Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Phantom Audio playing commercials


  • This topic is locked This topic is locked
18 replies to this topic

#1 mjabaley

mjabaley

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 14 July 2012 - 11:51 AM

Commercial audio tracks are playing choppily in the background regardless of what websites are selected, and even play with IE not running. Windows 7, IE 9.0.8. Previously had problem on mlb.com with IE continuing to play audio of baseball highlight clips if the highlight was stopped in the middle. May be related. DDS.txt pasted below, Attach.txt file attached, gmer.log file attached:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by jabaley at 12:06:30 on 2012-07-14
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2000.344 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\STacSV.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\N-trig\N-trig Software Bundle\NtrigApplet.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\jabaley\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\Chapura\Chapura SyncManager\SyncMgr.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Windows\system32\taskhost.exe
C:\Users\jabaley\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe
C:\Program Files\Microsoft\BingBar\BBSvc.EXE
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
c:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\jabaley\AppData\Local\Autobahn\nexdef.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\igfxext.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\jabaley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ERSLYV73\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\ips\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Akamai NetSession Interface] "c:\users\jabaley\appdata\local\akamai\netsession_win.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [NtrigApplet] c:\program files\n-trig\n-trig software bundle\NtrigApplet.exe
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [DellConnectionManager] "c:\program files\dell\dell controlpoint\connection manager\Dell.UCM.exe"
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [acevents] "c:\program files\actividentity\activclient\acevents.exe"
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
StartupFolder: c:\users\jabaley\appdata\roaming\micros~1\windows\startm~1\programs\startup\nexdef~1.lnk - c:\users\jabaley\appdata\local\autobahn\nexdef.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\activc~1.lnk - c:\program files\actividentity\activclient\acsagent.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\chapur~1.lnk - c:\program files\chapura\chapura syncmanager\SyncMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellsy~1.lnk - c:\program files\dell\dell system manager\DCPSysMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{7CD272D8-AC54-42C1-B8A4-48D96837E7D2} : DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{A6AA483E-9EA8-4E51-8A4D-A623F465EC23} : DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{A6AA483E-9EA8-4E51-8A4D-A623F465EC23}\76F676F696E666C696768647 : DhcpNameServer = 172.19.134.2
TCP: Interfaces\{A6AA483E-9EA8-4E51-8A4D-A623F465EC23}\84F4D454D264145423 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{A6AA483E-9EA8-4E51-8A4D-A623F465EC23}\A4162616C65697 : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll
Notify: igfxcui - igfxdev.dll
Notify: SEP - c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\WinLogoutNotifier.dll
LSA: Authentication Packages = msv1_0 wvauth
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\sep\0c01029f\136b.105\x86\SymDS.sys [2011-5-2 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\sep\0c01029f\136b.105\x86\SymEFA.sys [2011-5-17 756856]
R1 BHDrvx86;BHDrvx86;c:\programdata\symantec\symantec endpoint protection\12.1.671.4971.105\data\definitions\bashdefs\20120711.012\BHDrvx86.sys [2012-7-12 821920]
R1 IDSVix86;IDSVix86;c:\programdata\symantec\symantec endpoint protection\12.1.671.4971.105\data\definitions\ipsdefs\20120711.001\IDSvix86.sys [2012-7-12 382624]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\sep\0c01029f\136b.105\x86\Ironx86.sys [2011-5-10 136312]
R1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\sep\0c01029f\136b.105\x86\symnets.sys [2011-4-21 299640]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\common files\actividentity\ac.sharedstore.exe [2009-6-3 207400]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\AEstSrv.exe [2010-12-7 81920]
R2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-8-6 277792]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2010-3-24 812448]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2010-3-24 27040]
R2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\dell\dell system manager\DCPSysMgrSvc.exe [2010-8-24 388464]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-12-7 13336]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-7-1 290832]
R2 SepMasterService;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\ccSvcHst.exe [2011-6-14 137224]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\dell\dell controlpoint\connection manager\SMManager.exe [2009-12-22 77312]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2010-12-7 33832]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6232.sys [2010-12-7 221912]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-2 106656]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-12-7 6114816]
R3 NtrigDigitizerUSBLowerFilter;N-Trig DuoSense Control Interface Filter Driver;c:\windows\system32\drivers\NtrigDigitizerUSBLowerFilter.sys [2010-12-7 12752]
S2 acautoreg;ActivCard Gold Autoregister;c:\program files\common files\activcard\acautoreg.exe --> c:\program files\common files\activcard\acautoreg.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-9 136176]
S3 acpials;ALS Sensor Filter;c:\windows\system32\drivers\acpials.sys [2009-7-14 7680]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-9 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-9 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-7-14 40776]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SyDvCtrl;SyDvCtrl;c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\SyDvCtrl32.sys [2011-9-28 23984]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-19 52224]
S3 umpusbvista;Texas Instruments USB Serial Driver;c:\windows\system32\drivers\umpusbvista.sys [2010-12-7 44544]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-7-9 1343400]
.
=============== Created Last 30 ================
.
2012-07-14 15:46:26 -------- d-sh--w- C:\$RECYCLE.BIN
2012-07-14 15:39:57 98816 ----a-w- c:\windows\sed.exe
2012-07-14 15:39:57 256000 ----a-w- c:\windows\PEV.exe
2012-07-14 15:39:57 208896 ----a-w- c:\windows\MBR.exe
2012-07-14 15:17:34 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-13 23:49:25 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-13 23:49:17 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-13 23:49:17 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-13 23:49:17 225280 ----a-w- c:\windows\system32\schannel.dll
2012-07-13 23:49:17 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-13 23:49:17 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-13 23:49:06 2342400 ----a-w- c:\windows\system32\msi.dll
2012-07-13 23:48:58 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-07-13 23:48:58 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-07-13 23:48:58 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-07-13 23:48:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-07-13 23:45:04 -------- d-----w- c:\users\jabaley\.autobahn
2012-07-13 23:44:49 -------- d-----w- c:\users\jabaley\appdata\local\Autobahn
2012-07-12 21:23:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-07-12 21:23:00 194560 ----a-w- c:\program files\internet explorer\ieproxy.dll
2012-07-12 21:23:00 140920 ----a-w- c:\program files\internet explorer\sqmapi.dll
2012-07-12 21:17:06 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 00:36:58 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-07-11 00:36:41 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-11 00:36:32 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-07-11 00:36:32 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-24 01:54:29 518144 ----a-w- c:\windows\SWREG.exe
2012-06-24 00:50:35 -------- d-----w- c:\users\jabaley\appdata\roaming\Malwarebytes
2012-06-24 00:50:24 -------- d-----w- c:\programdata\Malwarebytes
.
==================== Find3M ====================
.
2012-07-12 21:11:43 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 21:11:43 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
.
============= FINISH: 12:07:23.29 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:00 AM

Posted 15 July 2012 - 12:51 AM

Greetings and Welcome to The Forums!!


My name is Gringo and I'll be glad to help you with your computer problems.

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

<insert av's>

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 mjabaley

mjabaley
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 15 July 2012 - 03:38 PM

Thanks Gringo - problem is still present - random audio files play with no corresponding website or application running. Most seem to be commercials. Seem to be streaming from the internet - when I turn off the internet connection it play for about 15 seconds (cache?) then stops. Steps taken:

1. Disabled Symantec Endpoint Protection. Windows Defender remains running. Did you see any other anti-virus programs running?

2. Ran Security Check, checkup.txt log pasted here:

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Symantec Endpoint Protection
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 29
Java version out of Date!
Adobe Reader X (10.1.3)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 12% Defragment your hard drive soon!
````````````````````End of Log``````````````````````

3. I will run ComboFix and post results shortly.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:00 AM

Posted 15 July 2012 - 03:47 PM

OK I will be waiting for the report



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 mjabaley

mjabaley
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 15 July 2012 - 04:05 PM

Combofix results:

ComboFix 12-07-14.01 - jabaley 07/15/2012 16:53:15.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2000.608 [GMT -4:00]
Running from: c:\users\jabaley\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\erdnt\cache\atapi.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-06-15 to 2012-07-15 )))))))))))))))))))))))))))))))
.
.
2012-07-15 20:59 . 2012-07-15 20:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-15 20:49 . 2012-07-15 20:49 -------- d-----w- c:\users\jabaley\AppData\Roaming\Bytemobile
2012-07-15 20:14 . 2012-07-15 20:14 -------- d-----w- c:\users\jabaley\AppData\Local\Sprint
2012-07-15 20:13 . 2007-01-18 14:24 26496 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2012-07-15 20:13 . 2008-11-24 22:04 27072 ----a-w- c:\windows\system32\drivers\PCASp50.sys
2012-07-15 20:10 . 2012-07-15 20:10 -------- d-----w- c:\program files\Sierra Wireless
2012-07-15 20:10 . 2012-07-15 20:10 -------- d-----w- c:\program files\Common Files\Research in Motion
2012-07-15 20:10 . 2012-07-15 20:14 -------- d-----w- c:\program files\Common Files\Motorola Shared
2012-07-15 20:10 . 2012-07-15 20:10 -------- d-----w- c:\programdata\Sprint
2012-07-15 20:10 . 2012-07-15 20:10 -------- d-----w- c:\program files\Common Files\PctelEapPeer Authentication
2012-07-15 20:10 . 2012-07-15 20:10 -------- d-----w- c:\program files\Sprint
2012-07-15 20:10 . 2012-07-15 20:10 -------- d-----w- c:\program files\Novatel Wireless
2012-07-15 20:07 . 2012-06-18 07:14 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B304514-FAE3-4BD7-A899-648E9B5C7764}\mpengine.dll
2012-07-14 15:17 . 2012-07-14 15:35 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-13 23:49 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-13 23:49 . 2012-06-02 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-13 23:49 . 2012-06-02 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-13 23:49 . 2012-06-02 04:40 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-13 23:49 . 2012-06-02 04:40 225280 ----a-w- c:\windows\system32\schannel.dll
2012-07-13 23:49 . 2012-06-02 04:39 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-13 23:49 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-07-13 23:48 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-07-13 23:48 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-07-13 23:48 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-07-13 23:48 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-07-13 23:45 . 2012-07-13 23:45 -------- d-----w- c:\users\jabaley\.autobahn
2012-07-13 23:44 . 2012-07-13 23:45 -------- d-----w- c:\users\jabaley\AppData\Local\Autobahn
2012-07-12 21:23 . 2012-06-02 09:08 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-07-12 21:23 . 2012-06-02 08:22 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2012-07-12 21:23 . 2012-06-02 08:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-07-12 21:17 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 00:36 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-11 00:36 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-07-11 00:36 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-11 00:36 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-07-11 00:36 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-07-11 00:36 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-07-11 00:36 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-11 00:36 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-11 00:36 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-07-10 02:55 . 2012-07-10 02:55 -------- d-----w- c:\programdata\McAfee
2012-06-24 00:50 . 2012-06-24 00:50 -------- d-----w- c:\users\jabaley\AppData\Roaming\Malwarebytes
2012-06-24 00:50 . 2012-06-24 00:50 -------- d-----w- c:\programdata\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-15 20:49 . 2011-07-07 14:41 0 ----a-w- c:\users\jabaley\AppData\Local\WavXMapDrive.bat
2012-07-12 21:11 . 2012-04-09 20:38 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 21:11 . 2011-08-07 22:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-28 03:53 . 2012-03-08 01:17 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-06-28 03:52 . 2012-03-08 01:16 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-06-28 03:51 . 2012-02-14 00:00 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-06-28 03:51 . 2012-03-07 04:05 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-06-09 20:13 . 2012-06-09 20:13 138752 ----a-w- c:\programdata\Microsoft\Windows\DRM\2377.tmp
2012-06-06 23:38 . 2012-06-06 23:38 129024 ----a-w- c:\programdata\Microsoft\Windows\DRM\4922.tmp
2012-05-31 16:25 . 2011-07-09 11:15 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-04-26 02:18 . 2012-02-14 00:00 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-04-26 02:18 . 2012-02-14 00:00 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-04-26 02:08 . 2012-03-07 04:06 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-03-29 18:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-03-29 18:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-09 39408]
"Akamai NetSession Interface"="c:\users\jabaley\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-02-18 278528]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-05 495708]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-04 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-04 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-04 151064]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"NtrigApplet"="c:\program files\N-trig\N-trig Software Bundle\NtrigApplet.exe" [2010-09-27 2293760]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-11-02 657920]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-12-22 1845248]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-07-21 147840]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2009-05-26 75008]
"RDVCHG"="c:\program files\Sprint\Sprint SmartView\RDVCHG.exe" [2009-05-26 316672]
.
c:\users\jabaley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
NexDef Plug-in.lnk - c:\users\jabaley\AppData\Local\Autobahn\nexdef.exe [2011-8-11 15490560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 130600]
Chapura SyncManager.lnk - c:\program files\Chapura\Chapura SyncManager\SyncMgr.exe [2011-8-8 2186240]
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2010-8-24 1458032]
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 132456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 acautoreg;ActivCard Gold Autoregister;c:\program files\Common Files\ActivCard\acautoreg.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 CASprint;Sprint Con App Svc;c:\program files\Sprint\Sprint SmartView\ConAppsSvc.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 umpusbvista;Texas Instruments USB Serial Driver;c:\windows\system32\DRIVERS\umpusbvista.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe [x]
S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [x]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [x]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [x]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [x]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x]
S2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [x]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [x]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
S3 NtrigDigitizerUSBLowerFilter;N-Trig DuoSense Control Interface Filter Driver;c:\windows\system32\DRIVERS\NtrigDigitizerUSBLowerFilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 21:11]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-09 11:23]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-09 11:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
LSP: bmnet.dll
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(516)
c:\windows\system32\wvauth.DLL
c:\windows\system32\bmnet.dll
.
- - - - - - - > 'Explorer.exe'(3136)
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\STacSV.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\system32\WUDFHost.exe
c:\windows\system32\mpnotify.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\taskhost.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conhost.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TDMAuditLogger.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-07-15 17:02:52 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-15 21:02
ComboFix2.txt 2012-07-14 15:46
ComboFix3.txt 2012-06-26 01:26
ComboFix4.txt 2012-06-24 18:16
ComboFix5.txt 2012-07-15 20:52
.
Pre-Run: 82,160,209,920 bytes free
Post-Run: 82,136,494,080 bytes free
.
- - End Of File - - 21C8883C26F964C41A95C303EED4146A

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:00 AM

Posted 15 July 2012 - 09:18 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 mjabaley

mjabaley
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 16 July 2012 - 05:09 AM

Hi Gringo - thanks again for your help.

Problem of commercial audio was still present this morning.

Ran TDSSKiller, cured one malware item and rebooted. Log follows:

05:59:49.0821 7148 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
05:59:50.0102 7148 ============================================================
05:59:50.0102 7148 Current date / time: 2012/07/16 05:59:50.0102
05:59:50.0102 7148 SystemInfo:
05:59:50.0102 7148
05:59:50.0102 7148 OS Version: 6.1.7601 ServicePack: 1.0
05:59:50.0102 7148 Product type: Workstation
05:59:50.0102 7148 ComputerName: JABALEY-PC
05:59:50.0102 7148 UserName: jabaley
05:59:50.0102 7148 Windows directory: C:\Windows
05:59:50.0102 7148 System windows directory: C:\Windows
05:59:50.0102 7148 Processor architecture: Intel x86
05:59:50.0102 7148 Number of processors: 2
05:59:50.0102 7148 Page size: 0x1000
05:59:50.0102 7148 Boot type: Normal boot
05:59:50.0102 7148 ============================================================
05:59:50.0476 7148 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
05:59:50.0492 7148 ============================================================
05:59:50.0492 7148 \Device\Harddisk0\DR0:
05:59:50.0492 7148 MBR partitions:
05:59:50.0492 7148 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x107000, BlocksNum 0x177000
05:59:50.0492 7148 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x27E000, BlocksNum 0xEBFD800
05:59:50.0492 7148 ============================================================
05:59:50.0492 7148 C: <-> \Device\Harddisk0\DR0\Partition1
05:59:50.0492 7148 ============================================================
05:59:50.0492 7148 Initialize success
05:59:50.0492 7148 ============================================================
05:59:52.0738 7896 ============================================================
05:59:52.0738 7896 Scan started
05:59:52.0738 7896 Mode: Manual;
05:59:52.0738 7896 ============================================================
05:59:53.0612 7896 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
05:59:53.0612 7896 1394ohci - ok
05:59:53.0643 7896 ac.sharedstore (00659e56339389469473aec41587e706) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
05:59:53.0643 7896 ac.sharedstore - ok
05:59:53.0643 7896 acautoreg - ok
05:59:53.0658 7896 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
05:59:53.0658 7896 ACPI - ok
05:59:53.0674 7896 acpials (79d6b28027c398b728ce7cd0570248b0) C:\Windows\system32\DRIVERS\acpials.sys
05:59:53.0674 7896 acpials - ok
05:59:53.0674 7896 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
05:59:53.0674 7896 AcpiPmi - ok
05:59:53.0690 7896 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
05:59:53.0690 7896 AdobeARMservice - ok
05:59:53.0705 7896 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
05:59:53.0721 7896 AdobeFlashPlayerUpdateSvc - ok
05:59:53.0736 7896 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
05:59:53.0752 7896 adp94xx - ok
05:59:53.0768 7896 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
05:59:53.0768 7896 adpahci - ok
05:59:53.0783 7896 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
05:59:53.0783 7896 adpu320 - ok
05:59:53.0799 7896 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
05:59:53.0799 7896 AeLookupSvc - ok
05:59:53.0814 7896 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe
05:59:53.0814 7896 AESTFilters - ok
05:59:53.0846 7896 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
05:59:53.0846 7896 AFD - ok
05:59:53.0861 7896 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
05:59:53.0861 7896 agp440 - ok
05:59:53.0861 7896 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
05:59:53.0861 7896 aic78xx - ok
05:59:53.0877 7896 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
05:59:53.0877 7896 ALG - ok
05:59:53.0877 7896 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
05:59:53.0892 7896 aliide - ok
05:59:53.0892 7896 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
05:59:53.0892 7896 amdagp - ok
05:59:53.0908 7896 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
05:59:53.0908 7896 amdide - ok
05:59:53.0908 7896 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
05:59:53.0908 7896 AmdK8 - ok
05:59:53.0924 7896 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
05:59:53.0924 7896 AmdPPM - ok
05:59:53.0924 7896 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
05:59:53.0939 7896 amdsata - ok
05:59:53.0939 7896 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
05:59:53.0955 7896 amdsbs - ok
05:59:53.0955 7896 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
05:59:53.0955 7896 amdxata - ok
05:59:53.0970 7896 ApfiltrService (22403504e15810e99a563782e9d45311) C:\Windows\system32\DRIVERS\Apfiltr.sys
05:59:53.0986 7896 ApfiltrService - ok
05:59:53.0986 7896 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
05:59:53.0986 7896 AppID - ok
05:59:54.0002 7896 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
05:59:54.0002 7896 AppIDSvc - ok
05:59:54.0002 7896 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
05:59:54.0002 7896 Appinfo - ok
05:59:54.0017 7896 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
05:59:54.0033 7896 AppMgmt - ok
05:59:54.0033 7896 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
05:59:54.0033 7896 arc - ok
05:59:54.0048 7896 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
05:59:54.0048 7896 arcsas - ok
05:59:54.0064 7896 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
05:59:54.0064 7896 AsyncMac - ok
05:59:54.0064 7896 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
05:59:54.0064 7896 atapi - ok
05:59:54.0095 7896 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
05:59:54.0095 7896 AudioEndpointBuilder - ok
05:59:54.0111 7896 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
05:59:54.0111 7896 Audiosrv - ok
05:59:54.0142 7896 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
05:59:54.0158 7896 AxInstSV - ok
05:59:54.0189 7896 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
05:59:54.0189 7896 b06bdrv - ok
05:59:54.0204 7896 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
05:59:54.0204 7896 b57nd60x - ok
05:59:54.0220 7896 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
05:59:54.0220 7896 BBSvc - ok
05:59:54.0236 7896 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
05:59:54.0251 7896 BBUpdate - ok
05:59:54.0251 7896 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
05:59:54.0251 7896 BDESVC - ok
05:59:54.0267 7896 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
05:59:54.0267 7896 Beep - ok
05:59:54.0298 7896 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
05:59:54.0298 7896 BFE - ok
05:59:54.0329 7896 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
05:59:54.0329 7896 BITS - ok
05:59:54.0345 7896 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
05:59:54.0345 7896 blbdrive - ok
05:59:54.0345 7896 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
05:59:54.0345 7896 bowser - ok
05:59:54.0360 7896 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
05:59:54.0360 7896 BrFiltLo - ok
05:59:54.0360 7896 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
05:59:54.0360 7896 BrFiltUp - ok
05:59:54.0376 7896 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
05:59:54.0376 7896 BridgeMP - ok
05:59:54.0392 7896 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
05:59:54.0392 7896 Browser - ok
05:59:54.0407 7896 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
05:59:54.0407 7896 Brserid - ok
05:59:54.0423 7896 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
05:59:54.0423 7896 BrSerWdm - ok
05:59:54.0423 7896 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
05:59:54.0423 7896 BrUsbMdm - ok
05:59:54.0438 7896 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
05:59:54.0438 7896 BrUsbSer - ok
05:59:54.0438 7896 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
05:59:54.0438 7896 BTHMODEM - ok
05:59:54.0454 7896 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
05:59:54.0454 7896 bthserv - ok
05:59:54.0470 7896 buttonsvc32 (89624846ddf18ec83f2063198a4b5d3d) C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
05:59:54.0485 7896 buttonsvc32 - ok
05:59:54.0501 7896 catchme - ok
05:59:54.0516 7896 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
05:59:54.0516 7896 cdfs - ok
05:59:54.0532 7896 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
05:59:54.0532 7896 cdrom - ok
05:59:54.0532 7896 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
05:59:54.0532 7896 CertPropSvc - ok
05:59:54.0548 7896 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
05:59:54.0548 7896 circlass - ok
05:59:54.0563 7896 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
05:59:54.0563 7896 CLFS - ok
05:59:54.0579 7896 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
05:59:54.0579 7896 clr_optimization_v2.0.50727_32 - ok
05:59:54.0594 7896 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
05:59:54.0610 7896 clr_optimization_v4.0.30319_32 - ok
05:59:54.0610 7896 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
05:59:54.0610 7896 CmBatt - ok
05:59:54.0626 7896 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
05:59:54.0626 7896 cmdide - ok
05:59:54.0641 7896 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
05:59:54.0641 7896 CNG - ok
05:59:54.0657 7896 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
05:59:54.0657 7896 Compbatt - ok
05:59:54.0657 7896 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
05:59:54.0657 7896 CompositeBus - ok
05:59:54.0672 7896 COMSysApp - ok
05:59:54.0672 7896 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
05:59:54.0672 7896 crcdisk - ok
05:59:54.0719 7896 Credential Vault Host Control Service (09fea7fbd6a29e3941a2ffc6f7aeb818) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
05:59:54.0735 7896 Credential Vault Host Control Service - ok
05:59:54.0735 7896 Credential Vault Host Storage (45bf153d51ed8790de8f8446b11deb57) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
05:59:54.0735 7896 Credential Vault Host Storage - ok
05:59:54.0750 7896 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
05:59:54.0766 7896 CryptSvc - ok
05:59:54.0782 7896 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
05:59:54.0782 7896 CSC - ok
05:59:54.0813 7896 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
05:59:54.0828 7896 CscService - ok
05:59:54.0828 7896 cvusbdrv (d1697063e2cdb6575aa46d668ffee825) C:\Windows\system32\Drivers\cvusbdrv.sys
05:59:54.0828 7896 cvusbdrv - ok
05:59:54.0860 7896 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
05:59:54.0875 7896 DcomLaunch - ok
05:59:54.0891 7896 dcpsysmgrsvc (4a557869c542b26264ea727c11b6670e) c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
05:59:54.0891 7896 dcpsysmgrsvc - ok
05:59:54.0906 7896 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
05:59:54.0906 7896 defragsvc - ok
05:59:54.0922 7896 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
05:59:54.0922 7896 DfsC - ok
05:59:54.0938 7896 dg_ssudbus (f9f31a9f2a8c0dd0ceb6e380bf0985d4) C:\Windows\system32\DRIVERS\ssudbus.sys
05:59:54.0938 7896 dg_ssudbus - ok
05:59:54.0953 7896 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
05:59:54.0953 7896 Dhcp - ok
05:59:54.0969 7896 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
05:59:54.0969 7896 discache - ok
05:59:54.0969 7896 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
05:59:54.0969 7896 Disk - ok
05:59:54.0984 7896 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
05:59:54.0984 7896 Dnscache - ok
05:59:55.0000 7896 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
05:59:55.0000 7896 dot3svc - ok
05:59:55.0016 7896 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
05:59:55.0016 7896 DPS - ok
05:59:55.0031 7896 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
05:59:55.0031 7896 drmkaud - ok
05:59:55.0062 7896 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
05:59:55.0078 7896 DXGKrnl - ok
05:59:55.0094 7896 e1yexpress (44a91d98d6719b49bcd649a863225b5c) C:\Windows\system32\DRIVERS\e1y6232.sys
05:59:55.0094 7896 e1yexpress - ok
05:59:55.0094 7896 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
05:59:55.0094 7896 EapHost - ok
05:59:55.0265 7896 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
05:59:55.0312 7896 ebdrv - ok
05:59:55.0343 7896 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
05:59:55.0343 7896 EFS - ok
05:59:55.0452 7896 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
05:59:55.0452 7896 ehRecvr - ok
05:59:55.0468 7896 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
05:59:55.0468 7896 ehSched - ok
05:59:55.0499 7896 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
05:59:55.0499 7896 elxstor - ok
05:59:55.0499 7896 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
05:59:55.0515 7896 ErrDev - ok
05:59:55.0530 7896 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
05:59:55.0530 7896 EventSystem - ok
05:59:55.0577 7896 EvtEng (a57be3307ada2fc086b5b43135735283) c:\Program Files\Intel\WiFi\bin\EvtEng.exe
05:59:55.0593 7896 EvtEng - ok
05:59:55.0608 7896 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
05:59:55.0608 7896 exfat - ok
05:59:55.0624 7896 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
05:59:55.0624 7896 fastfat - ok
05:59:55.0640 7896 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
05:59:55.0655 7896 Fax - ok
05:59:55.0655 7896 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
05:59:55.0655 7896 fdc - ok
05:59:55.0671 7896 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
05:59:55.0671 7896 fdPHost - ok
05:59:55.0671 7896 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
05:59:55.0671 7896 FDResPub - ok
05:59:55.0686 7896 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
05:59:55.0686 7896 FileInfo - ok
05:59:55.0702 7896 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
05:59:55.0702 7896 Filetrace - ok
05:59:55.0702 7896 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
05:59:55.0702 7896 flpydisk - ok
05:59:55.0718 7896 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
05:59:55.0718 7896 FltMgr - ok
05:59:55.0749 7896 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
05:59:55.0764 7896 FontCache - ok
05:59:55.0780 7896 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
05:59:55.0780 7896 FontCache3.0.0.0 - ok
05:59:55.0780 7896 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
05:59:55.0780 7896 FsDepends - ok
05:59:55.0796 7896 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
05:59:55.0796 7896 Fs_Rec - ok
05:59:55.0796 7896 FTDIBUS (b7aa8283ec551d3a3b924e520e0621a7) C:\Windows\system32\drivers\ftdibus.sys
05:59:55.0796 7896 FTDIBUS - ok
05:59:55.0811 7896 FTSER2K (596d31583ce332b5514520d74837f434) C:\Windows\system32\drivers\ftser2k.sys
05:59:55.0811 7896 FTSER2K - ok
05:59:55.0827 7896 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
05:59:55.0827 7896 fvevol - ok
05:59:55.0842 7896 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
05:59:55.0842 7896 gagp30kx - ok
05:59:55.0874 7896 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
05:59:55.0874 7896 gpsvc - ok
05:59:55.0889 7896 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
05:59:55.0889 7896 gupdate - ok
05:59:55.0905 7896 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
05:59:55.0905 7896 gupdatem - ok
05:59:55.0905 7896 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
05:59:55.0920 7896 gusvc - ok
05:59:55.0920 7896 HBtnKey (fca74df3ebd87915e3a0b968ef82102d) C:\Windows\system32\DRIVERS\HBtnKey.sys
05:59:55.0920 7896 HBtnKey - ok
05:59:55.0936 7896 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
05:59:55.0936 7896 hcw85cir - ok
05:59:55.0936 7896 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
05:59:55.0936 7896 HDAudBus - ok
05:59:55.0952 7896 HECI (30d57ee84e1e169d41a6e873b549a096) C:\Windows\system32\DRIVERS\HECI.sys
05:59:55.0952 7896 HECI - ok
05:59:55.0952 7896 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
05:59:55.0967 7896 HidBatt - ok
05:59:55.0967 7896 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
05:59:55.0967 7896 HidBth - ok
05:59:55.0983 7896 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
05:59:55.0983 7896 HidIr - ok
05:59:55.0983 7896 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
05:59:55.0998 7896 hidserv - ok
05:59:55.0998 7896 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
05:59:55.0998 7896 HidUsb - ok
05:59:56.0014 7896 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
05:59:56.0014 7896 hkmsvc - ok
05:59:56.0030 7896 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
05:59:56.0030 7896 HomeGroupListener - ok
05:59:56.0045 7896 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
05:59:56.0045 7896 HomeGroupProvider - ok
05:59:56.0061 7896 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
05:59:56.0061 7896 HpSAMD - ok
05:59:56.0076 7896 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
05:59:56.0092 7896 HTTP - ok
05:59:56.0092 7896 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
05:59:56.0092 7896 hwpolicy - ok
05:59:56.0108 7896 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
05:59:56.0108 7896 i8042prt - ok
05:59:56.0139 7896 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys
05:59:56.0139 7896 iaStor - ok
05:59:56.0139 7896 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
05:59:56.0154 7896 IAStorDataMgrSvc - ok
05:59:56.0170 7896 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
05:59:56.0170 7896 iaStorV - ok
05:59:56.0217 7896 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
05:59:56.0232 7896 idsvc - ok
05:59:56.0560 7896 igfx (a70c995199a47f326eef4f9f5e6267a1) C:\Windows\system32\DRIVERS\igdkmd32.sys
05:59:56.0638 7896 igfx - ok
05:59:56.0669 7896 IHA_MessageCenter (c135bff15563592b8ea070ea109967f7) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
05:59:56.0669 7896 IHA_MessageCenter - ok
05:59:56.0700 7896 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
05:59:56.0700 7896 iirsp - ok
05:59:56.0747 7896 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
05:59:56.0747 7896 IKEEXT - ok
05:59:56.0763 7896 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
05:59:56.0763 7896 intelide - ok
05:59:56.0763 7896 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
05:59:56.0763 7896 intelppm - ok
05:59:56.0778 7896 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
05:59:56.0778 7896 IPBusEnum - ok
05:59:56.0794 7896 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
05:59:56.0794 7896 IpFilterDriver - ok
05:59:56.0810 7896 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
05:59:56.0825 7896 iphlpsvc - ok
05:59:56.0825 7896 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
05:59:56.0825 7896 IPMIDRV - ok
05:59:56.0841 7896 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
05:59:56.0841 7896 IPNAT - ok
05:59:56.0841 7896 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
05:59:56.0856 7896 IRENUM - ok
05:59:56.0856 7896 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
05:59:56.0856 7896 isapnp - ok
05:59:56.0872 7896 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
05:59:56.0872 7896 iScsiPrt - ok
05:59:56.0888 7896 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
05:59:56.0888 7896 kbdclass - ok
05:59:56.0888 7896 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
05:59:56.0888 7896 kbdhid - ok
05:59:56.0903 7896 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
05:59:56.0903 7896 KeyIso - ok
05:59:56.0919 7896 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
05:59:56.0919 7896 KSecDD - ok
05:59:56.0934 7896 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
05:59:56.0934 7896 KSecPkg - ok
05:59:56.0950 7896 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
05:59:56.0966 7896 KtmRm - ok
05:59:56.0966 7896 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
05:59:56.0981 7896 LanmanServer - ok
05:59:56.0981 7896 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
05:59:56.0981 7896 LanmanWorkstation - ok
05:59:56.0997 7896 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
05:59:56.0997 7896 lltdio - ok
05:59:57.0012 7896 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
05:59:57.0012 7896 lltdsvc - ok
05:59:57.0028 7896 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
05:59:57.0028 7896 lmhosts - ok
05:59:57.0044 7896 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
05:59:57.0044 7896 LSI_FC - ok
05:59:57.0044 7896 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
05:59:57.0044 7896 LSI_SAS - ok
05:59:57.0059 7896 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
05:59:57.0059 7896 LSI_SAS2 - ok
05:59:57.0075 7896 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
05:59:57.0075 7896 LSI_SCSI - ok
05:59:57.0075 7896 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
05:59:57.0075 7896 luafv - ok
05:59:57.0090 7896 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
05:59:57.0090 7896 MBAMSwissArmy - ok
05:59:57.0106 7896 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
05:59:57.0106 7896 Mcx2Svc - ok
05:59:57.0122 7896 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
05:59:57.0122 7896 MDM - ok
05:59:57.0137 7896 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
05:59:57.0137 7896 megasas - ok
05:59:57.0153 7896 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
05:59:57.0153 7896 MegaSR - ok
05:59:57.0153 7896 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
05:59:57.0168 7896 MMCSS - ok
05:59:57.0168 7896 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
05:59:57.0168 7896 Modem - ok
05:59:57.0184 7896 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
05:59:57.0184 7896 monitor - ok
05:59:57.0184 7896 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
05:59:57.0184 7896 mouclass - ok
05:59:57.0200 7896 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
05:59:57.0200 7896 mouhid - ok
05:59:57.0200 7896 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
05:59:57.0200 7896 mountmgr - ok
05:59:57.0215 7896 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
05:59:57.0215 7896 mpio - ok
05:59:57.0231 7896 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
05:59:57.0231 7896 mpsdrv - ok
05:59:57.0246 7896 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
05:59:57.0262 7896 MpsSvc - ok
05:59:57.0278 7896 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
05:59:57.0278 7896 MRxDAV - ok
05:59:57.0278 7896 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
05:59:57.0293 7896 mrxsmb - ok
05:59:57.0293 7896 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
05:59:57.0309 7896 mrxsmb10 - ok
05:59:57.0309 7896 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
05:59:57.0309 7896 mrxsmb20 - ok
05:59:57.0324 7896 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
05:59:57.0324 7896 msahci - ok
05:59:57.0324 7896 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
05:59:57.0340 7896 msdsm - ok
05:59:57.0340 7896 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
05:59:57.0356 7896 MSDTC - ok
05:59:57.0356 7896 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
05:59:57.0356 7896 Msfs - ok
05:59:57.0371 7896 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
05:59:57.0371 7896 mshidkmdf - ok
05:59:57.0371 7896 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
05:59:57.0371 7896 msisadrv - ok
05:59:57.0387 7896 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
05:59:57.0387 7896 MSiSCSI - ok
05:59:57.0402 7896 msiserver - ok
05:59:57.0402 7896 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
05:59:57.0402 7896 MSKSSRV - ok
05:59:57.0418 7896 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
05:59:57.0418 7896 MSPCLOCK - ok
05:59:57.0418 7896 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
05:59:57.0418 7896 MSPQM - ok
05:59:57.0434 7896 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
05:59:57.0434 7896 MsRPC - ok
05:59:57.0449 7896 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
05:59:57.0449 7896 mssmbios - ok
05:59:57.0449 7896 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
05:59:57.0449 7896 MSTEE - ok
05:59:57.0465 7896 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
05:59:57.0465 7896 MTConfig - ok
05:59:57.0465 7896 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
05:59:57.0480 7896 Mup - ok
05:59:57.0480 7896 NAL (1d99ac4ce3abbd96a8c0d77ff104096d) C:\Windows\system32\Drivers\iqvw32.sys
05:59:57.0480 7896 NAL - ok
05:59:57.0496 7896 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
05:59:57.0512 7896 napagent - ok
05:59:57.0527 7896 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
05:59:57.0527 7896 NativeWifiP - ok
05:59:57.0558 7896 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
05:59:57.0574 7896 NDIS - ok
05:59:57.0574 7896 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
05:59:57.0574 7896 NdisCap - ok
05:59:57.0590 7896 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
05:59:57.0590 7896 NdisTapi - ok
05:59:57.0590 7896 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
05:59:57.0590 7896 Ndisuio - ok
05:59:57.0605 7896 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
05:59:57.0605 7896 NdisWan - ok
05:59:57.0621 7896 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
05:59:57.0621 7896 NDProxy - ok
05:59:57.0621 7896 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
05:59:57.0621 7896 NetBIOS - ok
05:59:57.0636 7896 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
05:59:57.0636 7896 NetBT - ok
05:59:57.0652 7896 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
05:59:57.0652 7896 Netlogon - ok
05:59:57.0668 7896 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
05:59:57.0668 7896 Netman - ok
05:59:57.0699 7896 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
05:59:57.0699 7896 netprofm - ok
05:59:57.0714 7896 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
05:59:57.0714 7896 NetTcpPortSharing - ok
05:59:57.0995 7896 NETw5s32 (ef51b405ad8acaae6f0231290d20f516) C:\Windows\system32\DRIVERS\NETw5s32.sys
05:59:58.0073 7896 NETw5s32 - ok
05:59:58.0120 7896 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
05:59:58.0120 7896 nfrd960 - ok
05:59:58.0136 7896 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
05:59:58.0136 7896 NlaSvc - ok
05:59:58.0151 7896 Nmea - ok
05:59:58.0151 7896 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
05:59:58.0151 7896 Npfs - ok
05:59:58.0167 7896 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
05:59:58.0167 7896 nsi - ok
05:59:58.0167 7896 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
05:59:58.0167 7896 nsiproxy - ok
05:59:58.0245 7896 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
05:59:58.0260 7896 Ntfs - ok
05:59:58.0307 7896 NtrigDigitizerUSBLowerFilter (c4695f4cd171127a006dd236dfdebfcc) C:\Windows\system32\DRIVERS\NtrigDigitizerUSBLowerFilter.sys
05:59:58.0307 7896 NtrigDigitizerUSBLowerFilter - ok
05:59:58.0307 7896 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
05:59:58.0307 7896 Null - ok
05:59:58.0323 7896 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
05:59:58.0323 7896 nvraid - ok
05:59:58.0338 7896 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
05:59:58.0338 7896 nvstor - ok
05:59:58.0338 7896 NvtSp50 - ok
05:59:58.0354 7896 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
05:59:58.0354 7896 nv_agp - ok
05:59:58.0385 7896 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
05:59:58.0385 7896 odserv - ok
05:59:58.0401 7896 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
05:59:58.0401 7896 ohci1394 - ok
05:59:58.0416 7896 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
05:59:58.0416 7896 ose - ok
05:59:58.0604 7896 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
05:59:58.0697 7896 osppsvc - ok
05:59:58.0744 7896 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
05:59:58.0744 7896 p2pimsvc - ok
05:59:58.0760 7896 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
05:59:58.0775 7896 p2psvc - ok
05:59:58.0791 7896 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
05:59:58.0791 7896 Parport - ok
05:59:58.0791 7896 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
05:59:58.0791 7896 partmgr - ok
05:59:58.0806 7896 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
05:59:58.0806 7896 Parvdm - ok
05:59:58.0806 7896 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\Windows\system32\DRIVERS\PBADRV.sys
05:59:58.0806 7896 PBADRV - ok
05:59:58.0822 7896 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
05:59:58.0822 7896 PcaSvc - ok
05:59:58.0838 7896 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
05:59:58.0838 7896 pci - ok
05:59:58.0853 7896 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
05:59:58.0853 7896 pciide - ok
05:59:58.0869 7896 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
05:59:58.0869 7896 pcmcia - ok
05:59:58.0869 7896 PCTINDIS5 - ok
05:59:58.0884 7896 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
05:59:58.0884 7896 pcw - ok
05:59:58.0916 7896 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
05:59:58.0916 7896 PEAUTH - ok
05:59:58.0962 7896 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
05:59:58.0994 7896 PeerDistSvc - ok
05:59:59.0072 7896 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
05:59:59.0103 7896 pla - ok
05:59:59.0150 7896 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
05:59:59.0150 7896 PlugPlay - ok
05:59:59.0150 7896 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
05:59:59.0165 7896 PNRPAutoReg - ok
05:59:59.0181 7896 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
05:59:59.0181 7896 PNRPsvc - ok
05:59:59.0196 7896 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
05:59:59.0212 7896 PolicyAgent - ok
05:59:59.0228 7896 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
05:59:59.0243 7896 Power - ok
05:59:59.0243 7896 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
05:59:59.0259 7896 PptpMiniport - ok
05:59:59.0259 7896 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
05:59:59.0259 7896 Processor - ok
05:59:59.0274 7896 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
05:59:59.0274 7896 ProfSvc - ok
05:59:59.0290 7896 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
05:59:59.0290 7896 ProtectedStorage - ok
05:59:59.0290 7896 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
05:59:59.0306 7896 Psched - ok
05:59:59.0306 7896 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
05:59:59.0306 7896 PxHelp20 - ok
05:59:59.0384 7896 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
05:59:59.0399 7896 ql2300 - ok
05:59:59.0446 7896 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
05:59:59.0446 7896 ql40xx - ok
05:59:59.0462 7896 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
05:59:59.0462 7896 QWAVE - ok
05:59:59.0462 7896 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
05:59:59.0477 7896 QWAVEdrv - ok
05:59:59.0477 7896 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
05:59:59.0477 7896 RasAcd - ok
05:59:59.0493 7896 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
05:59:59.0493 7896 RasAgileVpn - ok
05:59:59.0493 7896 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
05:59:59.0508 7896 RasAuto - ok
05:59:59.0508 7896 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
05:59:59.0508 7896 Rasl2tp - ok
05:59:59.0524 7896 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
05:59:59.0540 7896 RasMan - ok
05:59:59.0540 7896 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
05:59:59.0540 7896 RasPppoe - ok
05:59:59.0555 7896 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
05:59:59.0555 7896 RasSstp - ok
05:59:59.0571 7896 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
05:59:59.0571 7896 rdbss - ok
05:59:59.0571 7896 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
05:59:59.0571 7896 rdpbus - ok
05:59:59.0586 7896 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
05:59:59.0586 7896 RDPCDD - ok
05:59:59.0602 7896 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
05:59:59.0602 7896 RDPDR - ok
05:59:59.0618 7896 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
05:59:59.0618 7896 RDPENCDD - ok
05:59:59.0618 7896 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
05:59:59.0618 7896 RDPREFMP - ok
05:59:59.0633 7896 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
05:59:59.0649 7896 RDPWD - ok
05:59:59.0649 7896 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
05:59:59.0664 7896 rdyboost - ok
05:59:59.0680 7896 RegSrvc (a171029d6b6c2d93c22861a347f43c2a) c:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
05:59:59.0696 7896 RegSrvc - ok
05:59:59.0696 7896 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
05:59:59.0696 7896 RemoteAccess - ok
05:59:59.0711 7896 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
05:59:59.0711 7896 RemoteRegistry - ok
05:59:59.0727 7896 RimUsb - ok
05:59:59.0727 7896 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
05:59:59.0727 7896 RimVSerPort - ok
05:59:59.0742 7896 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
05:59:59.0742 7896 ROOTMODEM - ok
05:59:59.0742 7896 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
05:59:59.0758 7896 RpcEptMapper - ok
05:59:59.0758 7896 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
05:59:59.0758 7896 RpcLocator - ok
05:59:59.0774 7896 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
05:59:59.0789 7896 RpcSs - ok
05:59:59.0789 7896 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
05:59:59.0789 7896 rspndr - ok
05:59:59.0805 7896 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
05:59:59.0805 7896 s3cap - ok
05:59:59.0805 7896 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
05:59:59.0805 7896 SamSs - ok
05:59:59.0820 7896 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
05:59:59.0820 7896 sbp2port - ok
05:59:59.0836 7896 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
05:59:59.0836 7896 SCardSvr - ok
05:59:59.0852 7896 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
05:59:59.0852 7896 scfilter - ok
05:59:59.0883 7896 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
05:59:59.0898 7896 Schedule - ok
05:59:59.0898 7896 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
05:59:59.0898 7896 SCPolicySvc - ok
05:59:59.0914 7896 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
05:59:59.0914 7896 sdbus - ok
05:59:59.0930 7896 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
05:59:59.0930 7896 SDRSVC - ok
05:59:59.0930 7896 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
05:59:59.0930 7896 secdrv - ok
05:59:59.0945 7896 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
05:59:59.0945 7896 seclogon - ok
06:00:00.0008 7896 SecureStorageService (e396fbc469df73692318dc90ad13ce86) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
06:00:00.0023 7896 SecureStorageService - ok
06:00:00.0039 7896 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
06:00:00.0039 7896 SENS - ok
06:00:00.0054 7896 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
06:00:00.0054 7896 SensrSvc - ok
06:00:00.0070 7896 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
06:00:00.0070 7896 Serenum - ok
06:00:00.0086 7896 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
06:00:00.0086 7896 Serial - ok
06:00:00.0086 7896 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
06:00:00.0086 7896 sermouse - ok
06:00:00.0101 7896 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
06:00:00.0117 7896 SessionEnv - ok
06:00:00.0117 7896 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
06:00:00.0117 7896 sffdisk - ok
06:00:00.0132 7896 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
06:00:00.0132 7896 sffp_mmc - ok
06:00:00.0132 7896 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
06:00:00.0132 7896 sffp_sd - ok
06:00:00.0148 7896 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
06:00:00.0148 7896 sfloppy - ok
06:00:00.0164 7896 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
06:00:00.0164 7896 SharedAccess - ok
06:00:00.0179 7896 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
06:00:00.0195 7896 ShellHWDetection - ok
06:00:00.0195 7896 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
06:00:00.0195 7896 sisagp - ok
06:00:00.0210 7896 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
06:00:00.0210 7896 SiSRaid2 - ok
06:00:00.0226 7896 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
06:00:00.0226 7896 SiSRaid4 - ok
06:00:00.0226 7896 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
06:00:00.0226 7896 Smb - ok
06:00:00.0242 7896 SMManager (8fea8f9939ba29e750310fc1f32ccf8f) C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
06:00:00.0242 7896 SMManager - ok
06:00:00.0257 7896 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
06:00:00.0257 7896 SNMPTRAP - ok
06:00:00.0273 7896 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
06:00:00.0273 7896 spldr - ok
06:00:00.0288 7896 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
06:00:00.0288 7896 Spooler - ok
06:00:00.0444 7896 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
06:00:00.0491 7896 sppsvc - ok
06:00:00.0522 7896 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
06:00:00.0522 7896 sppuinotify - ok
06:00:00.0554 7896 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
06:00:00.0554 7896 srv - ok
06:00:00.0569 7896 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
06:00:00.0569 7896 srv2 - ok
06:00:00.0585 7896 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
06:00:00.0585 7896 srvnet - ok
06:00:00.0600 7896 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
06:00:00.0600 7896 SSDPSRV - ok
06:00:00.0616 7896 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
06:00:00.0616 7896 SstpSvc - ok
06:00:00.0632 7896 ssudmdm (07318149e102fd9197ab444c27774372) C:\Windows\system32\DRIVERS\ssudmdm.sys
06:00:00.0632 7896 ssudmdm - ok
06:00:00.0663 7896 STacSV (0a8fa56553913e87aa24a6ce218b88de) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\STacSV.exe
06:00:00.0663 7896 STacSV - ok
06:00:00.0663 7896 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
06:00:00.0678 7896 stexstor - ok
06:00:00.0694 7896 STHDA (2b50cfed920d4cd973adbaaad3fe704f) C:\Windows\system32\DRIVERS\stwrt.sys
06:00:00.0710 7896 STHDA - ok
06:00:00.0725 7896 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
06:00:00.0741 7896 StiSvc - ok
06:00:00.0756 7896 stllssvr (e476c66713c842f58e61a95826ed1d57) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
06:00:00.0756 7896 stllssvr - ok
06:00:00.0756 7896 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
06:00:00.0756 7896 storflt - ok
06:00:00.0772 7896 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
06:00:00.0772 7896 StorSvc - ok
06:00:00.0772 7896 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
06:00:00.0772 7896 storvsc - ok
06:00:00.0788 7896 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
06:00:00.0788 7896 swenum - ok
06:00:00.0788 7896 swmsflt (eda7336cd2e334b4db321bc60b7da11e) C:\Windows\System32\drivers\swmsflt.sys
06:00:00.0788 7896 swmsflt - ok
06:00:00.0819 7896 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
06:00:00.0819 7896 swprv - ok
06:00:00.0881 7896 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
06:00:00.0897 7896 SysMain - ok
06:00:00.0897 7896 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
06:00:00.0912 7896 TabletInputService - ok
06:00:00.0912 7896 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
06:00:00.0928 7896 TapiSrv - ok
06:00:00.0928 7896 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
06:00:00.0944 7896 TBS - ok
06:00:01.0006 7896 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
06:00:01.0022 7896 Tcpip - ok
06:00:01.0115 7896 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
06:00:01.0115 7896 TCPIP6 - ok
06:00:01.0162 7896 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
06:00:01.0178 7896 tcpipreg - ok
06:00:01.0240 7896 tcsd_win32.exe (69f1a38a6dbfe682491cb61a596662e3) C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
06:00:01.0271 7896 tcsd_win32.exe - ok
06:00:01.0334 7896 TdmService (a405d39f4dd131954c39114fba31a5e0) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
06:00:01.0349 7896 TdmService - ok
06:00:01.0380 7896 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
06:00:01.0380 7896 TDPIPE - ok
06:00:01.0396 7896 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
06:00:01.0396 7896 TDTCP - ok
06:00:01.0396 7896 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
06:00:01.0412 7896 tdx - ok
06:00:01.0412 7896 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
06:00:01.0412 7896 TermDD - ok
06:00:01.0443 7896 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
06:00:01.0443 7896 TermService - ok
06:00:01.0458 7896 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
06:00:01.0458 7896 Themes - ok
06:00:01.0474 7896 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
06:00:01.0474 7896 THREADORDER - ok
06:00:01.0474 7896 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
06:00:01.0490 7896 TrkWks - ok
06:00:01.0490 7896 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
06:00:01.0505 7896 TrustedInstaller - ok
06:00:01.0505 7896 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
06:00:01.0505 7896 tssecsrv - ok
06:00:01.0521 7896 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
06:00:01.0521 7896 TsUsbFlt - ok
06:00:01.0536 7896 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
06:00:01.0536 7896 tunnel - ok
06:00:01.0536 7896 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
06:00:01.0536 7896 uagp35 - ok
06:00:01.0552 7896 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
06:00:01.0568 7896 udfs - ok
06:00:01.0583 7896 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
06:00:01.0583 7896 UI0Detect - ok
06:00:01.0583 7896 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
06:00:01.0583 7896 uliagpkx - ok
06:00:01.0599 7896 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
06:00:01.0599 7896 umbus - ok
06:00:01.0599 7896 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
06:00:01.0614 7896 UmPass - ok
06:00:01.0614 7896 umpusbvista (f7f2cb59165eae04075f875b7318373d) C:\Windows\system32\DRIVERS\umpusbvista.sys
06:00:01.0614 7896 umpusbvista - ok
06:00:01.0630 7896 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
06:00:01.0630 7896 UmRdpService - ok
06:00:01.0646 7896 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
06:00:01.0661 7896 upnphost - ok
06:00:01.0661 7896 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
06:00:01.0661 7896 usbccgp - ok
06:00:01.0677 7896 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
06:00:01.0677 7896 usbcir - ok
06:00:01.0677 7896 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
06:00:01.0692 7896 usbehci - ok
06:00:01.0692 7896 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
06:00:01.0708 7896 usbhub - ok
06:00:01.0708 7896 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
06:00:01.0708 7896 usbohci - ok
06:00:01.0724 7896 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
06:00:01.0724 7896 usbprint - ok
06:00:01.0739 7896 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:00:01.0739 7896 USBSTOR - ok
06:00:01.0739 7896 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
06:00:01.0739 7896 usbuhci - ok
06:00:01.0755 7896 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
06:00:01.0755 7896 UxSms - ok
06:00:01.0755 7896 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
06:00:01.0770 7896 VaultSvc - ok
06:00:01.0770 7896 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
06:00:01.0770 7896 vdrvroot - ok
06:00:01.0802 7896 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
06:00:01.0802 7896 vds - ok
06:00:01.0817 7896 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
06:00:01.0817 7896 vga - ok
06:00:01.0817 7896 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
06:00:01.0817 7896 VgaSave - ok
06:00:01.0833 7896 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
06:00:01.0833 7896 vhdmp - ok
06:00:01.0848 7896 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
06:00:01.0848 7896 viaagp - ok
06:00:01.0848 7896 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
06:00:01.0848 7896 ViaC7 - ok
06:00:01.0864 7896 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
06:00:01.0864 7896 viaide - ok
06:00:01.0880 7896 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
06:00:01.0880 7896 vmbus - ok
06:00:01.0880 7896 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
06:00:01.0895 7896 VMBusHID - ok
06:00:01.0895 7896 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
06:00:01.0895 7896 volmgr - ok
06:00:01.0911 7896 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
06:00:01.0911 7896 volmgrx - ok
06:00:01.0926 7896 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
06:00:01.0942 7896 volsnap - ok
06:00:01.0942 7896 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
06:00:01.0942 7896 vsmraid - ok
06:00:01.0989 7896 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
06:00:02.0020 7896 VSS - ok
06:00:02.0020 7896 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
06:00:02.0020 7896 vwifibus - ok
06:00:02.0036 7896 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
06:00:02.0036 7896 vwififlt - ok
06:00:02.0051 7896 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
06:00:02.0051 7896 W32Time - ok
06:00:02.0067 7896 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
06:00:02.0067 7896 WacomPen - ok
06:00:02.0082 7896 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
06:00:02.0082 7896 WANARP - ok
06:00:02.0082 7896 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
06:00:02.0082 7896 Wanarpv6 - ok
06:00:02.0160 7896 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
06:00:02.0176 7896 WatAdminSvc - ok
06:00:02.0223 7896 WavxDMgr (fbf43b275efc98799e76d57e5437edee) C:\Windows\system32\DRIVERS\WavxDMgr.sys
06:00:02.0223 7896 WavxDMgr - ok
06:00:02.0285 7896 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
06:00:02.0301 7896 wbengine - ok
06:00:02.0316 7896 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
06:00:02.0316 7896 WbioSrvc - ok
06:00:02.0348 7896 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
06:00:02.0348 7896 wcncsvc - ok
06:00:02.0363 7896 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
06:00:02.0363 7896 WcsPlugInService - ok
06:00:02.0363 7896 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
06:00:02.0379 7896 Wd - ok
06:00:02.0394 7896 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
06:00:02.0410 7896 Wdf01000 - ok
06:00:02.0410 7896 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
06:00:02.0410 7896 WdiServiceHost - ok
06:00:02.0426 7896 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
06:00:02.0426 7896 WdiSystemHost - ok
06:00:02.0441 7896 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
06:00:02.0441 7896 WebClient - ok
06:00:02.0457 7896 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
06:00:02.0457 7896 Wecsvc - ok
06:00:02.0472 7896 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
06:00:02.0472 7896 wercplsupport - ok
06:00:02.0488 7896 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
06:00:02.0488 7896 WerSvc - ok
06:00:02.0488 7896 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
06:00:02.0504 7896 WfpLwf - ok
06:00:02.0504 7896 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
06:00:02.0504 7896 WIMMount - ok
06:00:02.0535 7896 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
06:00:02.0550 7896 WinDefend - ok
06:00:02.0550 7896 WinHttpAutoProxySvc - ok
06:00:02.0566 7896 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
06:00:02.0582 7896 Winmgmt - ok
06:00:02.0628 7896 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
06:00:02.0644 7896 WinRM - ok
06:00:02.0660 7896 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
06:00:02.0660 7896 WinUsb - ok
06:00:02.0706 7896 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
06:00:02.0722 7896 Wlansvc - ok
06:00:02.0722 7896 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
06:00:02.0722 7896 WmiAcpi - ok
06:00:02.0738 7896 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
06:00:02.0753 7896 wmiApSrv - ok
06:00:02.0800 7896 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
06:00:02.0816 7896 WMPNetworkSvc - ok
06:00:02.0847 7896 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
06:00:02.0847 7896 WPCSvc - ok
06:00:02.0862 7896 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
06:00:02.0862 7896 WPDBusEnum - ok
06:00:02.0878 7896 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
06:00:02.0878 7896 ws2ifsl - ok
06:00:02.0894 7896 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
06:00:02.0894 7896 wscsvc - ok
06:00:02.0894 7896 WSearch - ok
06:00:03.0003 7896 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
06:00:03.0034 7896 wuauserv - ok
06:00:03.0081 7896 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
06:00:03.0081 7896 WudfPf - ok
06:00:03.0096 7896 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
06:00:03.0096 7896 WUDFRd - ok
06:00:03.0112 7896 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
06:00:03.0112 7896 wudfsvc - ok
06:00:03.0128 7896 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
06:00:03.0128 7896 WwanSvc - ok
06:00:03.0143 7896 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
06:00:03.0143 7896 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
06:00:03.0143 7896 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
06:00:03.0159 7896 Boot (0x1200) (f1b6f387938742297862dce286fc243e) \Device\Harddisk0\DR0\Partition0
06:00:03.0159 7896 \Device\Harddisk0\DR0\Partition0 - ok
06:00:03.0159 7896 Boot (0x1200) (c67bb52af5ae59bfea132e84b3dbac37) \Device\Harddisk0\DR0\Partition1
06:00:03.0159 7896 \Device\Harddisk0\DR0\Partition1 - ok
06:00:03.0159 7896 ============================================================
06:00:03.0159 7896 Scan finished
06:00:03.0159 7896 ============================================================
06:00:03.0221 6584 Detected object count: 1
06:00:03.0221 6584 Actual detected object count: 1
06:00:19.0071 6584 \Device\Harddisk0\DR0\# - copied to quarantine
06:00:19.0071 6584 \Device\Harddisk0\DR0 - copied to quarantine
06:00:19.0086 6584 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
06:00:19.0086 6584 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
06:00:19.0102 6584 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
06:00:19.0102 6584 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
06:00:19.0102 6584 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
06:00:19.0118 6584 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
06:00:19.0118 6584 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
06:00:19.0118 6584 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
06:00:19.0118 6584 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
06:00:19.0118 6584 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
06:00:19.0118 6584 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
06:00:19.0118 6584 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
06:00:19.0133 6584 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
06:00:19.0133 6584 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
06:00:19.0133 6584 \Device\Harddisk0\DR0 - ok
06:00:19.0133 6584 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
06:00:28.0821 8056 Deinitialize success

Ran aswMBR, updated definitions, and started the quickscan. Got through "services" (I think) and started scanning "modules" (I think) but then got Blue Screen of Death. Computer rebooted normally. I will post this and try aswMBR again to see what happens.

#8 mjabaley

mjabaley
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 16 July 2012 - 05:15 AM

Please ensure you read the prior entry too!

Second attempt at aswMBR ran to completion with the following results:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-16 06:09:41
-----------------------------
06:09:41.892 OS Version: Windows 6.1.7601 Service Pack 1
06:09:41.892 Number of processors: 2 586 0x170A
06:09:41.892 ComputerName: JABALEY-PC UserName: jabaley
06:09:42.329 Initialize success
06:09:48.772 AVAST engine defs: 12071600
06:09:54.965 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
06:09:54.981 Disk 0 Vendor: SAMSUNG_ VBM9 Size: 122104MB BusType: 3
06:09:54.981 Disk 0 MBR read successfully
06:09:54.996 Disk 0 MBR scan
06:09:55.012 Disk 0 Windows VISTA default MBR code
06:09:55.012 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 525 MB offset 63
06:09:55.012 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 750 MB offset 1077248
06:09:55.028 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 120827 MB offset 2613248
06:09:55.028 Disk 0 scanning sectors +250066944
06:09:55.043 Disk 0 scanning C:\Windows\system32\drivers
06:09:59.489 Service scanning
06:10:11.751 Modules scanning
06:10:16.025 Disk 0 trace - called modules:
06:10:16.041 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
06:10:16.041 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x869e42e0]
06:10:16.056 3 CLASSPNP.SYS[88f8c59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84efa028]
06:10:16.400 AVAST engine scan C:\Windows
06:10:17.570 AVAST engine scan C:\Windows\system32
06:11:58.845 AVAST engine scan C:\Windows\system32\drivers
06:12:05.397 AVAST engine scan C:\Users\jabaley
06:13:41.899 AVAST engine scan C:\ProgramData
06:13:48.544 File: C:\ProgramData\Microsoft\Windows\DRM\2377.tmp **INFECTED** Win32:Crypt-NBS [Trj]
06:13:48.607 File: C:\ProgramData\Microsoft\Windows\DRM\4922.tmp **INFECTED** Win32:Alureon-ATO [Trj]
06:13:54.426 Scan finished successfully
06:14:33.566 Disk 0 MBR has been saved successfully to "C:\Users\jabaley\Desktop\MBR.dat"
06:14:33.582 The log file has been saved successfully to "C:\Users\jabaley\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:00 AM

Posted 16 July 2012 - 11:43 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
C:\ProgramData\Microsoft\Windows\DRM

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 mjabaley

mjabaley
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 16 July 2012 - 06:22 PM

Thanks Gringo. The computer seems to be working better, I haven't had the audio problem for 15 minutes now. I am restarting antivirus and firewall protection. I will let you know if it starts acting up again! Combofix log:

ComboFix 12-07-16.01 - jabaley 07/16/2012 19:10:48.3.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2000.774 [GMT -4:00]
Running from: C:\Users\jabaley\Desktop\ComboFix.exe
Command switches used :: C:\Users\jabaley\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\ProgramData\Microsoft\Windows\DRM
C:\ProgramData\Microsoft\Windows\DRM\2377.tmp
C:\ProgramData\Microsoft\Windows\DRM\4922.tmp
C:\ProgramData\Microsoft\Windows\DRM\blackbox.bin
C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds
C:\ProgramData\Microsoft\Windows\DRM\v3ks.bla
C:\ProgramData\Microsoft\Windows\DRM\v3ks.sec
C:\Users\jabaley\AppData\Local\Temp\{7A7660E8-90B1-4CD9-B720-FDB0FE3D780E}\fpb.tmp
C:\Windows\system32\muzapp.exe


((((((((((((((((((((((((( Files Created from 2012-06-16 to 2012-07-16 )))))))))))))))))))))))))))))))


2012-07-16 23:16:53 . 2012-07-16 23:17:42 -------- d-----w- C:\Users\jabaley\AppData\Local\temp
2012-07-16 23:16:53 . 2012-07-16 23:16:53 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-07-16 10:00:18 . 2012-07-16 10:00:18 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-16 02:06:19 . 2012-07-16 02:06:19 -------- d-----w- C:\Program Files\Common Files\Java
2012-07-16 02:02:40 . 2012-07-16 02:02:40 -------- d-----w- C:\Program Files\Oracle
2012-07-16 02:02:23 . 2012-07-06 02:06:30 772544 ----a-w- C:\Windows\system32\npDeployJava1.dll
2012-07-16 00:33:39 . 2012-07-16 09:56:00 -------- d-----w- C:\Temp
2012-07-16 00:31:14 . 2010-12-21 05:55:02 581192 ----a-w- C:\Windows\system32\WinUSBCoInstaller.dll
2012-07-16 00:31:13 . 2012-06-04 07:59:20 80824 ----a-w- C:\Windows\system32\drivers\ssudbus.sys
2012-07-16 00:31:13 . 2012-06-04 07:59:20 181432 ----a-w- C:\Windows\system32\drivers\ssudmdm.sys
2012-07-16 00:29:09 . 2012-06-26 20:02:36 821824 ----a-w- C:\Windows\system32\dgderapi.dll
2012-07-15 22:13:30 . 2012-07-16 00:33:10 -------- d-----w- C:\Users\jabaley\AppData\Local\Samsung
2012-07-15 22:13:28 . 2012-07-16 00:27:56 -------- d-----w- C:\Users\jabaley\AppData\Roaming\Samsung
2012-07-15 22:09:57 . 2012-06-26 20:03:06 4659712 ----a-w- C:\Windows\system32\Redemption.dll
2012-07-15 22:09:37 . 2012-07-15 22:09:37 -------- d-----w- C:\Program Files\MarkAny
2012-07-15 22:09:00 . 2012-07-16 00:28:33 -------- d-----w- C:\ProgramData\Samsung
2012-07-15 22:09:00 . 2012-07-15 22:10:53 -------- d-----w- C:\Program Files\Samsung
2012-07-15 22:04:07 . 2012-07-15 22:04:07 -------- d-----w- C:\Users\jabaley\AppData\Local\Downloaded Installations
2012-07-15 22:01:49 . 2012-07-15 22:01:49 -------- d-----w- C:\ProgramData\Sprint
2012-07-15 20:49:43 . 2012-07-15 20:49:43 -------- d-----w- C:\Users\jabaley\AppData\Roaming\Bytemobile
2012-07-15 20:13:56 . 2007-01-18 14:24:58 26496 ----a-w- C:\Windows\system32\drivers\RimSerial.sys
2012-07-15 20:13:54 . 2008-11-24 22:04:10 27072 ----a-w- C:\Windows\system32\drivers\PCASp50.sys
2012-07-15 20:10:56 . 2012-07-15 22:01:42 -------- d-----w- C:\Program Files\Common Files\Motorola Shared
2012-07-15 20:07:00 . 2012-06-18 07:14:40 6762896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2B304514-FAE3-4BD7-A899-648E9B5C7764}\mpengine.dll
2012-07-14 15:17:34 . 2012-07-14 15:35:33 40776 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2012-07-13 23:49:25 . 2012-04-28 03:17:07 183808 ----a-w- C:\Windows\system32\drivers\rdpwd.sys
2012-07-13 23:49:17 . 2012-06-02 04:45:04 67440 ----a-w- C:\Windows\system32\drivers\ksecdd.sys
2012-07-13 23:49:17 . 2012-06-02 04:45:03 134000 ----a-w- C:\Windows\system32\drivers\ksecpkg.sys
2012-07-13 23:49:17 . 2012-06-02 04:40:59 369336 ----a-w- C:\Windows\system32\drivers\cng.sys
2012-07-13 23:49:17 . 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\system32\schannel.dll
2012-07-13 23:49:17 . 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\system32\ncrypt.dll
2012-07-13 23:49:06 . 2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\system32\msi.dll
2012-07-13 23:48:58 . 2012-04-26 04:45:55 58880 ----a-w- C:\Windows\system32\rdpwsx.dll
2012-07-13 23:48:58 . 2012-04-26 04:45:54 129536 ----a-w- C:\Windows\system32\rdpcorekmts.dll
2012-07-13 23:48:58 . 2012-04-26 04:41:16 8192 ----a-w- C:\Windows\system32\rdrmemptylst.exe
2012-07-13 23:48:44 . 2012-05-01 04:44:12 164352 ----a-w- C:\Windows\system32\profsvc.dll
2012-07-13 23:45:04 . 2012-07-13 23:45:04 -------- d-----w- C:\Users\jabaley\.autobahn
2012-07-13 23:44:49 . 2012-07-13 23:45:01 -------- d-----w- C:\Users\jabaley\AppData\Local\Autobahn
2012-07-12 21:23:00 . 2012-06-02 09:08:27 140920 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2012-07-12 21:23:00 . 2012-06-02 08:22:22 194560 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
2012-07-12 21:23:00 . 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\system32\mshtml.tlb
2012-07-12 21:17:06 . 2012-06-12 02:40:48 2345984 ----a-w- C:\Windows\system32\win32k.sys
2012-07-11 00:36:59 . 2012-06-02 22:19:33 53784 ----a-w- C:\Windows\system32\wuauclt.exe
2012-07-11 00:36:59 . 2012-06-02 22:19:33 45080 ----a-w- C:\Windows\system32\wups2.dll
2012-07-11 00:36:58 . 2012-06-02 22:19:17 1933848 ----a-w- C:\Windows\system32\wuaueng.dll
2012-07-11 00:36:58 . 2012-06-02 22:12:32 2422272 ----a-w- C:\Windows\system32\wucltux.dll
2012-07-11 00:36:41 . 2012-06-02 22:19:32 35864 ----a-w- C:\Windows\system32\wups.dll
2012-07-11 00:36:41 . 2012-06-02 22:19:23 577048 ----a-w- C:\Windows\system32\wuapi.dll
2012-07-11 00:36:41 . 2012-06-02 22:12:13 88576 ----a-w- C:\Windows\system32\wudriver.dll
2012-07-11 00:36:32 . 2012-06-02 19:19:42 171904 ----a-w- C:\Windows\system32\wuwebv.dll
2012-07-11 00:36:32 . 2012-06-02 19:12:20 33792 ----a-w- C:\Windows\system32\wuapp.exe
2012-07-10 02:55:37 . 2012-07-10 02:55:37 -------- d-----w- C:\ProgramData\McAfee
2012-06-24 00:50:35 . 2012-06-24 00:50:35 -------- d-----w- C:\Users\jabaley\AppData\Roaming\Malwarebytes
2012-06-24 00:50:24 . 2012-06-24 00:50:24 -------- d-----w- C:\ProgramData\Malwarebytes
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-07-16 23:05:36 . 2011-07-07 14:41:12 0 ----a-w- C:\Users\jabaley\AppData\Local\WavXMapDrive.bat
2012-07-12 21:11:43 . 2012-04-09 20:38:17 426184 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2012-07-12 21:11:43 . 2011-08-07 22:13:23 70344 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2012-06-28 03:53:31 . 2012-03-08 01:17:25 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-06-28 03:52:48 . 2012-03-08 01:16:31 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-06-28 03:51:29 . 2012-02-14 00:00:25 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-06-28 03:51:21 . 2012-03-07 04:05:54 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-05-31 16:25:14 . 2011-07-09 11:15:47 237072 ------w- C:\Windows\system32\MpSigStub.exe
2012-04-26 02:18:39 . 2012-02-14 00:00:51 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-04-26 02:18:23 . 2012-02-14 00:00:34 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-04-26 02:08:02 . 2012-03-07 04:06:27 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-03-29 18:45:32 62832 ----a-w- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-03-29 18:45:32 62832 ----a-w- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-09 11:23:12 39408]
"Akamai NetSession Interface"="C:\Users\jabaley\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 10:32:24 4327744]
"KiesPreload"="C:\Program Files\Samsung\Kies\Kies.exe" [2012-07-02 21:12:40 975288]
"KiesPDLR"="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-02 21:12:50 21432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2010-02-18 00:20:16 278528]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray.exe" [2010-04-05 16:56:06 495708]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2010-01-04 19:33:28 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2010-01-04 19:33:14 174104]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2010-01-04 19:33:20 151064]
"IAStorIcon"="C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 02:16:04 284696]
"NtrigApplet"="C:\Program Files\N-trig\N-trig Software Bundle\NtrigApplet.exe" [2010-09-27 16:32:26 2293760]
"DellControlPoint"="C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-11-02 17:40:54 657920]
"DellConnectionManager"="C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-12-22 17:23:52 1845248]
"WavXMgr"="C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-07-21 22:01:38 147840]
"USCService"="C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 17:33:38 34232]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 02:19:50 140520]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 07:37:53 843712]
"acevents"="C:\Program Files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 21:16:34 153640]
"accrdsub"="C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 21:13:28 400936]
"KiesTrayAgent"="C:\Program Files\Samsung\Kies\KiesTrayAgent.exe" [2012-07-02 21:12:42 3524536]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 15:07:54 252296]

C:\Users\jabaley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
NexDef Plug-in.lnk - C:\Users\jabaley\AppData\Local\Autobahn\nexdef.exe [2011-8-11 15490560]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
ActivClient Agent.lnk - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 130600]
Chapura SyncManager.lnk - C:\Program Files\Chapura\Chapura SyncManager\SyncMgr.exe [2011-8-8 2186240]
Dell System Manager.lnk - C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe [2010-8-24 1458032]
Google Calendar Sync.lnk - C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
TdmNotify.lnk - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 132456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

R2 acautoreg;ActivCard Gold Autoregister;C:\Program Files\Common Files\ActivCard\acautoreg.exe [x]
R2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [x]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R3 acpials;ALS Sensor Filter;C:\Windows\system32\DRIVERS\acpials.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys [x]
R3 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\system32\drivers\mbamswissarmy.sys [x]
R3 NvtSp50;NvtSp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\NvtSp50.sys [x]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]
R3 umpusbvista;Texas Instruments USB Serial Driver;C:\Windows\system32\DRIVERS\umpusbvista.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe [x]
S2 BBSvc;Bing Bar Update Service;C:\Program Files\Microsoft\BingBar\BBSvc.EXE [x]
S2 BBUpdate;BBUpdate;C:\Program Files\Microsoft\BingBar\SeaPort.EXE [x]
S2 buttonsvc32;Dell ControlPoint Button Service;C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe [x]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [x]
S2 Credential Vault Host Storage;Credential Vault Host Storage;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [x]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [x]
S2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x]
S2 SMManager;Smith Micro Connection Manager Service;C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [x]
S3 cvusbdrv;Dell ControlVault;C:\Windows\system32\Drivers\cvusbdrv.sys [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y6232.sys [x]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;C:\Windows\system32\DRIVERS\NETw5s32.sys [x]
S3 NtrigDigitizerUSBLowerFilter;N-Trig DuoSense Control Interface Filter Driver;C:\Windows\system32\DRIVERS\NtrigDigitizerUSBLowerFilter.sys [x]


Contents of the 'Scheduled Tasks' folder

2012-07-16 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 20:38:17 . 2012-07-12 21:11:45]

2012-07-16 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-09 11:23:16 . 2011-07-09 11:23:13]

2012-07-16 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-09 11:23:16 . 2011-07-09 11:23:13]


------- Supplementary Scan -------

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12

- - - - ORPHANS REMOVED - - - -

HKCU-Run-KiesAirMessage - C:\Program Files\Samsung\Kies\KiesAirMessage.exe
AddRemove-01_Simmental - C:\Program Files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - C:\Program Files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - C:\Program Files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - C:\Program Files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - C:\Program Files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - C:\Program Files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - C:\Program Files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - C:\Program Files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - C:\Program Files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - C:\Program Files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - C:\Program Files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - C:\Program Files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - C:\Program Files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - C:\Program Files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - C:\Program Files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - C:\Program Files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - C:\Program Files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - C:\Program Files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - C:\Program Files\Samsung\USB Drivers\25_escape\Uninstall.exe

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:00 AM

Posted 16 July 2012 - 09:59 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Bing Bar
Java™ 6 Update 29
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:00 AM

Posted 19 July 2012 - 12:19 AM

Greetings

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 mjabaley

mjabaley
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 20 July 2012 - 06:43 AM

Gringo - sorry - I've been on travel - should be able to work this tonight or tomorrow.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:00 AM

Posted 20 July 2012 - 10:24 PM

no problem and see you then



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 mjabaley

mjabaley
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 21 July 2012 - 11:15 AM

OK - everything lookos good, one question for you about HiJack This in the below - should I follow directions to edit the driver file?

Problem has not re-appeared for about a week now.

Results from last step:

Downloaded and ran Revo Uninstaller, uninstalled Bing Bar. I had previously updated Java so the Java 6 Update 29 was no longer there.

Confirmed Java is up to date (version 7 update 5)

Downladed and ran ccleaner (by the way, it no longer asks to install yahoo toolbar - now it asks to install google chrome).

Downloaded and ran Malwarebytes. No malicious items found. Log follows:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.21.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
jabaley :: JABALEY-PC [administrator]

Protection: Disabled

7/21/2012 11:58:24 AM
mbam-log-2012-07-21 (11-58-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199961
Time elapsed: 8 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Downloaded and ran HijackTHis. Got an error - "For some reasosn your system denied write access to the Hosts file and so on...." Should I follow the directions to edit the driver file?

HijackThis logfile:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:12:15 PM, on 7/21/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\N-trig\N-trig Software Bundle\NtrigApplet.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\jabaley\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\Chapura\Chapura SyncManager\SyncMgr.exe
C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Users\jabaley\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\conhost.exe
C:\Users\jabaley\AppData\Local\Autobahn\nexdef.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\jabaley\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\bin\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [NtrigApplet] C:\Program Files\N-trig\N-trig Software Bundle\NtrigApplet.exe
O4 - HKLM\..\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
O4 - HKLM\..\Run: [DellConnectionManager] "C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe"
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\jabaley\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - Startup: NexDef Plug-in.lnk = jabaley\AppData\Local\Autobahn\nexdef.exe
O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
O4 - Global Startup: Chapura SyncManager.lnk = C:\Program Files\Chapura\Chapura SyncManager\SyncMgr.exe
O4 - Global Startup: Dell System Manager.lnk = C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O4 - Global Startup: TdmNotify.lnk = C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: SEP - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll (file missing)
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: ActivCard Gold Autoregister (acautoreg) - Unknown owner - C:\Program Files\Common Files\ActivCard\acautoreg.exe (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe
O23 - Service: Dell ControlPoint Button Service (buttonsvc32) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: Dell System Manager Service (dcpsysmgrsvc) - Dell Inc. - c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - c:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IHA_MessageCenter - Verizon - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - c:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: Symantec Endpoint Protection (SepMasterService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
O23 - Service: Smith Micro Connection Manager Service (SMManager) - Smith Micro Software, Inc. - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

--
End of file - 12483 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users