Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Scour Browser Redirect


  • This topic is locked This topic is locked
29 replies to this topic

#1 jpetrucelli

jpetrucelli

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 31 July 2012 - 02:03 PM

I'm running 64bit Windows 7 so I did not perform the GMER step.

Thank you!

John

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:52 AM

Posted 03 August 2012 - 04:32 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:52 AM

Posted 05 August 2012 - 11:23 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 jpetrucelli

jpetrucelli
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 06 August 2012 - 10:11 AM

Hi,

Yes, sorry. Was away for the weekend. I will try your suggestion today.

Thank you.

JP

#5 jpetrucelli

jpetrucelli
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 06 August 2012 - 10:37 AM

Attached File  Attach.txt   12.45KB   0 downloads

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by jpetrucelli at 11:25:52 on 2012-08-06
Microsoft Windows 7 Enterprise N 6.1.7601.1.1252.1.1033.18.8103.4363 [GMT -4:00]
.
AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\AppleOSSMgr.exe
C:\Windows\system32\AppleTimeSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Mediafour\MacDrive 9\MacDrive9Service.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\vds.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Boot Camp\Bootcamp.exe
C:\Program Files\Mediafour\MacDrive 9\MacDrive.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Users\jpetrucelli\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\FSL\IconRestorer\IconRestorer.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe
C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe
C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\jpetrucelli\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Users\jpetrucelli\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler64.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\Adobe\Adobe Illustrator CS5.1\Support Files\Contents\Windows\Illustrator.exe
C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
C:\Windows\explorer.exe
C:\Program Files\Microsoft Office\Office14\POWERPNT.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
C:\PROGRA~2\MIFE82~1\Office12\OIS.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Users\jpetrucelli\Downloads\Defogger(1).exe
C:\Windows\system32\conhost.exe
C:\Users\jpetrucelli\Desktop\SecurityCheck.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [<NO NAME>]
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun: [ISTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI
StartupFolder: C:\Users\JPETRU~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\jpetrucelli\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\JPETRU~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ICONRE~1.LNK - C:\Program Files (x86)\FSL\IconRestorer\IconRestorer.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
mPolicies-system: SoftwareSASGeneration = 3 (0x3)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIFE82~1\Office12\REFIEBAR.DLL
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: connectedu.net\sharepoint
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 64.222.163.243 64.222.84.243
TCP: Interfaces\{2E6FEEB3-E476-47AA-9771-C0FAF54AC2CD} : DhcpNameServer = 68.87.71.230 68.87.73.246
TCP: Interfaces\{42969F2C-CD90-4968-8139-3105EB56AC99} : DhcpNameServer = 172.26.38.1 172.26.38.2
TCP: Interfaces\{68D1ACEA-3E68-4D0D-BAC6-A0A27D448B7B} : DhcpNameServer = 172.26.38.1 172.26.38.2
TCP: Interfaces\{8D23DBB8-545A-4A57-A8C5-AA69F646F656} : DhcpNameServer = 10.100.11.21 10.100.11.22
TCP: Interfaces\{A340F73E-265E-4802-8742-CEE5CB7A1889} : DhcpNameServer = 64.222.163.243 64.222.84.243
TCP: Interfaces\{A340F73E-265E-4802-8742-CEE5CB7A1889}\34F6E6E6563647544455 : DhcpNameServer = 10.100.11.21 10.100.11.22
TCP: Interfaces\{A340F73E-265E-4802-8742-CEE5CB7A1889}\75745756374727F6F6D6 : DhcpNameServer = 4.2.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO-X64: Browser Guard BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [(Default)]
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun-x64: [ISTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\jpetrucelli\AppData\Roaming\Mozilla\Firefox\Profiles\qlhmmlt4.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\jpetrucelli\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\jpetrucelli\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MDFSYSNT;MacDrive file system driver;C:\Windows\system32\drivers\MDFSYSNT.sys --> C:\Windows\system32\drivers\MDFSYSNT.sys [?]
R0 MDPMGRNT;MacDrive Partition Driver;C:\Windows\system32\DRIVERS\MDPMGRNT.SYS --> C:\Windows\system32\DRIVERS\MDPMGRNT.SYS [?]
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
R0 TfFsMon;TfFsMon;C:\Windows\system32\drivers\TfFsMon.sys --> C:\Windows\system32\drivers\TfFsMon.sys [?]
R0 TFSysMon;TFSysMon;C:\Windows\system32\drivers\TfSysMon.sys --> C:\Windows\system32\drivers\TfSysMon.sys [?]
R1 CBDisk;CBDisk;\??\C:\Windows\system32\drivers\CBDisk.sys --> C:\Windows\system32\drivers\CBDisk.sys [?]
R1 pctgntdi;pctgntdi;\??\C:\Windows\System32\drivers\pctgntdi64.sys --> C:\Windows\System32\drivers\pctgntdi64.sys [?]
R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AppleOSSMgr;Apple OS Switch Manager;C:\Windows\system32\AppleOSSMgr.exe --> C:\Windows\system32\AppleOSSMgr.exe [?]
R2 AppleTimeSrv;Apple Time Service;C:\Windows\system32\AppleTimeSrv.exe --> C:\Windows\system32\AppleTimeSrv.exe [?]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-7-26 575448]
R2 Dokan;Dokan;\??\C:\Windows\system32\drivers\dokan.sys --> C:\Windows\system32\drivers\dokan.sys [?]
R2 KeyAgent;KeyAgent;\??\C:\Windows\system32\drivers\KeyAgent.sys --> C:\Windows\system32\drivers\KeyAgent.sys [?]
R2 MacDrive9Service;MacDrive 9 service;C:\Program Files\Mediafour\MacDrive 9\MacDrive9Service.exe [2012-5-21 178176]
R2 MacHALDriver;Mac HAL;\??\C:\Windows\system32\drivers\MacHALDriver.sys --> C:\Windows\system32\drivers\MacHALDriver.sys [?]
R2 monblanking;monblanking;C:\Windows\system32\DRIVERS\monblanking.sys --> C:\Windows\system32\DRIVERS\monblanking.sys [?]
R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-7-26 402368]
R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [2012-7-26 1118680]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-16 2655768]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-9-22 645048]
R3 acpials;ALS Sensor Filter;C:\Windows\system32\DRIVERS\acpials.sys --> C:\Windows\system32\DRIVERS\acpials.sys [?]
R3 AppleBtBc;Apple Broadcom Built-in Bluetooth;C:\Windows\system32\DRIVERS\AppleBtBc.sys --> C:\Windows\system32\DRIVERS\AppleBtBc.sys [?]
R3 applemtm;Apple Multitouch Mouse;C:\Windows\system32\DRIVERS\applemtm.sys --> C:\Windows\system32\DRIVERS\applemtm.sys [?]
R3 applemtp;Apple Multitouch;C:\Windows\system32\DRIVERS\applemtp.sys --> C:\Windows\system32\DRIVERS\applemtp.sys [?]
R3 bScsiSDa;bScsiSDa;C:\Windows\system32\DRIVERS\bScsiSDa.sys --> C:\Windows\system32\DRIVERS\bScsiSDa.sys [?]
R3 CirrusFilter;CS420xLowerFilter;C:\Windows\system32\DRIVERS\CS420x64.sys --> C:\Windows\system32\DRIVERS\CS420x64.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 IRRemoteFlt;IR Receiver Filter Driver;C:\Windows\system32\DRIVERS\IRFilter.sys --> C:\Windows\system32\DRIVERS\IRFilter.sys [?]
R3 KeyMagic;USB Keyboard HID Filter;C:\Windows\system32\DRIVERS\KeyMagic.sys --> C:\Windows\system32\DRIVERS\KeyMagic.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\system32\Drivers\PCTBD64.sys --> C:\Windows\system32\Drivers\PCTBD64.sys [?]
R3 pctplsg;pctplsg;\??\C:\Windows\System32\drivers\pctplsg64.sys --> C:\Windows\System32\drivers\pctplsg64.sys [?]
R3 TfNetMon;TfNetMon;\??\C:\Windows\system32\drivers\TfNetMon.sys --> C:\Windows\system32\drivers\TfNetMon.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AppleDisplayFlt;Apple Display Driver;C:\Windows\system32\DRIVERS\aaplmonf.sys --> C:\Windows\system32\DRIVERS\aaplmonf.sys [?]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
S3 DbusAudio;DbusAudio;C:\Windows\system32\drivers\DbusAudio.sys --> C:\Windows\system32\drivers\DbusAudio.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 ThreatFire;ThreatFire;C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service --> C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
S4 AppleHFS;AppleHFS;C:\Windows\system32\drivers\AppleHFS.sys --> C:\Windows\system32\drivers\AppleHFS.sys [?]
S4 AppleMNT;AppleMNT;C:\Windows\system32\drivers\AppleMNT.sys --> C:\Windows\system32\drivers\AppleMNT.sys [?]
S4 DokanMounter;DokanMounter;C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [2011-1-10 14848]
S4 hddledd;hddledd;C:\Program Files (x86)\HddLed\hddledd.exe [2009-8-21 49152]
S4 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
S4 M4-Service;M4-Service;C:\Users\jpetrucelli\AppData\Roaming\Mikogo 4\M4-Service.exe [2011-8-4 1003888]
S4 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-3-25 113120]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S4 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-1-23 92592]
S4 WebUpdate4;Web Update Wizard Service V4;C:\Windows\SysWOW64\WebUpdateSvc4.exe [2008-9-15 262360]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-05 09:39:27 -------- dc----w- C:\Users\jpetrucelli\AppData\Roaming\TuneUp Software
2012-08-05 09:39:22 -------- dc----w- C:\ProgramData\TuneUp Software
2012-08-05 09:39:21 -------- dcsh--w- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-08-04 20:28:17 -------- dc----w- C:\Program Files\iPod
2012-08-04 20:28:16 -------- dc----w- C:\Program Files\iTunes
2012-08-04 20:28:16 -------- dc----w- C:\Program Files (x86)\iTunes
2012-08-03 14:03:45 1831496 -c--a-w- C:\Users\jpetrucelli\gotomypc_670.exe
2012-08-02 13:44:14 913888 -c--a-w- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2012-07-30 13:35:28 -------- dc----w- C:\Users\jpetrucelli\AppData\Roaming\Malwarebytes
2012-07-30 13:35:20 -------- dc----w- C:\ProgramData\Malwarebytes
2012-07-27 14:59:37 -------- dc----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-27 14:59:37 -------- dc----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-26 12:34:32 706776 -cs---w- C:\Windows\System32\drivers\TfSysMon.sys
2012-07-26 12:34:32 65664 -cs---w- C:\Windows\System32\drivers\TfFsMon.sys
2012-07-26 12:34:32 41968 -cs---w- C:\Windows\System32\drivers\TfNetMon.sys
2012-07-26 11:56:43 -------- dc----w- C:\ProgramData\PC Tools
2012-07-26 11:56:41 -------- dc----w- C:\Users\jpetrucelli\AppData\Roaming\TestApp
2012-07-26 11:31:33 32464 -c--a-w- C:\Windows\System32\drivers\MDPMGRNT.SYS
2012-07-24 19:31:34 -------- dc----w- C:\Users\jpetrucelli\AppData\Roaming\Adobe Mini Bridge CS5.1
2012-07-24 13:23:57 81920 -c--a-w- C:\Windows\System32\Spool\prtprocs\x64\LMACKL4C.DLL
2012-07-21 19:53:44 -------- dc----w- C:\Users\jpetrucelli\AppData\Local\{C30C6AD4-D36D-11E1-8270-B8AC6F996F26}
2012-07-21 19:53:44 -------- dc----w- C:\Users\jpetrucelli\AppData\Local\{C30C37D6-D36D-11E1-8270-B8AC6F996F26}
2012-07-21 19:53:42 453120 -c--a-w- C:\Users\jpetrucelli\AppData\Roaming\spipli.dll
2012-07-12 13:16:04 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-07-12 13:16:04 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-07-12 13:16:04 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-07-12 13:16:04 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-07-12 13:16:03 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-07-12 13:16:03 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-07-12 13:16:03 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-07-12 13:16:03 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-07-12 13:16:03 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-07-11 14:10:08 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 12:36:59 2004480 ----a-w- C:\Windows\System32\msxml6.dll
.
==================== Find3M ====================
.
2012-08-02 12:05:45 47633 -c--a-w- C:\Windows\SysWow64\wuwuninst.exe
2012-07-27 13:24:37 70344 -c--a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 13:24:37 426184 -c--a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-11 14:10:03 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-07-11 14:10:03 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-07-11 14:10:03 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-11 14:10:03 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-11 14:10:03 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-07-11 13:47:53 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-07-11 13:47:53 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-07-11 13:47:53 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-07-11 13:47:53 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-07-11 13:47:53 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-07-11 13:47:53 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-07-11 13:47:53 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-07-11 13:47:53 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-07-11 13:47:53 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-07-11 13:47:53 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-07-11 13:47:12 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-07-11 13:47:12 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-26 18:43:19 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-26 11:24:08 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-26 11:24:08 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-26 11:24:05 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-22 19:35:22 92928 -c--a-w- C:\Windows\System32\drivers\pctplsg64.sys
2012-06-22 19:35:00 251560 -c--a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-06-22 19:33:52 14808 -c--a-w- C:\Windows\System32\drivers\pctBTFix64.sys
2012-06-22 19:29:54 145464 -c--a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2012-06-22 19:29:48 341200 -c--a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2012-06-22 15:39:20 85224 -c--a-w- C:\Windows\System32\drivers\PCTBD64.sys
2012-06-22 15:39:02 149464 -c--a-w- C:\Windows\SGDetectionTool.dll
2012-06-22 15:39:00 2267096 -c--a-w- C:\Windows\PCTBDCore.dll
2012-06-22 15:39:00 1689560 -c--a-w- C:\Windows\PCTBDRes.dll
2012-06-22 15:38:38 767960 -c--a-w- C:\Windows\BDTSupport.dll
2012-06-14 17:32:43 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-14 17:32:43 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-14 17:32:43 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-06 19:59:06 317136 -c--a-w- C:\Windows\System32\drivers\MDFSYSNT.SYS
2012-05-09 07:12:16 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-09 07:12:16 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-09 07:02:42 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-09 07:00:25 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 11:26:14.33 ===============

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:52 AM

Posted 06 August 2012 - 01:10 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:52 AM

Posted 08 August 2012 - 11:18 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 jpetrucelli

jpetrucelli
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 09 August 2012 - 09:38 AM

Hi Gringo,

Here's the log.

I also got a weird error message saying that windows couldn't start the spipli.dll module. When I googled that, nothing came up so I'm assuming that may have been the problem?

Thanks,

JP

ComboFix 12-08-08.03 - jpetrucelli 08/09/2012 10:25:11.1.4 - x64
Microsoft Windows 7 Enterprise N 6.1.7601.1.1252.1.1033.18.8103.5999 [GMT -4:00]
Running from: c:\users\jpetrucelli\Downloads\ComboFix.exe
AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\desktop.ini
c:\programdata\ntuser.dat
c:\programdata\SplashID.ico
c:\users\jpetrucelli\AppData\Roaming\spipli.dll
c:\users\jpetrucelli\Favorites\.url
c:\users\jpetrucelli\g2mdlhlpx.exe
c:\users\jpetrucelli\gotomypc_670.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-09 to 2012-08-09 )))))))))))))))))))))))))))))))
.
.
2012-08-09 14:29 . 2012-08-09 14:29 -------- dc----w- c:\users\Default\AppData\Local\temp
2012-08-09 14:29 . 2012-08-09 14:29 -------- dc----w- c:\users\John Petrucelli\AppData\Local\temp
2012-08-05 09:39 . 2012-08-05 09:39 -------- dc----w- c:\users\jpetrucelli\AppData\Roaming\TuneUp Software
2012-08-05 09:39 . 2012-08-05 09:39 -------- dc----w- c:\programdata\TuneUp Software
2012-08-05 09:39 . 2012-08-05 09:39 -------- dcsh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-08-04 20:28 . 2012-08-04 20:28 -------- dc----w- c:\program files\iPod
2012-08-04 20:28 . 2012-08-04 20:28 -------- dc----w- c:\program files\iTunes
2012-08-04 20:28 . 2012-08-04 20:28 -------- dc----w- c:\program files (x86)\iTunes
2012-08-02 13:44 . 2012-07-14 00:17 913888 -c--a-w- c:\program files (x86)\Mozilla Firefox\firefox.exe
2012-07-30 13:35 . 2012-07-30 13:35 -------- dc----w- c:\users\jpetrucelli\AppData\Roaming\Malwarebytes
2012-07-30 13:35 . 2012-07-30 13:35 -------- dc----w- c:\programdata\Malwarebytes
2012-07-27 14:59 . 2012-08-01 16:14 -------- dc----w- c:\programdata\Spybot - Search & Destroy
2012-07-27 14:59 . 2012-08-01 16:14 -------- dc----w- c:\program files (x86)\Spybot - Search & Destroy
2012-07-26 12:34 . 2012-06-22 18:21 706776 -cs---w- c:\windows\system32\drivers\TfSysMon.sys
2012-07-26 12:34 . 2012-06-22 18:21 65664 -cs---w- c:\windows\system32\drivers\TfFsMon.sys
2012-07-26 12:34 . 2012-06-22 18:21 41968 -cs---w- c:\windows\system32\drivers\TfNetMon.sys
2012-07-26 11:56 . 2012-07-26 12:34 -------- dc----w- c:\programdata\PC Tools
2012-07-26 11:56 . 2012-07-26 11:56 -------- dc----w- c:\users\jpetrucelli\AppData\Roaming\TestApp
2012-07-26 11:31 . 2012-06-05 20:27 32464 -c--a-w- c:\windows\system32\drivers\MDPMGRNT.SYS
2012-07-24 19:31 . 2012-07-24 19:31 -------- dc----w- c:\users\jpetrucelli\AppData\Roaming\Adobe Mini Bridge CS5.1
2012-07-24 13:23 . 2011-06-02 19:36 81920 -c--a-w- c:\windows\system32\Spool\prtprocs\x64\LMACKL4C.DLL
2012-07-21 19:53 . 2012-07-21 19:53 -------- dc----w- c:\users\jpetrucelli\AppData\Local\{C30C6AD4-D36D-11E1-8270-B8AC6F996F26}
2012-07-21 19:53 . 2012-07-21 19:53 -------- dc----w- c:\users\jpetrucelli\AppData\Local\{C30C37D6-D36D-11E1-8270-B8AC6F996F26}
2012-07-12 13:16 . 2012-07-12 19:06 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-07-12 13:16 . 2012-07-12 19:06 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-12 13:16 . 2012-07-12 19:06 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-12 13:16 . 2012-07-12 19:06 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-12 13:16 . 2012-07-12 19:06 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-12 13:16 . 2012-07-12 19:06 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-12 13:16 . 2012-07-12 19:06 340992 ----a-w- c:\windows\system32\schannel.dll
2012-07-12 13:16 . 2012-07-12 19:06 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-12 13:16 . 2012-07-12 19:06 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 14:10 . 2012-07-11 14:10 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 12:36 . 2012-07-11 14:10 2004480 ----a-w- c:\windows\system32\msxml6.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 12:05 . 2011-05-20 11:04 47633 -c--a-w- c:\windows\SysWow64\wuwuninst.exe
2012-07-27 13:24 . 2012-04-13 00:52 426184 -c--a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 13:24 . 2011-05-18 00:00 70344 -c--a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 13:48 . 2011-05-17 11:01 59701280 -c--a-w- c:\windows\system32\MRT.exe
2012-06-26 18:43 . 2012-06-26 11:23 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-26 18:43 . 2012-06-26 11:23 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-26 18:43 . 2012-06-26 11:23 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-26 11:24 . 2012-06-26 11:23 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-26 11:24 . 2012-06-26 11:23 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-26 11:24 . 2012-06-26 11:23 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-26 11:24 . 2012-06-26 11:23 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-26 11:24 . 2012-06-26 11:23 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-26 11:24 . 2012-06-26 11:23 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 14:43 . 2012-07-26 12:08 3488 -c--a-w- c:\windows\UDB.zip
2012-06-22 14:43 . 2012-07-26 12:08 131 -c--a-w- c:\windows\IDB.zip
2012-06-14 17:32 . 2012-06-14 11:19 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 17:32 . 2012-06-14 11:19 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 17:32 . 2012-06-14 11:19 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 17:30 . 2012-06-14 11:19 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 17:30 . 2012-06-14 11:19 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 17:30 . 2012-06-14 11:19 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 17:30 . 2012-06-14 11:19 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 17:30 . 2012-06-14 11:19 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 17:30 . 2012-06-14 11:19 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-14 17:30 . 2012-06-14 11:19 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-14 17:30 . 2012-06-14 11:19 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-14 17:30 . 2012-06-14 11:19 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 17:30 . 2012-06-14 11:19 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 17:30 . 2012-06-14 11:19 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-14 17:30 . 2012-06-14 11:19 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 17:30 . 2012-06-14 11:19 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-14 17:30 . 2012-06-14 11:19 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-06 19:59 . 2012-06-06 19:59 317136 -c--a-w- c:\windows\system32\drivers\MDFSYSNT.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-09-08 23:05 881808 -c--a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-09-08 23:05 881808 -c--a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-09-08 23:05 881808 -c--a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\jpetrucelli\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\jpetrucelli\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\jpetrucelli\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\jpetrucelli\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-09-08 1016464]
"ISTray"="c:\program files (x86)\PC Tools\PC Tools Security\pctsGui.exe" [2012-06-22 2673624]
.
c:\users\jpetrucelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\jpetrucelli\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-13 27595032]
IconRestorer.lnk - c:\program files (x86)\FSL\IconRestorer\IconRestorer.exe [2011-5-20 1702912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-5-23 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-771920872-735163587-1856544139-4676\Scripts\Logon\0\0]
"Script"=\\connectedu.net\SYSVOL\connectedu.net\scripts\logon.bat
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
R3 AppleDisplayFlt;Apple Display Driver;c:\windows\system32\DRIVERS\aaplmonf.sys [2011-02-04 10752]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 DbusAudio;DbusAudio;c:\windows\system32\drivers\DbusAudio.sys [2011-04-01 34040]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-04-09 47616]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-04-13 45432]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-17 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
R4 AppleHFS;AppleHFS; [x]
R4 AppleMNT;AppleMNT; [x]
R4 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [2011-01-10 14848]
R4 hddledd;hddledd;c:\program files (x86)\HddLed\hddledd.exe [2009-08-21 49152]
R4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
R4 M4-Service;M4-Service;c:\users\jpetrucelli\AppData\Roaming\Mikogo 4\M4-Service.exe [2011-08-04 1003888]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-22 113120]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592]
R4 WebUpdate4;Web Update Wizard Service V4;c:\windows\SysWOW64\WebUpdateSvc4.exe [2008-09-15 262360]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MacDrive Partition Driver;c:\windows\system32\DRIVERS\MDPMGRNT.SYS [2012-06-05 32464]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-04-23 426616]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2012-02-28 1096176]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-06-22 65664]
S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-06-22 706776]
S1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [2011-05-06 70344]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2012-06-22 341200]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-06-22 251560]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [2011-08-15 224640]
S2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [2011-04-14 110904]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-06-22 575448]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2011-01-10 120408]
S2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [2011-04-14 15928]
S2 MacDrive9Service;MacDrive 9 service;c:\program files\Mediafour\MacDrive 9\MacDrive9Service.exe [2012-05-21 178176]
S2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [2011-04-14 21048]
S2 monblanking;monblanking;c:\windows\system32\DRIVERS\monblanking.sys [2012-05-08 32576]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-06-22 402368]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-04 2655768]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-09-22 645048]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-14 9728]
S3 AppleBtBc;Apple Broadcom Built-in Bluetooth;c:\windows\system32\DRIVERS\AppleBtBc.sys [2011-06-28 19456]
S3 applemtm;Apple Multitouch Mouse;c:\windows\system32\DRIVERS\applemtm.sys [2011-02-04 12288]
S3 applemtp;Apple Multitouch;c:\windows\system32\DRIVERS\applemtp.sys [2011-02-04 38912]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [2011-04-14 85544]
S3 CirrusFilter;CS420xLowerFilter;c:\windows\system32\DRIVERS\CS420x64.sys [2011-02-04 18432]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-02-04 317440]
S3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\DRIVERS\IRFilter.sys [2011-02-04 18432]
S3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\DRIVERS\KeyMagic.sys [2011-06-03 32256]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2011-02-04 56344]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-06-22 85224]
S3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [2012-06-22 92928]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-06-22 41968]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PCTSDInjDriver64
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-771920872-735163587-1856544139-4676Core.job
- c:\users\jpetrucelli\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-27 12:37]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-771920872-735163587-1856544139-4676UA.job
- c:\users\jpetrucelli\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-27 12:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-09-08 22:58 1116816 -c--a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-09-08 22:58 1116816 -c--a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-09-08 22:58 1116816 -c--a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\jpetrucelli\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\jpetrucelli\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\jpetrucelli\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\jpetrucelli\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MacDriveVolumeIcon]
@="{6B21AF46-EE37-40D0-A707-C06C17D06CE9}"
[HKEY_CLASSES_ROOT\CLSID\{6B21AF46-EE37-40D0-A707-C06C17D06CE9}]
2012-05-21 14:34 231936 -c--a-w- c:\program files\Mediafour\MacDrive 9\MDVolumeIcons.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MacDriveVolumeIconReadOnly]
@="{E9BC4DCA-0A4E-4C65-9D40-621C9D0CDC5F}"
[HKEY_CLASSES_ROOT\CLSID\{E9BC4DCA-0A4E-4C65-9D40-621C9D0CDC5F}]
2012-05-21 14:34 231936 -c--a-w- c:\program files\Mediafour\MacDrive 9\MDVolumeIcons.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-04 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-04 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-04 417304]
"Apple_KbdMgr"="c:\program files\Boot Camp\Bootcamp.exe" [2011-08-15 741760]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"MacDrive 9 application"="c:\program files\Mediafour\MacDrive 9\MacDrive.exe" [2012-05-31 507904]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: connectedu.net\sharepoint
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 64.222.163.243 64.222.84.243
FF - ProfilePath - c:\users\jpetrucelli\AppData\Roaming\Mozilla\Firefox\Profiles\qlhmmlt4.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-spipli - c:\users\jpetrucelli\AppData\Roaming\spipli.dll
AddRemove-Software Update Wizard (Redistributable) - c:\windows\system32\wuwuninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:68,e3,af,b4,0f,6d,72,65,57,e8,be,66,bb,93,d4,5e,62,34,d3,4f,56,
f8,99,3d,60,e9,e4,41,0c,b2,2d,39,42,91,60,01,4d,af,80,2c,f3,a9,47,22,d7,26,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-09 10:31:43
ComboFix-quarantined-files.txt 2012-08-09 14:31
.
Pre-Run: 16,386,895,872 bytes free
Post-Run: 17,903,652,864 bytes free
.
- - End Of File - - 5178E3A24836B7F4CA354D4FAFCD6DF1

Attached Files

  • Attached File  log.txt   29.51KB   1 downloads

Edited by gringo_pr, 09 August 2012 - 09:49 AM.


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:52 AM

Posted 09 August 2012 - 09:50 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 jpetrucelli

jpetrucelli
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 09 August 2012 - 10:13 AM

Hi Gringo,

The aswmbr log is attached and here's the tdskiller log:

11:12:03.0213 2732 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
11:12:03.0450 2732 ============================================================
11:12:03.0450 2732 Current date / time: 2012/08/09 11:12:03.0450
11:12:03.0450 2732 SystemInfo:
11:12:03.0450 2732
11:12:03.0450 2732 OS Version: 6.1.7601 ServicePack: 1.0
11:12:03.0450 2732 Product type: Workstation
11:12:03.0450 2732 ComputerName: JOHNPETRUCELLI
11:12:03.0451 2732 UserName: jpetrucelli
11:12:03.0451 2732 Windows directory: C:\Windows
11:12:03.0451 2732 System windows directory: C:\Windows
11:12:03.0451 2732 Running under WOW64
11:12:03.0451 2732 Processor architecture: Intel x64
11:12:03.0451 2732 Number of processors: 4
11:12:03.0451 2732 Page size: 0x1000
11:12:03.0451 2732 Boot type: Normal boot
11:12:03.0451 2732 ============================================================
11:12:03.0654 2732 Drive \Device\Harddisk0\DR0 - Size: 0x3A70C70000 (233.76 Gb), SectorSize: 0x200, Cylinders: 0x7733, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:12:03.0665 2732 ============================================================
11:12:03.0665 2732 \Device\Harddisk0\DR0:
11:12:03.0665 2732 GPT partitions:
11:12:03.0666 2732 \Device\Harddisk0\DR0\Partition0: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {00006E66-547E-0000-4C1C-000094190000}, Name: EFI system partition, StartLBA 0x28, BlocksNum 0x64000
11:12:03.0666 2732 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {48465300-0000-11AA-AA11-00306543ECAC}, UniqueGUID: {00001AD0-0652-0000-DF26-0000EF490000}, Name: Customer, StartLBA 0x64028, BlocksNum 0xE9BB8B0
11:12:03.0666 2732 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {426F6F74-0000-11AA-AA11-00306543ECAC}, UniqueGUID: {01176A31-23E2-4094-9F2F-7B3C8258F6FF}, Name: Recovery HD, StartLBA 0xEA1F8D8, BlocksNum 0x135F28
11:12:03.0666 2732 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {69DDEE18-44F7-4C39-B72A-594C0B15968F}, Name: BOOTCAMP, StartLBA 0xEB55800, BlocksNum 0xE830800
11:12:03.0666 2732 MBR partitions:
11:12:03.0666 2732 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0xEB55800, BlocksNum 0xE830800
11:12:03.0666 2732 ============================================================
11:12:03.0670 2732 C: <-> \Device\Harddisk0\DR0\Partition4
11:12:03.0670 2732 ============================================================
11:12:03.0670 2732 Initialize success
11:12:03.0670 2732 ============================================================
11:12:06.0157 2652 ============================================================
11:12:06.0157 2652 Scan started
11:12:06.0157 2652 Mode: Manual;
11:12:06.0157 2652 ============================================================
11:12:07.0511 2652 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
11:12:07.0513 2652 1394ohci - ok
11:12:07.0532 2652 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:12:07.0534 2652 ACPI - ok
11:12:07.0539 2652 acpials (12c5274cd87449a2a37a607cdb321922) C:\Windows\system32\DRIVERS\acpials.sys
11:12:07.0539 2652 acpials - ok
11:12:07.0543 2652 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:12:07.0544 2652 AcpiPmi - ok
11:12:07.0555 2652 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:12:07.0557 2652 AdobeARMservice - ok
11:12:07.0581 2652 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
11:12:07.0584 2652 adp94xx - ok
11:12:07.0600 2652 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
11:12:07.0602 2652 adpahci - ok
11:12:07.0611 2652 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
11:12:07.0612 2652 adpu320 - ok
11:12:07.0618 2652 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:12:07.0619 2652 AeLookupSvc - ok
11:12:07.0647 2652 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:12:07.0650 2652 AFD - ok
11:12:07.0654 2652 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:12:07.0654 2652 agp440 - ok
11:12:07.0660 2652 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:12:07.0661 2652 ALG - ok
11:12:07.0664 2652 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:12:07.0664 2652 aliide - ok
11:12:07.0667 2652 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:12:07.0667 2652 amdide - ok
11:12:07.0672 2652 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
11:12:07.0672 2652 AmdK8 - ok
11:12:07.0676 2652 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
11:12:07.0677 2652 AmdPPM - ok
11:12:07.0683 2652 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:12:07.0683 2652 amdsata - ok
11:12:07.0694 2652 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
11:12:07.0695 2652 amdsbs - ok
11:12:07.0699 2652 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:12:07.0699 2652 amdxata - ok
11:12:07.0704 2652 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:12:07.0704 2652 AppID - ok
11:12:07.0708 2652 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:12:07.0708 2652 AppIDSvc - ok
11:12:07.0713 2652 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:12:07.0714 2652 Appinfo - ok
11:12:07.0724 2652 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:12:07.0725 2652 Apple Mobile Device - ok
11:12:07.0729 2652 AppleBtBc (0c84cf12d12ba8a65ed1a43cf83f88b5) C:\Windows\system32\DRIVERS\AppleBtBc.sys
11:12:07.0729 2652 AppleBtBc - ok
11:12:07.0732 2652 AppleDisplayFlt (a755645e92aaeaafb7382a19d2e0d48f) C:\Windows\system32\DRIVERS\aaplmonf.sys
11:12:07.0732 2652 AppleDisplayFlt - ok
11:12:07.0737 2652 AppleHFS (b3d07ac99e35aadd1eec5669cdc15cc6) C:\Windows\system32\drivers\AppleHFS.sys
11:12:07.0738 2652 AppleHFS - ok
11:12:07.0740 2652 AppleMNT (6882a29f98bad0c7e77d6773b072b462) C:\Windows\system32\drivers\AppleMNT.sys
11:12:07.0741 2652 AppleMNT - ok
11:12:07.0745 2652 applemtm (a0a045a7cc583e1b024aba3e9b38e2c0) C:\Windows\system32\DRIVERS\applemtm.sys
11:12:07.0745 2652 applemtm - ok
11:12:07.0749 2652 applemtp (cc8879aaa4de50f70d194f54b50ff5cf) C:\Windows\system32\DRIVERS\applemtp.sys
11:12:07.0750 2652 applemtp - ok
11:12:07.0759 2652 AppleOSSMgr (0039e9279a22baa91f4edea153bbdaff) C:\Windows\system32\AppleOSSMgr.exe
11:12:07.0760 2652 AppleOSSMgr - ok
11:12:07.0767 2652 AppleTimeSrv (60fa7e58b65e6123954d0d8633c7bf9b) C:\Windows\system32\AppleTimeSrv.exe
11:12:07.0768 2652 AppleTimeSrv - ok
11:12:07.0778 2652 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
11:12:07.0779 2652 AppMgmt - ok
11:12:07.0784 2652 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
11:12:07.0785 2652 arc - ok
11:12:07.0790 2652 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
11:12:07.0790 2652 arcsas - ok
11:12:07.0794 2652 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:12:07.0794 2652 AsyncMac - ok
11:12:07.0797 2652 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:12:07.0797 2652 atapi - ok
11:12:07.0825 2652 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:12:07.0828 2652 AudioEndpointBuilder - ok
11:12:07.0832 2652 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:12:07.0835 2652 AudioSrv - ok
11:12:07.0842 2652 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:12:07.0843 2652 AxInstSV - ok
11:12:07.0862 2652 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
11:12:07.0864 2652 b06bdrv - ok
11:12:07.0880 2652 b57nd60a (bfd70bea3f8398f6b8b44e5cded3249c) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:12:07.0882 2652 b57nd60a - ok
11:12:08.0081 2652 BCM43XX (64032ca1644a336bd98acfa5601e925e) C:\Windows\system32\DRIVERS\bcmwl664.sys
11:12:08.0099 2652 BCM43XX - ok
11:12:08.0142 2652 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:12:08.0144 2652 BDESVC - ok
11:12:08.0153 2652 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:12:08.0154 2652 Beep - ok
11:12:08.0199 2652 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:12:08.0203 2652 BFE - ok
11:12:08.0248 2652 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
11:12:08.0253 2652 BITS - ok
11:12:08.0262 2652 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:12:08.0263 2652 blbdrive - ok
11:12:08.0289 2652 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
11:12:08.0292 2652 Bonjour Service - ok
11:12:08.0300 2652 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:12:08.0300 2652 bowser - ok
11:12:08.0304 2652 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
11:12:08.0304 2652 BrFiltLo - ok
11:12:08.0307 2652 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
11:12:08.0307 2652 BrFiltUp - ok
11:12:08.0313 2652 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
11:12:08.0314 2652 BridgeMP - ok
11:12:08.0323 2652 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:12:08.0324 2652 Browser - ok
11:12:08.0359 2652 Browser Defender Update Service (7effccd7b6ea4d3428f5b3ace8de8f5a) C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
11:12:08.0361 2652 Browser Defender Update Service - ok
11:12:08.0372 2652 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:12:08.0373 2652 Brserid - ok
11:12:08.0377 2652 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:12:08.0377 2652 BrSerWdm - ok
11:12:08.0380 2652 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:12:08.0380 2652 BrUsbMdm - ok
11:12:08.0384 2652 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:12:08.0385 2652 BrUsbSer - ok
11:12:08.0391 2652 bScsiSDa (d751deea9b2206532aade60aa94c475a) C:\Windows\system32\DRIVERS\bScsiSDa.sys
11:12:08.0391 2652 bScsiSDa - ok
11:12:08.0396 2652 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
11:12:08.0396 2652 BthEnum - ok
11:12:08.0401 2652 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
11:12:08.0401 2652 BTHMODEM - ok
11:12:08.0408 2652 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
11:12:08.0408 2652 BthPan - ok
11:12:08.0433 2652 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
11:12:08.0435 2652 BTHPORT - ok
11:12:08.0440 2652 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:12:08.0441 2652 bthserv - ok
11:12:08.0446 2652 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
11:12:08.0447 2652 BTHUSB - ok
11:12:08.0677 2652 CarboniteService (7d87a1901cad3d6979c37a1ca175ae1e) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
11:12:08.0697 2652 CarboniteService - ok
11:12:08.0700 2652 catchme - ok
11:12:08.0746 2652 CBDisk (b99d91e4cd9017f213645aa2e80eb425) C:\Windows\system32\drivers\CBDisk.sys
11:12:08.0747 2652 CBDisk - ok
11:12:08.0753 2652 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:12:08.0754 2652 cdfs - ok
11:12:08.0762 2652 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:12:08.0763 2652 cdrom - ok
11:12:08.0772 2652 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:12:08.0772 2652 CertPropSvc - ok
11:12:08.0777 2652 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
11:12:08.0778 2652 circlass - ok
11:12:08.0781 2652 CirrusFilter (11da0ccbce49e7a4c6a4f9f2b4e858f8) C:\Windows\system32\DRIVERS\CS420x64.sys
11:12:08.0782 2652 CirrusFilter - ok
11:12:08.0802 2652 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:12:08.0804 2652 CLFS - ok
11:12:08.0813 2652 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:12:08.0814 2652 clr_optimization_v2.0.50727_32 - ok
11:12:08.0822 2652 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:12:08.0823 2652 clr_optimization_v2.0.50727_64 - ok
11:12:08.0833 2652 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:12:08.0834 2652 clr_optimization_v4.0.30319_32 - ok
11:12:08.0844 2652 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:12:08.0845 2652 clr_optimization_v4.0.30319_64 - ok
11:12:08.0849 2652 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:12:08.0849 2652 CmBatt - ok
11:12:08.0852 2652 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:12:08.0852 2652 cmdide - ok
11:12:08.0876 2652 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
11:12:08.0878 2652 CNG - ok
11:12:08.0882 2652 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:12:08.0882 2652 Compbatt - ok
11:12:08.0886 2652 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
11:12:08.0887 2652 CompositeBus - ok
11:12:08.0889 2652 COMSysApp - ok
11:12:08.0897 2652 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
11:12:08.0898 2652 cpudrv64 - ok
11:12:08.0901 2652 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
11:12:08.0901 2652 crcdisk - ok
11:12:08.0912 2652 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
11:12:08.0914 2652 CryptSvc - ok
11:12:08.0939 2652 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
11:12:08.0941 2652 CSC - ok
11:12:08.0975 2652 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
11:12:08.0977 2652 CscService - ok
11:12:08.0981 2652 DbusAudio (428b272a8ffb959e770a2cf762f25fe0) C:\Windows\system32\drivers\DbusAudio.sys
11:12:08.0982 2652 DbusAudio - ok
11:12:08.0987 2652 dc3d (15c2afd86d8a58354fc100434c78b621) C:\Windows\system32\DRIVERS\dc3d.sys
11:12:08.0987 2652 dc3d - ok
11:12:09.0016 2652 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:12:09.0018 2652 DcomLaunch - ok
11:12:09.0035 2652 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:12:09.0036 2652 defragsvc - ok
11:12:09.0045 2652 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:12:09.0046 2652 DfsC - ok
11:12:09.0063 2652 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:12:09.0064 2652 Dhcp - ok
11:12:09.0068 2652 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:12:09.0068 2652 discache - ok
11:12:09.0075 2652 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
11:12:09.0075 2652 Disk - ok
11:12:09.0081 2652 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
11:12:09.0082 2652 dmvsc - ok
11:12:09.0094 2652 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:12:09.0095 2652 Dnscache - ok
11:12:09.0103 2652 Dokan (fa122bc1451b1b35b7814fbe1acf1924) C:\Windows\system32\drivers\dokan.sys
11:12:09.0104 2652 Dokan - ok
11:12:09.0113 2652 DokanMounter (8c856e531a1170f53ac6844e89cd0b5f) C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
11:12:09.0113 2652 DokanMounter - ok
11:12:09.0126 2652 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:12:09.0127 2652 dot3svc - ok
11:12:09.0136 2652 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:12:09.0137 2652 DPS - ok
11:12:09.0140 2652 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:12:09.0141 2652 drmkaud - ok
11:12:09.0187 2652 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:12:09.0191 2652 DXGKrnl - ok
11:12:09.0198 2652 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:12:09.0199 2652 EapHost - ok
11:12:09.0275 2652 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
11:12:09.0287 2652 ebdrv - ok
11:12:09.0291 2652 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:12:09.0291 2652 EFS - ok
11:12:09.0325 2652 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:12:09.0328 2652 ehRecvr - ok
11:12:09.0335 2652 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:12:09.0336 2652 ehSched - ok
11:12:09.0364 2652 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
11:12:09.0367 2652 elxstor - ok
11:12:09.0370 2652 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:12:09.0370 2652 ErrDev - ok
11:12:09.0394 2652 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:12:09.0397 2652 EventSystem - ok
11:12:09.0407 2652 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:12:09.0408 2652 exfat - ok
11:12:09.0420 2652 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:12:09.0421 2652 fastfat - ok
11:12:09.0459 2652 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:12:09.0462 2652 Fax - ok
11:12:09.0465 2652 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
11:12:09.0466 2652 fdc - ok
11:12:09.0469 2652 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:12:09.0470 2652 fdPHost - ok
11:12:09.0473 2652 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:12:09.0474 2652 FDResPub - ok
11:12:09.0480 2652 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:12:09.0481 2652 FileInfo - ok
11:12:09.0484 2652 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:12:09.0485 2652 Filetrace - ok
11:12:09.0488 2652 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
11:12:09.0488 2652 flpydisk - ok
11:12:09.0503 2652 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:12:09.0504 2652 FltMgr - ok
11:12:09.0565 2652 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:12:09.0570 2652 FontCache - ok
11:12:09.0576 2652 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:12:09.0576 2652 FontCache3.0.0.0 - ok
11:12:09.0585 2652 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:12:09.0586 2652 FsDepends - ok
11:12:09.0591 2652 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
11:12:09.0592 2652 fssfltr - ok
11:12:09.0656 2652 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
11:12:09.0662 2652 fsssvc - ok
11:12:09.0666 2652 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
11:12:09.0666 2652 Fs_Rec - ok
11:12:09.0679 2652 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:12:09.0680 2652 fvevol - ok
11:12:09.0685 2652 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
11:12:09.0685 2652 gagp30kx - ok
11:12:09.0688 2652 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:12:09.0689 2652 GEARAspiWDM - ok
11:12:09.0739 2652 GoToMyPC (b4bac2b0bc0599d743b7b628e126a5e4) C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
11:12:09.0744 2652 GoToMyPC - ok
11:12:09.0785 2652 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:12:09.0789 2652 gpsvc - ok
11:12:09.0796 2652 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:12:09.0797 2652 hcw85cir - ok
11:12:09.0815 2652 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:12:09.0817 2652 HdAudAddService - ok
11:12:09.0825 2652 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:12:09.0826 2652 HDAudBus - ok
11:12:09.0835 2652 hddledd (bab9932f1750738aae62afd154e5b792) C:\Program Files (x86)\HddLed\hddledd.exe
11:12:09.0835 2652 hddledd - ok
11:12:09.0839 2652 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
11:12:09.0839 2652 HidBatt - ok
11:12:09.0844 2652 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
11:12:09.0845 2652 HidBth - ok
11:12:09.0848 2652 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
11:12:09.0849 2652 HidIr - ok
11:12:09.0852 2652 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
11:12:09.0853 2652 hidserv - ok
11:12:09.0857 2652 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:12:09.0857 2652 HidUsb - ok
11:12:09.0863 2652 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:12:09.0864 2652 hkmsvc - ok
11:12:09.0878 2652 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:12:09.0879 2652 HomeGroupListener - ok
11:12:09.0889 2652 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:12:09.0891 2652 HomeGroupProvider - ok
11:12:09.0896 2652 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:12:09.0897 2652 HpSAMD - ok
11:12:09.0931 2652 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:12:09.0934 2652 HTTP - ok
11:12:09.0937 2652 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:12:09.0937 2652 hwpolicy - ok
11:12:09.0943 2652 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:12:09.0944 2652 i8042prt - ok
11:12:09.0967 2652 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:12:09.0968 2652 iaStorV - ok
11:12:10.0017 2652 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:12:10.0021 2652 idsvc - ok
11:12:10.0364 2652 igfx (5a3d48de22390a270fe8786eca07d7ff) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:12:10.0409 2652 igfx - ok
11:12:10.0454 2652 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
11:12:10.0455 2652 iirsp - ok
11:12:10.0513 2652 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:12:10.0523 2652 IKEEXT - ok
11:12:10.0549 2652 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
11:12:10.0551 2652 IntcDAud - ok
11:12:10.0554 2652 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:12:10.0555 2652 intelide - ok
11:12:10.0560 2652 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:12:10.0560 2652 intelppm - ok
11:12:10.0571 2652 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
11:12:10.0571 2652 IntuitUpdateServiceV4 - ok
11:12:10.0578 2652 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:12:10.0579 2652 IPBusEnum - ok
11:12:10.0585 2652 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:12:10.0585 2652 IpFilterDriver - ok
11:12:10.0617 2652 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:12:10.0621 2652 iphlpsvc - ok
11:12:10.0626 2652 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:12:10.0627 2652 IPMIDRV - ok
11:12:10.0634 2652 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:12:10.0635 2652 IPNAT - ok
11:12:10.0677 2652 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
11:12:10.0681 2652 iPod Service - ok
11:12:10.0685 2652 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:12:10.0686 2652 IRENUM - ok
11:12:10.0690 2652 IRRemoteFlt (a2ea52f7140d9439ef0eca7a9e2940c9) C:\Windows\system32\DRIVERS\IRFilter.sys
11:12:10.0690 2652 IRRemoteFlt - ok
11:12:10.0693 2652 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:12:10.0694 2652 isapnp - ok
11:12:10.0708 2652 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:12:10.0710 2652 iScsiPrt - ok
11:12:10.0714 2652 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:12:10.0715 2652 kbdclass - ok
11:12:10.0719 2652 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
11:12:10.0719 2652 kbdhid - ok
11:12:10.0724 2652 KeyAgent (650b63a8fddba3fa029ca08e27a280fb) C:\Windows\system32\drivers\KeyAgent.sys
11:12:10.0724 2652 KeyAgent - ok
11:12:10.0727 2652 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:12:10.0728 2652 KeyIso - ok
11:12:10.0731 2652 KeyMagic (c307a605c49d21592b6c9bb41fbe893b) C:\Windows\system32\DRIVERS\KeyMagic.sys
11:12:10.0732 2652 KeyMagic - ok
11:12:10.0738 2652 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
11:12:10.0739 2652 KSecDD - ok
11:12:10.0747 2652 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
11:12:10.0748 2652 KSecPkg - ok
11:12:10.0751 2652 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:12:10.0752 2652 ksthunk - ok
11:12:10.0774 2652 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:12:10.0776 2652 KtmRm - ok
11:12:10.0789 2652 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
11:12:10.0791 2652 LanmanServer - ok
11:12:10.0798 2652 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:12:10.0799 2652 LanmanWorkstation - ok
11:12:10.0813 2652 LBTServ (88e52495b47c67126b510af53fdb0bc7) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
11:12:10.0814 2652 LBTServ - ok
11:12:10.0819 2652 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
11:12:10.0820 2652 LHidFilt - ok
11:12:10.0824 2652 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:12:10.0825 2652 lltdio - ok
11:12:10.0840 2652 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:12:10.0842 2652 lltdsvc - ok
11:12:10.0845 2652 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:12:10.0846 2652 lmhosts - ok
11:12:10.0849 2652 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
11:12:10.0850 2652 LMouFilt - ok
11:12:10.0870 2652 LMS (926eba26a8b49d1597751ced06b50862) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
11:12:10.0872 2652 LMS - ok
11:12:10.0880 2652 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
11:12:10.0881 2652 LSI_FC - ok
11:12:10.0887 2652 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
11:12:10.0888 2652 LSI_SAS - ok
11:12:10.0893 2652 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
11:12:10.0894 2652 LSI_SAS2 - ok
11:12:10.0901 2652 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
11:12:10.0902 2652 LSI_SCSI - ok
11:12:10.0909 2652 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:12:10.0909 2652 luafv - ok
11:12:10.0914 2652 LUsbFilt (9d9714e78eac9e5368208649489c920e) C:\Windows\system32\Drivers\LUsbFilt.Sys
11:12:10.0914 2652 LUsbFilt - ok
11:12:10.0970 2652 M4-Service (9bc888cb301d553888c69d5f1dd69a0e) C:\Users\jpetrucelli\AppData\Roaming\Mikogo 4\M4-Service.exe
11:12:10.0974 2652 M4-Service - ok
11:12:10.0990 2652 MacDrive9Service (7463e5556d5e553903ee43ce4b793b31) C:\Program Files\Mediafour\MacDrive 9\MacDrive9Service.exe
11:12:10.0991 2652 MacDrive9Service - ok
11:12:11.0035 2652 MacHALDriver (d2dfb26a9adb5ecbc3b6da8c58338a64) C:\Windows\system32\drivers\MacHALDriver.sys
11:12:11.0035 2652 MacHALDriver - ok
11:12:11.0043 2652 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:12:11.0044 2652 Mcx2Svc - ok
11:12:11.0062 2652 MDFSYSNT (fc991e2e4ad9a44c4455f968a5dee13c) C:\Windows\system32\drivers\MDFSYSNT.sys
11:12:11.0063 2652 MDFSYSNT - ok
11:12:11.0067 2652 MDPMGRNT (751d52b34ef8658527956d2c4b7db4f4) C:\Windows\system32\DRIVERS\MDPMGRNT.SYS
11:12:11.0068 2652 MDPMGRNT - ok
11:12:11.0071 2652 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
11:12:11.0072 2652 megasas - ok
11:12:11.0086 2652 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
11:12:11.0087 2652 MegaSR - ok
11:12:11.0091 2652 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys
11:12:11.0091 2652 MEIx64 - ok
11:12:11.0103 2652 Microsoft SharePoint Workspace Audit Service - ok
11:12:11.0110 2652 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:12:11.0111 2652 MMCSS - ok
11:12:11.0114 2652 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:12:11.0115 2652 Modem - ok
11:12:11.0119 2652 monblanking (d70d2b27eb40ef1cc7ff1bedaa3db9e9) C:\Windows\system32\DRIVERS\monblanking.sys
11:12:11.0119 2652 monblanking - ok
11:12:11.0122 2652 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:12:11.0123 2652 monitor - ok
11:12:11.0128 2652 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:12:11.0128 2652 mouclass - ok
11:12:11.0132 2652 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:12:11.0132 2652 mouhid - ok
11:12:11.0139 2652 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:12:11.0140 2652 mountmgr - ok
11:12:11.0150 2652 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:12:11.0151 2652 MozillaMaintenance - ok
11:12:11.0159 2652 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:12:11.0160 2652 mpio - ok
11:12:11.0165 2652 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:12:11.0166 2652 mpsdrv - ok
11:12:11.0205 2652 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:12:11.0209 2652 MpsSvc - ok
11:12:11.0218 2652 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:12:11.0218 2652 MRxDAV - ok
11:12:11.0229 2652 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:12:11.0229 2652 mrxsmb - ok
11:12:11.0246 2652 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:12:11.0248 2652 mrxsmb10 - ok
11:12:11.0256 2652 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:12:11.0257 2652 mrxsmb20 - ok
11:12:11.0260 2652 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:12:11.0261 2652 msahci - ok
11:12:11.0268 2652 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:12:11.0269 2652 msdsm - ok
11:12:11.0277 2652 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:12:11.0278 2652 MSDTC - ok
11:12:11.0284 2652 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:12:11.0284 2652 Msfs - ok
11:12:11.0287 2652 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:12:11.0287 2652 mshidkmdf - ok
11:12:11.0291 2652 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:12:11.0291 2652 msisadrv - ok
11:12:11.0300 2652 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:12:11.0302 2652 MSiSCSI - ok
11:12:11.0304 2652 msiserver - ok
11:12:11.0308 2652 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:12:11.0309 2652 MSKSSRV - ok
11:12:11.0311 2652 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:12:11.0312 2652 MSPCLOCK - ok
11:12:11.0315 2652 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:12:11.0315 2652 MSPQM - ok
11:12:11.0332 2652 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:12:11.0334 2652 MsRPC - ok
11:12:11.0338 2652 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
11:12:11.0339 2652 mssmbios - ok
11:12:11.0342 2652 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:12:11.0343 2652 MSTEE - ok
11:12:11.0345 2652 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
11:12:11.0346 2652 MTConfig - ok
11:12:11.0350 2652 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:12:11.0351 2652 Mup - ok
11:12:11.0373 2652 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:12:11.0376 2652 napagent - ok
11:12:11.0393 2652 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:12:11.0395 2652 NativeWifiP - ok
11:12:11.0436 2652 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:12:11.0440 2652 NDIS - ok
11:12:11.0444 2652 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:12:11.0445 2652 NdisCap - ok
11:12:11.0448 2652 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:12:11.0448 2652 NdisTapi - ok
11:12:11.0453 2652 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:12:11.0453 2652 Ndisuio - ok
11:12:11.0463 2652 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:12:11.0464 2652 NdisWan - ok
11:12:11.0468 2652 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:12:11.0469 2652 NDProxy - ok
11:12:11.0472 2652 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
11:12:11.0473 2652 Netaapl - ok
11:12:11.0477 2652 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:12:11.0478 2652 NetBIOS - ok
11:12:11.0493 2652 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:12:11.0494 2652 NetBT - ok
11:12:11.0498 2652 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:12:11.0499 2652 Netlogon - ok
11:12:11.0519 2652 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:12:11.0521 2652 Netman - ok
11:12:11.0547 2652 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:12:11.0549 2652 netprofm - ok
11:12:11.0561 2652 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:12:11.0562 2652 NetTcpPortSharing - ok
11:12:11.0570 2652 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
11:12:11.0571 2652 nfrd960 - ok
11:12:11.0589 2652 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:12:11.0590 2652 NlaSvc - ok
11:12:11.0594 2652 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:12:11.0595 2652 Npfs - ok
11:12:11.0598 2652 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:12:11.0599 2652 nsi - ok
11:12:11.0602 2652 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:12:11.0602 2652 nsiproxy - ok
11:12:11.0689 2652 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:12:11.0696 2652 Ntfs - ok
11:12:11.0742 2652 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys
11:12:11.0742 2652 NuidFltr - ok
11:12:11.0745 2652 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:12:11.0745 2652 Null - ok
11:12:11.0753 2652 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:12:11.0754 2652 nvraid - ok
11:12:11.0762 2652 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:12:11.0763 2652 nvstor - ok
11:12:11.0769 2652 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:12:11.0770 2652 nv_agp - ok
11:12:11.0798 2652 odserv (e54aa592a65f317390eee386a8821692) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:12:11.0800 2652 odserv - ok
11:12:11.0805 2652 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:12:11.0806 2652 ohci1394 - ok
11:12:11.0814 2652 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:12:11.0815 2652 ose - ok
11:12:11.0833 2652 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:12:11.0834 2652 ose64 - ok
11:12:12.0070 2652 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:12:12.0088 2652 osppsvc - ok
11:12:12.0145 2652 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:12:12.0151 2652 p2pimsvc - ok
11:12:12.0182 2652 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:12:12.0189 2652 p2psvc - ok
11:12:12.0207 2652 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
11:12:12.0209 2652 Parport - ok
11:12:12.0218 2652 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
11:12:12.0219 2652 partmgr - ok
11:12:12.0231 2652 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:12:12.0233 2652 PcaSvc - ok
11:12:12.0246 2652 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:12:12.0247 2652 pci - ok
11:12:12.0251 2652 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:12:12.0252 2652 pciide - ok
11:12:12.0264 2652 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
11:12:12.0266 2652 pcmcia - ok
11:12:12.0275 2652 PCTBD (a87932ff09593ba8d197667a13e2a628) C:\Windows\system32\Drivers\PCTBD64.sys
11:12:12.0276 2652 PCTBD - ok
11:12:12.0297 2652 PCTCore (876fd95b7a3b7fe6179fbd16e7a6486c) C:\Windows\system32\drivers\PCTCore64.sys
11:12:12.0299 2652 PCTCore - ok
11:12:12.0322 2652 pctDS (ba1f42a42f405f62ceff6b69a2797f7c) C:\Windows\system32\drivers\pctDS64.sys
11:12:12.0324 2652 pctDS - ok
11:12:12.0370 2652 pctEFA (146cc91c93ced13e7fe40e8d8615be39) C:\Windows\system32\drivers\pctEFA64.sys
11:12:12.0375 2652 pctEFA - ok
11:12:12.0393 2652 pctgntdi (2734c67950c2eccf46d2709db6cffc20) C:\Windows\System32\drivers\pctgntdi64.sys
11:12:12.0395 2652 pctgntdi - ok
11:12:12.0402 2652 pctplsg (8131a2c7b6d39a995dc73e20c31bc177) C:\Windows\System32\drivers\pctplsg64.sys
11:12:12.0403 2652 pctplsg - ok
11:12:12.0414 2652 PCTSD (c4775e7f54f3cc6307b73462b1b802c6) C:\Windows\system32\Drivers\PCTSD64.sys
11:12:12.0416 2652 PCTSD - ok
11:12:12.0420 2652 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:12:12.0420 2652 pcw - ok
11:12:12.0455 2652 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:12:12.0458 2652 PEAUTH - ok
11:12:12.0531 2652 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
11:12:12.0536 2652 PeerDistSvc - ok
11:12:12.0567 2652 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:12:12.0568 2652 PerfHost - ok
11:12:12.0677 2652 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:12:12.0683 2652 pla - ok
11:12:12.0743 2652 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:12:12.0746 2652 PlugPlay - ok
11:12:12.0749 2652 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:12:12.0750 2652 PNRPAutoReg - ok
11:12:12.0774 2652 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:12:12.0776 2652 PNRPsvc - ok
11:12:12.0785 2652 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
11:12:12.0786 2652 Point64 - ok
11:12:12.0810 2652 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:12:12.0814 2652 PolicyAgent - ok
11:12:12.0825 2652 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:12:12.0827 2652 Power - ok
11:12:12.0834 2652 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:12:12.0835 2652 PptpMiniport - ok
11:12:12.0841 2652 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
11:12:12.0842 2652 Processor - ok
11:12:12.0854 2652 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
11:12:12.0856 2652 ProfSvc - ok
11:12:12.0860 2652 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:12:12.0861 2652 ProtectedStorage - ok
11:12:12.0870 2652 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:12:12.0870 2652 Psched - ok
11:12:12.0936 2652 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
11:12:12.0942 2652 ql2300 - ok
11:12:12.0950 2652 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
11:12:12.0950 2652 ql40xx - ok
11:12:12.0964 2652 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:12:12.0966 2652 QWAVE - ok
11:12:12.0971 2652 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:12:12.0971 2652 QWAVEdrv - ok
11:12:12.0974 2652 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:12:12.0974 2652 RasAcd - ok
11:12:12.0980 2652 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:12:12.0980 2652 RasAgileVpn - ok
11:12:12.0987 2652 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:12:12.0988 2652 RasAuto - ok
11:12:12.0997 2652 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:12:12.0998 2652 Rasl2tp - ok
11:12:13.0018 2652 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:12:13.0020 2652 RasMan - ok
11:12:13.0026 2652 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:12:13.0026 2652 RasPppoe - ok
11:12:13.0033 2652 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:12:13.0033 2652 RasSstp - ok
11:12:13.0050 2652 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:12:13.0051 2652 rdbss - ok
11:12:13.0055 2652 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:12:13.0055 2652 rdpbus - ok
11:12:13.0058 2652 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:12:13.0058 2652 RDPCDD - ok
11:12:13.0070 2652 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
11:12:13.0071 2652 RDPDR - ok
11:12:13.0074 2652 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:12:13.0074 2652 RDPENCDD - ok
11:12:13.0078 2652 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:12:13.0079 2652 RDPREFMP - ok
11:12:13.0084 2652 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
11:12:13.0084 2652 RdpVideoMiniport - ok
11:12:13.0096 2652 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
11:12:13.0097 2652 RDPWD - ok
11:12:13.0109 2652 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:12:13.0110 2652 rdyboost - ok
11:12:13.0116 2652 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:12:13.0117 2652 RemoteAccess - ok
11:12:13.0126 2652 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:12:13.0128 2652 RemoteRegistry - ok
11:12:13.0138 2652 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
11:12:13.0139 2652 RFCOMM - ok
11:12:13.0144 2652 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:12:13.0145 2652 RpcEptMapper - ok
11:12:13.0149 2652 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:12:13.0149 2652 RpcLocator - ok
11:12:13.0172 2652 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:12:13.0175 2652 RpcSs - ok
11:12:13.0181 2652 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:12:13.0181 2652 rspndr - ok
11:12:13.0185 2652 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
11:12:13.0185 2652 s3cap - ok
11:12:13.0189 2652 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:12:13.0190 2652 SamSs - ok
11:12:13.0196 2652 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\DRIVERS\sbp2port.sys
11:12:13.0197 2652 sbp2port - ok
11:12:13.0208 2652 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:12:13.0209 2652 SCardSvr - ok
11:12:13.0213 2652 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:12:13.0213 2652 scfilter - ok
11:12:13.0269 2652 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:12:13.0274 2652 Schedule - ok
11:12:13.0279 2652 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:12:13.0280 2652 SCPolicySvc - ok
11:12:13.0304 2652 sdAuxService (cfeb26a26452d5337c2f3aadd8218fc3) C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
11:12:13.0306 2652 sdAuxService - ok
11:12:13.0318 2652 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
11:12:13.0318 2652 sdbus - ok
11:12:13.0368 2652 sdCoreService (b906c04f469060f2dd7fcb84706b4493) C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
11:12:13.0373 2652 sdCoreService - ok
11:12:13.0384 2652 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:12:13.0385 2652 SDRSVC - ok
11:12:13.0389 2652 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:12:13.0389 2652 secdrv - ok
11:12:13.0393 2652 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:12:13.0394 2652 seclogon - ok
11:12:13.0399 2652 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
11:12:13.0400 2652 SENS - ok
11:12:13.0404 2652 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:12:13.0406 2652 SensrSvc - ok
11:12:13.0409 2652 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
11:12:13.0409 2652 Serenum - ok
11:12:13.0415 2652 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
11:12:13.0415 2652 Serial - ok
11:12:13.0419 2652 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
11:12:13.0420 2652 sermouse - ok
11:12:13.0432 2652 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:12:13.0433 2652 SessionEnv - ok
11:12:13.0436 2652 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:12:13.0436 2652 sffdisk - ok
11:12:13.0440 2652 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:12:13.0440 2652 sffp_mmc - ok
11:12:13.0443 2652 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:12:13.0444 2652 sffp_sd - ok
11:12:13.0447 2652 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
11:12:13.0447 2652 sfloppy - ok
11:12:13.0468 2652 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:12:13.0470 2652 SharedAccess - ok
11:12:13.0493 2652 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:12:13.0495 2652 ShellHWDetection - ok
11:12:13.0504 2652 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
11:12:13.0505 2652 SiSRaid2 - ok
11:12:13.0510 2652 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
11:12:13.0511 2652 SiSRaid4 - ok
11:12:13.0639 2652 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
11:12:13.0650 2652 Skype C2C Service - ok
11:12:13.0665 2652 SkypeUpdate (f07af60b152221472fbdb2fecec4896d) C:\Program Files (x86)\Skype\Updater\Updater.exe
11:12:13.0666 2652 SkypeUpdate - ok
11:12:13.0714 2652 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:12:13.0715 2652 Smb - ok
11:12:13.0720 2652 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:12:13.0721 2652 SNMPTRAP - ok
11:12:13.0724 2652 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:12:13.0725 2652 spldr - ok
11:12:13.0755 2652 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:12:13.0758 2652 Spooler - ok
11:12:13.0951 2652 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:12:13.0967 2652 sppsvc - ok
11:12:14.0006 2652 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:12:14.0007 2652 sppuinotify - ok
11:12:14.0036 2652 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:12:14.0038 2652 srv - ok
11:12:14.0059 2652 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:12:14.0061 2652 srv2 - ok
11:12:14.0071 2652 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:12:14.0072 2652 srvnet - ok
11:12:14.0084 2652 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:12:14.0086 2652 SSDPSRV - ok
11:12:14.0092 2652 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:12:14.0093 2652 SstpSvc - ok
11:12:14.0097 2652 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
11:12:14.0097 2652 stexstor - ok
11:12:14.0130 2652 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:12:14.0133 2652 stisvc - ok
11:12:14.0137 2652 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
11:12:14.0138 2652 storflt - ok
11:12:14.0141 2652 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
11:12:14.0142 2652 StorSvc - ok
11:12:14.0146 2652 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
11:12:14.0146 2652 storvsc - ok
11:12:14.0173 2652 Stuffit Archive Name Service (453e04e2061f22413d508ebaaffb1904) C:\Program Files (x86)\Smith Micro\StuffIt 2009\ArcNameService.exe
11:12:14.0175 2652 Stuffit Archive Name Service - ok
11:12:14.0179 2652 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
11:12:14.0179 2652 swenum - ok
11:12:14.0204 2652 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
11:12:14.0206 2652 SwitchBoard - ok
11:12:14.0235 2652 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:12:14.0238 2652 swprv - ok
11:12:14.0243 2652 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
11:12:14.0244 2652 Synth3dVsc - ok
11:12:14.0344 2652 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:12:14.0357 2652 SysMain - ok
11:12:14.0399 2652 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:12:14.0400 2652 TabletInputService - ok
11:12:14.0417 2652 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:12:14.0421 2652 TapiSrv - ok
11:12:14.0431 2652 tbhsd (93f0f5ef8a4ca261372df98b31b2bd05) C:\Windows\system32\drivers\tbhsd.sys
11:12:14.0431 2652 tbhsd - ok
11:12:14.0437 2652 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:12:14.0438 2652 TBS - ok
11:12:14.0544 2652 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
11:12:14.0556 2652 Tcpip - ok
11:12:14.0710 2652 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
11:12:14.0722 2652 TCPIP6 - ok
11:12:14.0772 2652 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:12:14.0772 2652 tcpipreg - ok
11:12:14.0777 2652 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:12:14.0778 2652 TDPIPE - ok
11:12:14.0782 2652 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:12:14.0782 2652 TDTCP - ok
11:12:14.0791 2652 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:12:14.0792 2652 tdx - ok
11:12:14.0796 2652 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
11:12:14.0797 2652 TermDD - ok
11:12:14.0801 2652 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
11:12:14.0801 2652 terminpt - ok
11:12:14.0835 2652 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:12:14.0839 2652 TermService - ok
11:12:14.0846 2652 TfFsMon (9cd5c339754e2310790ca27dbbd31f88) C:\Windows\system32\drivers\TfFsMon.sys
11:12:14.0846 2652 TfFsMon - ok
11:12:14.0852 2652 TfNetMon (00809507fafa1be93dbbace5029f27bb) C:\Windows\system32\drivers\TfNetMon.sys
11:12:14.0852 2652 TfNetMon - ok
11:12:14.0884 2652 TFSysMon (3593a7b1264fba24fe9e097a99b3e848) C:\Windows\system32\drivers\TfSysMon.sys
11:12:14.0887 2652 TFSysMon - ok
11:12:14.0891 2652 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:12:14.0892 2652 Themes - ok
11:12:14.0897 2652 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:12:14.0898 2652 THREADORDER - ok
11:12:14.0909 2652 ThreatFire - ok
11:12:14.0916 2652 TomTomHOMEService (3199a477f0f06eede41bd55179f8eb05) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
11:12:14.0917 2652 TomTomHOMEService - ok
11:12:14.0926 2652 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:12:14.0927 2652 TrkWks - ok
11:12:14.0939 2652 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:12:14.0940 2652 TrustedInstaller - ok
11:12:14.0945 2652 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:12:14.0946 2652 tssecsrv - ok
11:12:14.0951 2652 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:12:14.0952 2652 TsUsbFlt - ok
11:12:14.0956 2652 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
11:12:14.0956 2652 TsUsbGD - ok
11:12:14.0962 2652 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
11:12:14.0963 2652 tsusbhub - ok
11:12:14.0972 2652 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:12:14.0973 2652 tunnel - ok
11:12:14.0977 2652 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
11:12:14.0978 2652 uagp35 - ok
11:12:14.0995 2652 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:12:14.0996 2652 udfs - ok
11:12:15.0005 2652 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:12:15.0006 2652 UI0Detect - ok
11:12:15.0010 2652 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:12:15.0011 2652 uliagpkx - ok
11:12:15.0015 2652 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
11:12:15.0016 2652 umbus - ok
11:12:15.0019 2652 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
11:12:15.0019 2652 UmPass - ok
11:12:15.0032 2652 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
11:12:15.0034 2652 UmRdpService - ok
11:12:15.0179 2652 UNS (fdf92ec84fecee834fb10a2a0a19bcda) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
11:12:15.0191 2652 UNS - ok
11:12:15.0248 2652 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:12:15.0250 2652 upnphost - ok
11:12:15.0261 2652 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
11:12:15.0261 2652 USBAAPL64 - ok
11:12:15.0269 2652 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
11:12:15.0270 2652 usbaudio - ok
11:12:15.0276 2652 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:12:15.0277 2652 usbccgp - ok
11:12:15.0283 2652 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:12:15.0284 2652 usbcir - ok
11:12:15.0288 2652 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
11:12:15.0289 2652 usbehci - ok
11:12:15.0304 2652 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:12:15.0306 2652 usbhub - ok
11:12:15.0309 2652 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:12:15.0310 2652 usbohci - ok
11:12:15.0314 2652 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:12:15.0315 2652 usbprint - ok
11:12:15.0320 2652 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:12:15.0321 2652 USBSTOR - ok
11:12:15.0325 2652 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
11:12:15.0325 2652 usbuhci - ok
11:12:15.0338 2652 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
11:12:15.0339 2652 usbvideo - ok
11:12:15.0343 2652 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:12:15.0344 2652 UxSms - ok
11:12:15.0348 2652 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:12:15.0349 2652 VaultSvc - ok
11:12:15.0353 2652 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:12:15.0353 2652 vdrvroot - ok
11:12:15.0382 2652 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:12:15.0385 2652 vds - ok
11:12:15.0389 2652 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:12:15.0389 2652 vga - ok
11:12:15.0393 2652 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:12:15.0393 2652 VgaSave - ok
11:12:15.0396 2652 VGPU - ok
11:12:15.0408 2652 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:12:15.0409 2652 vhdmp - ok
11:12:15.0413 2652 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:12:15.0413 2652 viaide - ok
11:12:15.0424 2652 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
11:12:15.0425 2652 vmbus - ok
11:12:15.0429 2652 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
11:12:15.0430 2652 VMBusHID - ok
11:12:15.0435 2652 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:12:15.0436 2652 volmgr - ok
11:12:15.0452 2652 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:12:15.0453 2652 volmgrx - ok
11:12:15.0467 2652 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:12:15.0469 2652 volsnap - ok
11:12:15.0497 2652 vpnagent (3b98ab9849754cb88265111422441df7) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
11:12:15.0501 2652 vpnagent - ok
11:12:15.0505 2652 vpnva (13e6d95e7ac67abb7a1196557ef8849f) C:\Windows\system32\DRIVERS\vpnva64.sys
11:12:15.0506 2652 vpnva - ok
11:12:15.0514 2652 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
11:12:15.0515 2652 vsmraid - ok
11:12:15.0597 2652 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:12:15.0605 2652 VSS - ok
11:12:15.0649 2652 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:12:15.0650 2652 vwifibus - ok
11:12:15.0654 2652 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:12:15.0655 2652 vwififlt - ok
11:12:15.0659 2652 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
11:12:15.0659 2652 vwifimp - ok
11:12:15.0681 2652 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:12:15.0684 2652 W32Time - ok
11:12:15.0689 2652 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
11:12:15.0689 2652 WacomPen - ok
11:12:15.0696 2652 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:12:15.0697 2652 WANARP - ok
11:12:15.0699 2652 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:12:15.0700 2652 Wanarpv6 - ok
11:12:15.0770 2652 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:12:15.0776 2652 WatAdminSvc - ok
11:12:15.0856 2652 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:12:15.0863 2652 wbengine - ok
11:12:15.0912 2652 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:12:15.0914 2652 WbioSrvc - ok
11:12:15.0935 2652 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:12:15.0938 2652 wcncsvc - ok
11:12:15.0942 2652 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:12:15.0943 2652 WcsPlugInService - ok
11:12:15.0951 2652 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
11:12:15.0952 2652 Wd - ok
11:12:15.0988 2652 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:12:15.0991 2652 Wdf01000 - ok
11:12:15.0998 2652 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:12:15.0999 2652 WdiServiceHost - ok
11:12:16.0001 2652 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:12:16.0003 2652 WdiSystemHost - ok
11:12:16.0018 2652 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:12:16.0020 2652 WebClient - ok
11:12:16.0062 2652 WebUpdate4 (6f02ec5d4f00671879f1672c107219c0) C:\Windows\SysWOW64\WebUpdateSvc4.exe
11:12:16.0064 2652 WebUpdate4 - ok
11:12:16.0078 2652 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:12:16.0080 2652 Wecsvc - ok
11:12:16.0086 2652 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:12:16.0087 2652 wercplsupport - ok
11:12:16.0093 2652 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:12:16.0095 2652 WerSvc - ok
11:12:16.0103 2652 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:12:16.0104 2652 WfpLwf - ok
11:12:16.0107 2652 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:12:16.0108 2652 WIMMount - ok
11:12:16.0113 2652 WinDefend - ok
11:12:16.0117 2652 WinHttpAutoProxySvc - ok
11:12:16.0135 2652 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:12:16.0136 2652 Winmgmt - ok
11:12:16.0238 2652 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:12:16.0248 2652 WinRM - ok
11:12:16.0297 2652 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:12:16.0298 2652 WinUsb - ok
11:12:16.0355 2652 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:12:16.0363 2652 Wlansvc - ok
11:12:16.0373 2652 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:12:16.0374 2652 wlcrasvc - ok
11:12:16.0463 2652 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:12:16.0473 2652 wlidsvc - ok
11:12:16.0521 2652 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:12:16.0522 2652 WmiAcpi - ok
11:12:16.0545 2652 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:12:16.0547 2652 wmiApSrv - ok
11:12:16.0553 2652 WMPNetworkSvc - ok
11:12:16.0560 2652 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:12:16.0561 2652 WPCSvc - ok
11:12:16.0572 2652 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:12:16.0574 2652 WPDBusEnum - ok
11:12:16.0578 2652 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:12:16.0578 2652 ws2ifsl - ok
11:12:16.0585 2652 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
11:12:16.0586 2652 wscsvc - ok
11:12:16.0591 2652 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
11:12:16.0591 2652 WSDPrintDevice - ok
11:12:16.0595 2652 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys
11:12:16.0596 2652 WSDScan - ok
11:12:16.0598 2652 WSearch - ok
11:12:16.0708 2652 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
11:12:16.0718 2652 wuauserv - ok
11:12:16.0768 2652 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:12:16.0769 2652 WudfPf - ok
11:12:16.0779 2652 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:12:16.0780 2652 WUDFRd - ok
11:12:16.0786 2652 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:12:16.0787 2652 wudfsvc - ok
11:12:16.0799 2652 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:12:16.0801 2652 WwanSvc - ok
11:12:16.0817 2652 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:12:16.0964 2652 \Device\Harddisk0\DR0 - ok
11:12:16.0966 2652 Boot (0x1200) (0815c37a209ab7fe51a62852bd7bb449) \Device\Harddisk0\DR0\Partition0
11:12:16.0967 2652 \Device\Harddisk0\DR0\Partition0 - ok
11:12:16.0969 2652 Boot (0x1200) (7ebf4b69ee21441cbc70de8fcfebdba8) \Device\Harddisk0\DR0\Partition1
11:12:16.0969 2652 \Device\Harddisk0\DR0\Partition1 - ok
11:12:16.0971 2652 Boot (0x1200) (5a41ad3c692863a04da7b6a5a6b49b99) \Device\Harddisk0\DR0\Partition2
11:12:16.0971 2652 \Device\Harddisk0\DR0\Partition2 - ok
11:12:16.0974 2652 Boot (0x1200) (f992db29237a4f829e4587f9530a546c) \Device\Harddisk0\DR0\Partition3
11:12:16.0974 2652 \Device\Harddisk0\DR0\Partition3 - ok
11:12:16.0976 2652 Boot (0x1200) (f992db29237a4f829e4587f9530a546c) \Device\Harddisk0\DR0\Partition4
11:12:16.0977 2652 \Device\Harddisk0\DR0\Partition4 - ok
11:12:16.0977 2652 ============================================================
11:12:16.0977 2652 Scan finished
11:12:16.0977 2652 ============================================================
11:12:16.0984 2800 Detected object count: 0
11:12:16.0984 2800 Actual detected object count: 0

Attached Files



#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:52 AM

Posted 09 August 2012 - 10:24 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 jpetrucelli

jpetrucelli
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 09 August 2012 - 12:04 PM

Hey Gringo,

No problems.

Here's the file.

JP

Attached Files

  • Attached File  log.txt   32.66KB   1 downloads


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:52 AM

Posted 09 August 2012 - 12:41 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 jpetrucelli

jpetrucelli
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 09 August 2012 - 12:58 PM

Here you go:


Update for Microsoft Office 2007 (KB2508958)
3herosoft iPhone to Computer Transfer
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Community Help
Adobe Content Viewer
Adobe Creative Suite 5.5 Design Premium
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Widget Browser
Amazon Cloud Drive
Apple Application Support
Apple Software Update
Axure RP Pro 6.5
Boingo Wi-Finder
Browser Guard 4.0
Carbonite
Cisco AnyConnect VPN Client
Cisco WebEx Meetings
D3DX10
Dokan Library 0.6.0
Dropbox
erLT
FileZilla Client 3.5.3
Folder Size 1.9.5.0
FreeMind
Gephi 0.8
Google Chrome
GoToMeeting 5.0.0.799
GoToMyPC
HddLed Indicator (remove only)
IcoFX 1.6.4
IconRestorer 2.0.8.1 SR1
Intel® Management Engine Components
Intel® Processor Graphics
Java Auto Updater
Java™ 6 Update 31
Logitech SetPoint
Mesh Runtime
Messenger Companion
Microsoft Expression Web
Microsoft Expression Web MUI (English)
Microsoft Expression Web Service Pack 1 (SP1)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mikogo 4
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Octoshape add-in for Adobe Flash Player
Password Recovery Bundle 2011
PC Tools Spyware Doctor with AntiVirus 9.0
PDF Settings CS5
PowerMapper 5 Evaluation
QuickTime
Remote Control USB Driver
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office system 2007 (KB974234)
Skype Click to Call
Skype™ 5.10
Software Update Wizard (Redistributable) 4.5
SplashID Safe 6.2
SplashShopper Desktop 3.1.0
Spotify
StuffIt 2009
System Requirements Lab for Intel
TomTom HOME 2.8.3.2499
TomTom HOME Visual Studio Merge Modules
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wmaiper
TurboTax 2011 wnhiper
TurboTax 2011 wrapper
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Script Editor Help (KB963671)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
Xvid Video Codec

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:52 AM

Posted 09 August 2012 - 01:16 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Java™ 6 Update 31 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Edited by gringo_pr, 09 August 2012 - 02:15 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users