\Windows\system32\drivers\mferkdet.sys
09:10:50.0476 4744 mferkdet - ok
09:10:50.0526 4744 mfevtp (2b8dfc60edddaa33eb5e9f7c91b48acd) C:\Windows\system32\mfevtps.exe
09:10:50.0596 4744 mfevtp - ok
09:10:50.0756 4744 mfewfpk (f284337aedb7483df8a5fa840647e2b0) C:\Windows\system32\drivers\mfewfpk.sys
09:10:50.0826 4744 mfewfpk - ok
09:10:50.0866 4744 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
09:10:50.0866 4744 MMCSS - ok
09:10:51.0166 4744 MOBKbackup (35176fa09a0fc58db630991a81a0ba39) C:\Program Files\McAfee Online Backup\MOBKbackup.exe
09:10:51.0236 4744 MOBKbackup - ok
09:10:51.0296 4744 MOBKFilter (e896775837a8bce436348df460522394) C:\Windows\system32\DRIVERS\MOBK.sys
09:10:51.0456 4744 MOBKFilter - ok
09:10:51.0476 4744 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
09:10:51.0476 4744 Modem - ok
09:10:51.0496 4744 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
09:10:51.0506 4744 monitor - ok
09:10:51.0556 4744 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
09:10:51.0566 4744 mouclass - ok
09:10:51.0576 4744 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
09:10:51.0586 4744 mouhid - ok
09:10:51.0728 4744 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
09:10:51.0795 4744 mountmgr - ok
09:10:51.0895 4744 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
09:10:52.0015 4744 MpFilter - ok
09:10:52.0125 4744 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
09:10:52.0325 4744 mpio - ok
09:10:52.0735 4744 MpKslfac6e260 - ok
09:10:52.0915 4744 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
09:10:52.0925 4744 mpsdrv - ok
09:10:53.0115 4744 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
09:10:53.0185 4744 MpsSvc - ok
09:10:53.0295 4744 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
09:10:53.0395 4744 MRxDAV - ok
09:10:53.0465 4744 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:10:53.0595 4744 mrxsmb - ok
09:10:53.0725 4744 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:10:53.0835 4744 mrxsmb10 - ok
09:10:53.0875 4744 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:10:53.0985 4744 mrxsmb20 - ok
09:10:54.0015 4744 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
09:10:54.0155 4744 msahci - ok
09:10:54.0235 4744 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
09:10:54.0385 4744 msdsm - ok
09:10:54.0425 4744 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
09:10:54.0445 4744 MSDTC - ok
09:10:54.0465 4744 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
09:10:54.0465 4744 Msfs - ok
09:10:54.0475 4744 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
09:10:54.0475 4744 mshidkmdf - ok
09:10:54.0495 4744 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
09:10:54.0505 4744 msisadrv - ok
09:10:54.0575 4744 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
09:10:54.0585 4744 MSiSCSI - ok
09:10:54.0595 4744 msiserver - ok
09:10:54.0975 4744 MSK80Service (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
09:10:54.0985 4744 MSK80Service - ok
09:10:55.0065 4744 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
09:10:55.0075 4744 MSKSSRV - ok
09:10:55.0175 4744 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
09:10:55.0225 4744 MsMpSvc - ok
09:10:55.0225 4744 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
09:10:55.0225 4744 MSPCLOCK - ok
09:10:55.0235 4744 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
09:10:55.0235 4744 MSPQM - ok
09:10:55.0245 4744 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
09:10:55.0255 4744 MsRPC - ok
09:10:55.0285 4744 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
09:10:55.0295 4744 mssmbios - ok
09:10:55.0305 4744 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
09:10:55.0315 4744 MSTEE - ok
09:10:55.0315 4744 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
09:10:55.0315 4744 MTConfig - ok
09:10:55.0325 4744 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
09:10:55.0325 4744 Mup - ok
09:10:55.0365 4744 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
09:10:55.0365 4744 napagent - ok
09:10:55.0435 4744 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
09:10:55.0445 4744 NativeWifiP - ok
09:10:55.0645 4744 NDIS (3723262737d90f58059ceda7373b0387) C:\Windows\system32\drivers\ndis.sys
09:10:55.0695 4744 NDIS - ok
09:10:55.0765 4744 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
09:10:55.0785 4744 NdisCap - ok
09:10:55.0805 4744 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
09:10:55.0815 4744 NdisTapi - ok
09:10:55.0855 4744 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
09:10:55.0925 4744 Ndisuio - ok
09:10:55.0995 4744 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
09:10:56.0135 4744 NdisWan - ok
09:10:56.0175 4744 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
09:10:56.0255 4744 NDProxy - ok
09:10:56.0315 4744 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
09:10:56.0325 4744 NetBIOS - ok
09:10:56.0395 4744 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
09:10:56.0515 4744 NetBT - ok
09:10:56.0565 4744 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:10:56.0565 4744 Netlogon - ok
09:10:56.0635 4744 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
09:10:56.0655 4744 Netman - ok
09:10:56.0685 4744 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
09:10:56.0685 4744 netprofm - ok
09:10:56.0865 4744 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:10:56.0945 4744 NetTcpPortSharing - ok
09:10:57.0005 4744 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
09:10:57.0015 4744 nfrd960 - ok
09:10:57.0055 4744 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:10:57.0115 4744 NisDrv - ok
09:10:57.0555 4744 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
09:10:57.0705 4744 NisSrv - ok
09:10:57.0785 4744 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
09:10:57.0795 4744 NlaSvc - ok
09:10:57.0835 4744 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
09:10:57.0845 4744 Npfs - ok
09:10:57.0865 4744 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
09:10:57.0875 4744 nsi - ok
09:10:57.0875 4744 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
09:10:57.0885 4744 nsiproxy - ok
09:10:58.0005 4744 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
09:10:58.0105 4744 Ntfs - ok
09:10:59.0505 4744 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
09:10:59.0515 4744 Null - ok
09:10:59.0605 4744 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
09:10:59.0665 4744 nvraid - ok
09:10:59.0725 4744 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
09:10:59.0825 4744 nvstor - ok
09:10:59.0865 4744 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
09:10:59.0865 4744 nv_agp - ok
09:10:59.0935 4744 O2FLASH (4e37455db16aec75862b1d0bc35b589e) C:\Windows\system32\DRIVERS\o2flash.exe
09:11:00.0045 4744 O2FLASH - ok
09:11:00.0085 4744 O2MDFRDR (5f63917fcc257ed11e828230be594194) C:\Windows\system32\DRIVERS\O2MDFw7.sys
09:11:00.0215 4744 O2MDFRDR - ok
09:11:00.0245 4744 O2MDRRDR (fdc901900d9b1b671b3388c3023bd2ea) C:\Windows\system32\DRIVERS\O2MDRw7.sys
09:11:00.0405 4744 O2MDRRDR - ok
09:11:00.0435 4744 O2SDIOAssist (4635935fc972c582632bf45c26bfcb0e) c:\Windows\system32\srvany.exe
09:11:00.0615 4744 O2SDIOAssist - ok
09:11:00.0765 4744 O2SDJRDR (d5a27c1ecd36564fed061efb78bd0a62) C:\Windows\system32\DRIVERS\o2sdjw7.sys
09:11:00.0875 4744 O2SDJRDR - ok
09:11:00.0915 4744 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
09:11:00.0935 4744 ohci1394 - ok
09:11:01.0125 4744 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:11:01.0195 4744 ose - ok
09:11:02.0175 4744 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:11:02.0365 4744 osppsvc - ok
09:11:03.0375 4744 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
09:11:03.0415 4744 p2pimsvc - ok
09:11:03.0475 4744 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
09:11:03.0505 4744 p2psvc - ok
09:11:03.0725 4744 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
09:11:03.0745 4744 Parport - ok
09:11:03.0855 4744 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
09:11:03.0985 4744 partmgr - ok
09:11:04.0025 4744 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
09:11:04.0025 4744 Parvdm - ok
09:11:04.0065 4744 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\Windows\system32\DRIVERS\PBADRV.sys
09:11:04.0205 4744 PBADRV - ok
09:11:04.0275 4744 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
09:11:04.0285 4744 PcaSvc - ok
09:11:04.0365 4744 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
09:11:04.0545 4744 pci - ok
09:11:04.0635 4744 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
09:11:04.0645 4744 pciide - ok
09:11:04.0765 4744 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
09:11:04.0785 4744 pcmcia - ok
09:11:04.0795 4744 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
09:11:04.0805 4744 pcw - ok
09:11:04.0905 4744 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
09:11:04.0935 4744 PEAUTH - ok
09:11:05.0285 4744 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
09:11:05.0305 4744 PeerDistSvc - ok
09:11:05.0565 4744 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
09:11:05.0685 4744 pla - ok
09:11:06.0455 4744 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
09:11:06.0515 4744 PlugPlay - ok
09:11:06.0545 4744 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
09:11:06.0555 4744 PNRPAutoReg - ok
09:11:06.0665 4744 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
09:11:06.0675 4744 PNRPsvc - ok
09:11:06.0745 4744 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
09:11:06.0775 4744 PolicyAgent - ok
09:11:06.0845 4744 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
09:11:06.0855 4744 Power - ok
09:11:07.0304 4744 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
09:11:07.0374 4744 PptpMiniport - ok
09:11:07.0394 4744 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
09:11:07.0404 4744 Processor - ok
09:11:07.0514 4744 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
09:11:07.0544 4744 ProfSvc - ok
09:11:07.0594 4744 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:11:07.0594 4744 ProtectedStorage - ok
09:11:07.0664 4744 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
09:11:07.0664 4744 Psched - ok
09:11:07.0964 4744 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
09:11:08.0084 4744 PxHelp20 - ok
09:11:08.0244 4744 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
09:11:08.0274 4744 ql2300 - ok
09:11:09.0672 4744 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
09:11:09.0682 4744 ql40xx - ok
09:11:09.0752 4744 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
09:11:09.0772 4744 QWAVE - ok
09:11:09.0782 4744 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
09:11:09.0792 4744 QWAVEdrv - ok
09:11:10.0002 4744 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_34302.sys
09:11:10.0122 4744 RapportCerberus_34302 - ok
09:11:10.0562 4744 RapportEI (ab79b1f18421fd72c2980a2c511e41b3) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
09:11:10.0732 4744 RapportEI - ok
09:11:10.0802 4744 RapportIaso (35199ec35edc7dcba71fda711dfb05c0) c:\programdata\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys
09:11:10.0872 4744 RapportIaso - ok
09:11:10.0932 4744 RapportKELL (d62d8cf270824d5a542b654a7980ae3c) C:\Windows\system32\Drivers\RapportKELL.sys
09:11:11.0032 4744 RapportKELL - ok
09:11:11.0122 4744 RapportMgmtService (d41b2804aafaba0ea8fd7e71ae33c30c) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
09:11:11.0182 4744 RapportMgmtService - ok
09:11:11.0252 4744 RapportPG (102efe077c8502b68f08eb8f126dcc65) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
09:11:11.0372 4744 RapportPG - ok
09:11:12.0972 4744 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
09:11:12.0972 4744 RasAcd - ok
09:11:13.0052 4744 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:11:13.0062 4744 RasAgileVpn - ok
09:11:13.0082 4744 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
09:11:13.0102 4744 RasAuto - ok
09:11:13.0102 4744 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:11:13.0112 4744 Rasl2tp - ok
09:11:13.0233 4744 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
09:11:13.0233 4744 RasMan - ok
09:11:13.0248 4744 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
09:11:13.0264 4744 RasPppoe - ok
09:11:13.0304 4744 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
09:11:13.0314 4744 RasSstp - ok
09:11:13.0364 4744 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
09:11:13.0454 4744 rdbss - ok
09:11:13.0464 4744 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
09:11:13.0464 4744 rdpbus - ok
09:11:13.0504 4744 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:11:13.0574 4744 RDPCDD - ok
09:11:13.0704 4744 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
09:11:13.0794 4744 RDPDR - ok
09:11:13.0844 4744 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
09:11:13.0854 4744 RDPENCDD - ok
09:11:13.0874 4744 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
09:11:13.0884 4744 RDPREFMP - ok
09:11:13.0924 4744 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
09:11:14.0034 4744 RDPWD - ok
09:11:14.0144 4744 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
09:11:14.0294 4744 rdyboost - ok
09:11:14.0334 4744 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
09:11:14.0354 4744 RemoteAccess - ok
09:11:14.0424 4744 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
09:11:14.0434 4744 RemoteRegistry - ok
09:11:15.0124 4744 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
09:11:15.0364 4744 RoxMediaDB12OEM - ok
09:11:15.0414 4744 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
09:11:15.0494 4744 RoxWatch12 - ok
09:11:16.0193 4744 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
09:11:16.0213 4744 RpcEptMapper - ok
09:11:16.0243 4744 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
09:11:16.0253 4744 RpcLocator - ok
09:11:16.0333 4744 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
09:11:16.0343 4744 RpcSs - ok
09:11:16.0813 4744 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
09:11:16.0823 4744 rspndr - ok
09:11:16.0913 4744 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
09:11:16.0973 4744 s3cap - ok
09:11:17.0003 4744 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:11:17.0003 4744 SamSs - ok
09:11:17.0273 4744 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
09:11:17.0393 4744 sbp2port - ok
09:11:17.0713 4744 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
09:11:17.0773 4744 SCardSvr - ok
09:11:17.0833 4744 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
09:11:17.0893 4744 scfilter - ok
09:11:18.0053 4744 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
09:11:18.0073 4744 Schedule - ok
09:11:18.0133 4744 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
09:11:18.0143 4744 SCPolicySvc - ok
09:11:18.0203 4744 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
09:11:18.0333 4744 SDRSVC - ok
09:11:18.0393 4744 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:11:18.0393 4744 secdrv - ok
09:11:18.0423 4744 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
09:11:18.0433 4744 seclogon - ok
09:11:19.0273 4744 SecureStorageService (6abf8e8ae3800ccf84d9ae6865a641e5) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe
09:11:19.0583 4744 SecureStorageService - ok
09:11:20.0503 4744 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
09:11:20.0503 4744 SENS - ok
09:11:20.0553 4744 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
09:11:20.0573 4744 SensrSvc - ok
09:11:20.0763 4744 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
09:11:20.0773 4744 Serenum - ok
09:11:20.0813 4744 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
09:11:20.0823 4744 Serial - ok
09:11:20.0873 4744 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
09:11:20.0883 4744 sermouse - ok
09:11:20.0973 4744 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
09:11:21.0053 4744 SessionEnv - ok
09:11:21.0163 4744 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
09:11:21.0163 4744 sffdisk - ok
09:11:21.0183 4744 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
09:11:21.0183 4744 sffp_mmc - ok
09:11:21.0213 4744 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
09:11:21.0253 4744 sffp_sd - ok
09:11:21.0313 4744 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
09:11:21.0313 4744 sfloppy - ok
09:11:21.0423 4744 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
09:11:21.0433 4744 SharedAccess - ok
09:11:21.0463 4744 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
09:11:21.0473 4744 ShellHWDetection - ok
09:11:21.0513 4744 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
09:11:21.0523 4744 sisagp - ok
09:11:21.0543 4744 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:11:21.0543 4744 SiSRaid2 - ok
09:11:21.0573 4744 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
09:11:21.0583 4744 SiSRaid4 - ok
09:11:21.0593 4744 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
09:11:21.0593 4744 Smb - ok
09:11:21.0643 4744 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
09:11:21.0643 4744 SNMPTRAP - ok
09:11:21.0663 4744 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
09:11:21.0663 4744 spldr - ok
09:11:21.0743 4744 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
09:11:21.0803 4744 Spooler - ok
09:11:21.0983 4744 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
09:11:22.0073 4744 sppsvc - ok
09:11:22.0633 4744 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
09:11:22.0663 4744 sppuinotify - ok
09:11:22.0883 4744 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
09:11:23.0043 4744 srv - ok
09:11:23.0183 4744 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
09:11:23.0273 4744 srv2 - ok
09:11:23.0313 4744 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
09:11:23.0423 4744 srvnet - ok
09:11:23.0553 4744 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
09:11:23.0553 4744 SSDPSRV - ok
09:11:23.0563 4744 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
09:11:23.0563 4744 SstpSvc - ok
09:11:23.0753 4744 STacSV (a97fca92be4e62bc589371058cbc769e) C:\Program Files\IDT\WDM\STacSV.exe
09:11:23.0813 4744 STacSV - ok
09:11:23.0879 4744 stdcfltn (1e72739a30a0d3e3fc95ebb07f83912d) C:\Windows\system32\DRIVERS\stdcfltn.sys
09:11:23.0977 4744 stdcfltn - ok
09:11:24.0007 4744 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
09:11:24.0007 4744 stexstor - ok
09:11:24.0167 4744 STHDA (d5d73b49d53fcc47e2828d6805dfa0f6) C:\Windows\system32\DRIVERS\stwrt.sys
09:11:24.0267 4744 STHDA - ok
09:11:24.0417 4744 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
09:11:24.0487 4744 StiSvc - ok
09:11:24.0767 4744 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
09:11:24.0807 4744 stllssvr - ok
09:11:24.0857 4744 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
09:11:24.0927 4744 storflt - ok
09:11:24.0977 4744 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
09:11:25.0077 4744 StorSvc - ok
09:11:25.0147 4744 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
09:11:25.0217 4744 storvsc - ok
09:11:25.0267 4744 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
09:11:25.0267 4744 swenum - ok
09:11:25.0327 4744 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
09:11:25.0357 4744 swprv - ok
09:11:25.0637 4744 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
09:11:25.0727 4744 SysMain - ok
09:11:25.0777 4744 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
09:11:25.0837 4744 TabletInputService - ok
09:11:25.0907 4744 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
09:11:25.0917 4744 TapiSrv - ok
09:11:25.0957 4744 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
09:11:25.0957 4744 TBS - ok
09:11:26.0489 4744 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
09:11:26.0689 4744 Tcpip - ok
09:11:27.0629 4744 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
09:11:27.0629 4744 TCPIP6 - ok
09:11:28.0649 4744 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
09:11:28.0739 4744 tcpipreg - ok
09:11:29.0129 4744 tcsd_win32.exe (e42d560e2163480e7b586b14abeb3386) C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
09:11:29.0249 4744 tcsd_win32.exe - ok
09:11:29.0949 4744 TdmService (4fc8d1a146d1d6dad9d57d8a8c08933b) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
09:11:30.0119 4744 TdmService - ok
09:11:30.0929 4744 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
09:11:31.0019 4744 TDPIPE - ok
09:11:31.0099 4744 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
09:11:31.0229 4744 TDTCP - ok
09:11:31.0309 4744 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
09:11:31.0409 4744 tdx - ok
09:11:31.0469 4744 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
09:11:31.0539 4744 TermDD - ok
09:11:31.0709 4744 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
09:11:31.0859 4744 TermService - ok
09:11:31.0909 4744 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
09:11:31.0919 4744 Themes - ok
09:11:31.0959 4744 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
09:11:31.0959 4744 THREADORDER - ok
09:11:32.0009 4744 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
09:11:32.0019 4744 TrkWks - ok
09:11:32.0079 4744 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
09:11:32.0149 4744 TrustedInstaller - ok
09:11:32.0179 4744 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:11:32.0279 4744 tssecsrv - ok
09:11:32.0379 4744 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
09:11:32.0449 4744 TsUsbFlt - ok
09:11:32.0519 4744 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
09:11:32.0569 4744 tunnel - ok
09:11:32.0649 4744 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
09:11:32.0699 4744 uagp35 - ok
09:11:32.0749 4744 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
09:11:32.0809 4744 udfs - ok
09:11:32.0949 4744 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
09:11:32.0959 4744 UI0Detect - ok
09:11:33.0029 4744 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
09:11:33.0039 4744 uliagpkx - ok
09:11:33.0079 4744 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
09:11:33.0139 4744 umbus - ok
09:11:33.0189 4744 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
09:11:33.0199 4744 UmPass - ok
09:11:33.0259 4744 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
09:11:33.0309 4744 UmRdpService - ok
09:11:34.0019 4744 UNS (f7a1f83f28b125aa3737bc06eabb0cd5) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
09:11:34.0199 4744 UNS - ok
09:11:35.0049 4744 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
09:11:35.0049 4744 upnphost - ok
09:11:35.0289 4744 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys
09:11:35.0349 4744 usbccgp - ok
09:11:35.0399 4744 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
09:11:35.0409 4744 usbcir - ok
09:11:35.0479 4744 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
09:11:35.0579 4744 usbehci - ok
09:11:35.0649 4744 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
09:11:35.0739 4744 usbhub - ok
09:11:35.0749 4744 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
09:11:35.0829 4744 usbohci - ok
09:11:35.0909 4744 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
09:11:35.0919 4744 usbprint - ok
09:11:35.0979 4744 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
09:11:36.0049 4744 USBSTOR - ok
09:11:36.0089 4744 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
09:11:36.0169 4744 usbuhci - ok
09:11:36.0209 4744 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
09:11:36.0209 4744 UxSms - ok
09:11:36.0269 4744 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:11:36.0269 4744 VaultSvc - ok
09:11:36.0299 4744 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
09:11:36.0309 4744 vdrvroot - ok
09:11:36.0369 4744 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
09:11:36.0429 4744 vds - ok
09:11:36.0519 4744 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
09:11:36.0529 4744 vga - ok
09:11:36.0529 4744 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
09:11:36.0539 4744 VgaSave - ok
09:11:36.0779 4744 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
09:11:36.0859 4744 vhdmp - ok
09:11:36.0909 4744 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
09:11:36.0919 4744 viaagp - ok
09:11:36.0969 4744 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
09:11:36.0979 4744 ViaC7 - ok
09:11:37.0059 4744 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
09:11:37.0069 4744 viaide - ok
09:11:37.0129 4744 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
09:11:37.0199 4744 vmbus - ok
09:11:37.0269 4744 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
09:11:37.0339 4744 VMBusHID - ok
09:11:37.0399 4744 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
09:11:37.0509 4744 volmgr - ok
09:11:37.0869 4744 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
09:11:37.0919 4744 volmgrx - ok
09:11:37.0999 4744 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
09:11:38.0069 4744 volsnap - ok
09:11:38.0149 4744 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
09:11:38.0149 4744 vsmraid - ok
09:11:38.0359 4744 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
09:11:38.0369 4744 VSS - ok
09:11:38.0369 4744 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
09:11:38.0379 4744 vwifibus - ok
09:11:38.0379 4744 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
09:11:38.0389 4744 vwififlt - ok
09:11:38.0459 4744 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
09:11:38.0479 4744 W32Time - ok
09:11:38.0529 4744 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
09:11:38.0539 4744 WacomPen - ok
09:11:38.0639 4744 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
09:11:38.0749 4744 WANARP - ok
09:11:38.0749 4744 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
09:11:38.0749 4744 Wanarpv6 - ok
09:11:39.0119 4744 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
09:11:39.0209 4744 WatAdminSvc - ok
09:11:40.0519 4744 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
09:11:40.0579 4744 wbengine - ok
09:11:40.0709 4744 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
09:11:40.0729 4744 WbioSrvc - ok
09:11:40.0869 4744 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
09:11:40.0939 4744 wcncsvc - ok
09:11:40.0969 4744 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
09:11:40.0979 4744 WcsPlugInService - ok
09:11:41.0469 4744 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
09:11:41.0479 4744 Wd - ok
09:11:41.0539 4744 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
09:11:41.0559 4744 Wdf01000 - ok
09:11:41.0609 4744 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
09:11:41.0619 4744 WdiServiceHost - ok
09:11:41.0629 4744 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
09:11:41.0639 4744 WdiSystemHost - ok
09:11:41.0699 4744 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
09:11:41.0749 4744 WebClient - ok
09:11:42.0009 4744 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
09:11:42.0059 4744 Wecsvc - ok
09:11:42.0159 4744 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
09:11:42.0169 4744 wercplsupport - ok
09:11:42.0239 4744 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
09:11:42.0259 4744 WerSvc - ok
09:11:42.0289 4744 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
09:11:42.0289 4744 WfpLwf - ok
09:11:42.0299 4744 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
09:11:42.0309 4744 WIMMount - ok
09:11:42.0669 4744 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
09:11:42.0719 4744 WinDefend - ok
09:11:42.0739 4744 WinHttpAutoProxySvc - ok
09:11:43.0198 4744 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
09:11:43.0208 4744 Winmgmt - ok
09:11:43.0458 4744 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
09:11:43.0548 4744 WinRM - ok
09:11:43.0758 4744 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
09:11:43.0828 4744 Wlansvc - ok
09:11:44.0168 4744 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:11:44.0208 4744 wlcrasvc - ok
09:11:44.0648 4744 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:11:44.0708 4744 wlidsvc - ok
09:11:44.0768 4744 wltrysvc (54950d34613936fee2d50fdc8a810feb) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
09:11:44.0808 4744 wltrysvc - ok
09:11:45.0926 4744 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
09:11:45.0936 4744 WmiAcpi - ok
09:11:46.0546 4744 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
09:11:46.0556 4744 wmiApSrv - ok
09:11:46.0886 4744 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
09:11:46.0946 4744 WMPNetworkSvc - ok
09:11:47.0525 4744 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
09:11:47.0525 4744 WPCSvc - ok
09:11:47.0605 4744 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
09:11:47.0635 4744 WPDBusEnum - ok
09:11:48.0435 4744 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
09:11:48.0445 4744 ws2ifsl - ok
09:11:48.0565 4744 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
09:11:48.0575 4744 wscsvc - ok
09:11:48.0585 4744 WSearch - ok
09:11:49.0025 4744 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
09:11:49.0095 4744 wuauserv - ok
09:11:50.0805 4744 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
09:11:50.0895 4744 WudfPf - ok
09:11:50.0995 4744 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:11:51.0085 4744 WUDFRd - ok
09:11:51.0167 4744 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
09:11:51.0217 4744 wudfsvc - ok
09:11:51.0297 4744 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
09:11:51.0317 4744 WwanSvc - ok
09:11:51.0437 4744 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
09:11:51.0917 4744 \Device\Harddisk0\DR0 - ok
09:11:51.0927 4744 Boot (0x1200) (4146df3ab508ed5325078f6bb77d1084) \Device\Harddisk0\DR0\Partition0
09:11:51.0927 4744 \Device\Harddisk0\DR0\Partition0 - ok
09:11:51.0967 4744 Boot (0x1200) (6970630a7189651d5e495f5ce74929cf) \Device\Harddisk0\DR0\Partition1
09:11:51.0977 4744 \Device\Harddisk0\DR0\Partition1 - ok
09:11:51.0977 4744 ============================================================
09:11:51.0977 4744 Scan finished
09:11:51.0977 4744 ============================================================
09:11:51.0997 2644 Detected object count: 0
09:11:51.0997 2644 Actual detected object count: 0





anwMBR Report

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-06 09:16:46
-----------------------------
09:16:46.085 OS Version: Windows 6.1.7601 Service Pack 1
09:16:46.085 Number of processors: 4 586 0x2A07
09:16:46.085 ComputerName: CANDY-PC UserName: Candy
09:16:47.567 Initialize success
09:17:25.130 AVAST engine defs: 12070600
09:17:31.354 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:17:31.354 Disk 0 Vendor: TOSHIBA_ MC00 Size: 305245MB BusType: 3
09:17:31.370 Disk 0 MBR read successfully
09:17:31.370 Disk 0 MBR scan
09:17:31.401 Disk 0 Windows VISTA default MBR code
09:17:31.401 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
09:17:31.416 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 752 MB offset 81920
09:17:31.432 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 304452 MB offset 1622016
09:17:31.448 Disk 0 scanning sectors +625139712
09:17:31.541 Disk 0 scanning C:\Windows\system32\drivers
09:17:47.875 Service scanning
09:18:33.880 Modules scanning
09:18:51.711 Disk 0 trace - called modules:
09:18:52.091 ntkrnlpa.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys halmacpi.dll iaStor.sys
09:18:52.101 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87bda818]
09:18:52.111 3 CLASSPNP.SYS[8be0459e] -> nt!IofCallDriver -> [0x87bdad70]
09:18:52.131 5 stdcfltn.sys[8c1ed896] -> nt!IofCallDriver -> [0x86a70330]
09:18:52.131 7 ACPI.sys[8b8c43d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8606f028]
09:18:54.371 AVAST engine scan C:\Windows
09:19:05.193 AVAST engine scan C:\Windows\system32
09:23:51.060 AVAST engine scan C:\Windows\system32\drivers
09:24:13.543 AVAST engine scan C:\Users\Candy
09:35:37.114 File: C:\Users\Candy\Downloads\Xvid_130_RC1_02012011_Setup.exe **INFECTED** Win32:Adware-gen [Adw]
09:35:40.063 AVAST engine scan C:\ProgramData
09:38:28.499 File: C:\ProgramData\Microsoft\Windows\DRM\6875.tmp **INFECTED** Win32:Crypt-NBS [Trj]
09:39:44.052 Scan finished successfully
19:18:01.322 Disk 0 MBR has been saved successfully to "C:\Users\Candy\Desktop\MBR.dat"
19:18:01.382 The log file has been saved successfully to "C:\Users\Candy\Desktop\aswMBR.txt"

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:38 AM

Posted 07 July 2012 - 12:51 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\programdata\Microsoft\Windows\DRM

File::
c:\windows\system32\drivers\vvwvglft.sys
c:\windows\system32\drivers\pcmkbqkt.sys
c:\windows\system32\drivers\hndggena.sys
c:\windows\system32\drivers\hotmiwwa.sys
c:\windows\system32\drivers\tsdzjzzd.sys

DDS::
uStart Page = hxxp://search.babylon.com/?affID=110014&tt=050412_30b&babsrc=HP_ss&mntrId=041dc9ce000000000000c0f8da90b80e

Driver::
O2MDFRDR

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gbalestr

gbalestr
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 07 July 2012 - 10:47 AM

Hey Gringo,

Computer seems to be doing okay. Here are the results.


ComboFix 12-07-05.04 - Candy 07/07/2012 9:18.2.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3241.1991 [GMT -4:00]
Running from: c:\users\Candy\Downloads\ComboFix.exe
Command switches used :: c:\users\Candy\Desktop\cfScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\hndggena.sys"
"c:\windows\system32\drivers\hotmiwwa.sys"
"c:\windows\system32\drivers\pcmkbqkt.sys"
"c:\windows\system32\drivers\tsdzjzzd.sys"
"c:\windows\system32\drivers\vvwvglft.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM
c:\programdata\Microsoft\Windows\DRM\6875.tmp
c:\programdata\Microsoft\Windows\DRM\blackbox.bin
c:\programdata\Microsoft\Windows\DRM\drmstore.hds
c:\programdata\Microsoft\Windows\DRM\v3ks.bla
c:\programdata\Microsoft\Windows\DRM\v3ks.sec
c:\windows\system32\drivers\hndggena.sys
c:\windows\system32\drivers\hotmiwwa.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\drivers\pcmkbqkt.sys
c:\windows\system32\drivers\tsdzjzzd.sys
c:\windows\system32\drivers\vvwvglft.sys
c:\windows\system32\instsrv.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_O2MDFRDR
.
.
((((((((((((((((((((((((( Files Created from 2012-06-07 to 2012-07-07 )))))))))))))))))))))))))))))))
.
.
2012-07-07 13:29 . 2012-07-07 13:32 -------- d-----w- c:\users\Candy\AppData\Local\temp
2012-07-07 13:29 . 2012-07-07 13:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-07 13:10 . 2012-07-07 13:31 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0B758434-0C14-4377-81C5-AB3BF7F5208E}\offreg.dll
2012-07-07 07:13 . 2012-05-31 00:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0B758434-0C14-4377-81C5-AB3BF7F5208E}\mpengine.dll
2012-07-06 04:14 . 2012-05-31 00:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-05 02:02 . 2012-07-06 01:46 -------- d-----w- C:\FRST
2012-07-05 01:37 . 2012-07-05 01:37 -------- d-----w- C:\5a6cdeef52d7420137af08
2012-07-05 01:33 . 2012-07-05 01:33 -------- d-----w- C:\961649abdcb119c8f46db4f351a23c
2012-07-04 04:37 . 2012-07-04 04:37 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6256DEB7-FCDE-467B-969E-0393D35620C7}\gapaengine.dll
2012-07-04 04:33 . 2012-07-04 04:34 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-04 04:32 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-07-04 04:13 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-07-04 04:13 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-07-04 04:13 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-07-04 04:10 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-07-04 04:10 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-07-04 04:09 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-04 04:09 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 03:47 . 2012-07-04 03:47 -------- d-----w- c:\windows\system32\SPReview
2012-07-04 03:46 . 2012-07-04 03:46 -------- d-----w- c:\windows\system32\EventProviders
2012-07-04 03:42 . 2012-07-04 03:42 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-04 02:40 . 2012-07-04 02:42 -------- d-----w- c:\programdata\McAfee Anti-Theft
2012-07-04 02:37 . 2012-07-07 13:10 -------- d-----w- c:\program files\McAfee
2012-07-04 02:30 . 2012-05-25 21:13 151912 ----a-w- c:\windows\system32\mfevtps.exe
2012-07-04 02:30 . 2012-07-04 03:06 -------- d-----w- c:\programdata\McAfee
2012-07-02 20:35 . 2012-07-02 20:35 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-02 20:28 . 2012-07-02 20:28 -------- d-----w- c:\windows\Sun
2012-06-19 22:26 . 2012-06-19 22:26 -------- d-----w- c:\users\Default\AppData\Local\Trusteer
2012-06-14 11:05 . 2012-06-14 11:05 -------- d-----w- c:\users\Candy\AppData\Local\Trusteer
2012-06-14 11:05 . 2012-06-14 11:05 -------- d-----w- c:\program files\Trusteer
2012-06-14 11:04 . 2012-06-14 11:04 -------- d-----w- c:\programdata\Trusteer
2012-06-09 01:42 . 2012-06-09 01:42 65720 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-06-08 23:17 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-08 23:17 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-08 23:17 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-08 23:17 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-08 23:17 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-08 23:17 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-04 03:55 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-05-08 16:40 . 2012-06-08 23:20 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{29E99306-86D1-4A37-961E-9D3D35C800AD}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-03-04 21:07 120184 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 00:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 00:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 00:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-03-04 21:07 120184 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-05 488816]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-01-25 536668]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 143384]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 177176]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 178200]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2011-01-15 5955072]
"FreeFallProtection"="c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]
"McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 419904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1459056]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2011-6-8 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2010-09-15 16:11 1971536 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^Candy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^eFax 4.4.lnk]
path=c:\users\Candy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk
backup=c:\windows\pss\eFax 4.4.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.4]
2010-07-02 18:24 95744 ----a-w- c:\program files\eFax Messenger 4.4\J2GDllCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R1 MpKslfac6e260;MpKslfac6e260;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AC41B74D-6790-46A7-833A-9D1FA91D0986}\MpKslfac6e260.sys [x]
R2 0090381341546617mcinstcleanup;McAfee Application Installer Cleanup (0090381341546617);c:\windows\TEMP\009038~1.EXE [x]
R2 O2SDIOAssist;O2SDIOAssist;c:\windows\system32\srvany.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [x]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_34302.sys [x]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [x]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [x]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]
S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [x]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [x]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files\Intel\Services\IPT\jhi_service.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7.sys [x]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-694695831-314743353-759112457-1000Core.job
- c:\users\Candy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-24 00:52]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-694695831-314743353-759112457-1000UA.job
- c:\users\Candy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-24 00:52]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(648)
c:\windows\system32\wvauth.DLL
.
- - - - - - - > 'Explorer.exe'(1880)
c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
c:\program files\McAfee Online Backup\MOBKshell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\IDT\WDM\STacSV.exe
c:\program files\Dell\DW WLAN Card\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Dell\DW WLAN Card\bcmwltry.exe
c:\program files\Common Files\SPBA\upeksvr.exe
c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\windows\system32\SDIOAssist.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\rundll32.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\windows\system32\conhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\DllHost.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\system32\vssvc.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
.
**************************************************************************
.
Completion time: 2012-07-07 09:40:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-07 13:40
ComboFix2.txt 2012-07-06 04:11
.
Pre-Run: 280,869,199,872 bytes free
Post-Run: 280,017,375,232 bytes free
.
- - End Of File - - 6483423A06FF264F88099FA4C94BE85E




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users