Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with a Variant of Win32/Sirefef.EV - Trojan


  • This topic is locked This topic is locked
25 replies to this topic

#1 desertjackson

desertjackson

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 15 October 2012 - 09:43 PM

Anti-virus keeps asking to reboot system to clean files that are "locked or in use." Rebooting does not remove or clean files, and reboot message returns. Anti-virus scan shows red flags for the following: Operating memory » services.exe(640) - a variant of Win32/Sirefef.EV trojan - unable to clean; and, Operating memory » C:\Windows\assembly\GAC\Desktop.ini - a variant of Win32/Sirefef.EZ trojan - deleted (after the next restart) [2].

DDS (Ver_2012-10-14.05) - NTFS_x86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 10.7.2
Run by Give at 18:06:33 on 2012-10-15
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2036.952 [GMT -6:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: COMODO Defense+ *Enabled/Updated* {1C31E4C3-A132-6AC6-4A85-4415E7D88418}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Defense+ *Enabled* {9F6B8402-CD67-6410-5B6A-D652628C89DE}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://qwest.live.com/
uWindow Title = Windows Internet Explorer provided by Qwest
uDefault_Page_URL = hxxp://qwest.live.com
mStart Page = hxxp://qwest.live.com
mDefault_Page_URL = hxxp://qwest.live.com
uProxyOverride = <local>;*.local
BHO: AutorunsDisabled - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {1FD79A59-37B1-459B-9097-09F9FAB8A523} - <orphaned>
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [AdobeBridge] <no file>
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\give\appdata\roaming\micros~1\windows\startm~1\programs\startup\autoru~1\protoo~1.lnk - c:\program files\digidesign\pro tools\DigidesignRegistration.exe
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
LSP: mswsock.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: NameServer = 192.168.254.254
TCP: Interfaces\{C12E828F-6332-4BDE-835D-4117009499E4} : DHCPNameServer = 192.168.254.254
Notify: AutorunsDisabled - <no file>
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\give\appdata\roaming\mozilla\firefox\profiles\lyp8xfau.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\users\give\appdata\roaming\mozilla\firefox\profiles\lyp8xfau.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.01.01);user_pref(general.useragent.extra.zencast,
============= SERVICES / DRIVERS ===============
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-2-24 128888]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-2-24 29520]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 106208]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-2-6 727720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-2-6 92800]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-2-24 810320]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 250808]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-13 30312]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2010-3-12 97808]
S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [2010-3-12 21648]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2010-3-12 21904]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-2 114144]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
S4 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-23 155648]
S4 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
.
=============== Created Last 30 ================
.
2012-10-14 06:48:14 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-14 06:48:14 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-14 06:47:57 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2012-10-10 06:45:32 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-10 06:45:32 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 18:07:13.00 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:18 AM

Posted 15 October 2012 - 11:38 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:18 AM

Posted 18 October 2012 - 11:19 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 desertjackson

desertjackson
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 18 October 2012 - 11:42 PM

Hi, sorry I haven't gotten to you sooner. I will be running the scans per your instructions tomorrow in the afternoon/evening and should have a new post by tomorrow night. I hope that is OK.

Rick

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:18 AM

Posted 19 October 2012 - 07:47 AM

thank you for letting me know


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 desertjackson

desertjackson
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 20 October 2012 - 12:00 AM

Hi, I ran Security Check, ADW Cleaner, and Rogue Killer. The system appears to be in the same condition - Anti-virus detecting threat and asking to reboot to delete files (reboot accomplishes nothing). Here are the reports:

SECURITY CHECK

Results of screen317's Security Check version 0.99.53
Windows Vista Service Pack 1 x86 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
ESET NOD32 Antivirus 4.0
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Java™ 6 Update 17
Java 7 Update 7
Java™ 6 Update 7
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Mozilla Firefox 15.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
Give Desktop Virus Removal 2012 Scanners etc\Round 1\SecurityCheck.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````



ADW CLEANER

# AdwCleaner v2.005 - Logfile created 10/19/2012 at 22:34:16
# Updated 14/10/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 1 (32 bits)
# User : Give - MAGICBOX
# Boot Mode : Normal
# Running from : C:\Users\Give\Desktop\Virus Removal 2012\Scanners etc\Round 1\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Users\Give\AppData\LocalLow\boost_interprocess

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19088

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-US)

Profile name : default
File : C:\Users\Give\AppData\Roaming\Mozilla\Firefox\Profiles\lyp8xfau.default\prefs.js

C:\Users\Give\AppData\Roaming\Mozilla\Firefox\Profiles\lyp8xfau.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Give\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1594 octets] - [19/10/2012 22:34:16]

########## EOF - C:\AdwCleaner[S1].txt - [1654 octets] ##########



ROGUE KILLER

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User : Give [Admin rights]
Mode : Scan -- Date : 10/19/2012 22:38:46

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[TASK][SUSP PATH] {3AF7D900-FCCD-457B-AA25-6C7D72EB326C} : C:\Windows\System32\pcalua.exe -a C:\Users\Give\Desktop\Web\JB3MV2_PCWDRV_US_2_01_00.EXE -d C:\Users\Give\Desktop\Web -> FOUND
[TASK][SUSP PATH] {5C6D2C61-EA2C-4E0E-BB40-F762467C5F77} : C:\Windows\System32\pcalua.exe -a C:\Users\Give\Desktop\Web\CMS5_PCAPP_LB_5_10_38.exe -d C:\Users\Give\Desktop\Web -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[SHELL][BLPATH] [ON_D:]HKLM\Software[...]\Winlogon : Shell (cmd.exe /k start cmd.exe) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\Windows\Installer\{b0a70ab8-d63a-da0c-e59c-d2793a72d63e}\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{b0a70ab8-d63a-da0c-e59c-d2793a72d63e}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{b0a70ab8-d63a-da0c-e59c-d2793a72d63e}\L --> FOUND
[ZeroAccess][FILE] @ : C:\Users\Give\AppData\Local\{b0a70ab8-d63a-da0c-e59c-d2793a72d63e}\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\Users\Give\AppData\Local\{b0a70ab8-d63a-da0c-e59c-d2793a72d63e}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Users\Give\AppData\Local\{b0a70ab8-d63a-da0c-e59c-d2793a72d63e}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC\Desktop.ini --> FOUND
[Susp.ASLR|Sig - ZeroAccess][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\Users\Default\NTUSER.DAT

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200AAKS-75L9A0 ATA Device +++++
--- User ---
[MBR] 6f5940339f00aaa5804bd6ae17660132
[BSP] bd5bc348e98abe7701cc212698ca068a : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:18 AM

Posted 20 October 2012 - 12:16 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 desertjackson

desertjackson
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 20 October 2012 - 02:15 AM

OK, completed this round of ComboFix. Only issue I encountered was that I hadn't properly disabled my Anti-virus software on the first try with ComboFix, so I restarted the computer before the scan began. Then properly disabled everything and ran the scan without any issues (other than the one you mentioned about an error message, which was remedied with a restart). I'm not sure if the computer is running differently now...it's been on for maybe 10 minutes since the last restart and I haven't turned on my security software yet. It's time for me to turn in for the night. I'll post the ComboFix log here and if you have any more instructions, I'll follow up with them tomorrow evening and update you on the system's performance. THANK YOU!


COMBO FIX

ComboFix 12-10-19.01 - Give 10/20/2012 0:38.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2036.899 [GMT -6:00]
Running from: c:\users\Give\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: COMODO Defense+ *Disabled* {9F6B8402-CD67-6410-5B6A-D652628C89DE}
SP: COMODO Defense+ *Disabled/Updated* {1C31E4C3-A132-6AC6-4A85-4415E7D88418}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\drivers\tcpip.copy
c:\windows\system32\Thumbs.db
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2012-09-20 to 2012-10-20 )))))))))))))))))))))))))))))))
.
.
2012-10-20 04:37 . 2012-10-20 04:37 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-10-14 06:48 . 2012-10-14 06:47 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-14 06:48 . 2012-10-14 06:47 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-14 06:47 . 2012-10-14 06:47 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-05 05:17 . 2012-10-05 05:17 -------- d-----w- c:\program files\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 06:45 . 2012-03-31 05:40 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-10 06:45 . 2011-09-19 20:26 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-20 02:38 . 2012-10-20 02:38 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Give\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Pro Tools LE Registration.lnk - c:\program files\Digidesign\Pro Tools\DigidesignRegistration.exe [2010-2-19 4485120]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
2009-02-19 10:44 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"=Digi32.dll
"MIDI2"=diomidi.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\D:\0autocheck autochk *
.
[HKLM\~\startupfolder\C:^Users^Give^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
path=c:\users\Give\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
backup=c:\windows\pss\Dell Dock.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2008-10-04 19:58 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MBFreeSubliminalMessageSoftware"=c:\program files\MB Free Subliminal Message Software\MBFreeSubliminalMessageSoftware.exe /STARTUP
"MyDesktopTherapist"=c:\program files\mydesktoptherapist.com\My Desktop Therapist\MyDesktopTherapist.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-434694726-2979234428-1130945686-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R4 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 06:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://qwest.live.com/
mStart Page = hxxp://qwest.live.com
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.254.254
FF - ProfilePath - c:\users\Give\AppData\Roaming\Mozilla\Firefox\Profiles\lyp8xfau.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-20 00:52
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4000)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-10-20 00:58:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-20 06:58
.
Pre-Run: 157,862,903,808 bytes free
Post-Run: 173,179,285,504 bytes free
.
- - End Of File - - 4C1904DCCB071B38A679519A643C7E89

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:18 AM

Posted 20 October 2012 - 02:17 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 desertjackson

desertjackson
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 20 October 2012 - 08:57 PM

Hello,

Included are the reports from TDSSKiller & aswMBR. TDSSKiller did not seem to find any threats or need to delete anything. Since I ran ComboFix (per your previous instructions), the computer appears to be running well. My anti-virus software (ESET NOD32) is in the green and is no longer showing a pop-up message about needing to reboot to clean infected files. Look for to hearing what you think! Report Logs are as follows:


TDSSKiller


19:04:18.0112 1632 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
19:04:20.0124 1632 ============================================================
19:04:20.0124 1632 Current date / time: 2012/10/20 19:04:20.0124
19:04:20.0124 1632 SystemInfo:
19:04:20.0124 1632
19:04:20.0124 1632 OS Version: 6.0.6001 ServicePack: 1.0
19:04:20.0124 1632 Product type: Workstation
19:04:20.0124 1632 ComputerName: MAGICBOX
19:04:20.0124 1632 UserName: Give
19:04:20.0124 1632 Windows directory: C:\Windows
19:04:20.0124 1632 System windows directory: C:\Windows
19:04:20.0124 1632 Processor architecture: Intel x86
19:04:20.0124 1632 Number of processors: 2
19:04:20.0124 1632 Page size: 0x1000
19:04:20.0124 1632 Boot type: Normal boot
19:04:20.0124 1632 ============================================================
19:04:22.0823 1632 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:04:22.0823 1632 ============================================================
19:04:22.0823 1632 \Device\Harddisk0\DR0:
19:04:22.0839 1632 MBR partitions:
19:04:22.0839 1632 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
19:04:22.0839 1632 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
19:04:22.0839 1632 ============================================================
19:04:22.0948 1632 C: <-> \Device\Harddisk0\DR0\Partition2
19:04:23.0010 1632 D: <-> \Device\Harddisk0\DR0\Partition1
19:04:23.0010 1632 ============================================================
19:04:23.0010 1632 Initialize success
19:04:23.0010 1632 ============================================================
19:04:35.0178 1408 ============================================================
19:04:35.0178 1408 Scan started
19:04:35.0178 1408 Mode: Manual;
19:04:35.0178 1408 ============================================================
19:04:37.0175 1408 ================ Scan system memory ========================
19:04:37.0175 1408 System memory - ok
19:04:37.0175 1408 ================ Scan services =============================
19:04:37.0456 1408 [ 0CEE59E4613BF65E2FD37E544AD66BDB ] ACPI C:\Windows\system32\drivers\acpi.sys
19:04:37.0456 1408 ACPI - ok
19:04:37.0596 1408 [ 6D7F09CD92A9FEF3A8EFCE66231FDD79 ] adfs C:\Windows\system32\drivers\adfs.sys
19:04:37.0596 1408 adfs - ok
19:04:37.0830 1408 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:04:37.0830 1408 AdobeARMservice - ok
19:04:37.0877 1408 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:04:37.0877 1408 AdobeFlashPlayerUpdateSvc - ok
19:04:37.0955 1408 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:04:38.0064 1408 adp94xx - ok
19:04:38.0080 1408 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:04:38.0095 1408 adpahci - ok
19:04:38.0111 1408 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
19:04:38.0142 1408 adpu160m - ok
19:04:38.0173 1408 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:04:38.0205 1408 adpu320 - ok
19:04:38.0283 1408 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:04:38.0283 1408 AeLookupSvc - ok
19:04:38.0329 1408 [ 330A1E4DF07C2E29949ED8631CD8828E ] AERTFilters C:\Windows\system32\AERTSrv.exe
19:04:38.0329 1408 AERTFilters - ok
19:04:38.0470 1408 [ 48EB99503533C27AC6135648E5474457 ] AFD C:\Windows\system32\drivers\afd.sys
19:04:38.0470 1408 AFD - ok
19:04:38.0501 1408 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:04:38.0501 1408 agp440 - ok
19:04:38.0532 1408 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:04:38.0579 1408 aic78xx - ok
19:04:38.0595 1408 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
19:04:38.0595 1408 ALG - ok
19:04:38.0610 1408 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
19:04:38.0657 1408 aliide - ok
19:04:38.0673 1408 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:04:38.0673 1408 amdagp - ok
19:04:38.0688 1408 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
19:04:38.0719 1408 amdide - ok
19:04:38.0735 1408 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
19:04:38.0751 1408 AmdK7 - ok
19:04:38.0766 1408 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:04:38.0782 1408 AmdK8 - ok
19:04:38.0860 1408 [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
19:04:38.0922 1408 androidusb - ok
19:04:38.0953 1408 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
19:04:38.0969 1408 Appinfo - ok
19:04:39.0187 1408 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:04:39.0187 1408 Apple Mobile Device - ok
19:04:39.0281 1408 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
19:04:39.0312 1408 arc - ok
19:04:39.0375 1408 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:04:39.0390 1408 arcsas - ok
19:04:39.0437 1408 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:04:39.0468 1408 AsyncMac - ok
19:04:39.0499 1408 [ 0D83C87A801A3DFCD1BF73893FE7518C ] atapi C:\Windows\system32\drivers\atapi.sys
19:04:39.0499 1408 atapi - ok
19:04:39.0531 1408 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:04:39.0531 1408 AudioEndpointBuilder - ok
19:04:39.0593 1408 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:04:39.0593 1408 Audiosrv - ok
19:04:39.0702 1408 [ 746F59822A5187510471FC46889B8CC9 ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl6.sys
19:04:39.0718 1408 BCM43XV - ok
19:04:39.0811 1408 [ 746F59822A5187510471FC46889B8CC9 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
19:04:39.0827 1408 BCM43XX - ok
19:04:39.0843 1408 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
19:04:39.0843 1408 Beep - ok
19:04:39.0936 1408 [ 8582E233C346AEFE759833E8A30DD697 ] BFE C:\Windows\System32\bfe.dll
19:04:39.0967 1408 BFE - ok
19:04:40.0045 1408 [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS C:\Windows\system32\qmgr.dll
19:04:40.0092 1408 BITS - ok
19:04:40.0123 1408 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
19:04:40.0186 1408 blbdrive - ok
19:04:40.0326 1408 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:04:40.0326 1408 Bonjour Service - ok
19:04:40.0389 1408 [ 8153396D5551276227FA146900F734E6 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:04:40.0404 1408 bowser - ok
19:04:40.0435 1408 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
19:04:40.0451 1408 BrFiltLo - ok
19:04:40.0482 1408 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
19:04:40.0482 1408 BrFiltUp - ok
19:04:40.0498 1408 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
19:04:40.0498 1408 Browser - ok
19:04:40.0513 1408 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
19:04:40.0576 1408 Brserid - ok
19:04:40.0607 1408 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
19:04:40.0607 1408 BrSerWdm - ok
19:04:40.0623 1408 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
19:04:40.0638 1408 BrUsbMdm - ok
19:04:40.0685 1408 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
19:04:40.0685 1408 BrUsbSer - ok
19:04:40.0716 1408 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:04:40.0794 1408 BTHMODEM - ok
19:04:40.0857 1408 catchme - ok
19:04:40.0872 1408 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:04:40.0903 1408 cdfs - ok
19:04:40.0919 1408 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:04:40.0919 1408 cdrom - ok
19:04:40.0950 1408 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll
19:04:40.0950 1408 CertPropSvc - ok
19:04:40.0966 1408 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
19:04:41.0013 1408 circlass - ok
19:04:41.0059 1408 [ 0703B9DEE7EEC6D6370EDEBD43D0F5C2 ] CLFS C:\Windows\system32\CLFS.sys
19:04:41.0106 1408 CLFS - ok
19:04:41.0200 1408 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:04:41.0215 1408 clr_optimization_v2.0.50727_32 - ok
19:04:41.0309 1408 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:04:41.0325 1408 clr_optimization_v4.0.30319_32 - ok
19:04:41.0465 1408 [ DFDF8FE82FBF0FD0FDB3E74AC4988BB6 ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
19:04:41.0465 1408 cmdAgent - ok
19:04:41.0512 1408 [ 1E26B8BABB877D2A98E811B99FA11CCF ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys
19:04:41.0512 1408 cmdGuard - ok
19:04:41.0527 1408 [ 9A88D48401FAFF304EDD3BE74103C434 ] cmdHlp C:\Windows\system32\DRIVERS\cmdhlp.sys
19:04:41.0527 1408 cmdHlp - ok
19:04:41.0543 1408 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:04:41.0574 1408 cmdide - ok
19:04:41.0590 1408 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
19:04:41.0605 1408 Compbatt - ok
19:04:41.0605 1408 COMSysApp - ok
19:04:41.0637 1408 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:04:41.0668 1408 crcdisk - ok
19:04:41.0683 1408 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
19:04:41.0699 1408 Crusoe - ok
19:04:41.0746 1408 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:04:41.0761 1408 CryptSvc - ok
19:04:41.0808 1408 [ D98C6F541565204B10297F460F0BAF60 ] dalwdmservice C:\Windows\system32\drivers\dalwdm.sys
19:04:41.0824 1408 dalwdmservice - ok
19:04:42.0011 1408 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:04:42.0042 1408 DcomLaunch - ok
19:04:42.0089 1408 [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:04:42.0136 1408 DfsC - ok
19:04:42.0354 1408 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe
19:04:42.0370 1408 DFSR - ok
19:04:42.0401 1408 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
19:04:42.0417 1408 Dhcp - ok
19:04:42.0463 1408 DigiRefresh - ok
19:04:42.0557 1408 [ 67A05AF6BCD70F47B31C784D71841147 ] digiSPTIService C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
19:04:42.0604 1408 digiSPTIService - ok
19:04:42.0651 1408 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys
19:04:42.0651 1408 disk - ok
19:04:42.0697 1408 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:04:42.0697 1408 Dnscache - ok
19:04:42.0744 1408 [ DB29915209770D8B59654345EC2D943A ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
19:04:42.0775 1408 DockLoginService - ok
19:04:42.0791 1408 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll
19:04:42.0791 1408 dot3svc - ok
19:04:42.0822 1408 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
19:04:42.0838 1408 DPS - ok
19:04:42.0885 1408 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:04:42.0947 1408 drmkaud - ok
19:04:43.0025 1408 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:04:43.0041 1408 DXGKrnl - ok
19:04:43.0056 1408 [ 04944F4FC4F0477185F5D26AE0DDB90E ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
19:04:43.0119 1408 e1express - ok
19:04:43.0150 1408 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
19:04:43.0165 1408 E1G60 - ok
19:04:43.0243 1408 [ 59D9E5DBCFEF1E0E3DBAC1B55C718F2D ] eamon C:\Windows\system32\DRIVERS\eamon.sys
19:04:43.0353 1408 eamon - ok
19:04:43.0384 1408 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
19:04:43.0384 1408 EapHost - ok
19:04:43.0587 1408 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys
19:04:43.0587 1408 Ecache - ok
19:04:43.0649 1408 [ 3BD67A869964BF57266CBBD1DCA38C6A ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
19:04:43.0743 1408 ehdrv - ok
19:04:43.0852 1408 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:04:43.0899 1408 ehRecvr - ok
19:04:43.0914 1408 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
19:04:43.0930 1408 ehSched - ok
19:04:43.0945 1408 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
19:04:43.0945 1408 ehstart - ok
19:04:44.0070 1408 [ 96FC9AD2C1B008424093F5367CA1AE3E ] EhttpSrv C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
19:04:44.0101 1408 EhttpSrv - ok
19:04:44.0148 1408 [ D543E7E8BCAE3F5D256335EEE809ADF5 ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
19:04:44.0164 1408 ekrn - ok
19:04:44.0242 1408 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:04:44.0304 1408 elxstor - ok
19:04:44.0351 1408 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll
19:04:44.0554 1408 EMDMgmt - ok
19:04:44.0601 1408 [ E765465A526DCCD9FD7AD29D602E150A ] epfwwfpr C:\Windows\system32\DRIVERS\epfwwfpr.sys
19:04:44.0694 1408 epfwwfpr - ok
19:04:44.0710 1408 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:04:44.0772 1408 ErrDev - ok
19:04:44.0835 1408 esgiguard - ok
19:04:44.0866 1408 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll
19:04:44.0881 1408 EventSystem - ok
19:04:44.0913 1408 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys
19:04:44.0913 1408 exfat - ok
19:04:44.0944 1408 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:04:44.0944 1408 fastfat - ok
19:04:44.0959 1408 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:04:44.0975 1408 fdc - ok
19:04:45.0022 1408 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
19:04:45.0022 1408 fdPHost - ok
19:04:45.0053 1408 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
19:04:45.0053 1408 FDResPub - ok
19:04:45.0053 1408 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:04:45.0053 1408 FileInfo - ok
19:04:45.0084 1408 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:04:45.0115 1408 Filetrace - ok
19:04:45.0178 1408 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:04:45.0365 1408 FLEXnet Licensing Service - ok
19:04:45.0381 1408 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:04:45.0396 1408 flpydisk - ok
19:04:45.0427 1408 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:04:45.0490 1408 FltMgr - ok
19:04:45.0537 1408 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:04:45.0537 1408 FontCache3.0.0.0 - ok
19:04:45.0568 1408 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:04:45.0583 1408 Fs_Rec - ok
19:04:45.0599 1408 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:04:45.0599 1408 gagp30kx - ok
19:04:45.0646 1408 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:04:45.0646 1408 GEARAspiWDM - ok
19:04:45.0708 1408 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
19:04:45.0739 1408 GoToAssist - ok
19:04:45.0771 1408 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll
19:04:45.0786 1408 gpsvc - ok
19:04:45.0864 1408 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:04:45.0927 1408 gusvc - ok
19:04:45.0973 1408 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:04:45.0973 1408 HDAudBus - ok
19:04:46.0005 1408 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:04:46.0067 1408 HidBth - ok
19:04:46.0098 1408 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
19:04:46.0145 1408 HidIr - ok
19:04:46.0207 1408 [ 53D5A2F9CE6AE47D7507727DF1DA79F8 ] hidserv C:\Windows\System32\hidserv.dll
19:04:46.0207 1408 hidserv - ok
19:04:46.0223 1408 [ 854CA287AB7FAF949617A788306D967E ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:04:46.0239 1408 HidUsb - ok
19:04:46.0270 1408 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:04:46.0270 1408 hkmsvc - ok
19:04:46.0285 1408 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
19:04:46.0332 1408 HpCISSs - ok
19:04:46.0395 1408 [ 96E241624C71211A79C84F50A8E71CAB ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:04:46.0426 1408 HTTP - ok
19:04:46.0441 1408 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
19:04:46.0488 1408 i2omp - ok
19:04:46.0535 1408 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:04:46.0551 1408 i8042prt - ok
19:04:46.0597 1408 [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor C:\Windows\system32\drivers\iastor.sys
19:04:46.0722 1408 iaStor - ok
19:04:46.0738 1408 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
19:04:46.0753 1408 iaStorV - ok
19:04:46.0800 1408 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
19:04:46.0800 1408 IDriverT - ok
19:04:46.0863 1408 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:04:46.0909 1408 idsvc - ok
19:04:46.0972 1408 [ 9378D57E2B96C0A185D844770AD49948 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
19:04:47.0003 1408 igfx - ok
19:04:47.0034 1408 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:04:47.0128 1408 iirsp - ok
19:04:47.0253 1408 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT C:\Windows\System32\ikeext.dll
19:04:47.0253 1408 IKEEXT - ok
19:04:47.0299 1408 [ EC39B83A4445602347493D46F63BC752 ] inspect C:\Windows\system32\DRIVERS\inspect.sys
19:04:47.0299 1408 inspect - ok
19:04:47.0393 1408 [ F8F53C5449F15B23D4C61D51D2701DA8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
19:04:47.0409 1408 IntcAzAudAddService - ok
19:04:47.0471 1408 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
19:04:47.0502 1408 intelide - ok
19:04:47.0533 1408 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:04:47.0533 1408 intelppm - ok
19:04:47.0565 1408 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:04:47.0565 1408 IPBusEnum - ok
19:04:47.0580 1408 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:04:47.0580 1408 IpFilterDriver - ok
19:04:47.0611 1408 [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:04:47.0627 1408 iphlpsvc - ok
19:04:47.0627 1408 IpInIp - ok
19:04:47.0658 1408 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
19:04:47.0721 1408 IPMIDRV - ok
19:04:47.0736 1408 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
19:04:47.0752 1408 IPNAT - ok
19:04:47.0845 1408 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:04:47.0877 1408 iPod Service - ok
19:04:47.0892 1408 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:04:47.0892 1408 IRENUM - ok
19:04:47.0908 1408 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:04:47.0939 1408 isapnp - ok
19:04:47.0986 1408 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:04:48.0001 1408 iScsiPrt - ok
19:04:48.0017 1408 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
19:04:48.0111 1408 iteatapi - ok
19:04:48.0126 1408 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
19:04:48.0220 1408 iteraid - ok
19:04:48.0235 1408 Jukebox3 - ok
19:04:48.0251 1408 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:04:48.0251 1408 kbdclass - ok
19:04:48.0251 1408 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:04:48.0267 1408 kbdhid - ok
19:04:48.0329 1408 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso C:\Windows\system32\lsass.exe
19:04:48.0329 1408 KeyIso - ok
19:04:48.0345 1408 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:04:48.0360 1408 KSecDD - ok
19:04:48.0391 1408 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
19:04:48.0391 1408 KtmRm - ok
19:04:48.0438 1408 [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer C:\Windows\System32\srvsvc.dll
19:04:48.0454 1408 LanmanServer - ok
19:04:48.0501 1408 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:04:48.0501 1408 LanmanWorkstation - ok
19:04:48.0532 1408 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:04:48.0532 1408 lltdio - ok
19:04:48.0594 1408 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:04:48.0610 1408 lltdsvc - ok
19:04:48.0625 1408 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:04:48.0625 1408 lmhosts - ok
19:04:48.0657 1408 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:04:48.0688 1408 LSI_FC - ok
19:04:48.0703 1408 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:04:48.0719 1408 LSI_SAS - ok
19:04:48.0750 1408 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:04:48.0766 1408 LSI_SCSI - ok
19:04:48.0781 1408 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
19:04:48.0797 1408 luafv - ok
19:04:48.0844 1408 [ 6A57E893277C989921DC5C962DC18FC2 ] MBX2DFU C:\Windows\system32\DRIVERS\MBX2DFU.sys
19:04:48.0844 1408 MBX2DFU - ok
19:04:48.0859 1408 [ 805379EDB1EA478128EB0B3450B36627 ] MBX2MIDK C:\Windows\system32\drivers\mbx2midk.sys
19:04:48.0859 1408 MBX2MIDK - ok
19:04:48.0906 1408 [ E6CB119EF2E148EAA1A247343550756E ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
19:04:48.0922 1408 McciCMService - ok
19:04:48.0937 1408 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:04:48.0984 1408 Mcx2Svc - ok
19:04:49.0000 1408 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
19:04:49.0015 1408 megasas - ok
19:04:49.0047 1408 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
19:04:49.0093 1408 MegaSR - ok
19:04:49.0109 1408 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
19:04:49.0109 1408 MMCSS - ok
19:04:49.0140 1408 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
19:04:49.0171 1408 Modem - ok
19:04:49.0203 1408 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:04:49.0203 1408 monitor - ok
19:04:49.0218 1408 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:04:49.0218 1408 mouclass - ok
19:04:49.0218 1408 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:04:49.0234 1408 mouhid - ok
19:04:49.0249 1408 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
19:04:49.0296 1408 MountMgr - ok
19:04:49.0327 1408 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:04:49.0405 1408 MozillaMaintenance - ok
19:04:49.0421 1408 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
19:04:49.0452 1408 mpio - ok
19:04:49.0483 1408 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:04:49.0483 1408 mpsdrv - ok
19:04:49.0515 1408 [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc C:\Windows\system32\mpssvc.dll
19:04:49.0546 1408 MpsSvc - ok
19:04:49.0561 1408 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
19:04:49.0624 1408 Mraid35x - ok
19:04:49.0655 1408 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:04:49.0671 1408 MRxDAV - ok
19:04:49.0733 1408 [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:04:49.0733 1408 mrxsmb - ok
19:04:49.0795 1408 [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:04:49.0795 1408 mrxsmb10 - ok
19:04:49.0858 1408 [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:04:49.0858 1408 mrxsmb20 - ok
19:04:49.0889 1408 [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci C:\Windows\system32\drivers\msahci.sys
19:04:49.0920 1408 msahci - ok
19:04:49.0936 1408 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:04:49.0951 1408 msdsm - ok
19:04:49.0967 1408 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
19:04:49.0967 1408 MSDTC - ok
19:04:49.0998 1408 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:04:49.0998 1408 Msfs - ok
19:04:50.0014 1408 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:04:50.0029 1408 msisadrv - ok
19:04:50.0061 1408 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:04:50.0061 1408 MSiSCSI - ok
19:04:50.0061 1408 msiserver - ok
19:04:50.0092 1408 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:04:50.0092 1408 MSKSSRV - ok
19:04:50.0123 1408 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:04:50.0170 1408 MSPCLOCK - ok
19:04:50.0185 1408 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:04:50.0185 1408 MSPQM - ok
19:04:50.0201 1408 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:04:50.0201 1408 MsRPC - ok
19:04:50.0232 1408 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:04:50.0232 1408 mssmbios - ok
19:04:50.0248 1408 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:04:50.0248 1408 MSTEE - ok
19:04:50.0263 1408 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys
19:04:50.0263 1408 Mup - ok
19:04:50.0279 1408 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll
19:04:50.0295 1408 napagent - ok
19:04:50.0326 1408 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:04:50.0373 1408 NativeWifiP - ok
19:04:50.0435 1408 [ C8560010A542B5DCA94C62468DC20784 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:04:50.0435 1408 NDIS - ok
19:04:50.0451 1408 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:04:50.0466 1408 NdisTapi - ok
19:04:50.0482 1408 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:04:50.0482 1408 Ndisuio - ok
19:04:50.0497 1408 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:04:50.0529 1408 NdisWan - ok
19:04:50.0529 1408 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:04:50.0529 1408 NDProxy - ok
19:04:50.0544 1408 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:04:50.0544 1408 NetBIOS - ok
19:04:50.0560 1408 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
19:04:50.0591 1408 netbt - ok
19:04:50.0607 1408 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon C:\Windows\system32\lsass.exe
19:04:50.0607 1408 Netlogon - ok
19:04:50.0638 1408 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
19:04:50.0653 1408 Netman - ok
19:04:50.0669 1408 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
19:04:50.0669 1408 netprofm - ok
19:04:50.0700 1408 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:04:50.0700 1408 NetTcpPortSharing - ok
19:04:50.0716 1408 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:04:50.0778 1408 nfrd960 - ok
19:04:50.0794 1408 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:04:50.0794 1408 NlaSvc - ok
19:04:50.0825 1408 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:04:50.0872 1408 Npfs - ok
19:04:50.0903 1408 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
19:04:50.0903 1408 nsi - ok
19:04:50.0919 1408 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:04:50.0934 1408 nsiproxy - ok
19:04:50.0981 1408 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:04:51.0059 1408 Ntfs - ok
19:04:51.0090 1408 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
19:04:51.0168 1408 ntrigdigi - ok
19:04:51.0184 1408 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
19:04:51.0246 1408 Null - ok
19:04:51.0262 1408 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:04:51.0324 1408 nvraid - ok
19:04:51.0340 1408 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:04:51.0371 1408 nvstor - ok
19:04:51.0387 1408 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:04:51.0418 1408 nv_agp - ok
19:04:51.0418 1408 NwlnkFlt - ok
19:04:51.0433 1408 NwlnkFwd - ok
19:04:51.0449 1408 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:04:51.0496 1408 ohci1394 - ok
19:04:51.0527 1408 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll
19:04:51.0543 1408 p2pimsvc - ok
19:04:51.0605 1408 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll
19:04:51.0605 1408 p2psvc - ok
19:04:51.0621 1408 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
19:04:51.0683 1408 Parport - ok
19:04:51.0699 1408 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:04:51.0699 1408 partmgr - ok
19:04:51.0714 1408 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
19:04:51.0714 1408 Parvdm - ok
19:04:51.0730 1408 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
19:04:51.0730 1408 PcaSvc - ok
19:04:51.0761 1408 [ 01B94418DEB235DFF777CC80076354B4 ] pci C:\Windows\system32\drivers\pci.sys
19:04:51.0761 1408 pci - ok
19:04:51.0777 1408 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
19:04:51.0792 1408 pciide - ok
19:04:51.0808 1408 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:04:51.0870 1408 pcmcia - ok
19:04:51.0901 1408 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:04:51.0917 1408 PEAUTH - ok
19:04:51.0964 1408 [ 2CF226173B467AB48F89D77E89936951 ] pgfilter C:\Program Files\PeerGuardian2\pgfilter.sys
19:04:51.0964 1408 pgfilter - ok
19:04:52.0057 1408 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
19:04:52.0135 1408 pla - ok
19:04:52.0198 1408 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:04:52.0213 1408 PlugPlay - ok
19:04:52.0229 1408 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
19:04:52.0276 1408 PNRPAutoReg - ok
19:04:52.0291 1408 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll
19:04:52.0307 1408 PNRPsvc - ok
19:04:52.0354 1408 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:04:52.0354 1408 PolicyAgent - ok
19:04:52.0401 1408 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:04:52.0401 1408 PptpMiniport - ok
19:04:52.0432 1408 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
19:04:52.0447 1408 Processor - ok
19:04:52.0479 1408 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll
19:04:52.0479 1408 ProfSvc - ok
19:04:52.0494 1408 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:04:52.0494 1408 ProtectedStorage - ok
19:04:52.0541 1408 [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched C:\Windows\system32\DRIVERS\pacer.sys
19:04:52.0541 1408 PSched - ok
19:04:52.0572 1408 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
19:04:52.0572 1408 PxHelp20 - ok
19:04:52.0619 1408 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:04:52.0791 1408 ql2300 - ok
19:04:52.0791 1408 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:04:52.0900 1408 ql40xx - ok
19:04:52.0931 1408 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
19:04:52.0931 1408 QWAVE - ok
19:04:52.0947 1408 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:04:52.0947 1408 QWAVEdrv - ok
19:04:53.0321 1408 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
19:04:53.0352 1408 R300 - ok
19:04:53.0399 1408 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:04:53.0446 1408 RasAcd - ok
19:04:53.0461 1408 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
19:04:53.0461 1408 RasAuto - ok
19:04:53.0477 1408 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:04:53.0508 1408 Rasl2tp - ok
19:04:53.0539 1408 [ AFB474438762F0418060653F7294D92C ] RasMan C:\Windows\System32\rasmans.dll
19:04:53.0539 1408 RasMan - ok
19:04:53.0555 1408 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:04:53.0571 1408 RasPppoe - ok
19:04:53.0586 1408 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:04:53.0586 1408 RasSstp - ok
19:04:53.0602 1408 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:04:53.0602 1408 rdbss - ok
19:04:53.0617 1408 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:04:53.0617 1408 RDPCDD - ok
19:04:53.0649 1408 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
19:04:53.0680 1408 rdpdr - ok
19:04:53.0680 1408 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:04:53.0727 1408 RDPENCDD - ok
19:04:53.0758 1408 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:04:53.0758 1408 RDPWD - ok
19:04:53.0789 1408 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:04:53.0789 1408 RemoteAccess - ok
19:04:53.0820 1408 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:04:53.0820 1408 RemoteRegistry - ok
19:04:53.0851 1408 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
19:04:53.0883 1408 RpcLocator - ok
19:04:53.0914 1408 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\system32\rpcss.dll
19:04:53.0929 1408 RpcSs - ok
19:04:53.0945 1408 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:04:53.0961 1408 rspndr - ok
19:04:53.0976 1408 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs C:\Windows\system32\lsass.exe
19:04:53.0976 1408 SamSs - ok
19:04:53.0992 1408 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:04:54.0085 1408 sbp2port - ok
19:04:54.0179 1408 [ A0C00A6265949AC72AB51B711743CA6D ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
19:04:54.0195 1408 SBSDWSCService - ok
19:04:54.0226 1408 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:04:54.0226 1408 SCardSvr - ok
19:04:54.0273 1408 [ 23AA53256CE05B975398B78A33474265 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
19:04:54.0351 1408 SCDEmu - ok
19:04:54.0444 1408 [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule C:\Windows\system32\schedsvc.dll
19:04:54.0460 1408 Schedule - ok
19:04:54.0475 1408 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll
19:04:54.0475 1408 SCPolicySvc - ok
19:04:54.0538 1408 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:04:54.0600 1408 SDRSVC - ok
19:04:54.0600 1408 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:04:54.0631 1408 secdrv - ok
19:04:54.0663 1408 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
19:04:54.0678 1408 seclogon - ok
19:04:54.0694 1408 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
19:04:54.0694 1408 SENS - ok
19:04:54.0725 1408 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
19:04:54.0803 1408 Serenum - ok
19:04:54.0819 1408 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
19:04:54.0897 1408 Serial - ok
19:04:54.0912 1408 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:04:54.0943 1408 sermouse - ok
19:04:54.0975 1408 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
19:04:54.0990 1408 SessionEnv - ok
19:04:54.0990 1408 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:04:55.0006 1408 sffdisk - ok
19:04:55.0021 1408 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:04:55.0053 1408 sffp_mmc - ok
19:04:55.0068 1408 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:04:55.0068 1408 sffp_sd - ok
19:04:55.0099 1408 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:04:55.0146 1408 sfloppy - ok
19:04:55.0177 1408 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:04:55.0193 1408 SharedAccess - ok
19:04:55.0209 1408 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:04:55.0209 1408 ShellHWDetection - ok
19:04:55.0240 1408 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:04:55.0240 1408 sisagp - ok
19:04:55.0255 1408 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
19:04:55.0287 1408 SiSRaid2 - ok
19:04:55.0302 1408 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:04:55.0333 1408 SiSRaid4 - ok
19:04:55.0645 1408 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe
19:04:55.0692 1408 slsvc - ok
19:04:55.0723 1408 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll
19:04:55.0723 1408 SLUINotify - ok
19:04:55.0739 1408 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:04:55.0739 1408 Smb - ok
19:04:55.0770 1408 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:04:55.0786 1408 SNMPTRAP - ok
19:04:55.0801 1408 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
19:04:55.0833 1408 spldr - ok
19:04:55.0879 1408 [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler C:\Windows\System32\spoolsv.exe
19:04:55.0895 1408 Spooler - ok
19:04:55.0911 1408 sprtlisten - ok
19:04:55.0957 1408 [ 777115C9CC675BD98127660712D2F784 ] sprtsvc_DellSupportCenter C:\Program Files\Dell Support Center\bin\sprtsvc.exe
19:04:56.0035 1408 sprtsvc_DellSupportCenter - ok
19:04:56.0067 1408 [ 2252AEF839B1093D16761189F45AF885 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:04:56.0067 1408 srv - ok
19:04:56.0145 1408 [ B7FF59408034119476B00A81BB53D5D1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:04:56.0160 1408 srv2 - ok
19:04:56.0207 1408 [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:04:56.0301 1408 srvnet - ok
19:04:56.0363 1408 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
19:04:56.0363 1408 ssadbus - ok
19:04:56.0410 1408 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
19:04:56.0488 1408 ssadmdfl - ok
19:04:56.0519 1408 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
19:04:56.0519 1408 ssadmdm - ok
19:04:56.0566 1408 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:04:56.0566 1408 SSDPSRV - ok
19:04:56.0597 1408 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:04:56.0613 1408 SstpSvc - ok
19:04:56.0659 1408 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll
19:04:56.0675 1408 stisvc - ok
19:04:56.0722 1408 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
19:04:56.0769 1408 stllssvr - ok
19:04:56.0815 1408 [ 2E5586392CDFBD1D73BADB20E9ED6386 ] SupportSoft RemoteAssist C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
19:04:56.0987 1408 SupportSoft RemoteAssist - ok
19:04:57.0003 1408 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:04:57.0003 1408 swenum - ok
19:04:57.0065 1408 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll
19:04:57.0065 1408 swprv - ok
19:04:57.0096 1408 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
19:04:57.0174 1408 Symc8xx - ok
19:04:57.0205 1408 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
19:04:57.0237 1408 Sym_hi - ok
19:04:57.0252 1408 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
19:04:57.0283 1408 Sym_u3 - ok
19:04:57.0315 1408 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll
19:04:57.0330 1408 SysMain - ok
19:04:57.0361 1408 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:04:57.0361 1408 TabletInputService - ok
19:04:57.0393 1408 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll
19:04:57.0393 1408 TapiSrv - ok
19:04:57.0408 1408 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
19:04:57.0424 1408 TBS - ok
19:04:57.0580 1408 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:04:57.0595 1408 Tcpip - ok
19:04:57.0611 1408 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
19:04:57.0611 1408 Tcpip6 - ok
19:04:57.0658 1408 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:04:57.0658 1408 tcpipreg - ok
19:04:57.0689 1408 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:04:57.0689 1408 TDPIPE - ok
19:04:57.0705 1408 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:04:57.0705 1408 TDTCP - ok
19:04:57.0720 1408 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:04:57.0720 1408 tdx - ok
19:04:57.0736 1408 [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:04:57.0736 1408 TermDD - ok
19:04:57.0767 1408 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll
19:04:57.0845 1408 TermService - ok
19:04:57.0876 1408 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes C:\Windows\system32\shsvcs.dll
19:04:57.0876 1408 Themes - ok
19:04:57.0939 1408 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
19:04:57.0939 1408 THREADORDER - ok
19:04:58.0001 1408 [ 5815AE5EF8519066F19E575D67F6F191 ] TPkd C:\Windows\system32\drivers\TPkd.sys
19:04:58.0110 1408 TPkd - ok
19:04:58.0126 1408 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
19:04:58.0126 1408 TrkWks - ok
19:04:58.0141 1408 [ C11362058918CD38C8B8D3E265DA80F5 ] TrueSight C:\Windows\system32\drivers\TrueSight.sys
19:04:58.0141 1408 TrueSight - ok
19:04:58.0204 1408 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:04:58.0204 1408 TrustedInstaller - ok
19:04:58.0235 1408 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:04:58.0266 1408 tssecsrv - ok
19:04:58.0297 1408 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
19:04:58.0297 1408 tunmp - ok
19:04:58.0313 1408 [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:04:58.0422 1408 tunnel - ok
19:04:58.0438 1408 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:04:58.0469 1408 uagp35 - ok
19:04:58.0516 1408 [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:04:58.0563 1408 udfs - ok
19:04:58.0594 1408 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:04:58.0609 1408 UI0Detect - ok
19:04:58.0641 1408 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:04:58.0641 1408 uliagpkx - ok
19:04:58.0656 1408 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
19:04:58.0734 1408 uliahci - ok
19:04:58.0750 1408 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
19:04:58.0859 1408 UlSata - ok
19:04:58.0875 1408 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
19:04:58.0953 1408 ulsata2 - ok
19:04:58.0953 1408 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:04:58.0968 1408 umbus - ok
19:04:58.0984 1408 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
19:04:58.0999 1408 upnphost - ok
19:04:59.0031 1408 [ 292A25BB75A568AE2C67169BA2C6365A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:04:59.0031 1408 usbaudio - ok
19:04:59.0093 1408 [ 8EF48FF1C23B1CE6F96D09A45959EB20 ] usbbus C:\Windows\system32\DRIVERS\lgusbbus.sys
19:04:59.0109 1408 usbbus - ok
19:04:59.0140 1408 [ 79A58D49E042E80F1909D8ED0A3C47A8 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:04:59.0155 1408 usbccgp - ok
19:04:59.0171 1408 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:04:59.0202 1408 usbcir - ok
19:04:59.0249 1408 [ A0E24C5C2D0CFF04BBD3753A72FAE80B ] UsbDiag C:\Windows\system32\DRIVERS\lgusbdiag.sys
19:04:59.0265 1408 UsbDiag - ok
19:04:59.0311 1408 [ 8BD8E10A930235A67A10346D5F5029E2 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:04:59.0327 1408 usbehci - ok
19:04:59.0343 1408 [ 5146760CA7EA58E4DD5E2E1D418D7011 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:04:59.0358 1408 usbhub - ok
19:04:59.0389 1408 [ CC09A1132B1F6A8362107CC134E90D0B ] USBModem C:\Windows\system32\DRIVERS\lgusbmodem.sys
19:04:59.0405 1408 USBModem - ok
19:04:59.0436 1408 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:04:59.0483 1408 usbohci - ok
19:04:59.0530 1408 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:04:59.0530 1408 usbprint - ok
19:04:59.0592 1408 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:04:59.0608 1408 usbscan - ok
19:04:59.0623 1408 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:04:59.0623 1408 USBSTOR - ok
19:04:59.0655 1408 [ 0D815D51FD8EA5F9CB6B85C122CDDBF6 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:04:59.0655 1408 usbuhci - ok
19:04:59.0686 1408 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll
19:04:59.0686 1408 UxSms - ok
19:04:59.0717 1408 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe
19:04:59.0733 1408 vds - ok
19:04:59.0764 1408 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:04:59.0779 1408 vga - ok
19:04:59.0811 1408 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
19:04:59.0857 1408 VgaSave - ok
19:04:59.0889 1408 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:04:59.0935 1408 viaagp - ok
19:04:59.0951 1408 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
19:04:59.0982 1408 ViaC7 - ok
19:04:59.0998 1408 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
19:05:00.0045 1408 viaide - ok
19:05:00.0060 1408 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:05:00.0060 1408 volmgr - ok
19:05:00.0076 1408 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:05:00.0107 1408 volmgrx - ok
19:05:00.0123 1408 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:05:00.0154 1408 volsnap - ok
19:05:00.0185 1408 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:05:00.0232 1408 vsmraid - ok
19:05:00.0279 1408 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe
19:05:00.0435 1408 VSS - ok
19:05:00.0528 1408 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll
19:05:00.0559 1408 W32Time - ok
19:05:00.0606 1408 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:05:00.0700 1408 WacomPen - ok
19:05:00.0715 1408 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
19:05:00.0778 1408 Wanarp - ok
19:05:00.0778 1408 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:05:00.0778 1408 Wanarpv6 - ok
19:05:00.0856 1408 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:05:00.0856 1408 wcncsvc - ok
19:05:00.0887 1408 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:05:00.0887 1408 WcsPlugInService - ok
19:05:00.0934 1408 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
19:05:00.0965 1408 Wd - ok
19:05:00.0996 1408 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:05:01.0027 1408 Wdf01000 - ok
19:05:01.0059 1408 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:05:01.0074 1408 WdiServiceHost - ok
19:05:01.0090 1408 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:05:01.0090 1408 WdiSystemHost - ok
19:05:01.0121 1408 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll
19:05:01.0137 1408 WebClient - ok
19:05:01.0183 1408 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:05:01.0199 1408 Wecsvc - ok
19:05:01.0215 1408 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:05:01.0215 1408 wercplsupport - ok
19:05:01.0293 1408 [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc C:\Windows\System32\WerSvc.dll
19:05:01.0293 1408 WerSvc - ok
19:05:01.0511 1408 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:05:01.0527 1408 WinDefend - ok
19:05:01.0527 1408 WinHttpAutoProxySvc - ok
19:05:01.0605 1408 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:05:01.0667 1408 Winmgmt - ok
19:05:01.0729 1408 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
19:05:01.0745 1408 WinRM - ok
19:05:01.0792 1408 [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:05:01.0948 1408 Wlansvc - ok
19:05:01.0979 1408 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:05:02.0041 1408 WmiAcpi - ok
19:05:02.0135 1408 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:05:02.0151 1408 wmiApSrv - ok
19:05:02.0260 1408 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:05:02.0275 1408 WMPNetworkSvc - ok
19:05:02.0322 1408 [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:05:02.0322 1408 WPCSvc - ok
19:05:02.0338 1408 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:05:02.0338 1408 WPDBusEnum - ok
19:05:02.0385 1408 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
19:05:02.0385 1408 WpdUsb - ok
19:05:02.0665 1408 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:05:02.0728 1408 WPFFontCache_v0400 - ok
19:05:02.0775 1408 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:05:02.0775 1408 ws2ifsl - ok
19:05:02.0821 1408 [ 683DD16B590372F2C9661D277F35E49C ] wscsvc C:\Windows\system32\wscsvc.dll
19:05:02.0821 1408 wscsvc - ok
19:05:02.0821 1408 WSearch - ok
19:05:03.0024 1408 [ 6298277B73C77FA99106B271A7525163 ] wuauserv C:\Windows\system32\wuaueng.dll
19:05:03.0149 1408 wuauserv - ok
19:05:03.0165 1408 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:05:03.0180 1408 WUDFRd - ok
19:05:03.0196 1408 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:05:03.0196 1408 wudfsvc - ok
19:05:03.0227 1408 ================ Scan global ===============================
19:05:03.0289 1408 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
19:05:03.0399 1408 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
19:05:03.0414 1408 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
19:05:03.0492 1408 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
19:05:03.0492 1408 [Global] - ok
19:05:03.0492 1408 ================ Scan MBR ==================================
19:05:03.0508 1408 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
19:05:04.0038 1408 \Device\Harddisk0\DR0 - ok
19:05:04.0038 1408 ================ Scan VBR ==================================
19:05:04.0054 1408 [ 8764B3C3F7A393CE54B9E188DC70ECB6 ] \Device\Harddisk0\DR0\Partition1
19:05:04.0085 1408 \Device\Harddisk0\DR0\Partition1 - ok
19:05:04.0085 1408 [ A7CB1BEF0880E15502509FD602CF507F ] \Device\Harddisk0\DR0\Partition2
19:05:04.0085 1408 \Device\Harddisk0\DR0\Partition2 - ok
19:05:04.0085 1408 ============================================================
19:05:04.0085 1408 Scan finished
19:05:04.0085 1408 ============================================================
19:05:04.0101 2452 Detected object count: 0
19:05:04.0101 2452 Actual detected object count: 0


aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-20 19:06:18
-----------------------------
19:06:18.887 OS Version: Windows 6.0.6001 Service Pack 1
19:06:18.887 Number of processors: 2 586 0x1706
19:06:18.887 ComputerName: MAGICBOX UserName: Give
19:06:20.853 Initialize success
19:37:07.425 AVAST engine defs: 12102001
19:37:34.272 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:37:34.272 Disk 0 Vendor: WDC_WD3200AAKS-75L9A0 01.03E01 Size: 305245MB BusType: 3
19:37:34.288 Disk 0 MBR read successfully
19:37:34.288 Disk 0 MBR scan
19:37:34.335 Disk 0 Windows VISTA default MBR code
19:37:34.335 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
19:37:34.366 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
19:37:34.381 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 290204 MB offset 30801920
19:37:34.397 Disk 0 scanning sectors +625140400
19:37:34.475 Disk 0 scanning C:\Windows\system32\drivers
19:38:00.433 Service scanning
19:38:20.495 Modules scanning
19:38:25.752 Disk 0 trace - called modules:
19:38:25.768 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
19:38:25.768 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8686a968]
19:38:25.783 3 CLASSPNP.SYS[88fa3745] -> nt!IofCallDriver -> [0x85ffc8c8]
19:38:25.783 5 acpi.sys[8069c6a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85fe08a8]
19:38:27.078 AVAST engine scan C:\Windows
19:38:38.653 AVAST engine scan C:\Windows\system32
19:43:09.485 AVAST engine scan C:\Windows\system32\drivers
19:43:25.943 AVAST engine scan C:\Users\Give
19:47:46.213 Disk 0 MBR has been saved successfully to "C:\Users\Give\Desktop\Virus Removal 2012\Logs etc\Round 3\MBR.dat"
19:47:46.229 The log file has been saved successfully to "C:\Users\Give\Desktop\Virus Removal 2012\Logs etc\Round 3\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:18 AM

Posted 20 October 2012 - 09:02 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 desertjackson

desertjackson
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 20 October 2012 - 09:21 PM

I followed your instructions, but no log file was created, or at least I'm not sure where to find it. I restarted the computer to see if it might show up, but got nothing. Tried it a second time and still did not see a log report. Also, computer seems to be a little bogged down (switching windows is slows, web browser is slowed).

Edited by desertjackson, 20 October 2012 - 09:26 PM.


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:18 AM

Posted 20 October 2012 - 09:26 PM

how are things running?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 desertjackson

desertjackson
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 20 October 2012 - 09:45 PM

Anti-virus etc. is still in the green. However, not sure if it's related, but internet browsing slowed down to a crawl. My connection is steady and strong, but just about the time I was replying about the ComboFix log not showing up, everything slowed way down. I closed firefox and reopened it and it took a couple minutes just to load the bleepingcomputer home page. Network connection was strong, nothing else had changed...not sure if this issue is related though.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:18 AM

Posted 20 October 2012 - 09:58 PM

Hello

I want you to reset firefox back to defaults, to do this I need you to do this

  • At the top of the Firefox window, click the "Firefox" button,
  • go over to the "Help" sub-menu
    • (on Windows XP, click the Help menu at the top of the Firefox window) and select "Troubleshooting Information".
  • Click the "Reset Firefox" button in the upper-right corner of the Troubleshooting Information page.
  • click "Reset Firefox" in the confirmation window that opens.
  • Firefox will close and be reset. When it's done. Click "Finish" and Firefox will open.

restart the computer and check firefox for me now

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users