Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Rootkit/Infection


  • This topic is locked This topic is locked
16 replies to this topic

#1 btr03

btr03

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 30 November 2012 - 08:54 AM

Currently. I am unable to browse microsoft sites, av sites or even bleepingcomputer.com. Also, windows updates cannot connect, error code 80072EFE. However, if I configure a proxy server in IE->Internet Options->Connections->LAN settings I am able to browse the previously mentioned websites and windows updates work. Scans from malwarebytes, avast, tdsskiller, and eset online scanner show no infections. Please help!

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:47 PM

Posted 30 November 2012 - 09:27 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 btr03

btr03
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 30 November 2012 - 09:55 AM

Thanks for the fast repsonse. I have included security check and DDS logs.

Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
iSpy
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.1
Java™ 6 Update 29
Java™ 7 Update 5
Java version out of Date!
Adobe Flash Player 11.4.402.287 Flash Player out of Date!
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox (17.0)
````````Process Check: objlist.exe by Laurent````````
windows defender MpCmdRun.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 27% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/30/2011 4:23:28 AM
System Uptime: 11/30/2012 9:37:09 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0NVY5D
Processor: Intel® Core™ i7-2620M CPU @ 2.70GHz | CPU 1 | 2701/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 118 GiB total, 29.73 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Shrew Soft Virtual Adapter
Device ID: ROOT\VNET\0000
Manufacturer: Shrew Soft
Name: Shrew Soft Virtual Adapter
PNP Device ID: ROOT\VNET\0000
Service: vnet
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VirtualBox Host-Only Ethernet Adapter
Device ID: ROOT\NET\0001
Manufacturer: Oracle Corporation
Name: VirtualBox Host-Only Ethernet Adapter
PNP Device ID: ROOT\NET\0001
Service: VBoxNetAdp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Bluetooth Device (Personal Area Network)
Device ID: BTH\MS_BTHPAN\7&1431DBB1&0&2
Manufacturer: Microsoft
Name: Bluetooth Device (Personal Area Network)
PNP Device ID: BTH\MS_BTHPAN\7&1431DBB1&0&2
Service: BthPan
.
==== System Restore Points ===================
.
RP280: 11/28/2012 2:36:27 PM - Removed RawPacketDriver
RP281: 11/29/2012 10:54:24 AM - Windows Update
RP282: 11/29/2012 1:29:21 PM - Windows Update
RP283: 11/29/2012 3:47:49 PM - avast! Free Antivirus Setup
RP284: 11/29/2012 7:02:02 PM - Removed Dotfuscator Software Services - Community Edition
RP285: 11/29/2012 7:02:29 PM - Removed DocuWorks Viewer Light
RP286: 11/29/2012 7:02:45 PM - Removed HP Update.
RP287: 11/30/2012 8:20:00 AM - OTL Restore Point - 11/30/2012 8:19:59 AM
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
64 Bit HP CIO Components Installer
AccelerometerP11
Add-ons
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Advanced IP Scanner
Annotations
Annotations Help
Apple Application Support
Apple Software Update
ArcSoft MediaConverter 2.5
ArcSoft ShowBiz DVD 2
AutoCAD 2004
Autodesk Express Viewer
avast! Free Antivirus
BioAPI Framework
Block Diagrams
Block Diagrams Help
Block Diagrams Samples
Borders and Backgrounds
Borders and Backgrounds Help
Building Architecture
Building Architecture Help
Building Architecture Samples
Building Services
Building Services Help
Building Services Samples
Bullzip PDF Printer 7.2.0.1338
CAD Drawing Converter
CAD Drawing Converter Help
CAD Drawing Converter Samples
CAD Drawing Display
CAD Drawing Display Samples
Callouts and Connectors
Callouts and Connectors Help
CCleaner
CDLIB 5.1
Cisco AnyConnect Secure Mobility Client
Cisco AnyConnect Secure Mobility Client
Clip Art and Symbols
Clip Art and Symbols Help
Core FTP LE (x64)
Crystal Reports for Visual Studio
Custom
Custom Patterns
Custom Properties Editor
CyberLink PowerDVD 9.5
D3DX10
DAO
Database Wizard
Database Wizard Samples
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Client System Update
Dell ControlVault Host Components Installer 64 bit
Dell Data Protection | Access
Dell Data Protection | Access | Drivers
Dell Data Protection | Access | Middleware
Dell Edoc Viewer
Dell System Manager
Dell Touchpad
Dell Webcam Central
DellAccess
Developing Visio Solutions
Developing Visio Solutions Help
DirectX 9 Runtime
EaseUS Todo Backup Free 3.5
Easy Icon Maker
Easyset
Ekahau HeatMapper
Electrical Engineering
Electrical Engineering Help
Electrical Engineering Samples
EMBASSY Security Center
Equipment Selector
Equipment Selector Furniture Database
Equipment Selector Help
Facilities Management
Facilities Management Help
FirePlotter
Flowcharts
Flowcharts Help
Flowcharts Samples
Fluid Power
Fluid Power Help
Fluid Power Samples
Forms and Charts
Forms and Charts Help
Forms and Charts Samples
Foundation technical
Free MTS Converter
Fuji Xerox DocuWorks Viewer Light 5.0.2
Gemalto
GIMPshop 2.6.11
Google Earth Plug-in
Google Update Helper
GoToAssist Customer 1.6.0.428
GoToMeeting 5.1.0.880
Graphics Filters
GX Developer
Help for Visio 2000 (HTML Help)
Help_Technical
HiJackThis
Hotfix for Microsoft Team Foundation Server 2010 Object Model - ENU (KB2736182)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2529927)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2542054)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2548139)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2549864)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2581019)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2591016)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2635973)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2736182)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
HP Deskjet 3050 J610 series Basic Device Software
HP Deskjet 3050 J610 series Help
HP Deskjet 3050 J610 series Product Improvement Study
HP Download Manager
HP Photo Creations
HP USB Disk Storage Format Tool
HP Wireless Printer Adapter
IBM DS Storage Manager Host Software version 10.77.x5.16
IBM System i Access for Windows V6R1M0
IBMStorageManagerProfiler Server
IIS 8.0 Express
IIS Express Application Compatibility Database for x64
IIS Express Application Compatibility Database for x86
inSSIDer 2.0
Intel PROSet Wireless
Intel® Control Center
Intel® Identity Protection Technology 1.1.2.0
Intel® Management Engine Components
Intel® Network Connections 15.7.176.1
Intel® Processor Graphics
Intel® PROSet/Wireless WiFi Software
Intel® Rapid Storage Technology
IntelliAdmin 5 - Remove Viewer
iSpy
Java Auto Updater
Java™ 6 Update 27 (64-bit)
Java™ 6 Update 29
Java™ 7 Update 5
JavaFX 2.1.1
Junk Mail filter update
KEPServerEX 5
Keyport Bluetooth
Keyport Bluetooth Demo
LABELVIEW 8.50.01
LG USB Modem driver
License Use Management Runtime
Malwarebytes Anti-Malware version 1.62.0.1300
Maps
Maps Help
Maps Samples
Mechanical Engineering
Mechanical Engineering Help
Mechanical Engineering Samples
Mesh Runtime
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft ASP.NET MVC 3
Microsoft ASP.NET MVC 3 - Visual Studio 2010 Tools Update
Microsoft ASP.NET MVC 4
Microsoft ASP.NET MVC 4 - Visual Studio 2010 Tools
Microsoft ASP.NET MVC 4 Runtime
Microsoft ASP.NET Visual Studio 2010 Finalizer
Microsoft ASP.NET Visual Studio 2010 Uninstall Finalizer
Microsoft ASP.NET Web Pages
Microsoft ASP.NET Web Pages - Visual Studio 2010 Tools
Microsoft ASP.NET Web Pages 2 - Visual Studio 2010 Tools
Microsoft ASP.NET Web Pages 2 Runtime
Microsoft Corporation
Microsoft Expression Encoder 4
Microsoft Expression Encoder 4 Screen Capture Codec
Microsoft Help Viewer 1.1
Microsoft LifeCam
Microsoft NuGet for Visual Studio 2010
Microsoft ODBC .NET Data Provider
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access database engine 2007 (English)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Integration
Microsoft Office Office 64-bit Components 2007
Microsoft Office Office 64-bit Components 2010
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Visio 2010
Microsoft Office Visio MUI (English) 2010
Microsoft Office Visio Viewer 2003 (English)
Microsoft Office Word MUI (English) 2007
Microsoft Repository
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Management Objects (x64)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server 2012 Data-Tier App Framework
Microsoft SQL Server 2012 Express LocalDB
Microsoft SQL Server 2012 Management Objects
Microsoft SQL Server 2012 Management Objects (x64)
Microsoft SQL Server 2012 Native Client
Microsoft SQL Server 2012 Transact-SQL ScriptDom
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server Compact 4.0 SP1 x64 ENU CTP1
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft SQL Server System CLR Types (x64)
Microsoft Sync Framework Runtime v1.0 SP1 (x64)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services v1.0 SP1 (x64)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
Microsoft System CLR Types for SQL Server 2012
Microsoft System CLR Types for SQL Server 2012 (x64)
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft Visio 2000
Microsoft Visio 2010 Service Pack 1 (SP1)
Microsoft Visio Professional 2010
Microsoft Visual C++ Compilers 2010 Standard - enu - x64
Microsoft Visual C++ Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Office Developer Tools (x64)
Microsoft Visual Studio 2010 Professional - ENU
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio Express 2012 for Web - ENU
Microsoft Visual Studio Macro Tools
Microsoft Visual Studio Service Pack 3
Microsoft Web Deploy 3.0
Microsoft Web Platform Installer 4.0
Microsoft Web Publish - Visual Studio 2010
Microsoft Windows Media Video 9 VCM
Mozilla Firefox 17.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MySQL Connector/ODBC 3.51
MySQL Connector/ODBC 5.1
Network Diagrams
Network Diagrams Help
Network Diagrams Samples
NTRU TCG Software Stack
NVIDIA 3D Vision Driver 268.83
NVIDIA Control Panel 268.83
NVIDIA Graphics Driver 268.83
NVIDIA HD Audio Driver 1.2.23.3
NVIDIA Install Application
NVIDIA nView 135.85
NVIDIA nView Desktop Manager
NVIDIA Optimus 1.0.23
NVIDIA Stereoscopic 3D Driver
NVIDIA Update Components
O2Micro Flash Memory Card Windows Driver
OCS Inventory NG Agent 2.0.2.0
OCS Inventory NG Agent Deployment Tool 2.0.2.0
Office Layout
Office Layout Help
Office Layout Samples
Online Documentation
OPC Core Components Redistributable (x64) 105.0
OPC UA SDK 1.01 COM Interop Components Redistributables
OPCData-Classic 5.12 Build 1307.1
Oracle VM VirtualBox 4.1.12
Organization Charts
Organization Charts Help
Organization Charts Samples
Page Layout Wizard
Paint Shop Pro 7 Anniversary Edition
PC-CCID
Performance Navigator 15
PhotoShowExpress
PowerISO
Preboot Manager
Presentation To Video Converter
Print ShapeSheet
Private Information Manager
Process Engineering
Process Engineering Help
Process Engineering Samples
Program Files
Program Files Help
Program Files Technical
Project Schedules
Project Schedules Help
Project Schedules Samples
Property Reporting Wizard
QuickTime
RBVirtualFolder64Inst
Release Notes Technical
Rise of Flight
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Sample Drawings
SAP Crystal Reports runtime engine for .NET Framework 4 (64-bit)
SAP Crystal Reports, version for Visual Studio 2010
Save as HTML
Security Update for Microsoft .NET Framework 4.5 (KB2729460)
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2597171) 32-Bit Edition
Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2645410)
Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit)
Shape Explorer
Shape Explorer Help
Shrew Soft VPN Client
Skype Click to Call
Skype™ 5.10
SmartShape Wizard
Solarsoft for Manufacturing (172.16.1.51)
Solutions
Sonic CinePlayer Decoder Pack
SPBA 5.9
Spybot - Search & Destroy
Sql Server Customer Experience Improvement Program
Stellar Phoenix Outlook PST Repair
Stencil Report Wizard
TightVNC 2.0.4
Trusted Drive Manager
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Upek Touchchip Fingerprint Reader
VBA
Vhd Resizer
Video Grabber Device Driver
Visio
Visio Core Files
Visio Technical Core Files
Visual Studio 2010 Prerequisites - English
Visual Studio 2010 SP1 Tools for SQL Server Compact 4.0 ENU
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VMware OVF Tool
VMware Virtual Disk Development Kit
VMware vSphere Client 4.0
VMware vSphere Host Update Utility 4.0
Wave Infrastructure Installer
Wave Support Software Installer
WaveDeploy by Ixia 2.0.0
WCF RIA Services V1.0 SP1
Web Deployment Tool
WIDCOMM Bluetooth Software
Winamp
Windows 7 USB/DVD Download Tool
Windows Azure Authoring Tools - June 2012 Release
Windows Azure Emulator - June 2012 Release
Windows Azure Libraries for .NET 1.7 – June 2012
Windows Azure Tools for Microsoft Visual Studio 2010 - June 2012 SP1
Windows Azure Tools for Microsoft Visual Studio 2010 Core
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Mobile Device Updater Component
Windows Password Breaker Professional Trial
WinMerge 2.12.4
WinMount V3.4.1020
Xirrus Wi-Fi Inspector
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== Event Viewer Messages From Past Week ========
.
11/30/2012 9:39:01 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
11/30/2012 9:37:58 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: UimBus Uim_IM
11/30/2012 9:37:41 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Web Deployment Agent Service service to connect.
11/30/2012 9:37:41 AM, Error: Service Control Manager [7000] - The Web Deployment Agent Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/30/2012 9:37:21 AM, Error: Service Control Manager [7000] - The DriverX service failed to start due to the following error: This driver has been blocked from loading
11/30/2012 9:37:21 AM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\DriverX.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
11/30/2012 9:37:20 AM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.36 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
11/30/2012 8:28:11 AM, Error: Service Control Manager [7031] - The TightVNC Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
11/30/2012 8:28:11 AM, Error: Service Control Manager [7031] - The Cisco AnyConnect Secure Mobility Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
.
==== End Of File ===========================


DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.5.1
Run by rbadgett at 9:54:13 on 2012-11-30
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8149.5433 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\crypserv.exe
c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
C:\Windows\system32\hasplms.exe
C:\Program Files\ShrewSoft\VPN Client\iked.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\Kepware\KEPServerEX 5\server_eventlog.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\IBM_DS\IBMStorageManagerProfiler Server\mysql\bin\mysqld-nt.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\DRIVERS\o2flash.exe
c:\Windows\SysWOW64\srvany.exe
C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe
c:\Windows\sysWOW64\SDIOAssist.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\IBM_DS\client\monitor\SMmonitor.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\TightVNC\tvnserver.exe
C:\Program Files (x86)\Common Files\OPC Foundation\UA\v1.0\Bin\Opc.Ua.ComServerWrapper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\OPC Foundation\UA\v1.0\Bin\Opc.Ua.DiscoveryServer.exe
C:\Program Files (x86)\VeriWave\WaveDeploy\lmgrd.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files (x86)\VeriWave\WaveDeploy\lmgrd.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\IBM_DS\IBMStorageManagerProfiler Server\webapps\ROOT\bin\IBMStorageManagerProfilerCollector.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\IBM_DS\IBMStorageManagerProfiler Server\webapps\ROOT\bin\IBMStorageManagerProfilerEventReceiver.exe
C:\Program Files (x86)\IBM_DS\IBMStorageManagerProfiler Server\webapps\ROOT\bin\IBMStorageManagerProfilerMaintenance.exe
C:\Program Files (x86)\IBM_DS\IBMStorageManagerProfiler Server\webapps\ROOT\bin\IBMStorageManagerProfilerPoller.exe
C:\Program Files (x86)\IBM_DS\IBMStorageManagerProfiler Server\bin\tomcat5.exe
C:\Program Files (x86)\Kepware\KEPServerEX 5\server_runtime.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\SysWOW64\OpcEnum.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Kepware\KEPServerEX 5\xi_wrapper\xi_server_runtime.exe
C:\Program Files (x86)\IBM_DS\IBMStorageManagerProfiler Server\agent\systemic\mod.sys.perf.typeperf.TypePerf_1.0\ttWmiPerf.exe
C:\Windows\sysWOW64\wbem\WmiPrvSE.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Kepware\KEPServerEX 5\server_admin.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\TightVNC\tvnserver.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_4_402_287_ActiveX.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\TightVNC\vncviewer.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.toyotomi.tac/
uProxyServer = tacdmudd:8080
uProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [Client Access Service] C:\Program Files (x86)\IBM\Client Access\cwbsvstr.exe
mRun: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: ForceStartMenuLogOff = dword:1
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoWelcomeScreen = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-System: LogonType = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: windowsupdate.com
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://taciisapp:4343/officescan/console/ClientInstall/WinNTChk.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} - hxxps://taciisapp:4343/officescan/console/ClientInstall/setupini.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://taciisapp:4343/officescan/console/ClientInstall/setup.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} - hxxps://secure.logmein.com/activex/RACtrl.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://173.190.82.242/CACHE/stc/1/binaries/vpnweb.cab
DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} - hxxps://taciisapp:4343/officescan/console/ClientInstall/RemoveCtrl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {89A32C64-6176-4D10-BCA3-10B0079818FA} - hxxps://mail.toyotomi.tac:3443/webconsole/RIMWebComponents.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {9BBB3919-F518-4D06-8209-299FC243FC44} - hxxps://taciisapp:4343/SMB/console/html/root/AtxEnc.cab
DPF: {9DCD8EB7-E925-45C9-9321-8CA843FBEDCC} - hxxps://taciisapp:4343/SMB/console/html/root/AtxConsole.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=972
TCP: NameServer = 172.16.3.53 172.16.1.56
TCP: Interfaces\{228E463B-26FF-448F-9F17-3B4895C608DC} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{28481879-9DAD-4A11-9457-F7F52996C39F} : DHCPNameServer = 172.16.3.53 172.16.1.56
TCP: Interfaces\{6120810D-C5C6-413E-9E24-7DA00299F26F} : NameServer = 172.16.3.53
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist Express Customer - C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\428\g2ax_winlogonx64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Rbadgett\AppData\Roaming\Mozilla\Firefox\Profiles\x1sf4j87.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.toyotomi.tac
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Rbadgett\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\Rbadgett\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - ExtSQL: 2012-11-29 15:50; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 EUBAKUP;EUBAKUP;C:\Windows\System32\drivers\eubakup.sys [2011-11-8 44680]
R0 EUBKMON;EUBKMON;C:\Windows\System32\drivers\EUBKMON.sys [2011-11-8 50312]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2011-9-24 25960]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-9-24 55856]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2011-9-24 21616]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-11-29 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-11-29 370288]
R1 EUDSKACS;EUDSKACS;C:\Windows\System32\drivers\eudskacs.sys [2011-11-8 19592]
R1 EUFDDISK;EUFDDISK;C:\Windows\System32\drivers\EuFdDisk.sys [2011-11-8 189576]
R1 vflt;Shrew Soft Lightweight Filter;C:\Windows\System32\drivers\vfilter.sys [2010-9-2 21504]
R1 WMDrive;WMDrive;C:\Windows\SysWOW64\drivers\WMDrive.sys [2011-11-9 92536]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-9-24 89600]
R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2011-11-24 78208]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-11-29 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-11-29 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-29 44808]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-8 104912]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2011-5-13 1043872]
R2 Credential Vault Host Storage;Credential Vault Host Storage;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2011-5-13 36768]
R2 dcpsysmgrsvc;Dell System Manager Service;C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-1-20 517488]
R2 dtpd;ShrewSoft DNS Proxy Daemon;C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service --> C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service [?]
R2 EaseUS Agent;EaseUS Agent;C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2011-11-8 60552]
R2 EkaProt6;Ekahau User Protocol Driver for NDIS 6;C:\Windows\System32\drivers\ekaprot6.sys [2011-1-31 27288]
R2 hasplms;HASP License Manager;C:\Windows\System32\hasplms.exe -run --> C:\Windows\System32\hasplms.exe -run [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-24 13336]
R2 IBMStorageManagerProfilerCollector;IBMStorageManagerProfilerCollector;C:\Program Files (x86)\IBM_DS\IBMStorageManagerProfiler Server\webapps\ROOT\bin\IBMStorageManagerProfilerCollector.exe [2011-11-14 94720]
R2 IBMStorageManagerProfilerEventReceiver;IBMStorageManagerProfilerEventReceiver;C:\Program Files (x86)\IBM_DS\IBMStorageManagerProfiler Server\webapps\ROOT\bin\IBMStorageManagerProfilerEventReceiver.exe [2011-11-14 94720]
R2 IBMStorageManagerProfilerMaintenance;IBMStorageManagerProfilerMaintenance;C:\Program Files (x86)\IBM_DS\IBMStorageManagerProfiler Server\webapps\ROOT\bin\IBMStorageManagerProfilerMaintenance.exe [2011-11-14 94720]
R2 IBMStorageManagerProfilerPoller;IBMStorageManagerProfilerPoller;C:\Program Files (x86)\IBM_DS\IBMStorageManagerProfiler Server\webapps\ROOT\bin\IBMStorageManagerProfilerPoller.exe [2011-11-14 94720]
R2 IBMStorageManagerProfilerWebServer;IBMStorageManagerProfilerWebServer;C:\Program Files (x86)\IBM_DS\IBMStorageManagerProfiler Server\bin\tomcat5.exe [2011-11-14 57344]
R2 iked;ShrewSoft IKE Daemon;C:\Program Files\ShrewSoft\VPN Client\iked.exe -service --> C:\Program Files\ShrewSoft\VPN Client\iked.exe -service [?]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2011-9-24 165032]
R2 ipsecd;ShrewSoft IPSEC Daemon;C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service --> C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service [?]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 KEPServerEXLoggerV5;KEPServerEX 5.6 Event Logger;C:\Program Files (x86)\Kepware\KEPServerEX 5\server_eventlog.exe [2011-7-21 107776]
R2 KEPServerEXV5;KEPServerEX 5.6 Runtime;C:\Program Files (x86)\Kepware\KEPServerEX 5\server_runtime.exe [2011-7-21 183552]
R2 O2SDIOAssist;O2SDIOAssist;C:\Windows\SysWOW64\srvany.exe [2011-9-24 8192]
R2 OCS Inventory Service;OCS Inventory Service;C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe [2011-10-18 35840]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304]
R2 SMmonitor;IBM DS Storage Manager 10 Event Monitor;C:\Program Files (x86)\IBM_DS\client\monitor\SMmonitor.exe [2011-11-14 69632]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-6-5 378472]
R2 tvnserver;TightVNC Server;C:\Program Files (x86)\TightVNC\tvnserver.exe [2011-8-3 828944]
R2 UA COM Server Wrapper;UA COM Server Wrapper;C:\Program Files (x86)\Common Files\OPC Foundation\UA\v1.0\Bin\Opc.Ua.ComServerWrapper.exe [2012-4-7 25088]
R2 UA Local Discovery Server;UA Local Discovery Server;C:\Program Files (x86)\Common Files\OPC Foundation\UA\v1.0\Bin\Opc.Ua.DiscoveryServer.exe [2012-4-7 28160]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-24 2656280]
R2 VeriWave FLEXnet License Manager;VeriWave FLEXnet License Manager;C:\Program Files (x86)\VeriWave\WaveDeploy\lmgrd.exe [2012-3-13 1122568]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-10-17 544248]
R2 vstor2-mntapi10;Vstor2 vix Disk Tools Virtual Storage Driver;C:\Program Files (x86)\VMware\VMware Virtual Disk Development Kit\bin\vstor2-mntapi10.sys [2009-11-3 32816]
R2 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-7-1 1600000]
R2 ZcfgSvc7;Intel® PROSet/Wireless ZeroConfig Service;C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [2010-12-23 992256]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2011-9-24 27760]
R3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2011-9-24 349736]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-9-24 39464]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-9-24 172960]
R3 cvusbdrv;Dell ControlVault;C:\Windows\System32\drivers\cvusbdrv.sys [2011-5-10 38504]
R3 EZSocketGOT;EZSocketGOT;C:\Windows\System32\drivers\EZSocketGOT.sys [2011-10-31 254976]
R3 hpnuhst;HP NUSB Host;C:\Windows\System32\drivers\hpnuhst.sys [2011-11-1 16384]
R3 HPNUHUB;HP NUSB Hub;C:\Windows\System32\drivers\hpnuhub.sys [2011-11-1 40448]
R3 KEPServerEXV5_OPCNET;KEPServerEX 5.6 OPC .NET;C:\Program Files (x86)\Kepware\KEPServerEX 5\xi_wrapper\xi_server_runtime.exe [2011-7-21 15616]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-10-12 50072]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-9-24 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-9-24 181248]
R3 O2MDRRDR;O2MDRRDR;C:\Windows\System32\drivers\O2MDRw7x64.sys [2011-9-24 74984]
R3 O2SDJRDR;O2SDJRDR;C:\Windows\System32\drivers\o2sdjw7x64.sys [2011-9-24 83560]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2012-7-18 80448]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2012-10-17 107432]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\428\g2ax_service.exe [2012-8-13 609720]
S3 Guard Agent;Guard Agent;C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2011-11-8 23176]
S3 HPWPAUSB;Wireless Printer Adapter;C:\Windows\System32\drivers\HPWPAUSB.sys [2011-11-1 24576]
S3 IBM LUM NDL;IBM Nodelock License Server;C:\IFOR\WIN\BIN\i4llmd.exe [2004-7-23 24576]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-9-24 158976]
S3 KEPServerEXKeySvcV5;KEPServerEX 5.6 Key Service;C:\Program Files (x86)\Kepware\KEPServerEX 5\keysvc.exe [2011-7-21 32512]
S3 LeapFrog-USBLAN;LeapFrog-USBLAN;C:\Windows\System32\drivers\btblan.sys [2009-10-9 40320]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-1-29 36720]
S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]
S3 O2MDFRDR;O2MDFRDR;C:\Windows\System32\drivers\o2mdfw7x64.sys [2011-9-24 72808]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-31 19456]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-27 1103392]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-27 1369624]
S3 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-27 168384]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-31 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-10-31 30208]
S3 UsbGps;LGE CDMA USB GPS NMEA Port;C:\Windows\System32\drivers\lgx64gps.sys [2012-6-18 27136]
S3 vnet;Shrew Soft Virtual Adapter;C:\Windows\System32\drivers\virtualnet.sys [2010-9-2 17408]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-2 1255736]
S4 IBM LUM CR;IBM Central Registry License Server;C:\IFOR\WIN\BIN\i4gdb.exe [2004-7-23 24576]
S4 IBM LUM LMD;IBM Network License Server;C:\IFOR\WIN\BIN\i4lmd.exe [2004-7-23 24576]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile="C:\Windows\notepad.exe" "%1"
FileExt: .vbs: VBSFile=C:\Windows\System32\WScript.exe "%1" %* [UserChoice]
.
=============== Created Last 30 ================
.
2012-11-30 14:48:04 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FE4F7CA7-FF8D-48AE-973E-B69B28A5A6B1}\offreg.dll
2012-11-30 14:42:05 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FE4F7CA7-FF8D-48AE-973E-B69B28A5A6B1}\mpengine.dll
2012-11-30 13:28:11 -------- d-----w- C:\_OTL
2012-11-30 13:06:18 -------- d-----w- C:\Windows\ERUNT
2012-11-30 13:06:15 -------- d-----w- C:\JRT
2012-11-30 12:23:40 -------- d-----w- C:\Windows\SysWow64\wbem\Performance
2012-11-30 12:19:58 290304 ----a-w- C:\subinacl.exe
2012-11-30 12:16:45 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-11-29 23:42:23 -------- d-----w- C:\Users\Rbadgett\AppData\Local\Macromedia
2012-11-29 21:35:20 -------- d-sh--w- C:\$RECYCLE.BIN
2012-11-29 20:48:10 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-11-29 20:48:10 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-11-29 20:48:10 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-11-29 20:48:01 41224 ----a-w- C:\Windows\avastSS.scr
2012-11-29 20:47:53 -------- d-----w- C:\ProgramData\AVAST Software
2012-11-29 20:47:53 -------- d-----w- C:\Program Files\AVAST Software
2012-11-29 16:27:35 1129472 ----a-w- C:\wininet.dll
2012-11-29 16:02:54 1129472 ----a-w- C:\Windows\wininet.dll
2012-11-29 15:57:04 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-29 15:57:04 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-29 15:57:04 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-29 15:57:04 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-29 15:54:46 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-29 15:54:46 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-29 15:54:46 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-29 15:54:45 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-29 15:54:45 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-29 15:54:45 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-29 15:54:45 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-29 15:50:49 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-11-29 15:50:49 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-11-29 15:21:54 -------- d-----w- C:\Program Files (x86)\Hand-Crafted Software
2012-11-29 14:20:14 98816 ----a-w- C:\Windows\sed.exe
2012-11-29 14:20:14 256000 ----a-w- C:\Windows\PEV.exe
2012-11-29 14:20:14 208896 ----a-w- C:\Windows\MBR.exe
2012-11-28 19:31:36 167696 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2012-11-28 18:50:08 -------- d-----w- C:\Users\Rbadgett\AppData\Roaming\QuickScan
2012-11-28 17:26:24 -------- d-----w- C:\Program Files (x86)\PC HealthBoost
2012-11-28 16:44:25 -------- d-----w- C:\HAHA
2012-11-28 15:41:01 -------- d-----w- C:\Windows\softwaredistribution.bak
2012-11-28 15:36:16 -------- d-----w- C:\Windows\System32\catroot2
2012-11-28 10:57:46 -------- d-----w- C:\ProgramData\RegInOut
2012-11-28 10:57:43 -------- d-----w- C:\Windows\RegInOut System Utilities
2012-11-28 02:26:53 -------- d-----w- C:\Program Files\HitmanPro
2012-11-28 01:57:51 -------- d-----w- C:\ProgramData\HitmanPro
2012-11-28 01:12:38 -------- d-----w- C:\Program Files\CCleaner
2012-11-27 22:36:08 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-11-27 22:35:57 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2012-11-27 22:35:50 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-11-27 21:07:13 388096 ----a-r- C:\Users\Rbadgett\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-11-27 20:23:28 -------- d-----w- C:\ProgramData\Sophos
2012-11-27 20:23:23 -------- d-----w- C:\Program Files (x86)\Sophos
2012-11-19 20:01:35 -------- d-----w- C:\Users\Rbadgett\AppData\Local\IsolatedStorage
2012-11-15 19:53:35 -------- d-----w- C:\Users\Rbadgett\Download
2012-11-12 13:39:48 -------- d-----w- C:\Users\Rbadgett\AppData\Roaming\Oweha
2012-11-12 13:39:48 -------- d-----w- C:\Users\Rbadgett\AppData\Roaming\Deasbe
2012-11-12 13:39:48 -------- d-----w- C:\Users\Rbadgett\AppData\Roaming\Bewuo
2012-11-02 11:28:34 -------- d-----w- C:\Program Files (x86)\Xirrus
2012-11-02 11:27:49 -------- d-----w- C:\Users\Rbadgett\AppData\Roaming\Xirrus
.
==================== Find3M ====================
.
2012-11-29 12:55:02 40119 ----a-w- C:\Users\Rbadgett\advanced_ip_scanner_Favorites.bin
2012-11-29 12:55:02 23264 ----a-w- C:\Users\Rbadgett\advanced_ip_scanner_MAC.bin
2012-10-31 11:11:30 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-31 11:11:30 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-17 15:30:08 10744 ----a-w- C:\Windows\SysWow64\vpncategories.dll
2012-10-17 15:30:06 33784 ----a-w- C:\Windows\SysWow64\vpnevents.dll
2012-10-17 15:13:38 27048 ----a-w- C:\Windows\System32\drivers\vpnva64.sys
2012-10-17 15:11:38 107432 ----a-r- C:\Windows\System32\drivers\acsock64.sys
2012-10-16 17:16:33 4 ----a-w- C:\Windows\SysWow64\drivers\shfldol.sys
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 9:54:26.15 ===============

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:47 PM

Posted 30 November 2012 - 10:26 AM

Hello


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 btr03

btr03
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 30 November 2012 - 11:02 AM

Here is a copy of the roguekiller log, I am unable to get a log from adwcleaner as it is trying to save to the u:\ drive instead of c:\. I have no environmental variables point to U:\

RogueKiller V8.3.1 [Nov 29 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : rbadgett [Admin rights]
Mode : Remove -- Date : 11/30/2012 10:59:54

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (tacdmudd:8080) -> NOT REMOVED, USE PROXYFIX
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> NOT REMOVED, USE PROXYFIX
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{6120810D-C5C6-413E-9E24-7DA00299F26F} : NameServer (172.16.3.53) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{6120810D-C5C6-413E-9E24-7DA00299F26F} : NameServer (172.16.3.53) -> NOT REMOVED, USE DNSFIX
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

˙ž1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG SSD PM810 2.5" 7 +++++
--- User ---
[MBR] 502c1a9271260acb40720f7055e68e27
[BSP] 11dfa1000ffefb54bb0762243eb7ee67 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 752 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1622016 | Size: 121308 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_11302012_02d1059.txt >>
RKreport[1]_S_11302012_02d1059.txt ; RKreport[2]_D_11302012_02d1059.txt

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:47 PM

Posted 30 November 2012 - 11:13 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 btr03

btr03
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 30 November 2012 - 11:18 AM

Copy of the combofix log.

ComboFix 12-11-29.02 - Rbadgett 11/29/2012 15:41:41.3.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8149.5197 [GMT -5:00]
Running from: c:\users\Rbadgett\Desktop\ComboFix.exe
Command switches used :: uninstall
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-29 )))))))))))))))))))))))))))))))
.
.
2012-11-29 20:44 . 2012-11-29 20:44 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-11-29 20:44 . 2012-11-29 20:44 -------- d-----w- c:\users\test\AppData\Local\temp
2012-11-29 20:44 . 2012-11-29 20:44 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-11-29 20:44 . 2012-11-29 20:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-29 20:44 . 2012-11-29 20:44 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2012-11-29 19:30 . 2012-11-29 19:30 -------- d-----w- c:\program files (x86)\ESET
2012-11-29 16:27 . 2012-11-28 12:45 1129472 ----a-w- C:\wininet.dll
2012-11-29 16:02 . 2012-10-08 07:48 1129472 ----a-w- c:\windows\wininet.dll
2012-11-29 16:02 . 2012-11-29 19:48 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF41A985-A3B1-400E-BBEC-01FC2AA520FC}\offreg.dll
2012-11-29 15:58 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF41A985-A3B1-400E-BBEC-01FC2AA520FC}\mpengine.dll
2012-11-29 15:57 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-29 15:57 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-29 15:57 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-29 15:57 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-29 15:54 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-29 15:54 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-29 15:54 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-29 15:54 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-29 15:54 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-29 15:54 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-29 15:54 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-29 15:50 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-29 15:50 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-29 15:21 . 2012-11-29 15:21 -------- d-----w- c:\program files (x86)\Hand-Crafted Software
2012-11-28 19:31 . 2012-11-28 19:31 167696 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-11-28 18:50 . 2012-11-29 14:05 -------- d-----w- c:\users\Rbadgett\AppData\Roaming\QuickScan
2012-11-28 17:26 . 2012-11-28 19:37 -------- d-----w- c:\program files (x86)\PC HealthBoost
2012-11-28 16:44 . 2012-11-28 16:44 -------- d-----w- C:\HAHA
2012-11-28 16:10 . 2012-11-28 16:10 -------- d-----w- c:\users\Rbadgett\AppData\Local\Mozilla
2012-11-28 16:10 . 2012-11-28 16:10 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-11-28 15:41 . 2012-11-29 15:54 -------- d-----w- c:\windows\softwaredistribution.bak
2012-11-28 15:36 . 2012-11-29 15:57 -------- d-----w- c:\windows\system32\catroot2
2012-11-28 10:57 . 2012-11-28 10:57 -------- d-----w- c:\programdata\RegInOut
2012-11-28 10:57 . 2012-11-28 10:57 -------- d-----w- c:\windows\RegInOut System Utilities
2012-11-28 02:26 . 2012-11-28 02:26 -------- d-----w- c:\program files\HitmanPro
2012-11-28 01:57 . 2012-11-28 01:58 -------- d-----w- c:\programdata\HitmanPro
2012-11-28 01:12 . 2012-11-28 01:12 -------- d-----w- c:\program files\CCleaner
2012-11-27 22:36 . 2012-11-28 19:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-11-27 22:35 . 2009-01-25 17:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2012-11-27 22:35 . 2012-11-27 22:36 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2012-11-27 21:49 . 2012-11-27 21:49 -------- d-----w- c:\users\test\AppData\Roaming\WinMount
2012-11-27 21:42 . 2012-11-27 21:42 -------- d-----w- c:\users\test\AppData\Roaming\IBM
2012-11-27 21:42 . 2012-11-27 21:42 -------- d-----r- c:\users\test\Virtual Machines
2012-11-27 21:42 . 2012-11-27 21:42 -------- d-----r- c:\users\test\Podcasts
2012-11-27 21:07 . 2012-11-27 21:07 388096 ----a-r- c:\users\Rbadgett\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-11-27 20:23 . 2012-11-27 20:23 -------- d-----w- c:\programdata\Sophos
2012-11-27 20:23 . 2012-11-27 20:23 -------- d-----w- c:\program files (x86)\Sophos
2012-11-19 20:01 . 2012-11-19 20:01 -------- d-----w- c:\users\Rbadgett\AppData\Local\IsolatedStorage
2012-11-15 19:53 . 2012-11-15 19:53 -------- d-----w- c:\users\Rbadgett\Download
2012-11-12 13:39 . 2012-11-28 01:37 -------- d-----w- c:\users\Rbadgett\AppData\Roaming\Oweha
2012-11-12 13:39 . 2012-11-27 21:21 -------- d-----w- c:\users\Rbadgett\AppData\Roaming\Bewuo
2012-11-12 13:39 . 2012-11-12 13:39 -------- d-----w- c:\users\Rbadgett\AppData\Roaming\Deasbe
2012-11-02 11:28 . 2012-11-02 11:28 -------- d-----w- c:\program files (x86)\Xirrus
2012-11-02 11:27 . 2012-11-02 11:27 -------- d-----w- c:\users\Rbadgett\AppData\Roaming\Xirrus
2012-10-31 11:46 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-10-31 11:46 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-10-31 11:46 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2012-10-31 11:46 . 2012-08-24 18:04 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-10-31 11:46 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-10-31 11:46 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-10-31 11:46 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-10-31 11:46 . 2012-08-24 16:57 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-10-31 11:46 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-10-31 11:46 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-10-31 11:46 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-29 12:55 . 2012-05-01 11:46 40119 ----a-w- c:\users\Rbadgett\advanced_ip_scanner_Favorites.bin
2012-11-29 12:55 . 2011-10-19 14:14 23264 ----a-w- c:\users\Rbadgett\advanced_ip_scanner_MAC.bin
2012-11-14 21:56 . 2012-01-17 16:06 134456 ----a-w- c:\windows\SysWow64\atashost.exe
2012-11-14 21:56 . 2012-01-17 16:06 217400 ----a-w- c:\windows\SysWow64\atsckernel.exe
2012-10-31 11:11 . 2012-06-22 10:58 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-31 11:11 . 2011-09-25 01:54 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-30 02:04 . 2011-10-03 01:26 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-17 15:30 . 2012-10-17 15:30 10744 ----a-w- c:\windows\SysWow64\vpncategories.dll
2012-10-17 15:30 . 2012-10-17 15:30 33784 ----a-w- c:\windows\SysWow64\vpnevents.dll
2012-10-17 15:13 . 2010-05-06 01:46 27048 ----a-w- c:\windows\system32\drivers\vpnva64.sys
2012-10-17 15:11 . 2012-10-17 15:11 107432 ----a-r- c:\windows\system32\drivers\acsock64.sys
2012-10-16 17:16 . 2012-10-16 17:16 4 ----a-w- c:\windows\SysWow64\drivers\shfldol.sys
2012-10-16 08:38 . 2012-11-29 15:51 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-29 15:51 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-29 15:51 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-11 13:23 . 2011-09-30 17:24 2454464 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-09-14 19:19 . 2012-10-10 19:30 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 19:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17420464]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"Client Access Service"="c:\program files (x86)\IBM\Client Access\cwbsvstr.exe" [2009-12-08 14848]
"tvncontrol"="c:\program files (x86)\TightVNC\tvnserver.exe" [2011-08-03 828944]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\Rbadgett\Downloads\mbar-1.01.0.1009\mbar\mbar.exe" [2012-11-08 1341800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-2-8 1136928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
"LogonType"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 DriverX;DriverX;c:\windows\System32\Drivers\DriverX.sys [x]
R2 EaseUS Agent;EaseUS Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2011-10-22 60552]
R2 IBMStorageManagerProfilerCollector;IBMStorageManagerProfilerCollector;c:\program files (x86)\IBM_DS\IBMStorageManagerProfiler Server\webapps\ROOT\bin\IBMStorageManagerProfilerCollector.exe [2010-12-16 94720]
R2 IBMStorageManagerProfilerEventReceiver;IBMStorageManagerProfilerEventReceiver;c:\program files (x86)\IBM_DS\IBMStorageManagerProfiler Server\webapps\ROOT\bin\IBMStorageManagerProfilerEventReceiver.exe [2010-12-16 94720]
R2 IBMStorageManagerProfilerMaintenance;IBMStorageManagerProfilerMaintenance;c:\program files (x86)\IBM_DS\IBMStorageManagerProfiler Server\webapps\ROOT\bin\IBMStorageManagerProfilerMaintenance.exe [2010-12-16 94720]
R2 IBMStorageManagerProfilerPoller;IBMStorageManagerProfilerPoller;c:\program files (x86)\IBM_DS\IBMStorageManagerProfiler Server\webapps\ROOT\bin\IBMStorageManagerProfilerPoller.exe [2010-12-16 94720]
R2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2012-07-18 80448]
R2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe [2003-04-19 8192]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 SMmonitor;IBM DS Storage Manager 10 Event Monitor;c:\program files (x86)\IBM_DS\client\monitor\SMmonitor.exe [2011-03-18 69632]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2012-10-17 107432]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;c:\program files (x86)\Citrix\GoToAssist Remote Support Customer\428\g2ax_service.exe Start=service [x]
R3 Guard Agent;Guard Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2011-10-22 23176]
R3 HPWPAUSB;Wireless Printer Adapter;c:\windows\system32\Drivers\HPWPAUSB.sys [2007-08-24 24576]
R3 IBM LUM NDL;IBM Nodelock License Server;c:\ifor\WIN\BIN\I4LLMD.EXE [2004-07-23 24576]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 KEPServerEXKeySvcV5;KEPServerEX 5.6 Key Service;c:\program files (x86)\Kepware\KEPServerEX 5\keysvc.exe [2011-07-21 32512]
R3 LeapFrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [2009-10-10 40320]
R3 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-01-29 36720]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys [2011-01-03 72808]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 UsbGps;LGE CDMA USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgx64gps.sys [2008-11-11 27136]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-04-03 147248]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2010-09-02 17408]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-03 1255736]
R4 IBM LUM CR;IBM Central Registry License Server;c:\ifor\WIN\BIN\I4GDB.EXE [2004-07-23 24576]
R4 IBM LUM LMD;IBM Network License Server;c:\ifor\WIN\BIN\I4LMD.EXE [2004-07-23 24576]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-10-22 44680]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-10-22 50312]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-06-05 25960]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-10-22 19592]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2011-10-22 189576]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-04-03 224048]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-04-03 130864]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2010-09-02 21504]
S1 WMDrive;WMDrive;c:\windows\SysWOW64\drivers\WMDrive.sys [2011-11-09 92536]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [2011-11-24 78208]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2012-11-14 134456]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-09 123856]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2011-05-13 1043872]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2011-05-13 36768]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-01-20 517488]
S2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2010-10-08 56592]
S2 EkaProt6;Ekahau User Protocol Driver for NDIS 6;c:\windows\system32\DRIVERS\ekaprot6.sys [2011-01-31 27288]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 IBMStorageManagerProfilerWebServer;IBMStorageManagerProfilerWebServer;C:/Program Files (x86)/IBM_DS/IBMStorageManagerProfiler Server\bin\tomcat5.exe [2010-12-16 57344]
S2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2010-10-08 957712]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-09-22 165032]
S2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2010-10-08 697616]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 KEPServerEXLoggerV5;KEPServerEX 5.6 Event Logger;c:\program files (x86)\Kepware\KEPServerEX 5\server_eventlog.exe [2011-07-21 107776]
S2 KEPServerEXV5;KEPServerEX 5.6 Runtime;c:\program files (x86)\Kepware\KEPServerEX 5\server_runtime.exe [2011-07-21 183552]
S2 OCS Inventory Service;OCS Inventory Service;c:\program files (x86)\OCS Inventory Agent\OcsService.exe [2011-10-18 35840]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-06-05 378472]
S2 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe [2011-08-03 828944]
S2 UA COM Server Wrapper;UA COM Server Wrapper;c:\program files (x86)\Common Files\OPC Foundation\UA\v1.0\Bin\Opc.Ua.ComServerWrapper.exe [2012-04-07 25088]
S2 UA Local Discovery Server;UA Local Discovery Server;c:\program files (x86)\Common Files\OPC Foundation\UA\v1.0\Bin\Opc.Ua.DiscoveryServer.exe [2012-04-07 28160]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S2 VeriWave FLEXnet License Manager;VeriWave FLEXnet License Manager;c:\program files (x86)\VeriWave\WaveDeploy\lmgrd.exe [2011-10-29 1122568]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-10-17 544248]
S2 vstor2-mntapi10;Vstor2 vix Disk Tools Virtual Storage Driver;c:\program files (x86)\VMware\VMware Virtual Disk Development Kit\bin\vstor2-mntapi10.sys [2009-11-03 32816]
S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-07-01 1600000]
S2 ZcfgSvc7;Intel® PROSet/Wireless ZeroConfig Service;c:\program files\Intel\WiFi\bin\ZCfgSvc7.exe [2010-12-23 992256]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-09-25 349736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-09-25 39464]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 172960]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2011-05-10 38504]
S3 EZSocketGOT;EZSocketGOT;c:\windows\system32\drivers\EZSocketGOT.sys [2010-09-01 254976]
S3 hpnuhst;HP NUSB Host;c:\windows\system32\DRIVERS\hpnuhst.sys [2007-03-27 16384]
S3 HPNUHUB;HP NUSB Hub;c:\windows\system32\DRIVERS\hpnuhub.sys [2007-10-31 40448]
S3 KEPServerEXV5_OPCNET;KEPServerEX 5.6 OPC .NET;c:\program files (x86)\Kepware\KEPServerEX 5\xi_wrapper\xi_server_runtime.exe [2011-07-21 15616]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-10-12 50072]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys [2011-01-03 74984]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [2011-03-23 83560]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-04-03 166192]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 87582328
*Deregistered* - 87582328
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 11:11]
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 13:20]
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 13:20]
.
2012-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-218761030-497745839-2555276940-5306Core.job
- c:\users\Rbadgett\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-28 22:05]
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-218761030-497745839-2555276940-5306UA.job
- c:\users\Rbadgett\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-28 22:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-05-27 22:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MountOverlayIcon]
@="{0F49CF41-FD97-4942-9F2A-35E8B489E7FB}"
[HKEY_CLASSES_ROOT\CLSID\{0F49CF41-FD97-4942-9F2A-35E8B489E7FB}]
2010-10-21 15:41 308736 ----a-w- c:\program files\WinMount\WinMTExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-05-27 22:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-05 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-07 525312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 416024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.toyotomi.tac/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = tacdmudd:8080
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: airtriq.jp\dc1
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\fullproduct.download
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www
Trusted Zone: windowsupdate.com
TCP: DhcpNameServer = 172.16.3.53 172.16.1.56
TCP: Interfaces\{6120810D-C5C6-413E-9E24-7DA00299F26F}: NameServer = 172.16.3.53
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://173.190.82.242/CACHE/stc/1/binaries/vpnweb.cab
DPF: {89A32C64-6176-4D10-BCA3-10B0079818FA} - hxxps://mail.toyotomi.tac:3443/webconsole/RIMWebComponents.cab
DPF: {9BBB3919-F518-4D06-8209-299FC243FC44} - hxxps://taciisapp:4343/SMB/console/html/root/AtxEnc.cab
DPF: {9DCD8EB7-E925-45C9-9321-8CA843FBEDCC} - hxxps://taciisapp:4343/SMB/console/html/root/AtxConsole.cab
FF - ProfilePath - c:\users\Rbadgett\AppData\Roaming\Mozilla\Firefox\Profiles\x1sf4j87.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.toyotomi.tac
FF - ExtSQL: 2012-11-27 15:53; {22C7F6C6-8D67-4534-92B5-529A0EC09405}; c:\program files (x86)\Trend Micro\Client Server Security Agent\bho\1003\FirefoxExtension
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IBMStorageManagerProfilerWebServer]
"ImagePath"="\"C:/Program Files (x86)/IBM_DS/IBMStorageManagerProfiler Server\bin\tomcat5.exe\" //RS//IBMStorageManagerProfilerWebServer"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IBMStorageManagerProfilerWebServer]
"ImagePath"="\"C:/Program Files (x86)/IBM_DS/IBMStorageManagerProfiler Server\bin\tomcat5.exe\" //RS//IBMStorageManagerProfilerWebServer"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-29 15:46:30
ComboFix-quarantined-files.txt 2012-11-29 20:46
.
Pre-Run: 31,961,452,544 bytes free
Post-Run: 31,656,255,488 bytes free
.
- - End Of File - - C39D06DEBC3E255BB8A678F341AF644B

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:47 PM

Posted 30 November 2012 - 11:30 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 btr03

btr03
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 30 November 2012 - 11:34 AM

Here is a copy of the TDSSKiller log. No threats were found.

11:32:27.0841 6724 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:32:29.0848 6724 ============================================================
11:32:29.0848 6724 Current date / time: 2012/11/30 11:32:29.0848
11:32:29.0848 6724 SystemInfo:
11:32:29.0848 6724
11:32:29.0848 6724 OS Version: 6.1.7601 ServicePack: 1.0
11:32:29.0848 6724 Product type: Workstation
11:32:29.0848 6724 ComputerName: TACRBADGETT
11:32:29.0849 6724 UserName: rbadgett
11:32:29.0849 6724 Windows directory: C:\Windows
11:32:29.0849 6724 System windows directory: C:\Windows
11:32:29.0849 6724 Running under WOW64
11:32:29.0849 6724 Processor architecture: Intel x64
11:32:29.0849 6724 Number of processors: 4
11:32:29.0849 6724 Page size: 0x1000
11:32:29.0849 6724 Boot type: Normal boot
11:32:29.0849 6724 ============================================================
11:32:30.0049 6724 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:32:30.0053 6724 ============================================================
11:32:30.0053 6724 \Device\Harddisk0\DR0:
11:32:30.0053 6724 MBR partitions:
11:32:30.0053 6724 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x178000
11:32:30.0054 6724 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x18C000, BlocksNum 0xECEE000
11:32:30.0054 6724 ============================================================
11:32:30.0058 6724 C: <-> \Device\Harddisk0\DR0\Partition2
11:32:30.0058 6724 ============================================================
11:32:30.0058 6724 Initialize success
11:32:30.0058 6724 ============================================================
11:32:34.0279 8892 ============================================================
11:32:34.0279 8892 Scan started
11:32:34.0279 8892 Mode: Manual;
11:32:34.0279 8892 ============================================================
11:32:34.0463 8892 ================ Scan system memory ========================
11:32:34.0463 8892 System memory - ok
11:32:34.0463 8892 ================ Scan services =============================
11:32:34.0504 8892 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
11:32:34.0507 8892 1394ohci - ok
11:32:34.0511 8892 [ E0065CBF1A25C015C218457D2CD522B9 ] Acceler C:\Windows\system32\DRIVERS\Accelern.sys
11:32:34.0511 8892 Acceler - ok
11:32:34.0518 8892 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:32:34.0523 8892 ACPI - ok
11:32:34.0526 8892 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:32:34.0528 8892 AcpiPmi - ok
11:32:34.0533 8892 [ E5568164C070A4988BD79C896920B3C6 ] acsock C:\Windows\system32\DRIVERS\acsock64.sys
11:32:34.0535 8892 acsock - ok
11:32:34.0545 8892 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:32:34.0546 8892 AdobeARMservice - ok
11:32:34.0573 8892 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:32:34.0575 8892 AdobeFlashPlayerUpdateSvc - ok
11:32:34.0585 8892 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
11:32:34.0593 8892 adp94xx - ok
11:32:34.0601 8892 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
11:32:34.0606 8892 adpahci - ok
11:32:34.0610 8892 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
11:32:34.0613 8892 adpu320 - ok
11:32:34.0617 8892 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:32:34.0618 8892 AeLookupSvc - ok
11:32:34.0624 8892 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
11:32:34.0625 8892 AESTFilters - ok
11:32:34.0630 8892 [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc C:\Windows\syswow64\drivers\Afc.sys
11:32:34.0630 8892 Afc - ok11:32:34.0638 8892 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
11:32:34.0642 8892 AFD - ok
11:32:34.0647 8892 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:32:34.0648 8892 agp440 - ok
11:32:34.0651 8892 [ 44F360B65C37A42EB5B71C2E5179FDD5 ] aksdf C:\Windows\system32\drivers\aksdf.sys
11:32:34.0653 8892 aksdf - ok
11:32:34.0667 8892 [ 43415AF4F20E9867974623840A22FE98 ] aksfridge C:\Windows\system32\DRIVERS\aksfridge.sys
11:32:34.0667 8892 aksfridge - ok
11:32:34.0671 8892 [ A56F1B0F967AEF8A82D7771E6D166DEF ] akshasp C:\Windows\system32\DRIVERS\akshasp.sys
11:32:34.0672 8892 akshasp - ok
11:32:34.0686 8892 [ BC0EE7F8D0BE561793B80871F4F10627 ] akshhl C:\Windows\system32\DRIVERS\akshhl.sys
11:32:34.0688 8892 akshhl - ok
11:32:34.0691 8892 [ 27F2E2C89A1855B063FCAC21EB7D6A73 ] aksusb C:\Windows\system32\DRIVERS\aksusb.sys
11:32:34.0693 8892 aksusb - ok
11:32:34.0713 8892 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:32:34.0716 8892 ALG - ok
11:32:34.0725 8892 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
11:32:34.0727 8892 aliide - ok
11:32:34.0729 8892 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
11:32:34.0731 8892 amdide - ok
11:32:34.0734 8892 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
11:32:34.0735 8892 AmdK8 - ok
11:32:34.0747 8892 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
11:32:34.0748 8892 AmdPPM - ok
11:32:34.0752 8892 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:32:34.0754 8892 amdsata - ok
11:32:34.0770 8892 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
11:32:34.0772 8892 amdsbs - ok
11:32:34.0775 8892 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:32:34.0775 8892 amdxata - ok
11:32:34.0796 8892 [ E4F6A272A696B6442E5C84EC470E3676 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
11:32:34.0802 8892 ApfiltrService - ok
11:32:34.0814 8892 [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
11:32:34.0816 8892 AppHostSvc - ok
11:32:34.0819 8892 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
11:32:34.0821 8892 AppID - ok
11:32:34.0824 8892 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:32:34.0824 8892 AppIDSvc - ok
11:32:34.0828 8892 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
11:32:34.0830 8892 Appinfo - ok
11:32:34.0834 8892 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
11:32:34.0836 8892 AppMgmt - ok
11:32:34.0849 8892 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
11:32:34.0851 8892 arc - ok
11:32:34.0854 8892 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
11:32:34.0856 8892 arcsas - ok
11:32:34.0909 8892 [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:32:34.0915 8892 aspnet_state - ok
11:32:34.0926 8892 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
11:32:34.0927 8892 aswFsBlk - ok
11:32:34.0935 8892 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
11:32:34.0936 8892 aswMonFlt - ok
11:32:34.0940 8892 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
11:32:34.0940 8892 aswRdr - ok
11:32:34.0960 8892 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
11:32:34.0964 8892 aswSnx - ok
11:32:34.0971 8892 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
11:32:34.0973 8892 aswSP - ok
11:32:34.0977 8892 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
11:32:34.0978 8892 aswTdi - ok
11:32:34.0981 8892 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:32:34.0982 8892 AsyncMac - ok
11:32:34.0984 8892 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
11:32:34.0985 8892 atapi - ok
11:32:35.0000 8892 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:32:35.0010 8892 AudioEndpointBuilder - ok
11:32:35.0020 8892 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:32:35.0023 8892 AudioSrv - ok
11:32:35.0028 8892 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
11:32:35.0029 8892 avast! Antivirus - ok
11:32:35.0037 8892 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:32:35.0039 8892 AxInstSV - ok
11:32:35.0050 8892 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
11:32:35.0058 8892 b06bdrv - ok
11:32:35.0076 8892 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:32:35.0085 8892 b57nd60a - ok
11:32:35.0090 8892 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:32:35.0093 8892 BDESVC - ok
11:32:35.0096 8892 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:32:35.0096 8892 Beep - ok
11:32:35.0110 8892 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
11:32:35.0119 8892 BFE - ok
11:32:35.0133 8892 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
11:32:35.0149 8892 BITS - ok
11:32:35.0152 8892 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:32:35.0153 8892 blbdrive - ok
11:32:35.0157 8892 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:32:35.0159 8892 bowser - ok
11:32:35.0162 8892 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
11:32:35.0163 8892 BrFiltLo - ok
11:32:35.0166 8892 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
11:32:35.0167 8892 BrFiltUp - ok
11:32:35.0173 8892 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
11:32:35.0175 8892 BridgeMP - ok
11:32:35.0179 8892 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
11:32:35.0181 8892 Browser - ok
11:32:35.0192 8892 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:32:35.0195 8892 Brserid - ok
11:32:35.0198 8892 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:32:35.0200 8892 BrSerWdm - ok
11:32:35.0210 8892 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:32:35.0211 8892 BrUsbMdm - ok
11:32:35.0214 8892 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:32:35.0215 8892 BrUsbSer - ok
11:32:35.0233 8892 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
11:32:35.0234 8892 BthEnum - ok
11:32:35.0243 8892 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
11:32:35.0246 8892 BTHMODEM - ok
11:32:35.0259 8892 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
11:32:35.0263 8892 BthPan - ok
11:32:35.0272 8892 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
11:32:35.0277 8892 BTHPORT - ok
11:32:35.0281 8892 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:32:35.0282 8892 bthserv - ok
11:32:35.0285 8892 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
11:32:35.0287 8892 BTHUSB - ok
11:32:35.0294 8892 [ A0DFB69ADE3444C78B17636FCF28E898 ] BTWAMPFL C:\Windows\system32\DRIVERS\btwampfl.sys
11:32:35.0295 8892 BTWAMPFL - ok
11:32:35.0299 8892 [ 7CF028CE78696882B327FF13D2DFA534 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
11:32:35.0300 8892 btwaudio - ok
11:32:35.0311 8892 [ 3DEF2370E414B4E299673558BA171A51 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
11:32:35.0312 8892 btwavdt - ok
11:32:35.0325 8892 [ CC9DAE7759AC2C0D19111C0D38DDD232 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
11:32:35.0329 8892 btwdins - ok
11:32:35.0332 8892 [ 9AD0FA253ED531D39FB2D74FE12A5FA9 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
11:32:35.0332 8892 btwl2cap - ok
11:32:35.0335 8892 [ 9937E0E4DFC0030560A6DFE9D3A94B39 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
11:32:35.0336 8892 btwrchid - ok
11:32:35.0349 8892 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:32:35.0351 8892 cdfs - ok
11:32:35.0355 8892 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:32:35.0358 8892 cdrom - ok
11:32:35.0369 8892 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
11:32:35.0371 8892 CertPropSvc - ok
11:32:35.0374 8892 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
11:32:35.0375 8892 circlass - ok
11:32:35.0401 8892 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:32:35.0410 8892 CLFS - ok
11:32:35.0422 8892 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:32:35.0423 8892 clr_optimization_v2.0.50727_32 - ok
11:32:35.0429 8892 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:32:35.0431 8892 clr_optimization_v2.0.50727_64 - ok
11:32:35.0442 8892 [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:32:35.0463 8892 clr_optimization_v4.0.30319_32 - ok
11:32:35.0477 8892 [ 86329C35FF23CFEF0FB6C0023BA06BCE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:32:35.0486 8892 clr_optimization_v4.0.30319_64 - ok
11:32:35.0492 8892 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:32:35.0493 8892 CmBatt - ok
11:32:35.0498 8892 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:32:35.0499 8892 cmdide - ok
11:32:35.0508 8892 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
11:32:35.0512 8892 CNG - ok
11:32:35.0516 8892 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:32:35.0516 8892 Compbatt - ok
11:32:35.0519 8892 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
11:32:35.0520 8892 CompositeBus - ok
11:32:35.0527 8892 COMSysApp - ok
11:32:35.0531 8892 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
11:32:35.0532 8892 crcdisk - ok
11:32:35.0557 8892 [ D8E4F20BD26D8DCA4CB67A796D7EEC84 ] Credential Vault Host Control Service C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
11:32:35.0561 8892 Credential Vault Host Control Service - ok
11:32:35.0564 8892 [ EC31C9A4D1059E599DD1DBB50B84F278 ] Credential Vault Host Storage C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
11:32:35.0564 8892 Credential Vault Host Storage - ok
11:32:35.0567 8892 Crypkey License - ok
11:32:35.0586 8892 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:32:35.0589 8892 CryptSvc - ok
11:32:35.0601 8892 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
11:32:35.0613 8892 CSC - ok
11:32:35.0627 8892 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
11:32:35.0633 8892 CscService - ok
11:32:35.0638 8892 [ 8CE04A5BDD2CE6E62CE02A1C27093104 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
11:32:35.0640 8892 CtClsFlt - ok
11:32:35.0643 8892 [ AFD403048B1753EB4225CA476F663350 ] cvusbdrv C:\Windows\system32\Drivers\cvusbdrv.sys
11:32:35.0644 8892 cvusbdrv - ok
11:32:35.0648 8892 [ 1F2D3227A107899914068D1A7D041F01 ] Cwbrxd C:\Windows\cwbrxd.exe
11:32:35.0648 8892 Cwbrxd - ok
11:32:35.0662 8892 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:32:35.0669 8892 DcomLaunch - ok
11:32:35.0679 8892 [ 3562C84415080B8B0C4D695A43372E3E ] dcpsysmgrsvc c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
11:32:35.0681 8892 dcpsysmgrsvc - ok
11:32:35.0686 8892 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:32:35.0690 8892 defragsvc - ok
11:32:35.0693 8892 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:32:35.0695 8892 DfsC - ok
11:32:35.0701 8892 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
11:32:35.0705 8892 Dhcp - ok
11:32:35.0714 8892 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:32:35.0715 8892 discache - ok
11:32:35.0718 8892 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
11:32:35.0719 8892 Disk - ok
11:32:35.0736 8892 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
11:32:35.0738 8892 dmvsc - ok
11:32:35.0742 8892 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:32:35.0745 8892 Dnscache - ok
11:32:35.0756 8892 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:32:35.0760 8892 dot3svc - ok
11:32:35.0764 8892 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
11:32:35.0767 8892 DPS - ok
11:32:35.0774 8892 DriverX - ok
11:32:35.0777 8892 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:32:35.0778 8892 drmkaud - ok
11:32:35.0796 8892 dtpd - ok
11:32:35.0817 8892 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:32:35.0832 8892 DXGKrnl - ok
11:32:35.0851 8892 [ 1BEF2C2E229452EC49FFE5A27283341D ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
11:32:35.0853 8892 e1cexpress - ok
11:32:35.0861 8892 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:32:35.0865 8892 EapHost - ok
11:32:35.0889 8892 [ 70B997B168AE99C900B3F6B00FB231D3 ] EaseUS Agent C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
11:32:35.0891 8892 EaseUS Agent - ok
11:32:35.0957 8892 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
11:32:36.0015 8892 ebdrv - ok
11:32:36.0018 8892 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
11:32:36.0020 8892 EFS - ok
11:32:36.0030 8892 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:32:36.0034 8892 ehRecvr - ok
11:32:36.0037 8892 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:32:36.0038 8892 ehSched - ok
11:32:36.0043 8892 [ DEE9D1253FCFE8CCF31D346294210824 ] EkaProt6 C:\Windows\system32\DRIVERS\ekaprot6.sys
11:32:36.0043 8892 EkaProt6 - ok
11:32:36.0052 8892 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
11:32:36.0059 8892 elxstor - ok
11:32:36.0062 8892 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:32:36.0063 8892 ErrDev - ok
11:32:36.0068 8892 [ AFB8764E629E81E6F4BDD9252B67AEF3 ] EUBAKUP C:\Windows\system32\drivers\eubakup.sys
11:32:36.0069 8892 EUBAKUP - ok
11:32:36.0073 8892 [ 4DC80FC28D27053497ABC7B1C423CAA7 ] EUBKMON C:\Windows\system32\drivers\EUBKMON.sys
11:32:36.0073 8892 EUBKMON - ok
11:32:36.0079 8892 [ 962150F74FF131A330B9C9DD502526AC ] EUDSKACS C:\Windows\system32\drivers\eudskacs.sys
11:32:36.0079 8892 EUDSKACS - ok
11:32:36.0084 8892 [ 1B55D6F38343904F0D26A5B0744B6BD8 ] EUFDDISK C:\Windows\system32\drivers\EuFdDisk.sys
11:32:36.0085 8892 EUFDDISK - ok
11:32:36.0094 8892 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:32:36.0100 8892 EventSystem - ok
11:32:36.0120 8892 [ 5C08B9A2BAAEC1F33C2D50FD166DEEBB ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
11:32:36.0125 8892 EvtEng - ok
11:32:36.0132 8892 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:32:36.0135 8892 exfat - ok
11:32:36.0142 8892 [ 7922583C802203A54CDD47D9ECF028F2 ] EZSocketGOT C:\Windows\system32\drivers\EZSocketGOT.sys
11:32:36.0145 8892 EZSocketGOT - ok
11:32:36.0152 8892 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:32:36.0156 8892 fastfat - ok
11:32:36.0167 8892 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
11:32:36.0176 8892 Fax - ok
11:32:36.0179 8892 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
11:32:36.0180 8892 fdc - ok
11:32:36.0183 8892 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:32:36.0184 8892 fdPHost - ok
11:32:36.0187 8892 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:32:36.0189 8892 FDResPub - ok
11:32:36.0192 8892 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:32:36.0193 8892 FileInfo - ok
11:32:36.0195 8892 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:32:36.0197 8892 Filetrace - ok
11:32:36.0209 8892 [ 8669BE94F63944E4F899C3950B520241 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:32:36.0213 8892 FLEXnet Licensing Service - ok
11:32:36.0216 8892 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
11:32:36.0217 8892 flpydisk - ok
11:32:36.0223 8892 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:32:36.0226 8892 FltMgr - ok
11:32:36.0239 8892 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
11:32:36.0249 8892 FontCache - ok
11:32:36.0253 8892 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:32:36.0253 8892 FontCache3.0.0.0 - ok
11:32:36.0257 8892 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:32:36.0258 8892 FsDepends - ok
11:32:36.0261 8892 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:32:36.0261 8892 Fs_Rec - ok
11:32:36.0265 8892 [ 35FD2BB5131714E657B7AB3A78642854 ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys
11:32:36.0267 8892 FTDIBUS - ok
11:32:36.0271 8892 [ 196C9BDDBEF9B6D0973F398BEF5B2EEE ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys
11:32:36.0273 8892 FTSER2K - ok
11:32:36.0278 8892 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:32:36.0281 8892 fvevol - ok
11:32:36.0284 8892 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
11:32:36.0285 8892 gagp30kx - ok
11:32:36.0296 8892 [ 9144B18CE0DB8DEBB3AE31D2ED25C384 ] GoToAssist Remote Support Customer C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\428\g2ax_service.exe
11:32:36.0299 8892 GoToAssist Remote Support Customer - ok
11:32:36.0308 8892 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
11:32:36.0316 8892 gpsvc - ok
11:32:36.0319 8892 [ A09BD5E75C4BDACA295F9F1D9C5DFE38 ] Guard Agent C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
11:32:36.0319 8892 Guard Agent - ok
11:32:36.0325 8892 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:32:36.0326 8892 gupdate - ok
11:32:36.0330 8892 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:32:36.0330 8892 gupdatem - ok
11:32:36.0336 8892 [ D619BA1712B83D14149850E758B835AD ] hardlock C:\Windows\system32\drivers\hardlock.sys
11:32:36.0340 8892 hardlock - ok
11:32:36.0342 8892 hasplms - ok
11:32:36.0345 8892 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:32:36.0346 8892 hcw85cir - ok
11:32:36.0350 8892 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
11:32:36.0351 8892 HDAudBus - ok
11:32:36.0354 8892 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
11:32:36.0356 8892 HidBatt - ok
11:32:36.0359 8892 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
11:32:36.0360 8892 HidBth - ok
11:32:36.0363 8892 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
11:32:36.0365 8892 HidIr - ok
11:32:36.0367 8892 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
11:32:36.0369 8892 hidserv - ok
11:32:36.0373 8892 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:32:36.0374 8892 HidUsb - ok
11:32:36.0378 8892 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:32:36.0381 8892 hkmsvc - ok
11:32:36.0385 8892 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:32:36.0390 8892 HomeGroupListener - ok
11:32:36.0394 8892 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:32:36.0398 8892 HomeGroupProvider - ok
11:32:36.0401 8892 [ 32F11AE357BF3C947A23AC21392A35A0 ] hpnuhst C:\Windows\system32\DRIVERS\hpnuhst.sys
11:32:36.0402 8892 hpnuhst - ok
11:32:36.0405 8892 [ 3134571337A4FC30940BA6142DB31A00 ] HPNUHUB C:\Windows\system32\DRIVERS\hpnuhub.sys
11:32:36.0406 8892 HPNUHUB - ok
11:32:36.0410 8892 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:32:36.0411 8892 HpSAMD - ok
11:32:36.0414 8892 [ EB249D6FB8D133E59B36A3F3D5313DF1 ] HPWPAUSB C:\Windows\system32\Drivers\HPWPAUSB.sys
11:32:36.0416 8892 HPWPAUSB - ok
11:32:36.0424 8892 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:32:36.0431 8892 HTTP - ok
11:32:36.0434 8892 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:32:36.0435 8892 hwpolicy - ok
11:32:36.0438 8892 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
11:32:36.0440 8892 i8042prt - ok
11:32:36.0448 8892 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\drivers\iaStor.sys
11:32:36.0450 8892 iaStor - ok
11:32:36.0455 8892 [ 8FFF9083252C16FE3960173722605E9E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
11:32:36.0455 8892 IAStorDataMgrSvc - ok
11:32:36.0462 8892 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:32:36.0467 8892 iaStorV - ok
11:32:36.0470 8892 [ 65F4F50389A84F10524F0591527E4349 ] IBM LUM CR C:\IFOR\WIN\BIN\I4GDB.EXE
11:32:36.0471 8892 IBM LUM CR - ok
11:32:36.0473 8892 [ 258531325C4BD6E9E247E940E03ADABE ] IBM LUM LMD C:\IFOR\WIN\BIN\I4LMD.EXE
11:32:36.0474 8892 IBM LUM LMD - ok
11:32:36.0477 8892 [ BBD4805B31C9902586AE9DC0D85FE7E2 ] IBM LUM NDL C:\IFOR\WIN\BIN\I4LLMD.EXE
11:32:36.0477 8892 IBM LUM NDL - ok
11:32:36.0482 8892 [ 73A217BF90EC731FF3BA460595258652 ] IBMStorageManagerProfilerCollector C:\Program Files (x86)\IBM_DS\IBMStorageManagerProfiler Server\webapps\ROOT\bin\IBMStorageManagerProfilerCollector.exe
11:32:36.0483 8892 IBMStorageManagerProfilerCollector - ok
11:32:36.0486 8892 [ 73A217BF90EC731FF3BA460595258652 ] IBMStorageManagerProfilerEventReceiver C:\Program Files (x86)\IBM_DS\IBMStorageManagerProfiler Server\webapps\ROOT\bin\IBMStorageManagerProfilerEventReceiver.exe
11:32:36.0486 8892 IBMStorageManagerProfilerEventReceiver - ok
11:32:36.0490 8892 [ 73A217BF90EC731FF3BA460595258652 ] IBMStorageManagerProfilerMaintenance C:\Program Files (x86)\IBM_DS\IBMStorageManagerProfiler Server\webapps\ROOT\bin\IBMStorageManagerProfilerMaintenance.exe
11:32:36.0491 8892 IBMStorageManagerProfilerMaintenance - ok
11:32:36.0493 8892 [ 73A217BF90EC731FF3BA460595258652 ] IBMStorageManagerProfilerPoller C:\Program Files (x86)\IBM_DS\IBMStorageManagerProfiler Server\webapps\ROOT\bin\IBMStorageManagerProfilerPoller.exe
11:32:36.0494 8892 IBMStorageManagerProfilerPoller - ok
11:32:36.0497 8892 [ 6A3C0505EEEBA32ECF7EBAC24D6BBF81 ] IBMStorageManagerProfilerWebServer C:/Program Files (x86)/IBM_DS/IBMStorageManagerProfiler Server\bin\tomcat5.exe
11:32:36.0498 8892 IBMStorageManagerProfilerWebServer - ok
11:32:36.0510 8892 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:32:36.0518 8892 idsvc - ok
11:32:36.0644 8892 [ 9937600A1584FF00565D5379EB4C9EDB ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
11:32:36.0766 8892 igfx - ok
11:32:36.0773 8892 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
11:32:36.0775 8892 iirsp - ok
11:32:36.0776 8892 iked - ok
11:32:36.0787 8892 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
11:32:36.0796 8892 IKEEXT - ok
11:32:36.0802 8892 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\drivers\Impcd.sys
11:32:36.0805 8892 Impcd - ok
11:32:36.0811 8892 [ 28D387EEFAD7CC3A0BEB9C3262E83ADD ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
11:32:36.0814 8892 Intel® PROSet Monitoring Service - ok
11:32:36.0817 8892 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
11:32:36.0818 8892 intelide - ok
11:32:36.0821 8892 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:32:36.0822 8892 intelppm - ok
11:32:36.0826 8892 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:32:36.0828 8892 IPBusEnum - ok
11:32:36.0831 8892 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:32:36.0833 8892 IpFilterDriver - ok
11:32:36.0840 8892 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:32:36.0846 8892 iphlpsvc - ok
11:32:36.0850 8892 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:32:36.0852 8892 IPMIDRV - ok
11:32:36.0855 8892 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:32:36.0857 8892 IPNAT - ok
11:32:36.0858 8892 ipsecd - ok
11:32:36.0862 8892 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:32:36.0863 8892 IRENUM - ok
11:32:36.0866 8892 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:32:36.0867 8892 isapnp - ok
11:32:36.0872 8892 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:32:36.0876 8892 iScsiPrt - ok
11:32:36.0881 8892 [ 6C85719A21B3F62C2C76280F4BD36C7B ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
11:32:36.0882 8892 jhi_service - ok
11:32:36.0885 8892 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:32:36.0886 8892 kbdclass - ok
11:32:36.0888 8892 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:32:36.0890 8892 kbdhid - ok
11:32:36.0893 8892 [ F8E5133FEE454392A68571A161F83F5F ] KEPServerEXKeySvcV5 C:\Program Files (x86)\Kepware\KEPServerEX 5\keysvc.exe
11:32:36.0894 8892 KEPServerEXKeySvcV5 - ok
11:32:36.0897 8892 [ 5E18C7FB974288EA4362BDB83080391F ] KEPServerEXLoggerV5 C:\Program Files (x86)\Kepware\KEPServerEX 5\server_eventlog.exe
11:32:36.0897 8892 KEPServerEXLoggerV5 - ok
11:32:36.0901 8892 [ B060DCA9FF87B30913512225CEA26718 ] KEPServerEXV5 C:\Program Files (x86)\Kepware\KEPServerEX 5\server_runtime.exe
11:32:36.0902 8892 KEPServerEXV5 - ok
11:32:36.0907 8892 [ BFADD666C88810848535DE296C0F8703 ] KEPServerEXV5_OPCNET C:\Program Files (x86)\Kepware\KEPServerEX 5\xi_wrapper\xi_server_runtime.exe
11:32:36.0907 8892 KEPServerEXV5_OPCNET - ok
11:32:36.0909 8892 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
11:32:36.0911 8892 KeyIso - ok
11:32:36.0914 8892 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:32:36.0916 8892 KSecDD - ok
11:32:36.0920 8892 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:32:36.0922 8892 KSecPkg - ok
11:32:36.0924 8892 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:32:36.0926 8892 ksthunk - ok
11:32:36.0931 8892 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:32:36.0937 8892 KtmRm - ok
11:32:36.0942 8892 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
11:32:36.0947 8892 LanmanServer - ok
11:32:36.0951 8892 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:32:36.0955 8892 LanmanWorkstation - ok
11:32:36.0961 8892 [ 797289607A5EBF31353AA5EAD141F872 ] LeapFrog-USBLAN C:\Windows\system32\DRIVERS\btblan.sys
11:32:36.0962 8892 LeapFrog-USBLAN - ok
11:32:36.0965 8892 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:32:36.0966 8892 lltdio - ok
11:32:36.0972 8892 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:32:36.0976 8892 lltdsvc - ok
11:32:36.0979 8892 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:32:36.0981 8892 lmhosts - ok
11:32:36.0986 8892 [ 97F9EAAC985A663394CD8F54DCD3E73A ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
11:32:36.0988 8892 LMS - ok
11:32:36.0992 8892 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
11:32:36.0994 8892 LSI_FC - ok
11:32:36.0997 8892 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
11:32:36.0999 8892 LSI_SAS - ok
11:32:37.0002 8892 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
11:32:37.0004 8892 LSI_SAS2 - ok
11:32:37.0008 8892 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
11:32:37.0009 8892 LSI_SCSI - ok
11:32:37.0013 8892 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:32:37.0014 8892 luafv - ok
11:32:37.0016 8892 LUMDriver - ok
11:32:37.0020 8892 [ 6562FCEE704F14C05F5338B147D67A16 ] LVUSBS64 C:\Windows\system32\drivers\LVUSBS64.sys
11:32:37.0021 8892 LVUSBS64 - ok
11:32:37.0024 8892 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:32:37.0027 8892 Mcx2Svc - ok
11:32:37.0030 8892 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
11:32:37.0032 8892 megasas - ok
11:32:37.0036 8892 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
11:32:37.0040 8892 MegaSR - ok
11:32:37.0044 8892 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
11:32:37.0045 8892 MEIx64 - ok
11:32:37.0048 8892 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:32:37.0051 8892 MMCSS - ok
11:32:37.0053 8892 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:32:37.0057 8892 Modem - ok
11:32:37.0060 8892 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:32:37.0061 8892 monitor - ok
11:32:37.0063 8892 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:32:37.0064 8892 mouclass - ok
11:32:37.0067 8892 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:32:37.0068 8892 mouhid - ok
11:32:37.0071 8892 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:32:37.0072 8892 mountmgr - ok
11:32:37.0076 8892 [ 313265CF4F5F02ED927774DA1DB3FE00 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:32:37.0077 8892 MozillaMaintenance - ok
11:32:37.0081 8892 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
11:32:37.0083 8892 mpio - ok
11:32:37.0086 8892 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:32:37.0088 8892 mpsdrv - ok
11:32:37.0098 8892 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:32:37.0107 8892 MpsSvc - ok
11:32:37.0111 8892 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:32:37.0113 8892 MRxDAV - ok
11:32:37.0117 8892 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:32:37.0120 8892 mrxsmb - ok
11:32:37.0126 8892 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:32:37.0129 8892 mrxsmb10 - ok
11:32:37.0134 8892 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:32:37.0135 8892 mrxsmb20 - ok
11:32:37.0138 8892 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
11:32:37.0140 8892 msahci - ok
11:32:37.0145 8892 [ A592A054D78750B4D73ABAA4C94DECDF ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe
11:32:37.0146 8892 MSCamSvc - ok
11:32:37.0150 8892 [ B7A248E6BCAE3B17791A51A836DAE264 ] MsDepSvc C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
11:32:37.0151 8892 MsDepSvc - ok
11:32:37.0155 8892 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:32:37.0157 8892 msdsm - ok
11:32:37.0161 8892 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:32:37.0165 8892 MSDTC - ok
11:32:37.0170 8892 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:32:37.0171 8892 Msfs - ok
11:32:37.0174 8892 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:32:37.0175 8892 mshidkmdf - ok
11:32:37.0178 8892 [ 55218F924E55FD2786ED40EDF4ED79C3 ] MSHUSBVideo C:\Windows\system32\Drivers\nx6000.sys
11:32:37.0179 8892 MSHUSBVideo - ok
11:32:37.0182 8892 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:32:37.0182 8892 msisadrv - ok
11:32:37.0187 8892 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:32:37.0190 8892 MSiSCSI - ok
11:32:37.0192 8892 msiserver - ok
11:32:37.0195 8892 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:32:37.0196 8892 MSKSSRV - ok
11:32:37.0199 8892 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:32:37.0200 8892 MSPCLOCK - ok
11:32:37.0202 8892 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:32:37.0203 8892 MSPQM - ok
11:32:37.0210 8892 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:32:37.0213 8892 MsRPC - ok
11:32:37.0217 8892 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
11:32:37.0218 8892 mssmbios - ok
11:32:37.0223 8892 MSSQL$SQLEXPRESS - ok
11:32:37.0228 8892 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
11:32:37.0228 8892 MSSQLServerADHelper100 - ok
11:32:37.0232 8892 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:32:37.0233 8892 MSTEE - ok
11:32:37.0236 8892 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
11:32:37.0237 8892 MTConfig - ok
11:32:37.0240 8892 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:32:37.0241 8892 Mup - ok
11:32:37.0314 8892 [ 2F56F48922E057EC4008E9A99AF001F7 ] MySQL C:\Program Files (x86)\IBM_DS\IBMStorageManagerProfiler Server\mysql\bin\mysqld-nt.exe
11:32:37.0335 8892 MySQL - ok
11:32:37.0345 8892 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
11:32:37.0351 8892 napagent - ok
11:32:37.0357 8892 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:32:37.0361 8892 NativeWifiP - ok
11:32:37.0372 8892 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:32:37.0380 8892 NDIS - ok
11:32:37.0383 8892 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:32:37.0384 8892 NdisCap - ok
11:32:37.0386 8892 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:32:37.0388 8892 NdisTapi - ok
11:32:37.0391 8892 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:32:37.0392 8892 Ndisuio - ok
11:32:37.0396 8892 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:32:37.0399 8892 NdisWan - ok
11:32:37.0401 8892 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:32:37.0403 8892 NDProxy - ok
11:32:37.0407 8892 [ 76C4D5C98A808D8C8E0C46280036FAF8 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
11:32:37.0409 8892 Net Driver HPZ12 - ok
11:32:37.0412 8892 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:32:37.0413 8892 NetBIOS - ok
11:32:37.0418 8892 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:32:37.0421 8892 NetBT - ok
11:32:37.0424 8892 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
11:32:37.0425 8892 Netlogon - ok
11:32:37.0431 8892 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:32:37.0436 8892 Netman - ok
11:32:37.0444 8892 [ E8B9164DA7701C1E595647C3A3AFA766 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:32:37.0447 8892 NetMsmqActivator - ok
11:32:37.0450 8892 [ E8B9164DA7701C1E595647C3A3AFA766 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:32:37.0451 8892 NetPipeActivator - ok
11:32:37.0458 8892 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:32:37.0464 8892 netprofm - ok
11:32:37.0469 8892 [ E8B9164DA7701C1E595647C3A3AFA766 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:32:37.0470 8892 NetTcpActivator - ok
11:32:37.0474 8892 [ E8B9164DA7701C1E595647C3A3AFA766 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:32:37.0475 8892 NetTcpPortSharing - ok
11:32:37.0481 8892 [ 73CE12B8BDD747B0063CB0A7EF44CEA7 ] netvsc C:\Windows\system32\DRIVERS\netvsc60.sys
11:32:37.0484 8892 netvsc - ok
11:32:37.0591 8892 [ 5D262402B0634C998F8CBCEAD7DD8676 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
11:32:37.0683 8892 NETwNs64 - ok
11:32:37.0690 8892 [ 2263727032E9B19231A706046B8C82D3 ] NetworkX C:\Windows\system32\ckldrv.sys
11:32:37.0690 8892 NetworkX - ok
11:32:37.0693 8892 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
11:32:37.0695 8892 nfrd960 - ok
11:32:37.0700 8892 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:32:37.0705 8892 NlaSvc - ok
11:32:37.0708 8892 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:32:37.0709 8892 Npfs - ok
11:32:37.0712 8892 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:32:37.0714 8892 nsi - ok
11:32:37.0717 8892 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:32:37.0718 8892 nsiproxy - ok
11:32:37.0736 8892 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:32:37.0749 8892 Ntfs - ok
11:32:37.0752 8892 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:32:37.0753 8892 Null - ok
11:32:37.0757 8892 [ A7127E86F9FFE2A53E271B56B2C4CEDF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
11:32:37.0759 8892 nusb3hub - ok
11:32:37.0764 8892 [ 49BBEC6F48D5F9284B03ABF3A959B19B ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
11:32:37.0766 8892 nusb3xhc - ok
11:32:37.0771 8892 [ 960E39A54E525DF58CB29193147DFFA1 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
11:32:37.0772 8892 NVHDA - ok
11:32:37.0906 8892 [ 70E89A21827B2669AF906B703C7C48B5 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:32:37.0954 8892 nvlddmkm - ok
11:32:37.0962 8892 [ 4B9C0C2BF78289513101EB0D44834701 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
11:32:37.0962 8892 nvpciflt - ok
11:32:37.0967 8892 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:32:37.0969 8892 nvraid - ok
11:32:37.0975 8892 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:32:37.0978 8892 nvstor - ok
11:32:37.0990 8892 [ E04FCE1D149CF05C3449E3171F9C3E41 ] NVSvc C:\Windows\system32\nvvsvc.exe
11:32:37.0999 8892 NVSvc - ok
11:32:38.0020 8892 [ D96DDEA6C699A99832E0186057801971 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
11:32:38.0028 8892 nvUpdatusService - ok
11:32:38.0032 8892 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:32:38.0034 8892 nv_agp - ok
11:32:38.0037 8892 [ 4E37455DB16AEC75862B1D0BC35B589E ] O2FLASH C:\Windows\system32\DRIVERS\o2flash.exe
11:32:38.0038 8892 O2FLASH - ok
11:32:38.0041 8892 [ 6172DB160FC566CF24307941C0E94D8E ] O2MDFRDR C:\Windows\system32\drivers\O2MDFw7x64.sys
11:32:38.0043 8892 O2MDFRDR - ok
11:32:38.0046 8892 [ 8ED738ABA394BBF6D7802698BE453112 ] O2MDRRDR C:\Windows\system32\DRIVERS\O2MDRw7x64.sys
11:32:38.0047 8892 O2MDRRDR - ok
11:32:38.0067 8892 [ 4635935FC972C582632BF45C26BFCB0E ] O2SDIOAssist c:\Windows\SysWOW64\srvany.exe
11:32:38.0069 8892 O2SDIOAssist - ok
11:32:38.0072 8892 [ A9C1E6B7C134FAD124338B7944FA996D ] O2SDJRDR C:\Windows\system32\DRIVERS\o2sdjw7x64.sys
11:32:38.0073 8892 O2SDJRDR - ok
11:32:38.0078 8892 [ 50E9FD9E156F0D2246FA3EE06FAD589F ] OCS Inventory Service C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe
11:32:38.0078 8892 OCS Inventory Service - ok
11:32:38.0089 8892 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:32:38.0091 8892 odserv - ok
11:32:38.0095 8892 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:32:38.0097 8892 ohci1394 - ok
11:32:38.0102 8892 [ 9CD5288F427DDE28F76F8E56F640644F ] OpcEnum C:\Windows\SysWOW64\OpcEnum.exe
11:32:38.0104 8892 OpcEnum - ok
11:32:38.0111 8892 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:32:38.0112 8892 ose - ok
11:32:38.0182 8892 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:32:38.0201 8892 osppsvc - ok
11:32:38.0212 8892 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:32:38.0217 8892 p2pimsvc - ok
11:32:38.0224 8892 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:32:38.0230 8892 p2psvc - ok
11:32:38.0234 8892 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
11:32:38.0236 8892 Parport - ok
11:32:38.0239 8892 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:32:38.0240 8892 partmgr - ok
11:32:38.0243 8892 [ 363B3F857ABEE85767E01E3044C539CD ] PBADRV C:\Windows\system32\DRIVERS\PBADRV.sys
11:32:38.0244 8892 PBADRV - ok
11:32:38.0248 8892 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:32:38.0253 8892 PcaSvc - ok
11:32:38.0258 8892 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
11:32:38.0260 8892 pci - ok
11:32:38.0263 8892 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
11:32:38.0264 8892 pciide - ok
11:32:38.0269 8892 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
11:32:38.0272 8892 pcmcia - ok
11:32:38.0275 8892 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:32:38.0276 8892 pcw - ok
11:32:38.0284 8892 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:32:38.0290 8892 PEAUTH - ok
11:32:38.0305 8892 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
11:32:38.0317 8892 PeerDistSvc - ok
11:32:38.0322 8892 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:32:38.0323 8892 PerfHost - ok
11:32:38.0336 8892 [ DB5C32A4130E6B36CD6ED7A5A6C7751E ] PID_0928 C:\Windows\system32\DRIVERS\LV561V64.SYS
11:32:38.0342 8892 PID_0928 - ok
11:32:38.0357 8892 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
11:32:38.0370 8892 pla - ok
11:32:38.0377 8892 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:32:38.0384 8892 PlugPlay - ok
11:32:38.0389 8892 [ D1A4DBB8A29F7FFC78378F47F9EA6B91 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
11:32:38.0390 8892 Pml Driver HPZ12 - ok
11:32:38.0393 8892 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:32:38.0395 8892 PNRPAutoReg - ok
11:32:38.0401 8892 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:32:38.0404 8892 PNRPsvc - ok
11:32:38.0411 8892 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:32:38.0417 8892 PolicyAgent - ok
11:32:38.0423 8892 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
11:32:38.0427 8892 Power - ok
11:32:38.0431 8892 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:32:38.0433 8892 PptpMiniport - ok
11:32:38.0436 8892 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
11:32:38.0437 8892 Processor - ok
11:32:38.0442 8892 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
11:32:38.0447 8892 ProfSvc - ok
11:32:38.0450 8892 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:32:38.0451 8892 ProtectedStorage - ok
11:32:38.0455 8892 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:32:38.0457 8892 Psched - ok
11:32:38.0460 8892 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
11:32:38.0461 8892 PxHlpa64 - ok
11:32:38.0477 8892 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
11:32:38.0491 8892 ql2300 - ok
11:32:38.0494 8892 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
11:32:38.0496 8892 ql40xx - ok
11:32:38.0501 8892 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
11:32:38.0506 8892 QWAVE - ok
11:32:38.0509 8892 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:32:38.0511 8892 QWAVEdrv - ok
11:32:38.0513 8892 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:32:38.0514 8892 RasAcd - ok
11:32:38.0517 8892 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:32:38.0518 8892 RasAgileVpn - ok
11:32:38.0522 8892 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:32:38.0525 8892 RasAuto - ok
11:32:38.0528 8892 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:32:38.0530 8892 Rasl2tp - ok
11:32:38.0536 8892 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
11:32:38.0542 8892 RasMan - ok
11:32:38.0545 8892 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:32:38.0547 8892 RasPppoe - ok
11:32:38.0550 8892 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:32:38.0551 8892 RasSstp - ok
11:32:38.0556 8892 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:32:38.0560 8892 rdbss - ok
11:32:38.0563 8892 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:32:38.0564 8892 rdpbus - ok
11:32:38.0566 8892 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:32:38.0567 8892 RDPCDD - ok
11:32:38.0573 8892 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
11:32:38.0576 8892 RDPDR - ok
11:32:38.0579 8892 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:32:38.0580 8892 RDPENCDD - ok
11:32:38.0583 8892 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:32:38.0584 8892 RDPREFMP - ok
11:32:38.0589 8892 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
11:32:38.0590 8892 RdpVideoMiniport - ok
11:32:38.0595 8892 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:32:38.0598 8892 RDPWD - ok
11:32:38.0602 8892 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:32:38.0605 8892 rdyboost - ok
11:32:38.0616 8892 [ F90CC59135F2945A6EBB1670A7BBD8B3 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
11:32:38.0619 8892 RegSrvc - ok
11:32:38.0623 8892 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:32:38.0626 8892 RemoteAccess - ok
11:32:38.0630 8892 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:32:38.0635 8892 RemoteRegistry - ok
11:32:38.0639 8892 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
11:32:38.0641 8892 RFCOMM - ok
11:32:38.0643 8892 RimUsb - ok
11:32:38.0659 8892 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
11:32:38.0665 8892 RoxMediaDB12OEM - ok
11:32:38.0669 8892 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
11:32:38.0671 8892 RoxWatch12 - ok
11:32:38.0674 8892 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:32:38.0677 8892 RpcEptMapper - ok
11:32:38.0680 8892 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:32:38.0682 8892 RpcLocator - ok
11:32:38.0689 8892 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
11:32:38.0693 8892 RpcSs - ok
11:32:38.0699 8892 [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys
11:32:38.0703 8892 RsFx0103 - ok
11:32:38.0706 8892 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:32:38.0708 8892 rspndr - ok
11:32:38.0711 8892 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
11:32:38.0713 8892 s3cap - ok
11:32:38.0715 8892 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
11:32:38.0717 8892 SamSs - ok
11:32:38.0720 8892 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:32:38.0722 8892 sbp2port - ok
11:32:38.0727 8892 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:32:38.0731 8892 SCardSvr - ok
11:32:38.0735 8892 [ 741B338D675FE20B779E7EFFA55032FE ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
11:32:38.0736 8892 SCDEmu - ok
11:32:38.0739 8892 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:32:38.0741 8892 scfilter - ok
11:32:38.0753 8892 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
11:32:38.0764 8892 Schedule - ok
11:32:38.0767 8892 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:32:38.0768 8892 SCPolicySvc - ok
11:32:38.0772 8892 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:32:38.0775 8892 SDRSVC - ok
11:32:38.0791 8892 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
11:32:38.0795 8892 SDScannerService - ok
11:32:38.0810 8892 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
11:32:38.0816 8892 SDUpdateService - ok
11:32:38.0821 8892 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
11:32:38.0822 8892 SDWSCService - ok
11:32:38.0825 8892 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:32:38.0826 8892 secdrv - ok
11:32:38.0829 8892 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
11:32:38.0832 8892 seclogon - ok
11:32:38.0858 8892 [ 8365191D0FE7DF5972B889821ADBE62B ] SecureStorageService C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe
11:32:38.0867 8892 SecureStorageService - ok
11:32:38.0871 8892 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
11:32:38.0874 8892 SENS - ok
11:32:38.0877 8892 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:32:38.0880 8892 SensrSvc - ok
11:32:38.0882 8892 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:32:38.0884 8892 Serenum - ok
11:32:38.0887 8892 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:32:38.0889 8892 Serial - ok
11:32:38.0891 8892 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
11:32:38.0893 8892 sermouse - ok
11:32:38.0896 8892 [ 9A3AE50E318C28E817F201B719687D1E ] Service1 c:\changeip\ChangeIP.exe
11:32:38.0897 8892 Service1 - ok
11:32:38.0903 8892 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
11:32:38.0907 8892 SessionEnv - ok
11:32:38.0909 8892 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:32:38.0911 8892 sffdisk - ok
11:32:38.0914 8892 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:32:38.0915 8892 sffp_mmc - ok
11:32:38.0918 8892 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:32:38.0919 8892 sffp_sd - ok
11:32:38.0922 8892 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
11:32:38.0923 8892 sfloppy - ok
11:32:38.0929 8892 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:32:38.0934 8892 SharedAccess - ok
11:32:38.0940 8892 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:32:38.0946 8892 ShellHWDetection - ok
11:32:38.0949 8892 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
11:32:38.0951 8892 SiSRaid2 - ok
11:32:38.0954 8892 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
11:32:38.0956 8892 SiSRaid4 - ok
11:32:39.0014 8892 [ 3740B83AEC21D981065D7E819BD7E878 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
11:32:39.0026 8892 Skype C2C Service - ok
11:32:39.0034 8892 [ A37740568718F245E818D0C5575B9AA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
11:32:39.0035 8892 SkypeUpdate - ok
11:32:39.0039 8892 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:32:39.0041 8892 Smb - ok
11:32:39.0049 8892 [ 32CB8E01C0370E4B7345920090D5DC57 ] SMmonitor C:\Program Files (x86)\IBM_DS\client\monitor\SMmonitor.exe
11:32:39.0049 8892 SMmonitor - ok
11:32:39.0058 8892 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:32:39.0061 8892 SNMPTRAP - ok
11:32:39.0064 8892 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:32:39.0064 8892 spldr - ok
11:32:39.0072 8892 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
11:32:39.0079 8892 Spooler - ok
11:32:39.0112 8892 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
11:32:39.0127 8892 sppsvc - ok
11:32:39.0131 8892 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:32:39.0134 8892 sppuinotify - ok
11:32:39.0145 8892 [ 12E6D95CDE974B131DEFAA44BAB8B056 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
11:32:39.0146 8892 SQLAgent$SQLEXPRESS - ok
11:32:39.0150 8892 [ 3F1292E8ABF33070BF5A3838D85DF121 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
11:32:39.0151 8892 SQLWriter - ok
11:32:39.0158 8892 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
11:32:39.0163 8892 srv - ok
11:32:39.0170 8892 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:32:39.0174 8892 srv2 - ok
11:32:39.0179 8892 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:32:39.0181 8892 srvnet - ok
11:32:39.0186 8892 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:32:39.0190 8892 SSDPSRV - ok
11:32:39.0194 8892 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:32:39.0197 8892 SstpSvc - ok
11:32:39.0203 8892 [ 46B72C1C296C1E985D031D98F0FFA5E5 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
11:32:39.0204 8892 STacSV - ok
11:32:39.0207 8892 [ 92E7F6666633D2DD91D527503DAA7BE0 ] stdcfltn C:\Windows\system32\DRIVERS\stdcfltn.sys
11:32:39.0208 8892 stdcfltn - ok
11:32:39.0216 8892 [ 479321C119B54D7F13A91E16CF7C2E9A ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
11:32:39.0218 8892 Stereo Service - ok
11:32:39.0221 8892 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
11:32:39.0222 8892 stexstor - ok
11:32:39.0230 8892 [ 501B376781EB6E46AAE43946E3DD7D84 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
11:32:39.0235 8892 STHDA - ok
11:32:39.0238 8892 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
11:32:39.0239 8892 StillCam - ok
11:32:39.0247 8892 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
11:32:39.0254 8892 stisvc - ok
11:32:39.0258 8892 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
11:32:39.0259 8892 stllssvr - ok
11:32:39.0262 8892 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
11:32:39.0265 8892 StorSvc - ok
11:32:39.0268 8892 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
11:32:39.0270 8892 storvsc - ok
11:32:39.0273 8892 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
11:32:39.0273 8892 swenum - ok
11:32:39.0280 8892 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:32:39.0287 8892 swprv - ok
11:32:39.0291 8892 [ 4CDD7DF58730D23BA9CB5829A6E2ECEA ] SynthVid C:\Windows\system32\DRIVERS\VMBusVideoM.sys
11:32:39.0293 8892 SynthVid - ok
11:32:39.0310 8892 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
11:32:39.0327 8892 SysMain - ok
11:32:39.0330 8892 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:32:39.0334 8892 TabletInputService - ok
11:32:39.0337 8892 [ 3B73C849B41FB20D77B0E553214061A5 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
11:32:39.0339 8892 tap0901 - ok
11:32:39.0344 8892 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:32:39.0350 8892 TapiSrv - ok
11:32:39.0353 8892 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:32:39.0356 8892 TBS - ok
11:32:39.0375 8892 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:32:39.0390 8892 Tcpip - ok
11:32:39.0410 8892 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:32:39.0417 8892 TCPIP6 - ok
11:32:39.0421 8892 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:32:39.0423 8892 tcpipreg - ok
11:32:39.0442 8892 [ 3D52B206D9F6F3ECFDB5D676614E47B6 ] tcsd_win32.exe C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
11:32:39.0448 8892 tcsd_win32.exe - ok
11:32:39.0484 8892 [ E2F626E4A23E12DE31D8820FF143A456 ] TdmService C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
11:32:39.0498 8892 TdmService - ok
11:32:39.0502 8892 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:32:39.0504 8892 TDPIPE - ok
11:32:39.0507 8892 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:32:39.0508 8892 TDTCP - ok
11:32:39.0512 8892 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:32:39.0514 8892 tdx - ok
11:32:39.0517 8892 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
11:32:39.0518 8892 TermDD - ok
11:32:39.0526 8892 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
11:32:39.0535 8892 TermService - ok
11:32:39.0538 8892 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:32:39.0541 8892 Themes - ok
11:32:39.0544 8892 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:32:39.0546 8892 THREADORDER - ok
11:32:39.0554 8892 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:32:39.0558 8892 TrkWks - ok
11:32:39.0562 8892 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:32:39.0563 8892 TrustedInstaller - ok
11:32:39.0567 8892 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:32:39.0569 8892 tssecsrv - ok
11:32:39.0572 8892 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:32:39.0573 8892 TsUsbFlt - ok
11:32:39.0576 8892 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
11:32:39.0577 8892 TsUsbGD - ok
11:32:39.0581 8892 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:32:39.0583 8892 tunnel - ok
11:32:39.0597 8892 [ AAF458CC200326BEF602B5339400BF86 ] tvnserver C:\Program Files (x86)\TightVNC\tvnserver.exe
11:32:39.0600 8892 tvnserver - ok
11:32:39.0606 8892 [ 044B15A4597543F997986EB5EBB9F574 ] UA COM Server Wrapper C:\Program Files (x86)\Common Files\OPC Foundation\UA\v1.0\Bin\Opc.Ua.ComServerWrapper.exe
11:32:39.0607 8892 UA COM Server Wrapper - ok
11:32:39.0610 8892 [ DCAA2D990742829DA3838BD0A3ED9268 ] UA Local Discovery Server C:\Program Files (x86)\Common Files\OPC Foundation\UA\v1.0\Bin\Opc.Ua.DiscoveryServer.exe
11:32:39.0610 8892 UA Local Discovery Server - ok
11:32:39.0613 8892 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
11:32:39.0615 8892 uagp35 - ok
11:32:39.0621 8892 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:32:39.0625 8892 udfs - ok
11:32:39.0630 8892 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:32:39.0633 8892 UI0Detect - ok
11:32:39.0637 8892 [ 49B13845F0DBE39B47FC91DC46B2170A ] UimBus C:\Windows\system32\DRIVERS\uimx64.sys
11:32:39.0638 8892 UimBus - ok
11:32:39.0645 8892 [ DD46BEC773C011EAA5E502C43A73A1CC ] Uim_IM C:\Windows\system32\Drivers\Uim_IMx64.sys
11:32:39.0648 8892 Uim_IM - ok
11:32:39.0651 8892 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:32:39.0653 8892 uliagpkx - ok
11:32:39.0656 8892 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:32:39.0657 8892 umbus - ok
11:32:39.0662 8892 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
11:32:39.0663 8892 UmPass - ok
11:32:39.0669 8892 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
11:32:39.0674 8892 UmRdpService - ok
11:32:39.0700 8892 [ A69CD6BDB82872999D2E46F9324ADA83 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
11:32:39.0710 8892 UNS - ok
11:32:39.0717 8892 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:32:39.0723 8892 upnphost - ok
11:32:39.0731 8892 [ 3CB4B7D5CB10A925BCBD5AB7046AB8AB ] USB28xxBGA C:\Windows\system32\DRIVERS\emBDA64.sys
11:32:39.0737 8892 USB28xxBGA - ok
11:32:39.0746 8892 [ 1124A9445C5835CB40C0099E6C3FA2C2 ] USB28xxOEM C:\Windows\system32\DRIVERS\emOEM64.sys
11:32:39.0752 8892 USB28xxOEM - ok
11:32:39.0757 8892 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
11:32:39.0759 8892 usbaudio - ok
11:32:39.0762 8892 [ 5FCC71487888589A9244AF54CFEFAB29 ] usbbus C:\Windows\system32\DRIVERS\lgx64bus.sys
11:32:39.0764 8892 usbbus - ok
11:32:39.0767 8892 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:32:39.0769 8892 usbccgp - ok
11:32:39.0773 8892 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:32:39.0775 8892 usbcir - ok
11:32:39.0778 8892 [ 3FB6E423F7567C92C32EA786F5FD0C69 ] UsbDiag C:\Windows\system32\DRIVERS\lgx64diag.sys
11:32:39.0780 8892 UsbDiag - ok
11:32:39.0783 8892 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:32:39.0784 8892 usbehci - ok
11:32:39.0788 8892 [ 8E36E68C0B7FA174012A61A290351E49 ] UsbGps C:\Windows\system32\DRIVERS\lgx64gps.sys
11:32:39.0790 8892 UsbGps - ok
11:32:39.0796 8892 [ 8B892002D7B79312821169A14317AB86 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:32:39.0800 8892 usbhub - ok
11:32:39.0803 8892 [ 78D551F5B93488B4666F5FC8DD4815F3 ] USBModem C:\Windows\system32\DRIVERS\lgx64modem.sys
11:32:39.0805 8892 USBModem - ok
11:32:39.0808 8892 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:32:39.0809 8892 usbohci - ok
11:32:39.0813 8892 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:32:39.0814 8892 usbprint - ok
11:32:39.0817 8892 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:32:39.0819 8892 USBSTOR - ok
11:32:39.0822 8892 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
11:32:39.0824 8892 usbuhci - ok
11:32:39.0829 8892 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
11:32:39.0832 8892 usbvideo - ok
11:32:39.0835 8892 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:32:39.0838 8892 UxSms - ok
11:32:39.0841 8892 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
11:32:39.0843 8892 VaultSvc - ok
11:32:39.0849 8892 [ 03837B80AD5D8A00996148AD57C09791 ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys
11:32:39.0850 8892 VBoxDrv - ok
11:32:39.0855 8892 [ 51CEE8E2B356FDC351DB20C87F25F5A8 ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
11:32:39.0858 8892 VBoxNetAdp - ok
11:32:39.0863 8892 [ CE7E80C7367B2ADAA023D9004C9F4691 ] VBoxNetFlt C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
11:32:39.0864 8892 VBoxNetFlt - ok
11:32:39.0870 8892 [ 27C9A9F2FA94140DDCF7B9131E13E1B4 ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
11:32:39.0871 8892 VBoxUSBMon - ok
11:32:39.0874 8892 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:32:39.0875 8892 vdrvroot - ok
11:32:39.0882 8892 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
11:32:39.0890 8892 vds - ok
11:32:39.0903 8892 [ E449211A88BBF6B734DE39140BAF3389 ] VeriWave FLEXnet License Manager C:\Program Files (x86)\VeriWave\WaveDeploy\lmgrd.exe
11:32:39.0908 8892 VeriWave FLEXnet License Manager - ok
11:32:39.0912 8892 [ 00C7DF4F50962BA218AB60D32869100B ] vflt C:\Windows\system32\DRIVERS\vfilter.sys
11:32:39.0914 8892 vflt - ok
11:32:39.0917 8892 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:32:39.0918 8892 vga - ok
11:32:39.0921 8892 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:32:39.0922 8892 VgaSave - ok
11:32:39.0927 8892 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:32:39.0930 8892 vhdmp - ok
11:32:39.0933 8892 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
11:32:39.0934 8892 viaide - ok
11:32:39.0937 8892 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
11:32:39.0939 8892 VMBusHID - ok
11:32:39.0942 8892 [ A99CA064AD11266FE7067A79BF78BBB5 ] vnet C:\Windows\system32\DRIVERS\virtualnet.sys
11:32:39.0944 8892 vnet - ok
11:32:39.0948 8892 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:32:39.0949 8892 volmgr - ok
11:32:39.0955 8892 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:32:39.0959 8892 volmgrx - ok
11:32:39.0965 8892 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:32:39.0968 8892 volsnap - ok
11:32:39.0973 8892 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
11:32:39.0974 8892 vpcbus - ok
11:32:39.0978 8892 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
11:32:39.0980 8892 vpcnfltr - ok
11:32:39.0983 8892 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
11:32:39.0985 8892 vpcusb - ok
11:32:39.0992 8892 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
11:32:39.0994 8892 vpcvmm - ok
11:32:40.0002 8892 [ E23BC9B12EF85B58083A6985F9BE3C44 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
11:32:40.0005 8892 vpnagent - ok
11:32:40.0008 8892 [ A8D4FED106B4BD337DF3DA20BA44E18E ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
11:32:40.0010 8892 vpnva - ok
11:32:40.0014 8892 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
11:32:40.0017 8892 vsmraid - ok
11:32:40.0034 8892 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
11:32:40.0050 8892 VSS - ok
11:32:40.0057 8892 [ 94B10FC6D7079D17171B6C4252FC23B2 ] vstor2-mntapi10 C:\Program Files (x86)\VMware\VMware Virtual Disk Development Kit\bin\vstor2-mntapi10.sys
11:32:40.0058 8892 vstor2-mntapi10 - ok
11:32:40.0061 8892 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
11:32:40.0062 8892 vwifibus - ok
11:32:40.0066 8892 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
11:32:40.0067 8892 vwififlt - ok
11:32:40.0070 8892 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
11:32:40.0071 8892 vwifimp - ok
11:32:40.0077 8892 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:32:40.0084 8892 W32Time - ok
11:32:40.0092 8892 [ B32009DB1972E7F2C227499289C4384A ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
11:32:40.0094 8892 W3SVC - ok
11:32:40.0098 8892 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
11:32:40.0099 8892 WacomPen - ok
11:32:40.0102 8892 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:32:40.0104 8892 WANARP - ok
11:32:40.0108 8892 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:32:40.0108 8892 Wanarpv6 - ok
11:32:40.0115 8892 [ B32009DB1972E7F2C227499289C4384A ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
11:32:40.0117 8892 WAS - ok
11:32:40.0132 8892 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:32:40.0143 8892 WatAdminSvc - ok
11:32:40.0162 8892 [ E45BCE01F15EEB240FE9DB83B9D86BE3 ] Wave Authentication Manager Service C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
11:32:40.0169 8892 Wave Authentication Manager Service - ok
11:32:40.0186 8892 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
11:32:40.0200 8892 wbengine - ok
11:32:40.0205 8892 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:32:40.0210 8892 WbioSrvc - ok
11:32:40.0216 8892 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:32:40.0223 8892 wcncsvc - ok
11:32:40.0226 8892 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:32:40.0229 8892 WcsPlugInService - ok
11:32:40.0232 8892 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
11:32:40.0234 8892 Wd - ok
11:32:40.0243 8892 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:32:40.0250 8892 Wdf01000 - ok
11:32:40.0254 8892 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:32:40.0257 8892 WdiServiceHost - ok
11:32:40.0260 8892 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:32:40.0263 8892 WdiSystemHost - ok
11:32:40.0268 8892 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
11:32:40.0274 8892 WebClient - ok
11:32:40.0279 8892 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:32:40.0284 8892 Wecsvc - ok
11:32:40.0287 8892 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:32:40.0291 8892 wercplsupport - ok
11:32:40.0294 8892 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:32:40.0298 8892 WerSvc - ok
11:32:40.0301 8892 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:32:40.0302 8892 WfpLwf - ok
11:32:40.0304 8892 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:32:40.0306 8892 WIMMount - ok
11:32:40.0308 8892 WinDefend - ok
11:32:40.0312 8892 WinHttpAutoProxySvc - ok
11:32:40.0321 8892 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:32:40.0325 8892 Winmgmt - ok
11:32:40.0345 8892 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
11:32:40.0363 8892 WinRM - ok
11:32:40.0370 8892 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
11:32:40.0372 8892 WinUsb - ok
11:32:40.0382 8892 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:32:40.0392 8892 Wlansvc - ok
11:32:40.0396 8892 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:32:40.0397 8892 wlcrasvc - ok
11:32:40.0420 8892 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:32:40.0429 8892 wlidsvc - ok
11:32:40.0452 8892 [ 7B8C8244274817C382303895A339E43A ] WMDrive C:\Windows\SysWOW64\drivers\WMDrive.sys
11:32:40.0453 8892 WMDrive - ok
11:32:40.0457 8892 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
11:32:40.0458 8892 WmiAcpi - ok
11:32:40.0465 8892 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:32:40.0467 8892 wmiApSrv - ok
11:32:40.0470 8892 WMPNetworkSvc - ok
11:32:40.0482 8892 [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe
11:32:40.0485 8892 WMZuneComm - ok
11:32:40.0488 8892 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:32:40.0492 8892 WPCSvc - ok
11:32:40.0495 8892 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:32:40.0499 8892 WPDBusEnum - ok
11:32:40.0502 8892 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:32:40.0504 8892 ws2ifsl - ok
11:32:40.0507 8892 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
11:32:40.0511 8892 wscsvc - ok
11:32:40.0515 8892 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
11:32:40.0516 8892 WSDPrintDevice - ok
11:32:40.0519 8892 WSearch - ok
11:32:40.0544 8892 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:32:40.0566 8892 wuauserv - ok
11:32:40.0570 8892 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:32:40.0572 8892 WudfPf - ok
11:32:40.0577 8892 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:32:40.0581 8892 WUDFRd - ok
11:32:40.0584 8892 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:32:40.0588 8892 wudfsvc - ok
11:32:40.0594 8892 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
11:32:40.0599 8892 WwanSvc - ok
11:32:40.0614 8892 [ B87E12317928739E22D2E3ACC7CCAC80 ] ZcfgSvc7 C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
11:32:40.0618 8892 ZcfgSvc7 - ok
11:32:40.0688 8892 [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe
11:32:40.0720 8892 ZuneNetworkSvc - ok
11:32:40.0730 8892 [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe
11:32:40.0732 8892 ZuneWlanCfgSvc - ok
11:32:40.0750 8892 ================ Scan global ===============================
11:32:40.0754 8892 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:32:40.0759 8892 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
11:32:40.0767 8892 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
11:32:40.0773 8892 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:32:40.0781 8892 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:32:40.0786 8892 [Global] - ok
11:32:40.0786 8892 ================ Scan MBR ==================================
11:32:40.0788 8892 [ D7AD5AA31A559120C3BA48FD0A1B1636 ] \Device\Harddisk0\DR0
11:32:40.0847 8892 \Device\Harddisk0\DR0 - ok
11:32:40.0848 8892 ================ Scan VBR ==================================
11:32:40.0850 8892 [ A15DF69E887C68138835E8980C094D24 ] \Device\Harddisk0\DR0\Partition1
11:32:40.0851 8892 \Device\Harddisk0\DR0\Partition1 - ok
11:32:40.0853 8892 [ 975F4E194ECD68EC17B60EDC32F573A6 ] \Device\Harddisk0\DR0\Partition2
11:32:40.0854 8892 \Device\Harddisk0\DR0\Partition2 - ok
11:32:40.0854 8892 ============================================================
11:32:40.0854 8892 Scan finished
11:32:40.0854 8892 ============================================================
11:32:40.0859 0976 Detected object count: 0
11:32:40.0859 0976 Actual detected object count: 0

#10 btr03

btr03
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 30 November 2012 - 02:53 PM

Results from aswMBR show no infections. Log attached.

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-30 12:55:36
-----------------------------
12:55:36.432 OS Version: Windows x64 6.1.7601 Service Pack 1
12:55:36.432 Number of processors: 4 586 0x2A07
12:55:36.433 ComputerName: TACRBADGETT UserName: rbadgett
12:55:37.195 Initialize success
12:55:37.262 AVAST engine defs: 12113000
12:55:41.906 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:55:41.907 Disk 0 Vendor: SAMSUNG_ AXM0 Size: 122104MB BusType: 8
12:55:42.035 Disk 0 MBR read successfully
12:55:42.037 Disk 0 MBR scan
12:55:42.040 Disk 0 Windows 7 default MBR code
12:55:42.070 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
12:55:42.076 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 752 MB offset 81920
12:55:42.114 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 121308 MB offset 1622016
12:55:42.226 Disk 0 scanning C:\Windows\system32\drivers
12:56:56.990 Service scanning
12:57:03.195 Modules scanning
12:57:03.213 Disk 0 trace - called modules:
12:57:03.228 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
12:57:03.242 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008a90060]
12:57:03.249 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80089aacb0]
12:57:03.252 5 stdcfltn.sys[fffff88001b15c52] -> nt!IofCallDriver -> [0xfffffa80078908c0]
12:57:03.255 7 ACPI.sys[fffff88000d6a7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007895050]
12:57:03.581 AVAST engine scan C:\Windows
12:57:43.787 AVAST engine scan C:\Windows\system32
13:24:01.922 AVAST engine scan C:\Windows\system32\drivers
13:26:18.603 AVAST engine scan C:\Users\Rbadgett
14:11:26.383 AVAST engine scan C:\ProgramData
14:12:55.727 Scan finished successfully
14:25:12.772 Disk 0 MBR has been saved successfully to "C:\Users\Rbadgett\Downloads\MBR.dat"
14:25:12.776 The log file has been saved successfully to "C:\Users\Rbadgett\Downloads\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:47 PM

Posted 30 November 2012 - 03:30 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 btr03

btr03
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 30 November 2012 - 04:16 PM

I have attached Combofix log. Unfortuantely, I am still unable to browse microsoft sites, AV sites, or connect to windows updates without configuring a proxy server in IE9. In addition, this problem occurs in any browser, Firefox, Google Chrome, etc. I have also scanned system files using sfc /scannow and no corrupt files were found.

ComboFix 12-11-30.02 - rbadgett 11/30/2012 15:55:49.4.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8149.4461 [GMT -5:00]
Running from: c:\users\Rbadgett\Desktop\ComboFix.exe
Command switches used :: c:\users\Rbadgett\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-30 )))))))))))))))))))))))))))))))
.
.
2012-11-30 20:59 . 2012-11-30 20:59 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-11-30 20:59 . 2012-11-30 20:59 -------- d-----w- c:\users\test\AppData\Local\temp
2012-11-30 20:59 . 2012-11-30 20:59 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-11-30 20:59 . 2012-11-30 20:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-30 20:59 . 2012-11-30 20:59 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2012-11-30 15:43 . 2012-11-30 15:29 533705 ----a-w- C:\adwcleaner.exe
2012-11-30 14:48 . 2012-11-30 14:48 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FE4F7CA7-FF8D-48AE-973E-B69B28A5A6B1}\offreg.dll
2012-11-30 14:42 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FE4F7CA7-FF8D-48AE-973E-B69B28A5A6B1}\mpengine.dll
2012-11-30 13:28 . 2012-11-30 13:28 -------- d-----w- C:\_OTL
2012-11-30 13:06 . 2012-11-30 13:06 -------- d-----w- c:\windows\ERUNT
2012-11-30 13:06 . 2012-11-30 13:06 -------- d-----w- C:\JRT
2012-11-30 12:23 . 2012-11-30 12:23 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2012-11-30 12:20 . 2012-11-30 12:25 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-11-30 12:19 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe
2012-11-30 12:16 . 2012-11-30 12:25 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-11-29 23:42 . 2012-11-29 23:42 -------- d-----w- c:\users\Rbadgett\AppData\Local\Macromedia
2012-11-29 20:48 . 2012-10-30 23:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-11-29 20:48 . 2012-10-30 23:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-29 20:48 . 2012-10-30 23:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-11-29 20:48 . 2012-10-30 23:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-11-29 20:48 . 2012-10-30 23:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-11-29 20:48 . 2012-10-30 23:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-11-29 20:48 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-11-29 20:48 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr
2012-11-29 20:48 . 2012-10-30 23:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-11-29 20:47 . 2012-11-29 20:47 -------- d-----w- c:\programdata\AVAST Software
2012-11-29 20:47 . 2012-11-29 20:47 -------- d-----w- c:\program files\AVAST Software
2012-11-29 16:27 . 2012-11-28 12:45 1129472 ----a-w- C:\wininet.dll
2012-11-29 16:02 . 2012-10-08 07:48 1129472 ----a-w- c:\windows\wininet.dll
2012-11-29 15:57 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-29 15:57 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-29 15:57 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-29 15:57 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-29 15:54 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-29 15:54 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-29 15:54 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-29 15:54 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-29 15:54 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-29 15:54 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-29 15:54 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-29 15:50 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-29 15:50 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-29 15:21 . 2012-11-29 15:21 -------- d-----w- c:\program files (x86)\Hand-Crafted Software
2012-11-28 18:50 . 2012-11-29 14:05 -------- d-----w- c:\users\Rbadgett\AppData\Roaming\QuickScan
2012-11-28 17:26 . 2012-11-28 19:37 -------- d-----w- c:\program files (x86)\PC HealthBoost
2012-11-28 16:44 . 2012-11-28 16:44 -------- d-----w- C:\HAHA
2012-11-28 16:10 . 2012-11-28 16:10 -------- d-----w- c:\users\Rbadgett\AppData\Local\Mozilla
2012-11-28 16:10 . 2012-11-28 16:10 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-11-28 15:41 . 2012-11-29 15:54 -------- d-----w- c:\windows\softwaredistribution.bak
2012-11-28 15:36 . 2012-11-29 15:57 -------- d-----w- c:\windows\system32\catroot2
2012-11-28 10:57 . 2012-11-28 10:57 -------- d-----w- c:\programdata\RegInOut
2012-11-28 10:57 . 2012-11-28 10:57 -------- d-----w- c:\windows\RegInOut System Utilities
2012-11-28 02:26 . 2012-11-28 02:26 -------- d-----w- c:\program files\HitmanPro
2012-11-28 01:57 . 2012-11-28 01:58 -------- d-----w- c:\programdata\HitmanPro
2012-11-28 01:12 . 2012-11-28 01:12 -------- d-----w- c:\program files\CCleaner
2012-11-27 22:36 . 2012-11-28 19:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-11-27 22:35 . 2009-01-25 17:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2012-11-27 22:35 . 2012-11-27 22:36 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2012-11-27 21:49 . 2012-11-27 21:49 -------- d-----w- c:\users\test\AppData\Roaming\WinMount
2012-11-27 21:42 . 2012-11-27 21:42 -------- d-----w- c:\users\test\AppData\Roaming\IBM
2012-11-27 21:42 . 2012-11-27 21:42 -------- d-----r- c:\users\test\Virtual Machines
2012-11-27 21:42 . 2012-11-27 21:42 -------- d-----r- c:\users\test\Podcasts
2012-11-27 21:07 . 2012-11-27 21:07 388096 ----a-r- c:\users\Rbadgett\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-11-27 20:23 . 2012-11-27 20:23 -------- d-----w- c:\programdata\Sophos
2012-11-27 20:23 . 2012-11-27 20:23 -------- d-----w- c:\program files (x86)\Sophos
2012-11-19 20:01 . 2012-11-19 20:01 -------- d-----w- c:\users\Rbadgett\AppData\Local\IsolatedStorage
2012-11-15 19:53 . 2012-11-15 19:53 -------- d-----w- c:\users\Rbadgett\Download
2012-11-12 13:39 . 2012-11-28 01:37 -------- d-----w- c:\users\Rbadgett\AppData\Roaming\Oweha
2012-11-12 13:39 . 2012-11-27 21:21 -------- d-----w- c:\users\Rbadgett\AppData\Roaming\Bewuo
2012-11-12 13:39 . 2012-11-12 13:39 -------- d-----w- c:\users\Rbadgett\AppData\Roaming\Deasbe
2012-11-02 11:28 . 2012-11-02 11:28 -------- d-----w- c:\program files (x86)\Xirrus
2012-11-02 11:27 . 2012-11-02 11:27 -------- d-----w- c:\users\Rbadgett\AppData\Roaming\Xirrus
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-29 12:55 . 2012-05-01 11:46 40119 ----a-w- c:\users\Rbadgett\advanced_ip_scanner_Favorites.bin
2012-11-29 12:55 . 2011-10-19 14:14 23264 ----a-w- c:\users\Rbadgett\advanced_ip_scanner_MAC.bin
2012-10-31 11:11 . 2012-06-22 10:58 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-31 11:11 . 2011-09-25 01:54 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-30 02:04 . 2011-10-03 01:26 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-17 15:30 . 2012-10-17 15:30 10744 ----a-w- c:\windows\SysWow64\vpncategories.dll
2012-10-17 15:30 . 2012-10-17 15:30 33784 ----a-w- c:\windows\SysWow64\vpnevents.dll
2012-10-17 15:13 . 2010-05-06 01:46 27048 ----a-w- c:\windows\system32\drivers\vpnva64.sys
2012-10-17 15:11 . 2012-10-17 15:11 107432 ----a-r- c:\windows\system32\drivers\acsock64.sys
2012-10-16 17:16 . 2012-10-16 17:16 4 ----a-w- c:\windows\SysWow64\drivers\shfldol.sys
2012-10-16 08:38 . 2012-11-29 15:51 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-29 15:51 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-29 15:51 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-11 13:23 . 2011-09-30 17:24 2454464 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-09-14 19:19 . 2012-10-10 19:30 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 19:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17420464]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"Client Access Service"="c:\program files (x86)\IBM\Client Access\cwbsvstr.exe" [2009-12-08 14848]
"tvncontrol"="c:\program files (x86)\TightVNC\tvnserver.exe" [2011-08-03 828944]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-2-8 1136928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
"LogonType"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-09 123856]
R2 DriverX;DriverX;c:\windows\System32\Drivers\DriverX.sys [x]
R2 EaseUS Agent;EaseUS Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2011-10-22 60552]
R2 IBMStorageManagerProfilerCollector;IBMStorageManagerProfilerCollector;c:\program files (x86)\IBM_DS\IBMStorageManagerProfiler Server\webapps\ROOT\bin\IBMStorageManagerProfilerCollector.exe [2010-12-16 94720]
R2 IBMStorageManagerProfilerEventReceiver;IBMStorageManagerProfilerEventReceiver;c:\program files (x86)\IBM_DS\IBMStorageManagerProfiler Server\webapps\ROOT\bin\IBMStorageManagerProfilerEventReceiver.exe [2010-12-16 94720]
R2 IBMStorageManagerProfilerMaintenance;IBMStorageManagerProfilerMaintenance;c:\program files (x86)\IBM_DS\IBMStorageManagerProfiler Server\webapps\ROOT\bin\IBMStorageManagerProfilerMaintenance.exe [2010-12-16 94720]
R2 IBMStorageManagerProfilerPoller;IBMStorageManagerProfilerPoller;c:\program files (x86)\IBM_DS\IBMStorageManagerProfiler Server\webapps\ROOT\bin\IBMStorageManagerProfilerPoller.exe [2010-12-16 94720]
R2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2012-07-18 80448]
R2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe [2003-04-19 8192]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 SMmonitor;IBM DS Storage Manager 10 Event Monitor;c:\program files (x86)\IBM_DS\client\monitor\SMmonitor.exe [2011-03-18 69632]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2012-10-17 107432]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;c:\program files (x86)\Citrix\GoToAssist Remote Support Customer\428\g2ax_service.exe Start=service [x]
R3 Guard Agent;Guard Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2011-10-22 23176]
R3 HPWPAUSB;Wireless Printer Adapter;c:\windows\system32\Drivers\HPWPAUSB.sys [2007-08-24 24576]
R3 IBM LUM NDL;IBM Nodelock License Server;c:\ifor\WIN\BIN\I4LLMD.EXE [2004-07-23 24576]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 KEPServerEXKeySvcV5;KEPServerEX 5.6 Key Service;c:\program files (x86)\Kepware\KEPServerEX 5\keysvc.exe [2011-07-21 32512]
R3 LeapFrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [2009-10-10 40320]
R3 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-01-29 36720]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys [2011-01-03 72808]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 UsbGps;LGE CDMA USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgx64gps.sys [2008-11-11 27136]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-04-03 147248]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2010-09-02 17408]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-03 1255736]
R4 IBM LUM CR;IBM Central Registry License Server;c:\ifor\WIN\BIN\I4GDB.EXE [2004-07-23 24576]
R4 IBM LUM LMD;IBM Network License Server;c:\ifor\WIN\BIN\I4LMD.EXE [2004-07-23 24576]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-10-22 44680]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-10-22 50312]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-06-05 25960]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-10-22 19592]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2011-10-22 189576]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-04-03 224048]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-04-03 130864]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2010-09-02 21504]
S1 WMDrive;WMDrive;c:\windows\SysWOW64\drivers\WMDrive.sys [2011-11-09 92536]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [2011-11-24 78208]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2011-05-13 1043872]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2011-05-13 36768]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-01-20 517488]
S2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2010-10-08 56592]
S2 EkaProt6;Ekahau User Protocol Driver for NDIS 6;c:\windows\system32\DRIVERS\ekaprot6.sys [2011-01-31 27288]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 IBMStorageManagerProfilerWebServer;IBMStorageManagerProfilerWebServer;C:/Program Files (x86)/IBM_DS/IBMStorageManagerProfiler Server\bin\tomcat5.exe [2010-12-16 57344]
S2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2010-10-08 957712]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-09-22 165032]
S2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2010-10-08 697616]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 KEPServerEXLoggerV5;KEPServerEX 5.6 Event Logger;c:\program files (x86)\Kepware\KEPServerEX 5\server_eventlog.exe [2011-07-21 107776]
S2 KEPServerEXV5;KEPServerEX 5.6 Runtime;c:\program files (x86)\Kepware\KEPServerEX 5\server_runtime.exe [2011-07-21 183552]
S2 OCS Inventory Service;OCS Inventory Service;c:\program files (x86)\OCS Inventory Agent\OcsService.exe [2011-10-18 35840]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-06-05 378472]
S2 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe [2011-08-03 828944]
S2 UA COM Server Wrapper;UA COM Server Wrapper;c:\program files (x86)\Common Files\OPC Foundation\UA\v1.0\Bin\Opc.Ua.ComServerWrapper.exe [2012-04-07 25088]
S2 UA Local Discovery Server;UA Local Discovery Server;c:\program files (x86)\Common Files\OPC Foundation\UA\v1.0\Bin\Opc.Ua.DiscoveryServer.exe [2012-04-07 28160]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S2 VeriWave FLEXnet License Manager;VeriWave FLEXnet License Manager;c:\program files (x86)\VeriWave\WaveDeploy\lmgrd.exe [2011-10-29 1122568]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-10-17 544248]
S2 vstor2-mntapi10;Vstor2 vix Disk Tools Virtual Storage Driver;c:\program files (x86)\VMware\VMware Virtual Disk Development Kit\bin\vstor2-mntapi10.sys [2009-11-03 32816]
S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-07-01 1600000]
S2 ZcfgSvc7;Intel® PROSet/Wireless ZeroConfig Service;c:\program files\Intel\WiFi\bin\ZCfgSvc7.exe [2010-12-23 992256]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-09-25 349736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-09-25 39464]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 172960]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2011-05-10 38504]
S3 EZSocketGOT;EZSocketGOT;c:\windows\system32\drivers\EZSocketGOT.sys [2010-09-01 254976]
S3 hpnuhst;HP NUSB Host;c:\windows\system32\DRIVERS\hpnuhst.sys [2007-03-27 16384]
S3 HPNUHUB;HP NUSB Hub;c:\windows\system32\DRIVERS\hpnuhub.sys [2007-10-31 40448]
S3 KEPServerEXV5_OPCNET;KEPServerEX 5.6 OPC .NET;c:\program files (x86)\Kepware\KEPServerEX 5\xi_wrapper\xi_server_runtime.exe [2011-07-21 15616]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-10-12 50072]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys [2011-01-03 74984]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [2011-03-23 83560]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-04-03 166192]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 69738287
*Deregistered* - 69738287
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 11:11]
.
2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 13:20]
.
2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 13:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-05-27 22:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MountOverlayIcon]
@="{0F49CF41-FD97-4942-9F2A-35E8B489E7FB}"
[HKEY_CLASSES_ROOT\CLSID\{0F49CF41-FD97-4942-9F2A-35E8B489E7FB}]
2010-10-21 15:41 308736 ----a-w- c:\program files\WinMount\WinMTExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-05-27 22:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-05 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-07 525312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 416024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.toyotomi.tac/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = tacdmudd:8080
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: airtriq.jp\dc1
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\fullproduct.download
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www
Trusted Zone: windowsupdate.com
TCP: DhcpNameServer = 172.16.3.53 172.16.1.56
TCP: Interfaces\{6120810D-C5C6-413E-9E24-7DA00299F26F}: NameServer = 172.16.3.53
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://173.190.82.242/CACHE/stc/1/binaries/vpnweb.cab
DPF: {89A32C64-6176-4D10-BCA3-10B0079818FA} - hxxps://mail.toyotomi.tac:3443/webconsole/RIMWebComponents.cab
DPF: {9BBB3919-F518-4D06-8209-299FC243FC44} - hxxps://taciisapp:4343/SMB/console/html/root/AtxEnc.cab
DPF: {9DCD8EB7-E925-45C9-9321-8CA843FBEDCC} - hxxps://taciisapp:4343/SMB/console/html/root/AtxConsole.cab
FF - ProfilePath - c:\users\Rbadgett\AppData\Roaming\Mozilla\Firefox\Profiles\x1sf4j87.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.toyotomi.tac
FF - ExtSQL: 2012-11-29 15:50; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IBMStorageManagerProfilerWebServer]
"ImagePath"="\"C:/Program Files (x86)/IBM_DS/IBMStorageManagerProfiler Server\bin\tomcat5.exe\" //RS//IBMStorageManagerProfilerWebServer"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IBMStorageManagerProfilerWebServer]
"ImagePath"="\"C:/Program Files (x86)/IBM_DS/IBMStorageManagerProfiler Server\bin\tomcat5.exe\" //RS//IBMStorageManagerProfilerWebServer"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2012-11-30 16:01:35
ComboFix-quarantined-files.txt 2012-11-30 21:01
ComboFix2.txt 2012-11-29 20:46
.
Pre-Run: 30,206,902,272 bytes free
Post-Run: 29,883,703,296 bytes free
.
- - End Of File - - D3A3503EEEEDEEF5A9496B82E3CB2114

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:47 PM

Posted 30 November 2012 - 05:30 PM

Make sure, your settings are correct.
1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
4. For a wired network connection, right-click Local Area Connection, and then select Properties.
For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol version 4 (TCP/IPv4), make sure it is checked, and then click Properties
6. Make sure Obtain an IP Address Automatically and Obtain DNS server address Automatically are checked.
7. Click on "Advanced" button and make sure "IP Settings" tab looks like this:
Posted Image
Make sure "DNS" tab looks like this:
Posted Image
Make sure "WINS" tab looks like this:
Posted Image
8. Still in Control Panel double click on "Internet options" then "Connections" tab then "LAN Settings" button. Make sure "Automatically detect settings" is checked.
If you made any changes OK your way out.
Restart computer.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 btr03

btr03
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 30 November 2012 - 06:54 PM

Network settings are fine. Otherwise, I wouldn't be able to browse non microsoft or AV websites. Looks like it is rebuild time!

#15 btr03

btr03
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 30 November 2012 - 06:58 PM

Just to make sure my problem is clear. I can browse all websites except microsoft.com, AV relates sites, bleepingcomputer.com, etc.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users