Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Rootkit.ZAccess and Trojan.Dropper.BCMiner


  • This topic is locked This topic is locked
44 replies to this topic

#1 VikingsFan

VikingsFan

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 02 August 2012 - 02:07 PM

Hey Bleeping Computer! I have a Dell Latitude E6500 laptop and am running windows vista ultimate. I am running my laptop on safe mode with networking because I get the blue screen whenever I try to start it normally. My Malwarebytes software has picked up Rootkit.ZAccess and Trojan.Dropper.BCMiner which come back whenever they are removed. Could I please receive help so that I can permanently remove these. Thank you for your time.

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:50 AM

Posted 03 August 2012 - 09:19 AM

Please do the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 VikingsFan

VikingsFan
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 04 August 2012 - 01:46 PM

Okay, here are the two attached files. Thanks for the help CatByte.

Attached Files



#4 VikingsFan

VikingsFan
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 04 August 2012 - 01:48 PM

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 04-08-2012 14:17:44
Running from E:\
Windows Vista ™ Ultimate Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [200704 2009-02-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [667648 2009-01-19] (Dell Inc.)
HKLM\...\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [15360 2009-01-16] (Broadcom Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe [3563520 2009-04-24] (Dell Inc.)
HKLM\...\Run: [DellConnectionManager] "C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [1810432 2009-03-01] (Smith Micro Software, Inc.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-02-11] (Intel Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13605408 2009-01-30] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2009-01-30] (NVIDIA Corporation)
HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [96800 2009-01-30] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] nwiz.exe /install [x]
HKLM\...\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [115560 2008-12-18] (Symantec Corporation)
HKLM\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [128232 2009-04-02] (CyberLink Corp.)
HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe [483428 2009-04-09] (IDT, Inc.)
HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [973488 2012-07-03] (Malwarebytes Corporation)
HKLM\...\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe [112600 2010-11-15] (PC Tools)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2011-11-12] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot [296056 2012-05-30] (RealNetworks, Inc.)
HKLM\...\Run: [rsvsv] "C:\Windows\System32\rundll32.exe" "C:\Users\Student\AppData\Roaming\rsvsv.dll",MatrixAffineTransformation [417280 2012-07-17] (SigmaTel, Inc.)
HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKU\Student\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [218032 2006-09-11] (Macrovision Corporation)
HKU\Student\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\Student\...\Run: [Google Update] "C:\Users\Student\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-10-04] (Google Inc.)
HKU\Student\...\Run: [Akamai NetSession Interface] "C:\Users\Student\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-26] (Akamai Technologies, Inc)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1085000 2012-07-03] (Malwarebytes Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Lsa: [Authentication Packages] msv1_0
wvauth

================================ Services (Whitelisted) ==================

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_820ff26a\aestsrv.exe [81920 2009-02-12] (Andrea Electronics Corporation)
2 alssvc; "C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe" [382232 2008-06-03] (Dell Inc.)
2 btwdins; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [518696 2008-06-05] (Broadcom Corporation.)
2 buttonsvc32; "C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe" [320800 2008-12-29] (Dell Inc.)
2 ccEvtMgr; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108392 2008-12-18] (Symantec Corporation)
2 ccSetMgr; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108392 2008-12-18] (Symantec Corporation)
2 Credential Vault Host Control Service; "C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe" [808296 2009-01-22] (Broadcom Corporation)
2 Credential Vault Host Storage; "C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe" [20840 2009-01-22] (Broadcom Corporation)
2 dcpsysmgrsvc; "C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe" [443168 2009-02-06] (Dell Inc.)
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-20] (Microsoft Corporation)
3 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [3093880 2008-12-10] (Symantec Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 MDM; "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe" [335872 2006-10-26] (Microsoft Corporation)
2 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [632792 2010-10-01] (PC Tools)
2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75064 2009-11-16] ()
2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
3 SecureStorageService; "C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe" [638976 2008-12-12] (Wave Systems Corp.)
2 SmcService; "C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" [1799496 2009-02-26] (Symantec Corporation)
2 SMManager; "C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe" [77824 2009-03-01] (Smith Micro Software, Inc.)
3 SNAC; "C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" [320840 2009-02-01] (Symantec Corporation)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_820ff26a\STacSV.exe [254042 2009-04-09] (IDT, Inc.)
2 Symantec AntiVirus; "C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe" [2440120 2009-02-01] (Symantec Corporation)
2 tcsd_win32.exe; "C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe" [1273856 2008-11-12] ()
2 TdmService; "C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe" [991232 2009-01-14] (Wave Systems Corp.)
2 Akamai; c:\program files\common files\akamai/netsession_win_4f7fccd.dll [x]
2 BBSvc; "C:\Program Files\Microsoft\BingBar\BBSvc.EXE" [x]
2 BBUpdate; "C:\Program Files\Microsoft\BingBar\SeaPort.EXE" [x]

========================== Drivers (Whitelisted) =============

3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2009-04-24] (Broadcom Corporation)
3 COH_Mon; \??\C:\Windows\system32\Drivers\COH_Mon.sys [23888 2008-11-18] (Symantec Corporation)
3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [32808 2009-01-22] (Broadcom Corporation)
1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-05-30] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-05-30] (Symantec Corporation)
4 HBtnKey; C:\Windows\system32\drivers\hbtnkey.sys [11392 2008-10-17] (Dell Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-07-03] (Malwarebytes Corporation)
3 NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120731.002\NAVENG.SYS [87928 2012-05-15] (Symantec Corporation)
3 NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120731.002\NAVEX15.SYS [1589752 2012-05-15] (Symantec Corporation)
3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [133632 2009-03-06] (Creative Technology Ltd.)
3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [280096 2009-03-08] (Creative Technology Ltd.)
0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
1 SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [421424 2008-09-09] (Symantec Corporation)
1 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [280112 2008-12-19] (Symantec Corporation)
3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [319792 2008-12-19] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43824 2008-12-19] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [123952 2009-04-30] (Symantec Corporation)
3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [27696 2008-08-21] (Symantec Corporation)
1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [191536 2008-08-21] (Symantec Corporation)
4 SysPlant; C:\Windows\SYSTEM32\Drivers\SysPlant.sys [91976 2009-02-26] (Symantec Corporation)
3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [49536 2008-10-14] (Symantec Corporation)
3 USBCCID; C:\Windows\System32\DRIVERS\usbccid.sys [28672 2008-07-22] (Microsoft Corporation)
2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [205624 2009-01-16] (Wave Systems Corp.)
1 WPS; \??\C:\Windows\system32\drivers\wpsdrvnt.sys [42312 2009-02-26] (Symantec Corporation)
3 WpsHelper; \??\C:\Windows\system32\drivers\WpsHelper.sys [167936 2011-06-21] (Symantec Corporation)
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NvtSp50; C:\Windows\System32\Drivers\NvtSp50.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-04 13:31 - 2012-08-04 13:31 - 00000000 ____D C:\FRST
2012-08-04 08:34 - 2012-08-04 08:35 - 00892822 ____A (Farbar) C:\Users\TEMP\Downloads\FRST.exe
2012-08-02 18:29 - 2012-08-02 18:29 - 00000680 ____A C:\Users\TEMP\AppData\Local\d3d9caps.dat
2012-08-02 14:33 - 2012-08-02 14:33 - 00000000 ____D C:\Users\TEMP\AppData\Local\Adobe
2012-08-02 10:13 - 2012-08-02 10:13 - 00076120 ____A C:\Users\TEMP\AppData\Local\GDIPFONTCACHEV1.DAT
2012-08-02 10:11 - 2012-08-02 10:25 - 00000297 ____A C:\Users\TEMP\Downloads\AA_v3.log
2012-08-02 10:11 - 2012-08-02 10:11 - 00726864 ____A C:\Users\TEMP\Downloads\AA_v3.exe
2012-08-02 09:00 - 2012-08-02 08:59 - 04722680 ____A (Swearware) C:\Users\TEMP\Downloads\ComboFix.exe
2012-08-02 08:59 - 2012-08-02 08:59 - 00463080 ____A (CNET Download.com) C:\Users\TEMP\Downloads\cnet2_ComboFix_exe.exe
2012-08-01 10:19 - 2006-09-18 13:41 - 00000761 ____A C:\Windows\System32\Drivers\etc\hosts.20120801-141953.backup
2012-08-01 09:40 - 2012-08-01 09:40 - 00000000 ____D C:\Users\TEMP\AppData\Local\Macromedia
2012-08-01 09:39 - 2012-08-01 09:39 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Mozilla
2012-08-01 09:39 - 2012-08-01 09:39 - 00000000 ____D C:\Users\TEMP\AppData\Local\Mozilla
2012-08-01 08:52 - 2012-08-02 14:33 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Adobe
2012-08-01 08:52 - 2012-08-01 08:52 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Macromedia
2012-08-01 08:46 - 2012-08-01 08:46 - 00000000 ____D C:\Users\TEMP\AppData\Local\Google
2012-08-01 08:40 - 2012-08-01 08:40 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Malwarebytes
2012-08-01 08:15 - 2012-08-01 08:15 - 00000000 ____A C:\Users\TEMP\prfFCC5.tmp
2012-08-01 08:15 - 2011-03-05 12:46 - 00000000 ____D C:\Users\TEMP\AppData\Local\Symantec
2012-08-01 08:15 - 2009-05-01 06:17 - 00000000 ____D C:\Users\TEMP\AppData\Local\Microsoft Help
2012-07-26 15:02 - 2012-07-26 15:03 - 00000000 ____D C:\Users\Student\Downloads\Self Made Vol 2
2012-07-23 09:18 - 2012-07-23 09:18 - 00000000 ____D C:\Users\Student\AppData\Local\Macromedia
2012-07-22 07:23 - 2012-07-22 07:23 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-17 15:57 - 2012-07-17 15:57 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-17 15:32 - 2012-07-23 09:11 - 00000000 ____D C:\Users\Student\AppData\Local\{940398A7-D067-11E1-8270-B8AC6F996F26}
2012-07-17 15:31 - 2012-07-20 11:46 - 00000000 ____D C:\Users\Student\AppData\Roaming\xsecva
2012-07-17 15:31 - 2012-07-17 15:32 - 00417280 ____A (SigmaTel, Inc.) C:\Users\Student\AppData\Roaming\rsvsv.dll
2012-07-11 23:09 - 2012-06-13 05:40 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 07:15 - 2012-06-08 09:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 07:15 - 2012-06-05 08:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 07:15 - 2012-06-05 08:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 07:15 - 2012-06-04 07:26 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 07:15 - 2012-06-01 16:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 07:15 - 2012-06-01 16:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

============ 3 Months Modified Files ========================

2012-08-04 09:56 - 2006-11-02 02:33 - 00703214 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-04 09:51 - 2009-06-28 20:22 - 00159943 ____A C:\Windows\Minidump\Mini080412-02.dmp
2012-08-04 09:11 - 2009-06-28 20:22 - 00159943 ____A C:\Windows\Minidump\Mini080412-01.dmp
2012-08-04 08:35 - 2012-08-04 08:34 - 00892822 ____A (Farbar) C:\Users\TEMP\Downloads\FRST.exe
2012-08-03 21:46 - 2009-06-25 05:30 - 03409134 ____A C:\Windows\PFRO.log
2012-08-02 18:29 - 2012-08-02 18:29 - 00000680 ____A C:\Users\TEMP\AppData\Local\d3d9caps.dat
2012-08-02 10:25 - 2012-08-02 10:11 - 00000297 ____A C:\Users\TEMP\Downloads\AA_v3.log
2012-08-02 10:13 - 2012-08-02 10:13 - 00076120 ____A C:\Users\TEMP\AppData\Local\GDIPFONTCACHEV1.DAT
2012-08-02 10:11 - 2012-08-02 10:11 - 00726864 ____A C:\Users\TEMP\Downloads\AA_v3.exe
2012-08-02 08:59 - 2012-08-02 09:00 - 04722680 ____A (Swearware) C:\Users\TEMP\Downloads\ComboFix.exe
2012-08-02 08:59 - 2012-08-02 08:59 - 00463080 ____A (CNET Download.com) C:\Users\TEMP\Downloads\cnet2_ComboFix_exe.exe
2012-08-02 07:28 - 2009-04-24 06:13 - 00000012 ____A C:\Windows\bthservsdp.dat
2012-08-02 07:28 - 2006-11-02 05:00 - 00032612 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-02 07:28 - 2006-11-02 05:00 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-02 07:27 - 2006-11-02 04:46 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-02 07:27 - 2006-11-02 04:46 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-02 07:26 - 2009-06-28 20:22 - 00159943 ____A C:\Windows\Minidump\Mini080212-02.dmp
2012-08-01 20:13 - 2009-06-28 20:22 - 00159943 ____A C:\Windows\Minidump\Mini080212-01.dmp
2012-08-01 20:10 - 2009-06-28 20:22 - 00159943 ____A C:\Windows\DUMP190b.tmp
2012-08-01 17:51 - 2009-06-28 20:22 - 00159943 ____A C:\Windows\Minidump\Mini080112-08.dmp
2012-08-01 17:36 - 2009-06-28 20:22 - 00159943 ____A C:\Windows\Minidump\Mini080112-07.dmp
2012-08-01 17:34 - 2009-06-28 20:22 - 00159943 ____A C:\Windows\DUMP8ae0.tmp
2012-08-01 17:23 - 2009-06-28 20:22 - 00159943 ____A C:\Windows\Minidump\Mini080112-06.dmp
2012-08-01 17:19 - 2009-06-28 20:22 - 00159943 ____A C:\Windows\DUMP1d20.tmp
2012-08-01 10:01 - 2009-06-28 20:22 - 00159943 ____A C:\Windows\Minidump\Mini080112-05.dmp
2012-08-01 09:30 - 2009-06-28 20:22 - 00159943 ____A C:\Windows\Minidump\Mini080112-04.dmp
2012-08-01 08:15 - 2012-08-01 08:15 - 00000000 ____A C:\Users\TEMP\prfFCC5.tmp
2012-08-01 07:35 - 2010-10-04 20:01 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3830857422-1455467789-1314935863-1000UA.job
2012-08-01 07:09 - 2011-08-25 09:58 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-01 07:06 - 2011-08-25 09:58 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-31 22:53 - 2009-06-28 20:22 - 00159943 ____A C:\Windows\Minidump\Mini080112-03.dmp
2012-07-31 22:49 - 2009-06-28 20:22 - 00159943 ____A C:\Windows\DUMP8bda.tmp
2012-07-31 22:37 - 2009-04-30 06:31 - 00008268 ____A C:\Users\Student\AppData\Local\d3d9caps.dat
2012-07-31 22:12 - 2009-06-28 20:22 - 00159943 ____A C:\Windows\Minidump\Mini080112-02.dmp
2012-07-31 21:39 - 2009-04-24 00:52 - 01332169 ____A C:\Windows\WindowsUpdate.log
2012-07-31 21:02 - 2009-06-28 20:22 - 00159943 ____A C:\Windows\Minidump\Mini080112-01.dmp
2012-07-31 20:57 - 2009-06-28 20:22 - 00159943 ____A C:\Windows\DUMP8719.tmp
2012-07-31 20:54 - 2009-06-28 20:22 - 00159943 ____A C:\Windows\DUMP8870.tmp
2012-07-31 15:00 - 2011-04-16 09:01 - 00000258 ____A C:\Windows\Tasks\RMSchedule.job
2012-07-31 14:32 - 2010-10-04 20:01 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3830857422-1455467789-1314935863-1000Core.job
2012-07-31 00:59 - 2009-06-28 20:22 - 00159879 ____A C:\Windows\Minidump\Mini073112-02.dmp
2012-07-30 22:15 - 2009-06-28 20:22 - 00159879 ____A C:\Windows\Minidump\Mini073112-01.dmp
2012-07-30 22:10 - 2009-06-28 20:22 - 00159943 ____A C:\Windows\DUMP813f.tmp
2012-07-24 08:56 - 2009-06-28 20:22 - 00164115 ____A C:\Windows\Minidump\Mini072412-01.dmp
2012-07-22 07:28 - 2012-06-26 19:47 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-22 07:28 - 2012-06-26 19:47 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-17 15:57 - 2012-07-17 15:57 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-17 15:32 - 2012-07-17 15:31 - 00417280 ____A (SigmaTel, Inc.) C:\Users\Student\AppData\Roaming\rsvsv.dll
2012-07-12 19:20 - 2009-06-25 05:31 - 00022229 ____A C:\Windows\setupact.log
2012-07-12 13:09 - 2011-08-25 09:59 - 00001971 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-07-12 08:45 - 2006-11-02 04:46 - 00313088 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 23:08 - 2006-11-02 02:23 - 00000219 ____A C:\Windows\win.ini
2012-07-11 23:03 - 2006-11-02 02:24 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-03 09:46 - 2010-09-11 08:13 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-26 19:55 - 2009-09-18 18:09 - 00041984 ____A C:\Users\Student\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-13 05:40 - 2012-07-11 23:09 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 09:47 - 2012-07-11 07:15 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-05 08:47 - 2012-07-11 07:15 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 08:47 - 2012-07-11 07:15 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-04 07:26 - 2012-07-11 07:15 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 14:19 - 2012-06-22 07:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-22 07:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-22 07:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-22 07:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-22 07:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-22 07:19 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-22 07:19 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-22 07:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:12 - 2012-06-22 07:19 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 16:04 - 2012-07-11 07:15 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 16:03 - 2012-07-11 07:15 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-31 08:25 - 2009-10-02 09:52 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-30 07:48 - 2012-05-30 07:48 - 00272896 ____A (Progressive Networks) C:\Windows\System32\pncrt.dll
2012-05-30 07:48 - 2012-05-30 07:48 - 00198832 ____A (RealNetworks, Inc.) C:\Windows\System32\rmoc3260.dll
2012-05-30 07:48 - 2012-05-30 07:48 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5016.dll
2012-05-30 07:48 - 2012-05-30 07:48 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5032.dll
2012-05-14 22:37 - 2012-06-13 10:46 - 01212416 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-14 22:37 - 2012-06-13 10:46 - 00916992 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 22:37 - 2012-06-13 10:46 - 00105984 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-14 22:35 - 2012-06-13 10:46 - 00206848 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-05-14 22:33 - 2012-06-13 10:46 - 06007808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-14 22:33 - 2012-06-13 10:46 - 00629760 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-05-14 22:33 - 2012-06-13 10:46 - 00611840 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-05-14 22:33 - 2012-06-13 10:46 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-14 22:33 - 2012-06-13 10:46 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-05-14 22:32 - 2012-06-13 10:46 - 01469440 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-14 22:32 - 2012-06-13 10:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-05-14 22:32 - 2012-06-13 10:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 22:31 - 2012-06-13 10:46 - 11111424 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-14 22:31 - 2012-06-13 10:46 - 02000384 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-14 22:31 - 2012-06-13 10:46 - 00387584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-05-14 22:31 - 2012-06-13 10:46 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-05-14 22:31 - 2012-06-13 10:46 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-14 22:31 - 2012-06-13 10:46 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-05-14 22:31 - 2012-06-13 10:46 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-05-14 22:31 - 2012-06-13 10:46 - 00055808 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-05-14 21:01 - 2012-06-13 10:46 - 00385024 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-05-14 19:26 - 2012-06-13 10:46 - 00133632 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-14 19:25 - 2012-06-13 10:46 - 00174080 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-05-14 19:24 - 2012-06-13 10:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-05-14 19:23 - 2012-06-13 10:46 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-09 12:26 - 2012-05-09 12:26 - 00476960 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2012-05-09 12:26 - 2012-05-09 12:26 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-05-09 12:26 - 2012-05-09 12:26 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-05-09 12:26 - 2012-05-09 12:26 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-05-09 12:26 - 2011-05-19 13:10 - 00472864 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-05-08 12:54 - 2009-06-28 20:22 - 00160007 ____A C:\Windows\Minidump\Mini050812-01.dmp


ZeroAccess:
C:\Windows\Installer\{e8be6e65-1e0a-6724-dfec-a08dae1d2468}
C:\Windows\Installer\{e8be6e65-1e0a-6724-dfec-a08dae1d2468}\@
C:\Windows\Installer\{e8be6e65-1e0a-6724-dfec-a08dae1d2468}\L
C:\Windows\Installer\{e8be6e65-1e0a-6724-dfec-a08dae1d2468}\U
C:\Windows\Installer\{e8be6e65-1e0a-6724-dfec-a08dae1d2468}\L\00000004.@
C:\Windows\Installer\{e8be6e65-1e0a-6724-dfec-a08dae1d2468}\L\201d3dde
C:\Windows\Installer\{e8be6e65-1e0a-6724-dfec-a08dae1d2468}\U\00000004.@
C:\Windows\Installer\{e8be6e65-1e0a-6724-dfec-a08dae1d2468}\U\00000008.@
C:\Windows\Installer\{e8be6e65-1e0a-6724-dfec-a08dae1d2468}\U\000000cb.@
C:\Windows\Installer\{e8be6e65-1e0a-6724-dfec-a08dae1d2468}\U\80000000.@
C:\Windows\Installer\{e8be6e65-1e0a-6724-dfec-a08dae1d2468}\U\80000032.@

ZeroAccess:
C:\Users\Student\AppData\Local\{e8be6e65-1e0a-6724-dfec-a08dae1d2468}
C:\Users\Student\AppData\Local\{e8be6e65-1e0a-6724-dfec-a08dae1d2468}\@
C:\Users\Student\AppData\Local\{e8be6e65-1e0a-6724-dfec-a08dae1d2468}\L
C:\Users\Student\AppData\Local\{e8be6e65-1e0a-6724-dfec-a08dae1d2468}\U

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-09-18 09:20] - [2009-04-10 22:27] - 0282624 ____A (Microsoft Corporation) 054E5A506B36489A163FFF58751C1C0B

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 4082.99 MB
Available physical RAM: 3506.5 MB
Total Pagefile: 3791.42 MB
Available Pagefile: 3594.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1980.95 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:232.88 GB) (Free:107.97 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (VISTA_SP1_ULTIMATE) (CDROM) (Total:3.34 GB) (Free:0 GB) UDF
3 Drive e: () (Removable) (Total:3.76 GB) (Free:3.76 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B
Disk 1 Online 3856 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 233 GB 1024 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 233 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3856 MB 32 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E FAT32 Removable 3856 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-08-04 08:37

======================= End Of Log ==========================

Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-08-04 14:20:04
Running from E:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009-09-18 09:20] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-01-20 18:22] - [2008-01-20 18:22] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\System32\services.exe
[2009-09-18 09:20] - [2009-04-10 22:27] - 0282624 ____A (Microsoft Corporation) 054E5A506B36489A163FFF58751C1C0B

=== End Of Search ===

#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:50 AM

Posted 04 August 2012 - 02:56 PM

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKLM\...\Run: [] [x]
HKLM\...\Run: [rsvsv] "C:\Windows\System32\rundll32.exe" "C:\Users\Student\AppData\Roaming\rsvsv.dll",MatrixAffineTransformation [417280 2012-07-17] (SigmaTel, Inc.)
C:\Users\Student\AppData\Roaming\rsvsv.dll
C:\Windows\Installer\{e8be6e65-1e0a-6724-dfec-a08dae1d2468}
C:\Users\Student\AppData\Local\{e8be6e65-1e0a-6724-dfec-a08dae1d2468}
C:\Windows\assembly\GAC\Desktop.ini
replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe C:\Windows\System32\services.exe
2012-07-17 15:32 - 2012-07-23 09:11 - 00000000 ____D C:\Users\Student\AppData\Local\{940398A7-D067-11E1-8270-B8AC6F996F26}
2012-07-17 15:31 - 2012-07-20 11:46 - 00000000 ____D C:\Users\Student\AppData\Roaming\xsecva
2012-07-17 15:31 - 2012-07-17 15:32 - 00417280 ____A (SigmaTel, Inc.) C:\Users\Student\AppData\Roaming\rsvsv.dll
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 VikingsFan

VikingsFan
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 04 August 2012 - 05:01 PM

Here are the logs:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-08-04 16:17:58 Run:1
Running from E:\

==============================================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\rsvsv Value deleted successfully.
C:\Users\Student\AppData\Roaming\rsvsv.dll moved successfully.
C:\Windows\Installer\{e8be6e65-1e0a-6724-dfec-a08dae1d2468} moved successfully.
C:\Users\Student\AppData\Local\{e8be6e65-1e0a-6724-dfec-a08dae1d2468} moved successfully.
C:\Windows\assembly\GAC\Desktop.ini moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Users\Student\AppData\Local\{940398A7-D067-11E1-8270-B8AC6F996F26} moved successfully.
C:\Users\Student\AppData\Roaming\xsecva moved successfully.
C:\Users\Student\AppData\Roaming\rsvsv.dll not found.

==== End of Fixlog ====

ComboFix 12-08-04.02 - SYSTEM 08/04/2012 16:55:59.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3571.2914 [GMT -4:00]
Running from: c:\windows\system32\config\systemprofile\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\FilmFanaticEI
c:\programdata\AMMYY
c:\programdata\AMMYY\hr
c:\programdata\AMMYY\hr3
c:\programdata\AMMYY\settings3.bin
c:\users\Student\AppData\Roaming\Adobe\plugs
c:\users\Student\AppData\Roaming\Adobe\shed
c:\users\Student\Documents\~WRL0001.tmp
c:\users\Student\Documents\~WRL0002.tmp
c:\users\Student\Documents\~WRL0005.tmp
c:\users\Student\Documents\~WRL0895.tmp
c:\users\TEMP\prfFCC5.tmp
c:\windows\system32\test
.
.
((((((((((((((((((((((((( Files Created from 2012-07-04 to 2012-08-04 )))))))))))))))))))))))))))))))
.
.
2012-08-04 21:31 . 2012-08-04 21:31 -------- d-----w- C:\FRST
2012-08-04 21:03 . 2012-08-04 21:03 -------- d-----w- c:\users\Student\AppData\Local\temp
2012-08-04 21:03 . 2012-08-04 21:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-01 16:15 . 2012-08-04 21:03 -------- d-----w- c:\users\TEMP
2012-08-01 05:11 . 2012-08-01 05:11 8281168 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2012-07-23 17:18 . 2012-07-23 17:18 -------- d-----w- c:\users\Student\AppData\Local\Macromedia
2012-07-22 15:23 . 2012-07-22 15:23 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-17 12:19 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF78884D-A1DE-46B1-9F6A-01268CF18A1D}\mpengine.dll
2012-07-12 07:09 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 15:15 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 15:15 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 15:15 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 15:15 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 15:15 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 15:15 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 04:10 . 2009-06-29 04:22 159943 ----a-w- c:\windows\DUMP190b.tmp
2012-08-02 01:34 . 2009-06-29 04:22 159943 ----a-w- c:\windows\DUMP8ae0.tmp
2012-08-02 01:19 . 2009-06-29 04:22 159943 ----a-w- c:\windows\DUMP1d20.tmp
2012-08-01 06:49 . 2009-06-29 04:22 159943 ----a-w- c:\windows\DUMP8bda.tmp
2012-08-01 04:57 . 2009-06-29 04:22 159943 ----a-w- c:\windows\DUMP8719.tmp
2012-08-01 04:54 . 2009-06-29 04:22 159943 ----a-w- c:\windows\DUMP8870.tmp
2012-07-31 06:10 . 2009-06-29 04:22 159943 ----a-w- c:\windows\DUMP813f.tmp
2012-07-22 15:28 . 2012-06-27 03:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-22 15:28 . 2012-06-27 03:47 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 17:46 . 2010-09-11 16:13 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-22 15:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 15:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 15:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 15:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 15:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 15:19 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 15:19 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-22 15:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-22 15:19 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 16:25 . 2009-10-02 17:52 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-15 06:37 . 2012-06-13 18:46 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 06:32 . 2012-06-13 18:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-15 06:32 . 2012-06-13 18:46 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-15 06:31 . 2012-06-13 18:46 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-15 06:31 . 2012-06-13 18:46 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-05-15 05:01 . 2012-06-13 18:46 385024 ----a-w- c:\windows\system32\html.iec
2012-05-15 03:26 . 2012-06-13 18:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-15 03:23 . 2012-06-13 18:46 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-09 20:26 . 2012-05-09 20:26 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-09 20:26 . 2011-05-19 21:10 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-18 18:31 . 2011-05-07 00:19 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-01-14 15:24 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-01-14 15:24 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-23 200704]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-01-19 667648]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-01-16 15360]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-04-24 3563520]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-03-01 1810432]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-01-30 96800]
"nwiz"="nwiz.exe" [2009-01-29 1657376]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-12-18 115560]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-04-02 128232]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-04-09 483428]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-07-03 973488]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-11-15 112600]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-05-30 296056]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-07-03 1085000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-2-6 1084192]
UVA ITC Network Setup Tool Cert Checker.lnk - c:\windows\Installer\{3C9B29DE-4C2C-4C10-A8F2-7662EE95BEA9}\_2E0263870D3F7424756461.exe [2011-8-20 3262]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4024157433-517137829-2155768077-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_820ff26a\aestsrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 21:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 14:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-25 17:58]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-25 17:58]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3830857422-1455467789-1314935863-1000Core.job
- c:\users\Student\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-05 04:01]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3830857422-1455467789-1314935863-1000UA.job
- c:\users\Student\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-05 04:01]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Symantec Antvirus
AddRemove-Half-Life - c:\sierra\Half-Life\Uninst.isu
AddRemove-Halo Combat Evolved - c:\users\Student\Downloads\Uninstal.exe
AddRemove-Registry Mechanic_is1 - c:\program files\Registry Mechanic\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-04 17:03
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(628)
c:\windows\system32\wvauth.dll
.
- - - - - - - > 'Explorer.exe'(3868)
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\windows\system32\btncopy.dll
.
Completion time: 2012-08-04 17:06:14
ComboFix-quarantined-files.txt 2012-08-04 21:05
.
Pre-Run: 115,646,697,472 bytes free
Post-Run: 115,885,989,888 bytes free
.
- - End Of File - - 35D51EAD4812CC152A4872E46FDE5A99

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:50 AM

Posted 04 August 2012 - 05:23 PM

please run the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Edited by CatByte, 04 August 2012 - 05:23 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 VikingsFan

VikingsFan
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 05 August 2012 - 10:33 AM

Here are the logs:

02:50:57.0087 2148 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
02:50:57.0415 2148 ============================================================
02:50:57.0415 2148 Current date / time: 2012/08/05 02:50:57.0415
02:50:57.0415 2148 SystemInfo:
02:50:57.0415 2148
02:50:57.0415 2148 OS Version: 6.0.6002 ServicePack: 2.0
02:50:57.0415 2148 Product type: Workstation
02:50:57.0415 2148 ComputerName: D17N2NK1
02:50:57.0415 2148 UserName: Student
02:50:57.0415 2148 Windows directory: C:\Windows
02:50:57.0415 2148 System windows directory: C:\Windows
02:50:57.0415 2148 Processor architecture: Intel x86
02:50:57.0415 2148 Number of processors: 2
02:50:57.0415 2148 Page size: 0x1000
02:50:57.0415 2148 Boot type: Safe boot with network
02:50:57.0415 2148 ============================================================
02:50:58.0304 2148 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
02:50:58.0304 2148 ============================================================
02:50:58.0304 2148 \Device\Harddisk0\DR0:
02:50:58.0304 2148 MBR partitions:
02:50:58.0304 2148 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
02:50:58.0304 2148 ============================================================
02:50:58.0335 2148 C: <-> \Device\Harddisk0\DR0\Partition0
02:50:58.0335 2148 ============================================================
02:50:58.0335 2148 Initialize success
02:50:58.0335 2148 ============================================================
02:51:33.0357 2160 ============================================================
02:51:33.0357 2160 Scan started
02:51:33.0357 2160 Mode: Manual; TDLFS;
02:51:33.0357 2160 ============================================================
02:51:33.0638 2160 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
02:51:33.0654 2160 ACPI - ok
02:51:33.0716 2160 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
02:51:33.0716 2160 AdobeARMservice - ok
02:51:33.0779 2160 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
02:51:33.0794 2160 adp94xx - ok
02:51:33.0825 2160 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
02:51:33.0841 2160 adpahci - ok
02:51:33.0872 2160 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
02:51:33.0872 2160 adpu160m - ok
02:51:33.0903 2160 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
02:51:33.0903 2160 adpu320 - ok
02:51:33.0950 2160 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
02:51:33.0950 2160 AeLookupSvc - ok
02:51:34.0028 2160 AESTFilters (2df51ad2961282d68d90a03ac2294194) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_820ff26a\aestsrv.exe
02:51:34.0059 2160 AESTFilters - ok
02:51:34.0153 2160 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
02:51:34.0169 2160 AFD - ok
02:51:34.0184 2160 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
02:51:34.0184 2160 agp440 - ok
02:51:34.0247 2160 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
02:51:34.0247 2160 aic78xx - ok
02:51:34.0590 2160 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files\common files\akamai/netsession_win_4f7fccd.dll
02:51:34.0590 2160 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
02:51:34.0605 2160 Akamai ( HiddenFile.Multi.Generic ) - warning
02:51:34.0605 2160 Akamai - detected HiddenFile.Multi.Generic (1)
02:51:34.0730 2160 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
02:51:34.0746 2160 ALG - ok
02:51:34.0808 2160 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
02:51:34.0808 2160 aliide - ok
02:51:34.0855 2160 alssvc (5e14e9877bb47babdcfb33cdcc4136ed) C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe
02:51:34.0886 2160 alssvc - ok
02:51:34.0917 2160 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
02:51:34.0917 2160 amdagp - ok
02:51:34.0964 2160 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
02:51:34.0964 2160 amdide - ok
02:51:34.0980 2160 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
02:51:34.0995 2160 AmdK7 - ok
02:51:35.0058 2160 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
02:51:35.0058 2160 AmdK8 - ok
02:51:35.0120 2160 ApfiltrService (b83f9da84f7079451c1c6a4a2f140920) C:\Windows\system32\DRIVERS\Apfiltr.sys
02:51:35.0120 2160 ApfiltrService - ok
02:51:35.0151 2160 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
02:51:35.0151 2160 Appinfo - ok
02:51:35.0307 2160 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:51:35.0323 2160 Apple Mobile Device - ok
02:51:35.0354 2160 AppMgmt (0fe769cae5855b53c90e23f85e7e89ff) C:\Windows\System32\appmgmts.dll
02:51:35.0370 2160 AppMgmt - ok
02:51:35.0385 2160 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
02:51:35.0401 2160 arc - ok
02:51:35.0432 2160 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
02:51:35.0432 2160 arcsas - ok
02:51:35.0448 2160 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
02:51:35.0463 2160 AsyncMac - ok
02:51:35.0510 2160 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
02:51:35.0510 2160 atapi - ok
02:51:35.0557 2160 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
02:51:35.0573 2160 AudioEndpointBuilder - ok
02:51:35.0573 2160 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
02:51:35.0573 2160 Audiosrv - ok
02:51:35.0604 2160 BBSvc - ok
02:51:35.0635 2160 BBUpdate - ok
02:51:35.0666 2160 BCM42RLY (50e7506911a528dc23d85f1eb56ced5d) C:\Windows\system32\drivers\BCM42RLY.sys
02:51:35.0666 2160 BCM42RLY - ok
02:51:35.0760 2160 BCM43XX (fa6707a346cd122407f3b0bad1c47639) C:\Windows\system32\DRIVERS\bcmwl6.sys
02:51:35.0775 2160 BCM43XX - ok
02:51:35.0885 2160 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
02:51:35.0900 2160 Beep - ok
02:51:35.0916 2160 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
02:51:35.0931 2160 blbdrive - ok
02:51:36.0025 2160 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
02:51:36.0041 2160 Bonjour Service - ok
02:51:36.0087 2160 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
02:51:36.0087 2160 bowser - ok
02:51:36.0119 2160 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
02:51:36.0119 2160 BrFiltLo - ok
02:51:36.0134 2160 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
02:51:36.0134 2160 BrFiltUp - ok
02:51:36.0165 2160 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
02:51:36.0181 2160 Browser - ok
02:51:36.0228 2160 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
02:51:36.0228 2160 Brserid - ok
02:51:36.0243 2160 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
02:51:36.0259 2160 BrSerWdm - ok
02:51:36.0290 2160 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
02:51:36.0290 2160 BrUsbMdm - ok
02:51:36.0321 2160 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
02:51:36.0321 2160 BrUsbSer - ok
02:51:36.0353 2160 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
02:51:36.0368 2160 BthEnum - ok
02:51:36.0384 2160 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
02:51:36.0399 2160 BTHMODEM - ok
02:51:36.0415 2160 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
02:51:36.0415 2160 BthPan - ok
02:51:36.0493 2160 BthPort (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
02:51:36.0509 2160 BthPort - ok
02:51:36.0540 2160 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
02:51:36.0540 2160 BthServ - ok
02:51:36.0555 2160 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
02:51:36.0555 2160 BTHUSB - ok
02:51:36.0618 2160 btwaudio (58c4b59d0ebfb637e2e296cf4a686ba0) C:\Windows\system32\drivers\btwaudio.sys
02:51:36.0618 2160 btwaudio - ok
02:51:36.0633 2160 btwavdt (e8cc9436cc464d6975adbc4aece0ba7b) C:\Windows\system32\drivers\btwavdt.sys
02:51:36.0649 2160 btwavdt - ok
02:51:36.0743 2160 btwdins (aa29be5bf3d40ca73447639e293fe4c8) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
02:51:36.0774 2160 btwdins - ok
02:51:36.0789 2160 btwl2cap (ecb98391c756a7b9cfbae89d9d1235e1) C:\Windows\system32\DRIVERS\btwl2cap.sys
02:51:36.0789 2160 btwl2cap - ok
02:51:36.0836 2160 btwrchid (62ed55843f8216eb25a909a820613033) C:\Windows\system32\DRIVERS\btwrchid.sys
02:51:36.0836 2160 btwrchid - ok
02:51:36.0930 2160 buttonsvc32 (81a395aab3c606d5f1667cc5fc02b3d2) C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
02:51:36.0945 2160 buttonsvc32 - ok
02:51:37.0070 2160 catchme - ok
02:51:37.0148 2160 ccEvtMgr (4aa730bb7b79b7ba70b1e30acf97d6ab) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
02:51:37.0148 2160 ccEvtMgr - ok
02:51:37.0164 2160 ccSetMgr (4aa730bb7b79b7ba70b1e30acf97d6ab) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
02:51:37.0164 2160 ccSetMgr - ok
02:51:37.0195 2160 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
02:51:37.0195 2160 cdfs - ok
02:51:37.0242 2160 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
02:51:37.0242 2160 cdrom - ok
02:51:37.0273 2160 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
02:51:37.0289 2160 CertPropSvc - ok
02:51:37.0320 2160 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
02:51:37.0320 2160 circlass - ok
02:51:37.0367 2160 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
02:51:37.0382 2160 CLFS - ok
02:51:37.0429 2160 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:51:37.0445 2160 clr_optimization_v2.0.50727_32 - ok
02:51:37.0538 2160 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:51:37.0616 2160 clr_optimization_v4.0.30319_32 - ok
02:51:37.0632 2160 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
02:51:37.0632 2160 CmBatt - ok
02:51:37.0663 2160 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
02:51:37.0663 2160 cmdide - ok
02:51:37.0710 2160 COH_Mon (86a22dff16e8ca67601044efe6825537) C:\Windows\system32\Drivers\COH_Mon.sys
02:51:37.0710 2160 COH_Mon - ok
02:51:37.0772 2160 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
02:51:37.0772 2160 Compbatt - ok
02:51:37.0788 2160 COMSysApp - ok
02:51:37.0788 2160 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
02:51:37.0788 2160 crcdisk - ok
02:51:37.0897 2160 Credential Vault Host Control Service (85d37efa93b2267ab6abf8a54735ab22) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
02:51:37.0928 2160 Credential Vault Host Control Service - ok
02:51:37.0944 2160 Credential Vault Host Storage (97ccce5d6e54a044636a6c7552fa59e5) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
02:51:37.0944 2160 Credential Vault Host Storage - ok
02:51:37.0959 2160 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
02:51:37.0975 2160 Crusoe - ok
02:51:38.0069 2160 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
02:51:38.0069 2160 CryptSvc - ok
02:51:38.0131 2160 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
02:51:38.0147 2160 CSC - ok
02:51:38.0193 2160 CscService (0a2095f92f6ae4fe6484d911b0c21e95) C:\Windows\System32\cscsvc.dll
02:51:38.0209 2160 CscService - ok
02:51:38.0240 2160 cvusbdrv (a95d9b8d882adf93ef40d7dc9b9bb508) C:\Windows\system32\Drivers\cvusbdrv.sys
02:51:38.0240 2160 cvusbdrv - ok
02:51:38.0287 2160 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
02:51:38.0318 2160 DcomLaunch - ok
02:51:38.0396 2160 dcpsysmgrsvc (ac514a1ce72716ad2e93e34ab234831b) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
02:51:38.0412 2160 dcpsysmgrsvc - ok
02:51:38.0474 2160 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
02:51:38.0474 2160 DfsC - ok
02:51:38.0521 2160 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
02:51:38.0537 2160 Dhcp - ok
02:51:38.0583 2160 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
02:51:38.0583 2160 disk - ok
02:51:38.0646 2160 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
02:51:38.0646 2160 Dnscache - ok
02:51:38.0693 2160 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
02:51:38.0708 2160 dot3svc - ok
02:51:38.0739 2160 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
02:51:38.0755 2160 DPS - ok
02:51:38.0802 2160 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
02:51:38.0802 2160 drmkaud - ok
02:51:38.0911 2160 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
02:51:38.0973 2160 DXGKrnl - ok
02:51:39.0020 2160 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
02:51:39.0036 2160 e1express - ok
02:51:39.0051 2160 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
02:51:39.0067 2160 E1G60 - ok
02:51:39.0129 2160 e1yexpress (660d34b47e65f8542dd4a573a0c11a74) C:\Windows\system32\DRIVERS\e1y6032.sys
02:51:39.0129 2160 e1yexpress - ok
02:51:39.0176 2160 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
02:51:39.0176 2160 EapHost - ok
02:51:39.0207 2160 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
02:51:39.0223 2160 Ecache - ok
02:51:39.0301 2160 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
02:51:39.0317 2160 eeCtrl - ok
02:51:39.0379 2160 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
02:51:39.0395 2160 ehRecvr - ok
02:51:39.0410 2160 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
02:51:39.0426 2160 ehSched - ok
02:51:39.0441 2160 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
02:51:39.0441 2160 ehstart - ok
02:51:39.0504 2160 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
02:51:39.0519 2160 elxstor - ok
02:51:39.0613 2160 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
02:51:39.0629 2160 EMDMgmt - ok
02:51:39.0675 2160 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
02:51:39.0675 2160 EraserUtilRebootDrv - ok
02:51:39.0707 2160 ErrDev (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys
02:51:39.0722 2160 ErrDev - ok
02:51:39.0769 2160 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
02:51:39.0785 2160 EventSystem - ok
02:51:39.0816 2160 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
02:51:39.0831 2160 exfat - ok
02:51:39.0878 2160 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
02:51:39.0894 2160 fastfat - ok
02:51:39.0909 2160 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
02:51:39.0909 2160 fdc - ok
02:51:39.0956 2160 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
02:51:39.0956 2160 fdPHost - ok
02:51:39.0972 2160 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
02:51:39.0972 2160 FDResPub - ok
02:51:40.0019 2160 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
02:51:40.0019 2160 FileInfo - ok
02:51:40.0034 2160 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
02:51:40.0034 2160 Filetrace - ok
02:51:40.0050 2160 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
02:51:40.0050 2160 flpydisk - ok
02:51:40.0112 2160 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
02:51:40.0112 2160 FltMgr - ok
02:51:40.0190 2160 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
02:51:40.0221 2160 FontCache - ok
02:51:40.0284 2160 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
02:51:40.0284 2160 FontCache3.0.0.0 - ok
02:51:40.0331 2160 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
02:51:40.0331 2160 Fs_Rec - ok
02:51:40.0346 2160 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
02:51:40.0362 2160 fvevol - ok
02:51:40.0377 2160 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
02:51:40.0377 2160 gagp30kx - ok
02:51:40.0424 2160 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
02:51:40.0424 2160 GEARAspiWDM - ok
02:51:40.0487 2160 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
02:51:40.0518 2160 gpsvc - ok
02:51:40.0580 2160 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
02:51:40.0611 2160 gupdate - ok
02:51:40.0643 2160 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
02:51:40.0643 2160 gupdatem - ok
02:51:40.0658 2160 HBtnKey (91056a89a67e0081a4924d31ad3bc83b) C:\Windows\system32\drivers\hbtnkey.sys
02:51:40.0674 2160 HBtnKey - ok
02:51:40.0752 2160 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
02:51:40.0767 2160 HDAudBus - ok
02:51:40.0814 2160 HECI (2df64415a28ce036ac6acec7645a996f) C:\Windows\system32\drivers\heci.sys
02:51:40.0814 2160 HECI - ok
02:51:40.0845 2160 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
02:51:40.0861 2160 HidBth - ok
02:51:40.0892 2160 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
02:51:40.0892 2160 HidIr - ok
02:51:40.0923 2160 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
02:51:40.0923 2160 hidserv - ok
02:51:40.0970 2160 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
02:51:40.0970 2160 HidUsb - ok
02:51:41.0001 2160 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
02:51:41.0001 2160 hkmsvc - ok
02:51:41.0048 2160 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
02:51:41.0048 2160 HpCISSs - ok
02:51:41.0111 2160 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
02:51:41.0126 2160 HTTP - ok
02:51:41.0142 2160 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
02:51:41.0157 2160 i2omp - ok
02:51:41.0204 2160 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
02:51:41.0220 2160 i8042prt - ok
02:51:41.0298 2160 IAANTMON (52e8a3cc8269adb27d25182284c5e650) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
02:51:41.0329 2160 IAANTMON - ok
02:51:41.0376 2160 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\drivers\iastor.sys
02:51:41.0376 2160 iaStor - ok
02:51:41.0407 2160 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
02:51:41.0423 2160 iaStorV - ok
02:51:41.0532 2160 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:51:41.0563 2160 idsvc - ok
02:51:41.0594 2160 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
02:51:41.0594 2160 iirsp - ok
02:51:41.0657 2160 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
02:51:41.0672 2160 IKEEXT - ok
02:51:41.0719 2160 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
02:51:41.0735 2160 intelide - ok
02:51:41.0750 2160 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
02:51:41.0750 2160 intelppm - ok
02:51:41.0797 2160 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
02:51:41.0797 2160 IPBusEnum - ok
02:51:41.0813 2160 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:51:41.0813 2160 IpFilterDriver - ok
02:51:41.0891 2160 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
02:51:41.0906 2160 iphlpsvc - ok
02:51:41.0937 2160 IpInIp - ok
02:51:41.0969 2160 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
02:51:41.0969 2160 IPMIDRV - ok
02:51:41.0984 2160 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
02:51:41.0984 2160 IPNAT - ok
02:51:42.0093 2160 iPod Service (ca1972397b845b2f53f5dc63c22fd98a) C:\Program Files\iPod\bin\iPodService.exe
02:51:42.0125 2160 iPod Service - ok
02:51:42.0140 2160 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
02:51:42.0140 2160 IRENUM - ok
02:51:42.0187 2160 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
02:51:42.0203 2160 isapnp - ok
02:51:42.0234 2160 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
02:51:42.0249 2160 iScsiPrt - ok
02:51:42.0281 2160 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
02:51:42.0281 2160 iteatapi - ok
02:51:42.0312 2160 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
02:51:42.0312 2160 iteraid - ok
02:51:42.0359 2160 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
02:51:42.0359 2160 kbdclass - ok
02:51:42.0390 2160 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
02:51:42.0390 2160 kbdhid - ok
02:51:42.0437 2160 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
02:51:42.0452 2160 KeyIso - ok
02:51:42.0546 2160 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
02:51:42.0561 2160 KSecDD - ok
02:51:42.0624 2160 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
02:51:42.0639 2160 KtmRm - ok
02:51:42.0686 2160 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
02:51:42.0702 2160 LanmanServer - ok
02:51:42.0749 2160 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
02:51:42.0764 2160 LanmanWorkstation - ok
02:51:43.0061 2160 LiveUpdate (6293e44f4aa06f7fcda06f4b07cdc0c2) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
02:51:43.0154 2160 LiveUpdate - ok
02:51:43.0295 2160 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
02:51:43.0295 2160 lltdio - ok
02:51:43.0326 2160 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
02:51:43.0341 2160 lltdsvc - ok
02:51:43.0357 2160 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
02:51:43.0373 2160 lmhosts - ok
02:51:43.0404 2160 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
02:51:43.0419 2160 LSI_FC - ok
02:51:43.0435 2160 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
02:51:43.0451 2160 LSI_SAS - ok
02:51:43.0466 2160 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
02:51:43.0482 2160 LSI_SCSI - ok
02:51:43.0544 2160 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
02:51:43.0544 2160 luafv - ok
02:51:43.0591 2160 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
02:51:43.0607 2160 MBAMProtector - ok
02:51:43.0731 2160 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
02:51:43.0747 2160 MBAMService - ok
02:51:43.0794 2160 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
02:51:43.0794 2160 Mcx2Svc - ok
02:51:43.0887 2160 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
02:51:43.0919 2160 MDM - ok
02:51:43.0934 2160 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
02:51:43.0934 2160 megasas - ok
02:51:43.0997 2160 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
02:51:44.0028 2160 MegaSR - ok
02:51:44.0059 2160 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
02:51:44.0075 2160 MMCSS - ok
02:51:44.0090 2160 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
02:51:44.0090 2160 Modem - ok
02:51:44.0106 2160 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
02:51:44.0106 2160 monitor - ok
02:51:44.0137 2160 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
02:51:44.0137 2160 mouclass - ok
02:51:44.0153 2160 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
02:51:44.0153 2160 mouhid - ok
02:51:44.0168 2160 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
02:51:44.0168 2160 MountMgr - ok
02:51:44.0246 2160 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
02:51:44.0262 2160 MozillaMaintenance - ok
02:51:44.0309 2160 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
02:51:44.0309 2160 mpio - ok
02:51:44.0324 2160 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
02:51:44.0340 2160 mpsdrv - ok
02:51:44.0371 2160 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
02:51:44.0371 2160 Mraid35x - ok
02:51:44.0402 2160 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
02:51:44.0418 2160 MRxDAV - ok
02:51:44.0496 2160 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:51:44.0496 2160 mrxsmb - ok
02:51:44.0574 2160 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:51:44.0589 2160 mrxsmb10 - ok
02:51:44.0605 2160 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:51:44.0605 2160 mrxsmb20 - ok
02:51:44.0636 2160 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
02:51:44.0636 2160 msahci - ok
02:51:44.0652 2160 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
02:51:44.0667 2160 msdsm - ok
02:51:44.0699 2160 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
02:51:44.0714 2160 MSDTC - ok
02:51:44.0761 2160 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
02:51:44.0761 2160 Msfs - ok
02:51:44.0792 2160 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
02:51:44.0792 2160 msisadrv - ok
02:51:44.0839 2160 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
02:51:44.0870 2160 MSiSCSI - ok
02:51:44.0901 2160 msiserver - ok
02:51:44.0933 2160 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
02:51:44.0933 2160 MSKSSRV - ok
02:51:44.0948 2160 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
02:51:44.0964 2160 MSPCLOCK - ok
02:51:44.0995 2160 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
02:51:44.0995 2160 MSPQM - ok
02:51:45.0026 2160 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
02:51:45.0042 2160 MsRPC - ok
02:51:45.0089 2160 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
02:51:45.0089 2160 mssmbios - ok
02:51:45.0104 2160 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
02:51:45.0104 2160 MSTEE - ok
02:51:45.0151 2160 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
02:51:45.0151 2160 Mup - ok
02:51:45.0198 2160 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
02:51:45.0213 2160 napagent - ok
02:51:45.0260 2160 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
02:51:45.0276 2160 NativeWifiP - ok
02:51:45.0463 2160 NAVENG (f11033730b38260b6892e837c457fb4b) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120731.002\NAVENG.SYS
02:51:45.0463 2160 NAVENG - ok
02:51:45.0572 2160 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120731.002\NAVEX15.SYS
02:51:45.0619 2160 NAVEX15 - ok
02:51:45.0775 2160 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
02:51:45.0806 2160 NDIS - ok
02:51:45.0822 2160 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
02:51:45.0822 2160 NdisTapi - ok
02:51:45.0853 2160 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
02:51:45.0853 2160 Ndisuio - ok
02:51:45.0900 2160 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
02:51:45.0900 2160 NdisWan - ok
02:51:45.0915 2160 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
02:51:45.0915 2160 NDProxy - ok
02:51:45.0931 2160 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
02:51:45.0931 2160 NetBIOS - ok
02:51:45.0978 2160 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
02:51:45.0993 2160 netbt - ok
02:51:46.0056 2160 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
02:51:46.0056 2160 Netlogon - ok
02:51:46.0103 2160 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
02:51:46.0118 2160 Netman - ok
02:51:46.0149 2160 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
02:51:46.0165 2160 netprofm - ok
02:51:46.0243 2160 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:51:46.0259 2160 NetTcpPortSharing - ok
02:51:46.0274 2160 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
02:51:46.0274 2160 nfrd960 - ok
02:51:46.0305 2160 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
02:51:46.0337 2160 NlaSvc - ok
02:51:46.0368 2160 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
02:51:46.0368 2160 Npfs - ok
02:51:46.0383 2160 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
02:51:46.0383 2160 nsi - ok
02:51:46.0430 2160 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
02:51:46.0430 2160 nsiproxy - ok
02:51:46.0586 2160 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
02:51:46.0617 2160 Ntfs - ok
02:51:46.0633 2160 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
02:51:46.0633 2160 ntrigdigi - ok
02:51:46.0664 2160 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
02:51:46.0664 2160 Null - ok
02:51:47.0101 2160 nvlddmkm (3c54c32a2dd59d4aca61a8b0856f43ca) C:\Windows\system32\DRIVERS\nvlddmkm.sys
02:51:47.0335 2160 nvlddmkm - ok
02:51:47.0475 2160 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
02:51:47.0475 2160 nvraid - ok
02:51:47.0507 2160 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
02:51:47.0507 2160 nvstor - ok
02:51:47.0538 2160 nvsvc (c556141b478e3a17b28acdb7b524ab32) C:\Windows\system32\nvvsvc.exe
02:51:47.0553 2160 nvsvc - ok
02:51:47.0569 2160 NvtSp50 - ok
02:51:47.0585 2160 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
02:51:47.0600 2160 nv_agp - ok
02:51:47.0631 2160 NwlnkFlt - ok
02:51:47.0647 2160 NwlnkFwd - ok
02:51:47.0678 2160 OA001Ufd (2cf21d5f8f1b74bb1922135ac2b12ddb) C:\Windows\system32\DRIVERS\OA001Ufd.sys
02:51:47.0678 2160 OA001Ufd - ok
02:51:47.0709 2160 OA001Vid (4075063d25af9da64101769854b83787) C:\Windows\system32\DRIVERS\OA001Vid.sys
02:51:47.0725 2160 OA001Vid - ok
02:51:47.0897 2160 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:51:47.0912 2160 odserv - ok
02:51:47.0959 2160 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
02:51:47.0959 2160 ohci1394 - ok
02:51:47.0990 2160 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:51:48.0006 2160 ose - ok
02:51:48.0084 2160 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
02:51:48.0115 2160 p2pimsvc - ok
02:51:48.0131 2160 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
02:51:48.0146 2160 p2psvc - ok
02:51:48.0193 2160 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
02:51:48.0224 2160 Parport - ok
02:51:48.0287 2160 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
02:51:48.0287 2160 partmgr - ok
02:51:48.0318 2160 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
02:51:48.0318 2160 Parvdm - ok
02:51:48.0365 2160 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\Windows\system32\DRIVERS\PBADRV.sys
02:51:48.0365 2160 PBADRV - ok
02:51:48.0396 2160 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
02:51:48.0396 2160 PcaSvc - ok
02:51:48.0458 2160 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
02:51:48.0474 2160 pci - ok
02:51:48.0505 2160 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
02:51:48.0521 2160 pciide - ok
02:51:48.0552 2160 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
02:51:48.0567 2160 pcmcia - ok
02:51:48.0723 2160 PCToolsSSDMonitorSvc (a0e7d752514a7d99341d5f2a834224a9) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
02:51:48.0755 2160 PCToolsSSDMonitorSvc - ok
02:51:48.0817 2160 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
02:51:48.0848 2160 PEAUTH - ok
02:51:48.0973 2160 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
02:51:49.0020 2160 pla - ok
02:51:49.0129 2160 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
02:51:49.0160 2160 PlugPlay - ok
02:51:49.0191 2160 PnkBstrA (a1dd33d16f277ce34124ee52ab2c0f14) C:\Windows\system32\PnkBstrA.exe
02:51:49.0207 2160 PnkBstrA - ok
02:51:49.0301 2160 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
02:51:49.0316 2160 PNRPAutoReg - ok
02:51:49.0332 2160 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
02:51:49.0332 2160 PNRPsvc - ok
02:51:49.0488 2160 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
02:51:49.0503 2160 PolicyAgent - ok
02:51:49.0550 2160 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
02:51:49.0566 2160 PptpMiniport - ok
02:51:49.0597 2160 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
02:51:49.0597 2160 Processor - ok
02:51:49.0644 2160 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
02:51:49.0659 2160 ProfSvc - ok
02:51:49.0722 2160 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
02:51:49.0722 2160 ProtectedStorage - ok
02:51:49.0753 2160 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
02:51:49.0753 2160 PSched - ok
02:51:49.0784 2160 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
02:51:49.0800 2160 PxHelp20 - ok
02:51:49.0878 2160 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
02:51:49.0909 2160 ql2300 - ok
02:51:49.0940 2160 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
02:51:49.0940 2160 ql40xx - ok
02:51:49.0971 2160 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
02:51:49.0987 2160 QWAVE - ok
02:51:50.0003 2160 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
02:51:50.0018 2160 QWAVEdrv - ok
02:51:50.0159 2160 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
02:51:50.0221 2160 R300 - ok
02:51:50.0315 2160 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
02:51:50.0315 2160 RasAcd - ok
02:51:50.0330 2160 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
02:51:50.0346 2160 RasAuto - ok
02:51:50.0361 2160 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:51:50.0361 2160 Rasl2tp - ok
02:51:50.0424 2160 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
02:51:50.0439 2160 RasMan - ok
02:51:50.0486 2160 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
02:51:50.0486 2160 RasPppoe - ok
02:51:50.0502 2160 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
02:51:50.0502 2160 RasSstp - ok
02:51:50.0533 2160 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
02:51:50.0549 2160 rdbss - ok
02:51:50.0564 2160 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:51:50.0580 2160 RDPCDD - ok
02:51:50.0642 2160 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
02:51:50.0658 2160 rdpdr - ok
02:51:50.0673 2160 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
02:51:50.0673 2160 RDPENCDD - ok
02:51:50.0736 2160 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
02:51:50.0767 2160 RDPWD - ok
02:51:50.0814 2160 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
02:51:50.0814 2160 RemoteAccess - ok
02:51:50.0845 2160 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
02:51:50.0861 2160 RemoteRegistry - ok
02:51:50.0907 2160 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
02:51:50.0907 2160 RFCOMM - ok
02:51:50.0954 2160 rimmptsk (ea885e7a56f1be1f14c372337c42fe48) C:\Windows\system32\DRIVERS\rimmptsk.sys
02:51:50.0954 2160 rimmptsk - ok
02:51:50.0985 2160 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\drivers\rimsptsk.sys
02:51:51.0001 2160 rimsptsk - ok
02:51:51.0032 2160 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\drivers\rixdptsk.sys
02:51:51.0048 2160 rismxdp - ok
02:51:51.0063 2160 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
02:51:51.0063 2160 RpcLocator - ok
02:51:51.0141 2160 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
02:51:51.0157 2160 RpcSs - ok
02:51:51.0204 2160 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
02:51:51.0219 2160 rspndr - ok
02:51:51.0251 2160 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
02:51:51.0266 2160 SamSs - ok
02:51:51.0282 2160 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
02:51:51.0297 2160 sbp2port - ok
02:51:51.0453 2160 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
02:51:51.0485 2160 SBSDWSCService - ok
02:51:51.0594 2160 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
02:51:51.0609 2160 SCardSvr - ok
02:51:51.0687 2160 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
02:51:51.0719 2160 Schedule - ok
02:51:51.0765 2160 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
02:51:51.0765 2160 SCPolicySvc - ok
02:51:51.0812 2160 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
02:51:51.0828 2160 sdbus - ok
02:51:51.0859 2160 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
02:51:51.0875 2160 SDRSVC - ok
02:51:51.0890 2160 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
02:51:51.0906 2160 secdrv - ok
02:51:51.0906 2160 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
02:51:51.0921 2160 seclogon - ok
02:51:52.0046 2160 SecureStorageService (27d53cd650cc77123faf2f07023dabc7) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
02:51:52.0077 2160 SecureStorageService - ok
02:51:52.0124 2160 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
02:51:52.0124 2160 SENS - ok
02:51:52.0140 2160 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
02:51:52.0140 2160 Serenum - ok
02:51:52.0171 2160 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
02:51:52.0171 2160 Serial - ok
02:51:52.0202 2160 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
02:51:52.0202 2160 sermouse - ok
02:51:52.0249 2160 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
02:51:52.0249 2160 SessionEnv - ok
02:51:52.0280 2160 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
02:51:52.0280 2160 sffdisk - ok
02:51:52.0296 2160 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
02:51:52.0311 2160 sffp_mmc - ok
02:51:52.0327 2160 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
02:51:52.0327 2160 sffp_sd - ok
02:51:52.0358 2160 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
02:51:52.0374 2160 sfloppy - ok
02:51:52.0421 2160 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
02:51:52.0436 2160 SharedAccess - ok
02:51:52.0514 2160 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
02:51:52.0530 2160 ShellHWDetection - ok
02:51:52.0545 2160 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
02:51:52.0561 2160 sisagp - ok
02:51:52.0592 2160 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
02:51:52.0608 2160 SiSRaid2 - ok
02:51:52.0623 2160 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
02:51:52.0623 2160 SiSRaid4 - ok
02:51:52.0857 2160 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
02:51:52.0951 2160 slsvc - ok
02:51:53.0060 2160 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
02:51:53.0060 2160 SLUINotify - ok
02:51:53.0107 2160 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
02:51:53.0107 2160 Smb - ok
02:51:53.0310 2160 SmcService (d916a094dc3b5332cf53f50bde0d0fae) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
02:51:53.0341 2160 SmcService - ok
02:51:53.0403 2160 SMManager (b0bf6833849bfa70f42e1e22dee476f8) C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
02:51:53.0419 2160 SMManager - ok
02:51:53.0481 2160 SNAC (d3b6133b0bf6620643e5f36de1f54ab6) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
02:51:53.0497 2160 SNAC - ok
02:51:53.0622 2160 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
02:51:53.0637 2160 SNMPTRAP - ok
02:51:53.0731 2160 SPBBCDrv (d7bb213566e16bca372e2cb517eda907) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
02:51:53.0747 2160 SPBBCDrv - ok
02:51:53.0825 2160 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
02:51:53.0840 2160 spldr - ok
02:51:53.0871 2160 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
02:51:53.0887 2160 Spooler - ok
02:51:53.0949 2160 SRTSP (522651a0e7dc6415e083317370b609cc) C:\Windows\system32\Drivers\SRTSP.SYS
02:51:53.0965 2160 SRTSP - ok
02:51:53.0996 2160 SRTSPL (34e823b8d730099d032608fcccbc6a25) C:\Windows\system32\Drivers\SRTSPL.SYS
02:51:54.0012 2160 SRTSPL - ok
02:51:54.0027 2160 SRTSPX (469006e15f5b0fe8ae94184a18a81586) C:\Windows\system32\Drivers\SRTSPX.SYS
02:51:54.0027 2160 SRTSPX - ok
02:51:54.0105 2160 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
02:51:54.0121 2160 srv - ok
02:51:54.0183 2160 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
02:51:54.0199 2160 srv2 - ok
02:51:54.0324 2160 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
02:51:54.0324 2160 srvnet - ok
02:51:54.0355 2160 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
02:51:54.0371 2160 SSDPSRV - ok
02:51:54.0417 2160 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
02:51:54.0433 2160 SstpSvc - ok
02:51:54.0527 2160 STacSV (d471a444cf554c6dba4d7076d3b76d0d) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_820ff26a\STacSV.exe
02:51:54.0542 2160 STacSV - ok
02:51:54.0589 2160 STHDA (83160c5ae7270298ea041119291d07db) C:\Windows\system32\DRIVERS\stwrt.sys
02:51:54.0605 2160 STHDA - ok
02:51:54.0667 2160 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
02:51:54.0698 2160 stisvc - ok
02:51:54.0792 2160 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
02:51:54.0792 2160 stllssvr - ok
02:51:54.0823 2160 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
02:51:54.0823 2160 swenum - ok
02:51:54.0885 2160 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
02:51:54.0917 2160 swprv - ok
02:51:55.0119 2160 Symantec AntiVirus (dd10cb8aa990f89091bc267370fd0843) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
02:51:55.0151 2160 Symantec AntiVirus - ok
02:51:55.0275 2160 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
02:51:55.0275 2160 Symc8xx - ok
02:51:55.0307 2160 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\Windows\system32\Drivers\SYMEVENT.SYS
02:51:55.0307 2160 SymEvent - ok
02:51:55.0338 2160 SYMREDRV (be3c117150c055e50a4caf23e548c856) C:\Windows\System32\Drivers\SYMREDRV.SYS
02:51:55.0353 2160 SYMREDRV - ok
02:51:55.0369 2160 SYMTDI (7b0af4e22b32f8c5bfba5a5d53522160) C:\Windows\System32\Drivers\SYMTDI.SYS
02:51:55.0385 2160 SYMTDI - ok
02:51:55.0416 2160 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
02:51:55.0431 2160 Sym_hi - ok
02:51:55.0447 2160 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
02:51:55.0447 2160 Sym_u3 - ok
02:51:55.0525 2160 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
02:51:55.0556 2160 SysMain - ok
02:51:55.0587 2160 SysPlant (5383efa1351463f2f036a3e1b5f87d0c) C:\Windows\SYSTEM32\Drivers\SysPlant.sys
02:51:55.0603 2160 SysPlant - ok
02:51:55.0634 2160 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
02:51:55.0634 2160 TabletInputService - ok
02:51:55.0681 2160 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
02:51:55.0712 2160 TapiSrv - ok
02:51:55.0743 2160 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
02:51:55.0743 2160 TBS - ok
02:51:55.0868 2160 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
02:51:55.0899 2160 Tcpip - ok
02:51:55.0915 2160 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
02:51:55.0931 2160 Tcpip6 - ok
02:51:55.0993 2160 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
02:51:55.0993 2160 tcpipreg - ok
02:51:56.0133 2160 tcsd_win32.exe (69f1a38a6dbfe682491cb61a596662e3) C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
02:51:56.0180 2160 tcsd_win32.exe - ok
02:51:56.0352 2160 TdmService (b6cae7741addce1d57b65e015751a274) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
02:51:56.0383 2160 TdmService - ok
02:51:56.0523 2160 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
02:51:56.0539 2160 TDPIPE - ok
02:51:56.0539 2160 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
02:51:56.0555 2160 TDTCP - ok
02:51:56.0601 2160 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
02:51:56.0601 2160 tdx - ok
02:51:56.0633 2160 Teefer2 (0dc098cc18a974e7c1e96e6846bd06e4) C:\Windows\system32\DRIVERS\teefer2.sys
02:51:56.0633 2160 Teefer2 - ok
02:51:56.0679 2160 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
02:51:56.0679 2160 TermDD - ok
02:51:56.0742 2160 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
02:51:56.0757 2160 TermService - ok
02:51:56.0835 2160 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
02:51:56.0851 2160 Themes - ok
02:51:56.0882 2160 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
02:51:56.0882 2160 THREADORDER - ok
02:51:56.0929 2160 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
02:51:56.0929 2160 TrkWks - ok
02:51:56.0991 2160 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
02:51:56.0991 2160 TrustedInstaller - ok
02:51:57.0023 2160 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:51:57.0038 2160 tssecsrv - ok
02:51:57.0069 2160 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
02:51:57.0069 2160 tunmp - ok
02:51:57.0101 2160 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
02:51:57.0101 2160 tunnel - ok
02:51:57.0163 2160 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
02:51:57.0163 2160 uagp35 - ok
02:51:57.0210 2160 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
02:51:57.0225 2160 udfs - ok
02:51:57.0241 2160 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
02:51:57.0241 2160 UI0Detect - ok
02:51:57.0272 2160 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
02:51:57.0288 2160 uliagpkx - ok
02:51:57.0319 2160 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
02:51:57.0335 2160 uliahci - ok
02:51:57.0397 2160 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
02:51:57.0397 2160 UlSata - ok
02:51:57.0428 2160 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
02:51:57.0428 2160 ulsata2 - ok
02:51:57.0475 2160 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
02:51:57.0475 2160 umbus - ok
02:51:57.0506 2160 UmRdpService (8a66360f38f81e960e2367b428cbd5d9) C:\Windows\System32\umrdp.dll
02:51:57.0522 2160 UmRdpService - ok
02:51:57.0553 2160 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
02:51:57.0584 2160 upnphost - ok
02:51:57.0662 2160 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
02:51:57.0662 2160 USBAAPL - ok
02:51:57.0709 2160 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
02:51:57.0709 2160 usbccgp - ok
02:51:57.0756 2160 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\Windows\system32\DRIVERS\usbccid.sys
02:51:57.0771 2160 USBCCID - ok
02:51:57.0803 2160 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
02:51:57.0803 2160 usbcir - ok
02:51:57.0818 2160 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
02:51:57.0818 2160 usbehci - ok
02:51:57.0865 2160 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
02:51:57.0881 2160 usbhub - ok
02:51:57.0927 2160 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
02:51:57.0927 2160 usbohci - ok
02:51:57.0959 2160 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
02:51:57.0959 2160 usbprint - ok
02:51:58.0005 2160 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:51:58.0005 2160 USBSTOR - ok
02:51:58.0037 2160 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
02:51:58.0037 2160 usbuhci - ok
02:51:58.0083 2160 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
02:51:58.0115 2160 UxSms - ok
02:51:58.0146 2160 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
02:51:58.0161 2160 vds - ok
02:51:58.0177 2160 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
02:51:58.0193 2160 vga - ok
02:51:58.0208 2160 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
02:51:58.0208 2160 VgaSave - ok
02:51:58.0239 2160 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
02:51:58.0255 2160 viaagp - ok
02:51:58.0271 2160 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
02:51:58.0271 2160 ViaC7 - ok
02:51:58.0317 2160 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
02:51:58.0317 2160 viaide - ok
02:51:58.0349 2160 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
02:51:58.0349 2160 volmgr - ok
02:51:58.0380 2160 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
02:51:58.0395 2160 volmgrx - ok
02:51:58.0442 2160 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
02:51:58.0458 2160 volsnap - ok
02:51:58.0489 2160 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
02:51:58.0505 2160 vsmraid - ok
02:51:58.0583 2160 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
02:51:58.0629 2160 VSS - ok
02:51:58.0676 2160 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
02:51:58.0707 2160 W32Time - ok
02:51:58.0754 2160 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
02:51:58.0754 2160 WacomPen - ok
02:51:58.0817 2160 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
02:51:58.0817 2160 Wanarp - ok
02:51:58.0848 2160 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
02:51:58.0848 2160 Wanarpv6 - ok
02:51:58.0895 2160 WavxDMgr (ab0b2678eb3f4536a2241c3f0da9eb36) C:\Windows\system32\DRIVERS\WavxDMgr.sys
02:51:58.0910 2160 WavxDMgr - ok
02:51:58.0988 2160 wbengine (20b23332885dfb93fe0185362ee811e9) C:\Windows\system32\wbengine.exe
02:51:59.0035 2160 wbengine - ok
02:51:59.0082 2160 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
02:51:59.0113 2160 wcncsvc - ok
02:51:59.0144 2160 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
02:51:59.0144 2160 WcsPlugInService - ok
02:51:59.0191 2160 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
02:51:59.0207 2160 Wd - ok
02:51:59.0253 2160 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
02:51:59.0269 2160 Wdf01000 - ok
02:51:59.0285 2160 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
02:51:59.0300 2160 WdiServiceHost - ok
02:51:59.0300 2160 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
02:51:59.0300 2160 WdiSystemHost - ok
02:51:59.0363 2160 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
02:51:59.0378 2160 WebClient - ok
02:51:59.0456 2160 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
02:51:59.0472 2160 Wecsvc - ok
02:51:59.0503 2160 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
02:51:59.0519 2160 wercplsupport - ok
02:51:59.0534 2160 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
02:51:59.0550 2160 WerSvc - ok
02:51:59.0675 2160 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
02:51:59.0706 2160 WinDefend - ok
02:51:59.0721 2160 WinHttpAutoProxySvc - ok
02:51:59.0784 2160 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
02:51:59.0799 2160 Winmgmt - ok
02:51:59.0909 2160 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
02:51:59.0940 2160 WinRM - ok
02:52:00.0049 2160 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
02:52:00.0065 2160 Wlansvc - ok
02:52:00.0080 2160 wltrysvc - ok
02:52:00.0143 2160 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
02:52:00.0143 2160 WmiAcpi - ok
02:52:00.0189 2160 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
02:52:00.0189 2160 wmiApSrv - ok
02:52:00.0314 2160 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
02:52:00.0345 2160 WMPNetworkSvc - ok
02:52:00.0377 2160 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
02:52:00.0408 2160 WPCSvc - ok
02:52:00.0455 2160 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
02:52:00.0470 2160 WPDBusEnum - ok
02:52:00.0548 2160 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
02:52:00.0564 2160 WpdUsb - ok
02:52:00.0704 2160 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
02:52:00.0735 2160 WPFFontCache_v0400 - ok
02:52:00.0767 2160 WPS (28d229ba1182591e43aca9d58f539dce) C:\Windows\system32\drivers\wpsdrvnt.sys
02:52:00.0767 2160 WPS - ok
02:52:00.0829 2160 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\Windows\system32\drivers\WpsHelper.sys
02:52:00.0860 2160 WpsHelper - ok
02:52:00.0876 2160 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
02:52:00.0876 2160 ws2ifsl - ok
02:52:00.0938 2160 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
02:52:00.0938 2160 wscsvc - ok
02:52:00.0938 2160 WSearch - ok
02:52:01.0141 2160 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
02:52:01.0203 2160 wuauserv - ok
02:52:01.0313 2160 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:52:01.0313 2160 WUDFRd - ok
02:52:01.0359 2160 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
02:52:01.0359 2160 wudfsvc - ok
02:52:01.0422 2160 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
02:52:01.0796 2160 \Device\Harddisk0\DR0 - ok
02:52:01.0827 2160 Boot (0x1200) (09699c1faee3921024d4cc5e43301b1f) \Device\Harddisk0\DR0\Partition0
02:52:01.0843 2160 \Device\Harddisk0\DR0\Partition0 - ok
02:52:01.0843 2160 ============================================================
02:52:01.0843 2160 Scan finished
02:52:01.0843 2160 ============================================================
02:52:01.0859 2476 Detected object count: 1
02:52:01.0859 2476 Actual detected object count: 1
02:53:23.0759 2476 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
02:53:23.0759 2476 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
02:53:52.0135 2960 ============================================================
02:53:52.0135 2960 Scan started
02:53:52.0135 2960 Mode: Manual; TDLFS;
02:53:52.0135 2960 ============================================================
02:53:52.0244 2960 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
02:53:52.0244 2960 ACPI - ok
02:53:52.0322 2960 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
02:53:52.0338 2960 AdobeARMservice - ok
02:53:52.0385 2960 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
02:53:52.0385 2960 adp94xx - ok
02:53:52.0431 2960 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
02:53:52.0431 2960 adpahci - ok
02:53:52.0478 2960 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
02:53:52.0478 2960 adpu160m - ok
02:53:52.0509 2960 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
02:53:52.0509 2960 adpu320 - ok
02:53:52.0556 2960 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
02:53:52.0556 2960 AeLookupSvc - ok
02:53:52.0650 2960 AESTFilters (2df51ad2961282d68d90a03ac2294194) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_820ff26a\aestsrv.exe
02:53:52.0650 2960 AESTFilters - ok
02:53:52.0728 2960 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
02:53:52.0728 2960 AFD - ok
02:53:52.0775 2960 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
02:53:52.0775 2960 agp440 - ok
02:53:52.0790 2960 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
02:53:52.0790 2960 aic78xx - ok
02:53:53.0118 2960 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files\common files\akamai/netsession_win_4f7fccd.dll
02:53:53.0118 2960 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
02:53:53.0133 2960 Akamai ( HiddenFile.Multi.Generic ) - warning
02:53:53.0133 2960 Akamai - detected HiddenFile.Multi.Generic (1)
02:53:53.0258 2960 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
02:53:53.0258 2960 ALG - ok
02:53:53.0289 2960 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
02:53:53.0289 2960 aliide - ok
02:53:53.0367 2960 alssvc (5e14e9877bb47babdcfb33cdcc4136ed) C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe
02:53:53.0367 2960 alssvc - ok
02:53:53.0383 2960 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
02:53:53.0383 2960 amdagp - ok
02:53:53.0414 2960 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
02:53:53.0414 2960 amdide - ok
02:53:53.0445 2960 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
02:53:53.0445 2960 AmdK7 - ok
02:53:53.0461 2960 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
02:53:53.0461 2960 AmdK8 - ok
02:53:53.0508 2960 ApfiltrService (b83f9da84f7079451c1c6a4a2f140920) C:\Windows\system32\DRIVERS\Apfiltr.sys
02:53:53.0523 2960 ApfiltrService - ok
02:53:53.0570 2960 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
02:53:53.0570 2960 Appinfo - ok
02:53:53.0664 2960 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:53:53.0664 2960 Apple Mobile Device - ok
02:53:53.0711 2960 AppMgmt (0fe769cae5855b53c90e23f85e7e89ff) C:\Windows\System32\appmgmts.dll
02:53:53.0711 2960 AppMgmt - ok
02:53:53.0742 2960 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
02:53:53.0742 2960 arc - ok
02:53:53.0757 2960 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
02:53:53.0757 2960 arcsas - ok
02:53:53.0804 2960 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
02:53:53.0804 2960 AsyncMac - ok
02:53:53.0820 2960 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
02:53:53.0820 2960 atapi - ok
02:53:53.0867 2960 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
02:53:53.0867 2960 AudioEndpointBuilder - ok
02:53:53.0882 2960 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
02:53:53.0882 2960 Audiosrv - ok
02:53:53.0913 2960 BBSvc - ok
02:53:53.0945 2960 BBUpdate - ok
02:53:53.0960 2960 BCM42RLY (50e7506911a528dc23d85f1eb56ced5d) C:\Windows\system32\drivers\BCM42RLY.sys
02:53:53.0976 2960 BCM42RLY - ok
02:53:54.0054 2960 BCM43XX (fa6707a346cd122407f3b0bad1c47639) C:\Windows\system32\DRIVERS\bcmwl6.sys
02:53:54.0069 2960 BCM43XX - ok
02:53:54.0179 2960 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
02:53:54.0179 2960 Beep - ok
02:53:54.0210 2960 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
02:53:54.0210 2960 blbdrive - ok
02:53:54.0319 2960 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
02:53:54.0319 2960 Bonjour Service - ok
02:53:54.0397 2960 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
02:53:54.0397 2960 bowser - ok
02:53:54.0428 2960 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
02:53:54.0428 2960 BrFiltLo - ok
02:53:54.0444 2960 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
02:53:54.0444 2960 BrFiltUp - ok
02:53:54.0475 2960 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
02:53:54.0475 2960 Browser - ok
02:53:54.0522 2960 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
02:53:54.0522 2960 Brserid - ok
02:53:54.0537 2960 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
02:53:54.0537 2960 BrSerWdm - ok
02:53:54.0584 2960 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
02:53:54.0584 2960 BrUsbMdm - ok
02:53:54.0600 2960 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
02:53:54.0600 2960 BrUsbSer - ok
02:53:54.0631 2960 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
02:53:54.0631 2960 BthEnum - ok
02:53:54.0678 2960 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
02:53:54.0678 2960 BTHMODEM - ok
02:53:54.0693 2960 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
02:53:54.0693 2960 BthPan - ok
02:53:54.0771 2960 BthPort (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
02:53:54.0771 2960 BthPort - ok
02:53:54.0818 2960 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
02:53:54.0818 2960 BthServ - ok
02:53:54.0834 2960 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
02:53:54.0834 2960 BTHUSB - ok
02:53:54.0865 2960 btwaudio (58c4b59d0ebfb637e2e296cf4a686ba0) C:\Windows\system32\drivers\btwaudio.sys
02:53:54.0865 2960 btwaudio - ok
02:53:54.0896 2960 btwavdt (e8cc9436cc464d6975adbc4aece0ba7b) C:\Windows\system32\drivers\btwavdt.sys
02:53:54.0896 2960 btwavdt - ok
02:53:55.0005 2960 btwdins (aa29be5bf3d40ca73447639e293fe4c8) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
02:53:55.0005 2960 btwdins - ok
02:53:55.0052 2960 btwl2cap (ecb98391c756a7b9cfbae89d9d1235e1) C:\Windows\system32\DRIVERS\btwl2cap.sys
02:53:55.0052 2960 btwl2cap - ok
02:53:55.0068 2960 btwrchid (62ed55843f8216eb25a909a820613033) C:\Windows\system32\DRIVERS\btwrchid.sys
02:53:55.0068 2960 btwrchid - ok
02:53:55.0146 2960 buttonsvc32 (81a395aab3c606d5f1667cc5fc02b3d2) C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
02:53:55.0146 2960 buttonsvc32 - ok
02:53:55.0271 2960 catchme - ok
02:53:55.0364 2960 ccEvtMgr (4aa730bb7b79b7ba70b1e30acf97d6ab) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
02:53:55.0364 2960 ccEvtMgr - ok
02:53:55.0364 2960 ccSetMgr (4aa730bb7b79b7ba70b1e30acf97d6ab) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
02:53:55.0364 2960 ccSetMgr - ok
02:53:55.0427 2960 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
02:53:55.0427 2960 cdfs - ok
02:53:55.0458 2960 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
02:53:55.0458 2960 cdrom - ok
02:53:55.0505 2960 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
02:53:55.0505 2960 CertPropSvc - ok
02:53:55.0520 2960 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
02:53:55.0520 2960 circlass - ok
02:53:55.0551 2960 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
02:53:55.0551 2960 CLFS - ok
02:53:55.0629 2960 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:53:55.0629 2960 clr_optimization_v2.0.50727_32 - ok
02:53:55.0739 2960 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:53:55.0739 2960 clr_optimization_v4.0.30319_32 - ok
02:53:55.0754 2960 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
02:53:55.0754 2960 CmBatt - ok
02:53:55.0770 2960 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
02:53:55.0770 2960 cmdide - ok
02:53:55.0801 2960 COH_Mon (86a22dff16e8ca67601044efe6825537) C:\Windows\system32\Drivers\COH_Mon.sys
02:53:55.0801 2960 COH_Mon - ok
02:53:55.0832 2960 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
02:53:55.0832 2960 Compbatt - ok
02:53:55.0863 2960 COMSysApp - ok
02:53:55.0879 2960 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
02:53:55.0879 2960 crcdisk - ok
02:53:55.0973 2960 Credential Vault Host Control Service (85d37efa93b2267ab6abf8a54735ab22) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
02:53:55.0973 2960 Credential Vault Host Control Service - ok
02:53:56.0004 2960 Credential Vault Host Storage (97ccce5d6e54a044636a6c7552fa59e5) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
02:53:56.0004 2960 Credential Vault Host Storage - ok
02:53:56.0019 2960 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
02:53:56.0019 2960 Crusoe - ok
02:53:56.0144 2960 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
02:53:56.0144 2960 CryptSvc - ok
02:53:56.0191 2960 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
02:53:56.0191 2960 CSC - ok
02:53:56.0253 2960 CscService (0a2095f92f6ae4fe6484d911b0c21e95) C:\Windows\System32\cscsvc.dll
02:53:56.0253 2960 CscService - ok
02:53:56.0300 2960 cvusbdrv (a95d9b8d882adf93ef40d7dc9b9bb508) C:\Windows\system32\Drivers\cvusbdrv.sys
02:53:56.0300 2960 cvusbdrv - ok
02:53:56.0394 2960 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
02:53:56.0409 2960 DcomLaunch - ok
02:53:56.0550 2960 dcpsysmgrsvc (ac514a1ce72716ad2e93e34ab234831b) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
02:53:56.0550 2960 dcpsysmgrsvc - ok
02:53:56.0597 2960 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
02:53:56.0597 2960 DfsC - ok
02:53:56.0643 2960 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
02:53:56.0643 2960 Dhcp - ok
02:53:56.0690 2960 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
02:53:56.0690 2960 disk - ok
02:53:56.0753 2960 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
02:53:56.0753 2960 Dnscache - ok
02:53:56.0784 2960 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
02:53:56.0784 2960 dot3svc - ok
02:53:56.0831 2960 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
02:53:56.0846 2960 DPS - ok
02:53:56.0862 2960 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
02:53:56.0862 2960 drmkaud - ok
02:53:56.0971 2960 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
02:53:56.0971 2960 DXGKrnl - ok
02:53:57.0018 2960 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
02:53:57.0033 2960 e1express - ok
02:53:57.0080 2960 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
02:53:57.0080 2960 E1G60 - ok
02:53:57.0127 2960 e1yexpress (660d34b47e65f8542dd4a573a0c11a74) C:\Windows\system32\DRIVERS\e1y6032.sys
02:53:57.0127 2960 e1yexpress - ok
02:53:57.0158 2960 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
02:53:57.0158 2960 EapHost - ok
02:53:57.0205 2960 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
02:53:57.0205 2960 Ecache - ok
02:53:57.0283 2960 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
02:53:57.0299 2960 eeCtrl - ok
02:53:57.0392 2960 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
02:53:57.0392 2960 ehRecvr - ok
02:53:57.0423 2960 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
02:53:57.0423 2960 ehSched - ok
02:53:57.0455 2960 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
02:53:57.0455 2960 ehstart - ok
02:53:57.0501 2960 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
02:53:57.0501 2960 elxstor - ok
02:53:57.0579 2960 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
02:53:57.0595 2960 EMDMgmt - ok
02:53:57.0642 2960 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
02:53:57.0642 2960 EraserUtilRebootDrv - ok
02:53:57.0657 2960 ErrDev (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys
02:53:57.0657 2960 ErrDev - ok
02:53:57.0720 2960 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
02:53:57.0720 2960 EventSystem - ok
02:53:57.0767 2960 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
02:53:57.0767 2960 exfat - ok
02:53:57.0798 2960 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
02:53:57.0798 2960 fastfat - ok
02:53:57.0845 2960 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
02:53:57.0845 2960 fdc - ok
02:53:57.0876 2960 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
02:53:57.0876 2960 fdPHost - ok
02:53:57.0907 2960 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
02:53:57.0907 2960 FDResPub - ok
02:53:57.0923 2960 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
02:53:57.0923 2960 FileInfo - ok
02:53:57.0938 2960 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
02:53:57.0938 2960 Filetrace - ok
02:53:57.0954 2960 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
02:53:57.0954 2960 flpydisk - ok
02:53:58.0016 2960 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
02:53:58.0016 2960 FltMgr - ok
02:53:58.0110 2960 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
02:53:58.0125 2960 FontCache - ok
02:53:58.0172 2960 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
02:53:58.0172 2960 FontCache3.0.0.0 - ok
02:53:58.0219 2960 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
02:53:58.0219 2960 Fs_Rec - ok
02:53:58.0250 2960 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
02:53:58.0250 2960 fvevol - ok
02:53:58.0266 2960 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
02:53:58.0281 2960 gagp30kx - ok
02:53:58.0313 2960 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
02:53:58.0313 2960 GEARAspiWDM - ok
02:53:58.0359 2960 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
02:53:58.0375 2960 gpsvc - ok
02:53:58.0437 2960 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
02:53:58.0437 2960 gupdate - ok
02:53:58.0469 2960 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
02:53:58.0469 2960 gupdatem - ok
02:53:58.0500 2960 HBtnKey (91056a89a67e0081a4924d31ad3bc83b) C:\Windows\system32\drivers\hbtnkey.sys
02:53:58.0500 2960 HBtnKey - ok
02:53:58.0578 2960 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
02:53:58.0578 2960 HDAudBus - ok
02:53:58.0625 2960 HECI (2df64415a28ce036ac6acec7645a996f) C:\Windows\system32\drivers\heci.sys
02:53:58.0625 2960 HECI - ok
02:53:58.0656 2960 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
02:53:58.0671 2960 HidBth - ok
02:53:58.0703 2960 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
02:53:58.0703 2960 HidIr - ok
02:53:58.0734 2960 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
02:53:58.0734 2960 hidserv - ok
02:53:58.0781 2960 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
02:53:58.0781 2960 HidUsb - ok
02:53:58.0812 2960 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
02:53:58.0812 2960 hkmsvc - ok
02:53:58.0859 2960 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
02:53:58.0859 2960 HpCISSs - ok
02:53:58.0921 2960 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
02:53:58.0921 2960 HTTP - ok
02:53:58.0952 2960 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
02:53:58.0952 2960 i2omp - ok
02:53:58.0952 2960 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
02:53:58.0968 2960 i8042prt - ok
02:53:59.0046 2960 IAANTMON (52e8a3cc8269adb27d25182284c5e650) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
02:53:59.0061 2960 IAANTMON - ok
02:53:59.0124 2960 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\drivers\iastor.sys
02:53:59.0124 2960 iaStor - ok
02:53:59.0155 2960 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
02:53:59.0155 2960 iaStorV - ok
02:53:59.0264 2960 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:53:59.0264 2960 idsvc - ok
02:53:59.0295 2960 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
02:53:59.0311 2960 iirsp - ok
02:53:59.0373 2960 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
02:53:59.0389 2960 IKEEXT - ok
02:53:59.0436 2960 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
02:53:59.0436 2960 intelide - ok
02:53:59.0451 2960 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
02:53:59.0451 2960 intelppm - ok
02:53:59.0498 2960 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
02:53:59.0498 2960 IPBusEnum - ok
02:53:59.0514 2960 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:53:59.0514 2960 IpFilterDriver - ok
02:53:59.0607 2960 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
02:53:59.0607 2960 iphlpsvc - ok
02:53:59.0607 2960 IpInIp - ok
02:53:59.0654 2960 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
02:53:59.0670 2960 IPMIDRV - ok
02:53:59.0685 2960 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
02:53:59.0685 2960 IPNAT - ok
02:53:59.0795 2960 iPod Service (ca1972397b845b2f53f5dc63c22fd98a) C:\Program Files\iPod\bin\iPodService.exe
02:53:59.0795 2960 iPod Service - ok
02:53:59.0810 2960 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
02:53:59.0810 2960 IRENUM - ok
02:53:59.0841 2960 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
02:53:59.0841 2960 isapnp - ok
02:53:59.0888 2960 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
02:53:59.0904 2960 iScsiPrt - ok
02:53:59.0919 2960 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
02:53:59.0919 2960 iteatapi - ok
02:53:59.0935 2960 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
02:53:59.0935 2960 iteraid - ok
02:53:59.0982 2960 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
02:53:59.0982 2960 kbdclass - ok
02:54:00.0013 2960 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
02:54:00.0013 2960 kbdhid - ok
02:54:00.0060 2960 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
02:54:00.0075 2960 KeyIso - ok
02:54:00.0153 2960 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
02:54:00.0169 2960 KSecDD - ok
02:54:00.0231 2960 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
02:54:00.0247 2960 KtmRm - ok
02:54:00.0309 2960 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
02:54:00.0325 2960 LanmanServer - ok
02:54:00.0372 2960 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
02:54:00.0387 2960 LanmanWorkstation - ok
02:54:00.0637 2960 LiveUpdate (6293e44f4aa06f7fcda06f4b07cdc0c2) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
02:54:00.0684 2960 LiveUpdate - ok
02:54:00.0793 2960 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
02:54:00.0793 2960 lltdio - ok
02:54:00.0840 2960 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
02:54:00.0840 2960 lltdsvc - ok
02:54:00.0855 2960 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
02:54:00.0855 2960 lmhosts - ok
02:54:00.0902 2960 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
02:54:00.0902 2960 LSI_FC - ok
02:54:00.0933 2960 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
02:54:00.0933 2960 LSI_SAS - ok
02:54:00.0980 2960 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
02:54:00.0980 2960 LSI_SCSI - ok
02:54:00.0996 2960 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
02:54:00.0996 2960 luafv - ok
02:54:01.0043 2960 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
02:54:01.0043 2960 MBAMProtector - ok
02:54:01.0152 2960 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
02:54:01.0167 2960 MBAMService - ok
02:54:01.0214 2960 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
02:54:01.0214 2960 Mcx2Svc - ok
02:54:01.0292 2960 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
02:54:01.0308 2960 MDM - ok
02:54:01.0339 2960 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
02:54:01.0339 2960 megasas - ok
02:54:01.0370 2960 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
02:54:01.0386 2960 MegaSR - ok
02:54:01.0401 2960 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
02:54:01.0401 2960 MMCSS - ok
02:54:01.0433 2960 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
02:54:01.0433 2960 Modem - ok
02:54:01.0464 2960 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
02:54:01.0464 2960 monitor - ok
02:54:01.0479 2960 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
02:54:01.0479 2960 mouclass - ok
02:54:01.0511 2960 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
02:54:01.0511 2960 mouhid - ok
02:54:01.0526 2960 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
02:54:01.0526 2960 MountMgr - ok
02:54:01.0604 2960 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
02:54:01.0604 2960 MozillaMaintenance - ok
02:54:01.0635 2960 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
02:54:01.0635 2960 mpio - ok
02:54:01.0667 2960 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
02:54:01.0667 2960 mpsdrv - ok
02:54:01.0698 2960 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
02:54:01.0698 2960 Mraid35x - ok
02:54:01.0745 2960 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
02:54:01.0745 2960 MRxDAV - ok
02:54:01.0807 2960 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:54:01.0807 2960 mrxsmb - ok
02:54:01.0869 2960 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:54:01.0869 2960 mrxsmb10 - ok
02:54:01.0885 2960 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:54:01.0885 2960 mrxsmb20 - ok
02:54:01.0916 2960 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
02:54:01.0916 2960 msahci - ok
02:54:01.0932 2960 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
02:54:01.0932 2960 msdsm - ok
02:54:01.0979 2960 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
02:54:01.0994 2960 MSDTC - ok
02:54:02.0041 2960 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
02:54:02.0041 2960 Msfs - ok
02:54:02.0057 2960 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
02:54:02.0057 2960 msisadrv - ok
02:54:02.0088 2960 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
02:54:02.0088 2960 MSiSCSI - ok
02:54:02.0103 2960 msiserver - ok
02:54:02.0135 2960 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
02:54:02.0135 2960 MSKSSRV - ok
02:54:02.0166 2960 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
02:54:02.0166 2960 MSPCLOCK - ok
02:54:02.0197 2960 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
02:54:02.0197 2960 MSPQM - ok
02:54:02.0228 2960 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
02:54:02.0228 2960 MsRPC - ok
02:54:02.0291 2960 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
02:54:02.0306 2960 mssmbios - ok
02:54:02.0306 2960 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
02:54:02.0306 2960 MSTEE - ok
02:54:02.0353 2960 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
02:54:02.0353 2960 Mup - ok
02:54:02.0431 2960 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
02:54:02.0431 2960 napagent - ok
02:54:02.0462 2960 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
02:54:02.0478 2960 NativeWifiP - ok
02:54:02.0649 2960 NAVENG (f11033730b38260b6892e837c457fb4b) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120731.002\NAVENG.SYS
02:54:02.0665 2960 NAVENG - ok
02:54:02.0759 2960 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120731.002\NAVEX15.SYS
02:54:02.0790 2960 NAVEX15 - ok
02:54:02.0946 2960 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
02:54:02.0961 2960 NDIS - ok
02:54:02.0977 2960 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
02:54:02.0977 2960 NdisTapi - ok
02:54:02.0993 2960 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
02:54:03.0008 2960 Ndisuio - ok
02:54:03.0055 2960 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
02:54:03.0071 2960 NdisWan - ok
02:54:03.0086 2960 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
02:54:03.0086 2960 NDProxy - ok
02:54:03.0117 2960 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
02:54:03.0117 2960 NetBIOS - ok
02:54:03.0164 2960 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
02:54:03.0164 2960 netbt - ok
02:54:03.0242 2960 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
02:54:03.0242 2960 Netlogon - ok
02:54:03.0305 2960 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
02:54:03.0305 2960 Netman - ok
02:54:03.0367 2960 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
02:54:03.0367 2960 netprofm - ok
02:54:03.0429 2960 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:54:03.0445 2960 NetTcpPortSharing - ok
02:54:03.0461 2960 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
02:54:03.0461 2960 nfrd960 - ok
02:54:03.0476 2960 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
02:54:03.0492 2960 NlaSvc - ok
02:54:03.0523 2960 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
02:54:03.0523 2960 Npfs - ok
02:54:03.0539 2960 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
02:54:03.0554 2960 nsi - ok
02:54:03.0585 2960 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
02:54:03.0585 2960 nsiproxy - ok
02:54:03.0741 2960 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
02:54:03.0757 2960 Ntfs - ok
02:54:03.0773 2960 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
02:54:03.0773 2960 ntrigdigi - ok
02:54:03.0804 2960 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
02:54:03.0819 2960 Null - ok
02:54:04.0241 2960 nvlddmkm (3c54c32a2dd59d4aca61a8b0856f43ca) C:\Windows\system32\DRIVERS\nvlddmkm.sys
02:54:04.0334 2960 nvlddmkm - ok
02:54:04.0506 2960 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
02:54:04.0506 2960 nvraid - ok
02:54:04.0537 2960 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
02:54:04.0537 2960 nvstor - ok
02:54:04.0599 2960 nvsvc (c556141b478e3a17b28acdb7b524ab32) C:\Windows\system32\nvvsvc.exe
02:54:04.0599 2960 nvsvc - ok
02:54:04.0599 2960 NvtSp50 - ok
02:54:04.0631 2960 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
02:54:04.0631 2960 nv_agp - ok
02:54:04.0662 2960 NwlnkFlt - ok
02:54:04.0662 2960 NwlnkFwd - ok
02:54:04.0693 2960 OA001Ufd (2cf21d5f8f1b74bb1922135ac2b12ddb) C:\Windows\system32\DRIVERS\OA001Ufd.sys
02:54:04.0693 2960 OA001Ufd - ok
02:54:04.0740 2960 OA001Vid (4075063d25af9da64101769854b83787) C:\Windows\system32\DRIVERS\OA001Vid.sys
02:54:04.0755 2960 OA001Vid - ok
02:54:04.0896 2960 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:54:04.0896 2960 odserv - ok
02:54:04.0927 2960 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
02:54:04.0927 2960 ohci1394 - ok
02:54:04.0989 2960 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:54:04.0989 2960 ose - ok
02:54:05.0067 2960 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
02:54:05.0083 2960 p2pimsvc - ok
02:54:05.0114 2960 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
02:54:05.0130 2960 p2psvc - ok
02:54:05.0145 2960 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
02:54:05.0161 2960 Parport - ok
02:54:05.0239 2960 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
02:54:05.0255 2960 partmgr - ok
02:54:05.0270 2960 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
02:54:05.0270 2960 Parvdm - ok
02:54:05.0301 2960 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\Windows\system32\DRIVERS\PBADRV.sys
02:54:05.0301 2960 PBADRV - ok
02:54:05.0348 2960 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
02:54:05.0348 2960 PcaSvc - ok
02:54:05.0379 2960 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
02:54:05.0379 2960 pci - ok
02:54:05.0395 2960 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
02:54:05.0395 2960 pciide - ok
02:54:05.0457 2960 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
02:54:05.0457 2960 pcmcia - ok
02:54:05.0613 2960 PCToolsSSDMonitorSvc (a0e7d752514a7d99341d5f2a834224a9) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
02:54:05.0613 2960 PCToolsSSDMonitorSvc - ok
02:54:05.0707 2960 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
02:54:05.0707 2960 PEAUTH - ok
02:54:05.0832 2960 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
02:54:05.0847 2960 pla - ok
02:54:05.0972 2960 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
02:54:05.0972 2960 PlugPlay - ok
02:54:06.0019 2960 PnkBstrA (a1dd33d16f277ce34124ee52ab2c0f14) C:\Windows\system32\PnkBstrA.exe
02:54:06.0019 2960 PnkBstrA - ok
02:54:06.0066 2960 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
02:54:06.0081 2960 PNRPAutoReg - ok
02:54:06.0097 2960 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
02:54:06.0113 2960 PNRPsvc - ok
02:54:06.0191 2960 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
02:54:06.0206 2960 PolicyAgent - ok
02:54:06.0284 2960 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
02:54:06.0284 2960 PptpMiniport - ok
02:54:06.0331 2960 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
02:54:06.0347 2960 Processor - ok
02:54:06.0378 2960 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
02:54:06.0378 2960 ProfSvc - ok
02:54:06.0456 2960 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
02:54:06.0456 2960 ProtectedStorage - ok
02:54:06.0503 2960 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
02:54:06.0503 2960 PSched - ok
02:54:06.0518 2960 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
02:54:06.0518 2960 PxHelp20 - ok
02:54:06.0627 2960 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
02:54:06.0643 2960 ql2300 - ok
02:54:06.0674 2960 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
02:54:06.0674 2960 ql40xx - ok
02:54:06.0737 2960 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
02:54:06.0737 2960 QWAVE - ok
02:54:06.0752 2960 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
02:54:06.0768 2960 QWAVEdrv - ok
02:54:06.0924 2960 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
02:54:06.0955 2960 R300 - ok
02:54:07.0033 2960 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
02:54:07.0033 2960 RasAcd - ok
02:54:07.0080 2960 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
02:54:07.0095 2960 RasAuto - ok
02:54:07.0127 2960 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:54:07.0127 2960 Rasl2tp - ok
02:54:07.0173 2960 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
02:54:07.0189 2960 RasMan - ok
02:54:07.0220 2960 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
02:54:07.0220 2960 RasPppoe - ok
02:54:07.0251 2960 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
02:54:07.0251 2960 RasSstp - ok
02:54:07.0298 2960 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
02:54:07.0314 2960 rdbss - ok
02:54:07.0314 2960 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:54:07.0314 2960 RDPCDD - ok
02:54:07.0392 2960 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
02:54:07.0392 2960 rdpdr - ok
02:54:07.0423 2960 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
02:54:07.0423 2960 RDPENCDD - ok
02:54:07.0485 2960 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
02:54:07.0485 2960 RDPWD - ok
02:54:07.0532 2960 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
02:54:07.0532 2960 RemoteAccess - ok
02:54:07.0579 2960 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
02:54:07.0579 2960 RemoteRegistry - ok
02:54:07.0610 2960 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
02:54:07.0626 2960 RFCOMM - ok
02:54:07.0657 2960 rimmptsk (ea885e7a56f1be1f14c372337c42fe48) C:\Windows\system32\DRIVERS\rimmptsk.sys
02:54:07.0657 2960 rimmptsk - ok
02:54:07.0704 2960 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\drivers\rimsptsk.sys
02:54:07.0704 2960 rimsptsk - ok
02:54:07.0719 2960 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\drivers\rixdptsk.sys
02:54:07.0719 2960 rismxdp - ok
02:54:07.0751 2960 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
02:54:07.0751 2960 RpcLocator - ok
02:54:07.0813 2960 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
02:54:07.0829 2960 RpcSs - ok
02:54:07.0844 2960 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
02:54:07.0844 2960 rspndr - ok
02:54:07.0907 2960 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
02:54:07.0907 2960 SamSs - ok
02:54:07.0953 2960 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
02:54:07.0953 2960 sbp2port - ok
02:54:08.0109 2960 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
02:54:08.0125 2960 SBSDWSCService - ok
02:54:08.0250 2960 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
02:54:08.0250 2960 SCardSvr - ok
02:54:08.0328 2960 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
02:54:08.0328 2960 Schedule - ok
02:54:08.0359 2960 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
02:54:08.0375 2960 SCPolicySvc - ok
02:54:08.0421 2960 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
02:54:08.0421 2960 sdbus - ok
02:54:08.0468 2960 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
02:54:08.0484 2960 SDRSVC - ok
02:54:08.0499 2960 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
02:54:08.0499 2960 secdrv - ok
02:54:08.0546 2960 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
02:54:08.0546 2960 seclogon - ok
02:54:08.0671 2960 SecureStorageService (27d53cd650cc77123faf2f07023dabc7) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
02:54:08.0671 2960 SecureStorageService - ok
02:54:08.0702 2960 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
02:54:08.0718 2960 SENS - ok
02:54:08.0718 2960 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
02:54:08.0733 2960 Serenum - ok
02:54:08.0749 2960 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
02:54:08.0749 2960 Serial - ok
02:54:08.0780 2960 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
02:54:08.0780 2960 sermouse - ok
02:54:08.0811 2960 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
02:54:08.0827 2960 SessionEnv - ok
02:54:08.0858 2960 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
02:54:08.0874 2960 sffdisk - ok
02:54:08.0889 2960 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
02:54:08.0889 2960 sffp_mmc - ok
02:54:08.0905 2960 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
02:54:08.0905 2960 sffp_sd - ok
02:54:08.0936 2960 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
02:54:08.0936 2960 sfloppy - ok
02:54:08.0999 2960 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
02:54:08.0999 2960 SharedAccess - ok
02:54:09.0077 2960 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
02:54:09.0077 2960 ShellHWDetection - ok
02:54:09.0108 2960 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
02:54:09.0108 2960 sisagp - ok
02:54:09.0123 2960 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
02:54:09.0123 2960 SiSRaid2 - ok
02:54:09.0170 2960 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
02:54:09.0170 2960 SiSRaid4 - ok
02:54:09.0389 2960 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
02:54:09.0435 2960 slsvc - ok
02:54:09.0560 2960 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
02:54:09.0560 2960 SLUINotify - ok
02:54:09.0623 2960 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
02:54:09.0623 2960 Smb - ok
02:54:09.0794 2960 SmcService (d916a094dc3b5332cf53f50bde0d0fae) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
02:54:09.0825 2960 SmcService - ok
02:54:09.0888 2960 SMManager (b0bf6833849bfa70f42e1e22dee476f8) C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
02:54:09.0888 2960 SMManager - ok
02:54:09.0935 2960 SNAC (d3b6133b0bf6620643e5f36de1f54ab6) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
02:54:09.0935 2960 SNAC - ok
02:54:10.0059 2960 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
02:54:10.0059 2960 SNMPTRAP - ok
02:54:10.0137 2960 SPBBCDrv (d7bb213566e16bca372e2cb517eda907) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
02:54:10.0153 2960 SPBBCDrv - ok
02:54:10.0215 2960 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
02:54:10.0215 2960 spldr - ok
02:54:10.0262 2960 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
02:54:10.0278 2960 Spooler - ok
02:54:10.0309 2960 SRTSP (522651a0e7dc6415e083317370b609cc) C:\Windows\system32\Drivers\SRTSP.SYS
02:54:10.0309 2960 SRTSP - ok
02:54:10.0371 2960 SRTSPL (34e823b8d730099d032608fcccbc6a25) C:\Windows\system32\Drivers\SRTSPL.SYS
02:54:10.0371 2960 SRTSPL - ok
02:54:10.0387 2960 SRTSPX (469006e15f5b0fe8ae94184a18a81586) C:\Windows\system32\Drivers\SRTSPX.SYS
02:54:10.0387 2960 SRTSPX - ok
02:54:10.0465 2960 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
02:54:10.0465 2960 srv - ok
02:54:10.0543 2960 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
02:54:10.0543 2960 srv2 - ok
02:54:10.0590 2960 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
02:54:10.0590 2960 srvnet - ok
02:54:10.0621 2960 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
02:54:10.0637 2960 SSDPSRV - ok
02:54:10.0668 2960 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
02:54:10.0668 2960 SstpSvc - ok
02:54:10.0793 2960 STacSV (d471a444cf554c6dba4d7076d3b76d0d) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_820ff26a\STacSV.exe
02:54:10.0793 2960 STacSV - ok
02:54:10.0839 2960 STHDA (83160c5ae7270298ea041119291d07db) C:\Windows\system32\DRIVERS\stwrt.sys
02:54:10.0839 2960 STHDA - ok
02:54:10.0917 2960 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
02:54:10.0917 2960 stisvc - ok
02:54:11.0011 2960 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
02:54:11.0011 2960 stllssvr - ok
02:54:11.0058 2960 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
02:54:11.0058 2960 swenum - ok
02:54:11.0089 2960 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
02:54:11.0089 2960 swprv - ok
02:54:11.0307 2960 Symantec AntiVirus (dd10cb8aa990f89091bc267370fd0843) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
02:54:11.0339 2960 Symantec AntiVirus - ok
02:54:11.0448 2960 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
02:54:11.0448 2960 Symc8xx - ok
02:54:11.0463 2960 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\Windows\system32\Drivers\SYMEVENT.SYS
02:54:11.0463 2960 SymEvent - ok
02:54:11.0495 2960 SYMREDRV (be3c117150c055e50a4caf23e548c856) C:\Windows\System32\Drivers\SYMREDRV.SYS
02:54:11.0495 2960 SYMREDRV - ok
02:54:11.0541 2960 SYMTDI (7b0af4e22b32f8c5bfba5a5d53522160) C:\Windows\System32\Drivers\SYMTDI.SYS
02:54:11.0541 2960 SYMTDI - ok
02:54:11.0557 2960 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
02:54:11.0557 2960 Sym_hi - ok
02:54:11.0635 2960 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
02:54:11.0635 2960 Sym_u3 - ok
02:54:11.0713 2960 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
02:54:11.0729 2960 SysMain - ok
02:54:11.0775 2960 SysPlant (5383efa1351463f2f036a3e1b5f87d0c) C:\Windows\SYSTEM32\Drivers\SysPlant.sys
02:54:11.0791 2960 SysPlant - ok
02:54:11.0822 2960 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
02:54:11.0822 2960 TabletInputService - ok
02:54:11.0869 2960 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
02:54:11.0869 2960 TapiSrv - ok
02:54:11.0916 2960 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
02:54:11.0916 2960 TBS - ok
02:54:12.0025 2960 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
02:54:12.0041 2960 Tcpip - ok
02:54:12.0087 2960 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
02:54:12.0087 2960 Tcpip6 - ok
02:54:12.0150 2960 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
02:54:12.0150 2960 tcpipreg - ok
02:54:12.0306 2960 tcsd_win32.exe (69f1a38a6dbfe682491cb61a596662e3) C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
02:54:12.0321 2960 tcsd_win32.exe - ok
02:54:12.0446 2960 TdmService (b6cae7741addce1d57b65e015751a274) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
02:54:12.0462 2960 TdmService - ok
02:54:12.0618 2960 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
02:54:12.0618 2960 TDPIPE - ok
02:54:12.0649 2960 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
02:54:12.0649 2960 TDTCP - ok
02:54:12.0680 2960 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
02:54:12.0680 2960 tdx - ok
02:54:12.0727 2960 Teefer2 (0dc098cc18a974e7c1e96e6846bd06e4) C:\Windows\system32\DRIVERS\teefer2.sys
02:54:12.0727 2960 Teefer2 - ok
02:54:12.0758 2960 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
02:54:12.0758 2960 TermDD - ok
02:54:12.0836 2960 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
02:54:12.0852 2960 TermService - ok
02:54:12.0961 2960 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
02:54:12.0961 2960 Themes - ok
02:54:12.0992 2960 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
02:54:13.0008 2960 THREADORDER - ok
02:54:13.0055 2960 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
02:54:13.0055 2960 TrkWks - ok
02:54:13.0117 2960 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
02:54:13.0117 2960 TrustedInstaller - ok
02:54:13.0148 2960 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:54:13.0148 2960 tssecsrv - ok
02:54:13.0179 2960 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
02:54:13.0195 2960 tunmp - ok
02:54:13.0211 2960 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
02:54:13.0226 2960 tunnel - ok
02:54:13.0273 2960 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
02:54:13.0289 2960 uagp35 - ok
02:54:13.0320 2960 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
02:54:13.0335 2960 udfs - ok
02:54:13.0351 2960 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
02:54:13.0351 2960 UI0Detect - ok
02:54:13.0382 2960 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
02:54:13.0382 2960 uliagpkx - ok
02:54:13.0413 2960 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
02:54:13.0413 2960 uliahci - ok
02:54:13.0460 2960 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
02:54:13.0460 2960 UlSata - ok
02:54:13.0523 2960 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
02:54:13.0523 2960 ulsata2 - ok
02:54:13.0538 2960 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
02:54:13.0538 2960 umbus - ok
02:54:13.0616 2960 UmRdpService (8a66360f38f81e960e2367b428cbd5d9) C:\Windows\System32\umrdp.dll
02:54:13.0632 2960 UmRdpService - ok
02:54:13.0679 2960 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
02:54:13.0679 2960 upnphost - ok
02:54:13.0757 2960 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
02:54:13.0757 2960 USBAAPL - ok
02:54:13.0788 2960 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
02:54:13.0788 2960 usbccgp - ok
02:54:13.0835 2960 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\Windows\system32\DRIVERS\usbccid.sys
02:54:13.0835 2960 USBCCID - ok
02:54:13.0881 2960 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
02:54:13.0881 2960 usbcir - ok
02:54:13.0897 2960 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
02:54:13.0897 2960 usbehci - ok
02:54:13.0944 2960 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
02:54:13.0959 2960 usbhub - ok
02:54:13.0991 2960 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
02:54:13.0991 2960 usbohci - ok
02:54:14.0022 2960 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
02:54:14.0022 2960 usbprint - ok
02:54:14.0069 2960 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:54:14.0069 2960 USBSTOR - ok
02:54:14.0100 2960 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
02:54:14.0100 2960 usbuhci - ok
02:54:14.0147 2960 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
02:54:14.0147 2960 UxSms - ok
02:54:14.0209 2960 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
02:54:14.0209 2960 vds - ok
02:54:14.0225 2960 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
02:54:14.0240 2960 vga - ok
02:54:14.0256 2960 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
02:54:14.0256 2960 VgaSave - ok
02:54:14.0303 2960 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
02:54:14.0318 2960 viaagp - ok
02:54:14.0334 2960 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
02:54:14.0334 2960 ViaC7 - ok
02:54:14.0381 2960 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
02:54:14.0381 2960 viaide - ok
02:54:14.0412 2960 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
02:54:14.0412 2960 volmgr - ok
02:54:14.0490 2960 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
02:54:14.0490 2960 volmgrx - ok
02:54:14.0521 2960 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
02:54:14.0521 2960 volsnap - ok
02:54:14.0568 2960 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
02:54:14.0568 2960 vsmraid - ok
02:54:14.0677 2960 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
02:54:14.0708 2960 VSS - ok
02:54:14.0739 2960 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
02:54:14.0755 2960 W32Time - ok
02:54:14.0817 2960 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
02:54:14.0817 2960 WacomPen - ok
02:54:14.0864 2960 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
02:54:14.0864 2960 Wanarp - ok
02:54:14.0864 2960 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
02:54:14.0880 2960 Wanarpv6 - ok
02:54:14.0973 2960 WavxDMgr (ab0b2678eb3f4536a2241c3f0da9eb36) C:\Windows\system32\DRIVERS\WavxDMgr.sys
02:54:14.0973 2960 WavxDMgr - ok
02:54:15.0036 2960 wbengine (20b23332885dfb93fe0185362ee811e9) C:\Windows\system32\wbengine.exe
02:54:15.0051 2960 wbengine - ok
02:54:15.0098 2960 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
02:54:15.0114 2960 wcncsvc - ok
02:54:15.0145 2960 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
02:54:15.0145 2960 WcsPlugInService - ok
02:54:15.0192 2960 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
02:54:15.0192 2960 Wd - ok
02:54:15.0270 2960 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
02:54:15.0270 2960 Wdf01000 - ok
02:54:15.0301 2960 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
02:54:15.0301 2960 WdiServiceHost - ok
02:54:15.0301 2960 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
02:54:15.0332 2960 WdiSystemHost - ok
02:54:15.0363 2960 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
02:54:15.0379 2960 WebClient - ok
02:54:15.0457 2960 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
02:54:15.0457 2960 Wecsvc - ok
02:54:15.0473 2960 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
02:54:15.0473 2960 wercplsupport - ok
02:54:15.0535 2960 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
02:54:15.0535 2960 WerSvc - ok
02:54:15.0613 2960 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
02:54:15.0613 2960 WinDefend - ok
02:54:15.0644 2960 WinHttpAutoProxySvc - ok
02:54:15.0707 2960 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
02:54:15.0707 2960 Winmgmt - ok
02:54:15.0847 2960 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
02:54:15.0863 2960 WinRM - ok
02:54:15.0956 2960 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
02:54:15.0972 2960 Wlansvc - ok
02:54:15.0987 2960 wltrysvc - ok
02:54:16.0034 2960 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
02:54:16.0034 2960 WmiAcpi - ok
02:54:16.0097 2960 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
02:54:16.0112 2960 wmiApSrv - ok
02:54:16.0237 2960 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
02:54:16.0253 2960 WMPNetworkSvc - ok
02:54:16.0284 2960 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
02:54:16.0284 2960 WPCSvc - ok
02:54:16.0331 2960 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
02:54:16.0331 2960 WPDBusEnum - ok
02:54:16.0409 2960 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
02:54:16.0409 2960 WpdUsb - ok
02:54:16.0565 2960 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
02:54:16.0580 2960 WPFFontCache_v0400 - ok
02:54:16.0611 2960 WPS (28d229ba1182591e43aca9d58f539dce) C:\Windows\system32\drivers\wpsdrvnt.sys
02:54:16.0611 2960 WPS - ok
02:54:16.0658 2960 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\Windows\system32\drivers\WpsHelper.sys
02:54:16.0658 2960 WpsHelper - ok
02:54:16.0689 2960 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
02:54:16.0689 2960 ws2ifsl - ok
02:54:16.0721 2960 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
02:54:16.0736 2960 wscsvc - ok
02:54:16.0752 2960 WSearch - ok
02:54:16.0955 2960 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
02:54:16.0986 2960 wuauserv - ok
02:54:17.0111 2960 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:54:17.0111 2960 WUDFRd - ok
02:54:17.0126 2960 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
02:54:17.0126 2960 wudfsvc - ok
02:54:17.0204 2960 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
02:54:17.0610 2960 \Device\Harddisk0\DR0 - ok
02:54:17.0610 2960 Boot (0x1200) (09699c1faee3921024d4cc5e43301b1f) \Device\Harddisk0\DR0\Partition0
02:54:17.0625 2960 \Device\Harddisk0\DR0\Partition0 - ok
02:54:17.0625 2960 ============================================================
02:54:17.0625 2960 Scan finished
02:54:17.0625 2960 ============================================================
02:54:17.0641 2608 Detected object count: 1
02:54:17.0641 2608 Actual detected object count: 1
02:54:32.0414 2608 c:\program files\common files\akamai/netsession_win_4f7fccd.dll - copied to quarantine
02:54:32.0414 2608 HKLM\SYSTEM\ControlSet001\services\Akamai - will be deleted on reboot
02:54:32.0477 2608 HKLM\SYSTEM\ControlSet002\services\Akamai - will be deleted on reboot
02:54:32.0508 2608 HKLM\SYSTEM\ControlSet004\services\Akamai - will be deleted on reboot
02:54:32.0539 2608 c:\program files\common files\akamai/netsession_win_4f7fccd.dll - will be deleted on reboot
02:54:32.0539 2608 Akamai ( HiddenFile.Multi.Generic ) - User select action: Delete
02:54:53.0615 1888 Deinitialize success

#9 VikingsFan

VikingsFan
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 05 August 2012 - 10:35 AM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.05.02

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.19272
Student :: D17N2NK1 [administrator]

8/5/2012 3:01:26 AM
mbam-log-2012-08-05 (03-01-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225398
Time elapsed: 9 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|neuid (Trojan.Midhos) -> Data: rundll32.exe "C:\Users\TEMP\AppData\Roaming\neuid.dll",DrawPixels -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\TEMP\AppData\Roaming\neuid.dll (Trojan.Midhos) -> Quarantined and deleted successfully.

(end)

C:\FRST\Quarantine\rsvsv.dll a variant of Win32/Medfos.BT trojan
C:\FRST\Quarantine\services.exe Win32/Sirefef.FB.Gen trojan
C:\FRST\Quarantine\{940398A7-D067-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan
C:\FRST\Quarantine\{e8be6e65-1e0a-6724-dfec-a08dae1d2468}\U\00000004.@ Win32/Conedex.D trojan
C:\FRST\Quarantine\{e8be6e65-1e0a-6724-dfec-a08dae1d2468}\U\000000cb.@ Win32/Conedex.E trojan
C:\FRST\Quarantine\{e8be6e65-1e0a-6724-dfec-a08dae1d2468}\U\80000000.@ a variant of Win32/Sirefef.FA trojan
C:\FRST\Quarantine\{e8be6e65-1e0a-6724-dfec-a08dae1d2468}\U\80000032.@ a variant of Win32/Sirefef.FD trojan
C:\Users\Student\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\40a8e093-11b7205d multiple threats
C:\Users\Student\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\15baf32-6ce0222d a variant of Java/Exploit.Blacole.AB trojan
C:\Users\Student\AppData\Roaming\7D0EF1D06BB979E77F641DC5AB6D9947\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\Users\Student\AppData\Roaming\7D0EF1D06BB979E77F641DC5AB6D9947\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\Users\TEMP\Downloads\cnet2_ComboFix_exe.exe a variant of Win32/InstallCore.D application

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:50 AM

Posted 05 August 2012 - 10:41 AM

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Users\Student\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\40a8e093-11b7205d 
C:\Users\Student\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\15baf32-6ce0222d 
C:\Users\Student\AppData\Roaming\7D0EF1D06BB979E77F641DC5AB6D9947\enemies-names.txt 
C:\Users\Student\AppData\Roaming\7D0EF1D06BB979E77F641DC5AB6D9947\local.ini 
C:\Users\TEMP\Downloads\cnet2_ComboFix_exe.exe 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT

  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List installed programs.

Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

NEXT


Please download Farbar Service Scanner to your desktop and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 VikingsFan

VikingsFan
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 05 August 2012 - 11:39 AM

Here are the logs:

ComboFix 12-08-05.02 - SYSTEM 08/05/2012 12:01:42.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3571.2878 [GMT -4:00]
Running from: c:\windows\system32\config\systemprofile\Desktop\ComboFix.exe
Command switches used :: c:\windows\system32\config\systemprofile\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\users\Student\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\40a8e093-11b7205d"
"c:\users\Student\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\15baf32-6ce0222d"
"c:\users\Student\AppData\Roaming\7D0EF1D06BB979E77F641DC5AB6D9947\enemies-names.txt"
"c:\users\Student\AppData\Roaming\7D0EF1D06BB979E77F641DC5AB6D9947\local.ini"
"c:\users\TEMP\Downloads\cnet2_ComboFix_exe.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Student\AppData\Roaming\7D0EF1D06BB979E77F641DC5AB6D9947\enemies-names.txt
c:\users\Student\AppData\Roaming\7D0EF1D06BB979E77F641DC5AB6D9947\local.ini
c:\users\TEMP\Downloads\cnet2_ComboFix_exe.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))
.
.
2012-08-05 16:15 . 2012-08-05 16:15 -------- d-----w- c:\users\Student\AppData\Local\temp
2012-08-05 16:15 . 2012-08-05 16:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-05 07:22 . 2012-08-05 07:22 -------- d-----w- c:\program files\ESET
2012-08-05 06:54 . 2012-08-05 06:54 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-04 21:31 . 2012-08-04 21:31 -------- d-----w- C:\FRST
2012-08-01 16:15 . 2012-08-04 21:03 -------- d-----w- c:\users\TEMP
2012-08-01 05:11 . 2012-08-01 05:11 8281168 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2012-07-23 17:18 . 2012-07-23 17:18 -------- d-----w- c:\users\Student\AppData\Local\Macromedia
2012-07-22 15:23 . 2012-07-22 15:23 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-17 12:19 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF78884D-A1DE-46B1-9F6A-01268CF18A1D}\mpengine.dll
2012-07-12 07:09 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 15:15 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 15:15 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 15:15 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 15:15 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 15:15 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 15:15 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 04:10 . 2009-06-29 04:22 159943 ----a-w- c:\windows\DUMP190b.tmp
2012-08-02 01:34 . 2009-06-29 04:22 159943 ----a-w- c:\windows\DUMP8ae0.tmp
2012-08-02 01:19 . 2009-06-29 04:22 159943 ----a-w- c:\windows\DUMP1d20.tmp
2012-08-01 06:49 . 2009-06-29 04:22 159943 ----a-w- c:\windows\DUMP8bda.tmp
2012-08-01 04:57 . 2009-06-29 04:22 159943 ----a-w- c:\windows\DUMP8719.tmp
2012-08-01 04:54 . 2009-06-29 04:22 159943 ----a-w- c:\windows\DUMP8870.tmp
2012-07-31 06:10 . 2009-06-29 04:22 159943 ----a-w- c:\windows\DUMP813f.tmp
2012-07-22 15:28 . 2012-06-27 03:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-22 15:28 . 2012-06-27 03:47 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 17:46 . 2010-09-11 16:13 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-22 15:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 15:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 15:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 15:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 15:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 15:19 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 15:19 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-22 15:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-22 15:19 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 16:25 . 2009-10-02 17:52 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-15 06:37 . 2012-06-13 18:46 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 06:32 . 2012-06-13 18:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-15 06:32 . 2012-06-13 18:46 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-15 06:31 . 2012-06-13 18:46 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-15 06:31 . 2012-06-13 18:46 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-05-15 05:01 . 2012-06-13 18:46 385024 ----a-w- c:\windows\system32\html.iec
2012-05-15 03:26 . 2012-06-13 18:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-15 03:23 . 2012-06-13 18:46 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-09 20:26 . 2012-05-09 20:26 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-09 20:26 . 2011-05-19 21:10 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-18 18:31 . 2011-05-07 00:19 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-01-14 15:24 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-01-14 15:24 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-23 200704]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-01-19 667648]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-01-16 15360]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-04-24 3563520]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-03-01 1810432]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-01-30 96800]
"nwiz"="nwiz.exe" [2009-01-29 1657376]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-12-18 115560]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-04-02 128232]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-04-09 483428]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-07-03 973488]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-11-15 112600]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-05-30 296056]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-07-03 1085000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-2-6 1084192]
UVA ITC Network Setup Tool Cert Checker.lnk - c:\windows\Installer\{3C9B29DE-4C2C-4C10-A8F2-7662EE95BEA9}\_2E0263870D3F7424756461.exe [2011-8-20 3262]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4024157433-517137829-2155768077-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_820ff26a\aestsrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 21:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 14:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-25 17:58]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-25 17:58]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3830857422-1455467789-1314935863-1000Core.job
- c:\users\Student\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-05 04:01]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3830857422-1455467789-1314935863-1000UA.job
- c:\users\Student\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-05 04:01]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-RunOnce-<NO NAME> - (no file)
SafeBoot-69784239.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-05 12:15
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(632)
c:\windows\system32\wvauth.dll
.
- - - - - - - > 'Explorer.exe'(2484)
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\windows\system32\btncopy.dll
.
Completion time: 2012-08-05 12:18:35
ComboFix-quarantined-files.txt 2012-08-05 16:18
ComboFix2.txt 2012-08-04 21:06
.
Pre-Run: 115,892,019,200 bytes free
Post-Run: 115,850,543,104 bytes free
.
- - End Of File - - 63D0142175BC0BA52C0B4A3EE762D38B

MiniToolBox by Farbar Version: 23-07-2012
Ran by Student (administrator) on 05-08-2012 at 12:30:30
Microsoft® Windows Vista™ Ultimate Service Pack 2 (X86)
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.265)
Adobe Flash Player 11 Plugin (Version: 11.3.300.262)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11.6 (Version: 11.6.5.635)
AIM 7
Akamai NetSession Interface Service
All Day Battery Life Configuration (Version: 1.1.0)
Ambient Light Sensor (Version: 1.0.7)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Bing Bar (Version: 7.1.391.0)
BioAPI Framework (Version: 1.0.1)
biolsp patch (Version: 01.00.02.0005)
Bonjour (Version: 3.0.0.10)
Broadcom USH Host Components (Version: 1.7.208.6)
Choice Guard (Version: 1.2.87.0)
Cisco Connect (Version: 1.1.10049.0)
Cisco EAP-FAST Module (Version: 2.1.3)
Cisco LEAP Module (Version: 1.0.12)
Cisco PEAP Module (Version: 1.0.13)
DCP32MMWrapper (Version: 1.6.206.15)
Dell Control Point (Version: 1.6.206.15)
Dell ControlPoint Connection Manager (Version: 1.2.1)
Dell ControlPoint Security Manager (Version: 1.6.206.15)
Dell ControlPoint System Manager (Version: 1.2.00000)
Dell Edoc Viewer (Version: 1.0.0)
Dell Embassy Trust Suite by Wave Systems (Version: 03.03.00.015)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Security Device Driver Pack (Version: 1.02.35)
Dell Touchpad (Version: 7.2.101.216)
Dell Webcam Central (Version: 1.01.04)
Dell Wireless WLAN Card Utility (Version: 4.170.77.16)
DivX Setup (Version: 2.6.1.5)
Document Manager Lite (Version: 06.09.00.082)
Download Updater (AOL LLC)
EMBASSY Security Center (Version: 03.09.00.054)
EMBASSY Security Setup (Version: 03.09.00.062)
ESC Home Page Plugin (Version: 03.04.00.022)
ESET Online Scanner v3
filehippo.com Update Checker
FinchTV (Version: 1.4.0)
Gemalto (Version: 01.01.00.0000)
Google Chrome (Version: 20.0.1132.57)
Google Talk Plugin (Version: 3.3.2.8436)
Google Update Helper (Version: 1.3.21.115)
HDClientVer2 (Version: 2.0.0)
IDT Audio (Version: 1.0.6187.0)
Integrated Webcam Driver (1.06.03.0309) (Version: 1.06.03.0309)
Intel® Network Connections 13.0.42.0 (Version: 13.0.42.0)
Intel® Matrix Storage Manager
ITC Network Setup Tool (Version: 1.1.1)
iTunes (Version: 10.5.1.42)
Java Auto Updater (Version: 2.0.7.1)
Java DB 10.5.3.0 (Version: 10.5.3.0)
Java™ 6 Update 32 (Version: 6.0.320)
Java™ SE Development Kit 6 Update 18 (Version: 1.6.0.180)
Junk Mail filter update (Version: 14.0.8050.1202)
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.78)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Mathcad 14.0 M020 (Version: 14.0.2.0)
Mathcad 14.0 M020 Help (Version: 14.0.2.0)
Mathcad 14.0 M020 Resource Center (Version: 14.0.2.0)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MobileMe Control Panel (Version: 3.1.6.0)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NoteTab Light 5 (Remove only) (Version: 5.8)
NTRU TCG Software Stack (Version: 2.1.29)
NVIDIA Drivers (Version: 1.3)
NVIDIA nView Desktop Manager
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PowerDVD DX (Version: 8.2.5202)
Preboot Manager (Version: 02.09.00.004)
Private Information Manager (Version: 06.04.00.042)
PunkBuster Services (Version: 0.988)
Quake Live Mozilla Plugin (Version: 1.0.263)
QuickTime (Version: 7.71.80.42)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.4)
RealUpgrade 1.1 (Version: 1.1.0)
RICOH R5U241 / R5C847 Media Driver ver.2.04.01.00 (Version: 2.04.01.00)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.5.0)
Roxio Creator BDAV Plugin (Version: 3.5.0)
Roxio Creator Copy (Version: 3.5.0)
Roxio Creator Data (Version: 3.5.0)
Roxio Creator DE (Version: 3.5.0)
Roxio Creator Tools (Version: 3.5.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Secure Update (Version: 05.07.00.014)
Security Wizards (Version: 01.07.00.014)
Sierra Utilities
SO32MMWrapper (Version: 1.6.206.15)
Sonic CinePlayer Decoder Pack (Version: 4.2.0)
Spybot - Search & Destroy (Version: 1.6.2)
swMSM (Version: 12.0.0.1)
Symantec Endpoint Protection (Version: 11.0.4014.26)
Trusted Drive Manager (Version: 2.6.1.48)
Ultimate Extras sounds from Microsoft® Tinker™
Unreal Anthology (Version: 1.00.0000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Veetle TV 0.9.18 (Version: 0.9.18)
VLC media player 1.0.1 (Version: 1.0.1)
Vuze (Version: 4.6)
Wave Infrastructure Installer (Version: 06.01.52.0015)
Wave Support Software (Version: 05.10.00.030)
WIDCOMM Bluetooth Software 6.1.0.4402 (Version: 6.1.0.4402)
WinASO Registry Optimizer 4.6.1
Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5) (Version: 01/07/2008 1.0.1.5)
Windows Live Call (Version: 14.0.8050.1202)
Windows Live Communications Platform (Version: 14.0.8050.1202)
Windows Live Essentials (Version: 14.0.8050.1202)
Windows Live Mail (Version: 14.0.8050.1202)
Windows Live Messenger (Version: 14.0.8050.1202)
Windows Live Photo Gallery (Version: 14.0.8051.1204)
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Live Sync (Version: 14.0.8050.1202)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8050.1202)
Windows Sound Schemes
WinRAR archiver

**** End of log ****

Farbar Service Scanner Version: 04-08-2012 01
Ran by Student (administrator) on 05-08-2012 at 12:33:55
Running from "C:\Windows\System32\config\systemprofile\Desktop"
Microsoft® Windows Vista™ Ultimate Service Pack 2 (X86)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:50 AM

Posted 05 August 2012 - 11:55 AM

please do the following:

Your Java is out of date, so go to Start > Control Panel > Programs and Features > scroll down to the Java installation and Remove it, now download the latest Java version 7 update 5 and install it: http://java.com/en/download/index.jsp


NEXT


Download the ESET services repair tool, extract the file to your desktop.

  • Double-click ServicesRepair.exe,
  • If security notifications appear, click Continue or Run and then click Yes when asked if you want to proceed.
  • Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.
  • a log will be saved in the CCSupport folder the tool created on your desktop, please post the content in your next reply
 


NEXT

Please re-run Farbar Sevice Scanner (make sure it is run in normal mode)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 VikingsFan

VikingsFan
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 05 August 2012 - 12:06 PM

I could not remove the java program because I received the message:

The windows installer service could not be accessed. This can occur if the windows installer is not correctly installed. Contact your support personnel for assistance.

I am still running my laptop on safe mode with networking.

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:50 AM

Posted 05 August 2012 - 12:09 PM

I am still running my laptop on safe mode with networking.


try running it normally

what happens?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 VikingsFan

VikingsFan
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 05 August 2012 - 12:22 PM

I started the laptop normally and when I enter in my username and password, I get the following message:

The User Profile Service service failed the logon. User profile cannot be loaded.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users