Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

URL redirecting - virus/malware/spyware?


  • This topic is locked This topic is locked
17 replies to this topic

#1 Nick_Nick

Nick_Nick

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 08 July 2012 - 05:27 PM

Whenever I perform a Google search and try to click on a link, I'm often taken to some strange website. My anti-virus immediately blocks the website. I have downloaded and run Malwarebytes in safe mode, which did remove several problems, but not this specific issue. My anti-virus has also not located or removed it.

I could not get DDS to open and run properly. My computer kept thinking it was a script file and would not allow me to run it as stated in the preparation guide.

Attached Files

  • Attached File  ark.txt   48.83KB   3 downloads


BC AdBot (Login to Remove)

 


#2 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:07:22 AM

Posted 12 July 2012 - 03:37 PM

Hello Nick_Nick and welcome to Bleeping Computer!

I am D-FRED-BROWN and I will be helping you. :)


Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.


----------Step 1----------------
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.


----------Step 3----------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 4----------------
In your next reply, please include the following:
  • TDSSKiller's logfile
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt
After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#3 Nick_Nick

Nick_Nick
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 13 July 2012 - 10:47 AM

Step 1 - TDSS Killer
Here are the results of the TDSS scan. It found 1 threat, "Cure" was not listed in the options.

10:44:24.0324 4956 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
10:44:25.0635 4956 ============================================================
10:44:25.0635 4956 Current date / time: 2012/07/13 10:44:25.0635
10:44:25.0635 4956 SystemInfo:
10:44:25.0635 4956
10:44:25.0635 4956 OS Version: 6.0.6002 ServicePack: 2.0
10:44:25.0635 4956 Product type: Workstation
10:44:25.0635 4956 ComputerName: NLR-2-PC
10:44:25.0635 4956 UserName: NLR-2
10:44:25.0635 4956 Windows directory: C:\Windows
10:44:25.0635 4956 System windows directory: C:\Windows
10:44:25.0635 4956 Processor architecture: Intel x86
10:44:25.0635 4956 Number of processors: 2
10:44:25.0635 4956 Page size: 0x1000
10:44:25.0635 4956 Boot type: Normal boot
10:44:25.0635 4956 ============================================================
10:44:31.0173 4956 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:44:31.0188 4956 Drive \Device\Harddisk1\DR1 - Size: 0x1D1BF100000 (1862.99 Gb), SectorSize: 0x200, Cylinders: 0x3B5FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:44:31.0188 4956 ============================================================
10:44:31.0188 4956 \Device\Harddisk0\DR0:
10:44:31.0188 4956 MBR partitions:
10:44:31.0188 4956 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
10:44:31.0188 4956 ============================================================
10:44:31.0219 4956 C: <-> \Device\Harddisk0\DR0\Partition0
10:44:31.0219 4956 ============================================================
10:44:31.0219 4956 Initialize success
10:44:31.0219 4956 ============================================================
10:44:44.0152 3672 ============================================================
10:44:44.0152 3672 Scan started
10:44:44.0152 3672 Mode: Manual;
10:44:44.0152 3672 ============================================================
10:44:46.0258 3672 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
10:44:46.0258 3672 ACDaemon - ok
10:44:46.0414 3672 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
10:44:46.0445 3672 ACPI - ok
10:44:46.0523 3672 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:44:46.0523 3672 AdobeFlashPlayerUpdateSvc - ok
10:44:46.0617 3672 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
10:44:46.0663 3672 adp94xx - ok
10:44:46.0726 3672 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
10:44:46.0788 3672 adpahci - ok
10:44:46.0851 3672 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
10:44:46.0897 3672 adpu160m - ok
10:44:46.0944 3672 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
10:44:47.0007 3672 adpu320 - ok
10:44:47.0069 3672 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
10:44:47.0147 3672 AeLookupSvc - ok
10:44:47.0241 3672 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
10:44:47.0319 3672 AFD - ok
10:44:47.0381 3672 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
10:44:47.0412 3672 agp440 - ok
10:44:47.0475 3672 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
10:44:47.0521 3672 aic78xx - ok
10:44:47.0849 3672 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files\common files\akamai/netsession_win_4f7fccd.dll
10:44:47.0849 3672 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
10:44:47.0865 3672 Akamai ( HiddenFile.Multi.Generic ) - warning
10:44:47.0865 3672 Akamai - detected HiddenFile.Multi.Generic (1)
10:44:48.0099 3672 aksfridge (45f65f2f7ae28e5e56ab64e3ac61bd52) C:\Windows\system32\DRIVERS\aksfridge.sys
10:44:48.0177 3672 aksfridge - ok
10:44:48.0270 3672 akshasp (64fc197d24a2b240598f29ce0a6660c0) C:\Windows\system32\DRIVERS\akshasp.sys
10:44:48.0348 3672 akshasp - ok
10:44:48.0379 3672 akshhl (147b61b81be1ffc38939ea47e5cfb51f) C:\Windows\system32\DRIVERS\akshhl.sys
10:44:48.0395 3672 akshhl - ok
10:44:48.0504 3672 aksusb (cce6c56f18d214de8d66f3f2a774cd5b) C:\Windows\system32\DRIVERS\aksusb.sys
10:44:48.0504 3672 aksusb - ok
10:44:48.0535 3672 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
10:44:48.0613 3672 ALG - ok
10:44:48.0645 3672 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
10:44:48.0691 3672 aliide - ok
10:44:48.0754 3672 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
10:44:48.0769 3672 amdagp - ok
10:44:48.0801 3672 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
10:44:48.0832 3672 amdide - ok
10:44:48.0847 3672 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
10:44:48.0894 3672 AmdK7 - ok
10:44:48.0910 3672 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
10:44:48.0941 3672 AmdK8 - ok
10:44:49.0128 3672 Amsp (feb0b5022c012a4a68dabcb711faff03) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
10:44:49.0144 3672 Amsp - ok
10:44:49.0175 3672 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
10:44:49.0222 3672 ApfiltrService - ok
10:44:49.0269 3672 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
10:44:49.0284 3672 Appinfo - ok
10:44:49.0331 3672 AppMgmt (0fe769cae5855b53c90e23f85e7e89ff) C:\Windows\System32\appmgmts.dll
10:44:49.0409 3672 AppMgmt - ok
10:44:49.0518 3672 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
10:44:49.0565 3672 arc - ok
10:44:49.0643 3672 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
10:44:49.0721 3672 arcsas - ok
10:44:49.0768 3672 ASFIPmon (7591238ebf7dd1fd13b353c382227dc3) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
10:44:49.0768 3672 ASFIPmon - ok
10:44:49.0877 3672 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:44:49.0893 3672 aspnet_state - ok
10:44:49.0939 3672 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
10:44:49.0986 3672 AsyncMac - ok
10:44:50.0017 3672 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
10:44:50.0017 3672 atapi - ok
10:44:50.0064 3672 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
10:44:50.0142 3672 AudioEndpointBuilder - ok
10:44:50.0142 3672 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
10:44:50.0142 3672 Audiosrv - ok
10:44:50.0205 3672 b57nd60x (0b92ccf7bfcbe2b33838434f2f50cb61) C:\Windows\system32\DRIVERS\b57nd60x.sys
10:44:50.0251 3672 b57nd60x - ok
10:44:50.0267 3672 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
10:44:50.0314 3672 BASFND - ok
10:44:50.0392 3672 BCM42RLY (57a52ee74fd55c590f209925088cb68b) C:\Windows\system32\drivers\BCM42RLY.sys
10:44:50.0439 3672 BCM42RLY - ok
10:44:50.0704 3672 BCM43XX (2cb2131839c4e98839e73a24bc1fe0c6) C:\Windows\system32\DRIVERS\bcmwl6.sys
10:44:50.0907 3672 BCM43XX - ok
10:44:51.0031 3672 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
10:44:51.0047 3672 Beep - ok
10:44:51.0109 3672 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
10:44:51.0156 3672 BFE - ok
10:44:51.0281 3672 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
10:44:51.0343 3672 BITS - ok
10:44:51.0343 3672 blbdrive - ok
10:44:51.0390 3672 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
10:44:51.0437 3672 bowser - ok
10:44:51.0515 3672 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
10:44:51.0531 3672 BrFiltLo - ok
10:44:51.0562 3672 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
10:44:51.0593 3672 BrFiltUp - ok
10:44:51.0640 3672 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
10:44:51.0687 3672 Browser - ok
10:44:51.0733 3672 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
10:44:51.0780 3672 Brserid - ok
10:44:51.0796 3672 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
10:44:51.0858 3672 BrSerWdm - ok
10:44:51.0905 3672 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
10:44:51.0936 3672 BrUsbMdm - ok
10:44:51.0952 3672 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
10:44:51.0983 3672 BrUsbSer - ok
10:44:52.0030 3672 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
10:44:52.0061 3672 BthEnum - ok
10:44:52.0108 3672 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
10:44:52.0155 3672 BTHMODEM - ok
10:44:52.0217 3672 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
10:44:52.0233 3672 BthPan - ok
10:44:52.0342 3672 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
10:44:52.0389 3672 BTHPORT - ok
10:44:52.0435 3672 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
10:44:52.0435 3672 BthServ - ok
10:44:52.0451 3672 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
10:44:52.0467 3672 BTHUSB - ok
10:44:52.0529 3672 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
10:44:52.0560 3672 cdfs - ok
10:44:52.0607 3672 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
10:44:53.0683 3672 cdrom - ok
10:44:53.0761 3672 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
10:44:53.0808 3672 CertPropSvc - ok
10:44:53.0839 3672 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
10:44:53.0871 3672 circlass - ok
10:44:53.0917 3672 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
10:44:53.0949 3672 CLFS - ok
10:44:54.0011 3672 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:44:54.0042 3672 clr_optimization_v2.0.50727_32 - ok
10:44:54.0105 3672 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:44:54.0120 3672 clr_optimization_v4.0.30319_32 - ok
10:44:54.0151 3672 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
10:44:54.0183 3672 CmBatt - ok
10:44:54.0229 3672 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
10:44:54.0276 3672 cmdide - ok
10:44:54.0307 3672 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
10:44:54.0339 3672 Compbatt - ok
10:44:54.0354 3672 COMSysApp - ok
10:44:54.0370 3672 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
10:44:54.0417 3672 crcdisk - ok
10:44:54.0448 3672 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
10:44:54.0448 3672 Crusoe - ok
10:44:54.0541 3672 CrypKey License (2177a0f611584bca1dfdd7eeb35c0224) C:\Windows\system32\crypserv.exe
10:44:54.0588 3672 CrypKey License - ok
10:44:54.0682 3672 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
10:44:54.0682 3672 CryptSvc - ok
10:44:54.0729 3672 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
10:44:54.0791 3672 CSC - ok
10:44:54.0822 3672 CscService (0a2095f92f6ae4fe6484d911b0c21e95) C:\Windows\System32\cscsvc.dll
10:44:54.0822 3672 CscService - ok
10:44:54.0916 3672 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
10:44:54.0947 3672 DcomLaunch - ok
10:44:55.0009 3672 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
10:44:55.0025 3672 DfsC - ok
10:44:55.0165 3672 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
10:44:55.0290 3672 DFSR - ok
10:44:55.0446 3672 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
10:44:55.0446 3672 Dhcp - ok
10:44:55.0524 3672 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
10:44:55.0540 3672 disk - ok
10:44:55.0602 3672 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\Windows\system32\DLA\DLABMFSM.SYS
10:44:55.0665 3672 DLABMFSM - ok
10:44:55.0680 3672 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\Windows\system32\DLA\DLABOIOM.SYS
10:44:55.0696 3672 DLABOIOM - ok
10:44:55.0774 3672 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
10:44:55.0805 3672 DLACDBHM - ok
10:44:55.0836 3672 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\Windows\system32\DLA\DLADResM.SYS
10:44:55.0852 3672 DLADResM - ok
10:44:55.0867 3672 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\Windows\system32\DLA\DLAIFS_M.SYS
10:44:55.0899 3672 DLAIFS_M - ok
10:44:55.0899 3672 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\Windows\system32\DLA\DLAOPIOM.SYS
10:44:55.0945 3672 DLAOPIOM - ok
10:44:55.0945 3672 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\Windows\system32\DLA\DLAPoolM.SYS
10:44:55.0961 3672 DLAPoolM - ok
10:44:55.0992 3672 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\Windows\system32\Drivers\DLARTL_M.SYS
10:44:55.0992 3672 DLARTL_M - ok
10:44:56.0008 3672 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\Windows\system32\DLA\DLAUDFAM.SYS
10:44:56.0055 3672 DLAUDFAM - ok
10:44:56.0086 3672 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\Windows\system32\DLA\DLAUDF_M.SYS
10:44:56.0117 3672 DLAUDF_M - ok
10:44:56.0195 3672 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
10:44:56.0226 3672 Dnscache - ok
10:44:56.0273 3672 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
10:44:56.0320 3672 dot3svc - ok
10:44:56.0382 3672 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
10:44:56.0382 3672 DPS - ok
10:44:56.0413 3672 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
10:44:56.0445 3672 drmkaud - ok
10:44:56.0491 3672 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\Windows\system32\Drivers\DRVMCDB.SYS
10:44:56.0507 3672 DRVMCDB - ok
10:44:56.0507 3672 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
10:44:56.0554 3672 DRVNDDM - ok
10:44:56.0616 3672 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
10:44:56.0710 3672 DXGKrnl - ok
10:44:56.0772 3672 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
10:44:56.0819 3672 E1G60 - ok
10:44:56.0866 3672 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
10:44:56.0913 3672 EapHost - ok
10:44:56.0991 3672 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
10:44:57.0037 3672 Ecache - ok
10:44:57.0131 3672 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
10:44:57.0287 3672 elxstor - ok
10:44:57.0365 3672 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
10:44:57.0396 3672 EMDMgmt - ok
10:44:57.0459 3672 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
10:44:57.0537 3672 EventSystem - ok
10:44:57.0583 3672 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
10:44:57.0599 3672 exfat - ok
10:44:57.0661 3672 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
10:44:57.0693 3672 fastfat - ok
10:44:57.0771 3672 Fax (dfba0f60fa301e5b1bfb1403a93ee23e) C:\Windows\system32\fxssvc.exe
10:44:57.0802 3672 Fax - ok
10:44:57.0880 3672 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
10:44:57.0927 3672 fdc - ok
10:44:57.0973 3672 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
10:44:58.0005 3672 fdPHost - ok
10:44:58.0036 3672 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
10:44:58.0083 3672 FDResPub - ok
10:44:58.0098 3672 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
10:44:58.0145 3672 FileInfo - ok
10:44:58.0161 3672 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
10:44:58.0192 3672 Filetrace - ok
10:44:58.0332 3672 FLEXnet Licensing Service (d60ef46dc0e757fe5eb579db95b88954) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:44:58.0426 3672 FLEXnet Licensing Service - ok
10:44:58.0473 3672 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
10:44:58.0473 3672 flpydisk - ok
10:44:58.0519 3672 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
10:44:58.0566 3672 FltMgr - ok
10:44:58.0863 3672 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
10:44:58.0956 3672 FontCache - ok
10:44:59.0034 3672 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:44:59.0050 3672 FontCache3.0.0.0 - ok
10:44:59.0081 3672 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
10:44:59.0112 3672 Fs_Rec - ok
10:44:59.0175 3672 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
10:44:59.0206 3672 gagp30kx - ok
10:44:59.0299 3672 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
10:44:59.0299 3672 GoToAssist - ok
10:44:59.0377 3672 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
10:44:59.0440 3672 gpsvc - ok
10:44:59.0487 3672 guardian2 (c0bdab85f3e8b2138c513255e2bcc4d8) C:\Windows\system32\Drivers\oz776.sys
10:44:59.0533 3672 guardian2 - ok
10:44:59.0596 3672 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
10:44:59.0596 3672 gupdate - ok
10:44:59.0596 3672 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
10:44:59.0596 3672 gupdatem - ok
10:44:59.0689 3672 hardlock (995178a443b07fa9eeaea041d7b4b5ca) C:\Windows\system32\drivers\hardlock.sys
10:44:59.0830 3672 hardlock - ok
10:44:59.0861 3672 hasplms - ok
10:44:59.0923 3672 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
10:44:59.0970 3672 HdAudAddService - ok
10:45:00.0048 3672 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:45:00.0126 3672 HDAudBus - ok
10:45:00.0173 3672 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
10:45:00.0189 3672 HidBth - ok
10:45:00.0220 3672 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
10:45:00.0267 3672 HidIr - ok
10:45:00.0313 3672 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
10:45:00.0329 3672 hidserv - ok
10:45:00.0345 3672 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
10:45:00.0376 3672 HidUsb - ok
10:45:00.0423 3672 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
10:45:00.0454 3672 hkmsvc - ok
10:45:00.0516 3672 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
10:45:00.0579 3672 HpCISSs - ok
10:45:00.0641 3672 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
10:45:00.0703 3672 HSFHWAZL - ok
10:45:00.0813 3672 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
10:45:00.0937 3672 HSF_DPV - ok
10:45:00.0984 3672 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
10:45:01.0031 3672 HSXHWAZL - ok
10:45:01.0125 3672 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
10:45:01.0187 3672 HTTP - ok
10:45:01.0249 3672 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
10:45:01.0281 3672 i2omp - ok
10:45:01.0343 3672 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
10:45:01.0390 3672 i8042prt - ok
10:45:01.0468 3672 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
10:45:01.0577 3672 iaStorV - ok
10:45:01.0717 3672 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:45:01.0749 3672 idsvc - ok
10:45:01.0967 3672 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
10:45:02.0061 3672 igfx - ok
10:45:02.0201 3672 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
10:45:02.0279 3672 iirsp - ok
10:45:02.0357 3672 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
10:45:02.0373 3672 IKEEXT - ok
10:45:02.0404 3672 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
10:45:02.0435 3672 intelide - ok
10:45:02.0466 3672 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
10:45:02.0466 3672 intelppm - ok
10:45:02.0497 3672 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
10:45:02.0544 3672 IPBusEnum - ok
10:45:02.0575 3672 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:45:02.0591 3672 IpFilterDriver - ok
10:45:02.0638 3672 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
10:45:02.0685 3672 iphlpsvc - ok
10:45:02.0685 3672 IpInIp - ok
10:45:02.0731 3672 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
10:45:02.0778 3672 IPMIDRV - ok
10:45:02.0841 3672 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
10:45:02.0887 3672 IPNAT - ok
10:45:02.0903 3672 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
10:45:02.0919 3672 IRENUM - ok
10:45:02.0965 3672 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
10:45:02.0981 3672 isapnp - ok
10:45:03.0043 3672 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
10:45:03.0090 3672 iScsiPrt - ok
10:45:03.0106 3672 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
10:45:03.0137 3672 iteatapi - ok
10:45:03.0153 3672 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
10:45:03.0184 3672 iteraid - ok
10:45:03.0231 3672 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:45:03.0277 3672 kbdclass - ok
10:45:03.0324 3672 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
10:45:03.0355 3672 kbdhid - ok
10:45:03.0402 3672 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
10:45:03.0418 3672 KeyIso - ok
10:45:03.0496 3672 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
10:45:03.0511 3672 KSecDD - ok
10:45:03.0621 3672 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
10:45:03.0667 3672 KtmRm - ok
10:45:03.0730 3672 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
10:45:03.0761 3672 LanmanServer - ok
10:45:03.0823 3672 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
10:45:03.0933 3672 LanmanWorkstation - ok
10:45:04.0104 3672 LBTServ (ab097d0f93b30a6d79d430422ac6a7e8) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
10:45:04.0151 3672 LBTServ - ok
10:45:04.0229 3672 LEqdUsb (ed8f9311cae12c41a58dae2ea6d6c849) C:\Windows\system32\Drivers\LEqdUsb.Sys
10:45:04.0276 3672 LEqdUsb - ok
10:45:04.0323 3672 LHidEqd (9943f10c60eaf714c7010b37025a5ac5) C:\Windows\system32\Drivers\LHidEqd.Sys
10:45:04.0354 3672 LHidEqd - ok
10:45:04.0401 3672 LHidFilt (b68309f25c5787385da842eb5b496958) C:\Windows\system32\DRIVERS\LHidFilt.Sys
10:45:04.0416 3672 LHidFilt - ok
10:45:04.0447 3672 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
10:45:04.0479 3672 lltdio - ok
10:45:04.0510 3672 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
10:45:04.0541 3672 lltdsvc - ok
10:45:04.0588 3672 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
10:45:04.0619 3672 lmhosts - ok
10:45:04.0650 3672 LMouFilt (63d3b1d3cd267fcc186a0146b80d453b) C:\Windows\system32\DRIVERS\LMouFilt.Sys
10:45:04.0681 3672 LMouFilt - ok
10:45:04.0728 3672 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
10:45:04.0775 3672 LSI_FC - ok
10:45:04.0791 3672 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
10:45:04.0837 3672 LSI_SAS - ok
10:45:04.0900 3672 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
10:45:04.0915 3672 LSI_SCSI - ok
10:45:04.0978 3672 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
10:45:04.0993 3672 luafv - ok
10:45:05.0025 3672 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
10:45:05.0040 3672 MBAMProtector - ok
10:45:05.0149 3672 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:45:05.0227 3672 MBAMService - ok
10:45:05.0274 3672 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
10:45:05.0305 3672 mdmxsdk - ok
10:45:05.0352 3672 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
10:45:05.0383 3672 megasas - ok
10:45:05.0446 3672 Microsoft SharePoint Workspace Audit Service - ok
10:45:05.0508 3672 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
10:45:05.0539 3672 MMCSS - ok
10:45:05.0617 3672 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
10:45:05.0649 3672 Modem - ok
10:45:05.0680 3672 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
10:45:05.0727 3672 monitor - ok
10:45:05.0758 3672 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
10:45:05.0820 3672 mouclass - ok
10:45:05.0836 3672 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
10:45:05.0883 3672 mouhid - ok
10:45:05.0929 3672 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
10:45:05.0992 3672 MountMgr - ok
10:45:06.0023 3672 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
10:45:06.0085 3672 mpio - ok
10:45:06.0117 3672 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
10:45:06.0132 3672 mpsdrv - ok
10:45:06.0226 3672 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
10:45:06.0304 3672 MpsSvc - ok
10:45:06.0335 3672 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
10:45:06.0366 3672 Mraid35x - ok
10:45:06.0413 3672 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
10:45:06.0429 3672 MRxDAV - ok
10:45:06.0491 3672 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:45:06.0491 3672 mrxsmb - ok
10:45:06.0538 3672 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:45:06.0538 3672 mrxsmb10 - ok
10:45:06.0569 3672 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:45:06.0569 3672 mrxsmb20 - ok
10:45:06.0616 3672 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
10:45:06.0631 3672 msahci - ok
10:45:06.0694 3672 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
10:45:06.0725 3672 msdsm - ok
10:45:06.0787 3672 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
10:45:06.0819 3672 MSDTC - ok
10:45:06.0881 3672 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
10:45:06.0881 3672 Msfs - ok
10:45:06.0928 3672 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
10:45:06.0959 3672 msisadrv - ok
10:45:07.0006 3672 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
10:45:07.0037 3672 MSiSCSI - ok
10:45:07.0037 3672 msiserver - ok
10:45:07.0099 3672 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
10:45:07.0131 3672 MSKSSRV - ok
10:45:07.0177 3672 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
10:45:07.0193 3672 MSPCLOCK - ok
10:45:07.0209 3672 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
10:45:07.0240 3672 MSPQM - ok
10:45:07.0302 3672 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
10:45:07.0302 3672 MsRPC - ok
10:45:07.0333 3672 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
10:45:07.0333 3672 mssmbios - ok
10:45:07.0380 3672 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
10:45:07.0396 3672 MSTEE - ok
10:45:07.0443 3672 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
10:45:07.0474 3672 Mup - ok
10:45:07.0536 3672 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
10:45:07.0552 3672 napagent - ok
10:45:07.0630 3672 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
10:45:07.0692 3672 NativeWifiP - ok
10:45:07.0770 3672 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
10:45:07.0879 3672 NDIS - ok
10:45:07.0926 3672 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
10:45:07.0942 3672 NdisTapi - ok
10:45:07.0957 3672 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
10:45:07.0973 3672 Ndisuio - ok
10:45:07.0989 3672 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
10:45:08.0020 3672 NdisWan - ok
10:45:08.0020 3672 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
10:45:08.0082 3672 NDProxy - ok
10:45:08.0113 3672 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
10:45:08.0145 3672 NetBIOS - ok
10:45:08.0207 3672 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
10:45:08.0363 3672 netbt - ok
10:45:08.0394 3672 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
10:45:08.0394 3672 Netlogon - ok
10:45:08.0457 3672 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
10:45:08.0503 3672 Netman - ok
10:45:08.0597 3672 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:45:08.0597 3672 NetMsmqActivator - ok
10:45:08.0613 3672 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:45:08.0613 3672 NetPipeActivator - ok
10:45:08.0644 3672 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
10:45:08.0659 3672 netprofm - ok
10:45:08.0659 3672 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:45:08.0675 3672 NetTcpActivator - ok
10:45:08.0675 3672 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:45:08.0675 3672 NetTcpPortSharing - ok
10:45:08.0737 3672 NetworkX (9446d03271baf3496bbd2957d2732fd2) C:\Windows\System32\ckldrv.sys
10:45:08.0753 3672 NetworkX - ok
10:45:08.0784 3672 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
10:45:08.0815 3672 nfrd960 - ok
10:45:09.0455 3672 nicconfigsvc (4badaf74d1633b84e195038a52297dc2) C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
10:45:09.0471 3672 nicconfigsvc - ok
10:45:09.0517 3672 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
10:45:09.0533 3672 NlaSvc - ok
10:45:09.0580 3672 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
10:45:09.0627 3672 Npfs - ok
10:45:09.0673 3672 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
10:45:09.0705 3672 nsi - ok
10:45:09.0736 3672 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
10:45:09.0767 3672 nsiproxy - ok
10:45:09.0907 3672 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
10:45:09.0985 3672 Ntfs - ok
10:45:10.0048 3672 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
10:45:10.0063 3672 ntrigdigi - ok
10:45:10.0095 3672 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
10:45:10.0126 3672 Null - ok
10:45:10.0188 3672 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
10:45:10.0219 3672 nvraid - ok
10:45:10.0282 3672 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
10:45:10.0297 3672 nvstor - ok
10:45:10.0329 3672 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
10:45:10.0360 3672 nv_agp - ok
10:45:10.0360 3672 NwlnkFlt - ok
10:45:10.0375 3672 NwlnkFwd - ok
10:45:10.0422 3672 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
10:45:10.0438 3672 ohci1394 - ok
10:45:10.0531 3672 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:45:10.0547 3672 ose - ok
10:45:10.0797 3672 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:45:10.0875 3672 osppsvc - ok
10:45:11.0031 3672 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:45:11.0124 3672 p2pimsvc - ok
10:45:11.0140 3672 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:45:11.0140 3672 p2psvc - ok
10:45:11.0202 3672 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
10:45:11.0218 3672 Parport - ok
10:45:11.0249 3672 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
10:45:11.0296 3672 partmgr - ok
10:45:11.0296 3672 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
10:45:11.0327 3672 Parvdm - ok
10:45:11.0374 3672 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
10:45:11.0405 3672 PcaSvc - ok
10:45:11.0452 3672 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
10:45:11.0499 3672 pci - ok
10:45:11.0545 3672 pciide (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\drivers\pciide.sys
10:45:11.0561 3672 pciide - ok
10:45:11.0592 3672 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
10:45:11.0639 3672 pcmcia - ok
10:45:11.0748 3672 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
10:45:11.0795 3672 PEAUTH - ok
10:45:11.0967 3672 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
10:45:12.0013 3672 pla - ok
10:45:12.0185 3672 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
10:45:12.0247 3672 PlugPlay - ok
10:45:12.0341 3672 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:45:12.0357 3672 PNRPAutoReg - ok
10:45:12.0372 3672 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:45:12.0372 3672 PNRPsvc - ok
10:45:12.0419 3672 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
10:45:12.0450 3672 PolicyAgent - ok
10:45:12.0513 3672 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
10:45:12.0544 3672 PptpMiniport - ok
10:45:12.0591 3672 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
10:45:12.0622 3672 Processor - ok
10:45:12.0684 3672 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
10:45:12.0731 3672 ProfSvc - ok
10:45:12.0793 3672 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
10:45:12.0793 3672 ProtectedStorage - ok
10:45:12.0840 3672 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
10:45:12.0840 3672 PSched - ok
10:45:12.0871 3672 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
10:45:12.0934 3672 PxHelp20 - ok
10:45:13.0027 3672 QBCFMonitorService (4080e220eb20d87ae74d12570b8a8027) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
10:45:13.0105 3672 QBCFMonitorService - ok
10:45:13.0168 3672 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
10:45:13.0261 3672 QBFCService - ok
10:45:13.0433 3672 QBVSS (25fc19badf78b7fb1d835aac4b0b91a5) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
10:45:13.0558 3672 QBVSS - ok
10:45:13.0839 3672 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
10:45:13.0917 3672 ql2300 - ok
10:45:13.0948 3672 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
10:45:13.0963 3672 ql40xx - ok
10:45:14.0026 3672 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
10:45:14.0073 3672 QWAVE - ok
10:45:14.0119 3672 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
10:45:14.0197 3672 QWAVEdrv - ok
10:45:14.0338 3672 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
10:45:14.0369 3672 RasAcd - ok
10:45:14.0416 3672 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
10:45:14.0416 3672 RasAuto - ok
10:45:14.0463 3672 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:45:14.0509 3672 Rasl2tp - ok
10:45:14.0572 3672 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
10:45:14.0603 3672 RasMan - ok
10:45:14.0650 3672 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
10:45:14.0697 3672 RasPppoe - ok
10:45:14.0697 3672 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
10:45:14.0728 3672 RasSstp - ok
10:45:14.0775 3672 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
10:45:14.0821 3672 rdbss - ok
10:45:14.0884 3672 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:45:14.0915 3672 RDPCDD - ok
10:45:14.0977 3672 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
10:45:14.0993 3672 rdpdr - ok
10:45:15.0055 3672 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
10:45:15.0102 3672 RDPENCDD - ok
10:45:15.0149 3672 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
10:45:15.0165 3672 RDPWD - ok
10:45:15.0227 3672 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
10:45:15.0227 3672 RemoteAccess - ok
10:45:15.0289 3672 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
10:45:15.0321 3672 RemoteRegistry - ok
10:45:15.0383 3672 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
10:45:15.0399 3672 RFCOMM - ok
10:45:15.0430 3672 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
10:45:15.0461 3672 RpcLocator - ok
10:45:15.0539 3672 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
10:45:15.0539 3672 RpcSs - ok
10:45:15.0570 3672 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
10:45:15.0617 3672 rspndr - ok
10:45:15.0633 3672 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
10:45:15.0633 3672 SamSs - ok
10:45:15.0695 3672 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
10:45:15.0726 3672 sbp2port - ok
10:45:15.0773 3672 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
10:45:15.0804 3672 SCardSvr - ok
10:45:15.0867 3672 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
10:45:15.0882 3672 Schedule - ok
10:45:15.0929 3672 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
10:45:15.0929 3672 SCPolicySvc - ok
10:45:15.0960 3672 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
10:45:15.0960 3672 SDRSVC - ok
10:45:16.0007 3672 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:45:16.0007 3672 secdrv - ok
10:45:16.0023 3672 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
10:45:16.0069 3672 seclogon - ok
10:45:16.0116 3672 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
10:45:16.0147 3672 SENS - ok
10:45:16.0179 3672 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
10:45:16.0210 3672 Serenum - ok
10:45:16.0288 3672 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
10:45:16.0319 3672 Serial - ok
10:45:16.0366 3672 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
10:45:16.0381 3672 sermouse - ok
10:45:16.0428 3672 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
10:45:16.0475 3672 SessionEnv - ok
10:45:16.0522 3672 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
10:45:16.0553 3672 sffdisk - ok
10:45:16.0569 3672 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
10:45:16.0600 3672 sffp_mmc - ok
10:45:16.0615 3672 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
10:45:16.0647 3672 sffp_sd - ok
10:45:16.0662 3672 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
10:45:16.0693 3672 sfloppy - ok
10:45:16.0756 3672 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
10:45:16.0818 3672 SharedAccess - ok
10:45:16.0865 3672 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
10:45:16.0974 3672 ShellHWDetection - ok
10:45:16.0990 3672 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
10:45:17.0021 3672 sisagp - ok
10:45:17.0068 3672 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
10:45:17.0099 3672 SiSRaid2 - ok
10:45:17.0130 3672 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
10:45:17.0161 3672 SiSRaid4 - ok
10:45:17.0364 3672 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
10:45:17.0551 3672 slsvc - ok
10:45:17.0676 3672 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
10:45:17.0692 3672 SLUINotify - ok
10:45:17.0739 3672 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
10:45:17.0973 3672 Smb - ok
10:45:18.0019 3672 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
10:45:18.0035 3672 SNMPTRAP - ok
10:45:18.0051 3672 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
10:45:18.0066 3672 spldr - ok
10:45:18.0144 3672 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
10:45:18.0175 3672 Spooler - ok
10:45:18.0238 3672 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
10:45:18.0300 3672 srv - ok
10:45:18.0363 3672 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
10:45:18.0394 3672 srv2 - ok
10:45:18.0456 3672 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
10:45:18.0487 3672 srvnet - ok
10:45:18.0519 3672 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
10:45:18.0565 3672 SSDPSRV - ok
10:45:18.0612 3672 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
10:45:18.0628 3672 SstpSvc - ok
10:45:18.0659 3672 STacSV (7e6dd4b34acd36af6c711d2bde91b040) C:\Windows\system32\STacSV.exe
10:45:18.0768 3672 STacSV - ok
10:45:18.0831 3672 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
10:45:18.0862 3672 STHDA - ok
10:45:18.0909 3672 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
10:45:18.0940 3672 StillCam - ok
10:45:19.0018 3672 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
10:45:19.0080 3672 stisvc - ok
10:45:19.0158 3672 stllssvr (51778fd315c9882f1cbd932743e62a72) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
10:45:19.0205 3672 stllssvr - ok
10:45:19.0252 3672 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
10:45:19.0252 3672 swenum - ok
10:45:19.0299 3672 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
10:45:19.0299 3672 swprv - ok
10:45:19.0361 3672 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
10:45:19.0361 3672 Symc8xx - ok
10:45:19.0377 3672 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
10:45:19.0392 3672 Sym_hi - ok
10:45:19.0439 3672 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
10:45:19.0439 3672 Sym_u3 - ok
10:45:19.0501 3672 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
10:45:19.0533 3672 SysMain - ok
10:45:19.0564 3672 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
10:45:19.0611 3672 TabletInputService - ok
10:45:19.0673 3672 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
10:45:19.0689 3672 TapiSrv - ok
10:45:19.0720 3672 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
10:45:19.0735 3672 TBS - ok
10:45:19.0845 3672 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
10:45:19.0891 3672 Tcpip - ok
10:45:19.0907 3672 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
10:45:19.0923 3672 Tcpip6 - ok
10:45:19.0969 3672 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
10:45:20.0001 3672 tcpipreg - ok
10:45:20.0032 3672 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
10:45:20.0063 3672 TDPIPE - ok
10:45:20.0110 3672 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
10:45:20.0125 3672 TDTCP - ok
10:45:20.0188 3672 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
10:45:20.0203 3672 tdx - ok
10:45:20.0250 3672 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
10:45:20.0297 3672 TermDD - ok
10:45:20.0344 3672 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
10:45:20.0406 3672 TermService - ok
10:45:20.0453 3672 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
10:45:20.0469 3672 Themes - ok
10:45:20.0500 3672 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
10:45:20.0500 3672 THREADORDER - ok
10:45:20.0578 3672 tmactmon (e8e528896ff2595cfada88749cd72ef8) C:\Windows\system32\DRIVERS\tmactmon.sys
10:45:20.0609 3672 tmactmon - ok
10:45:20.0671 3672 tmcomm (1837512d4aab862bd297a2ef035fba14) C:\Windows\system32\DRIVERS\tmcomm.sys
10:45:20.0671 3672 tmcomm - ok
10:45:20.0703 3672 tmeevw (f49ca5c26378f4d5603f2a2fc86e09a1) C:\Windows\system32\DRIVERS\tmeevw.sys
10:45:20.0718 3672 tmeevw - ok
10:45:20.0812 3672 tmevtmgr (dbac510d1c7cc66b7a78eb2264f3072e) C:\Windows\system32\DRIVERS\tmevtmgr.sys
10:45:20.0905 3672 tmevtmgr - ok
10:45:20.0968 3672 tmnciesc (2e078184034a179c47787f87f238d5ba) C:\Windows\system32\DRIVERS\tmnciesc.sys
10:45:20.0999 3672 tmnciesc - ok
10:45:21.0077 3672 tmtdi (a6e20b094a8d3e3f46d10bbe7e1ebb82) C:\Windows\system32\DRIVERS\tmtdi.sys
10:45:21.0077 3672 tmtdi - ok
10:45:21.0093 3672 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
10:45:21.0155 3672 TrkWks - ok
10:45:21.0217 3672 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
10:45:21.0249 3672 TrustedInstaller - ok
10:45:21.0311 3672 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:45:21.0327 3672 tssecsrv - ok
10:45:21.0373 3672 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
10:45:21.0405 3672 tunmp - ok
10:45:21.0436 3672 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
10:45:21.0483 3672 tunnel - ok
10:45:21.0514 3672 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
10:45:21.0529 3672 uagp35 - ok
10:45:21.0623 3672 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
10:45:21.0654 3672 udfs - ok
10:45:21.0763 3672 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
10:45:21.0795 3672 UI0Detect - ok
10:45:21.0810 3672 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
10:45:21.0857 3672 uliagpkx - ok
10:45:21.0888 3672 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
10:45:21.0935 3672 uliahci - ok
10:45:21.0966 3672 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
10:45:21.0966 3672 UlSata - ok
10:45:21.0997 3672 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
10:45:22.0013 3672 ulsata2 - ok
10:45:22.0060 3672 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
10:45:22.0091 3672 umbus - ok
10:45:22.0138 3672 UmRdpService (8a66360f38f81e960e2367b428cbd5d9) C:\Windows\System32\umrdp.dll
10:45:22.0200 3672 UmRdpService - ok
10:45:22.0263 3672 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
10:45:22.0325 3672 upnphost - ok
10:45:22.0372 3672 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
10:45:22.0403 3672 usbccgp - ok
10:45:22.0450 3672 USBCCID (e0b8489aeda9ea33361037be6a8cf1ca) C:\Windows\system32\DRIVERS\usbccid.sys
10:45:22.0465 3672 USBCCID - ok
10:45:22.0512 3672 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
10:45:22.0543 3672 usbcir - ok
10:45:22.0590 3672 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
10:45:22.0637 3672 usbehci - ok
10:45:22.0684 3672 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
10:45:22.0715 3672 usbhub - ok
10:45:22.0746 3672 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
10:45:22.0793 3672 usbohci - ok
10:45:22.0840 3672 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
10:45:22.0855 3672 usbprint - ok
10:45:22.0902 3672 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
10:45:22.0933 3672 usbscan - ok
10:45:22.0980 3672 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:45:23.0027 3672 USBSTOR - ok
10:45:23.0074 3672 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
10:45:23.0089 3672 usbuhci - ok
10:45:23.0105 3672 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
10:45:23.0121 3672 UxSms - ok
10:45:23.0152 3672 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
10:45:23.0230 3672 vds - ok
10:45:23.0261 3672 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
10:45:23.0277 3672 vga - ok
10:45:23.0323 3672 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
10:45:23.0323 3672 VgaSave - ok
10:45:23.0355 3672 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
10:45:23.0370 3672 viaagp - ok
10:45:23.0401 3672 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
10:45:23.0417 3672 ViaC7 - ok
10:45:23.0448 3672 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
10:45:23.0479 3672 viaide - ok
10:45:23.0542 3672 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
10:45:23.0573 3672 volmgr - ok
10:45:23.0635 3672 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
10:45:23.0698 3672 volmgrx - ok
10:45:23.0729 3672 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
10:45:23.0776 3672 volsnap - ok
10:45:23.0838 3672 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
10:45:23.0854 3672 vsmraid - ok
10:45:23.0963 3672 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
10:45:24.0072 3672 VSS - ok
10:45:24.0119 3672 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
10:45:24.0197 3672 W32Time - ok
10:45:24.0244 3672 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
10:45:24.0244 3672 WacomPen - ok
10:45:24.0291 3672 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:45:24.0306 3672 Wanarp - ok
10:45:24.0306 3672 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:45:24.0306 3672 Wanarpv6 - ok
10:45:24.0400 3672 wbengine (20b23332885dfb93fe0185362ee811e9) C:\Windows\system32\wbengine.exe
10:45:24.0509 3672 wbengine - ok
10:45:24.0556 3672 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
10:45:24.0618 3672 wcncsvc - ok
10:45:24.0649 3672 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
10:45:24.0665 3672 WcsPlugInService - ok
10:45:24.0712 3672 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
10:45:24.0743 3672 Wd - ok
10:45:24.0821 3672 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
10:45:24.0852 3672 WDC_SAM - ok
10:45:25.0133 3672 WDDMService (bf847a3972cc6b5ce26e0ea742dd52d9) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
10:45:25.0149 3672 WDDMService - ok
10:45:25.0242 3672 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
10:45:25.0367 3672 Wdf01000 - ok
10:45:25.0507 3672 WDFME (b5966f1dff6e20576f3c8c2d93d129fd) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
10:45:25.0585 3672 WDFME - ok
10:45:26.0194 3672 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
10:45:26.0194 3672 WdiServiceHost - ok
10:45:26.0209 3672 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
10:45:26.0209 3672 WdiSystemHost - ok
10:45:26.0350 3672 WDSC (92f0088ca18bb08bb596ef2608256f8a) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
10:45:26.0365 3672 WDSC - ok
10:45:26.0475 3672 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
10:45:26.0521 3672 WebClient - ok
10:45:26.0584 3672 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
10:45:26.0615 3672 Wecsvc - ok
10:45:26.0646 3672 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
10:45:26.0646 3672 wercplsupport - ok
10:45:26.0693 3672 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
10:45:26.0709 3672 WerSvc - ok
10:45:26.0802 3672 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
10:45:26.0880 3672 winachsf - ok
10:45:26.0989 3672 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
10:45:27.0021 3672 WinDefend - ok
10:45:27.0021 3672 WinHttpAutoProxySvc - ok
10:45:27.0099 3672 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
10:45:27.0130 3672 Winmgmt - ok
10:45:27.0239 3672 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
10:45:27.0364 3672 WinRM - ok
10:45:27.0473 3672 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
10:45:27.0551 3672 Wlansvc - ok
10:45:27.0691 3672 wltrysvc (505372073eae4b6db42ee2cd16957c74) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
10:45:27.0801 3672 wltrysvc - ok
10:45:27.0863 3672 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:45:27.0894 3672 WmiAcpi - ok
10:45:27.0988 3672 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
10:45:28.0081 3672 wmiApSrv - ok
10:45:28.0269 3672 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
10:45:28.0378 3672 WMPNetworkSvc - ok
10:45:28.0440 3672 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
10:45:28.0456 3672 WPDBusEnum - ok
10:45:28.0565 3672 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:45:28.0596 3672 WPFFontCache_v0400 - ok
10:45:28.0659 3672 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
10:45:28.0674 3672 ws2ifsl - ok
10:45:28.0721 3672 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
10:45:28.0737 3672 wscsvc - ok
10:45:28.0799 3672 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
10:45:28.0815 3672 WSDPrintDevice - ok
10:45:28.0815 3672 WSearch - ok
10:45:28.0986 3672 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
10:45:29.0049 3672 wuauserv - ok
10:45:29.0205 3672 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:45:29.0220 3672 WUDFRd - ok
10:45:29.0283 3672 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
10:45:29.0314 3672 wudfsvc - ok
10:45:29.0361 3672 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
10:45:29.0376 3672 XAudio - ok
10:45:29.0407 3672 XAudioService (28dc5d626e036a75a572556f0a6eb1f6) C:\Windows\system32\DRIVERS\xaudio.exe
10:45:29.0548 3672 XAudioService - ok
10:45:29.0595 3672 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
10:45:30.0141 3672 \Device\Harddisk0\DR0 - ok
10:45:30.0141 3672 Boot (0x1200) (3a0e7383e5550b0b39e13d70a1c7205b) \Device\Harddisk0\DR0\Partition0
10:45:30.0141 3672 \Device\Harddisk0\DR0\Partition0 - ok
10:45:30.0141 3672 ============================================================
10:45:30.0141 3672 Scan finished
10:45:30.0141 3672 ============================================================
10:45:30.0156 5464 Detected object count: 1
10:45:30.0156 5464 Actual detected object count: 1
10:46:12.0807 5464 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
10:46:12.0807 5464 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
10:46:30.0107 5928 Deinitialize success

#4 Nick_Nick

Nick_Nick
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 13 July 2012 - 11:42 AM

Steps 2 & 3

Combofix log:

ComboFix 12-07-13.03 - NLR-2 07/13/2012 11:12:39.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2037.1000 [GMT -5:00]
Running from: c:\users\NLR-2\Desktop\ComboFix.exe
AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\NLR-2\AppData\Local\Check\Apple Computer\trjfs.dll
c:\users\NLR-2\AppData\Roaming\887021879.log
c:\users\NLR-2\g2mdlhlpx.exe
c:\users\NLR-2\GoToAssistDownloadHelper.exe
c:\windows\system32\drivers\npf.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 )))))))))))))))))))))))))))))))
.
.
2012-07-13 16:21 . 2012-07-13 16:22 -------- d-----w- c:\users\NLR-2\AppData\Local\temp
2012-07-13 16:21 . 2012-07-13 16:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-12 08:11 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 10:15 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 10:15 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 10:15 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 10:15 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 10:15 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 10:15 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-08 05:05 . 2012-07-08 05:05 -------- d-----w- c:\users\NLR-2\AppData\Roaming\Malwarebytes
2012-07-08 05:05 . 2012-07-08 05:05 -------- d-----w- c:\programdata\Malwarebytes
2012-07-08 05:05 . 2012-07-13 14:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-08 05:05 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-23 17:45 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 17:45 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 17:45 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 17:45 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 17:44 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-23 17:43 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 17:43 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 17:43 . 2012-06-02 20:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 17:43 . 2012-06-02 20:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-13 18:29 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 18:29 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 18:29 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 18:28 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 00:20 . 2012-04-09 14:00 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 00:20 . 2011-10-07 13:12 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-04 13:16 . 2012-06-04 13:16 22032 ----a-w- c:\windows\DCEBoot.exe
2012-06-04 13:16 . 2011-12-12 21:22 108048 ----a-w- c:\windows\RegBootClean.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\NLR-2\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\NLR-2\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\NLR-2\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-11-30 4685824]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-12-06 2215768]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 133424]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\NLR-2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\NLR-2\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-12-6 1175912]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^NLR-2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\users\NLR-2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 18:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2011-12-07 04:43 3305248 ----a-w- c:\users\NLR-2\AppData\Local\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 19:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2010-05-18 20:41 1311312 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 22:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 22:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2007-09-17 17:56 124200 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 15:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-09-13 19:44 405504 ----a-w- c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 00:20]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-11 21:40]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-11 21:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.10.1
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
.
.
------- File Associations -------
.
.scr=AutoCADLTScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Apple Computer - c:\users\NLR-2\AppData\Local\Check\Apple Computer\trjfs.dll
Notify-GoToAssist - c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-13 11:22
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-07-13 11:25:18
ComboFix-quarantined-files.txt 2012-07-13 16:25
.
Pre-Run: 139,163,963,392 bytes free
Post-Run: 139,344,453,632 bytes free
.
- - End Of File - - 01DDCCE274FA0460EDD72C04FE85FD14



Step 3: Security Check

Results of screen317's Security Check version 0.99.42
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Trend Micro Titanium Maximum Security 2012
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 29
Java version out of Date!
Adobe Reader X 10.0.1 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

#5 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:07:22 AM

Posted 13 July 2012 - 01:52 PM

Here are the results of the TDSS scan. It found 1 threat, "Cure" was not listed in the options.

I'd say it appears to be clean.


Please Launch Malwarebytes' Anti-Malware.
  • Please click Check for Updates to see if any updates are found. If so, please allow MBAM to download and install them.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a location you will remember.
  • Copy and Paste that log into your next reply.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK for either of the prompts and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Also, how are things running now?
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#6 Nick_Nick

Nick_Nick
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 13 July 2012 - 06:53 PM

D-FRED-BROWN: I don't seem to be getting the re-direct virus any longer, but my system overall seems to be running more slowly. Programs are slower to start up and it takes longer to bring up websites (even ones like Google).

Thank you for all your help!!!!

Here is the Malwarebytes log. I don't believe anything was found.

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.13.10

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
NLR-2 :: NLR-2-PC [administrator]

Protection: Enabled

7/13/2012 2:18:12 PM
mbam-log-2012-07-13 (14-18-12).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 435337
Time elapsed: 4 hour(s), 22 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#7 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:07:22 AM

Posted 14 July 2012 - 11:59 AM

Glad to hear the redirects have stopped. :)

Let's see if we can speed up your computer:

Please download CCleaner (freeware) from here.
Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).
Once installed, run CCleaner.

The following should be selected by default, if not, please select:
Posted Image

Then please click Posted Image and choose Posted Image

Please uncheck Posted Image

Then go back to Posted Image and click Posted Image to run it.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#8 Nick_Nick

Nick_Nick
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 14 July 2012 - 12:11 PM

D-FRED-BROWN:

Downloaded it and ran it; 944 MB removed!

I'll see how it runs now and report back. Thank you so much for your help!

#9 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:07:22 AM

Posted 14 July 2012 - 02:35 PM

I'll see how it runs now and report back. Thank you so much for your help!

Sounds good! I'll go ahead and post the next set of instructions for ensuring that your machine is clean. And no problem. :thumbup2:

----------Step 1----------------
Let's run an online scan to verify there aren't any remnants left that we may have missed. We're nearly in the clear.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

----------Step 2----------------
I have provided some information that I think you may find useful regarding slow computers. Take a look, and let me know if there's anything else I can help you with.

1. Take a look at this page created by miekiemoes on slow systems, and some things you can try to do to try to improve it. Help! My computer is slow!

2. You may have a lot of processes running at startup that are unnecessary, and can cause a system slowdown.
  • Please download Malwarebytes' StartUpLite and save it to your Desktop.
  • Double-click StartUpLite.exe to run the program.
  • This will display all unnecessary startup entries.
  • Select all options you would like executed, then select Continue.
  • I recommend you disable them all, and see if there is any improvement in the computer's speed.
3. I recommend that you uninstall and delete any old/unused applications:
  • I'd use Revo Uninstaller (Freeware) to do so. You can find it here. Then please run Revo Uninstaller.
  • Please click Uninstall icon to uninstall the selected program.
    Posted Image
  • Please choose Advanced.
    Posted Image
  • Then click Next and follow the prompts.
  • Please click Select All (1.) and Delete (2.)
    Posted Image
  • to delete all Registry items, folders and files listed by Revo.
  • If asked to restart the computer, please do so immediately.
4. You may also want to look into increasing the pagefile size for your system.
  • These links should provide you with the information you need to do so:
  • http://windows.microsoft.com/en-us/windows-vista/Change-the-size-of-virtual-memory
  • http://www.vistax64.com/tutorials/132201-virtual-memory-paging-file-change.html
  • http://www.howtogeek.com/?post_type=post&p=243

If you have any questions, don't hesitate to ask. :)

Edited by D-FRED-BROWN, 14 July 2012 - 02:40 PM.

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#10 Nick_Nick

Nick_Nick
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 15 July 2012 - 07:34 PM

ESET found a virus, but the log file was empty. I copied what it found.

C:\Qoobox\Quarantine\C\Users\NLR-2\AppData\Local\Check\Apple Computer\trjfs.dll.vir a variant of Win32/Kryptik.AIGG trojan

#11 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:07:22 AM

Posted 15 July 2012 - 10:40 PM

The scan just picked up something that ComboFix had quarantined. Your system now appears to be clean. :thumbup2:


Now that your system is clean, let's update some of your programs. Program updates are a crucial measure to ensure your computer is safer from malware.

----------Step 1----------------
Java is out of date and older versions contain vulnerabilities. Please update to the newest version.

Download the newest version from here http://java.com/en/download/index.jsp.

It's important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to Start > Control Panel and open Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment).
They will have this icon next to them: Posted Image
Select each in turn and click Remove.

Once old versions are gone, please install the newest version.


----------Step 2----------------
You're using an old version of Adobe Acrobat Reader, this can leave your PC open to vulnerabilities, you can update it here (uninstall version 7.0 first):
Adobe Reader X

Note: I suggest you uncheck an optional, third-party download (eg. McAfee Security Scan Plus).

After successfully installing Adobe Reader X, see this article on how to make this program more secure: Adobe Reader X secures itself by playing in the sandbox.

----------Step 3----------------
Please let me know how the updates go, as failed updates may indicate additional malware.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#12 Nick_Nick

Nick_Nick
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 16 July 2012 - 11:00 AM

D-FRED-BROWN,

I updated Java and Adobe Reader and edited the preference in Reader as suggested.

I will see how it goes now. I have now been experiencing problems during start up, as my system seems to stall, giving me the busy circle and becoming non-responsive. This seems to happen every other start up, and the only remedy I've found is to do a hard shutdown, then reboot.

#13 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:07:22 AM

Posted 16 July 2012 - 12:49 PM

I will see how it goes now. I have now been experiencing problems during start up, as my system seems to stall, giving me the busy circle and becoming non-responsive. This seems to happen every other start up, and the only remedy I've found is to do a hard shutdown, then reboot.

Is this a recent development? Has this ever occurred in the past?

Also, what is the manufacturer of your hard drive? Please let me know. :)
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#14 Nick_Nick

Nick_Nick
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 16 July 2012 - 01:20 PM

Yes, this is a recent development. I believe it is a Western Digital hard drive.

#15 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:07:22 AM

Posted 16 July 2012 - 01:28 PM

giving me the busy circle and becoming non-responsive.

I'm not sure I understand what you mean by the "circle"... does it stall as the computer is still booting up, or after Windows has loaded?
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users