Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with ZeroAccess rootkit


  • This topic is locked This topic is locked
7 replies to this topic

#1 Kiran Madhu

Kiran Madhu

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 15 November 2012 - 04:16 AM

Please attached DDS Log and GMER Log.

DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 9.0.8112.16450
Run by kiran.madhu at 11:10:40 on 2012-11-15
#Option MBR scan is disabled.
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Users\KIRAN~1.MAD\AppData\Local\Temp\~!#3A1.tmp
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Connectify\ConnectifyService.exe
C:\Program Files\Connectify\ConnectifyD.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\GNU\GnuPG\dirmngr.exe
C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe
C:\ProgramData\DatacardService\HWDeviceService.exe
C:\Windows\system32\conhost.exe
C:\ProgramData\Idea Net Setter\OnlineUpdate\ouc.exe
C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Reliance Netconnect+\bin\MonServiceUDisk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Users\Kiran.madhu\AppData\Roaming\Reliance Netconnect\ouc.exe
C:\Program Files\Connectify\Connectify.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Kiran.madhu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kiran.madhu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kiran.madhu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kiran.madhu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\SAP\FrontEnd\SAPgui\saplogon.exe
C:\Users\Kiran.madhu\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Users\Kiran.madhu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kiran.madhu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kiran.madhu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Kiran.madhu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kiran.madhu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Giraffic\Veoh_Giraffic.exe
C:\Users\Kiran.madhu\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Kiran.madhu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kiran.madhu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kiran.madhu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kiran.madhu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kiran.madhu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kiran.madhu\Downloads\sd230hst.exe
C:\Program Files\Reliance Netconnect+\bin\App.exe
C:\Users\Kiran.madhu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://10.6.100.25/
uURLSearchHooks: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - <orphaned>
uURLSearchHooks: {c34bfb11-eff0-4123-a7a5-79051ef24cf5} - <orphaned>
uURLSearchHooks: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
BHO: Plugin Class: {56CD20F0-7C09-11D5-A768-0050042307CE} - c:\program files\sap\sap tutor\free_playerie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [HW_OPENEYE_OUC_Reliance Netconnect] "c:\program files\reliance netconnect+\updatedog\ouc.exe"
uRun: [Octoshape Streaming Services] "c:\users\kiran.madhu\appdata\roaming\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [DriverMax] "c:\program files\innovative solutions\drivermax\drivermax.exe" -agent
uRun: [DriverMax_RESTART] <no file>
uRunOnce: [*NPE] "c:\downloads\NPE.exe" /POSTFIX
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [NPSStartup] <no file>
dRun: [AMService] c:\users\kiran~1.mad\appdata\local\temp\~!#3A1.tmp
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{51fb15f4-ad27-43bc-ad4b-dd0354fb6bbd}\Icon3E5562ED7.ico
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDriveAutoRun = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: Download All with WinGet - c:\program files\indentix\winget 3.0\WinIE.dll/301
IE: Download with WinGet - c:\program files\indentix\winget 3.0\WinIE.dll/300
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://ra-guest.pega.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=972
TCP: Interfaces\{40CEAC80-F058-4994-B9E2-888E9A5B3233} : NameServer = 220.226.100.40 220.226.6.104
TCP: Interfaces\{641B4E40-1548-485C-B6B8-6B31EDA263E2}\2456C6B696E6E233739363 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{641B4E40-1548-485C-B6B8-6B31EDA263E2}\2516A6E65647 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{641B4E40-1548-485C-B6B8-6B31EDA263E2}\34F6E6E6563647966697D2241435 : DHCPNameServer = 192.168.223.1
TCP: Interfaces\{641B4E40-1548-485C-B6B8-6B31EDA263E2}\849602A6F656 : DHCPNameServer = 122.175.1.5 203.145.160.6
TCP: Interfaces\{641B4E40-1548-485C-B6B8-6B31EDA263E2}\B4962716E67237 : DHCPNameServer = 202.56.230.5 202.56.230.6
TCP: Interfaces\{641B4E40-1548-485C-B6B8-6B31EDA263E2}\D416468657B4962716E6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6955CE5D-5E9B-4A7F-9AE5-1137A4A4FA59} : DHCPNameServer = 122.175.1.5 203.145.160.6
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 178.78.118.2 ra-eu.pega.com
Hosts: 10.255.30.88 saperpdev01.xtium.com saperpdev01
Hosts: 10.255.30.86 saperpqa01.xtium.com saperpqa01
Hosts: 10.255.30.90 saperpprod01.xtium.com saperpprod01
Hosts: 10.61.4.145 VECCSANDBOX.RPEGA.COM VECCSANDBOX
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-11-14 18:41:16 46640 ----a-w- c:\windows\system32\msln.exe
2012-11-14 18:40:45 743762 ----a-w- c:\windows\system32\drivers\SMR311.dat
2012-11-14 18:27:02 97440 ----a-w- c:\windows\system32\drivers\SMR311.SYS
2012-11-14 18:26:59 -------- d-----w- c:\users\kiran.madhu\appdata\local\NPE
2012-11-14 18:26:59 -------- d-----w- c:\programdata\Norton
2012-11-14 17:00:10 87976 ----a-r- c:\windows\system32\drivers\acsock.sys
2012-11-14 16:59:59 -------- d-----w- c:\program files\Cisco
2012-11-14 15:42:12 -------- d-----w- C:\log
2012-10-30 19:07:59 -------- d-----w- c:\users\kiran.madhu\.swt
2012-10-30 18:20:24 -------- d-----w- c:\programdata\Giraffic
2012-10-30 18:20:24 -------- d-----w- c:\program files\Giraffic
2012-10-17 05:42:16 -------- d-----w- c:\users\kiran.madhu\appdata\local\Chris_Pietschmann_(http__
2012-10-17 05:40:16 -------- d-----w- c:\program files\Virtual Router
.
==================== Find3M ====================
.
2012-11-14 22:49:23 126 ----a-w- C:\setup.reg
2012-11-09 10:10:53 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-09 10:10:53 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-02 18:02:22 174056 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-31 17:18:09 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 17:12:02 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-24 16:57:48 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-22 17:16:54 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16:46 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16:36 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12:27 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-21 07:31:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 07:31:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-20 17:40:31 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 17:40:01 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 17:37:58 271360 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 15:33:28 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 11:11:03.91 ===============

BC AdBot (Login to Remove)

 


#2 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:04:12 AM

Posted 15 November 2012 - 05:59 AM

:welcome: to BleepingComputer.


My name is Matthias and I'll help you with the cleanup of your computer.


Please be aware of the following:
  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you were doing and describe the problems you encountered as precisely as you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If you haven't answered within 5 days, I am assuming that you don't need help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all malware. Formatting is usually faster and always the safest way.
  • If you decide to clean your PC, work with us until a team member tells you that you are clean.
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.





Have you installed the following tools on your own?
  • Veoh Web Player
  • YTD Toolbar v6.2





Step 1
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Skip is selected, then click Continue > Close to close the tool.
    Note: We don't want to fix anything here, but just get an overview of your computer!
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.07.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.





Step 2
Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.





What you should post with your next answer:
  • an answer to my question,
  • the logfile from TDSSKiller,
  • the logfile from AdwCleaner.

Edited by M-K-D-B, 15 November 2012 - 06:03 AM.

Regards,
M-K-D-B

#3 Kiran Madhu

Kiran Madhu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 15 November 2012 - 09:23 AM

Hi ,

Please find below.

Have you installed the following tools on your own?
Veoh Web Player
YTD Toolbar v6.2


YES

the logfile from TDSSKiller,
19:46:44.0308 4504 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:46:44.0789 4504 ============================================================
19:46:44.0789 4504 Current date / time: 2012/11/15 19:46:44.0789
19:46:44.0789 4504 SystemInfo:
19:46:44.0789 4504
19:46:44.0790 4504 OS Version: 6.1.7601 ServicePack: 1.0
19:46:44.0790 4504 Product type: Workstation
19:46:44.0790 4504 ComputerName: YH2148L
19:46:44.0790 4504 UserName: kiran.madhu
19:46:44.0790 4504 Windows directory: C:\Windows
19:46:44.0790 4504 System windows directory: C:\Windows
19:46:44.0790 4504 Processor architecture: Intel x86
19:46:44.0790 4504 Number of processors: 4
19:46:44.0790 4504 Page size: 0x1000
19:46:44.0790 4504 Boot type: Normal boot
19:46:44.0790 4504 ============================================================
19:46:46.0180 4504 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:46:46.0184 4504 ============================================================
19:46:46.0184 4504 \Device\Harddisk0\DR0:
19:46:46.0185 4504 MBR partitions:
19:46:46.0185 4504 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x4B000, BlocksNum 0xFDB000
19:46:46.0185 4504 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1026000, BlocksNum 0x637E27C
19:46:46.0220 4504 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xF824000, BlocksNum 0xD9A1000
19:46:46.0220 4504 ============================================================
19:46:46.0238 4504 D: <-> \Device\Harddisk0\DR0\Partition3
19:46:46.0359 4504 C: <-> \Device\Harddisk0\DR0\Partition2
19:46:46.0359 4504 ============================================================
19:46:46.0359 4504 Initialize success
19:46:46.0359 4504 ============================================================
19:47:08.0849 3040 ============================================================
19:47:08.0849 3040 Scan started
19:47:08.0849 3040 Mode: Manual;
19:47:08.0849 3040 ============================================================
19:47:10.0878 3040 ================ Scan system memory ========================
19:47:10.0878 3040 System memory - ok
19:47:10.0879 3040 ================ Scan services =============================
19:47:11.0043 3040 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:47:11.0048 3040 1394ohci - ok
19:47:11.0105 3040 [ AF1F178B0218B44876E63BF0B019E96B ] Acceler C:\Windows\system32\DRIVERS\Accelern.sys
19:47:11.0109 3040 Acceler - ok
19:47:11.0140 3040 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:47:11.0147 3040 ACPI - ok
19:47:11.0160 3040 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:47:11.0163 3040 AcpiPmi - ok
19:47:11.0200 3040 [ 45D8E2A2D8B9F33C32A7ADB6900C6E04 ] acsock C:\Windows\system32\DRIVERS\acsock.sys
19:47:11.0205 3040 acsock - ok
19:47:11.0329 3040 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:47:11.0332 3040 AdobeARMservice - ok
19:47:11.0448 3040 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:47:11.0451 3040 AdobeFlashPlayerUpdateSvc - ok
19:47:11.0505 3040 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:47:11.0515 3040 adp94xx - ok
19:47:11.0533 3040 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:47:11.0541 3040 adpahci - ok
19:47:11.0562 3040 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:47:11.0567 3040 adpu320 - ok
19:47:11.0592 3040 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:47:11.0595 3040 AeLookupSvc - ok
19:47:11.0694 3040 [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters C:\Program Files\IDT\WDM\aestsrv.exe
19:47:11.0698 3040 AESTFilters - ok
19:47:11.0746 3040 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
19:47:11.0753 3040 AFD - ok
19:47:11.0802 3040 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
19:47:11.0807 3040 agp440 - ok
19:47:11.0864 3040 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
19:47:11.0870 3040 aic78xx - ok
19:47:11.0937 3040 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
19:47:11.0940 3040 ALG - ok
19:47:11.0961 3040 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
19:47:11.0965 3040 aliide - ok
19:47:11.0981 3040 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:47:11.0985 3040 amdagp - ok
19:47:11.0999 3040 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
19:47:12.0002 3040 amdide - ok
19:47:12.0022 3040 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:47:12.0026 3040 AmdK8 - ok
19:47:12.0039 3040 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:47:12.0042 3040 AmdPPM - ok
19:47:12.0089 3040 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:47:12.0093 3040 amdsata - ok
19:47:12.0114 3040 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:47:12.0120 3040 amdsbs - ok
19:47:12.0139 3040 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:47:12.0142 3040 amdxata - ok
19:47:12.0288 3040 AMService - ok
19:47:12.0345 3040 [ E8A8E6072CB7E2032E85E7735DAA511F ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
19:47:12.0352 3040 ApfiltrService - ok
19:47:12.0395 3040 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
19:47:12.0399 3040 AppID - ok
19:47:12.0428 3040 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:47:12.0492 3040 AppIDSvc - ok
19:47:12.0544 3040 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
19:47:12.0583 3040 Appinfo - ok
19:47:12.0664 3040 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:47:12.0668 3040 Apple Mobile Device - ok
19:47:12.0713 3040 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
19:47:12.0734 3040 AppMgmt - ok
19:47:12.0765 3040 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
19:47:12.0769 3040 arc - ok
19:47:12.0783 3040 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:47:12.0787 3040 arcsas - ok
19:47:12.0806 3040 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:47:12.0808 3040 AsyncMac - ok
19:47:12.0823 3040 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
19:47:12.0826 3040 atapi - ok
19:47:12.0874 3040 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:47:12.0883 3040 AudioEndpointBuilder - ok
19:47:12.0894 3040 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:47:12.0898 3040 Audiosrv - ok
19:47:12.0932 3040 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:47:12.0964 3040 AxInstSV - ok
19:47:13.0006 3040 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
19:47:13.0016 3040 b06bdrv - ok
19:47:13.0055 3040 [ 15BCC5D933510D146B1EAFEC0448A0CE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
19:47:13.0063 3040 b57nd60x - ok
19:47:13.0114 3040 [ 94F2DC372163D520D7B1DAD78AE40B5E ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
19:47:13.0118 3040 BCM42RLY - ok
19:47:13.0231 3040 [ 8AA13A6CD43499A7ADE49B4B9089302F ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
19:47:13.0340 3040 BCM43XX - ok
19:47:13.0377 3040 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
19:47:13.0394 3040 BDESVC - ok
19:47:13.0405 3040 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
19:47:13.0408 3040 Beep - ok
19:47:13.0471 3040 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
19:47:13.0491 3040 BFE - ok
19:47:13.0562 3040 [ 1B63F2B7CA6B5290CC124CDD07520BC9 ] BingDesktopUpdate C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
19:47:13.0568 3040 BingDesktopUpdate - ok
19:47:13.0609 3040 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
19:47:13.0681 3040 BITS - ok
19:47:13.0710 3040 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:47:13.0714 3040 blbdrive - ok
19:47:13.0815 3040 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:47:13.0825 3040 Bonjour Service - ok
19:47:13.0860 3040 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:47:13.0864 3040 bowser - ok
19:47:13.0877 3040 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:47:13.0883 3040 BrFiltLo - ok
19:47:13.0898 3040 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:47:13.0901 3040 BrFiltUp - ok
19:47:13.0916 3040 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
19:47:13.0962 3040 Browser - ok
19:47:13.0988 3040 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:47:13.0997 3040 Brserid - ok
19:47:14.0010 3040 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:47:14.0014 3040 BrSerWdm - ok
19:47:14.0022 3040 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:47:14.0025 3040 BrUsbMdm - ok
19:47:14.0031 3040 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:47:14.0033 3040 BrUsbSer - ok
19:47:14.0082 3040 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
19:47:14.0085 3040 BthEnum - ok
19:47:14.0096 3040 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:47:14.0100 3040 BTHMODEM - ok
19:47:14.0130 3040 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:47:14.0134 3040 BthPan - ok
19:47:14.0168 3040 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
19:47:14.0185 3040 BTHPORT - ok
19:47:14.0276 3040 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
19:47:14.0278 3040 bthserv - ok
19:47:14.0295 3040 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
19:47:14.0298 3040 BTHUSB - ok
19:47:14.0332 3040 [ F549C3FB145A4928E40BB1518B2034DC ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
19:47:14.0335 3040 btusbflt - ok
19:47:14.0422 3040 [ BDA4E1060947FB60585E6CEC32B18353 ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
19:47:14.0427 3040 ccEvtMgr - ok
19:47:14.0686 3040 [ A454A9BAA25B8C8E76735DD86BD4B017 ] CcmExec C:\Windows\system32\CCM\CcmExec.exe
19:47:14.0729 3040 CcmExec - ok
19:47:14.0737 3040 [ BDA4E1060947FB60585E6CEC32B18353 ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
19:47:14.0738 3040 ccSetMgr - ok
19:47:14.0817 3040 [ B111CDDFB3024B7BFD54A18D84277F0F ] cdfdrv C:\Windows\system32\DRIVERS\cdfdrv.sys
19:47:14.0820 3040 cdfdrv - ok
19:47:14.0838 3040 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:47:14.0842 3040 cdfs - ok
19:47:14.0907 3040 [ 45AC3A82E538BF7CD1FDCC539EA7FC30 ] CdfSvc C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe
19:47:14.0924 3040 CdfSvc - ok
19:47:14.0968 3040 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:47:14.0972 3040 cdrom - ok
19:47:15.0018 3040 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
19:47:15.0056 3040 CertPropSvc - ok
19:47:15.0098 3040 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:47:15.0102 3040 circlass - ok
19:47:15.0129 3040 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
19:47:15.0135 3040 CLFS - ok
19:47:15.0197 3040 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:47:15.0205 3040 clr_optimization_v2.0.50727_32 - ok
19:47:15.0305 3040 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:47:15.0347 3040 clr_optimization_v4.0.30319_32 - ok
19:47:15.0370 3040 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:47:15.0374 3040 CmBatt - ok
19:47:15.0422 3040 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:47:15.0426 3040 cmdide - ok
19:47:15.0457 3040 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
19:47:15.0466 3040 CNG - ok
19:47:15.0523 3040 [ 4EB6222BE3C3C8071F4A9CA076241D1D ] cnnctfy2 C:\Windows\system32\DRIVERS\cnnctfy2.sys
19:47:15.0526 3040 cnnctfy2 - ok
19:47:15.0552 3040 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:47:15.0555 3040 Compbatt - ok
19:47:15.0604 3040 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:47:15.0607 3040 CompositeBus - ok
19:47:15.0612 3040 COMSysApp - ok
19:47:15.0674 3040 [ 0337C4CFDFABE96EFC1BB3CB173B995C ] Connectify C:\Program Files\Connectify\ConnectifyService.exe
19:47:15.0677 3040 Connectify - ok
19:47:15.0696 3040 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:47:15.0699 3040 crcdisk - ok
19:47:15.0736 3040 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:47:15.0766 3040 CryptSvc - ok
19:47:15.0820 3040 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
19:47:15.0829 3040 CSC - ok
19:47:15.0863 3040 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
19:47:15.0886 3040 CscService - ok
19:47:15.0945 3040 [ 636E8EE0E6372DBFC156248DD2C73D60 ] ctxpidmn C:\Windows\system32\DRIVERS\ctxpidmn.sys
19:47:15.0949 3040 ctxpidmn - ok
19:47:16.0032 3040 [ AA5433F207F30B6EC9D9EDF8301EB266 ] CtxSbx C:\Windows\system32\DRIVERS\CtxSbx.sys
19:47:16.0049 3040 CtxSbx - ok
19:47:16.0095 3040 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA.sys
19:47:16.0099 3040 CVirtA - ok
19:47:16.0207 3040 [ 8B8B082010775093081DEBE9621BEDF0 ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
19:47:16.0249 3040 CVPND - ok
19:47:16.0290 3040 [ 720482888C3778F26EEB83D286A6CDC3 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
19:47:16.0299 3040 CVPNDRVA - ok
19:47:16.0349 3040 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
19:47:16.0367 3040 DcomLaunch - ok
19:47:16.0399 3040 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
19:47:16.0406 3040 defragsvc - ok
19:47:16.0438 3040 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:47:16.0442 3040 DfsC - ok
19:47:16.0460 3040 dgderdrv - ok
19:47:16.0485 3040 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:47:16.0491 3040 Dhcp - ok
19:47:16.0577 3040 [ 4F26BB00747D41E7C0FE8EBB2900F862 ] DirMngr C:\Program Files\GNU\GnuPG\dirmngr.exe
19:47:16.0583 3040 DirMngr - ok
19:47:16.0608 3040 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
19:47:16.0609 3040 discache - ok
19:47:16.0641 3040 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:47:16.0644 3040 Disk - ok
19:47:16.0692 3040 [ 86D52C32A308F84BBC626BFF7C1FB710 ] DNE C:\Windows\system32\DRIVERS\dne2000.sys
19:47:16.0696 3040 DNE - ok
19:47:16.0736 3040 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:47:16.0741 3040 Dnscache - ok
19:47:16.0776 3040 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
19:47:16.0795 3040 dot3svc - ok
19:47:16.0827 3040 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
19:47:16.0832 3040 DPS - ok
19:47:16.0864 3040 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:47:16.0866 3040 drmkaud - ok
19:47:16.0915 3040 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:47:16.0942 3040 DXGKrnl - ok
19:47:16.0979 3040 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
19:47:16.0982 3040 EapHost - ok
19:47:17.0066 3040 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
19:47:17.0354 3040 ebdrv - ok
19:47:17.0408 3040 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
19:47:17.0417 3040 eeCtrl - ok
19:47:17.0444 3040 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
19:47:17.0449 3040 EFS - ok
19:47:17.0489 3040 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:47:17.0512 3040 ehRecvr - ok
19:47:17.0536 3040 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
19:47:17.0540 3040 ehSched - ok
19:47:17.0591 3040 [ B8EAC99B14772BDC36CA963AED109FA2 ] ElRawDisk C:\Windows\system32\drivers\rsdrv.sys
19:47:17.0611 3040 ElRawDisk - ok
19:47:17.0635 3040 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:47:17.0645 3040 elxstor - ok
19:47:17.0706 3040 [ 539CA34FBC74EC366A0D751028C32A08 ] epmntdrv C:\Windows\system32\epmntdrv.sys
19:47:17.0840 3040 epmntdrv - ok
19:47:17.0891 3040 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:47:17.0896 3040 EraserUtilRebootDrv - ok
19:47:17.0924 3040 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:47:17.0927 3040 ErrDev - ok
19:47:17.0980 3040 [ 1F2F4AB15CE03ECC257FEB2F6DC5A013 ] EuGdiDrv C:\Windows\system32\EuGdiDrv.sys
19:47:18.0193 3040 EuGdiDrv - ok
19:47:18.0240 3040 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
19:47:18.0246 3040 EventSystem - ok
19:47:18.0281 3040 [ 026F6D48CC5293C7B8A696376618B9D2 ] ewusbmbb C:\Windows\system32\DRIVERS\ewusbwwan.sys
19:47:18.0289 3040 ewusbmbb - ok
19:47:18.0331 3040 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
19:47:18.0335 3040 ew_hwusbdev - ok
19:47:18.0359 3040 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
19:47:18.0364 3040 exfat - ok
19:47:18.0386 3040 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:47:18.0391 3040 fastfat - ok
19:47:18.0431 3040 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
19:47:18.0449 3040 Fax - ok
19:47:18.0467 3040 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:47:18.0471 3040 fdc - ok
19:47:18.0489 3040 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
19:47:18.0493 3040 fdPHost - ok
19:47:18.0505 3040 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
19:47:18.0508 3040 FDResPub - ok
19:47:18.0522 3040 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:47:18.0525 3040 FileInfo - ok
19:47:18.0533 3040 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:47:18.0537 3040 Filetrace - ok
19:47:18.0542 3040 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:47:18.0545 3040 flpydisk - ok
19:47:18.0572 3040 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:47:18.0577 3040 FltMgr - ok
19:47:18.0624 3040 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
19:47:18.0681 3040 FontCache - ok
19:47:18.0738 3040 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:47:18.0744 3040 FontCache3.0.0.0 - ok
19:47:18.0759 3040 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:47:18.0762 3040 FsDepends - ok
19:47:18.0802 3040 [ CBE5F69A5E5B918225F420BA748F3742 ] FsUsbExDisk C:\Windows\system32\FsUsbExDisk.SYS
19:47:18.0831 3040 FsUsbExDisk - ok
19:47:18.0870 3040 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:47:18.0873 3040 Fs_Rec - ok
19:47:18.0914 3040 [ AAE37F0F2F613218DCE17B42A18C38DB ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys
19:47:18.0917 3040 FTDIBUS - ok
19:47:18.0932 3040 [ 48BFD1BA45C9C9E7AB339E25ABFBA1D2 ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys
19:47:18.0936 3040 FTSER2K - ok
19:47:18.0971 3040 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:47:18.0975 3040 fvevol - ok
19:47:19.0007 3040 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:47:19.0010 3040 gagp30kx - ok
19:47:19.0054 3040 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:47:19.0057 3040 GEARAspiWDM - ok
19:47:19.0111 3040 Giraffic - ok
19:47:19.0138 3040 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
19:47:19.0159 3040 gpsvc - ok
19:47:19.0250 3040 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:47:19.0251 3040 gupdate - ok
19:47:19.0259 3040 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:47:19.0261 3040 gupdatem - ok
19:47:19.0293 3040 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:47:19.0296 3040 hcw85cir - ok
19:47:19.0340 3040 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:47:19.0348 3040 HdAudAddService - ok
19:47:19.0369 3040 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:47:19.0373 3040 HDAudBus - ok
19:47:19.0417 3040 [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI C:\Windows\system32\DRIVERS\HECI.sys
19:47:19.0420 3040 HECI - ok
19:47:19.0455 3040 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:47:19.0459 3040 HidBatt - ok
19:47:19.0474 3040 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:47:19.0478 3040 HidBth - ok
19:47:19.0506 3040 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:47:19.0510 3040 HidIr - ok
19:47:19.0530 3040 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
19:47:19.0594 3040 hidserv - ok
19:47:19.0663 3040 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:47:19.0669 3040 HidUsb - ok
19:47:19.0699 3040 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:47:19.0758 3040 hkmsvc - ok
19:47:19.0847 3040 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:47:19.0914 3040 HomeGroupListener - ok
19:47:19.0959 3040 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:47:19.0965 3040 HomeGroupProvider - ok
19:47:20.0119 3040 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:47:20.0124 3040 HpSAMD - ok
19:47:20.0240 3040 [ 210388FD8225B02BD83D77628AAE64A9 ] HsfXAudioService C:\Windows\system32\XAudio32.dll
19:47:20.0328 3040 HsfXAudioService - ok
19:47:20.0397 3040 [ 227C3BA25012752BB7450235392C719F ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
19:47:20.0422 3040 HSF_DPV - ok
19:47:20.0457 3040 [ 4DF5C76302DC2F8F3465966C8426A292 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
19:47:20.0463 3040 HSXHWAZL - ok
19:47:20.0514 3040 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:47:20.0524 3040 HTTP - ok
19:47:20.0545 3040 [ F44461E66F1B7DD267957FE9BAA63ED0 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
19:47:20.0548 3040 huawei_enumerator - ok
19:47:20.0616 3040 [ F547F862B8907F1BCBD9B72A72A6449E ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
19:47:20.0622 3040 hwdatacard - ok
19:47:20.0689 3040 HWDeviceService.exe - ok
19:47:20.0734 3040 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:47:20.0735 3040 hwpolicy - ok
19:47:20.0827 3040 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:47:20.0830 3040 i8042prt - ok
19:47:20.0871 3040 [ F4037A3FEDB92DD97C95F320766EA5C9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
19:47:20.0875 3040 iaStor - ok
19:47:20.0903 3040 [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:47:20.0912 3040 iaStorV - ok
19:47:20.0984 3040 [ 38106C7BD34EAE89D2769AC0BA2E846B ] Idea Net Setter. RunOuc C:\Program Files\Idea Net Setter\UpdateDog\ouc.exe
19:47:20.0991 3040 Idea Net Setter. RunOuc - ok
19:47:21.0059 3040 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:47:21.0084 3040 idsvc - ok
19:47:21.0430 3040 [ 40F8A0F85BCE94F766808AEEE8F96FA8 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
19:47:21.0642 3040 igfx - ok
19:47:21.0715 3040 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:47:21.0718 3040 iirsp - ok
19:47:21.0896 3040 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
19:47:22.0105 3040 IKEEXT - ok
19:47:22.0159 3040 [ E3C36AC5AE87EC970AE8EA2A93D59AE1 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
19:47:22.0163 3040 Impcd - ok
19:47:22.0243 3040 [ 987A2CC8EC0E86CAA2D8068B1ED7B441 ] InstallFilterService C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
19:47:22.0250 3040 InstallFilterService - ok
19:47:22.0343 3040 [ 58AD25D624AF3A05DA5BE3E5739F01BF ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
19:47:22.0349 3040 IntcDAud - ok
19:47:22.0395 3040 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
19:47:22.0401 3040 intelide - ok
19:47:22.0456 3040 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:47:22.0464 3040 intelppm - ok
19:47:22.0526 3040 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:47:22.0540 3040 IPBusEnum - ok
19:47:22.0562 3040 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:47:22.0566 3040 IpFilterDriver - ok
19:47:22.0652 3040 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:47:22.0659 3040 iphlpsvc - ok
19:47:22.0698 3040 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:47:22.0700 3040 IPMIDRV - ok
19:47:22.0718 3040 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:47:22.0722 3040 IPNAT - ok
19:47:22.0761 3040 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:47:22.0782 3040 iPod Service - ok
19:47:22.0803 3040 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:47:22.0807 3040 IRENUM - ok
19:47:22.0823 3040 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:47:22.0825 3040 isapnp - ok
19:47:22.0844 3040 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:47:22.0850 3040 iScsiPrt - ok
19:47:22.0881 3040 [ 994EBB45C4B438E1F6EA0B958AE9B9A3 ] ivusb C:\Windows\system32\DRIVERS\ivusb.sys
19:47:22.0884 3040 ivusb - ok
19:47:22.0904 3040 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:47:22.0907 3040 kbdclass - ok
19:47:22.0928 3040 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:47:22.0930 3040 kbdhid - ok
19:47:22.0939 3040 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
19:47:22.0942 3040 KeyIso - ok
19:47:22.0981 3040 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:47:22.0983 3040 KSecDD - ok
19:47:23.0002 3040 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:47:23.0005 3040 KSecPkg - ok
19:47:23.0028 3040 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
19:47:23.0061 3040 KtmRm - ok
19:47:23.0099 3040 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
19:47:23.0104 3040 LanmanServer - ok
19:47:23.0131 3040 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:47:23.0135 3040 LanmanWorkstation - ok
19:47:23.0262 3040 [ 9E25FFBA1EE26ABFE7B9319F8EF3F771 ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
19:47:23.0328 3040 LiveUpdate - ok
19:47:23.0371 3040 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:47:23.0373 3040 lltdio - ok
19:47:23.0403 3040 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:47:23.0415 3040 lltdsvc - ok
19:47:23.0428 3040 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
19:47:23.0431 3040 lmhosts - ok
19:47:23.0486 3040 LMIInfo - ok
19:47:23.0537 3040 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
19:47:23.0541 3040 lmimirr - ok
19:47:23.0563 3040 LMIRfsClientNP - ok
19:47:23.0599 3040 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
19:47:23.0602 3040 LMIRfsDriver - ok
19:47:23.0626 3040 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:47:23.0630 3040 LSI_FC - ok
19:47:23.0651 3040 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:47:23.0655 3040 LSI_SAS - ok
19:47:23.0664 3040 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:47:23.0668 3040 LSI_SAS2 - ok
19:47:23.0675 3040 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:47:23.0678 3040 LSI_SCSI - ok
19:47:23.0698 3040 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
19:47:23.0702 3040 luafv - ok
19:47:23.0738 3040 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:47:23.0752 3040 Mcx2Svc - ok
19:47:23.0781 3040 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:47:23.0784 3040 mdmxsdk - ok
19:47:23.0799 3040 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:47:23.0803 3040 megasas - ok
19:47:23.0821 3040 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:47:23.0828 3040 MegaSR - ok
19:47:23.0896 3040 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
19:47:23.0900 3040 Microsoft Office Groove Audit Service - ok
19:47:23.0925 3040 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
19:47:23.0970 3040 MMCSS - ok
19:47:23.0994 3040 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
19:47:23.0996 3040 Modem - ok
19:47:24.0017 3040 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:47:24.0025 3040 monitor - ok
19:47:24.0055 3040 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:47:24.0059 3040 mouclass - ok
19:47:24.0099 3040 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:47:24.0102 3040 mouhid - ok
19:47:24.0133 3040 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:47:24.0135 3040 mountmgr - ok
19:47:24.0169 3040 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
19:47:24.0194 3040 mpio - ok
19:47:24.0214 3040 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:47:24.0216 3040 mpsdrv - ok
19:47:24.0362 3040 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:47:24.0379 3040 MpsSvc - ok
19:47:24.0404 3040 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:47:24.0408 3040 MRxDAV - ok
19:47:24.0461 3040 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:47:24.0465 3040 mrxsmb - ok
19:47:24.0514 3040 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:47:24.0520 3040 mrxsmb10 - ok
19:47:24.0533 3040 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:47:24.0537 3040 mrxsmb20 - ok
19:47:24.0551 3040 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\drivers\msahci.sys
19:47:24.0554 3040 msahci - ok
19:47:24.0573 3040 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:47:24.0578 3040 msdsm - ok
19:47:24.0598 3040 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
19:47:24.0605 3040 MSDTC - ok
19:47:24.0650 3040 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:47:24.0653 3040 Msfs - ok
19:47:24.0672 3040 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:47:24.0676 3040 mshidkmdf - ok
19:47:24.0710 3040 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:47:24.0713 3040 msisadrv - ok
19:47:24.0738 3040 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:47:24.0755 3040 MSiSCSI - ok
19:47:24.0760 3040 msiserver - ok
19:47:24.0801 3040 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:47:24.0805 3040 MSKSSRV - ok
19:47:24.0818 3040 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:47:24.0822 3040 MSPCLOCK - ok
19:47:24.0834 3040 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:47:24.0837 3040 MSPQM - ok
19:47:24.0854 3040 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:47:24.0859 3040 MsRPC - ok
19:47:24.0867 3040 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:47:24.0869 3040 mssmbios - ok
19:47:24.0887 3040 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:47:24.0892 3040 MSTEE - ok
19:47:24.0904 3040 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:47:24.0907 3040 MTConfig - ok
19:47:24.0919 3040 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
19:47:24.0923 3040 Mup - ok
19:47:24.0960 3040 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
19:47:24.0977 3040 napagent - ok
19:47:25.0014 3040 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:47:25.0022 3040 NativeWifiP - ok
19:47:25.0142 3040 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121114.008\NAVENG.SYS
19:47:25.0146 3040 NAVENG - ok
19:47:25.0211 3040 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121114.008\NAVEX15.SYS
19:47:25.0271 3040 NAVEX15 - ok
19:47:25.0315 3040 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:47:25.0338 3040 NDIS - ok
19:47:25.0353 3040 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:47:25.0356 3040 NdisCap - ok
19:47:25.0378 3040 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:47:25.0381 3040 NdisTapi - ok
19:47:25.0407 3040 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:47:25.0411 3040 Ndisuio - ok
19:47:25.0443 3040 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:47:25.0448 3040 NdisWan - ok
19:47:25.0480 3040 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:47:25.0484 3040 NDProxy - ok
19:47:25.0521 3040 [ 1352E1648213551923A0A822E441553C ] Netaapl C:\Windows\system32\DRIVERS\netaapl.sys
19:47:25.0525 3040 Netaapl - ok
19:47:25.0540 3040 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:47:25.0545 3040 NetBIOS - ok
19:47:25.0584 3040 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:47:25.0589 3040 NetBT - ok
19:47:25.0604 3040 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
19:47:25.0607 3040 Netlogon - ok
19:47:25.0648 3040 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
19:47:25.0657 3040 Netman - ok
19:47:25.0681 3040 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
19:47:25.0698 3040 netprofm - ok
19:47:25.0716 3040 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:47:25.0720 3040 NetTcpPortSharing - ok
19:47:25.0747 3040 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:47:25.0751 3040 nfrd960 - ok
19:47:25.0770 3040 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:47:25.0778 3040 NlaSvc - ok
19:47:25.0794 3040 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:47:25.0797 3040 Npfs - ok
19:47:25.0809 3040 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
19:47:25.0814 3040 nsi - ok
19:47:25.0827 3040 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:47:25.0828 3040 nsiproxy - ok
19:47:25.0886 3040 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:47:25.0918 3040 Ntfs - ok
19:47:25.0930 3040 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
19:47:25.0933 3040 Null - ok
19:47:25.0970 3040 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:47:25.0993 3040 nvraid - ok
19:47:26.0030 3040 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:47:26.0037 3040 nvstor - ok
19:47:26.0051 3040 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:47:26.0056 3040 nv_agp - ok
19:47:26.0171 3040 [ C456ED2D576B0FB20754A7EDE3D4C058 ] NWSAPAutoWorkstationUpdateSvc C:\Program Files\SAP\SAPsetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe
19:47:26.0179 3040 NWSAPAutoWorkstationUpdateSvc - ok
19:47:26.0260 3040 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:47:26.0278 3040 odserv - ok
19:47:26.0310 3040 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:47:26.0314 3040 ohci1394 - ok
19:47:26.0345 3040 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:47:26.0352 3040 ose - ok
19:47:26.0383 3040 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:47:26.0399 3040 p2pimsvc - ok
19:47:26.0419 3040 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
19:47:26.0444 3040 p2psvc - ok
19:47:26.0493 3040 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:47:26.0497 3040 Parport - ok
19:47:26.0537 3040 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:47:26.0540 3040 partmgr - ok
19:47:26.0550 3040 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
19:47:26.0553 3040 Parvdm - ok
19:47:26.0570 3040 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:47:26.0594 3040 PcaSvc - ok
19:47:26.0614 3040 pccsmcfd - ok
19:47:26.0636 3040 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
19:47:26.0642 3040 pci - ok
19:47:26.0663 3040 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
19:47:26.0667 3040 pciide - ok
19:47:26.0685 3040 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:47:26.0691 3040 pcmcia - ok
19:47:26.0702 3040 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
19:47:26.0705 3040 pcw - ok
19:47:26.0734 3040 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:47:26.0751 3040 PEAUTH - ok
19:47:26.0795 3040 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:47:26.0828 3040 PeerDistSvc - ok
19:47:26.0904 3040 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
19:47:27.0020 3040 pla - ok
19:47:27.0063 3040 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:47:27.0080 3040 PlugPlay - ok
19:47:27.0106 3040 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:47:27.0134 3040 PNRPAutoReg - ok
19:47:27.0158 3040 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:47:27.0163 3040 PNRPsvc - ok
19:47:27.0183 3040 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:47:27.0211 3040 PolicyAgent - ok
19:47:27.0286 3040 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
19:47:27.0294 3040 Power - ok
19:47:27.0328 3040 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:47:27.0332 3040 PptpMiniport - ok
19:47:27.0425 3040 [ 2A4514A9233D35A355F569FF8B8F6240 ] prepdrvr C:\Windows\system32\CCM\prepdrv.sys
19:47:27.0564 3040 prepdrvr - ok
19:47:27.0612 3040 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:47:27.0616 3040 Processor - ok
19:47:27.0649 3040 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
19:47:27.0656 3040 ProfSvc - ok
19:47:27.0667 3040 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:47:27.0670 3040 ProtectedStorage - ok
19:47:27.0699 3040 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:47:27.0702 3040 Psched - ok
19:47:27.0756 3040 [ 681AE4F1927FE0FDEEE2863F1684088D ] pwdrvio C:\Windows\system32\pwdrvio.sys
19:47:27.0861 3040 pwdrvio - ok
19:47:27.0916 3040 [ BC60895CE021309EBD887D2F22055654 ] pwdspio C:\Windows\system32\pwdspio.sys
19:47:27.0986 3040 pwdspio - ok
19:47:28.0044 3040 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:47:28.0104 3040 ql2300 - ok
19:47:28.0129 3040 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:47:28.0134 3040 ql40xx - ok
19:47:28.0160 3040 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
19:47:28.0255 3040 QWAVE - ok
19:47:28.0287 3040 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:47:28.0288 3040 QWAVEdrv - ok
19:47:28.0432 3040 [ 2294BB505B9790B7C211475EBAB81269 ] RadeHlprSvc C:\Program Files\Citrix\Streaming Client\RadeHlprSvc.exe
19:47:28.0439 3040 RadeHlprSvc - ok
19:47:28.0474 3040 [ B1C266440058E771A3F2036EF1C9A43C ] RadeSvc C:\Program Files\Citrix\Streaming Client\RadeSvc.exe
19:47:28.0502 3040 RadeSvc - ok
19:47:28.0519 3040 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:47:28.0522 3040 RasAcd - ok
19:47:28.0547 3040 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:47:28.0550 3040 RasAgileVpn - ok
19:47:28.0566 3040 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
19:47:28.0597 3040 RasAuto - ok
19:47:28.0630 3040 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:47:28.0634 3040 Rasl2tp - ok
19:47:28.0688 3040 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
19:47:28.0698 3040 RasMan - ok
19:47:28.0715 3040 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:47:28.0724 3040 RasPppoe - ok
19:47:28.0746 3040 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:47:28.0750 3040 RasSstp - ok
19:47:28.0765 3040 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:47:28.0772 3040 rdbss - ok
19:47:28.0785 3040 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:47:28.0788 3040 rdpbus - ok
19:47:28.0818 3040 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:47:28.0819 3040 RDPCDD - ok
19:47:28.0845 3040 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:47:28.0851 3040 RDPDR - ok
19:47:28.0890 3040 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:47:28.0891 3040 RDPENCDD - ok
19:47:28.0910 3040 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:47:28.0911 3040 RDPREFMP - ok
19:47:28.0948 3040 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:47:28.0954 3040 RDPWD - ok
19:47:28.0987 3040 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:47:28.0993 3040 rdyboost - ok
19:47:29.0027 3040 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
19:47:29.0042 3040 RemoteAccess - ok
19:47:29.0062 3040 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:47:29.0093 3040 RemoteRegistry - ok
19:47:29.0132 3040 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:47:29.0137 3040 RFCOMM - ok
19:47:29.0161 3040 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:47:29.0180 3040 RpcEptMapper - ok
19:47:29.0199 3040 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
19:47:29.0204 3040 RpcLocator - ok
19:47:29.0244 3040 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
19:47:29.0251 3040 RpcSs - ok
19:47:29.0278 3040 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:47:29.0282 3040 rspndr - ok
19:47:29.0310 3040 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:47:29.0314 3040 s3cap - ok
19:47:29.0325 3040 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
19:47:29.0327 3040 SamSs - ok
19:47:29.0365 3040 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:47:29.0369 3040 sbp2port - ok
19:47:29.0404 3040 SBRE - ok
19:47:29.0424 3040 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:47:29.0444 3040 SCardSvr - ok
19:47:29.0477 3040 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:47:29.0480 3040 scfilter - ok
19:47:29.0503 3040 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
19:47:29.0529 3040 Schedule - ok
19:47:29.0564 3040 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:47:29.0565 3040 SCPolicySvc - ok
19:47:29.0586 3040 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys
19:47:29.0590 3040 sdbus - ok
19:47:29.0619 3040 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:47:29.0638 3040 SDRSVC - ok
19:47:29.0679 3040 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:47:29.0682 3040 secdrv - ok
19:47:29.0698 3040 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
19:47:29.0713 3040 seclogon - ok
19:47:29.0734 3040 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
19:47:29.0739 3040 SENS - ok
19:47:29.0776 3040 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:47:29.0782 3040 SensrSvc - ok
19:47:29.0812 3040 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:47:29.0816 3040 Serenum - ok
19:47:29.0831 3040 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:47:29.0835 3040 Serial - ok
19:47:29.0872 3040 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:47:29.0875 3040 sermouse - ok
19:47:29.0940 3040 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
19:47:29.0969 3040 SessionEnv - ok
19:47:30.0011 3040 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
19:47:30.0015 3040 sffdisk - ok
19:47:30.0025 3040 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:47:30.0030 3040 sffp_mmc - ok
19:47:30.0042 3040 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
19:47:30.0045 3040 sffp_sd - ok
19:47:30.0062 3040 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:47:30.0066 3040 sfloppy - ok
19:47:30.0129 3040 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:47:30.0160 3040 SharedAccess - ok
19:47:30.0214 3040 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:47:30.0258 3040 ShellHWDetection - ok
19:47:30.0274 3040 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:47:30.0278 3040 sisagp - ok
19:47:30.0304 3040 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:47:30.0308 3040 SiSRaid2 - ok
19:47:30.0321 3040 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:47:30.0325 3040 SiSRaid4 - ok
19:47:30.0344 3040 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:47:30.0347 3040 Smb - ok
19:47:30.0422 3040 [ 16176075021462D37EDABB98DEA753D0 ] SmcService C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
19:47:30.0483 3040 SmcService - ok
19:47:30.0536 3040 [ CDE05A7FB8F3707391716780427DC0FC ] SMR311 C:\Windows\system32\drivers\SMR311.SYS
19:47:30.0541 3040 SMR311 - ok
19:47:30.0593 3040 smstsmgr - ok
19:47:30.0632 3040 [ 1C48F2DF2CF97504169E63C37A2818B2 ] SNAC C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
19:47:30.0649 3040 SNAC - ok
19:47:30.0681 3040 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:47:30.0687 3040 SNMPTRAP - ok
19:47:30.0765 3040 [ E87CF104F12C92401C4D33C50A3D5DC8 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
19:47:30.0968 3040 SPBBCDrv - ok
19:47:30.0990 3040 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
19:47:30.0993 3040 spldr - ok
19:47:31.0027 3040 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
19:47:31.0037 3040 Spooler - ok
19:47:31.0133 3040 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
19:47:31.0219 3040 sppsvc - ok
19:47:31.0254 3040 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:47:31.0335 3040 sppuinotify - ok
19:47:31.0372 3040 [ 620BBCC5C4C4407447866793C36E1215 ] SRTSP C:\Windows\system32\Drivers\SRTSP.SYS
19:47:31.0380 3040 SRTSP - ok
19:47:31.0399 3040 [ 995E15DE499CA58445E39A2FBA7D170E ] SRTSPL C:\Windows\system32\Drivers\SRTSPL.SYS
19:47:31.0406 3040 SRTSPL - ok
19:47:31.0422 3040 [ 1B63F794F283B974A79084514DF206A0 ] SRTSPX C:\Windows\system32\Drivers\SRTSPX.SYS
19:47:31.0425 3040 SRTSPX - ok
19:47:31.0461 3040 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:47:31.0469 3040 srv - ok
19:47:31.0490 3040 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:47:31.0498 3040 srv2 - ok
19:47:31.0528 3040 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
19:47:31.0533 3040 SrvHsfHDA - ok
19:47:31.0565 3040 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
19:47:31.0590 3040 SrvHsfV92 - ok
19:47:31.0615 3040 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
19:47:31.0636 3040 SrvHsfWinac - ok
19:47:31.0669 3040 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:47:31.0673 3040 srvnet - ok
19:47:31.0716 3040 [ D5DFFEAA1E15D4EFFABB9D9A3068AC5B ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
19:47:31.0720 3040 sscdbus - ok
19:47:31.0771 3040 [ 8A1BE0C347814F482F493AEA619D57F6 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
19:47:31.0774 3040 sscdmdfl - ok
19:47:31.0794 3040 [ 5AB0B1987F682A59B15B78F84C6AD7D0 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
19:47:31.0798 3040 sscdmdm - ok
19:47:31.0825 3040 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:47:31.0848 3040 SSDPSRV - ok
19:47:31.0889 3040 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:47:31.0905 3040 SstpSvc - ok
19:47:31.0972 3040 [ 7AEFC130355AA99307B31EE678614380 ] STacSV C:\Program Files\IDT\WDM\STacSV.exe
19:47:31.0977 3040 STacSV - ok
19:47:32.0014 3040 [ A5B83C8050572622E5C43B5B3326A129 ] stdflt C:\Windows\system32\DRIVERS\stdfltn.sys
19:47:32.0017 3040 stdflt - ok
19:47:32.0042 3040 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:47:32.0046 3040 stexstor - ok
19:47:32.0082 3040 [ EC4B4125BA14F7436B1740F63F7BFF21 ] STHDA C:\Windows\system32\DRIVERS\stwrt.sys
19:47:32.0099 3040 STHDA - ok
19:47:32.0140 3040 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
19:47:32.0165 3040 StiSvc - ok
19:47:32.0201 3040 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:47:32.0205 3040 storflt - ok
19:47:32.0239 3040 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
19:47:32.0251 3040 StorSvc - ok
19:47:32.0270 3040 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:47:32.0273 3040 storvsc - ok
19:47:32.0285 3040 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
19:47:32.0287 3040 swenum - ok
19:47:32.0300 3040 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
19:47:32.0306 3040 swprv - ok
19:47:32.0355 3040 [ DC358448CD60F6739C58361A0A5FDA0B ] Symantec AntiVirus C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
19:47:32.0414 3040 Symantec AntiVirus - ok
19:47:32.0444 3040 [ AB33C3B196197CA467CBDDA717860DBA ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
19:47:32.0449 3040 SymEvent - ok
19:47:32.0476 3040 [ 394B2368212114D538316812AF60FDDD ] SYMREDRV C:\Windows\System32\Drivers\SYMREDRV.SYS
19:47:32.0480 3040 SYMREDRV - ok
19:47:32.0493 3040 [ D46676BB414C7531BDFFE637A33F5033 ] SYMTDI C:\Windows\System32\Drivers\SYMTDI.SYS
19:47:32.0498 3040 SYMTDI - ok
19:47:32.0541 3040 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
19:47:32.0576 3040 SysMain - ok
19:47:32.0590 3040 [ C8F9EB4AC42740D036B0B9F0809B335B ] SysPlant C:\Windows\SYSTEM32\Drivers\SysPlant.sys
19:47:32.0648 3040 SysPlant - ok
19:47:32.0694 3040 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:47:32.0700 3040 TabletInputService - ok
19:47:32.0742 3040 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
19:47:32.0752 3040 TapiSrv - ok
19:47:32.0769 3040 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
19:47:32.0785 3040 TBS - ok
19:47:32.0839 3040 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:47:32.0874 3040 Tcpip - ok
19:47:32.0922 3040 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:47:32.0933 3040 TCPIP6 - ok
19:47:32.0973 3040 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:47:32.0976 3040 tcpipreg - ok
19:47:33.0013 3040 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:47:33.0016 3040 TDPIPE - ok
19:47:33.0047 3040 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:47:33.0049 3040 TDTCP - ok
19:47:33.0080 3040 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:47:33.0084 3040 tdx - ok
19:47:33.0213 3040 [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
19:47:33.0307 3040 TeamViewer7 - ok
19:47:33.0343 3040 [ 8F9BF086FED2C7C076A7A4B8E8A24FE9 ] Teefer3 C:\Windows\system32\DRIVERS\Teefer3.sys
19:47:33.0347 3040 Teefer3 - ok
19:47:33.0354 3040 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:47:33.0357 3040 TermDD - ok
19:47:33.0396 3040 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
19:47:33.0417 3040 TermService - ok
19:47:33.0443 3040 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
19:47:33.0448 3040 Themes - ok
19:47:33.0461 3040 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
19:47:33.0464 3040 THREADORDER - ok
19:47:33.0478 3040 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
19:47:33.0498 3040 TrkWks - ok
19:47:33.0562 3040 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:47:33.0568 3040 TrustedInstaller - ok
19:47:33.0587 3040 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:47:33.0589 3040 tssecsrv - ok
19:47:33.0626 3040 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:47:33.0632 3040 TsUsbFlt - ok
19:47:33.0659 3040 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:47:33.0662 3040 tunnel - ok
19:47:33.0725 3040 [ E6E4F2901D2714D5697E51C6EA91D798 ] tvncserver_Pointdev C:\Windows\Pointdev\VNC\tvnserver.exe
19:47:33.0750 3040 tvncserver_Pointdev - ok
19:47:33.0776 3040 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:47:33.0780 3040 uagp35 - ok
19:47:33.0816 3040 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:47:33.0823 3040 udfs - ok
19:47:33.0917 3040 [ 5340AAA8E1C84686C01964694C2D52C9 ] UDisk Monitor C:\Program Files\Reliance Netconnect+\bin\MonServiceUDisk.exe
19:47:33.0926 3040 UDisk Monitor - ok
19:47:33.0959 3040 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:47:33.0966 3040 UI0Detect - ok
19:47:33.0996 3040 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:47:34.0000 3040 uliagpkx - ok
19:47:34.0013 3040 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
19:47:34.0017 3040 umbus - ok
19:47:34.0044 3040 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:47:34.0048 3040 UmPass - ok
19:47:34.0083 3040 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
19:47:34.0090 3040 UmRdpService - ok
19:47:34.0106 3040 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
19:47:34.0146 3040 upnphost - ok
19:47:34.0175 3040 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
19:47:34.0179 3040 USBAAPL - ok
19:47:34.0194 3040 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:47:34.0197 3040 usbccgp - ok
19:47:34.0217 3040 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:47:34.0222 3040 usbcir - ok
19:47:34.0240 3040 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:47:34.0244 3040 usbehci - ok
19:47:34.0277 3040 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:47:34.0285 3040 usbhub - ok
19:47:34.0299 3040 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:47:34.0303 3040 usbohci - ok
19:47:34.0314 3040 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:47:34.0318 3040 usbprint - ok
19:47:34.0362 3040 [ 31181DE6190B39FC8007DFFD1A48FFD6 ] usbser C:\Windows\system32\drivers\usbser.sys
19:47:34.0366 3040 usbser - ok
19:47:34.0381 3040 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:47:34.0385 3040 USBSTOR - ok
19:47:34.0398 3040 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:47:34.0402 3040 usbuhci - ok
19:47:34.0450 3040 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:47:34.0456 3040 usbvideo - ok
19:47:34.0482 3040 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
19:47:34.0499 3040 UxSms - ok
19:47:34.0514 3040 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
19:47:34.0516 3040 VaultSvc - ok
19:47:34.0524 3040 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:47:34.0528 3040 vdrvroot - ok
19:47:34.0566 3040 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
19:47:34.0588 3040 vds - ok
19:47:34.0612 3040 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:47:34.0615 3040 vga - ok
19:47:34.0631 3040 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:47:34.0635 3040 VgaSave - ok
19:47:34.0662 3040 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
19:47:34.0669 3040 vhdmp - ok
19:47:34.0702 3040 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:47:34.0706 3040 viaagp - ok
19:47:34.0726 3040 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
19:47:34.0730 3040 ViaC7 - ok
19:47:34.0741 3040 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
19:47:34.0745 3040 viaide - ok
19:47:34.0768 3040 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:47:34.0774 3040 vmbus - ok
19:47:34.0793 3040 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:47:34.0802 3040 VMBusHID - ok
19:47:34.0820 3040 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:47:34.0829 3040 volmgr - ok
19:47:34.0863 3040 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:47:34.0886 3040 volmgrx - ok
19:47:34.0948 3040 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:47:34.0954 3040 volsnap - ok
19:47:35.0105 3040 [ 80E63B86C40C5E067475DC98F845A6DD ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
19:47:35.0122 3040 vpnagent - ok
19:47:35.0170 3040 [ EA39F36302DACBCDCDB113313718E768 ] vpnva C:\Windows\system32\DRIVERS\vpnva.sys
19:47:35.0173 3040 vpnva - ok
19:47:35.0198 3040 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:47:35.0204 3040 vsmraid - ok
19:47:35.0324 3040 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
19:47:35.0353 3040 VSS - ok
19:47:35.0378 3040 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:47:35.0380 3040 vwifibus - ok
19:47:35.0402 3040 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:47:35.0408 3040 vwififlt - ok
19:47:35.0432 3040 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
19:47:35.0435 3040 vwifimp - ok
19:47:35.0502 3040 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
19:47:35.0512 3040 W32Time - ok
19:47:35.0559 3040 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:47:35.0562 3040 WacomPen - ok
19:47:35.0587 3040 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:47:35.0593 3040 WANARP - ok
19:47:35.0598 3040 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:47:35.0599 3040 Wanarpv6 - ok
19:47:35.0761 3040 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:47:35.0795 3040 WatAdminSvc - ok
19:47:35.0924 3040 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
19:47:35.0964 3040 wbengine - ok
19:47:36.0012 3040 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:47:36.0039 3040 WbioSrvc - ok
19:47:36.0084 3040 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:47:36.0141 3040 wcncsvc - ok
19:47:36.0168 3040 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:47:36.0187 3040 WcsPlugInService - ok
19:47:36.0205 3040 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:47:36.0209 3040 Wd - ok
19:47:36.0244 3040 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam.sys
19:47:36.0248 3040 WDC_SAM - ok
19:47:36.0271 3040 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:47:36.0288 3040 Wdf01000 - ok
19:47:36.0303 3040 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:47:36.0309 3040 WdiServiceHost - ok
19:47:36.0315 3040 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:47:36.0321 3040 WdiSystemHost - ok
19:47:36.0369 3040 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
19:47:36.0394 3040 WebClient - ok
19:47:36.0430 3040 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:47:36.0468 3040 Wecsvc - ok
19:47:36.0479 3040 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:47:36.0517 3040 wercplsupport - ok
19:47:36.0546 3040 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
19:47:36.0553 3040 WerSvc - ok
19:47:36.0566 3040 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:47:36.0569 3040 WfpLwf - ok
19:47:36.0581 3040 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:47:36.0585 3040 WIMMount - ok
19:47:36.0612 3040 [ 8B976D4CA270110111DF4F313DA0E6E8 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
19:47:36.0636 3040 winachsf - ok
19:47:36.0708 3040 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:47:36.0762 3040 WinDefend - ok
19:47:36.0768 3040 WinHttpAutoProxySvc - ok
19:47:36.0834 3040 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:47:36.0842 3040 Winmgmt - ok
19:47:36.0892 3040 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
19:47:36.0967 3040 WinRM - ok
19:47:37.0005 3040 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:47:37.0010 3040 WinUsb - ok
19:47:37.0048 3040 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:47:37.0072 3040 Wlansvc - ok
19:47:37.0114 3040 [ 7FFF34AE69DFB80F7B190ABA31E00610 ] wltrysvc C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
19:47:37.0117 3040 wltrysvc - ok
19:47:37.0153 3040 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:47:37.0156 3040 WmiAcpi - ok
19:47:37.0172 3040 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:47:37.0177 3040 wmiApSrv - ok
19:47:37.0231 3040 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:47:37.0261 3040 WMPNetworkSvc - ok
19:47:37.0277 3040 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:47:37.0292 3040 WPCSvc - ok
19:47:37.0337 3040 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:47:37.0368 3040 WPDBusEnum - ok
19:47:37.0397 3040 [ D81EF0D8716500A573CD82185EF3E42D ] WPS C:\Windows\system32\drivers\wpsdrvnt.sys
19:47:37.0399 3040 WPS - ok
19:47:37.0428 3040 [ C306D2037EC147C7C663994F12B87F1E ] WpsHelper C:\Windows\system32\drivers\WpsHelper.sys
19:47:37.0432 3040 WpsHelper - ok
19:47:37.0455 3040 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:47:37.0458 3040 ws2ifsl - ok
19:47:37.0513 3040 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
19:47:37.0520 3040 wscsvc - ok
19:47:37.0525 3040 WSearch - ok
19:47:37.0617 3040 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
19:47:37.0693 3040 wuauserv - ok
19:47:37.0706 3040 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:47:37.0710 3040 WudfPf - ok
19:47:37.0753 3040 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:47:37.0759 3040 WUDFRd - ok
19:47:37.0791 3040 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:47:37.0813 3040 wudfsvc - ok
19:47:37.0850 3040 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
19:47:37.0890 3040 WwanSvc - ok
19:47:37.0922 3040 [ 894F963BE999BA9DB5AAC3AED55B115D ] XAudio C:\Windows\system32\DRIVERS\XAudio32.sys
19:47:37.0926 3040 XAudio - ok
19:47:37.0959 3040 [ 0032C7CD295FB084862785F219970329 ] ztemtusbser C:\Windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys
19:47:37.0962 3040 ztemtusbser - ok
19:47:38.0036 3040 ================ Scan global ===============================
19:47:38.0052 3040 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
19:47:38.0088 3040 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
19:47:38.0101 3040 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
19:47:38.0125 3040 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
19:47:38.0159 3040 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
19:47:38.0176 3040 [Global] - ok
19:47:38.0176 3040 ================ Scan MBR ==================================
19:47:38.0191 3040 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:47:38.0532 3040 \Device\Harddisk0\DR0 - ok
19:47:38.0532 3040 ================ Scan VBR ==================================
19:47:38.0543 3040 [ E75C5627759C3134F60C9F0EBE92EC35 ] \Device\Harddisk0\DR0\Partition1
19:47:38.0548 3040 \Device\Harddisk0\DR0\Partition1 - ok
19:47:38.0581 3040 [ 0719D258C5517088D3DC289527F187B6 ] \Device\Harddisk0\DR0\Partition2
19:47:38.0585 3040 \Device\Harddisk0\DR0\Partition2 - ok
19:47:38.0611 3040 [ 6977B29A0916F9924CDC50434E2BE1A9 ] \Device\Harddisk0\DR0\Partition3
19:47:38.0614 3040 \Device\Harddisk0\DR0\Partition3 - ok
19:47:38.0615 3040 ============================================================
19:47:38.0615 3040 Scan finished
19:47:38.0615 3040 ============================================================
19:47:38.0631 1540 Detected object count: 0
19:47:38.0631 1540 Actual detected object count: 0



the logfile from AdwCleaner.

# AdwCleaner v2.007 - Logfile created 11/15/2012 at 19:48:47
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : kiran.madhu - YH2148L
# Boot Mode : Normal
# Running from : C:\Users\Kiran.madhu\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKLM\Software\Application Updater
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

Profile name : default
File : C:\Users\Kiran.madhu\AppData\Roaming\Mozilla\Firefox\Profiles\7l9drvsg.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.64

File : C:\Users\Kiran.madhu\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R2].txt - [1276 octets] - [15/11/2012 19:48:47]

########## EOF - C:\AdwCleaner[R2].txt - [1336 octets] ##########

#4 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:04:12 AM

Posted 15 November 2012 - 01:56 PM

Hi,




Step 1
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.





Step 2
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please include the C:\ComboFix.txt in your next reply for further review.





What you should post with your next answer:
  • the logfile from AdwCleaner,
  • the logfile from ComboFix.

Regards,
M-K-D-B

#5 Kiran Madhu

Kiran Madhu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 15 November 2012 - 02:53 PM

the logfile from AdwCleaner,

# AdwCleaner v2.007 - Logfile created 11/16/2012 at 00:58:30
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : kiran.madhu - YH2148L
# Boot Mode : Normal
# Running from : C:\Users\Kiran.madhu\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

Profile name : default
File : C:\Users\Kiran.madhu\AppData\Roaming\Mozilla\Firefox\Profiles\7l9drvsg.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.64

File : C:\Users\Kiran.madhu\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1290 octets] - [16/11/2012 00:58:30]

########## EOF - C:\AdwCleaner[S1].txt - [1350 octets] ##########



the logfile from ComboFix.

ComboFix 12-11-15.01 - kiran.madhu 11/16/2012 1:10.1.4 - x86
Running from: c:\users\Kiran.madhu\Downloads\ComboFix.exe
* Created a new restore point
.
ADS - system32: deleted 12 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\$recycle.bin\S-1-5-18\$488649197cc33a2b9790126062cf0627\@
c:\$recycle.bin\S-1-5-18\$488649197cc33a2b9790126062cf0627\U\00000001.@
c:\programdata\AMMYY
c:\programdata\AMMYY\contacts3.bin
c:\programdata\AMMYY\hr
c:\programdata\AMMYY\hr3
c:\programdata\AMMYY\settings3.bin
c:\users\Kiran.madhu\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-15 to 2012-11-15 )))))))))))))))))))))))))))))))
.
.
2012-11-15 19:48 . 2012-11-15 19:48 -------- d-----w- c:\users\yashtemp\AppData\Local\temp
2012-11-15 19:48 . 2012-11-15 19:48 -------- d-----w- c:\users\srinivas.kakarla\AppData\Local\temp
2012-11-15 19:48 . 2012-11-15 19:48 -------- d-----w- c:\users\KIRAN~1~MAD\AppData\Local\temp
2012-11-15 19:48 . 2012-11-15 19:48 -------- d-----w- c:\users\divya.kaamala\AppData\Local\temp
2012-11-15 19:48 . 2012-11-15 19:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-15 19:48 . 2012-11-15 19:48 -------- d-----w- c:\users\Ctx_StreamingSvc\AppData\Local\temp
2012-11-15 19:48 . 2012-11-15 19:48 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-11-14 18:26 . 2012-11-14 18:27 -------- d-----w- c:\programdata\Norton
2012-11-14 17:00 . 2012-08-03 19:38 87976 ----a-r- c:\windows\system32\drivers\acsock.sys
2012-11-14 16:59 . 2012-11-14 17:00 -------- d-----w- c:\program files\Cisco
2012-11-14 15:42 . 2012-11-14 16:07 -------- d-----w- C:\log
2012-11-12 17:41 . 2012-11-12 17:41 -------- d-----w- c:\users\Kiran
2012-11-01 07:06 . 2012-11-01 07:06 -------- d-----w- c:\users\Default\AppData\Local\Google
2012-10-30 18:20 . 2012-11-15 19:33 -------- d-----w- c:\program files\Giraffic
2012-10-30 18:20 . 2012-10-30 18:21 -------- d-----w- c:\programdata\Giraffic
2012-10-17 05:40 . 2012-10-17 11:05 -------- d-----w- c:\program files\Virtual Router
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 22:49 . 2011-07-20 05:12 126 ----a-w- C:\setup.reg
2012-11-09 10:10 . 2012-04-10 12:20 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-09 10:10 . 2011-12-01 10:14 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-16 04:53 . 2012-10-16 04:53 90112 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2012-10-16 04:53 . 2012-10-16 04:53 861696 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-10-16 04:53 . 2012-10-16 04:53 73216 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2012-10-16 04:53 . 2012-10-16 04:53 64384 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2012-10-16 04:53 . 2012-10-16 04:53 26624 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2012-10-16 04:53 . 2012-10-16 04:53 19200 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2012-10-16 04:53 . 2012-10-16 04:53 181760 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2012-10-16 04:53 . 2012-10-16 04:53 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-10-16 04:53 . 2012-10-16 04:53 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2012-10-16 04:53 . 2012-10-16 04:53 353280 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys
2012-10-16 04:53 . 2012-10-16 04:53 25856 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-10-16 04:53 . 2012-10-16 04:53 193792 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-10-16 04:53 . 2012-01-19 09:26 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-10-16 04:53 . 2012-01-19 09:26 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-10-02 18:02 . 2011-07-11 17:00 174056 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2012-09-14 18:28 . 2012-10-11 20:58 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-31 17:18 . 2012-10-11 20:57 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 17:12 . 2012-10-11 20:57 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-11 20:57 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-24 16:57 . 2012-10-11 21:21 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 06:59 . 2012-10-11 21:02 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-10-11 21:02 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-10-11 21:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-10-11 21:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-10-11 21:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-10-11 21:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-22 17:16 . 2012-09-18 07:38 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-10-11 20:57 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-18 07:38 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-18 07:38 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12 . 2012-10-11 20:58 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-21 07:31 . 2012-09-19 05:26 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 07:31 . 2011-12-15 23:54 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-20 17:40 . 2012-10-11 20:58 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 17:40 . 2012-10-11 20:58 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 17:37 . 2012-10-11 20:58 271360 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 17:32 . 2012-10-11 20:58 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 20:58 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 20:58 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 20:58 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 20:58 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 20:58 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 20:58 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 20:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 20:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 20:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 20:58 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 20:58 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 20:58 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 20:58 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 20:58 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 20:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 20:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 20:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 20:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 20:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 20:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 20:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 20:58 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 20:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 15:33 . 2012-10-11 20:58 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33 . 2012-10-11 20:58 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33 . 2012-10-11 20:58 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33 . 2012-10-11 20:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-10-25 10:15 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-10-25 10:15 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-10-25 10:15 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-10-25 10:15 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HW_OPENEYE_OUC_Reliance Netconnect"="c:\program files\Reliance Netconnect+\UpdateDog\ouc.exe" [2009-07-27 110592]
"Octoshape Streaming Services"="c:\users\Kiran.madhu\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2012-10-10 4686848]
"DriverMax"="c:\program files\Innovative Solutions\DriverMax\drivermax.exe" [2012-10-19 11325376]
"Connectify"="c:\program files\Connectify\Connectify.exe" [2012-10-25 4010856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-11-17 115624]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-07-21 495708]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 142616]
"Communicator"="c:\program files\Microsoft Lync\communicator.exe" [2012-07-27 12100696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-08-03 685048]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2012-7-15 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Citrix\system32\radeaphook.dll c:\progra~1\Citrix\system32\CtxSbxHook.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-531195880-3687168959-1048678610-10337\Scripts\Logon\0\0]
"Script"=Usbstore.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-531195880-3687168959-1048678610-10337\Scripts\Logon\1\0]
"Script"=LocalAdmin.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-531195880-3687168959-1048678610-14738\Scripts\Logon\0\0]
"Script"=Usbstore.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-531195880-3687168959-1048678610-14738\Scripts\Logon\1\0]
"Script"=LocalAdmin.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-531195880-3687168959-1048678610-8147\Scripts\Logon\0\0]
"Script"=Usbstore.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-531195880-3687168959-1048678610-8147\Scripts\Logon\1\0]
"Script"=LocalAdmin.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Kiran.madhu^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Kiran.madhu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Kiran.madhu^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Kiran.madhu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2010-06-04 00:59 292208 ----a-w- c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-27 16:02 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BingDesktop]
2012-03-30 09:11 1858152 ----a-w- c:\program files\Microsoft\BingDesktop\BingDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2010-02-01 23:44 5249024 ----a-w- c:\program files\Dell\DW WLAN Card\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\chromium]
2012-10-31 22:15 1242136 ----a-w- c:\users\Kiran.madhu\AppData\Local\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-07-14 16:30 136176 ----atw- c:\users\Kiran.madhu\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\users\Kiran.madhu\AppData\Roaming\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 13:06 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2012-01-10 17:14 177432 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 18:00 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44 70936 ----a-w- c:\users\Kiran.madhu\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2012-01-10 17:14 177944 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 08:32 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 DirMngr;DirMngr;c:\program files\GNU\GnuPG\dirmngr.exe [x]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [x]
R2 Idea Net Setter. RunOuc;Idea Net Setter. OUC;c:\program files\Idea Net Setter\UpdateDog\ouc.exe [x]
R2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [x]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
R2 UDisk Monitor;UDisk Monitor;c:\program files\Reliance Netconnect+\bin\MonServiceUDisk.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [x]
R3 BingDesktopUpdate;Bing Desktop Update service;c:\program files\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 NWSAPAutoWorkstationUpdateSvc;SAPSetup Automatic Workstation Update Service;c:\program files\SAP\SAPsetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RadeHlprSvc;Citrix Streaming Helper Service;c:\program files\Citrix\Streaming Client\RadeHlprSvc.exe [x]
R3 RadeSvc;Citrix Streaming Service;c:\program files\Citrix\Streaming Client\RadeSvc.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tvncserver_Pointdev;VNC Server (Pointdev);c:\windows\Pointdev\VNC\tvnserver.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [x]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdfltn.sys [x]
S1 cdfdrv;cdfdrv;c:\windows\system32\DRIVERS\cdfdrv.sys [x]
S1 cnnctfy2;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy2.sys [x]
S1 ctxpidmn;ctxpidmn;c:\windows\system32\DRIVERS\ctxpidmn.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrv.sys [x]
S1 Teefer3;Symantec Endpoint Protection Firewall;c:\windows\system32\DRIVERS\Teefer3.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]
S2 Connectify;Connectify;c:\program files\Connectify\ConnectifyService.exe [x]
S2 CtxSbx;CtxSbx;c:\windows\system32\DRIVERS\CtxSbx.sys [x]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files\Giraffic\Veoh_GirafficWatchdog.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - EraserUtilDrv11220
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 10:10]
.
2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-19 19:29]
.
2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-19 19:29]
.
2012-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-531195880-3687168959-1048678610-14738Core.job
- c:\users\Kiran.madhu\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-14 16:30]
.
2012-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-531195880-3687168959-1048678610-14738UA.job
- c:\users\Kiran.madhu\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-14 16:30]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Download All with WinGet - c:\program files\Indentix\WinGet 3.0\WinIE.dll/301
IE: Download with WinGet - c:\program files\Indentix\WinGet 3.0\WinIE.dll/300
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.6.16.1 10.6.16.2 10.6.0.4
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://ra-guest.pega.com/CACHE/stc/1/binaries/vpnweb.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{cd90bf73-20f6-44ef-993d-bb920303bd2e} - (no file)
URLSearchHooks-{c34bfb11-eff0-4123-a7a5-79051ef24cf5} - (no file)
URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
WebBrowser-{C34BFB11-EFF0-4123-A7A5-79051EF24CF5} - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
WebBrowser-{CD90BF73-20F6-44EF-993D-BB920303BD2E} - (no file)
ShellIconOverlayIdentifiers-{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} - (no file)
ShellIconOverlayIdentifiers-{C72C6188-BEF2-46E5-A89A-52F0ED75219E} - (no file)
ShellIconOverlayIdentifiers-{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} - (no file)
HKCU-Run-DriverMax_RESTART - (no file)
HKLM-Run-NPSStartup - (no file)
HKLM-Run-Compare & Find Differences Between Two Text Files Software.exe - (no file)
SafeBoot-36944196.sys
SafeBoot-Wdf01000.sys
SafeBoot-Symantec Antvirus
MSConfigStartUp-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
MSConfigStartUp-uTorrent - c:\program files\uTorrent\uTorrent.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0018\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0020\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0021\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-16 01:20:07
ComboFix-quarantined-files.txt 2012-11-15 19:50
.
Pre-Run: 3,357,900,800 bytes free
Post-Run: 3,258,048,512 bytes free
.
- - End Of File - - 493E9D7430E4124771A42E654C1ECC88

#6 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:04:12 AM

Posted 16 November 2012 - 12:03 PM

Hi,




how is your computer running at the moment?




Step 1
Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.





Step 2
Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.





Step 3
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized





What you should post with your next answer:
  • an answer to my question,
  • the logfile from aswMBR,
  • both logfiles from OTL.

Regards,
M-K-D-B

#7 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:04:12 AM

Posted 20 November 2012 - 02:36 PM

Hi,


do you still need help with you computer?
If you don't respond within the next 48 hours, your topic will be closed.
Regards,
M-K-D-B

#8 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:04:12 AM

Posted 22 November 2012 - 10:15 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Regards,
M-K-D-B




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users