Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Shield trojan - browser/web hijacking, MS Security Essentials being disabled, etc


  • This topic is locked This topic is locked
9 replies to this topic

#1 art_vandelay

art_vandelay

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 07 August 2012 - 12:55 PM

Greetings,

This morning my pc got hit with this awful trojan called "Security Shield"...which has led to browser / search hijacks, Microsoft Security Essentials being disabled and unavailable to restart, and even an annoying flashing Windows login screen that prevents me from putting in my login password if I lock my pc.

Here is the DDS log and I've attached ark.txt and attach.txt.

Thank you for your help!

art_vandelay


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by glindholm at 9:53:50 on 2012-08-07
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3977.1251 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\PathTech\Latitude\bin\PathGuide.Latitude.JobScheduler.exe
C:\Program Files\PathTech\Latitude\bin\PathGuide.Latitude.TerminalServer.exe
C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
c:\Windows\SysWOW64\srvany.exe
c:\Windows\sysWOW64\SDIOAssist.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\System32\tcpsvcs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCUI.exe
C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCHotKey.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\X3watch\x3watch.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe
C:\Windows\splwow64.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.drudgereport.com/
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [RCUI] "C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCUI.exe"
uRun: [RCHotKey] "C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCHotKey.exe"
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [x3watch] C:\Program Files (x86)\X3watch\x3watch.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\GLINDH~1.PGT\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SMARTS~1.LNK - C:\Program Files (x86)\Dell\Feature Enhancement Pack\SmartSettings.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
LSP: mswsock.dll
LSP: %SystemRoot%\system32\vsocklib.dll
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://65.117.82.194/CACHE/stc/1/binaries/vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.20.7 192.168.20.10
TCP: Interfaces\{14AD5675-4691-4364-8947-7B655C97A51B} : DhcpNameServer = 192.168.20.7 192.168.20.10
TCP: Interfaces\{14AD5675-4691-4364-8947-7B655C97A51B}\C6962656274797 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{14AD5675-4691-4364-8947-7B655C97A51B}\C696E6B6379737 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{51A19E0C-BBA3-4D80-9A98-CBA585538076} : DhcpNameServer = 192.168.20.7 192.168.20.10
TCP: Interfaces\{AAA890EB-1F5C-497E-8E9C-6F34F0D31BC8} : DhcpNameServer = 192.168.20.7 192.168.20.10
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
LSA: Authentication Packages = msv1_0 wvauth
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [x3watch] C:\Program Files (x86)\X3watch\x3watch.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
R1 RsFx0150;RsFx0150 Driver;C:\Windows\system32\DRIVERS\RsFx0150.sys --> C:\Windows\system32\DRIVERS\RsFx0150.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-4-18 89600]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2011-5-13 1043872]
R2 Credential Vault Host Storage;Credential Vault Host Storage;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2011-5-13 36768]
R2 DFEPService;Dell Feature Enhancement Pack Service;C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2011-8-24 2279320]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-23 212944]
R2 LatitudeJobScheduler;Latitude Job Scheduler Engine;C:\Program Files\PathTech\Latitude\bin\PathGuide.Latitude.JobScheduler.exe [2012-5-22 55808]
R2 LatitudeTS;Latitude Terminal Server;C:\Program Files\PathTech\Latitude\bin\PathGuide.Latitude.TerminalServer.exe [2012-5-22 1015808]
R2 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-4-24 210784]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-4-18 1997416]
R2 O2SDIOAssist;O2SDIOAssist;C:\Windows\SysWOW64\srvany.exe [2012-4-18 8192]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-6-5 378472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-4-18 2656536]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]
R2 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-4-30 11839488]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2008-8-20 370872]
R2 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-7-1 1600000]
R2 ZcfgSvc7;Intel® PROSet/Wireless ZeroConfig Service;C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [2010-12-23 992256]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\accelern.sys --> C:\Windows\system32\DRIVERS\accelern.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 cvusbdrv;Dell ControlVault;C:\Windows\system32\Drivers\cvusbdrv.sys --> C:\Windows\system32\Drivers\cvusbdrv.sys [?]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 O2MDFRDR;O2MDFRDR;C:\Windows\system32\DRIVERS\O2MDFw7x64.sys --> C:\Windows\system32\DRIVERS\O2MDFw7x64.sys [?]
R3 O2SDJRDR;O2SDJRDR;C:\Windows\system32\DRIVERS\o2sdjw7x64.sys --> C:\Windows\system32\DRIVERS\o2sdjw7x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-1 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-18 250056]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-1 116648]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 netvsc;netvsc;C:\Windows\system32\DRIVERS\netvsc60.sys --> C:\Windows\system32\DRIVERS\netvsc60.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 O2MDRRDR;O2MDRRDR;C:\Windows\system32\drivers\O2MDRw7x64.sys --> C:\Windows\system32\drivers\O2MDRw7x64.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SynthVid;SynthVid;C:\Windows\system32\DRIVERS\VMBusVideoM.sys --> C:\Windows\system32\DRIVERS\VMBusVideoM.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMSVC;Web Management Service;C:\Windows\system32\inetsrv\wmsvc.exe --> C:\Windows\system32\inetsrv\wmsvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
.txt=UltraEdit.txt
.
=============== Created Last 30 ================
.
2012-08-07 16:05:55 462848 ----a-w- C:\Users\glindholm.PGT\AppData\Local\yhrczuokfc.exe
2012-08-07 02:02:48 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9970E41B-4336-43EF-857A-5AC118FEDE04}\mpengine.dll
2012-08-06 00:24:13 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-05 23:22:49 -------- d-----w- C:\Program Files (x86)\Softland
2012-07-24 12:00:37 83968 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPA0.DLL
2012-07-24 12:00:37 28672 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDA0.DLL
2012-07-17 08:18:25 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{22D94497-86EC-4DB2-84A1-19545ED88714}\gapaengine.dll
2012-07-17 07:51:32 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-07-17 07:51:31 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-07-15 04:59:01 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-13 04:50:07 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 21:05:38 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 21:05:38 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-11 21:05:38 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-11 21:05:37 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-07-11 21:05:37 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-07-11 21:05:37 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-07-11 21:04:41 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-07-11 21:04:41 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-07-11 21:04:41 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-07-11 21:04:41 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-07-11 21:04:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-07-11 21:04:41 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-07-11 21:04:41 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-07-11 21:04:41 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-07-11 21:04:41 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
.
==================== Find3M ====================
.
2012-08-03 14:33:32 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 14:33:32 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-17 08:19:36 328704 ----a-w- C:\Windows\System32\services.exe
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 9:54:04.55 ===============

Attached Files



BC AdBot (Login to Remove)

 


m

#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:06 AM

Posted 09 August 2012 - 07:50 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 art_vandelay

art_vandelay
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 09 August 2012 - 12:20 PM

Security Check (screen317) Log File
----------------------------------------
Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 31
Java version out of Date!
Adobe Reader X (10.1.3)
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.60
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````






ComboFix log file
---------------------
ComboFix 12-08-09.01 - glindholm 08/09/2012 9:30.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3977.1859 [GMT -7:00]
Running from: c:\users\glindholm.PGT\Desktop\Stuff\BleepingComputer\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\GLINDH~1.PGT\AppData\Local\Temp\_MEI9642\_ctypes.pyd
c:\users\GLINDH~1.PGT\AppData\Local\Temp\_MEI9642\_elementtree.pyd
c:\users\GLINDH~1.PGT\AppData\Local\Temp\_MEI9642\_hashlib.pyd
c:\users\GLINDH~1.PGT\AppData\Local\Temp\_MEI9642\_socket.pyd
c:\users\GLINDH~1.PGT\AppData\Local\Temp\_MEI9642\_ssl.pyd
c:\users\GLINDH~1.PGT\AppData\Local\Temp\_MEI9642\pyexpat.pyd
c:\users\GLINDH~1.PGT\AppData\Local\Temp\_MEI9642\pysqlite2._sqlite.pyd
c:\users\GLINDH~1.PGT\AppData\Local\Temp\_MEI9642\python26.dll
c:\users\GLINDH~1.PGT\AppData\Local\Temp\_MEI9642\pythoncom26.dll
c:\users\GLINDH~1.PGT\AppData\Local\Temp\_MEI9642\PyWinTypes26.dll
c:\users\GLINDH~1.PGT\AppData\Local\Temp\_MEI9642\select.pyd
c:\users\GLINDH~1.PGT\AppData\Local\Temp\_MEI9642\unicodedata.pyd
c:\users\GLINDH~1.PGT\AppData\Local\Temp\_MEI9642\win32api.pyd
c:\users\GLINDH~1.PGT\AppData\Local\Temp\_MEI9642\win32com.shell.shell.pyd
c:\users\GLINDH~1.PGT\AppData\Local\Temp\_MEI9642\win32crypt.pyd
c:\users\GLINDH~1.PGT\AppData\Local\Temp\_MEI9642\win32event.pyd
c:\users\GLINDH~1.PGT\AppData\Local\Temp\_MEI9642\win32file.pyd
c:\users\GLINDH~1.PGT\AppData\Local\Temp\_MEI9642\win32inet.pyd
c:\users\GLINDH~1.PGT\AppData\Local\Temp\_MEI9642\win32pdh.pyd
c:\users\GLINDH~1.PGT\AppData\Local\Temp\_MEI9642\win32process.pyd
c:\users\GLINDH~1.PGT\AppData\Local\Temp\_MEI9642\windows._cacheinvalidation.pyd
c:\users\GLINDH~1.PGT\AppData\Local\Temp\_MEI9642\wx._controls_.pyd
c:\users\GLINDH~1.PGT\AppData\Local\Temp\_MEI9642\wx._core_.pyd
c:\users\GLINDH~1.PGT\AppData\Local\Temp\_MEI9642\wx._gdi_.pyd
c:\users\GLINDH~1.PGT\AppData\Local\Temp\_MEI9642\wx._html2.pyd
c:\users\GLINDH~1.PGT\AppData\Local\Temp\_MEI9642\wx._misc_.pyd
c:\users\GLINDH~1.PGT\AppData\Local\Temp\_MEI9642\wx._windows_.pyd
c:\users\GLINDH~1.PGT\AppData\Local\Temp\_MEI9642\wx._wizard.pyd
c:\users\GLINDH~1.PGT\AppData\Local\Temp\_MEI9642\wxbase293u_net_vc.dll
c:\users\GLINDH~1.PGT\AppData\Local\Temp\_MEI9642\wxbase293u_vc.dll
c:\users\GLINDH~1.PGT\AppData\Local\Temp\_MEI9642\wxmsw293u_adv_vc.dll
c:\users\GLINDH~1.PGT\AppData\Local\Temp\_MEI9642\wxmsw293u_core_vc.dll
c:\users\GLINDH~1.PGT\AppData\Local\Temp\_MEI9642\wxmsw293u_html_vc.dll
c:\users\GLINDH~1.PGT\AppData\Local\Temp\_MEI9642\wxmsw293u_webview_vc.dll
c:\users\glindholm.PGT\AppData\Local\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}\@
c:\users\glindholm.PGT\AppData\Local\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}\L\00000004.@
c:\users\glindholm.PGT\AppData\Local\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}\n
c:\users\glindholm.PGT\AppData\Local\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}\U\00000004.@
c:\users\glindholm.PGT\AppData\Local\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}\U\00000008.@
c:\users\glindholm.PGT\AppData\Local\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}\U\000000cb.@
c:\users\glindholm.PGT\AppData\Local\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}\U\80000000.@
c:\users\glindholm.PGT\AppData\Local\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}\U\80000032.@
c:\users\glindholm.PGT\AppData\Local\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}\U\80000064.@
c:\users\glindholm.PGT\AppData\Local\Temp\_MEI9642\_ctypes.pyd
c:\users\glindholm.PGT\AppData\Local\Temp\_MEI9642\_elementtree.pyd
c:\users\glindholm.PGT\AppData\Local\Temp\_MEI9642\_hashlib.pyd
c:\users\glindholm.PGT\AppData\Local\Temp\_MEI9642\_socket.pyd
c:\users\glindholm.PGT\AppData\Local\Temp\_MEI9642\_ssl.pyd
c:\users\glindholm.PGT\AppData\Local\Temp\_MEI9642\pyexpat.pyd
c:\users\glindholm.PGT\AppData\Local\Temp\_MEI9642\pysqlite2._sqlite.pyd
c:\users\glindholm.PGT\AppData\Local\Temp\_MEI9642\python26.dll
c:\users\glindholm.PGT\AppData\Local\Temp\_MEI9642\pythoncom26.dll
c:\users\glindholm.PGT\AppData\Local\Temp\_MEI9642\PyWinTypes26.dll
c:\users\glindholm.PGT\AppData\Local\Temp\_MEI9642\select.pyd
c:\users\glindholm.PGT\AppData\Local\Temp\_MEI9642\unicodedata.pyd
c:\users\glindholm.PGT\AppData\Local\Temp\_MEI9642\win32api.pyd
c:\users\glindholm.PGT\AppData\Local\Temp\_MEI9642\win32com.shell.shell.pyd
c:\users\glindholm.PGT\AppData\Local\Temp\_MEI9642\win32crypt.pyd
c:\users\glindholm.PGT\AppData\Local\Temp\_MEI9642\win32event.pyd
c:\users\glindholm.PGT\AppData\Local\Temp\_MEI9642\win32file.pyd
c:\users\glindholm.PGT\AppData\Local\Temp\_MEI9642\win32inet.pyd
c:\users\glindholm.PGT\AppData\Local\Temp\_MEI9642\win32pdh.pyd
c:\users\glindholm.PGT\AppData\Local\Temp\_MEI9642\win32process.pyd
c:\users\glindholm.PGT\AppData\Local\Temp\_MEI9642\windows._cacheinvalidation.pyd
c:\users\glindholm.PGT\AppData\Local\Temp\_MEI9642\wx._controls_.pyd
c:\users\glindholm.PGT\AppData\Local\Temp\_MEI9642\wx._core_.pyd
c:\users\glindholm.PGT\AppData\Local\Temp\_MEI9642\wx._gdi_.pyd
c:\users\glindholm.PGT\AppData\Local\Temp\_MEI9642\wx._html2.pyd
c:\users\glindholm.PGT\AppData\Local\Temp\_MEI9642\wx._misc_.pyd
c:\users\glindholm.PGT\AppData\Local\Temp\_MEI9642\wx._windows_.pyd
c:\users\glindholm.PGT\AppData\Local\Temp\_MEI9642\wx._wizard.pyd
c:\users\glindholm.PGT\AppData\Local\Temp\_MEI9642\wxbase293u_net_vc.dll
c:\users\glindholm.PGT\AppData\Local\Temp\_MEI9642\wxbase293u_vc.dll
c:\users\glindholm.PGT\AppData\Local\Temp\_MEI9642\wxmsw293u_adv_vc.dll
c:\users\glindholm.PGT\AppData\Local\Temp\_MEI9642\wxmsw293u_core_vc.dll
c:\users\glindholm.PGT\AppData\Local\Temp\_MEI9642\wxmsw293u_html_vc.dll
c:\users\glindholm.PGT\AppData\Local\Temp\_MEI9642\wxmsw293u_webview_vc.dll
c:\users\glindholm.PGT\AppData\Local\yhrczuokfc.exe
c:\users\glindholm.PGT\AppData\Roaming\igfxtray.dat
c:\users\glindholm.PGT\AppData\Roaming\MicroST
c:\users\glindholm.PGT\Documents\~WRL2761.tmp
c:\users\glindholm.PGT\g2mdlhlpx.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}\@
c:\windows\Installer\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}\L\00000004.@
c:\windows\Installer\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}\L\1afb2d56
c:\windows\Installer\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}\L\201d3dde
c:\windows\Installer\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}\n
c:\windows\Installer\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}\U\00000004.@
c:\windows\Installer\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}\U\00000008.@
c:\windows\Installer\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}\U\000000cb.@
c:\windows\Installer\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}\U\80000000.@
c:\windows\Installer\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}\U\80000032.@
c:\windows\Installer\{609be93d-b5e3-4f17-88ec-d2ea189bd7aa}\U\80000064.@
c:\windows\SysWow64\html
c:\windows\SysWow64\html\calendar.html
c:\windows\SysWow64\html\calendarbottom.html
c:\windows\SysWow64\html\calendartop.html
c:\windows\SysWow64\html\crystalexportdialog.htm
c:\windows\SysWow64\html\crystalprinthost.html
c:\windows\SysWow64\images
c:\windows\SysWow64\images\toolbar\calendar.gif
c:\windows\SysWow64\images\toolbar\crlogo.gif
c:\windows\SysWow64\images\toolbar\export.gif
c:\windows\SysWow64\images\toolbar\export_over.gif
c:\windows\SysWow64\images\toolbar\exportd.gif
c:\windows\SysWow64\images\toolbar\First.gif
c:\windows\SysWow64\images\toolbar\first_over.gif
c:\windows\SysWow64\images\toolbar\Firstd.gif
c:\windows\SysWow64\images\toolbar\gotopage.gif
c:\windows\SysWow64\images\toolbar\gotopage_over.gif
c:\windows\SysWow64\images\toolbar\gotopaged.gif
c:\windows\SysWow64\images\toolbar\grouptree.gif
c:\windows\SysWow64\images\toolbar\grouptree_over.gif
c:\windows\SysWow64\images\toolbar\grouptreed.gif
c:\windows\SysWow64\images\toolbar\grouptreepressed.gif
c:\windows\SysWow64\images\toolbar\Last.gif
c:\windows\SysWow64\images\toolbar\last_over.gif
c:\windows\SysWow64\images\toolbar\Lastd.gif
c:\windows\SysWow64\images\toolbar\Next.gif
c:\windows\SysWow64\images\toolbar\next_over.gif
c:\windows\SysWow64\images\toolbar\Nextd.gif
c:\windows\SysWow64\images\toolbar\Prev.gif
c:\windows\SysWow64\images\toolbar\prev_over.gif
c:\windows\SysWow64\images\toolbar\Prevd.gif
c:\windows\SysWow64\images\toolbar\print.gif
c:\windows\SysWow64\images\toolbar\print_over.gif
c:\windows\SysWow64\images\toolbar\printd.gif
c:\windows\SysWow64\images\toolbar\Refresh.gif
c:\windows\SysWow64\images\toolbar\refresh_over.gif
c:\windows\SysWow64\images\toolbar\refreshd.gif
c:\windows\SysWow64\images\toolbar\Search.gif
c:\windows\SysWow64\images\toolbar\search_over.gif
c:\windows\SysWow64\images\toolbar\searchd.gif
c:\windows\SysWow64\images\toolbar\up.gif
c:\windows\SysWow64\images\toolbar\up_over.gif
c:\windows\SysWow64\images\toolbar\upd.gif
c:\windows\SysWow64\images\tree\begindots.gif
c:\windows\SysWow64\images\tree\beginminus.gif
c:\windows\SysWow64\images\tree\beginplus.gif
c:\windows\SysWow64\images\tree\blank.gif
c:\windows\SysWow64\images\tree\blankdots.gif
c:\windows\SysWow64\images\tree\dots.gif
c:\windows\SysWow64\images\tree\lastdots.gif
c:\windows\SysWow64\images\tree\lastminus.gif
c:\windows\SysWow64\images\tree\lastplus.gif
c:\windows\SysWow64\images\tree\Magnify.gif
c:\windows\SysWow64\images\tree\minus.gif
c:\windows\SysWow64\images\tree\minusbox.gif
c:\windows\SysWow64\images\tree\plus.gif
c:\windows\SysWow64\images\tree\plusbox.gif
c:\windows\SysWow64\images\tree\singleminus.gif
c:\windows\SysWow64\images\tree\singleplus.gif
c:\windows\SysWow64\instsrv.exe
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy1_!Windows!System32!services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-09 to 2012-08-09 )))))))))))))))))))))))))))))))
.
.
2012-08-09 16:44 . 2012-08-09 16:44 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-09 16:44 . 2012-08-09 16:44 -------- d-----w- c:\users\glindholm\AppData\Local\temp
2012-08-09 16:44 . 2012-08-09 16:44 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-08-09 16:44 . 2012-08-09 16:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-08 19:55 . 2012-08-08 19:55 -------- d-----w- c:\program files (x86)\Free MP3 Cutter
2012-08-08 19:55 . 2012-08-08 19:55 -------- d-----w- c:\users\glindholm.PGT\AppData\Local\AVG Secure Search
2012-08-08 19:55 . 2012-08-08 19:55 -------- d-----w- c:\programdata\AVG Secure Search
2012-08-08 19:55 . 2012-08-08 19:55 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-08-08 19:55 . 2012-08-08 19:55 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-08-08 19:55 . 2012-08-08 19:55 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-08-08 19:55 . 2012-08-08 19:55 -------- d--h--w- c:\programdata\Common Files
2012-08-07 22:01 . 2012-08-07 22:01 -------- d-----w- C:\jYXEtBzI6AqKSZv
2012-08-07 02:02 . 2012-07-16 12:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9970E41B-4336-43EF-857A-5AC118FEDE04}\mpengine.dll
2012-08-06 00:24 . 2012-07-16 12:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-05 23:22 . 2012-08-05 23:22 -------- d-----w- c:\program files (x86)\Softland
2012-07-24 12:00 . 2009-03-24 12:00 83968 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPA0.DLL
2012-07-24 12:00 . 2009-03-24 12:00 28672 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDA0.DLL
2012-07-17 08:18 . 2012-02-10 00:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{22D94497-86EC-4DB2-84A1-19545ED88714}\gapaengine.dll
2012-07-17 07:51 . 2012-07-17 07:51 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-17 07:51 . 2012-07-17 07:51 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-15 04:59 . 2012-07-15 04:59 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-13 04:50 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 21:05 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 21:05 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 21:05 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 21:05 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 21:05 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 21:05 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-11 21:05 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-07-11 21:04 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 21:04 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 21:04 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 21:04 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 21:04 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 21:04 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-11 21:04 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-11 21:04 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-11 21:04 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 14:33 . 2012-04-18 17:31 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 14:33 . 2012-04-18 17:31 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-17 08:19 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-07-13 04:46 . 2012-04-19 15:32 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-19 07:36 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 07:36 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 07:36 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 07:36 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 07:36 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-19 07:36 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 07:36 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 07:36 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-19 07:36 99840 ----a-w- c:\windows\system32\wudriver.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-08 19:55 2045024 ----a-w- c:\program files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll" [2012-08-08 2045024]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RCUI"="c:\program files (x86)\RingCentral\RingCentral Call Controller\RCUI.exe" [2010-11-23 500992]
"RCHotKey"="c:\program files (x86)\RingCentral\RingCentral Call Controller\RCHotKey.exe" [2010-11-23 38144]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-07-20 12218904]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-23 6591800]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-05-04 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-08-09 112408]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-12-16 462974]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"x3watch"="c:\program files (x86)\X3watch\x3watch.exe" [2011-02-14 303104]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2012-05-01 103536]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-08-08 1162848]
"ROC_roc_ssl_v12"="c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-08-08 1020512]
.
c:\users\glindholm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2011-8-24 494488]
.
c:\users\glindholm.PGT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2011-8-24 494488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-02 116648]
R2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe [2003-04-19 8192]
R2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-05-01 11839488]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-02 116648]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-05-10 174184]
R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7x64.sys [2011-01-03 74984]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-19 1255736]
R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 10752]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-06-05 25960]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2011-07-16 22128]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-08-08 31080]
S1 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 313696]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2011-05-13 1043872]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2011-05-13 36768]
S2 DFEPService;Dell Feature Enhancement Pack Service;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe [2011-08-24 2279320]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-06-29 171688]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 LatitudeJobScheduler;Latitude Job Scheduler Engine;c:\program files\PathTech\Latitude\bin\PathGuide.Latitude.JobScheduler.exe [2012-05-22 55808]
S2 LatitudeTS;Latitude Terminal Server;c:\program files\PathTech\Latitude\bin\PathGuide.Latitude.TerminalServer.exe [2012-05-22 1015808]
S2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-04-24 210784]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-06-05 1997416]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-06-05 378472]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-08-09 2656536]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-30 846448]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2008-08-21 370872]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [2012-08-08 927840]
S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-07-01 1600000]
S2 ZcfgSvc7;Intel® PROSet/Wireless ZeroConfig Service;c:\program files\Intel\WiFi\bin\ZCfgSvc7.exe [2010-12-23 992256]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\accelern.sys [2011-07-22 27760]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-09-10 176096]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2011-05-10 38504]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2011-07-20 342704]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-12-21 8505856]
S3 O2MDFRDR;O2MDFRDR;c:\windows\system32\DRIVERS\O2MDFw7x64.sys [2011-01-03 72808]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [2011-03-23 83560]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 14:33]
.
2012-08-09 c:\windows\Tasks\fba_LaptopBackup.job
- c:\program files (x86)\Softland\FBackup 4\fbaSchedStarter.exe [2012-08-05 21:31]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-02 06:25]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-02 06:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-05-27 22:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 22:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 22:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 22:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 22:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-05-27 22:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-07-20 611192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-06-05 312936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 416024]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704]
"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-23 1934608]
"DFEPApplication"="c:\program files\Dell\Feature Enhancement Pack\DFEPApplication.exe" [2011-08-24 7077272]
"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-27 257392]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
"combofix"="c:\combofix\CF17780.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.lewrockwell.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.20.7 192.168.20.10
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://65.117.82.194/CACHE/stc/1/binaries/vpnweb.cab
DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-MsMpSvc
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe
c:\windows\sysWOW64\SDIOAssist.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-08-09 10:17:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-09 17:16
.
Pre-Run: 108,520,128,512 bytes free
Post-Run: 109,221,965,824 bytes free
.
- - End Of File - - DA9BED10C771B18C950FB46F9B6C89EA

#4 art_vandelay

art_vandelay
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 09 August 2012 - 12:23 PM

By the way, things seem to be running a bit better now, but it's early. MS Security Essentials is still not running, and when I attempt to restart it it says the specified service does not exist as an installed service.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:06 AM

Posted 09 August 2012 - 12:45 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 art_vandelay

art_vandelay
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 09 August 2012 - 05:58 PM

TDSKiller Log
=======================
11:16:45.0435 1068 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
11:16:45.0843 1068 ============================================================
11:16:45.0843 1068 Current date / time: 2012/08/09 11:16:45.0843
11:16:45.0843 1068 SystemInfo:
11:16:45.0843 1068
11:16:45.0843 1068 OS Version: 6.1.7601 ServicePack: 1.0
11:16:45.0843 1068 Product type: Workstation
11:16:45.0843 1068 ComputerName: GEORGE-L
11:16:45.0844 1068 UserName: glindholm
11:16:45.0844 1068 Windows directory: C:\Windows
11:16:45.0844 1068 System windows directory: C:\Windows
11:16:45.0844 1068 Running under WOW64
11:16:45.0844 1068 Processor architecture: Intel x64
11:16:45.0844 1068 Number of processors: 4
11:16:45.0844 1068 Page size: 0x1000
11:16:45.0844 1068 Boot type: Normal boot
11:16:45.0844 1068 ============================================================
11:16:46.0356 1068 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:16:46.0368 1068 ============================================================
11:16:46.0368 1068 \Device\Harddisk0\DR0:
11:16:46.0368 1068 MBR partitions:
11:16:46.0368 1068 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x2498000
11:16:46.0368 1068 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x24AC000, BlocksNum 0x37ED8000
11:16:46.0368 1068 ============================================================
11:16:46.0399 1068 C: <-> \Device\Harddisk0\DR0\Partition1
11:16:46.0399 1068 ============================================================
11:16:46.0399 1068 Initialize success
11:16:46.0399 1068 ============================================================
11:16:59.0827 7264 ============================================================
11:16:59.0827 7264 Scan started
11:16:59.0827 7264 Mode: Manual;
11:16:59.0827 7264 ============================================================
11:17:02.0341 7264 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:17:02.0345 7264 1394ohci - ok
11:17:02.0394 7264 Acceler (1575a815c27789061f34b4f55ae0b5c3) C:\Windows\system32\DRIVERS\accelern.sys
11:17:02.0396 7264 Acceler - ok
11:17:02.0437 7264 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:17:02.0442 7264 ACPI - ok
11:17:02.0483 7264 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:17:02.0486 7264 AcpiPmi - ok
11:17:02.0764 7264 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:17:02.0766 7264 AdobeARMservice - ok
11:17:02.0865 7264 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:17:02.0869 7264 AdobeFlashPlayerUpdateSvc - ok
11:17:02.0936 7264 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
11:17:02.0945 7264 adp94xx - ok
11:17:02.0997 7264 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
11:17:03.0009 7264 adpahci - ok
11:17:03.0039 7264 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
11:17:03.0042 7264 adpu320 - ok
11:17:03.0080 7264 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:17:03.0083 7264 AeLookupSvc - ok
11:17:03.0343 7264 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
11:17:03.0346 7264 AESTFilters - ok
11:17:03.0426 7264 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:17:03.0433 7264 AFD - ok
11:17:03.0471 7264 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:17:03.0473 7264 agp440 - ok
11:17:03.0487 7264 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:17:03.0489 7264 ALG - ok
11:17:03.0516 7264 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:17:03.0517 7264 aliide - ok
11:17:03.0522 7264 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:17:03.0523 7264 amdide - ok
11:17:03.0529 7264 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
11:17:03.0530 7264 AmdK8 - ok
11:17:03.0536 7264 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
11:17:03.0537 7264 AmdPPM - ok
11:17:03.0556 7264 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:17:03.0558 7264 amdsata - ok
11:17:03.0579 7264 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
11:17:03.0583 7264 amdsbs - ok
11:17:03.0591 7264 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:17:03.0592 7264 amdxata - ok
11:17:03.0640 7264 ApfiltrService (6d4cb1f46a0ac05326f834fd6b822479) C:\Windows\system32\DRIVERS\Apfiltr.sys
11:17:03.0646 7264 ApfiltrService - ok
11:17:03.0739 7264 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
11:17:03.0741 7264 AppHostSvc - ok
11:17:03.0802 7264 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:17:03.0804 7264 AppID - ok
11:17:03.0825 7264 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:17:03.0827 7264 AppIDSvc - ok
11:17:03.0842 7264 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:17:03.0844 7264 Appinfo - ok
11:17:04.0019 7264 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:17:04.0026 7264 Apple Mobile Device - ok
11:17:04.0070 7264 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
11:17:04.0073 7264 AppMgmt - ok
11:17:04.0109 7264 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
11:17:04.0111 7264 arc - ok
11:17:04.0129 7264 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
11:17:04.0130 7264 arcsas - ok
11:17:04.0236 7264 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:17:04.0238 7264 aspnet_state - ok
11:17:04.0253 7264 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:17:04.0254 7264 AsyncMac - ok
11:17:04.0296 7264 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:17:04.0297 7264 atapi - ok
11:17:04.0380 7264 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:17:04.0389 7264 AudioEndpointBuilder - ok
11:17:04.0395 7264 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:17:04.0398 7264 AudioSrv - ok
11:17:04.0479 7264 avgtp (e964ea70249dde1343c8f694b52575ee) C:\Windows\system32\drivers\avgtpx64.sys
11:17:04.0481 7264 avgtp - ok
11:17:04.0546 7264 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:17:04.0548 7264 AxInstSV - ok
11:17:04.0750 7264 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
11:17:04.0766 7264 b06bdrv - ok
11:17:04.0816 7264 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:17:04.0821 7264 b57nd60a - ok
11:17:04.0903 7264 BBSvc (87f3bcf82a63e900af896cd930bf7e05) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
11:17:04.0907 7264 BBSvc - ok
11:17:04.0970 7264 BBUpdate (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
11:17:04.0984 7264 BBUpdate - ok
11:17:05.0043 7264 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:17:05.0045 7264 BDESVC - ok
11:17:05.0084 7264 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:17:05.0085 7264 Beep - ok
11:17:05.0151 7264 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:17:05.0170 7264 BFE - ok
11:17:05.0193 7264 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:17:05.0196 7264 blbdrive - ok
11:17:05.0292 7264 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
11:17:05.0299 7264 Bonjour Service - ok
11:17:05.0356 7264 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:17:05.0357 7264 bowser - ok
11:17:05.0368 7264 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
11:17:05.0369 7264 BrFiltLo - ok
11:17:05.0372 7264 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
11:17:05.0373 7264 BrFiltUp - ok
11:17:05.0410 7264 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
11:17:05.0412 7264 BridgeMP - ok
11:17:05.0446 7264 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:17:05.0450 7264 Browser - ok
11:17:05.0472 7264 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:17:05.0477 7264 Brserid - ok
11:17:05.0483 7264 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:17:05.0484 7264 BrSerWdm - ok
11:17:05.0487 7264 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:17:05.0488 7264 BrUsbMdm - ok
11:17:05.0491 7264 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:17:05.0492 7264 BrUsbSer - ok
11:17:05.0499 7264 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
11:17:05.0501 7264 BTHMODEM - ok
11:17:05.0539 7264 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:17:05.0541 7264 bthserv - ok
11:17:05.0574 7264 catchme - ok
11:17:05.0616 7264 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:17:05.0619 7264 cdfs - ok
11:17:05.0663 7264 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:17:05.0667 7264 cdrom - ok
11:17:05.0714 7264 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:17:05.0716 7264 CertPropSvc - ok
11:17:05.0731 7264 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
11:17:05.0733 7264 circlass - ok
11:17:05.0756 7264 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:17:05.0762 7264 CLFS - ok
11:17:05.0942 7264 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:17:05.0944 7264 clr_optimization_v2.0.50727_32 - ok
11:17:05.0994 7264 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:17:05.0996 7264 clr_optimization_v2.0.50727_64 - ok
11:17:06.0081 7264 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:17:06.0084 7264 clr_optimization_v4.0.30319_32 - ok
11:17:06.0119 7264 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:17:06.0122 7264 clr_optimization_v4.0.30319_64 - ok
11:17:06.0157 7264 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:17:06.0158 7264 CmBatt - ok
11:17:06.0169 7264 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:17:06.0171 7264 cmdide - ok
11:17:06.0237 7264 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
11:17:06.0244 7264 CNG - ok
11:17:06.0286 7264 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:17:06.0288 7264 Compbatt - ok
11:17:06.0321 7264 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
11:17:06.0323 7264 CompositeBus - ok
11:17:06.0339 7264 COMSysApp - ok
11:17:06.0362 7264 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
11:17:06.0363 7264 crcdisk - ok
11:17:07.0324 7264 Credential Vault Host Control Service (d8e4f20bd26d8dca4cb67a796d7eec84) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
11:17:07.0353 7264 Credential Vault Host Control Service - ok
11:17:07.0387 7264 Credential Vault Host Storage (ec31c9a4d1059e599dd1dbb50b84f278) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
11:17:07.0389 7264 Credential Vault Host Storage - ok
11:17:07.0438 7264 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
11:17:07.0441 7264 CryptSvc - ok
11:17:07.0498 7264 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
11:17:07.0504 7264 CSC - ok
11:17:07.0723 7264 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
11:17:07.0772 7264 CscService - ok
11:17:07.0824 7264 CtClsFlt (58cb536da016641c9d24d183197f6dbf) C:\Windows\system32\DRIVERS\CtClsFlt.sys
11:17:07.0827 7264 CtClsFlt - ok
11:17:07.0905 7264 cvusbdrv (afd403048b1753eb4225ca476f663350) C:\Windows\system32\Drivers\cvusbdrv.sys
11:17:07.0936 7264 cvusbdrv - ok
11:17:08.0223 7264 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:17:08.0237 7264 DcomLaunch - ok
11:17:08.0696 7264 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:17:08.0713 7264 defragsvc - ok
11:17:09.0807 7264 DFEPService (b85201f1aae97cd58fde0db18120f924) c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
11:17:09.0847 7264 DFEPService - ok
11:17:09.0980 7264 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:17:09.0983 7264 DfsC - ok
11:17:10.0038 7264 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:17:10.0044 7264 Dhcp - ok
11:17:10.0063 7264 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:17:10.0065 7264 discache - ok
11:17:10.0105 7264 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
11:17:10.0108 7264 Disk - ok
11:17:10.0126 7264 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
11:17:10.0128 7264 dmvsc - ok
11:17:10.0148 7264 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:17:10.0151 7264 Dnscache - ok
11:17:10.0207 7264 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:17:10.0211 7264 dot3svc - ok
11:17:10.0229 7264 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:17:10.0233 7264 DPS - ok
11:17:10.0278 7264 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:17:10.0280 7264 drmkaud - ok
11:17:10.0349 7264 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:17:10.0359 7264 DXGKrnl - ok
11:17:10.0420 7264 e1cexpress (eafcb4551836ff44ee775ceddfa7a77e) C:\Windows\system32\DRIVERS\e1c62x64.sys
11:17:10.0425 7264 e1cexpress - ok
11:17:10.0448 7264 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:17:10.0450 7264 EapHost - ok
11:17:12.0283 7264 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
11:17:12.0337 7264 ebdrv - ok
11:17:13.0972 7264 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:17:14.0010 7264 EFS - ok
11:17:15.0306 7264 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:17:15.0323 7264 ehRecvr - ok
11:17:15.0579 7264 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:17:15.0591 7264 ehSched - ok
11:17:15.0967 7264 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
11:17:15.0968 7264 ElbyCDIO - ok
11:17:16.0525 7264 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
11:17:16.0573 7264 elxstor - ok
11:17:16.0603 7264 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:17:16.0605 7264 ErrDev - ok
11:17:16.0639 7264 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:17:16.0645 7264 EventSystem - ok
11:17:17.0416 7264 EvtEng (5c08b9a2baaec1f33c2d50fd166deebb) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
11:17:17.0441 7264 EvtEng - ok
11:17:18.0274 7264 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:17:18.0290 7264 exfat - ok
11:17:18.0316 7264 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:17:18.0320 7264 fastfat - ok
11:17:18.0406 7264 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:17:18.0429 7264 Fax - ok
11:17:18.0434 7264 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
11:17:18.0435 7264 fdc - ok
11:17:18.0459 7264 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:17:18.0461 7264 fdPHost - ok
11:17:18.0471 7264 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:17:18.0473 7264 FDResPub - ok
11:17:18.0495 7264 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:17:18.0497 7264 FileInfo - ok
11:17:18.0507 7264 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:17:18.0509 7264 Filetrace - ok
11:17:18.0512 7264 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
11:17:18.0514 7264 flpydisk - ok
11:17:18.0529 7264 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:17:18.0534 7264 FltMgr - ok
11:17:18.0615 7264 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:17:18.0642 7264 FontCache - ok
11:17:18.0811 7264 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:17:18.0813 7264 FontCache3.0.0.0 - ok
11:17:18.0847 7264 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:17:18.0849 7264 FsDepends - ok
11:17:18.0862 7264 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
11:17:18.0864 7264 Fs_Rec - ok
11:17:18.0902 7264 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:17:18.0907 7264 fvevol - ok
11:17:18.0947 7264 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
11:17:18.0949 7264 gagp30kx - ok
11:17:18.0979 7264 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:17:18.0980 7264 GEARAspiWDM - ok
11:17:19.0019 7264 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:17:19.0039 7264 gpsvc - ok
11:17:19.0419 7264 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:17:19.0421 7264 gupdate - ok
11:17:19.0451 7264 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:17:19.0452 7264 gupdatem - ok
11:17:19.0489 7264 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:17:19.0493 7264 gusvc - ok
11:17:19.0517 7264 HBtnKey (0e485f2c759f155170da9f35354034e9) C:\Windows\system32\drivers\HBtnKey.sys
11:17:19.0519 7264 HBtnKey - ok
11:17:19.0568 7264 hcmon (adb4348da1345877b04e22203afc8993) C:\Windows\system32\drivers\hcmon.sys
11:17:19.0569 7264 hcmon - ok
11:17:19.0591 7264 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:17:19.0593 7264 hcw85cir - ok
11:17:19.0633 7264 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:17:19.0635 7264 HDAudBus - ok
11:17:19.0651 7264 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
11:17:19.0653 7264 HidBatt - ok
11:17:19.0663 7264 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
11:17:19.0670 7264 HidBth - ok
11:17:19.0674 7264 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
11:17:19.0677 7264 HidIr - ok
11:17:19.0699 7264 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
11:17:19.0701 7264 hidserv - ok
11:17:19.0751 7264 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:17:19.0753 7264 HidUsb - ok
11:17:19.0787 7264 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:17:19.0790 7264 hkmsvc - ok
11:17:19.0805 7264 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:17:19.0808 7264 HomeGroupListener - ok
11:17:19.0834 7264 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:17:19.0838 7264 HomeGroupProvider - ok
11:17:19.0874 7264 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:17:19.0876 7264 HpSAMD - ok
11:17:20.0025 7264 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:17:20.0045 7264 HTTP - ok
11:17:20.0060 7264 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:17:20.0062 7264 hwpolicy - ok
11:17:20.0085 7264 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:17:20.0088 7264 i8042prt - ok
11:17:20.0140 7264 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys
11:17:20.0143 7264 iaStor - ok
11:17:20.0231 7264 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:17:20.0238 7264 iaStorV - ok
11:17:21.0084 7264 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:17:21.0106 7264 idsvc - ok
11:17:22.0208 7264 igfx (9937600a1584ff00565d5379eb4c9edb) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:17:22.0389 7264 igfx - ok
11:17:22.0553 7264 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
11:17:22.0556 7264 iirsp - ok
11:17:22.0591 7264 IISADMIN (ab55b8a9b13130f638546881ce4425f8) C:\Windows\system32\inetsrv\inetinfo.exe
11:17:22.0592 7264 IISADMIN - ok
11:17:22.0661 7264 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:17:22.0680 7264 IKEEXT - ok
11:17:22.0734 7264 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys
11:17:22.0738 7264 Impcd - ok
11:17:22.0787 7264 Intel® PROSet Monitoring Service (d7b978f4504d3da95a21002863d0e7ee) C:\Windows\system32\IProsetMonitor.exe
11:17:22.0790 7264 Intel® PROSet Monitoring Service - ok
11:17:22.0801 7264 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:17:22.0803 7264 intelide - ok
11:17:22.0823 7264 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:17:22.0825 7264 intelppm - ok
11:17:22.0847 7264 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:17:22.0850 7264 IPBusEnum - ok
11:17:22.0860 7264 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:17:22.0863 7264 IpFilterDriver - ok
11:17:22.0941 7264 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:17:22.0948 7264 iphlpsvc - ok
11:17:22.0967 7264 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:17:22.0969 7264 IPMIDRV - ok
11:17:22.0978 7264 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:17:22.0980 7264 IPNAT - ok
11:17:23.0783 7264 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
11:17:23.0803 7264 iPod Service - ok
11:17:23.0848 7264 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:17:23.0850 7264 IRENUM - ok
11:17:23.0863 7264 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:17:23.0865 7264 isapnp - ok
11:17:23.0885 7264 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:17:23.0891 7264 iScsiPrt - ok
11:17:24.0031 7264 jhi_service (6c85719a21b3f62c2c76280f4bd36c7b) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
11:17:24.0035 7264 jhi_service - ok
11:17:24.0083 7264 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:17:24.0085 7264 kbdclass - ok
11:17:24.0121 7264 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
11:17:24.0122 7264 kbdhid - ok
11:17:24.0144 7264 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:17:24.0145 7264 KeyIso - ok
11:17:24.0254 7264 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
11:17:24.0269 7264 KSecDD - ok
11:17:24.0282 7264 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
11:17:24.0285 7264 KSecPkg - ok
11:17:24.0324 7264 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:17:24.0326 7264 ksthunk - ok
11:17:24.0378 7264 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:17:24.0384 7264 KtmRm - ok
11:17:24.0604 7264 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
11:17:24.0623 7264 LanmanServer - ok
11:17:24.0707 7264 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:17:24.0721 7264 LanmanWorkstation - ok
11:17:25.0451 7264 LatitudeJobScheduler (d78998a7be56bbb742723dcc4e39c006) C:\Program Files\PathTech\Latitude\bin\PathGuide.Latitude.JobScheduler.exe
11:17:25.0525 7264 LatitudeJobScheduler - ok
11:17:26.0000 7264 LatitudeTS (f06a2fb8224168853d6e366b9eb6ec3f) C:\Program Files\PathTech\Latitude\bin\PathGuide.Latitude.TerminalServer.exe
11:17:26.0056 7264 LatitudeTS - ok
11:17:26.0263 7264 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:17:26.0270 7264 lltdio - ok
11:17:26.0472 7264 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:17:26.0497 7264 lltdsvc - ok
11:17:26.0509 7264 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:17:26.0512 7264 lmhosts - ok
11:17:27.0010 7264 LMS (519d66259df1672aabce9d2e0acc5552) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
11:17:27.0024 7264 LMS - ok
11:17:27.0065 7264 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
11:17:27.0068 7264 LSI_FC - ok
11:17:27.0076 7264 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
11:17:27.0077 7264 LSI_SAS - ok
11:17:27.0083 7264 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
11:17:27.0085 7264 LSI_SAS2 - ok
11:17:27.0100 7264 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
11:17:27.0103 7264 LSI_SCSI - ok
11:17:27.0138 7264 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:17:27.0140 7264 luafv - ok
11:17:27.0158 7264 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:17:27.0161 7264 Mcx2Svc - ok
11:17:27.0171 7264 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
11:17:27.0173 7264 megasas - ok
11:17:27.0213 7264 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
11:17:27.0225 7264 MegaSR - ok
11:17:27.0287 7264 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
11:17:27.0289 7264 MEIx64 - ok
11:17:27.0311 7264 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:17:27.0313 7264 MMCSS - ok
11:17:27.0325 7264 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:17:27.0327 7264 Modem - ok
11:17:27.0343 7264 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:17:27.0345 7264 monitor - ok
11:17:27.0359 7264 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:17:27.0361 7264 mouclass - ok
11:17:27.0372 7264 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:17:27.0374 7264 mouhid - ok
11:17:27.0390 7264 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:17:27.0392 7264 mountmgr - ok
11:17:27.0438 7264 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
11:17:27.0442 7264 MpFilter - ok
11:17:27.0483 7264 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:17:27.0496 7264 mpio - ok
11:17:27.0513 7264 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:17:27.0516 7264 mpsdrv - ok
11:17:28.0304 7264 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:17:28.0327 7264 MpsSvc - ok
11:17:28.0343 7264 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:17:28.0346 7264 MRxDAV - ok
11:17:28.0375 7264 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:17:28.0378 7264 mrxsmb - ok
11:17:28.0397 7264 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:17:28.0402 7264 mrxsmb10 - ok
11:17:28.0413 7264 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:17:28.0416 7264 mrxsmb20 - ok
11:17:28.0435 7264 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:17:28.0437 7264 msahci - ok
11:17:28.0455 7264 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:17:28.0458 7264 msdsm - ok
11:17:28.0478 7264 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:17:28.0482 7264 MSDTC - ok
11:17:28.0882 7264 MsDtsServer100 (7d0ac2859eeaccc5bd038b8cddcaff62) C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
11:17:28.0886 7264 MsDtsServer100 - ok
11:17:28.0900 7264 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:17:28.0901 7264 Msfs - ok
11:17:28.0948 7264 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:17:28.0950 7264 mshidkmdf - ok
11:17:28.0964 7264 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:17:28.0966 7264 msisadrv - ok
11:17:28.0989 7264 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:17:28.0992 7264 MSiSCSI - ok
11:17:28.0994 7264 msiserver - ok
11:17:29.0041 7264 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:17:29.0042 7264 MSKSSRV - ok
11:17:29.0063 7264 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:17:29.0063 7264 MSPCLOCK - ok
11:17:29.0085 7264 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:17:29.0087 7264 MSPQM - ok
11:17:29.0108 7264 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:17:29.0114 7264 MsRPC - ok
11:17:29.0125 7264 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
11:17:29.0127 7264 mssmbios - ok
11:17:29.0229 7264 MSSQL$SQLEXPRESS - ok
11:17:29.0456 7264 MSSQLSERVER - ok
11:17:29.0607 7264 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
11:17:29.0637 7264 MSSQLServerADHelper - ok
11:17:29.0845 7264 MSSQLServerADHelper100 (04ef36eaf5c4dbce424d81b76f1e9231) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
11:17:29.0903 7264 MSSQLServerADHelper100 - ok
11:17:29.0965 7264 MSSQLServerOLAPService - ok
11:17:30.0015 7264 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:17:30.0016 7264 MSTEE - ok
11:17:34.0323 7264 msvsmon90 (cb4a082af58d1a0969f931816d5cfb05) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
11:17:34.0447 7264 msvsmon90 - ok
11:17:35.0448 7264 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
11:17:35.0449 7264 MTConfig - ok
11:17:35.0466 7264 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:17:35.0469 7264 Mup - ok
11:17:35.0505 7264 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:17:35.0512 7264 napagent - ok
11:17:35.0568 7264 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:17:35.0573 7264 NativeWifiP - ok
11:17:35.0635 7264 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
11:17:35.0659 7264 NDIS - ok
11:17:35.0695 7264 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:17:35.0697 7264 NdisCap - ok
11:17:35.0733 7264 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:17:35.0735 7264 NdisTapi - ok
11:17:35.0775 7264 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:17:35.0777 7264 Ndisuio - ok
11:17:35.0788 7264 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:17:35.0791 7264 NdisWan - ok
11:17:35.0807 7264 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:17:35.0809 7264 NDProxy - ok
11:17:35.0856 7264 Net Driver HPZ12 (2c723e42fc8d7b0209492828f921fb50) C:\Windows\system32\HPZinw12.dll
11:17:35.0858 7264 Net Driver HPZ12 - ok
11:17:35.0894 7264 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:17:35.0896 7264 NetBIOS - ok
11:17:35.0916 7264 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:17:35.0921 7264 NetBT - ok
11:17:35.0941 7264 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:17:35.0943 7264 Netlogon - ok
11:17:36.0012 7264 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:17:36.0019 7264 Netman - ok
11:17:36.0365 7264 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:17:36.0381 7264 NetMsmqActivator - ok
11:17:36.0418 7264 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:17:36.0419 7264 NetPipeActivator - ok
11:17:36.0460 7264 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:17:36.0467 7264 netprofm - ok
11:17:36.0484 7264 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:17:36.0486 7264 NetTcpActivator - ok
11:17:36.0488 7264 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:17:36.0489 7264 NetTcpPortSharing - ok
11:17:36.0566 7264 netvsc (73ce12b8bdd747b0063cb0a7ef44cea7) C:\Windows\system32\DRIVERS\netvsc60.sys
11:17:36.0570 7264 netvsc - ok
11:17:40.0610 7264 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys
11:17:40.0746 7264 NETwNs64 - ok
11:17:41.0389 7264 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
11:17:41.0404 7264 nfrd960 - ok
11:17:41.0471 7264 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:17:41.0474 7264 NisDrv - ok
11:17:41.0588 7264 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
11:17:41.0593 7264 NisSrv - ok
11:17:41.0639 7264 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:17:41.0644 7264 NlaSvc - ok
11:17:41.0668 7264 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:17:41.0671 7264 Npfs - ok
11:17:41.0678 7264 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:17:41.0684 7264 nsi - ok
11:17:41.0708 7264 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:17:41.0710 7264 nsiproxy - ok
11:17:42.0133 7264 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:17:42.0164 7264 Ntfs - ok
11:17:43.0177 7264 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:17:43.0183 7264 Null - ok
11:17:43.0230 7264 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
11:17:43.0234 7264 NVHDA - ok
11:17:46.0562 7264 nvlddmkm (70e89a21827b2669af906b703c7c48b5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:17:46.0759 7264 nvlddmkm - ok
11:17:46.0941 7264 nvpciflt (4b9c0c2bf78289513101eb0d44834701) C:\Windows\system32\DRIVERS\nvpciflt.sys
11:17:46.0955 7264 nvpciflt - ok
11:17:47.0005 7264 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:17:47.0008 7264 nvraid - ok
11:17:47.0029 7264 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:17:47.0031 7264 nvstor - ok
11:17:47.0510 7264 NVSvc (e04fce1d149cf05c3449e3171f9c3e41) C:\Windows\system32\nvvsvc.exe
11:17:47.0536 7264 NVSvc - ok
11:17:48.0190 7264 nvUpdatusService (d96ddea6c699a99832e0186057801971) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
11:17:48.0224 7264 nvUpdatusService - ok
11:17:49.0100 7264 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:17:49.0112 7264 nv_agp - ok
11:17:49.0210 7264 O2MDFRDR (6172db160fc566cf24307941c0e94d8e) C:\Windows\system32\DRIVERS\O2MDFw7x64.sys
11:17:49.0212 7264 O2MDFRDR - ok
11:17:49.0226 7264 O2MDRRDR (8ed738aba394bbf6d7802698be453112) C:\Windows\system32\drivers\O2MDRw7x64.sys
11:17:49.0228 7264 O2MDRRDR - ok
11:17:49.0309 7264 O2SDIOAssist (4635935fc972c582632bf45c26bfcb0e) c:\Windows\SysWOW64\srvany.exe
11:17:49.0311 7264 O2SDIOAssist - ok
11:17:49.0334 7264 O2SDJRDR (a9c1e6b7c134fad124338b7944fa996d) C:\Windows\system32\DRIVERS\o2sdjw7x64.sys
11:17:49.0337 7264 O2SDJRDR - ok
11:17:49.0443 7264 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:17:49.0450 7264 odserv - ok
11:17:49.0472 7264 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:17:49.0474 7264 ohci1394 - ok
11:17:49.0552 7264 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:17:49.0556 7264 ose - ok
11:17:49.0587 7264 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:17:49.0593 7264 p2pimsvc - ok
11:17:49.0647 7264 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:17:49.0655 7264 p2psvc - ok
11:17:49.0676 7264 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:17:49.0678 7264 Parport - ok
11:17:49.0729 7264 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
11:17:49.0731 7264 partmgr - ok
11:17:49.0774 7264 PBADRV (363b3f857abee85767e01e3044c539cd) C:\Windows\system32\DRIVERS\PBADRV.sys
11:17:49.0776 7264 PBADRV - ok
11:17:49.0806 7264 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:17:49.0810 7264 PcaSvc - ok
11:17:49.0831 7264 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:17:49.0835 7264 pci - ok
11:17:49.0857 7264 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:17:49.0859 7264 pciide - ok
11:17:49.0878 7264 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
11:17:49.0882 7264 pcmcia - ok
11:17:49.0894 7264 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:17:49.0897 7264 pcw - ok
11:17:49.0929 7264 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:17:49.0938 7264 PEAUTH - ok
11:17:49.0996 7264 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
11:17:50.0020 7264 PeerDistSvc - ok
11:17:50.0148 7264 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:17:50.0151 7264 PerfHost - ok
11:17:51.0862 7264 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:17:51.0909 7264 pla - ok
11:17:51.0972 7264 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:17:51.0979 7264 PlugPlay - ok
11:17:52.0024 7264 Pml Driver HPZ12 (171e6d91a20aac8d02172a64e82ce90b) C:\Windows\system32\HPZipm12.dll
11:17:52.0026 7264 Pml Driver HPZ12 - ok
11:17:52.0039 7264 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:17:52.0042 7264 PNRPAutoReg - ok
11:17:52.0063 7264 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:17:52.0066 7264 PNRPsvc - ok
11:17:52.0140 7264 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:17:52.0150 7264 PolicyAgent - ok
11:17:52.0175 7264 Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\Windows\system32\umpo.dll
11:17:52.0178 7264 Power - ok
11:17:52.0249 7264 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:17:52.0252 7264 PptpMiniport - ok
11:17:52.0268 7264 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
11:17:52.0270 7264 Processor - ok
11:17:52.0304 7264 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
11:17:52.0309 7264 ProfSvc - ok
11:17:52.0332 7264 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:17:52.0333 7264 ProtectedStorage - ok
11:17:52.0354 7264 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:17:52.0356 7264 Psched - ok
11:17:52.0430 7264 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
11:17:52.0456 7264 ql2300 - ok
11:17:53.0215 7264 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
11:17:53.0229 7264 ql40xx - ok
11:17:53.0259 7264 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:17:53.0266 7264 QWAVE - ok
11:17:53.0276 7264 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:17:53.0278 7264 QWAVEdrv - ok
11:17:53.0532 7264 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
11:17:53.0535 7264 RapiMgr - ok
11:17:53.0555 7264 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:17:53.0557 7264 RasAcd - ok
11:17:53.0607 7264 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:17:53.0609 7264 RasAgileVpn - ok
11:17:53.0632 7264 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:17:53.0635 7264 RasAuto - ok
11:17:53.0652 7264 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:17:53.0655 7264 Rasl2tp - ok
11:17:53.0680 7264 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:17:53.0686 7264 RasMan - ok
11:17:53.0698 7264 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:17:53.0701 7264 RasPppoe - ok
11:17:53.0713 7264 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:17:53.0715 7264 RasSstp - ok
11:17:53.0735 7264 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:17:53.0740 7264 rdbss - ok
11:17:53.0748 7264 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:17:53.0750 7264 rdpbus - ok
11:17:53.0761 7264 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:17:53.0763 7264 RDPCDD - ok
11:17:53.0792 7264 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
11:17:53.0796 7264 RDPDR - ok
11:17:53.0833 7264 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:17:53.0834 7264 RDPENCDD - ok
11:17:53.0847 7264 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:17:53.0849 7264 RDPREFMP - ok
11:17:53.0880 7264 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
11:17:53.0892 7264 RDPWD - ok
11:17:53.0910 7264 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys11:17:53.0915 7264 rdyboost - ok
11:17:54.0139 7264 RegSrvc (f90cc59135f2945a6ebb1670a7bbd8b3) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
11:17:54.0150 7264 RegSrvc - ok
11:17:54.0224 7264 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:17:54.0228 7264 RemoteAccess - ok
11:17:54.0242 7264 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:17:54.0246 7264 RemoteRegistry - ok
11:17:54.0256 7264 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:17:54.0258 7264 RpcEptMapper - ok
11:17:54.0268 7264 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:17:54.0270 7264 RpcLocator - ok
11:17:54.0299 7264 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:17:54.0303 7264 RpcSs - ok
11:17:54.0631 7264 RsFx0150 (eb1c539e621a35a49f7692b0eb565ab9) C:\Windows\system32\DRIVERS\RsFx0150.sys
11:17:54.0636 7264 RsFx0150 - ok
11:17:54.0671 7264 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:17:54.0674 7264 rspndr - ok
11:17:54.0689 7264 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
11:17:54.0691 7264 s3cap - ok
11:17:54.0713 7264 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:17:54.0714 7264 SamSs - ok
11:17:54.0833 7264 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:17:54.0846 7264 sbp2port - ok
11:17:54.0880 7264 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:17:54.0884 7264 SCardSvr - ok
11:17:54.0904 7264 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:17:54.0905 7264 scfilter - ok
11:17:54.0956 7264 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:17:54.0979 7264 Schedule - ok
11:17:55.0006 7264 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:17:55.0007 7264 SCPolicySvc - ok
11:17:55.0156 7264 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:17:55.0159 7264 SDRSVC - ok
11:17:55.0272 7264 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:17:55.0273 7264 secdrv - ok
11:17:55.0293 7264 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:17:55.0296 7264 seclogon - ok
11:17:57.0689 7264 SecureStorageService (8365191d0fe7df5972b889821adbe62b) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe
11:17:57.0757 7264 SecureStorageService - ok
11:17:58.0159 7264 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
11:17:58.0163 7264 SENS - ok
11:17:58.0173 7264 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:17:58.0176 7264 SensrSvc - ok
11:17:58.0262 7264 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
11:17:58.0264 7264 Serenum - ok
11:17:58.0272 7264 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
11:17:58.0273 7264 Serial - ok
11:17:58.0277 7264 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
11:17:58.0278 7264 sermouse - ok
11:17:58.0294 7264 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:17:58.0298 7264 SessionEnv - ok
11:17:58.0305 7264 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:17:58.0307 7264 sffdisk - ok
11:17:58.0310 7264 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:17:58.0311 7264 sffp_mmc - ok
11:17:58.0314 7264 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:17:58.0315 7264 sffp_sd - ok
11:17:58.0326 7264 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
11:17:58.0329 7264 sfloppy - ok
11:17:58.0421 7264 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:17:58.0427 7264 SharedAccess - ok
11:17:58.0451 7264 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:17:58.0457 7264 ShellHWDetection - ok
11:17:58.0493 7264 simptcp (e9e830d540ededed650f906628468548) C:\Windows\System32\tcpsvcs.exe
11:17:58.0495 7264 simptcp - ok
11:17:58.0516 7264 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
11:17:58.0518 7264 SiSRaid2 - ok
11:17:58.0536 7264 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
11:17:58.0538 7264 SiSRaid4 - ok
11:17:58.0575 7264 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:17:58.0577 7264 Smb - ok
11:17:58.0613 7264 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:17:58.0616 7264 SNMPTRAP - ok
11:17:58.0630 7264 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:17:58.0632 7264 spldr - ok
11:17:58.0662 7264 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:17:58.0676 7264 Spooler - ok
11:17:59.0928 7264 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:18:00.0012 7264 sppsvc - ok
11:18:00.0216 7264 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:18:00.0218 7264 sppuinotify - ok
11:18:01.0017 7264 SQLBrowser (7d67c07c63796775cc5492bcfeaff125) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
11:18:01.0056 7264 SQLBrowser - ok
11:18:01.0434 7264 SQLSERVERAGENT (70f05e8ece922c20e785a46224e12183) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
11:18:01.0441 7264 SQLSERVERAGENT - ok
11:18:01.0500 7264 SQLWriter (f98ddfbfe0ee66d4c4b00693512b9527) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
11:18:01.0504 7264 SQLWriter - ok
11:18:02.0186 7264 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:18:02.0201 7264 srv - ok
11:18:02.0223 7264 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:18:02.0230 7264 srv2 - ok
11:18:02.0254 7264 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:18:02.0257 7264 srvnet - ok
11:18:02.0560 7264 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:18:02.0565 7264 SSDPSRV - ok
11:18:02.0591 7264 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:18:02.0594 7264 SstpSvc - ok
11:18:02.0986 7264 STacSV (b2d8b364a831427a5741f6c408fa8ae3) C:\Program Files\IDT\WDM\STacSV64.exe
11:18:03.0001 7264 STacSV - ok
11:18:03.0044 7264 stdcfltn (e4ea2412fb1b8aee33667a9cc6d456a4) C:\Windows\system32\DRIVERS\stdcfltn.sys
11:18:03.0046 7264 stdcfltn - ok
11:18:03.0492 7264 Stereo Service (479321c119b54d7f13a91e16cf7c2e9a) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
11:18:03.0509 7264 Stereo Service - ok
11:18:03.0528 7264 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
11:18:03.0530 7264 stexstor - ok
11:18:03.0566 7264 STHDA (ef5acde92ba3f691bbfef781cb063501) C:\Windows\system32\DRIVERS\stwrt64.sys
11:18:03.0573 7264 STHDA - ok
11:18:04.0110 7264 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:18:04.0133 7264 stisvc - ok
11:18:04.0157 7264 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
11:18:04.0159 7264 StorSvc - ok
11:18:04.0200 7264 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
11:18:04.0203 7264 storvsc - ok
11:18:04.0222 7264 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
11:18:04.0223 7264 swenum - ok
11:18:04.0259 7264 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:18:04.0267 7264 swprv - ok
11:18:04.0281 7264 SynthVid (4cdd7df58730d23ba9cb5829a6e2ecea) C:\Windows\system32\DRIVERS\VMBusVideoM.sys
11:18:04.0284 7264 SynthVid - ok
11:18:04.0373 7264 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:18:04.0406 7264 SysMain - ok
11:18:04.0971 7264 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:18:04.0974 7264 TabletInputService - ok
11:18:04.0995 7264 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:18:05.0001 7264 TapiSrv - ok
11:18:05.0015 7264 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:18:05.0018 7264 TBS - ok
11:18:06.0179 7264 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
11:18:06.0216 7264 Tcpip - ok
11:18:08.0251 7264 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
11:18:08.0261 7264 TCPIP6 - ok
11:18:09.0663 7264 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:18:09.0667 7264 tcpipreg - ok
11:18:10.0882 7264 tcsd_win32.exe (3d52b206d9f6f3ecfdb5d676614e47b6) C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
11:18:10.0930 7264 tcsd_win32.exe - ok
11:18:12.0228 7264 TdmService (e2f626e4a23e12de31d8820ff143a456) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
11:18:12.0342 7264 TdmService - ok
11:18:13.0287 7264 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:18:13.0288 7264 TDPIPE - ok
11:18:13.0318 7264 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:18:13.0320 7264 TDTCP - ok
11:18:13.0337 7264 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:18:13.0340 7264 tdx - ok
11:18:13.0353 7264 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
11:18:13.0356 7264 TermDD - ok
11:18:13.0392 7264 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:18:13.0411 7264 TermService - ok
11:18:13.0422 7264 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:18:13.0425 7264 Themes - ok
11:18:13.0445 7264 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:18:13.0446 7264 THREADORDER - ok
11:18:13.0462 7264 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:18:13.0465 7264 TrkWks - ok
11:18:13.0620 7264 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:18:13.0636 7264 TrustedInstaller - ok
11:18:13.0660 7264 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:18:13.0662 7264 tssecsrv - ok
11:18:13.0696 7264 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:18:13.0698 7264 TsUsbFlt - ok
11:18:13.0765 7264 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
11:18:13.0766 7264 TsUsbGD - ok
11:18:13.0789 7264 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:18:13.0792 7264 tunnel - ok
11:18:13.0807 7264 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
11:18:13.0810 7264 uagp35 - ok
11:18:13.0835 7264 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:18:13.0840 7264 udfs - ok
11:18:13.0866 7264 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:18:13.0869 7264 UI0Detect - ok
11:18:13.0906 7264 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:18:13.0908 7264 uliagpkx - ok
11:18:13.0940 7264 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
11:18:13.0942 7264 umbus - ok
11:18:13.0945 7264 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
11:18:13.0946 7264 UmPass - ok
11:18:13.0969 7264 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
11:18:13.0973 7264 UmRdpService - ok
11:18:14.0297 7264 UNS (1b71370aec1115f80d9a4a209317c968) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
11:18:14.0344 7264 UNS - ok
11:18:15.0202 7264 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:18:15.0209 7264 upnphost - ok
11:18:15.0382 7264 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
11:18:15.0384 7264 USBAAPL64 - ok
11:18:15.0467 7264 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
11:18:15.0470 7264 usbaudio - ok
11:18:15.0490 7264 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
11:18:15.0502 7264 usbccgp - ok
11:18:15.0545 7264 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:18:15.0548 7264 usbcir - ok
11:18:15.0558 7264 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:18:15.0560 7264 usbehci - ok
11:18:15.0628 7264 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:18:15.0633 7264 usbhub - ok
11:18:15.0657 7264 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:18:15.0660 7264 usbohci - ok
11:18:15.0694 7264 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:18:15.0695 7264 usbprint - ok
11:18:15.0707 7264 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:18:15.0709 7264 USBSTOR - ok
11:18:15.0718 7264 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:18:15.0720 7264 usbuhci - ok
11:18:15.0765 7264 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
11:18:15.0768 7264 usbvideo - ok
11:18:15.0817 7264 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
11:18:15.0818 7264 usb_rndisx - ok
11:18:15.0844 7264 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:18:15.0847 7264 UxSms - ok
11:18:15.0866 7264 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:18:15.0867 7264 VaultSvc - ok
11:18:15.0966 7264 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
11:18:15.0988 7264 VClone - ok
11:18:16.0010 7264 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:18:16.0012 7264 vdrvroot - ok
11:18:16.0043 7264 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:18:16.0058 7264 vds - ok
11:18:16.0102 7264 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:18:16.0104 7264 vga - ok
11:18:16.0118 7264 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:18:16.0121 7264 VgaSave - ok
11:18:16.0142 7264 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:18:16.0146 7264 vhdmp - ok
11:18:16.0150 7264 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:18:16.0152 7264 viaide - ok
11:18:16.0324 7264 VMAuthdService (94cf2d157c8fd9089afa5da78aa64c65) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
11:18:16.0325 7264 VMAuthdService - ok
11:18:16.0345 7264 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
11:18:16.0347 7264 VMBusHID - ok
11:18:16.0382 7264 vmci (87fc1dd880e8cac4faebb84af61a87c4) C:\Windows\system32\DRIVERS\vmci.sys
11:18:16.0385 7264 vmci - ok
11:18:16.0425 7264 VMnetAdapter (b259c31378bc855afd1b53f59311c251) C:\Windows\system32\DRIVERS\vmnetadapter.sys
11:18:16.0427 7264 VMnetAdapter - ok
11:18:16.0465 7264 VMnetBridge (dec4ce720ffeda939cf1ba315cfbd993) C:\Windows\system32\DRIVERS\vmnetbridge.sys
11:18:16.0468 7264 VMnetBridge - ok
11:18:16.0490 7264 VMnetDHCP - ok
11:18:16.0512 7264 VMnetuserif (ec9456d3e0e194d67d7430c7ab4eab2c) C:\Windows\system32\drivers\vmnetuserif.sys
11:18:16.0514 7264 VMnetuserif - ok
11:18:16.0557 7264 VMparport (229f7adc9da08646be05d2b38749ade3) C:\Windows\system32\drivers\VMparport.sys
11:18:16.0559 7264 VMparport - ok
11:18:16.0602 7264 vmusb (415b167695c4b5960a13098622ef3d80) C:\Windows\system32\Drivers\vmusb.sys
11:18:16.0604 7264 vmusb - ok
11:18:16.0965 7264 VMUSBArbService (18903ca7936912c337c9d28858880cf2) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
11:18:16.0986 7264 VMUSBArbService - ok
11:18:17.0002 7264 VMware NAT Service - ok
11:18:22.0721 7264 VMwareHostd (8c01ae115e9e6806a25a9b5136fd6fc0) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
11:18:22.0912 7264 VMwareHostd - ok
11:18:23.0866 7264 vmx86 (940933def15495d50dc1232e28c70b48) C:\Windows\system32\drivers\vmx86.sys
11:18:23.0874 7264 vmx86 - ok
11:18:23.0896 7264 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:18:23.0898 7264 volmgr - ok
11:18:23.0917 7264 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:18:23.0923 7264 volmgrx - ok
11:18:23.0946 7264 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:18:23.0951 7264 volsnap - ok
11:18:24.0240 7264 vpnagent (ba3d7bbd50f3b5222e1953c5e31f199e) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
11:18:24.0253 7264 vpnagent - ok
11:18:24.0288 7264 vpnva (22cbf4070aa7e13c17389eda5b944a10) C:\Windows\system32\DRIVERS\vpnva64.sys
11:18:24.0290 7264 vpnva - ok
11:18:24.0334 7264 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
11:18:24.0337 7264 vsmraid - ok
11:18:24.0404 7264 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:18:24.0441 7264 VSS - ok
11:18:24.0596 7264 vstor2-mntapi10-shared (6107e33a30c0b923f31c872e1980d2d1) C:\Windows\syswow64\drivers\vstor2-mntapi10-shared.sys
11:18:24.0597 7264 vstor2-mntapi10-shared - ok
11:18:25.0525 7264 vToolbarUpdater12.2.0 (ef51747440486c23bd466311048bd924) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
11:18:25.0544 7264 vToolbarUpdater12.2.0 - ok
11:18:25.0712 7264 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:18:25.0713 7264 vwifibus - ok
11:18:25.0787 7264 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:18:25.0790 7264 vwififlt - ok
11:18:25.0816 7264 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:18:25.0822 7264 W32Time - ok
11:18:26.0246 7264 W3SVC (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
11:18:26.0253 7264 W3SVC - ok
11:18:26.0279 7264 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
11:18:26.0281 7264 WacomPen - ok
11:18:26.0328 7264 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:18:26.0331 7264 WANARP - ok
11:18:26.0334 7264 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:18:26.0335 7264 Wanarpv6 - ok
11:18:26.0358 7264 WAS (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
11:18:26.0361 7264 WAS - ok
11:18:28.0257 7264 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:18:28.0282 7264 WatAdminSvc - ok
11:18:30.0290 7264 Wave Authentication Manager Service (e45bce01f15eeb240fe9db83b9d86be3) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
11:18:30.0325 7264 Wave Authentication Manager Service - ok
11:18:31.0974 7264 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:18:32.0022 7264 wbengine - ok
11:18:32.0305 7264 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:18:32.0309 7264 WbioSrvc - ok
11:18:32.0873 7264 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
11:18:32.0880 7264 WcesComm - ok
11:18:32.0902 7264 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:18:32.0909 7264 wcncsvc - ok
11:18:32.0925 7264 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:18:32.0928 7264 WcsPlugInService - ok
11:18:32.0965 7264 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
11:18:32.0966 7264 Wd - ok
11:18:33.0001 7264 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:18:33.0017 7264 Wdf01000 - ok
11:18:33.0036 7264 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:18:33.0039 7264 WdiServiceHost - ok
11:18:33.0041 7264 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:18:33.0043 7264 WdiSystemHost - ok
11:18:33.0060 7264 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:18:33.0065 7264 WebClient - ok
11:18:33.0081 7264 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:18:33.0085 7264 Wecsvc - ok
11:18:33.0099 7264 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:18:33.0103 7264 wercplsupport - ok
11:18:33.0136 7264 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:18:33.0139 7264 WerSvc - ok
11:18:33.0221 7264 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:18:33.0223 7264 WfpLwf - ok
11:18:33.0239 7264 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:18:33.0241 7264 WIMMount - ok
11:18:33.0284 7264 WinDefend - ok
11:18:33.0290 7264 WinHttpAutoProxySvc - ok
11:18:33.0346 7264 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:18:33.0350 7264 Winmgmt - ok
11:18:33.0452 7264 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:18:33.0480 7264 WinRM - ok
11:18:33.0717 7264 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
11:18:33.0726 7264 WinUsb - ok
11:18:34.0273 7264 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:18:34.0306 7264 Wlansvc - ok
11:18:34.0477 7264 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:18:34.0566 7264 wlcrasvc - ok
11:18:35.0804 7264 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:18:35.0840 7264 wlidsvc - ok
11:18:36.0027 7264 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:18:36.0028 7264 WmiAcpi - ok
11:18:36.0068 7264 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:18:36.0072 7264 wmiApSrv - ok
11:18:36.0097 7264 WMPNetworkSvc - ok
11:18:36.0132 7264 WMSVC (b5bd872122a2ce82d196abf2d5d8d80a) C:\Windows\system32\inetsrv\wmsvc.exe
11:18:36.0134 7264 WMSVC - ok
11:18:36.0151 7264 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:18:36.0154 7264 WPCSvc - ok
11:18:36.0170 7264 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:18:36.0174 7264 WPDBusEnum - ok
11:18:36.0194 7264 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:18:36.0196 7264 ws2ifsl - ok
11:18:36.0243 7264 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
11:18:36.0246 7264 wscsvc - ok
11:18:36.0249 7264 WSearch - ok
11:18:37.0978 7264 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
11:18:38.0027 7264 wuauserv - ok
11:18:38.0403 7264 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:18:38.0406 7264 WudfPf - ok
11:18:38.0452 7264 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:18:38.0455 7264 WUDFRd - ok
11:18:38.0480 7264 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:18:38.0483 7264 wudfsvc - ok
11:18:38.0500 7264 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:18:38.0505 7264 WwanSvc - ok
11:18:38.0822 7264 ZcfgSvc7 (b87e12317928739e22d2e3acc7ccac80) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
11:18:38.0855 7264 ZcfgSvc7 - ok
11:18:38.0908 7264 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
11:18:40.0911 7264 \Device\Harddisk0\DR0 - ok
11:18:40.0925 7264 Boot (0x1200) (ef7d5268a49ea696834e967b816039a7) \Device\Harddisk0\DR0\Partition0
11:18:40.0927 7264 \Device\Harddisk0\DR0\Partition0 - ok
11:18:40.0941 7264 Boot (0x1200) (77ad06b748f17f07a3998605825d8ac9) \Device\Harddisk0\DR0\Partition1
11:18:40.0944 7264 \Device\Harddisk0\DR0\Partition1 - ok
11:18:40.0944 7264 ============================================================
11:18:40.0944 7264 Scan finished
11:18:40.0944 7264 ============================================================
11:18:40.0953 3020 Detected object count: 0
11:18:40.0953 3020 Actual detected object count: 0



AswMBR Log
======================
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-09 15:38:09
-----------------------------
15:38:09.256 OS Version: Windows x64 6.1.7601 Service Pack 1
15:38:09.257 Number of processors: 4 586 0x2A07
15:38:09.257 ComputerName: GEORGE-L UserName:
15:38:54.711 Initialize success
15:40:19.184 AVAST engine defs: 12080901
15:40:44.198 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:40:44.201 Disk 0 Vendor: ST950042 0002 Size: 476940MB BusType: 8
15:40:44.222 Disk 0 MBR read successfully
15:40:44.224 Disk 0 MBR scan
15:40:44.236 Disk 0 Windows VISTA default MBR code
15:40:44.239 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
15:40:44.256 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 18736 MB offset 81920
15:40:44.273 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 458160 MB offset 38453248
15:40:44.290 Disk 0 scanning C:\Windows\system32\drivers
15:40:53.700 Service scanning
15:42:00.419 Modules scanning
15:42:00.427 Disk 0 trace - called modules:
15:42:00.487 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
15:42:00.495 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065dc060]
15:42:00.499 3 CLASSPNP.SYS[fffff88001b7543f] -> nt!IofCallDriver -> [0xfffffa8006481a90]
15:42:00.503 5 stdcfltn.sys[fffff88001aaed12] -> nt!IofCallDriver -> [0xfffffa80046d7be0]
15:42:00.506 7 ACPI.sys[fffff88000f187a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046da050]
15:42:38.646 AVAST engine scan C:\Windows
15:42:49.248 AVAST engine scan C:\Windows\system32
15:48:50.159 AVAST engine scan C:\Windows\system32\drivers
15:49:00.947 AVAST engine scan C:\Users\glindholm.PGT
15:56:04.749 Disk 0 MBR has been saved successfully to "C:\Users\glindholm.PGT\Desktop\Stuff\BleepingComputer\MBR.dat"
15:56:04.755 The log file has been saved successfully to "C:\Users\glindholm.PGT\Desktop\Stuff\BleepingComputer\aswMBR.txt"

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:06 AM

Posted 10 August 2012 - 12:15 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:06 AM

Posted 14 August 2012 - 12:20 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:06 AM

Posted 17 August 2012 - 10:28 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:06 AM

Posted 20 August 2012 - 12:03 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users