Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan:Win32/Danmec.gen!A

Started by Neason , Apr 20 2012 09:03 AM

  • Please log in to reply

#1
Neason
Posted 20 April 2012 - 09:03 AM

Neason

    New Member

  • Member
  • Pip
  • 4 posts
One of my co-workers was checking personal e-mail at home on his laptop and managed to encounter this virus. The computer has been brought to me to clean. The desktop is empty and the C: drive is showing as empty as well. There are a very limited number of things reachable. I have already removed some stuff with Malwarebytes but I need help finishing up the cleaning and recovering the set-up of the computer.

Here is the OTL log:

OTL logfile created on: 4/20/2012 10:56:39 AM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\rmrnt\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 55.18% Memory free
3.86 Gb Paging File | 2.82 Gb Available in Paging File | 73.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.58 Gb Total Space | 199.28 Gb Free Space | 85.68% Space Free | Partition Type: NTFS
Drive D: | 300.00 Mb Total Space | 275.22 Mb Free Space | 91.74% Space Free | Partition Type: NTFS
Drive G: | 300.00 Gb Total Space | 17.40 Gb Free Space | 5.80% Space Free | Partition Type: NTFS
Drive H: | 300.00 Gb Total Space | 17.40 Gb Free Space | 5.80% Space Free | Partition Type: NTFS
Drive Q: | 300.00 Gb Total Space | 17.40 Gb Free Space | 5.80% Space Free | Partition Type: NTFS

Computer Name: 77SY4Q1 | User Name: rmrnt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/20 10:56:13 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\rmrnt\Desktop\OTL.exe
PRC - [2011/08/03 09:23:54 | 000,828,944 | -H-- | M] (GlavSoft LLC.) -- C:\Program Files\TightVNC\tvnserver.exe
PRC - [2011/07/16 00:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:42 | 000,206,360 | -H-- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | -H-- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/08/24 16:51:50 | 000,388,464 | -H-- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
PRC - [2010/08/11 10:26:32 | 000,031,624 | -H-- | M] (IBM Corp) -- C:\Notes\nslsvice.exe
PRC - [2010/08/11 10:26:10 | 003,417,480 | -H-- | M] (IBM) -- C:\Notes\nsd.exe
PRC - [2010/07/28 12:45:12 | 000,727,664 | -H-- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010/04/30 20:20:52 | 000,049,250 | -H-- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2010/04/30 20:20:50 | 000,278,528 | -H-- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/04/30 20:20:50 | 000,054,568 | -H-- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2010/04/30 20:20:50 | 000,049,152 | -H-- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2010/04/30 20:20:48 | 000,495,711 | -H-- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/04/30 20:20:48 | 000,229,461 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\stacsv.exe
PRC - [2010/04/30 20:20:44 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\AEstSrv.exe
PRC - [2010/04/14 09:13:24 | 000,263,536 | -H-- | M] (SAP AG) -- C:\Program Files\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
PRC - [2010/04/14 09:13:24 | 000,226,672 | -H-- | M] (SAP AG) -- C:\Program Files\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe
PRC - [2010/03/23 13:19:32 | 001,528,616 | -H-- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/18 05:00:00 | 000,764,768 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\CCM\CcmExec.exe
PRC - [2009/07/13 21:14:24 | 001,401,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
PRC - [2009/06/03 14:38:06 | 000,229,446 | -H-- | M] (Invensys Systems, Inc.) -- C:\Program Files\Common Files\ArchestrA\aaLogger.exe
PRC - [2008/10/14 19:45:23 | 000,126,976 | -H-- | M] (Captaris, Inc.) -- C:\Program Files\RightFax\Client\FAXCTRL.exe
PRC - [2008/07/11 07:05:00 | 000,226,592 | -H-- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2008/07/11 01:02:10 | 000,328,992 | -H-- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2007/05/31 16:21:28 | 000,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdcBase.exe
PRC - [2003/08/05 18:29:24 | 000,029,912 | -H-- | M] (International Business Machines Corporation) -- C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
PRC - [2003/08/05 18:27:40 | 000,193,752 | -H-- | M] (International Business Machines Corporation) -- C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe


========== Modules (No Company Name) ==========

MOD - [2011/03/17 01:11:16 | 004,297,568 | -H-- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | -H-- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/07/28 12:45:12 | 000,727,664 | -H-- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe


========== Win32 Services (SafeList) ==========

SRV - [2011/08/03 09:23:54 | 000,828,944 | -H-- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files\TightVNC\tvnserver.exe -- (tvnserver)
SRV - [2011/06/12 11:15:00 | 031,125,880 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/11/11 12:26:42 | 000,206,360 | -H-- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 12:26:40 | 000,011,736 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/09/13 17:47:10 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/08/24 16:51:50 | 000,388,464 | -H-- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2010/08/11 10:26:32 | 000,031,624 | -H-- | M] (IBM Corp) [Auto | Running] -- C:\Notes\nslsvice.exe -- (Lotus Notes Single Logon)
SRV - [2010/08/11 10:26:10 | 003,417,480 | -H-- | M] (IBM) [Auto | Running] -- C:\Notes\nsd.exe -- (Lotus Notes Diagnostics)
SRV - [2010/04/30 20:20:48 | 000,229,461 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\stacsv.exe -- (STacSV)
SRV - [2010/04/30 20:20:44 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\AEstSrv.exe -- (AESTFilters)
SRV - [2010/04/14 09:13:24 | 000,263,536 | -H-- | M] (SAP AG) [Auto | Running] -- C:\Program Files\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe -- (NWSAPAutoWorkstationUpdateSvc)
SRV - [2010/03/23 13:19:32 | 001,528,616 | -H-- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/02/09 17:34:44 | 001,431,440 | -H-- | M] (Acresso Software Inc.) [Auto | Stopped] -- C:\Program Files\ArchestrA\License Server\lmgrd.exe -- (ArchestrA License Server)
SRV - [2009/09/18 05:00:00 | 000,764,768 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 05:00:00 | 000,246,624 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/03 14:38:06 | 000,229,446 | -H-- | M] (Invensys Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArchestrA\aaLogger.exe -- (aaLogger)
SRV - [2008/07/11 07:05:00 | 000,226,592 | -H-- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2008/07/11 01:02:10 | 000,328,992 | -H-- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2003/08/05 18:29:24 | 000,029,912 | -H-- | M] (International Business Machines Corporation) [Auto | Running] -- C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe -- (DB2NTSECSERVER)
SRV - [2003/08/05 18:27:40 | 000,193,752 | -H-- | M] (International Business Machines Corporation) [Auto | Running] -- C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe -- (DB2JDS)


========== Driver Services (SafeList) ==========

DRV - [2010/10/24 21:25:38 | 000,054,144 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 21:25:38 | 000,043,392 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/07/14 00:42:24 | 006,814,720 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel®
DRV - [2010/07/09 10:41:42 | 000,043,888 | -H-- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelern.sys -- (Acceler)
DRV - [2010/07/09 10:41:34 | 000,017,648 | -H-- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\stdcfltn.sys -- (stdcfltn)
DRV - [2010/04/30 20:21:00 | 000,209,920 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV - [2010/04/30 20:20:54 | 000,214,696 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel®
DRV - [2010/04/30 20:20:50 | 000,239,664 | -H-- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2010/04/30 20:20:50 | 000,132,480 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/04/30 20:20:50 | 000,048,640 | -H-- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2010/04/30 20:20:50 | 000,047,616 | -H-- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2010/04/30 20:20:50 | 000,038,912 | -H-- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2010/04/30 20:20:50 | 000,033,832 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2010/04/30 20:20:48 | 000,423,424 | -H-- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/03/23 13:15:36 | 000,308,859 | -H-- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/09/18 05:00:00 | 000,020,848 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/09/10 23:00:12 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 21:19:10 | 000,175,824 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 19:28:49 | 000,126,464 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netvsc60.sys -- (netvsc)
DRV - [2009/07/13 19:28:48 | 000,019,456 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusVideoM.sys -- (SynthVid)
DRV - [2009/07/13 19:28:47 | 000,005,632 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2008/11/16 18:39:44 | 000,131,984 | -H-- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008/07/11 07:05:00 | 000,092,712 | -H-- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\sentinel.sys -- (Sentinel)
DRV - [2007/01/18 20:28:02 | 000,005,275 | -H-- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://domino.milliken.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://domino.milliken.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://domino.milliken.com/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2011/12/02 11:54:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\rmrnt\AppData\Roaming\mozilla\Extensions

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4 - HKLM..\Run: [IBM Lotus Notes Preloader] C:\Notes\nntspreld.exe (IBM Corp)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RightFAX Print-to-Fax Driver] C:\Program Files\RightFax\Client\FAXCTRL.exe (Captaris, Inc.)
O4 - HKLM..\Run: [SAP_WUS_UNT] C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe (SAP AG)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseDefaultTile = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: lrn.com ([milliken-lcec] http in Trusted sites)
O15 - HKLM\..Trusted Domains: lrn.com ([milliken-lcec] https in Trusted sites)
O15 - HKLM\..Trusted Domains: lrn.com ([milliken-lcec.course] http in Trusted sites)
O15 - HKLM\..Trusted Domains: milliken.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: lrn.com ([milliken-lcec] http in Trusted sites)
O15 - HKCU\..Trusted Domains: lrn.com ([milliken-lcec] https in Trusted sites)
O15 - HKCU\..Trusted Domains: lrn.com ([milliken-lcec.course] http in Trusted sites)
O15 - HKCU\..Trusted Domains: milliken.com ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range16 ([http] in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://10.146.20.55/activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 169.146.20.2 169.146.229.31 169.146.229.32
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = milliken.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D9318DE-73BF-4BF5-A68B-3BF3E86E260D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9BEB4BD6-0427-4015-9BF3-C3B3D1D237AF}: DhcpNameServer = 169.146.20.2 169.146.229.31 169.146.229.32
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1c35ff3f-1ce1-11e1-a41c-5c260a4f27d8}\Shell - "" = AutoRun
O33 - MountPoints2\{1c35ff3f-1ce1-11e1-a41c-5c260a4f27d8}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\TL-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/20 10:56:09 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\rmrnt\Desktop\OTL.exe
[2012/04/20 09:30:46 | 000,000,000 | -H-D | C] -- C:\Users\rmrnt\AppData\Roaming\Malwarebytes
[2012/04/20 09:30:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/20 09:30:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2012/04/20 09:30:09 | 000,000,000 | -H-D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/20 09:17:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/04/19 18:48:45 | 000,000,000 | -H-D | C] -- C:\Users\rmrnt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD
[2012/04/19 08:48:49 | 000,000,000 | -H-D | C] -- C:\Users\rmrnt\AppData\Roaming\smkits
[2012/04/08 11:05:40 | 000,000,000 | -H-D | C] -- C:\Users\rmrnt\Desktop\Projects
[2012/03/24 17:45:33 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\Java
[2012/03/24 17:45:23 | 000,157,472 | -H-- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/03/24 17:45:23 | 000,149,280 | -H-- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/03/24 17:45:23 | 000,149,280 | -H-- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[22 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/20 10:56:13 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\rmrnt\Desktop\OTL.exe
[2012/04/20 10:34:49 | 000,000,220 | -H-- | M] () -- C:\Windows\tasks\MoveOU.job
[2012/04/20 10:23:31 | 000,000,461 | -H-- | M] () -- C:\Windows\SMSCFG.ini
[2012/04/20 10:22:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/20 10:22:42 | 1552,281,600 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/20 10:22:05 | 000,016,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/20 10:22:05 | 000,016,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/20 09:49:30 | 000,000,677 | -H-- | M] () -- C:\Users\rmrnt\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
[2012/04/20 09:49:30 | 000,000,653 | -H-- | M] () -- C:\Users\rmrnt\Desktop\SMART_HDD.lnk
[2012/04/20 09:15:55 | 000,108,703 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/04/19 18:48:47 | 000,000,176 | -H-- | M] () -- C:\ProgramData\-xwhIepoghDkcccr
[2012/04/19 18:48:47 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-xwhIepoghDkccc
[2012/04/19 18:48:43 | 000,000,256 | -H-- | M] () -- C:\ProgramData\xwhIepoghDkccc
[2012/04/19 18:48:36 | 000,241,152 | -H-- | M] ( ) -- C:\ProgramData\xwhIepoghDkccc.exe
[2012/04/18 15:07:09 | 000,000,832 | -H-- | M] () -- C:\Users\rmrnt\Desktop\Postdye Fallout Lite SAP.accdb - Shortcut.lnk
[2012/04/12 12:01:16 | 000,672,932 | -H-- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/12 12:01:16 | 000,126,840 | -H-- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/24 17:45:18 | 000,157,472 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/03/24 17:45:18 | 000,149,280 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/03/24 17:45:18 | 000,149,280 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/03/24 17:45:17 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/03/23 14:53:44 | 000,430,466 | -H-- | M] () -- C:\Users\rmrnt\Desktop\1306 shifted.jpg
[2012/03/23 14:01:44 | 000,000,707 | -H-- | M] () -- C:\Users\rmrnt\Desktop\2005 Prep Specs.accdb - Shortcut (2).lnk
[22 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/20 09:49:30 | 000,000,677 | -H-- | C] () -- C:\Users\rmrnt\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
[2012/04/20 09:49:30 | 000,000,653 | -H-- | C] () -- C:\Users\rmrnt\Desktop\SMART_HDD.lnk
[2012/04/20 09:17:46 | 000,002,441 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/04/19 18:48:47 | 000,000,176 | -H-- | C] () -- C:\ProgramData\-xwhIepoghDkcccr
[2012/04/19 18:48:47 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-xwhIepoghDkccc
[2012/04/19 18:48:42 | 000,000,256 | -H-- | C] () -- C:\ProgramData\xwhIepoghDkccc
[2012/04/19 18:48:36 | 000,241,152 | -H-- | C] ( ) -- C:\ProgramData\xwhIepoghDkccc.exe
[2012/04/18 15:07:09 | 000,000,832 | -H-- | C] () -- C:\Users\rmrnt\Desktop\Postdye Fallout Lite SAP.accdb - Shortcut.lnk
[2012/03/23 14:53:43 | 000,430,466 | -H-- | C] () -- C:\Users\rmrnt\Desktop\1306 shifted.jpg
[2012/03/23 14:01:44 | 000,000,707 | -H-- | C] () -- C:\Users\rmrnt\Desktop\2005 Prep Specs.accdb - Shortcut (2).lnk
[2012/02/29 22:38:52 | 000,004,764 | -H-- | C] () -- C:\Windows\System32\CcmFramework.ini
[2011/10/20 14:20:04 | 000,000,000 | -H-- | C] () -- C:\Windows\aaLicView.INI
[2011/10/17 16:35:09 | 000,000,093 | -H-- | C] () -- C:\Users\rmrnt\AppData\Local\fusioncache.dat
[2011/06/22 22:55:52 | 000,000,461 | -H-- | C] () -- C:\Windows\SMSCFG.ini
[2011/04/20 13:39:52 | 000,108,703 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/11/05 21:50:22 | 000,208,896 | -H-- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/11/05 21:50:22 | 000,143,360 | -H-- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/11/05 21:50:21 | 000,870,544 | -H-- | C] () -- C:\Windows\System32\igkrng575.bin
[2010/11/05 21:50:21 | 000,127,896 | -H-- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2010/11/05 21:50:21 | 000,051,068 | -H-- | C] () -- C:\Windows\System32\igfcg575m.bin
[2010/11/05 21:50:21 | 000,004,096 | -H-- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/11/05 21:50:21 | 000,000,151 | -H-- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/11/05 18:10:19 | 000,140,288 | -H-- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/11/04 15:13:32 | 000,087,552 | -H-- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2010/09/13 15:26:59 | 000,278,528 | -H-- | C] () -- C:\Windows\System32\nthtapi.dll
[2010/09/13 15:26:59 | 000,075,264 | -H-- | C] () -- C:\Windows\System32\pbnote60.dll
[2010/09/13 15:25:17 | 000,000,187 | -H-- | C] () -- C:\Windows\PVS.INI
[2010/09/13 15:24:47 | 000,000,247 | -H-- | C] () -- C:\Windows\npd.ini
[2010/09/13 15:24:06 | 000,000,553 | -H-- | C] () -- C:\Windows\ENV.INI
[2010/09/13 15:23:18 | 000,000,393 | -H-- | C] () -- C:\Windows\mfs.ini
[2010/09/13 15:22:54 | 000,000,715 | -H-- | C] () -- C:\Windows\rmrebate.ini
[2010/09/13 15:22:21 | 000,000,279 | -H-- | C] () -- C:\Windows\PURCHORD.INI
[2010/09/13 15:21:55 | 000,000,109 | -H-- | C] () -- C:\Windows\coststd.ini
[2010/09/13 15:21:17 | 000,000,410 | -H-- | C] () -- C:\Windows\FPA.INI
[2010/09/13 15:19:47 | 000,165,376 | -H-- | C] () -- C:\Windows\System32\unrar.dll
[2010/09/13 15:14:55 | 000,000,000 | -H-- | C] () -- C:\Windows\gigen.INI
[2010/09/13 15:03:31 | 000,000,220 | -H-- | C] () -- C:\Windows\ODBC.INI
[2010/09/13 15:01:18 | 000,000,369 | -H-- | C] () -- C:\Windows\ODBCINST.INI
[2010/09/13 14:44:13 | 000,004,685 | -H-- | C] () -- C:\Windows\saplogon.ini
[2010/09/13 14:44:12 | 000,000,362 | -H-- | C] () -- C:\Windows\sapmsg.ini
[2010/09/13 14:38:28 | 000,095,744 | -H-- | C] () -- C:\Windows\System32\h5rtf32.dll
[2010/09/13 14:38:28 | 000,051,200 | -H-- | C] () -- C:\Windows\System32\h5tool32.dll
[2010/09/13 14:38:27 | 001,064,960 | -H-- | C] () -- C:\Windows\System32\h5krnl32.dll
[2010/09/13 14:38:27 | 000,188,928 | -H-- | C] () -- C:\Windows\System32\h5icon32.dll
[2010/09/13 14:38:27 | 000,175,616 | -H-- | C] () -- C:\Windows\System32\h5menu32.dll
[2010/09/13 13:53:03 | 000,000,051 | -H-- | C] () -- C:\Windows\smsts.ini

< End of report >


Thanks

Attached Files

  • Attached File  OTL.Txt   63.62KB   95 downloads

  • 0

Advertisements

#2
RKinner
Posted 20 April 2012 - 11:39 AM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
This bug oftens hides the missing links in a folder %Temp%\smtmp. If you haven't deleted all of the temp files we may be able to get them back. It also set the Hidden attribute on most files as you can see from the OTL log. Several of my tools will try and fix that but sometimes you just have to right click on C:\ and select Properties and uncheck the Hidden box and Apply it to subfolders too.

Does 2012/04/19 18:48 sound about right for the date/time of infection?

Copy the text in the code box by highlighting and Ctrl + c 


:OTL
[2012/04/19 18:48:47 | 000,000,176 | -H-- | M] () -- C:\ProgramData\-xwhIepoghDkcccr
[2012/04/19 18:48:47 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-xwhIepoghDkccc
[2012/04/19 18:48:43 | 000,000,256 | -H-- | M] () -- C:\ProgramData\xwhIepoghDkccc
[2012/04/19 18:48:36 | 000,241,152 | -H-- | M] ( ) -- C:\ProgramData\xwhIepoghDkccc.exe

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
C:\ProgramData\-xwhIepoghDkcccr
C:\ProgramData\xwhIepoghDkccc
     
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Download, Save and Right click on unhide.exe and Run As Administrator from

http://download.blee...nler/unhide.exe


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Copy the text in the code box:


nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Ron
  • 0

#3
Neason
Posted 20 April 2012 - 12:07 PM

Neason

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I was able to do the OTL code and the Unhide and the desktop icons are back. However, trying to run aswMBR and not getting anything. If I do it from the desktop it just spins for a second and then nothing. If I do it from a command prompt It pauses for a couple of seconds and then puts me to the next prompt.
  • 0

#4
RKinner
Posted 20 April 2012 - 03:04 PM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
Go on and try the others. See if any of them will work.
  • 0

#5
Neason
Posted 23 April 2012 - 09:14 AM

Neason

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Combofix log:

ComboFix 12-04-22.02 - rmrnt 04/23/2012 9:21.1.4 - x86
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.1974.974 [GMT -4:00]
Running from: c:\users\rmrnt\Desktop\ComboFix.exe
AV: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET651E.tmp
c:\windows\system32\SET652F.tmp
c:\windows\system32\SET6530.tmp
c:\windows\system32\SETA2F.tmp
c:\windows\system32\SETA8BE.tmp
c:\windows\system32\SETAB5D.tmp
c:\windows\system32\SETC675.tmp
c:\windows\system32\SETC808.tmp
c:\windows\system32\SETCDA1.tmp
c:\windows\system32\SETCDA2.tmp
c:\windows\system32\SETCDA3.tmp
c:\windows\system32\SETDDF3.tmp
c:\windows\system32\SETE745.tmp
c:\windows\system32\SETE993.tmp
c:\windows\system32\SETEC99.tmp
c:\windows\system32\SETFA2D.tmp
c:\windows\system32\SETFA2E.tmp
c:\windows\system32\SETFA2F.tmp
c:\windows\system32\SETFBF1.tmp
c:\windows\system32\SETFDB4.tmp
c:\windows\system32\SETFDB5.tmp
c:\windows\system32\SETFDE6.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-03-23 to 2012-04-23 )))))))))))))))))))))))))))))))
.
.
2012-04-23 13:58 . 2012-04-23 13:59 -------- d-----w- c:\users\rmrnt\AppData\Local\temp
2012-04-23 13:58 . 2012-04-23 13:58 -------- d-----w- c:\users\Install\AppData\Local\temp
2012-04-23 13:58 . 2012-04-23 13:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-23 13:58 . 2012-04-23 13:58 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-04-23 13:20 . 2012-04-23 13:20 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D3AB3B5-1FAE-47E0-B3CB-FA73029976A3}\MpKsl3ab1f2c1.sys
2012-04-23 13:14 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D3AB3B5-1FAE-47E0-B3CB-FA73029976A3}\mpengine.dll
2012-04-20 17:43 . 2012-04-20 17:43 -------- d-----w- C:\_OTL
2012-04-20 13:30 . 2012-04-20 13:30 -------- d-----w- c:\users\rmrnt\AppData\Roaming\Malwarebytes
2012-04-20 13:30 . 2012-04-20 13:30 -------- d-----w- c:\programdata\Malwarebytes
2012-04-20 13:30 . 2012-04-20 13:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-19 12:48 . 2012-04-19 12:48 -------- d-----w- c:\users\rmrnt\AppData\Roaming\smkits
2012-04-12 13:10 . 2012-04-12 13:10 -------- d-----w- c:\users\nae001
2012-03-24 21:45 . 2012-03-24 21:45 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 07:36 . 2011-06-23 11:15 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-24 21:45 . 2010-09-13 18:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-20 00:04 . 2011-06-09 16:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-15 05:44 . 2012-03-20 20:19 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22 . 2012-03-20 20:19 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22 . 2012-03-20 20:19 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 23:28 . 2012-02-10 23:29 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5E982F58-5D47-4CB5-BFBA-4413856EC06A}\gapaengine.dll
2012-02-10 05:41 . 2012-03-20 20:20 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:41 . 2012-03-20 20:20 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 05:41 . 2012-03-20 20:20 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41 . 2012-03-20 20:20 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 05:41 . 2012-03-20 20:20 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-02-03 04:01 . 2012-03-20 20:20 2341376 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2010-09-13 17:54 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 05:44 . 2012-03-20 20:20 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:44 . 2012-03-20 20:20 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:40 . 2012-03-20 20:20 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-05-01 278528]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SAP_WUS_UNT"="c:\program files\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe" [2010-04-14 226672]
"RightFAX Print-to-Fax Driver"="c:\program files\RightFax\Client\faxctrl.exe" [2008-10-14 126976]
"IBM Lotus Notes Preloader"="c:\notes\nntspreld.exe" [2010-08-11 20360]
"FreeFallProtection"="c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-07-28 727664]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-01 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-01 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-01 166936]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-05-01 495711]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2011-08-03 828944]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Microsoft Security Client"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2010-8-24 1458032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDefaultTile"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 ArchestrA License Server;ArchestrA License Server;c:\program files\ArchestrA\License Server\lmgrd.exe [2010-02-09 1431440]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2010-05-01 47616]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2009-07-13 126464]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-07-14 6814720]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2010-05-01 48640]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2010-05-01 38912]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2009-07-13 19456]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-13 1343400]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-07-09 17648]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\aestsrv.exe [2010-05-01 81920]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2010-08-24 388464]
S2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\notes\nsd.exe [2010-08-11 3417480]
S2 NWSAPAutoWorkstationUpdateSvc;SAPSetup Automatic Workstation Update Service;c:\program files\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe [2010-04-14 263536]
S2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2008-07-11 328992]
S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [2011-08-03 828944]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-07-09 43888]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2010-05-01 33832]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2010-05-01 214696]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-05-01 132480]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-05-01 209920]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL3AB1F2C1
*NewlyCreated* - MPKSL9227BB34
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-23 c:\windows\Tasks\MoveOU.job
- c:\windows\PCS\MoveOu\MoveOu.exe [2012-02-05 13:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://domino.milliken.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: lrn.com\milliken-lcec
Trusted Zone: lrn.com\milliken-lcec.course
Trusted Zone: lrn.com\milliken-lcec
Trusted Zone: lrn.com\milliken-lcec.course
TCP: DhcpNameServer = 169.146.20.2 169.146.229.31 169.146.229.32
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://10.146.20.55/activex/AMC.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-Milliken Getreg - c:\program files\Milliken Getreg\Common\Common\Common\Common\Common\Common\Common\Common\Common\Common\Common\Common\uninst.exe
AddRemove-Milliken SAP EndUser Settings Installer - c:\users\ADMINI~1\AppData\Local\Temp\SAPGUI_7.10_EndUser_Settings_And_DLL\uninst.exe
.
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: WDC_WD25 rev.01.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 488397151 (+0): user != kernel
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-23 10:16:27
ComboFix-quarantined-files.txt 2012-04-23 14:16
.
Pre-Run: 214,144,331,776 bytes free
Post-Run: 214,138,896,384 bytes free
.
- - End Of File - - B447635069BA826FECFBE83C24E4A9F5


TDSKiller logs:

10:19:47.0043 5132 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
10:19:47.0423 5132 ============================================================
10:19:47.0423 5132 Current date / time: 2012/04/23 10:19:47.0423
10:19:47.0423 5132 SystemInfo:
10:19:47.0423 5132
10:19:47.0433 5132 OS Version: 6.1.7600 ServicePack: 0.0
10:19:47.0433 5132 Product type: Workstation
10:19:47.0433 5132 ComputerName: 77SY4Q1
10:19:47.0433 5132 UserName: rmrnt
10:19:47.0433 5132 Windows directory: C:\Windows
10:19:47.0433 5132 System windows directory: C:\Windows
10:19:47.0433 5132 Processor architecture: Intel x86
10:19:47.0433 5132 Number of processors: 4
10:19:47.0433 5132 Page size: 0x1000
10:19:47.0433 5132 Boot type: Normal boot
10:19:47.0433 5132 ============================================================
10:19:48.0113 5132 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:19:48.0113 5132 \Device\Harddisk0\DR0:
10:19:48.0113 5132 MBR partitions:
10:19:48.0113 5132 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
10:19:48.0113 5132 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x1D12A170
10:19:48.0143 5132 C: <-> \Device\Harddisk0\DR0\Partition1
10:19:48.0153 5132 D: <-> \Device\Harddisk0\DR0\Partition0
10:19:48.0153 5132 Initialize success
10:19:48.0153 5132 ============================================================
10:20:53.0556 4436 ============================================================
10:20:53.0556 4436 Scan started
10:20:53.0556 4436 Mode: Manual;
10:20:53.0556 4436 ============================================================
10:20:53.0896 4436 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
10:20:53.0896 4436 1394ohci - ok
10:20:53.0966 4436 aaLogger (5d561caae1e089a627e0732875b65724) C:\Program Files\Common Files\ArchestrA\aaLogger.exe
10:20:53.0966 4436 aaLogger - ok
10:20:54.0046 4436 Acceler (eb008a36206bf9d0de3c5f9df67d20d8) C:\Windows\system32\DRIVERS\Accelern.sys
10:20:54.0046 4436 Acceler - ok
10:20:54.0116 4436 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
10:20:54.0126 4436 ACPI - ok
10:20:54.0186 4436 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
10:20:54.0186 4436 AcpiPmi - ok
10:20:54.0276 4436 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
10:20:54.0286 4436 adp94xx - ok
10:20:54.0366 4436 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
10:20:54.0376 4436 adpahci - ok
10:20:54.0426 4436 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
10:20:54.0426 4436 adpu320 - ok
10:20:54.0456 4436 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
10:20:54.0466 4436 AeLookupSvc - ok
10:20:54.0566 4436 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\aestsrv.exe
10:20:54.0566 4436 AESTFilters - ok
10:20:54.0646 4436 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
10:20:54.0656 4436 AFD - ok
10:20:54.0686 4436 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
10:20:54.0686 4436 agp440 - ok
10:20:54.0726 4436 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
10:20:54.0746 4436 aic78xx - ok
10:20:54.0816 4436 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
10:20:54.0816 4436 ALG - ok
10:20:54.0866 4436 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
10:20:54.0866 4436 aliide - ok
10:20:54.0896 4436 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
10:20:54.0906 4436 amdagp - ok
10:20:54.0936 4436 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
10:20:54.0936 4436 amdide - ok
10:20:54.0976 4436 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
10:20:54.0976 4436 AmdK8 - ok
10:20:54.0996 4436 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
10:20:54.0996 4436 AmdPPM - ok
10:20:55.0036 4436 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
10:20:55.0046 4436 amdsata - ok
10:20:55.0066 4436 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
10:20:55.0076 4436 amdsbs - ok
10:20:55.0096 4436 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
10:20:55.0096 4436 amdxata - ok
10:20:55.0186 4436 ApfiltrService (11246b43e2fd8318ef5f45de3a74fbae) C:\Windows\system32\DRIVERS\Apfiltr.sys
10:20:55.0186 4436 ApfiltrService - ok
10:20:55.0256 4436 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
10:20:55.0256 4436 AppID - ok
10:20:55.0356 4436 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
10:20:55.0356 4436 AppIDSvc - ok
10:20:55.0416 4436 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
10:20:55.0416 4436 Appinfo - ok
10:20:55.0446 4436 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
10:20:55.0446 4436 AppMgmt - ok
10:20:55.0496 4436 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
10:20:55.0496 4436 arc - ok
10:20:55.0576 4436 ArchestrA License Server (338deabd788009f2d043d3080e29930d) C:\Program Files\ArchestrA\License Server\lmgrd.exe
10:20:55.0586 4436 ArchestrA License Server - ok
10:20:55.0676 4436 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
10:20:55.0676 4436 arcsas - ok
10:20:55.0816 4436 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:20:55.0816 4436 aspnet_state - ok
10:20:55.0876 4436 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
10:20:55.0876 4436 AsyncMac - ok
10:20:55.0976 4436 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
10:20:55.0976 4436 atapi - ok
10:20:56.0046 4436 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
10:20:56.0046 4436 AudioEndpointBuilder - ok
10:20:56.0066 4436 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
10:20:56.0066 4436 Audiosrv - ok
10:20:56.0146 4436 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
10:20:56.0146 4436 AxInstSV - ok
10:20:56.0206 4436 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
10:20:56.0216 4436 b06bdrv - ok
10:20:56.0266 4436 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
10:20:56.0276 4436 b57nd60x - ok
10:20:56.0426 4436 BCM43XX (f689c5965cefad780a2948546703bd5d) C:\Windows\system32\DRIVERS\bcmwl6.sys
10:20:56.0496 4436 BCM43XX - ok
10:20:56.0606 4436 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
10:20:56.0606 4436 BDESVC - ok
10:20:56.0656 4436 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
10:20:56.0656 4436 Beep - ok
10:20:56.0706 4436 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
10:20:56.0716 4436 BFE - ok
10:20:56.0786 4436 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\system32\qmgr.dll
10:20:56.0796 4436 BITS - ok
10:20:56.0836 4436 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
10:20:56.0836 4436 blbdrive - ok
10:20:56.0876 4436 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
10:20:56.0876 4436 bowser - ok
10:20:56.0906 4436 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:20:56.0906 4436 BrFiltLo - ok
10:20:56.0916 4436 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:20:56.0916 4436 BrFiltUp - ok
10:20:56.0966 4436 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
10:20:56.0966 4436 BridgeMP - ok
10:20:56.0996 4436 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
10:20:56.0996 4436 Browser - ok
10:20:57.0016 4436 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
10:20:57.0016 4436 Brserid - ok
10:20:57.0026 4436 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
10:20:57.0026 4436 BrSerWdm - ok
10:20:57.0056 4436 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:20:57.0056 4436 BrUsbMdm - ok
10:20:57.0076 4436 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
10:20:57.0076 4436 BrUsbSer - ok
10:20:57.0096 4436 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
10:20:57.0096 4436 BTHMODEM - ok
10:20:57.0116 4436 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
10:20:57.0126 4436 bthserv - ok
10:20:57.0236 4436 catchme - ok
10:20:57.0336 4436 CcmExec (a454a9baa25b8c8e76735dd86bd4b017) C:\Windows\system32\CCM\CcmExec.exe
10:20:57.0346 4436 CcmExec - ok
10:20:57.0406 4436 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
10:20:57.0406 4436 cdfs - ok
10:20:57.0446 4436 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
10:20:57.0456 4436 cdrom - ok
10:20:57.0496 4436 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
10:20:57.0496 4436 CertPropSvc - ok
10:20:57.0516 4436 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
10:20:57.0516 4436 circlass - ok
10:20:57.0546 4436 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
10:20:57.0546 4436 CLFS - ok
10:20:57.0636 4436 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:20:57.0636 4436 clr_optimization_v2.0.50727_32 - ok
10:20:57.0666 4436 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:20:57.0676 4436 clr_optimization_v4.0.30319_32 - ok
10:20:57.0756 4436 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
10:20:57.0756 4436 CmBatt - ok
10:20:57.0796 4436 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
10:20:57.0796 4436 cmdide - ok
10:20:57.0846 4436 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
10:20:57.0856 4436 CNG - ok
10:20:57.0886 4436 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
10:20:57.0886 4436 Compbatt - ok
10:20:57.0926 4436 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
10:20:57.0926 4436 CompositeBus - ok
10:20:57.0956 4436 COMSysApp - ok
10:20:57.0986 4436 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
10:20:57.0986 4436 crcdisk - ok
10:20:58.0036 4436 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
10:20:58.0036 4436 CryptSvc - ok
10:20:58.0066 4436 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
10:20:58.0076 4436 CSC - ok
10:20:58.0116 4436 CscService (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll
10:20:58.0116 4436 CscService - ok
10:20:58.0186 4436 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
10:20:58.0196 4436 CVirtA - ok
10:20:58.0286 4436 CVPND (66257cb4e4fb69887cddc71663741435) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
10:20:58.0296 4436 CVPND - ok
10:20:58.0336 4436 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\Windows\system32\Drivers\CVPNDRVA.sys
10:20:58.0336 4436 CVPNDRVA - ok
10:20:58.0356 4436 cvusbdrv (d1697063e2cdb6575aa46d668ffee825) C:\Windows\system32\Drivers\cvusbdrv.sys
10:20:58.0356 4436 cvusbdrv - ok
10:20:58.0406 4436 DB2JDS (4c55645eecd65713f278f54fcd24e26b) C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe
10:20:58.0416 4436 DB2JDS - ok
10:20:58.0426 4436 DB2NTSECSERVER (2251de6970b962230450364b82acbd16) C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
10:20:58.0426 4436 DB2NTSECSERVER - ok
10:20:58.0486 4436 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
10:20:58.0496 4436 DcomLaunch - ok
10:20:58.0546 4436 dcpsysmgrsvc (4a557869c542b26264ea727c11b6670e) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
10:20:58.0546 4436 dcpsysmgrsvc - ok
10:20:58.0586 4436 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
10:20:58.0586 4436 defragsvc - ok
10:20:58.0636 4436 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
10:20:58.0636 4436 DfsC - ok
10:20:58.0666 4436 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
10:20:58.0666 4436 Dhcp - ok
10:20:58.0706 4436 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
10:20:58.0706 4436 discache - ok
10:20:58.0746 4436 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
10:20:58.0746 4436 Disk - ok
10:20:58.0786 4436 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
10:20:58.0786 4436 DNE - ok
10:20:58.0846 4436 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
10:20:58.0846 4436 Dnscache - ok
10:20:58.0886 4436 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
10:20:58.0896 4436 dot3svc - ok
10:20:58.0916 4436 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
10:20:58.0916 4436 DPS - ok
10:20:58.0966 4436 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
10:20:58.0966 4436 drmkaud - ok
10:20:59.0016 4436 DXGKrnl (c94b6c3cc628179cb9b9061c19888b99) C:\Windows\System32\drivers\dxgkrnl.sys
10:20:59.0026 4436 DXGKrnl - ok
10:20:59.0066 4436 e1kexpress (a13f07a0422e4a04e7ff6f6f3b05e729) C:\Windows\system32\DRIVERS\e1k6232.sys
10:20:59.0076 4436 e1kexpress - ok
10:20:59.0106 4436 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
10:20:59.0106 4436 EapHost - ok
10:20:59.0236 4436 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
10:20:59.0326 4436 ebdrv - ok
10:20:59.0386 4436 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
10:20:59.0386 4436 EFS - ok
10:20:59.0466 4436 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
10:20:59.0476 4436 ehRecvr - ok
10:20:59.0496 4436 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
10:20:59.0496 4436 ehSched - ok
10:20:59.0526 4436 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
10:20:59.0536 4436 elxstor - ok
10:20:59.0556 4436 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
10:20:59.0556 4436 ErrDev - ok
10:20:59.0596 4436 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
10:20:59.0596 4436 EventSystem - ok
10:20:59.0626 4436 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
10:20:59.0636 4436 exfat - ok
10:20:59.0646 4436 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
10:20:59.0656 4436 fastfat - ok
10:20:59.0686 4436 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
10:20:59.0686 4436 Fax - ok
10:20:59.0706 4436 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
10:20:59.0706 4436 fdc - ok
10:20:59.0726 4436 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
10:20:59.0726 4436 fdPHost - ok
10:20:59.0776 4436 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
10:20:59.0776 4436 FDResPub - ok
10:20:59.0796 4436 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
10:20:59.0806 4436 FileInfo - ok
10:20:59.0826 4436 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
10:20:59.0826 4436 Filetrace - ok
10:20:59.0836 4436 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
10:20:59.0836 4436 flpydisk - ok
10:20:59.0856 4436 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
10:20:59.0856 4436 FltMgr - ok
10:20:59.0906 4436 FontCache (151258fc2ec8c48bdf8a53350ae0a676) C:\Windows\system32\FntCache.dll
10:20:59.0916 4436 FontCache - ok
10:21:00.0006 4436 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:21:00.0006 4436 FontCache3.0.0.0 - ok
10:21:00.0046 4436 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
10:21:00.0046 4436 FsDepends - ok
10:21:00.0086 4436 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
10:21:00.0086 4436 Fs_Rec - ok
10:21:00.0106 4436 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
10:21:00.0106 4436 fvevol - ok
10:21:00.0146 4436 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:21:00.0146 4436 gagp30kx - ok
10:21:00.0186 4436 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
10:21:00.0196 4436 gpsvc - ok
10:21:00.0216 4436 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
10:21:00.0216 4436 hcw85cir - ok
10:21:00.0246 4436 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:21:00.0246 4436 HDAudBus - ok
10:21:00.0256 4436 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
10:21:00.0256 4436 HidBatt - ok
10:21:00.0276 4436 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
10:21:00.0276 4436 HidBth - ok
10:21:00.0306 4436 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
10:21:00.0306 4436 HidIr - ok
10:21:00.0326 4436 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
10:21:00.0336 4436 hidserv - ok
10:21:00.0356 4436 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
10:21:00.0356 4436 HidUsb - ok
10:21:00.0376 4436 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
10:21:00.0386 4436 hkmsvc - ok
10:21:00.0416 4436 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
10:21:00.0426 4436 HomeGroupListener - ok
10:21:00.0456 4436 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
10:21:00.0466 4436 HomeGroupProvider - ok
10:21:00.0486 4436 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
10:21:00.0486 4436 HpSAMD - ok
10:21:00.0516 4436 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
10:21:00.0516 4436 HTTP - ok
10:21:00.0536 4436 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
10:21:00.0536 4436 hwpolicy - ok
10:21:00.0566 4436 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
10:21:00.0566 4436 i8042prt - ok
10:21:00.0596 4436 iaStor (39f7c9aeee865fe8e98cf3edd2b4bb4a) C:\Windows\system32\DRIVERS\iaStor.sys
10:21:00.0596 4436 iaStor - ok
10:21:00.0626 4436 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
10:21:00.0626 4436 iaStorV - ok
10:21:00.0736 4436 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
10:21:00.0736 4436 IDriverT - ok
10:21:00.0826 4436 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:21:00.0846 4436 idsvc - ok
10:21:01.0096 4436 igfx (4ee7874572a515d112d2f35112f5ad41) C:\Windows\system32\DRIVERS\igdkmd32.sys
10:21:01.0126 4436 igfx - ok
10:21:01.0166 4436 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
10:21:01.0166 4436 iirsp - ok
10:21:01.0226 4436 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
10:21:01.0236 4436 IKEEXT - ok
10:21:01.0266 4436 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\Windows\system32\DRIVERS\Impcd.sys
10:21:01.0266 4436 Impcd - ok
10:21:01.0316 4436 IntcDAud (2d79c681ce6d53a0c6c725a84594df4c) C:\Windows\system32\DRIVERS\IntcDAud.sys
10:21:01.0316 4436 IntcDAud - ok
10:21:01.0356 4436 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
10:21:01.0356 4436 intelide - ok
10:21:01.0396 4436 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
10:21:01.0396 4436 intelppm - ok
10:21:01.0426 4436 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
10:21:01.0436 4436 IPBusEnum - ok
10:21:01.0456 4436 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:21:01.0456 4436 IpFilterDriver - ok
10:21:01.0496 4436 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
10:21:01.0506 4436 iphlpsvc - ok
10:21:01.0516 4436 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
10:21:01.0516 4436 IPMIDRV - ok
10:21:01.0536 4436 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
10:21:01.0536 4436 IPNAT - ok
10:21:01.0556 4436 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
10:21:01.0556 4436 IRENUM - ok
10:21:01.0586 4436 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
10:21:01.0586 4436 isapnp - ok
10:21:01.0606 4436 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
10:21:01.0606 4436 iScsiPrt - ok
10:21:01.0646 4436 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:21:01.0646 4436 kbdclass - ok
10:21:01.0666 4436 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
10:21:01.0666 4436 kbdhid - ok
10:21:01.0716 4436 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
10:21:01.0716 4436 KeyIso - ok
10:21:01.0756 4436 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
10:21:01.0756 4436 KSecDD - ok
10:21:01.0796 4436 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
10:21:01.0796 4436 KSecPkg - ok
10:21:01.0826 4436 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
10:21:01.0836 4436 KtmRm - ok
10:21:01.0896 4436 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\System32\srvsvc.dll
10:21:01.0896 4436 LanmanServer - ok
10:21:01.0956 4436 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
10:21:01.0966 4436 LanmanWorkstation - ok
10:21:02.0026 4436 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
10:21:02.0026 4436 lltdio - ok
10:21:02.0096 4436 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
10:21:02.0096 4436 lltdsvc - ok
10:21:02.0126 4436 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
10:21:02.0126 4436 lmhosts - ok
10:21:02.0146 4436 Lotus Notes Diagnostics - ok
10:21:02.0176 4436 Lotus Notes Single Logon (1a394a0372622b3d5f989ae8329326f2) C:\Notes\nslsvice.exe
10:21:02.0176 4436 Lotus Notes Single Logon - ok
10:21:02.0236 4436 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:21:02.0246 4436 LSI_FC - ok
10:21:02.0256 4436 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:21:02.0266 4436 LSI_SAS - ok
10:21:02.0276 4436 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:21:02.0276 4436 LSI_SAS2 - ok
10:21:02.0306 4436 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:21:02.0306 4436 LSI_SCSI - ok
10:21:02.0336 4436 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
10:21:02.0336 4436 luafv - ok
10:21:02.0366 4436 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
10:21:02.0366 4436 Mcx2Svc - ok
10:21:02.0396 4436 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
10:21:02.0396 4436 megasas - ok
10:21:02.0416 4436 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
10:21:02.0416 4436 MegaSR - ok
10:21:02.0516 4436 Microsoft SharePoint Workspace Audit Service - ok
10:21:02.0656 4436 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
10:21:02.0656 4436 MMCSS - ok
10:21:02.0716 4436 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
10:21:02.0716 4436 Modem - ok
10:21:02.0746 4436 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
10:21:02.0746 4436 monitor - ok
10:21:02.0786 4436 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
10:21:02.0786 4436 mouclass - ok
10:21:02.0826 4436 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
10:21:02.0826 4436 mouhid - ok
10:21:02.0856 4436 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
10:21:02.0866 4436 mountmgr - ok
10:21:02.0916 4436 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
10:21:02.0916 4436 MpFilter - ok
10:21:02.0976 4436 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
10:21:02.0986 4436 mpio - ok
10:21:03.0096 4436 MpKsl3ab1f2c1 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3D3AB3B5-1FAE-47E0-B3CB-FA73029976A3}\MpKsl3ab1f2c1.sys
10:21:03.0096 4436 MpKsl3ab1f2c1 - ok
10:21:03.0176 4436 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
10:21:03.0176 4436 MpNWMon - ok
10:21:03.0206 4436 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
10:21:03.0206 4436 mpsdrv - ok
10:21:03.0256 4436 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
10:21:03.0256 4436 MpsSvc - ok
10:21:03.0276 4436 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
10:21:03.0286 4436 MRxDAV - ok
10:21:03.0336 4436 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:21:03.0346 4436 mrxsmb - ok
10:21:03.0376 4436 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:21:03.0386 4436 mrxsmb10 - ok
10:21:03.0406 4436 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:21:03.0406 4436 mrxsmb20 - ok
10:21:03.0456 4436 msahci (cb5d37e91135b0f15cee64d1f1ba5de5) C:\Windows\system32\DRIVERS\msahci.sys
10:21:03.0466 4436 msahci - ok
10:21:03.0486 4436 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
10:21:03.0486 4436 msdsm - ok
10:21:03.0526 4436 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
10:21:03.0526 4436 MSDTC - ok
10:21:03.0556 4436 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
10:21:03.0556 4436 Msfs - ok
10:21:03.0576 4436 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
10:21:03.0576 4436 mshidkmdf - ok
10:21:03.0596 4436 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
10:21:03.0606 4436 msisadrv - ok
10:21:03.0646 4436 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
10:21:03.0656 4436 MSiSCSI - ok
10:21:03.0666 4436 msiserver - ok
10:21:03.0706 4436 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
10:21:03.0706 4436 MSKSSRV - ok
10:21:03.0806 4436 MsMpSvc (90dc23d940551db35367fb1e40575b25) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
10:21:03.0806 4436 MsMpSvc - ok
10:21:03.0966 4436 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
10:21:03.0966 4436 MSPCLOCK - ok
10:21:03.0976 4436 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
10:21:03.0976 4436 MSPQM - ok
10:21:04.0016 4436 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
10:21:04.0016 4436 MsRPC - ok
10:21:04.0036 4436 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
10:21:04.0036 4436 mssmbios - ok
10:21:04.0066 4436 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
10:21:04.0066 4436 MSTEE - ok
10:21:04.0076 4436 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
10:21:04.0086 4436 MTConfig - ok
10:21:04.0116 4436 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
10:21:04.0116 4436 Mup - ok
10:21:04.0146 4436 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
10:21:04.0156 4436 napagent - ok
10:21:04.0196 4436 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
10:21:04.0206 4436 NativeWifiP - ok
10:21:04.0246 4436 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
10:21:04.0256 4436 NDIS - ok
10:21:04.0316 4436 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
10:21:04.0316 4436 NdisCap - ok
10:21:04.0356 4436 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
10:21:04.0356 4436 NdisTapi - ok
10:21:04.0406 4436 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
10:21:04.0406 4436 Ndisuio - ok
10:21:04.0426 4436 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
10:21:04.0426 4436 NdisWan - ok
10:21:04.0466 4436 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
10:21:04.0466 4436 NDProxy - ok
10:21:04.0516 4436 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
10:21:04.0516 4436 Net Driver HPZ12 - ok
10:21:04.0556 4436 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
10:21:04.0556 4436 NetBIOS - ok
10:21:04.0586 4436 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
10:21:04.0586 4436 NetBT - ok
10:21:04.0626 4436 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
10:21:04.0626 4436 Netlogon - ok
10:21:04.0676 4436 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
10:21:04.0686 4436 Netman - ok
10:21:04.0756 4436 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:21:04.0756 4436 NetMsmqActivator - ok
10:21:04.0766 4436 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:21:04.0766 4436 NetPipeActivator - ok
10:21:04.0866 4436 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
10:21:04.0876 4436 netprofm - ok
10:21:04.0976 4436 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:21:04.0976 4436 NetTcpActivator - ok
10:21:04.0986 4436 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:21:04.0986 4436 NetTcpPortSharing - ok
10:21:05.0106 4436 netvsc (bcd77de94fa91339705a95d30fcfe9af) C:\Windows\system32\DRIVERS\netvsc60.sys
10:21:05.0116 4436 netvsc - ok
10:21:05.0276 4436 NETwNs32 (29e4f23d31fb66c7bf0014d36cf5af2a) C:\Windows\system32\DRIVERS\NETwNs32.sys
10:21:05.0306 4436 NETwNs32 - ok
10:21:05.0346 4436 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
10:21:05.0346 4436 nfrd960 - ok
10:21:05.0366 4436 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:21:05.0376 4436 NisDrv - ok
10:21:05.0466 4436 NisSrv (c73de53197ac0c4db60b80588f0d54df) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
10:21:05.0466 4436 NisSrv - ok
10:21:05.0576 4436 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
10:21:05.0576 4436 NlaSvc - ok
10:21:05.0636 4436 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
10:21:05.0636 4436 Npfs - ok
10:21:05.0676 4436 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
10:21:05.0676 4436 nsi - ok
10:21:05.0696 4436 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
10:21:05.0696 4436 nsiproxy - ok
10:21:05.0746 4436 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
10:21:05.0776 4436 Ntfs - ok
10:21:05.0806 4436 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
10:21:05.0806 4436 Null - ok
10:21:05.0836 4436 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
10:21:05.0846 4436 nvraid - ok
10:21:05.0866 4436 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
10:21:05.0866 4436 nvstor - ok
10:21:05.0906 4436 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
10:21:05.0906 4436 nv_agp - ok
10:21:05.0976 4436 NWSAPAutoWorkstationUpdateSvc (b13698034f9162d91df8e22d3b54bb58) C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
10:21:05.0976 4436 NWSAPAutoWorkstationUpdateSvc - ok
10:21:06.0136 4436 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
10:21:06.0136 4436 ohci1394 - ok
10:21:06.0206 4436 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:21:06.0206 4436 ose - ok
10:21:06.0326 4436 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:21:06.0346 4436 osppsvc - ok
10:21:06.0486 4436 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
10:21:06.0496 4436 p2pimsvc - ok
10:21:06.0546 4436 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
10:21:06.0556 4436 p2psvc - ok
10:21:06.0616 4436 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
10:21:06.0616 4436 Parport - ok
10:21:06.0636 4436 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
10:21:06.0636 4436 partmgr - ok
10:21:06.0656 4436 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
10:21:06.0656 4436 Parvdm - ok
10:21:06.0676 4436 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
10:21:06.0676 4436 PcaSvc - ok
10:21:06.0696 4436 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
10:21:06.0696 4436 pci - ok
10:21:06.0726 4436 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
10:21:06.0726 4436 pciide - ok
10:21:06.0756 4436 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
10:21:06.0756 4436 pcmcia - ok
10:21:06.0776 4436 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
10:21:06.0776 4436 pcw - ok
10:21:06.0806 4436 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
10:21:06.0816 4436 PEAUTH - ok
10:21:06.0886 4436 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
10:21:06.0906 4436 PeerDistSvc - ok
10:21:06.0976 4436 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
10:21:07.0006 4436 pla - ok
10:21:07.0056 4436 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
10:21:07.0056 4436 PlugPlay - ok
10:21:07.0096 4436 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
10:21:07.0096 4436 Pml Driver HPZ12 - ok
10:21:07.0116 4436 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
10:21:07.0126 4436 PNRPAutoReg - ok
10:21:07.0156 4436 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
10:21:07.0156 4436 PNRPsvc - ok
10:21:07.0196 4436 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
10:21:07.0206 4436 PolicyAgent - ok
10:21:07.0226 4436 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
10:21:07.0226 4436 Power - ok
10:21:07.0266 4436 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
10:21:07.0266 4436 PptpMiniport - ok
10:21:07.0336 4436 prepdrvr (2a4514a9233d35a355f569ff8b8f6240) C:\Windows\system32\CCM\prepdrv.sys
10:21:07.0346 4436 prepdrvr - ok
10:21:07.0366 4436 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
10:21:07.0366 4436 Processor - ok
10:21:07.0396 4436 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
10:21:07.0406 4436 ProfSvc - ok
10:21:07.0436 4436 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
10:21:07.0436 4436 ProtectedStorage - ok
10:21:07.0476 4436 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
10:21:07.0476 4436 Psched - ok
10:21:07.0496 4436 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
10:21:07.0506 4436 PxHelp20 - ok
10:21:07.0556 4436 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
10:21:07.0586 4436 ql2300 - ok
10:21:07.0606 4436 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
10:21:07.0606 4436 ql40xx - ok
10:21:07.0646 4436 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
10:21:07.0646 4436 QWAVE - ok
10:21:07.0676 4436 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
10:21:07.0676 4436 QWAVEdrv - ok
10:21:07.0746 4436 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
10:21:07.0746 4436 RapiMgr - ok
10:21:07.0766 4436 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
10:21:07.0766 4436 RasAcd - ok
10:21:07.0796 4436 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:21:07.0796 4436 RasAgileVpn - ok
10:21:07.0836 4436 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
10:21:07.0846 4436 RasAuto - ok
10:21:07.0866 4436 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:21:07.0866 4436 Rasl2tp - ok
10:21:07.0916 4436 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
10:21:07.0926 4436 RasMan - ok
10:21:07.0956 4436 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
10:21:07.0956 4436 RasPppoe - ok
10:21:07.0976 4436 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
10:21:07.0976 4436 RasSstp - ok
10:21:08.0006 4436 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
10:21:08.0006 4436 rdbss - ok
10:21:08.0026 4436 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
10:21:08.0026 4436 rdpbus - ok
10:21:08.0046 4436 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:21:08.0046 4436 RDPCDD - ok
10:21:08.0076 4436 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
10:21:08.0076 4436 RDPDR - ok
10:21:08.0116 4436 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
10:21:08.0116 4436 RDPENCDD - ok
10:21:08.0136 4436 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
10:21:08.0136 4436 RDPREFMP - ok
10:21:08.0166 4436 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\Windows\system32\drivers\RDPWD.sys
10:21:08.0176 4436 RDPWD - ok
10:21:08.0206 4436 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
10:21:08.0206 4436 rdyboost - ok
10:21:08.0246 4436 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
10:21:08.0256 4436 RemoteAccess - ok
10:21:08.0296 4436 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
10:21:08.0296 4436 RemoteRegistry - ok
10:21:08.0346 4436 rimspci (e891f07815af88075705ef6a248711f6) C:\Windows\system32\DRIVERS\rimspe86.sys
10:21:08.0356 4436 rimspci - ok
10:21:08.0376 4436 risdpcie (d853d35f792a3a44726a794bf9a0bbc3) C:\Windows\system32\DRIVERS\risdpe86.sys
10:21:08.0376 4436 risdpcie - ok
10:21:08.0386 4436 rixdpcie (cf2de2365fd99e5b8e38c9f3467dcdb8) C:\Windows\system32\DRIVERS\rixdpe86.sys
10:21:08.0396 4436 rixdpcie - ok
10:21:08.0406 4436 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
10:21:08.0406 4436 RpcEptMapper - ok
10:21:08.0436 4436 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
10:21:08.0436 4436 RpcLocator - ok
10:21:08.0456 4436 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\System32\rpcss.dll
10:21:08.0466 4436 RpcSs - ok
10:21:08.0476 4436 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
10:21:08.0486 4436 rspndr - ok
10:21:08.0506 4436 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
10:21:08.0506 4436 s3cap - ok
10:21:08.0546 4436 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
10:21:08.0546 4436 SamSs - ok
10:21:08.0576 4436 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
10:21:08.0576 4436 sbp2port - ok
10:21:08.0616 4436 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
10:21:08.0616 4436 SCardSvr - ok
10:21:08.0636 4436 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
10:21:08.0636 4436 scfilter - ok
10:21:08.0676 4436 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
10:21:08.0686 4436 Schedule - ok
10:21:08.0716 4436 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
10:21:08.0716 4436 SCPolicySvc - ok
10:21:08.0736 4436 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
10:21:08.0736 4436 SDRSVC - ok
10:21:08.0796 4436 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:21:08.0796 4436 secdrv - ok
10:21:08.0826 4436 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
10:21:08.0826 4436 seclogon - ok
10:21:08.0866 4436 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
10:21:08.0866 4436 SENS - ok
10:21:08.0886 4436 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
10:21:08.0896 4436 SensrSvc - ok
10:21:08.0966 4436 Sentinel (a2cc81c30bef6ac9f27055490eef6de3) C:\Windows\System32\Drivers\SENTINEL.SYS
10:21:08.0966 4436 Sentinel - ok
10:21:09.0047 4436 SentinelKeysServer (a9eeb7b09b898a53ec8b7063b923ac32) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
10:21:09.0047 4436 SentinelKeysServer - ok
10:21:09.0077 4436 SentinelProtectionServer (fd8723219c907c7ab753c93334fa4610) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
10:21:09.0077 4436 SentinelProtectionServer - ok
10:21:09.0277 4436 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
10:21:09.0277 4436 Serenum - ok
10:21:09.0317 4436 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
10:21:09.0317 4436 Serial - ok
10:21:09.0407 4436 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
10:21:09.0407 4436 sermouse - ok
10:21:09.0447 4436 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
10:21:09.0447 4436 SessionEnv - ok
10:21:09.0477 4436 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
10:21:09.0477 4436 sffdisk - ok
10:21:09.0487 4436 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
10:21:09.0487 4436 sffp_mmc - ok
10:21:09.0507 4436 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
10:21:09.0507 4436 sffp_sd - ok
10:21:09.0527 4436 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
10:21:09.0527 4436 sfloppy - ok
10:21:09.0587 4436 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
10:21:09.0597 4436 SharedAccess - ok
10:21:09.0627 4436 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
10:21:09.0627 4436 ShellHWDetection - ok
10:21:09.0687 4436 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
10:21:09.0697 4436 sisagp - ok
10:21:09.0717 4436 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:21:09.0717 4436 SiSRaid2 - ok
10:21:09.0777 4436 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
10:21:09.0777 4436 SiSRaid4 - ok
10:21:09.0817 4436 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
10:21:09.0817 4436 Smb - ok
10:21:09.0857 4436 smstsmgr - ok
10:21:09.0907 4436 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
10:21:09.0907 4436 SNMPTRAP - ok
10:21:09.0957 4436 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
10:21:09.0957 4436 spldr - ok
10:21:09.0997 4436 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
10:21:09.0997 4436 Spooler - ok
10:21:10.0087 4436 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
10:21:10.0167 4436 sppsvc - ok
10:21:10.0197 4436 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
10:21:10.0207 4436 sppuinotify - ok
10:21:10.0257 4436 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
10:21:10.0267 4436 srv - ok
10:21:10.0287 4436 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
10:21:10.0287 4436 srv2 - ok
10:21:10.0327 4436 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
10:21:10.0327 4436 srvnet - ok
10:21:10.0357 4436 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
10:21:10.0357 4436 SSDPSRV - ok
10:21:10.0377 4436 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
10:21:10.0377 4436 SstpSvc - ok
10:21:10.0437 4436 STacSV (90f4ab6dede1d075fc9656675d95c03b) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\STacSV.exe
10:21:10.0437 4436 STacSV - ok
10:21:10.0557 4436 stdcfltn (73d7a81e3af7763aa627d99f50bd3f49) C:\Windows\system32\DRIVERS\stdcfltn.sys
10:21:10.0557 4436 stdcfltn - ok
10:21:10.0607 4436 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
10:21:10.0607 4436 stexstor - ok
10:21:10.0657 4436 STHDA (4e5c74bd3244139ecaa73cc2c0f8b86b) C:\Windows\system32\DRIVERS\stwrt.sys
10:21:10.0657 4436 STHDA - ok
10:21:10.0697 4436 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
10:21:10.0697 4436 StiSvc - ok
10:21:10.0807 4436 stllssvr (e476c66713c842f58e61a95826ed1d57) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
10:21:10.0807 4436 stllssvr - ok
10:21:10.0987 4436 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
10:21:10.0987 4436 storflt - ok
10:21:11.0087 4436 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
10:21:11.0087 4436 StorSvc - ok
10:21:11.0257 4436 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
10:21:11.0257 4436 storvsc - ok
10:21:11.0327 4436 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
10:21:11.0337 4436 swenum - ok
10:21:11.0397 4436 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
10:21:11.0397 4436 swprv - ok
10:21:11.0587 4436 SynthVid (ae0d62a47c63e874fb96ded276f3f94b) C:\Windows\system32\DRIVERS\VMBusVideoM.sys
10:21:11.0597 4436 SynthVid - ok
10:21:11.0707 4436 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
10:21:11.0737 4436 SysMain - ok
10:21:11.0887 4436 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
10:21:11.0887 4436 TabletInputService - ok
10:21:12.0037 4436 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
10:21:12.0047 4436 TapiSrv - ok
10:21:12.0147 4436 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
10:21:12.0147 4436 TBS - ok
10:21:12.0327 4436 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
10:21:12.0347 4436 Tcpip - ok
10:21:12.0547 4436 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
10:21:12.0557 4436 TCPIP6 - ok
10:21:12.0747 4436 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
10:21:12.0747 4436 tcpipreg - ok
10:21:12.0937 4436 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
10:21:12.0937 4436 TDPIPE - ok
10:21:13.0107 4436 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
10:21:13.0107 4436 TDTCP - ok
10:21:13.0277 4436 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
10:21:13.0277 4436 tdx - ok
10:21:13.0447 4436 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
10:21:13.0447 4436 TermDD - ok
10:21:13.0627 4436 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
10:21:13.0627 4436 TermService - ok
10:21:13.0817 4436 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
10:21:13.0817 4436 Themes - ok
10:21:13.0867 4436 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
10:21:13.0867 4436 THREADORDER - ok
10:21:13.0897 4436 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
10:21:13.0897 4436 TrkWks - ok
10:21:14.0027 4436 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
10:21:14.0027 4436 TrustedInstaller - ok
10:21:14.0117 4436 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:21:14.0117 4436 tssecsrv - ok
10:21:14.0307 4436 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
10:21:14.0317 4436 tunnel - ok
10:21:14.0437 4436 tvnserver (aaf458cc200326bef602b5339400bf86) C:\Program Files\TightVNC\tvnserver.exe
10:21:14.0447 4436 tvnserver - ok
10:21:14.0627 4436 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
10:21:14.0627 4436 uagp35 - ok
10:21:14.0817 4436 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\Windows\system32\DRIVERS\udfs.sys
10:21:14.0817 4436 udfs - ok
10:21:14.0977 4436 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
10:21:14.0987 4436 UI0Detect - ok
10:21:15.0167 4436 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
10:21:15.0167 4436 uliagpkx - ok
10:21:15.0337 4436 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
10:21:15.0347 4436 umbus - ok
10:21:15.0507 4436 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
10:21:15.0507 4436 UmPass - ok
10:21:15.0667 4436 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll
10:21:15.0677 4436 UmRdpService - ok
10:21:15.0837 4436 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
10:21:15.0847 4436 upnphost - ok
10:21:16.0057 4436 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
10:21:16.0067 4436 usbaudio - ok
10:21:16.0217 4436 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
10:21:16.0217 4436 usbccgp - ok
10:21:16.0377 4436 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
10:21:16.0377 4436 usbcir - ok
10:21:16.0537 4436 usbehci (0eeedd78c2bedac75e8ed1ba8d77878b) C:\Windows\system32\DRIVERS\usbehci.sys
10:21:16.0547 4436 usbehci - ok
10:21:16.0757 4436 usbhub (ba50148445e5b2b3abdba208fc9b6fb5) C:\Windows\system32\DRIVERS\usbhub.sys
10:21:16.0767 4436 usbhub - ok
10:21:16.0927 4436 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
10:21:16.0927 4436 usbohci - ok
10:21:17.0087 4436 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
10:21:17.0087 4436 usbprint - ok
10:21:17.0227 4436 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:21:17.0227 4436 USBSTOR - ok
10:21:17.0357 4436 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
10:21:17.0357 4436 usbuhci - ok
10:21:17.0477 4436 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
10:21:17.0477 4436 UxSms - ok
10:21:17.0627 4436 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
10:21:17.0627 4436 VaultSvc - ok
10:21:17.0847 4436 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
10:21:17.0847 4436 vdrvroot - ok
10:21:17.0977 4436 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
10:21:17.0987 4436 vds - ok
10:21:18.0177 4436 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
10:21:18.0177 4436 vga - ok
10:21:18.0347 4436 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
10:21:18.0347 4436 VgaSave - ok
10:21:18.0527 4436 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
10:21:18.0537 4436 vhdmp - ok
10:21:18.0727 4436 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
10:21:18.0737 4436 viaagp - ok
10:21:18.0907 4436 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
10:21:18.0907 4436 ViaC7 - ok
10:21:19.0077 4436 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
10:21:19.0077 4436 viaide - ok
10:21:19.0267 4436 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
10:21:19.0267 4436 vmbus - ok
10:21:19.0437 4436 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
10:21:19.0447 4436 VMBusHID - ok
10:21:19.0597 4436 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
10:21:19.0597 4436 volmgr - ok
10:21:19.0757 4436 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
10:21:19.0767 4436 volmgrx - ok
10:21:19.0907 4436 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
10:21:19.0907 4436 volsnap - ok
10:21:20.0117 4436 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
10:21:20.0127 4436 vsmraid - ok
10:21:20.0307 4436 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
10:21:20.0327 4436 VSS - ok
10:21:20.0497 4436 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
10:21:20.0507 4436 vwifibus - ok
10:21:20.0687 4436 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
10:21:20.0687 4436 vwififlt - ok
10:21:20.0877 4436 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
10:21:20.0887 4436 vwifimp - ok
10:21:21.0067 4436 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
10:21:21.0077 4436 W32Time - ok
10:21:21.0267 4436 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
10:21:21.0267 4436 WacomPen - ok
10:21:21.0467 4436 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
10:21:21.0467 4436 WANARP - ok
10:21:21.0477 4436 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
10:21:21.0477 4436 Wanarpv6 - ok
10:21:21.0657 4436 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
10:21:21.0667 4436 WatAdminSvc - ok
10:21:21.0867 4436 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
10:21:21.0897 4436 wbengine - ok
10:21:22.0107 4436 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
10:21:22.0117 4436 WbioSrvc - ok
10:21:22.0307 4436 WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll
10:21:22.0307 4436 WcesComm - ok
10:21:22.0437 4436 wcncsvc (d0f88aa11ee1a62bcc6d6a8a7783ca11) C:\Windows\System32\wcncsvc.dll
10:21:22.0447 4436 wcncsvc - ok
10:21:22.0607 4436 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
10:21:22.0607 4436 WcsPlugInService - ok
10:21:22.0837 4436 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
10:21:22.0837 4436 Wd - ok
10:21:22.0997 4436 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
10:21:23.0007 4436 Wdf01000 - ok
10:21:23.0147 4436 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
10:21:23.0157 4436 WdiServiceHost - ok
10:21:23.0177 4436 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
10:21:23.0177 4436 WdiSystemHost - ok
10:21:23.0337 4436 WebClient (d87c7d2c517f82a5ab7a73e203063d9e) C:\Windows\System32\webclnt.dll
10:21:23.0347 4436 WebClient - ok
10:21:23.0507 4436 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
10:21:23.0517 4436 Wecsvc - ok
10:21:23.0677 4436 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
10:21:23.0687 4436 wercplsupport - ok
10:21:23.0857 4436 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
10:21:23.0867 4436 WerSvc - ok
10:21:24.0087 4436 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
10:21:24.0087 4436 WfpLwf - ok
10:21:24.0277 4436 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
10:21:24.0277 4436 WIMMount - ok
10:21:24.0377 4436 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
10:21:24.0387 4436 WinDefend - ok
10:21:24.0397 4436 WinHttpAutoProxySvc - ok
10:21:24.0587 4436 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
10:21:24.0587 4436 Winmgmt - ok
10:21:24.0777 4436 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
10:21:24.0817 4436 WinRM - ok
10:21:25.0037 4436 WinUsb (b5ba3cc19d00f2eba92f1cfbebb5d650) C:\Windows\system32\DRIVERS\WinUSB.sys
10:21:25.0037 4436 WinUsb - ok
10:21:25.0207 4436 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
10:21:25.0237 4436 Wlansvc - ok
10:21:25.0427 4436 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:21:25.0427 4436 WmiAcpi - ok
10:21:25.0607 4436 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
10:21:25.0607 4436 wmiApSrv - ok
10:21:25.0707 4436 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
10:21:25.0737 4436 WMPNetworkSvc - ok
10:21:25.0927 4436 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
10:21:25.0927 4436 WPCSvc - ok
10:21:26.0097 4436 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
10:21:26.0097 4436 WPDBusEnum - ok
10:21:26.0297 4436 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
10:21:26.0297 4436 ws2ifsl - ok
10:21:26.0417 4436 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
10:21:26.0427 4436 wscsvc - ok
10:21:26.0537 4436 WSearch - ok
10:21:26.0757 4436 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
10:21:26.0817 4436 wuauserv - ok
10:21:27.0027 4436 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
10:21:27.0027 4436 WudfPf - ok
10:21:27.0237 4436 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:21:27.0237 4436 WUDFRd - ok
10:21:27.0367 4436 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
10:21:27.0377 4436 wudfsvc - ok
10:21:27.0537 4436 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
10:21:27.0537 4436 WwanSvc - ok
10:21:27.0587 4436 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:21:27.0627 4436 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
10:21:27.0627 4436 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
10:21:27.0657 4436 Boot (0x1200) (ef0dcb9b071df7ff0815c5308900cd5a) \Device\Harddisk0\DR0\Partition0
10:21:27.0667 4436 \Device\Harddisk0\DR0\Partition0 - ok
10:21:27.0677 4436 Boot (0x1200) (9c7364bf071c446f8e85ca6430300a07) \Device\Harddisk0\DR0\Partition1
10:21:27.0677 4436 \Device\Harddisk0\DR0\Partition1 - ok
10:21:27.0677 4436 ============================================================
10:21:27.0677 4436 Scan finished
10:21:27.0677 4436 ============================================================
10:21:27.0687 5876 Detected object count: 1
10:21:27.0687 5876 Actual detected object count: 1
10:21:58.0268 5876 \Device\Harddisk0\DR0\# - copied to quarantine
10:21:58.0318 5876 \Device\Harddisk0\DR0 - copied to quarantine
10:21:59.0388 5876 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
10:21:59.0458 5876 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
10:21:59.0468 5876 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
10:21:59.0478 5876 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
10:21:59.0478 5876 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
10:21:59.0478 5876 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
10:21:59.0538 5876 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
10:21:59.0648 5876 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
10:21:59.0658 5876 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
10:21:59.0788 5876 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
10:21:59.0938 5876 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
10:21:59.0988 5876 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
10:22:00.0048 5876 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
10:22:00.0138 5876 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
10:22:00.0138 5876 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
10:22:00.0148 5876 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
10:22:00.0148 5876 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
10:22:00.0238 5876 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine
10:22:00.0348 5876 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
10:22:00.0468 5876 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
10:22:00.0598 5876 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
10:22:00.0708 5876 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
10:22:00.0798 5876 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
10:22:00.0808 5876 \Device\Harddisk0\DR0 - ok
10:22:00.0808 5876 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
10:22:03.0948 4228 Deinitialize success

10:24:04.0930 5100 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
10:24:05.0242 5100 ============================================================
10:24:05.0242 5100 Current date / time: 2012/04/23 10:24:05.0242
10:24:05.0242 5100 SystemInfo:
10:24:05.0242 5100
10:24:05.0242 5100 OS Version: 6.1.7600 ServicePack: 0.0
10:24:05.0242 5100 Product type: Workstation
10:24:05.0242 5100 ComputerName: 77SY4Q1
10:24:05.0242 5100 UserName: rmrnt
10:24:05.0242 5100 Windows directory: C:\Windows
10:24:05.0242 5100 System windows directory: C:\Windows
10:24:05.0242 5100 Processor architecture: Intel x86
10:24:05.0242 5100 Number of processors: 4
10:24:05.0242 5100 Page size: 0x1000
10:24:05.0242 5100 Boot type: Normal boot
10:24:05.0242 5100 ============================================================
10:24:07.0410 5100 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:24:07.0410 5100 \Device\Harddisk0\DR0:
10:24:07.0410 5100 MBR partitions:
10:24:07.0410 5100 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
10:24:07.0410 5100 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x1D12A170
10:24:07.0442 5100 C: <-> \Device\Harddisk0\DR0\Partition1
10:24:07.0473 5100 D: <-> \Device\Harddisk0\DR0\Partition0
10:24:07.0473 5100 Initialize success
10:24:07.0473 5100 ============================================================
10:24:09.0095 5252 ============================================================
10:24:09.0095 5252 Scan started
10:24:09.0095 5252 Mode: Manual;
10:24:09.0095 5252 ============================================================
10:24:10.0951 5252 Scan interrupted by user!
10:24:10.0951 5252 Scan interrupted by user!
10:24:10.0951 5252 Scan interrupted by user!
10:24:10.0951 5252 ============================================================
10:24:10.0951 5252 Scan finished
10:24:10.0951 5252 ============================================================
10:24:10.0967 5236 Detected object count: 0
10:24:10.0967 5236 Actual detected object count: 0
10:24:17.0331 5376 ============================================================
10:24:17.0331 5376 Scan started
10:24:17.0331 5376 Mode: Manual; SigCheck; TDLFS;
10:24:17.0331 5376 ============================================================
10:24:17.0799 5376 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
10:24:17.0986 5376 1394ohci - ok
10:24:18.0173 5376 aaLogger (5d561caae1e089a627e0732875b65724) C:\Program Files\Common Files\ArchestrA\aaLogger.exe
10:24:18.0267 5376 aaLogger ( UnsignedFile.Multi.Generic ) - warning
10:24:18.0267 5376 aaLogger - detected UnsignedFile.Multi.Generic (1)
10:24:18.0579 5376 Acceler (eb008a36206bf9d0de3c5f9df67d20d8) C:\Windows\system32\DRIVERS\Accelern.sys
10:24:18.0860 5376 Acceler - ok
10:24:19.0140 5376 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
10:24:19.0172 5376 ACPI - ok
10:24:19.0374 5376 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
10:24:19.0718 5376 AcpiPmi - ok
10:24:20.0014 5376 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
10:24:20.0030 5376 adp94xx - ok
10:24:20.0388 5376 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
10:24:20.0404 5376 adpahci - ok
10:24:20.0716 5376 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
10:24:20.0747 5376 adpu320 - ok
10:24:21.0012 5376 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
10:24:21.0075 5376 AeLookupSvc - ok
10:24:21.0496 5376 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\aestsrv.exe
10:24:21.0683 5376 AESTFilters - ok
10:24:22.0089 5376 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
10:24:22.0151 5376 AFD - ok
10:24:22.0416 5376 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
10:24:22.0432 5376 agp440 - ok
10:24:22.0775 5376 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
10:24:22.0806 5376 aic78xx - ok
10:24:23.0134 5376 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
10:24:23.0258 5376 ALG - ok
10:24:23.0539 5376 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
10:24:23.0570 5376 aliide - ok
10:24:23.0586 5376 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
10:24:23.0617 5376 amdagp - ok
10:24:23.0664 5376 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
10:24:23.0680 5376 amdide - ok
10:24:23.0711 5376 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
10:24:23.0758 5376 AmdK8 - ok
10:24:23.0820 5376 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
10:24:23.0898 5376 AmdPPM - ok
10:24:24.0023 5376 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
10:24:24.0054 5376 amdsata - ok
10:24:24.0085 5376 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
10:24:24.0132 5376 amdsbs - ok
10:24:24.0148 5376 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
10:24:24.0163 5376 amdxata - ok
10:24:24.0210 5376 ApfiltrService (11246b43e2fd8318ef5f45de3a74fbae) C:\Windows\system32\DRIVERS\Apfiltr.sys
10:24:24.0226 5376 ApfiltrService - ok
10:24:24.0272 5376 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
10:24:24.0350 5376 AppID - ok
10:24:24.0397 5376 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
10:24:24.0522 5376 AppIDSvc - ok
10:24:24.0538 5376 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
10:24:24.0569 5376 Appinfo - ok
10:24:24.0600 5376 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
10:24:24.0693 5376 AppMgmt - ok
10:24:24.0756 5376 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
10:24:24.0787 5376 arc - ok
10:24:24.0927 5376 ArchestrA License Server (338deabd788009f2d043d3080e29930d) C:\Program Files\ArchestrA\License Server\lmgrd.exe
10:24:25.0115 5376 ArchestrA License Server - ok
10:24:25.0302 5376 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
10:24:25.0333 5376 arcsas - ok
10:24:25.0458 5376 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:24:25.0551 5376 aspnet_state - ok
10:24:25.0583 5376 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
10:24:25.0629 5376 AsyncMac - ok
10:24:25.0661 5376 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
10:24:25.0676 5376 atapi - ok
10:24:25.0739 5376 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
10:24:25.0801 5376 AudioEndpointBuilder - ok
10:24:25.0801 5376 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
10:24:25.0848 5376 Audiosrv - ok
10:24:25.0879 5376 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
10:24:25.0926 5376 AxInstSV - ok
10:24:26.0019 5376 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
10:24:26.0129 5376 b06bdrv - ok
10:24:26.0175 5376 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
10:24:26.0269 5376 b57nd60x - ok
10:24:26.0363 5376 BCM43XX (f689c5965cefad780a2948546703bd5d) C:\Windows\system32\DRIVERS\bcmwl6.sys
10:24:26.0441 5376 BCM43XX - ok
10:24:26.0487 5376 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
10:24:26.0550 5376 BDESVC - ok
10:24:26.0612 5376 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
10:24:26.0659 5376 Beep - ok
10:24:26.0706 5376 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
10:24:26.0784 5376 BFE - ok
10:24:26.0846 5376 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\system32\qmgr.dll
10:24:26.0940 5376 BITS - ok
10:24:26.0986 5376 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
10:24:27.0033 5376 blbdrive - ok
10:24:27.0080 5376 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
10:24:27.0111 5376 bowser - ok
10:24:27.0142 5376 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:24:27.0189 5376 BrFiltLo - ok
10:24:27.0189 5376 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:24:27.0252 5376 BrFiltUp - ok
10:24:27.0283 5376 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
10:24:27.0330 5376 BridgeMP - ok
10:24:27.0361 5376 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
10:24:27.0408 5376 Browser - ok
10:24:27.0423 5376 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
10:24:27.0501 5376 Brserid - ok
10:24:27.0517 5376 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
10:24:27.0579 5376 BrSerWdm - ok
10:24:27.0595 5376 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:24:27.0642 5376 BrUsbMdm - ok
10:24:27.0642 5376 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
10:24:27.0673 5376 BrUsbSer - ok
10:24:27.0704 5376 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
10:24:27.0766 5376 BTHMODEM - ok
10:24:27.0813 5376 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
10:24:27.0860 5376 bthserv - ok
10:24:28.0000 5376 catchme - ok
10:24:28.0094 5376 CcmExec (a454a9baa25b8c8e76735dd86bd4b017) C:\Windows\system32\CCM\CcmExec.exe
10:24:28.0156 5376 CcmExec - ok
10:24:28.0234 5376 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
10:24:28.0281 5376 cdfs - ok
10:24:28.0328 5376 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
10:24:28.0375 5376 cdrom - ok
10:24:28.0422 5376 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
10:24:28.0484 5376 CertPropSvc - ok
10:24:28.0484 5376 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
10:24:28.0531 5376 circlass - ok
10:24:28.0562 5376 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
10:24:28.0593 5376 CLFS - ok
10:24:28.0718 5376 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:24:28.0765 5376 clr_optimization_v2.0.50727_32 - ok
10:24:28.0796 5376 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:24:28.0843 5376 clr_optimization_v4.0.30319_32 - ok
10:24:28.0889 5376 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
10:24:28.0936 5376 CmBatt - ok
10:24:28.0967 5376 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
10:24:28.0983 5376 cmdide - ok
10:24:29.0014 5376 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
10:24:29.0045 5376 CNG - ok
10:24:29.0077 5376 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
10:24:29.0092 5376 Compbatt - ok
10:24:29.0123 5376 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
10:24:29.0155 5376 CompositeBus - ok
10:24:29.0170 5376 COMSysApp - ok
10:24:29.0201 5376 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
10:24:29.0217 5376 crcdisk - ok
10:24:29.0264 5376 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
10:24:29.0311 5376 CryptSvc - ok
10:24:29.0326 5376 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
10:24:29.0389 5376 CSC - ok
10:24:29.0404 5376 CscService (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll
10:24:29.0451 5376 CscService - ok
10:24:29.0482 5376 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
10:24:29.0513 5376 CVirtA - ok
10:24:29.0779 5376 CVPND (66257cb4e4fb69887cddc71663741435) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
10:24:30.0044 5376 CVPND - ok
10:24:30.0215 5376 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\Windows\system32\Drivers\CVPNDRVA.sys
10:24:30.0262 5376 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
10:24:30.0262 5376 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
10:24:30.0293 5376 cvusbdrv (d1697063e2cdb6575aa46d668ffee825) C:\Windows\system32\Drivers\cvusbdrv.sys
10:24:30.0309 5376 cvusbdrv - ok
10:24:30.0387 5376 DB2JDS (4c55645eecd65713f278f54fcd24e26b) C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe
10:24:30.0434 5376 DB2JDS - ok
10:24:30.0449 5376 DB2NTSECSERVER (2251de6970b962230450364b82acbd16) C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
10:24:30.0481 5376 DB2NTSECSERVER - ok
10:24:30.0590 5376 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
10:24:30.0652 5376 DcomLaunch - ok
10:24:30.0683 5376 dcpsysmgrsvc (4a557869c542b26264ea727c11b6670e) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
10:24:30.0761 5376 dcpsysmgrsvc - ok
10:24:30.0808 5376 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
10:24:30.0870 5376 defragsvc - ok
10:24:30.0933 5376 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
10:24:30.0995 5376 DfsC - ok
10:24:31.0042 5376 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
10:24:31.0151 5376 Dhcp - ok
10:24:31.0182 5376 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
10:24:31.0260 5376 discache - ok
10:24:31.0292 5376 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
10:24:31.0323 5376 Disk - ok
10:24:31.0354 5376 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
10:24:31.0385 5376 DNE - ok
10:24:31.0432 5376 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
10:24:31.0526 5376 Dnscache - ok
10:24:31.0557 5376 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
10:24:31.0604 5376 dot3svc - ok
10:24:31.0635 5376 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
10:24:31.0697 5376 DPS - ok
10:24:31.0760 5376 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
10:24:31.0791 5376 drmkaud - ok
10:24:31.0962 5376 DXGKrnl (c94b6c3cc628179cb9b9061c19888b99) C:\Windows\System32\drivers\dxgkrnl.sys
10:24:32.0009 5376 DXGKrnl - ok
10:24:32.0056 5376 e1kexpress (a13f07a0422e4a04e7ff6f6f3b05e729) C:\Windows\system32\DRIVERS\e1k6232.sys
10:24:32.0087 5376 e1kexpress - ok
10:24:32.0150 5376 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
10:24:32.0228 5376 EapHost - ok
10:24:32.0711 5376 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
10:24:32.0852 5376 ebdrv - ok
10:24:33.0163 5376 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
10:24:33.0257 5376 EFS - ok
10:24:33.0351 5376 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
10:24:33.0429 5376 ehRecvr - ok
10:24:33.0460 5376 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
10:24:33.0522 5376 ehSched - ok
10:24:33.0585 5376 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
10:24:33.0631 5376 elxstor - ok
10:24:33.0663 5376 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
10:24:33.0694 5376 ErrDev - ok
10:24:33.0741 5376 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
10:24:33.0850 5376 EventSystem - ok
10:24:33.0865 5376 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
10:24:33.0912 5376 exfat - ok
10:24:33.0943 5376 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
10:24:33.0975 5376 fastfat - ok
10:24:34.0006 5376 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
10:24:34.0099 5376 Fax - ok
10:24:34.0115 5376 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
10:24:34.0177 5376 fdc - ok
10:24:34.0193 5376 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
10:24:34.0240 5376 fdPHost - ok
10:24:34.0255 5376 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
10:24:34.0287 5376 FDResPub - ok
10:24:34.0318 5376 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
10:24:34.0365 5376 FileInfo - ok
10:24:34.0411 5376 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
10:24:34.0443 5376 Filetrace - ok
10:24:34.0458 5376 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
10:24:34.0521 5376 flpydisk - ok
10:24:34.0552 5376 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
10:24:34.0567 5376 FltMgr - ok
10:24:34.0614 5376 FontCache (151258fc2ec8c48bdf8a53350ae0a676) C:\Windows\system32\FntCache.dll
10:24:34.0677 5376 FontCache - ok
10:24:34.0786 5376 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:24:34.0817 5376 FontCache3.0.0.0 - ok
10:24:34.0911 5376 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
10:24:34.0957 5376 FsDepends - ok
10:24:34.0973 5376 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
10:24:35.0004 5376 Fs_Rec - ok
10:24:35.0020 5376 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
10:24:35.0066 5376 fvevol - ok
10:24:35.0113 5376 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:24:35.0144 5376 gagp30kx - ok
10:24:35.0176 5376 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
10:24:35.0300 5376 gpsvc - ok
10:24:35.0332 5376 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
10:24:35.0425 5376 hcw85cir - ok
10:24:35.0441 5376 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:24:35.0488 5376 HDAudBus - ok
10:24:35.0488 5376 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
10:24:35.0550 5376 HidBatt - ok
10:24:35.0550 5376 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
10:24:35.0597 5376 HidBth - ok
10:24:35.0628 5376 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
10:24:35.0690 5376 HidIr - ok
10:24:35.0722 5376 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
10:24:35.0784 5376 hidserv - ok
10:24:35.0800 5376 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
10:24:35.0878 5376 HidUsb - ok
10:24:35.0893 5376 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
10:24:35.0940 5376 hkmsvc - ok
10:24:35.0971 5376 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
10:24:36.0018 5376 HomeGroupListener - ok
10:24:36.0049 5376 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
10:24:36.0080 5376 HomeGroupProvider - ok
10:24:36.0127 5376 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
10:24:36.0158 5376 HpSAMD - ok
10:24:36.0205 5376 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
10:24:36.0283 5376 HTTP - ok
10:24:36.0299 5376 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
10:24:36.0314 5376 hwpolicy - ok
10:24:36.0361 5376 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
10:24:36.0408 5376 i8042prt - ok
10:24:36.0470 5376 iaStor (39f7c9aeee865fe8e98cf3edd2b4bb4a) C:\Windows\system32\DRIVERS\iaStor.sys
10:24:36.0502 5376 iaStor - ok
10:24:36.0533 5376 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
10:24:36.0564 5376 iaStorV - ok
10:24:36.0673 5376 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
10:24:36.0736 5376 IDriverT ( UnsignedFile.Multi.Generic ) - warning
10:24:36.0736 5376 IDriverT - detected UnsignedFile.Multi.Generic (1)
10:24:36.0845 5376 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:24:36.0954 5376 idsvc - ok
10:24:37.0125 5376 igfx (4ee7874572a515d112d2f35112f5ad41) C:\Windows\system32\DRIVERS\igdkmd32.sys
10:24:37.0406 5376 igfx - ok
10:24:37.0500 5376 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
10:24:37.0515 5376 iirsp - ok
10:24:37.0562 5376 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
10:24:37.0640 5376 IKEEXT - ok
10:24:37.0687 5376 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\Windows\system32\DRIVERS\Impcd.sys
10:24:37.0749 5376 Impcd - ok
10:24:37.0781 5376 IntcDAud (2d79c681ce6d53a0c6c725a84594df4c) C:\Windows\system32\DRIVERS\IntcDAud.sys
10:24:37.0843 5376 IntcDAud - ok
10:24:37.0859 5376 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
10:24:37.0874 5376 intelide - ok
10:24:37.0905 5376 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
10:24:37.0937 5376 intelppm - ok
10:24:37.0952 5376 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
10:24:38.0015 5376 IPBusEnum - ok
10:24:38.0046 5376 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:24:38.0093 5376 IpFilterDriver - ok
10:24:38.0124 5376 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
10:24:38.0171 5376 iphlpsvc - ok
10:24:38.0186 5376 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
10:24:38.0249 5376 IPMIDRV - ok
10:24:38.0249 5376 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
10:24:38.0311 5376 IPNAT - ok
10:24:38.0327 5376 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
10:24:38.0342 5376 IRENUM - ok
10:24:38.0373 5376 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
10:24:38.0389 5376 isapnp - ok
10:24:38.0420 5376 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
10:24:38.0436 5376 iScsiPrt - ok
10:24:38.0467 5376 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:24:38.0498 5376 kbdclass - ok
10:24:38.0529 5376 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
10:24:38.0576 5376 kbdhid - ok
10:24:38.0623 5376 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
10:24:38.0639 5376 KeyIso - ok
10:24:38.0670 5376 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
10:24:38.0701 5376 KSecDD - ok
10:24:38.0732 5376 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
10:24:38.0779 5376 KSecPkg - ok
10:24:38.0810 5376 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
10:24:38.0857 5376 KtmRm - ok
10:24:38.0919 5376 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\System32\srvsvc.dll
10:24:38.0966 5376 LanmanServer - ok
10:24:38.0997 5376 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
10:24:39.0044 5376 LanmanWorkstation - ok
10:24:39.0107 5376 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
10:24:39.0153 5376 lltdio - ok
10:24:39.0200 5376 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
10:24:39.0247 5376 lltdsvc - ok
10:24:39.0262 5376 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
10:24:39.0309 5376 lmhosts - ok
10:24:39.0325 5376 Lotus Notes Diagnostics - ok
10:24:39.0356 5376 Lotus Notes Single Logon (1a394a0372622b3d5f989ae8329326f2) C:\Notes\nslsvice.exe
10:24:39.0418 5376 Lotus Notes Single Logon - ok
10:24:39.0465 5376 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:24:39.0496 5376 LSI_FC - ok
10:24:39.0512 5376 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:24:39.0543 5376 LSI_SAS - ok
10:24:39.0559 5376 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:24:39.0590 5376 LSI_SAS2 - ok
10:24:39.0621 5376 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:24:39.0652 5376 LSI_SCSI - ok
10:24:39.0668 5376 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
10:24:39.0730 5376 luafv - ok
10:24:39.0746 5376 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
10:24:39.0808 5376 Mcx2Svc - ok
10:24:39.0824 5376 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
10:24:39.0855 5376 megasas - ok
10:24:39.0855 5376 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
10:24:39.0886 5376 MegaSR - ok
10:24:39.0980 5376 Microsoft SharePoint Workspace Audit Service - ok
10:24:39.0996 5376 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
10:24:40.0058 5376 MMCSS - ok
10:24:40.0074 5376 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
10:24:40.0136 5376 Modem - ok
10:24:40.0152 5376 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
10:24:40.0198 5376 monitor - ok
10:24:40.0230 5376 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
10:24:40.0245 5376 mouclass - ok
10:24:40.0276 5376 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
10:24:40.0308 5376 mouhid - ok
10:24:40.0323 5376 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
10:24:40.0370 5376 mountmgr - ok
10:24:40.0386 5376 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
10:24:40.0448 5376 MpFilter - ok
10:24:40.0479 5376 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
10:24:40.0542 5376 mpio - ok
10:24:40.0651 5376 MpKslb0f8803d (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3D3AB3B5-1FAE-47E0-B3CB-FA73029976A3}\MpKslb0f8803d.sys
10:24:40.0682 5376 MpKslb0f8803d - ok
10:24:40.0729 5376 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
10:24:40.0744 5376 MpNWMon - ok
10:24:40.0776 5376 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
10:24:40.0838 5376 mpsdrv - ok
10:24:40.0869 5376 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
10:24:40.0916 5376 MpsSvc - ok
10:24:40.0947 5376 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
10:24:40.0963 5376 MRxDAV - ok
10:24:40.0994 5376 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:24:41.0041 5376 mrxsmb - ok
10:24:41.0088 5376 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:24:41.0119 5376 mrxsmb10 - ok
10:24:41.0150 5376 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:24:41.0197 5376 mrxsmb20 - ok
10:24:41.0228 5376 msahci (cb5d37e91135b0f15cee64d1f1ba5de5) C:\Windows\system32\DRIVERS\msahci.sys
10:24:41.0243 5376 msahci - ok
10:24:41.0259 5376 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
10:24:41.0290 5376 msdsm - ok
10:24:41.0321 5376 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
10:24:41.0353 5376 MSDTC - ok
10:24:41.0384 5376 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
10:24:41.0446 5376 Msfs - ok
10:24:41.0462 5376 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
10:24:41.0509 5376 mshidkmdf - ok
10:24:41.0524 5376 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
10:24:41.0540 5376 msisadrv - ok
10:24:41.0587 5376 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
10:24:41.0633 5376 MSiSCSI - ok
10:24:41.0633 5376 msiserver - ok
10:24:41.0665 5376 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
10:24:41.0727 5376 MSKSSRV - ok
10:24:41.0805 5376 MsMpSvc (90dc23d940551db35367fb1e40575b25) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
10:24:41.0836 5376 MsMpSvc - ok
10:24:41.0867 5376 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
10:24:41.0914 5376 MSPCLOCK - ok
10:24:41.0914 5376 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
10:24:41.0961 5376 MSPQM - ok
10:24:41.0992 5376 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
10:24:42.0023 5376 MsRPC - ok
10:24:42.0055 5376 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
10:24:42.0070 5376 mssmbios - ok
10:24:42.0086 5376 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
10:24:42.0117 5376 MSTEE - ok
10:24:42.0133 5376 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
10:24:42.0164 5376 MTConfig - ok
10:24:42.0195 5376 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
10:24:42.0211 5376 Mup - ok
10:24:42.0242 5376 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
10:24:42.0304 5376 napagent - ok
10:24:42.0335 5376 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
10:24:42.0367 5376 NativeWifiP - ok
10:24:42.0382 5376 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
10:24:42.0429 5376 NDIS - ok
10:24:42.0445 5376 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
10:24:42.0491 5376 NdisCap - ok
10:24:42.0507 5376 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
10:24:42.0569 5376 NdisTapi - ok
10:24:42.0585 5376 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
10:24:42.0632 5376 Ndisuio - ok
10:24:42.0647 5376 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
10:24:42.0694 5376 NdisWan - ok
10:24:42.0710 5376 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
10:24:42.0741 5376 NDProxy - ok
10:24:42.0803 5376 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
10:24:42.0850 5376 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:24:42.0850 5376 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:24:42.0881 5376 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
10:24:42.0944 5376 NetBIOS - ok
10:24:42.0944 5376 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
10:24:43.0022 5376 NetBT - ok
10:24:43.0069 5376 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
10:24:43.0084 5376 Netlogon - ok
10:24:43.0131 5376 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
10:24:43.0178 5376 Netman - ok
10:24:43.0240 5376 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:24:43.0287 5376 NetMsmqActivator - ok
10:24:43.0287 5376 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:24:43.0318 5376 NetPipeActivator - ok
10:24:43.0334 5376 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
10:24:43.0412 5376 netprofm - ok
10:24:43.0412 5376 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:24:43.0443 5376 NetTcpActivator - ok
10:24:43.0443 5376 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:24:43.0474 5376 NetTcpPortSharing - ok
10:24:43.0536 5376 netvsc (bcd77de94fa91339705a95d30fcfe9af) C:\Windows\system32\DRIVERS\netvsc60.sys
10:24:43.0583 5376 netvsc - ok
10:24:43.0739 5376 NETwNs32 (29e4f23d31fb66c7bf0014d36cf5af2a) C:\Windows\system32\DRIVERS\NETwNs32.sys
10:24:44.0004 5376 NETwNs32 - ok
10:24:44.0176 5376 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
10:24:44.0223 5376 nfrd960 - ok
10:24:44.0270 5376 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:24:44.0301 5376 NisDrv - ok
10:24:44.0394 5376 NisSrv (c73de53197ac0c4db60b80588f0d54df) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
10:24:44.0441 5376 NisSrv - ok
10:24:44.0472 5376 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
10:24:44.0566 5376 NlaSvc - ok
10:24:44.0613 5376 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
10:24:44.0660 5376 Npfs - ok
10:24:44.0706 5376 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
10:24:44.0738 5376 nsi - ok
10:24:44.0753 5376 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
10:24:44.0800 5376 nsiproxy - ok
10:24:44.0847 5376 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
10:24:44.0987 5376 Ntfs - ok
10:24:45.0003 5376 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
10:24:45.0034 5376 Null - ok
10:24:45.0065 5376 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
10:24:45.0096 5376 nvraid - ok
10:24:45.0128 5376 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
10:24:45.0159 5376 nvstor - ok
10:24:45.0174 5376 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
10:24:45.0206 5376 nv_agp - ok
10:24:45.0268 5376 NWSAPAutoWorkstationUpdateSvc (b13698034f9162d91df8e22d3b54bb58) C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
10:24:45.0658 5376 NWSAPAutoWorkstationUpdateSvc - ok
10:24:45.0673 5376 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
10:24:45.0720 5376 ohci1394 - ok
10:24:45.0767 5376 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:24:45.0829 5376 ose - ok
10:24:45.0985 5376 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:24:46.0235 5376 osppsvc - ok
10:24:46.0391 5376 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
10:24:46.0469 5376 p2pimsvc - ok
10:24:46.0531 5376 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
10:24:46.0578 5376 p2psvc - ok
10:24:46.0625 5376 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
10:24:46.0734 5376 Parport - ok
10:24:46.0765 5376 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
10:24:46.0797 5376 partmgr - ok
10:24:46.0812 5376 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
10:24:46.0828 5376 Parvdm - ok
10:24:46.0859 5376 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
10:24:46.0921 5376 PcaSvc - ok
10:24:46.0953 5376 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
10:24:46.0984 5376 pci - ok
10:24:46.0999 5376 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
10:24:47.0015 5376 pciide - ok
10:24:47.0031 5376 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
10:24:47.0062 5376 pcmcia - ok
10:24:47.0077 5376 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
10:24:47.0093 5376 pcw - ok
10:24:47.0124 5376 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
10:24:47.0187 5376 PEAUTH - ok
10:24:47.0233 5376 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
10:24:47.0327 5376 PeerDistSvc - ok
10:24:47.0374 5376 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
10:24:47.0467 5376 pla - ok
10:24:47.0498 5376 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
10:24:47.0545 5376 PlugPlay - ok
10:24:47.0592 5376 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
10:24:47.0639 5376 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:24:47.0639 5376 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:24:47.0670 5376 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
10:24:47.0717 5376 PNRPAutoReg - ok
10:24:47.0748 5376 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
10:24:47.0779 5376 PNRPsvc - ok
10:24:47.0810 5376 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
10:24:47.0873 5376 PolicyAgent - ok
10:24:47.0904 5376 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
10:24:47.0951 5376 Power - ok
10:24:47.0998 5376 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
10:24:48.0076 5376 PptpMiniport - ok
10:24:48.0138 5376 prepdrvr (2a4514a9233d35a355f569ff8b8f6240) C:\Windows\system32\CCM\prepdrv.sys
10:24:48.0200 5376 prepdrvr - ok
10:24:48.0232 5376 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
10:24:48.0278 5376 Processor - ok
10:24:48.0310 5376 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
10:24:48.0372 5376 ProfSvc - ok
10:24:48.0403 5376 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
10:24:48.0419 5376 ProtectedStorage - ok
10:24:48.0434 5376 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
10:24:48.0497 5376 Psched - ok
10:24:48.0512 5376 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
10:24:48.0544 5376 PxHelp20 - ok
10:24:48.0575 5376 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
10:24:48.0668 5376 ql2300 - ok
10:24:48.0700 5376 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
10:24:48.0731 5376 ql40xx - ok
10:24:48.0762 5376 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
10:24:48.0824 5376 QWAVE - ok
10:24:48.0856 5376 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
10:24:48.0918 5376 QWAVEdrv - ok
10:24:48.0996 5376 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
10:24:49.0043 5376 RapiMgr - ok
10:24:49.0058 5376 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
10:24:49.0121 5376 RasAcd - ok
10:24:49.0152 5376 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:24:49.0199 5376 RasAgileVpn - ok
10:24:49.0230 5376 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
10:24:49.0277 5376 RasAuto - ok
10:24:49.0308 5376 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:24:49.0355 5376 Rasl2tp - ok
10:24:49.0386 5376 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
10:24:49.0448 5376 RasMan - ok
10:24:49.0480 5376 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
10:24:49.0542 5376 RasPppoe - ok
10:24:49.0573 5376 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
10:24:49.0620 5376 RasSstp - ok
10:24:49.0635 5376 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
10:24:49.0682 5376 rdbss - ok
10:24:49.0698 5376 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
10:24:49.0729 5376 rdpbus - ok
10:24:49.0745 5376 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:24:49.0791 5376 RDPCDD - ok
10:24:49.0823 5376 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
10:24:49.0869 5376 RDPDR - ok
10:24:49.0885 5376 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
10:24:49.0916 5376 RDPENCDD - ok
10:24:49.0947 5376 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
10:24:49.0963 5376 RDPREFMP - ok
10:24:50.0010 5376 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\Windows\system32\drivers\RDPWD.sys
10:24:50.0072 5376 RDPWD - ok
10:24:50.0103 5376 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
10:24:50.0150 5376 rdyboost - ok
10:24:50.0197 5376 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
10:24:50.0244 5376 RemoteAccess - ok
10:24:50.0291 5376 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
10:24:50.0353 5376 RemoteRegistry - ok
10:24:50.0400 5376 rimspci (e891f07815af88075705ef6a248711f6) C:\Windows\system32\DRIVERS\rimspe86.sys
10:24:50.0493 5376 rimspci - ok
10:24:50.0509 5376 risdpcie (d853d35f792a3a44726a794bf9a0bbc3) C:\Windows\system32\DRIVERS\risdpe86.sys
10:24:50.0556 5376 risdpcie - ok
10:24:50.0571 5376 rixdpcie (cf2de2365fd99e5b8e38c9f3467dcdb8) C:\Windows\system32\DRIVERS\rixdpe86.sys
10:24:50.0618 5376 rixdpcie - ok
10:24:50.0634 5376 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
10:24:50.0681 5376 RpcEptMapper - ok
10:24:50.0696 5376 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
10:24:50.0727 5376 RpcLocator - ok
10:24:50.0743 5376 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\System32\rpcss.dll
10:24:50.0790 5376 RpcSs - ok
10:24:50.0837 5376 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
10:24:50.0915 5376 rspndr - ok
10:24:50.0946 5376 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
10:24:50.0977 5376 s3cap - ok
10:24:51.0008 5376 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
10:24:51.0024 5376 SamSs - ok
10:24:51.0055 5376 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
10:24:51.0102 5376 sbp2port - ok
10:24:51.0133 5376 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
10:24:51.0195 5376 SCardSvr - ok
10:24:51.0211 5376 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
10:24:51.0242 5376 scfilter - ok
10:24:51.0289 5376 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
10:24:51.0383 5376 Schedule - ok
10:24:51.0398 5376 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
10:24:51.0445 5376 SCPolicySvc - ok
10:24:51.0476 5376 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
10:24:51.0523 5376 SDRSVC - ok
10:24:51.0570 5376 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:24:51.0632 5376 secdrv - ok
10:24:51.0663 5376 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
10:24:51.0710 5376 seclogon - ok
10:24:51.0726 5376 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
10:24:51.0788 5376 SENS - ok
10:24:51.0804 5376 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
10:24:51.0882 5376 SensrSvc - ok
10:24:51.0944 5376 Sentinel (a2cc81c30bef6ac9f27055490eef6de3) C:\Windows\System32\Drivers\SENTINEL.SYS
10:24:52.0147 5376 Sentinel - ok
10:24:52.0256 5376 SentinelKeysServer (a9eeb7b09b898a53ec8b7063b923ac32) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
10:24:52.0381 5376 SentinelKeysServer - ok
10:24:52.0412 5376 SentinelProtectionServer (fd8723219c907c7ab753c93334fa4610) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
10:24:54.0783 5376 SentinelProtectionServer - ok
10:24:54.0955 5376 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
10:24:55.0017 5376 Serenum - ok
10:24:55.0048 5376 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
10:24:55.0173 5376 Serial - ok
10:24:55.0282 5376 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
10:24:55.0313 5376 sermouse - ok
10:24:55.0345 5376 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
10:24:55.0423 5376 SessionEnv - ok
10:24:55.0454 5376 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
10:24:55.0501 5376 sffdisk - ok
10:24:55.0516 5376 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
10:24:55.0563 5376 sffp_mmc - ok
10:24:55.0579 5376 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
10:24:55.0594 5376 sffp_sd - ok
10:24:55.0610 5376 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
10:24:55.0641 5376 sfloppy - ok
10:24:55.0688 5376 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
10:24:55.0766 5376 SharedAccess - ok
10:24:55.0812 5376 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
10:24:55.0859 5376 ShellHWDetection - ok
10:24:55.0906 5376 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
10:24:55.0937 5376 sisagp - ok
10:24:55.0953 5376 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:24:55.0984 5376 SiSRaid2 - ok
10:24:56.0000 5376 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
10:24:56.0015 5376 SiSRaid4 - ok
10:24:56.0046 5376 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
10:24:56.0109 5376 Smb - ok
10:24:56.0140 5376 smstsmgr - ok
10:24:56.0187 5376 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
10:24:56.0218 5376 SNMPTRAP - ok
10:24:56.0265 5376 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
10:24:56.0280 5376 spldr - ok
10:24:56.0327 5376 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
10:24:56.0390 5376 Spooler - ok
10:24:56.0468 5376 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
10:24:56.0686 5376 sppsvc - ok
10:24:56.0717 5376 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
10:24:56.0795 5376 sppuinotify - ok
10:24:56.0842 5376 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
10:24:56.0904 5376 srv - ok
10:24:56.0920 5376 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
10:24:56.0967 5376 srv2 - ok
10:24:56.0998 5376 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
10:24:57.0029 5376 srvnet - ok
10:24:57.0060 5376 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
10:24:57.0107 5376 SSDPSRV - ok
10:24:57.0154 5376 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
10:24:57.0216 5376 SstpSvc - ok
10:24:57.0263 5376 STacSV (90f4ab6dede1d075fc9656675d95c03b) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\STacSV.exe
10:24:57.0357 5376 STacSV - ok
10:24:57.0419 5376 stdcfltn (73d7a81e3af7763aa627d99f50bd3f49) C:\Windows\system32\DRIVERS\stdcfltn.sys
10:24:57.0435 5376 stdcfltn - ok
10:24:57.0482 5376 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
10:24:57.0497 5376 stexstor - ok
10:24:57.0544 5376 STHDA (4e5c74bd3244139ecaa73cc2c0f8b86b) C:\Windows\system32\DRIVERS\stwrt.sys
10:24:57.0606 5376 STHDA - ok
10:24:57.0638 5376 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
10:24:57.0669 5376 StiSvc - ok
10:24:57.0778 5376 stllssvr (e476c66713c842f58e61a95826ed1d57) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
10:24:57.0887 5376 stllssvr - ok
10:24:58.0074 5376 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
10:24:58.0121 5376 storflt - ok
10:24:58.0183 5376 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
10:24:58.0230 5376 StorSvc - ok
10:24:58.0308 5376 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
10:24:58.0339 5376 storvsc - ok
10:24:58.0386 5376 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
10:24:58.0417 5376 swenum - ok
10:24:58.0464 5376 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
10:24:58.0527 5376 swprv - ok
10:24:58.0589 5376 SynthVid (ae0d62a47c63e874fb96ded276f3f94b) C:\Windows\system32\DRIVERS\VMBusVideoM.sys
10:24:58.0636 5376 SynthVid - ok
10:24:58.0683 5376 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
10:24:58.0761 5376 SysMain - ok
10:24:58.0776 5376 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
10:24:58.0823 5376 TabletInputService - ok
10:24:58.0854 5376 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
10:24:58.0885 5376 TapiSrv - ok
10:24:58.0901 5376 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
10:24:58.0979 5376 TBS - ok
10:24:59.0057 5376 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
10:24:59.0135 5376 Tcpip - ok
10:24:59.0213 5376 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
10:24:59.0260 5376 TCPIP6 - ok
10:24:59.0291 5376 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
10:24:59.0338 5376 tcpipreg - ok
10:24:59.0369 5376 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
10:24:59.0416 5376 TDPIPE - ok
10:24:59.0463 5376 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
10:24:59.0509 5376 TDTCP - ok
10:24:59.0541 5376 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
10:24:59.0587 5376 tdx - ok
10:24:59.0603 5376 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
10:24:59.0634 5376 TermDD - ok
10:24:59.0665 5376 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
10:24:59.0743 5376 TermService - ok
10:24:59.0759 5376 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
10:24:59.0790 5376 Themes - ok
10:24:59.0821 5376 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
10:24:59.0853 5376 THREADORDER - ok
10:24:59.0884 5376 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
10:24:59.0931 5376 TrkWks - ok
10:24:59.0977 5376 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
10:25:00.0024 5376 TrustedInstaller - ok
10:25:00.0071 5376 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:25:00.0133 5376 tssecsrv - ok
10:25:00.0164 5376 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
10:25:00.0196 5376 tunnel - ok
10:25:00.0305 5376 tvnserver (aaf458cc200326bef602b5339400bf86) C:\Program Files\TightVNC\tvnserver.exe
10:25:00.0445 5376 tvnserver - ok
10:25:00.0632 5376 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
10:25:00.0679 5376 uagp35 - ok
10:25:00.0695 5376 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\Windows\system32\DRIVERS\udfs.sys
10:25:00.0773 5376 udfs - ok
10:25:00.0851 5376 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
10:25:00.0882 5376 UI0Detect - ok
10:25:00.0944 5376 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
10:25:00.0991 5376 uliagpkx - ok
10:25:01.0022 5376 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
10:25:01.0054 5376 umbus - ok
10:25:01.0069 5376 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
10:25:01.0100 5376 UmPass - ok
10:25:01.0132 5376 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll
10:25:01.0163 5376 UmRdpService - ok
10:25:01.0194 5376 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
10:25:01.0225 5376 upnphost - ok
10:25:01.0303 5376 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
10:25:01.0381 5376 usbaudio - ok
10:25:01.0397 5376 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
10:25:01.0444 5376 usbccgp - ok
10:25:01.0459 5376 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
10:25:01.0506 5376 usbcir - ok
10:25:01.0537 5376 usbehci (0eeedd78c2bedac75e8ed1ba8d77878b) C:\Windows\system32\DRIVERS\usbehci.sys
10:25:01.0584 5376 usbehci - ok
10:25:01.0615 5376 usbhub (ba50148445e5b2b3abdba208fc9b6fb5) C:\Windows\system32\DRIVERS\usbhub.sys
10:25:01.0678 5376 usbhub - ok
10:25:01.0834 5376 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
10:25:01.0865 5376 usbohci - ok
10:25:01.0912 5376 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
10:25:01.0958 5376 usbprint - ok
10:25:02.0021 5376 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:25:02.0067 5376 USBSTOR - ok
10:25:02.0083 5376 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
10:25:02.0114 5376 usbuhci - ok
10:25:02.0145 5376 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
10:25:02.0177 5376 UxSms - ok
10:25:02.0208 5376 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
10:25:02.0239 5376 VaultSvc - ok
10:25:02.0286 5376 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
10:25:02.0317 5376 vdrvroot - ok
10:25:02.0348 5376 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
10:25:02.0426 5376 vds - ok
10:25:02.0442 5376 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
10:25:02.0489 5376 vga - ok
10:25:02.0504 5376 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
10:25:02.0535 5376 VgaSave - ok
10:25:02.0551 5376 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
10:25:02.0567 5376 vhdmp - ok
10:25:02.0598 5376 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
10:25:02.0613 5376 viaagp - ok
10:25:02.0629 5376 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
10:25:02.0676 5376 ViaC7 - ok
10:25:02.0707 5376 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
10:25:02.0723 5376 viaide - ok
10:25:02.0738 5376 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
10:25:02.0754 5376 vmbus - ok
10:25:02.0769 5376 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
10:25:02.0816 5376 VMBusHID - ok
10:25:02.0832 5376 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
10:25:02.0847 5376 volmgr - ok
10:25:02.0879 5376 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
10:25:02.0910 5376 volmgrx - ok
10:25:02.0941 5376 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
10:25:02.0957 5376 volsnap - ok
10:25:02.0988 5376 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
10:25:03.0035 5376 vsmraid - ok
10:25:03.0081 5376 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
10:25:03.0175 5376 VSS - ok
10:25:03.0237 5376 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
10:25:03.0284 5376 vwifibus - ok
10:25:03.0331 5376 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
10:25:03.0362 5376 vwififlt - ok
10:25:03.0409 5376 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
10:25:03.0425 5376 vwifimp - ok
10:25:03.0471 5376 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
10:25:03.0534 5376 W32Time - ok
10:25:03.0565 5376 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
10:25:03.0596 5376 WacomPen - ok
10:25:03.0627 5376 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
10:25:03.0674 5376 WANARP - ok
10:25:03.0674 5376 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
10:25:03.0721 5376 Wanarpv6 - ok
10:25:03.0783 5376 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
10:25:04.0064 5376 WatAdminSvc - ok
10:25:04.0126 5376 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
10:25:04.0236 5376 wbengine - ok
10:25:04.0251 5376 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
10:25:04.0282 5376 WbioSrvc - ok
10:25:04.0360 5376 WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll
10:25:04.0423 5376 WcesComm - ok
10:25:04.0438 5376 wcncsvc (d0f88aa11ee1a62bcc6d6a8a7783ca11) C:\Windows\System32\wcncsvc.dll
10:25:04.0501 5376 wcncsvc - ok
10:25:04.0532 5376 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
10:25:04.0579 5376 WcsPlugInService - ok
10:25:04.0641 5376 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
10:25:04.0672 5376 Wd - ok
10:25:04.0688 5376 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
10:25:04.0719 5376 Wdf01000 - ok
10:25:04.0750 5376 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
10:25:04.0797 5376 WdiServiceHost - ok
10:25:04.0797 5376 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
10:25:04.0828 5376 WdiSystemHost - ok
10:25:04.0844 5376 WebClient (d87c7d2c517f82a5ab7a73e203063d9e) C:\Windows\System32\webclnt.dll
10:25:04.0875 5376 WebClient - ok
10:25:04.0906 5376 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
10:25:04.0938 5376 Wecsvc - ok
10:25:04.0969 5376 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
10:25:05.0016 5376 wercplsupport - ok
10:25:05.0047 5376 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
10:25:05.0094 5376 WerSvc - ok
10:25:05.0140 5376 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
10:25:05.0187 5376 WfpLwf - ok
10:25:05.0218 5376 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
10:25:05.0234 5376 WIMMount - ok
10:25:05.0343 5376 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
10:25:05.0421 5376 WinDefend - ok
10:25:05.0421 5376 WinHttpAutoProxySvc - ok
10:25:05.0608 5376 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
10:25:05.0686 5376 Winmgmt - ok
10:25:05.0874 5376 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
10:25:05.0998 5376 WinRM - ok
10:25:06.0201 5376 WinUsb (b5ba3cc19d00f2eba92f1cfbebb5d650) C:\Windows\system32\DRIVERS\WinUSB.sys
10:25:06.0279 5376 WinUsb - ok
10:25:06.0388 5376 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
10:25:06.0482 5376 Wlansvc - ok
10:25:06.0622 5376 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:25:06.0669 5376 WmiAcpi - ok
10:25:06.0763 5376 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
10:25:06.0841 5376 wmiApSrv - ok
10:25:06.0934 5376 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
10:25:07.0090 5376 WMPNetworkSvc - ok
10:25:07.0262 5376 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
10:25:07.0309 5376 WPCSvc - ok
10:25:07.0371 5376 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
10:25:07.0433 5376 WPDBusEnum - ok
10:25:07.0511 5376 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
10:25:07.0574 5376 ws2ifsl - ok
10:25:07.0636 5376 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
10:25:07.0699 5376 wscsvc - ok
10:25:07.0714 5376 WSearch - ok
10:25:07.0792 5376 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
10:25:08.0167 5376 wuauserv - ok
10:25:08.0494 5376 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
10:25:08.0556 5376 WudfPf - ok
10:25:08.0712 5376 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:25:08.0775 5376 WUDFRd - ok
10:25:08.0837 5376 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
10:25:08.0946 5376 wudfsvc - ok
10:25:09.0040 5376 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
10:25:09.0071 5376 WwanSvc - ok
10:25:09.0134 5376 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:25:15.0966 5376 \Device\Harddisk0\DR0 - ok
10:25:15.0997 5376 Boot (0x1200) (ef0dcb9b071df7ff0815c5308900cd5a) \Device\Harddisk0\DR0\Partition0
10:25:15.0997 5376 \Device\Harddisk0\DR0\Partition0 - ok
10:25:15.0997 5376 Boot (0x1200) (9c7364bf071c446f8e85ca6430300a07) \Device\Harddisk0\DR0\Partition1
10:25:16.0013 5376 \Device\Harddisk0\DR0\Partition1 - ok
10:25:16.0013 5376 ============================================================
10:25:16.0013 5376 Scan finished
10:25:16.0013 5376 ============================================================
10:25:16.0028 5368 Detected object count: 5
10:25:16.0028 5368 Actual detected object count: 5
10:25:45.0759 5368 aaLogger ( UnsignedFile.Multi.Generic ) - skipped by user
10:25:45.0759 5368 aaLogger ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:25:45.0759 5368 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
10:25:45.0759 5368 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:25:45.0774 5368 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
10:25:45.0774 5368 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:25:45.0774 5368 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:25:45.0774 5368 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:25:45.0774 5368 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:25:45.0774 5368 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

OTL logs:

OTL logfile created on: 4/23/2012 10:27:47 AM - Run 2
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\rmrnt\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 54.83% Memory free
3.86 Gb Paging File | 2.76 Gb Available in Paging File | 71.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.58 Gb Total Space | 199.49 Gb Free Space | 85.77% Space Free | Partition Type: NTFS
Drive D: | 300.00 Mb Total Space | 275.22 Mb Free Space | 91.74% Space Free | Partition Type: NTFS
Drive G: | 300.00 Gb Total Space | 17.32 Gb Free Space | 5.77% Space Free | Partition Type: NTFS
Drive H: | 300.00 Gb Total Space | 17.32 Gb Free Space | 5.77% Space Free | Partition Type: NTFS
Drive Q: | 300.00 Gb Total Space | 17.32 Gb Free Space | 5.77% Space Free | Partition Type: NTFS

Computer Name: 77SY4Q1 | User Name: rmrnt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/23 10:19:33 | 002,072,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\rmrnt\Desktop\tdsskiller.exe
PRC - [2012/04/20 10:56:13 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\rmrnt\Desktop\OTL.exe
PRC - [2011/08/03 09:23:54 | 000,828,944 | ---- | M] (GlavSoft LLC.) -- C:\Program Files\TightVNC\tvnserver.exe
PRC - [2011/07/16 00:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/08/24 16:54:34 | 001,458,032 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
PRC - [2010/08/24 16:51:50 | 000,388,464 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
PRC - [2010/08/11 10:26:32 | 000,031,624 | ---- | M] (IBM Corp) -- C:\Notes\nslsvice.exe
PRC - [2010/08/11 10:26:10 | 003,417,480 | ---- | M] (IBM) -- C:\Notes\nsd.exe
PRC - [2010/08/11 10:24:46 | 000,046,472 | ---- | M] (IBM Corp) -- C:\Notes\nlogasio.exe
PRC - [2010/07/28 12:45:12 | 000,727,664 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010/04/30 20:20:52 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2010/04/30 20:20:50 | 000,278,528 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/04/30 20:20:50 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2010/04/30 20:20:50 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2010/04/30 20:20:48 | 000,495,711 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/04/30 20:20:48 | 000,229,461 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\stacsv.exe
PRC - [2010/04/30 20:20:44 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\AEstSrv.exe
PRC - [2010/04/14 09:13:24 | 000,263,536 | ---- | M] (SAP AG) -- C:\Program Files\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
PRC - [2010/04/14 09:13:24 | 000,226,672 | ---- | M] (SAP AG) -- C:\Program Files\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe
PRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/18 05:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CCM\CcmExec.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/06/03 14:38:06 | 000,229,446 | ---- | M] (Invensys Systems, Inc.) -- C:\Program Files\Common Files\ArchestrA\aaLogger.exe
PRC - [2008/10/14 19:45:23 | 000,126,976 | ---- | M] (Captaris, Inc.) -- C:\Program Files\RightFax\Client\FAXCTRL.exe
PRC - [2008/07/11 07:05:00 | 000,226,592 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2008/07/11 01:02:10 | 000,328,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2007/05/31 16:21:28 | 000,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdcBase.exe
PRC - [2003/08/05 18:29:24 | 000,029,912 | ---- | M] (International Business Machines Corporation) -- C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
PRC - [2003/08/05 18:27:40 | 000,193,752 | ---- | M] (International Business Machines Corporation) -- C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe


========== Modules (No Company Name) ==========

MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/07/28 12:45:12 | 000,727,664 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe


========== Win32 Services (SafeList) ==========

SRV - [2011/08/03 09:23:54 | 000,828,944 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files\TightVNC\tvnserver.exe -- (tvnserver)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/09/13 17:47:10 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/08/24 16:51:50 | 000,388,464 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2010/08/11 10:26:32 | 000,031,624 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Notes\nslsvice.exe -- (Lotus Notes Single Logon)
SRV - [2010/08/11 10:26:10 | 003,417,480 | ---- | M] (IBM) [Auto | Running] -- C:\Notes\nsd.exe -- (Lotus Notes Diagnostics)
SRV - [2010/04/30 20:20:48 | 000,229,461 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\stacsv.exe -- (STacSV)
SRV - [2010/04/30 20:20:44 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\AEstSrv.exe -- (AESTFilters)
SRV - [2010/04/14 09:13:24 | 000,263,536 | ---- | M] (SAP AG) [Auto | Running] -- C:\Program Files\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe -- (NWSAPAutoWorkstationUpdateSvc)
SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/02/09 17:34:44 | 001,431,440 | ---- | M] (Acresso Software Inc.) [Auto | Stopped] -- C:\Program Files\ArchestrA\License Server\lmgrd.exe -- (ArchestrA License Server)
SRV - [2009/09/18 05:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 05:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/03 14:38:06 | 000,229,446 | ---- | M] (Invensys Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArchestrA\aaLogger.exe -- (aaLogger)
SRV - [2008/07/11 07:05:00 | 000,226,592 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2008/07/11 01:02:10 | 000,328,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2003/08/05 18:29:24 | 000,029,912 | ---- | M] (International Business Machines Corporation) [Auto | Running] -- C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe -- (DB2NTSECSERVER)
SRV - [2003/08/05 18:27:40 | 000,193,752 | ---- | M] (International Business Machines Corporation) [Auto | Running] -- C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe -- (DB2JDS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\rmrnt\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/04/23 10:23:23 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3D3AB3B5-1FAE-47E0-B3CB-FA73029976A3}\MpKslb0f8803d.sys -- (MpKslb0f8803d)
DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/07/14 00:42:24 | 006,814,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel®
DRV - [2010/07/09 10:41:42 | 000,043,888 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelern.sys -- (Acceler)
DRV - [2010/07/09 10:41:34 | 000,017,648 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\stdcfltn.sys -- (stdcfltn)
DRV - [2010/04/30 20:21:00 | 000,209,920 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV - [2010/04/30 20:20:54 | 000,214,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel®
DRV - [2010/04/30 20:20:50 | 000,239,664 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2010/04/30 20:20:50 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/04/30 20:20:50 | 000,048,640 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2010/04/30 20:20:50 | 000,047,616 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2010/04/30 20:20:50 | 000,038,912 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2010/04/30 20:20:50 | 000,033,832 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2010/04/30 20:20:48 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/03/23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/09/18 05:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/09/10 23:00:12 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 19:28:49 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netvsc60.sys -- (netvsc)
DRV - [2009/07/13 19:28:48 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusVideoM.sys -- (SynthVid)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008/07/11 07:05:00 | 000,092,712 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\sentinel.sys -- (Sentinel)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://domino.milliken.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://domino.milliken.com/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2011/12/02 11:54:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rmrnt\AppData\Roaming\mozilla\Extensions

O1 HOSTS File: ([2012/04/23 09:59:01 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4 - HKLM..\Run: [IBM Lotus Notes Preloader] C:\Notes\nntspreld.exe (IBM Corp)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RightFAX Print-to-Fax Driver] C:\Program Files\RightFax\Client\FAXCTRL.exe (Captaris, Inc.)
O4 - HKLM..\Run: [SAP_WUS_UNT] C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe (SAP AG)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseDefaultTile = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: lrn.com ([milliken-lcec] http in Trusted sites)
O15 - HKLM\..Trusted Domains: lrn.com ([milliken-lcec] https in Trusted sites)
O15 - HKLM\..Trusted Domains: lrn.com ([milliken-lcec.course] http in Trusted sites)
O15 - HKLM\..Trusted Domains: milliken.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: lrn.com ([milliken-lcec] http in Trusted sites)
O15 - HKCU\..Trusted Domains: lrn.com ([milliken-lcec] https in Trusted sites)
O15 - HKCU\..Trusted Domains: lrn.com ([milliken-lcec.course] http in Trusted sites)
O15 - HKCU\..Trusted Domains: milliken.com ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range16 ([http] in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://10.146.20.55/activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 169.146.20.2 169.146.229.31 169.146.229.32
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = milliken.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9BEB4BD6-0427-4015-9BF3-C3B3D1D237AF}: DhcpNameServer = 169.146.20.2 169.146.229.31 169.146.229.32
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/23 10:24:05 | 000,098,992 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\00146047.sys
[2012/04/23 10:21:58 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/23 10:19:23 | 002,072,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\rmrnt\Desktop\tdsskiller.exe
[2012/04/23 10:17:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/23 10:17:12 | 000,000,000 | ---D | C] -- C:\Users\rmrnt\AppData\Local\temp
[2012/04/23 09:11:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/23 09:11:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/23 09:11:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/23 09:09:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/23 09:09:50 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/23 09:07:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/23 09:05:10 | 004,472,002 | R--- | C] (Swearware) -- C:\Users\rmrnt\Desktop\ComboFix.exe
[2012/04/20 13:51:05 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\rmrnt\Desktop\aswMBR.exe
[2012/04/20 13:46:53 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\rmrnt\Desktop\unhide.exe
[2012/04/20 13:43:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/20 10:56:09 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\rmrnt\Desktop\OTL.exe
[2012/04/20 09:30:46 | 000,000,000 | ---D | C] -- C:\Users\rmrnt\AppData\Roaming\Malwarebytes
[2012/04/20 09:30:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/20 09:30:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/20 09:30:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/20 09:17:33 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/04/19 08:48:49 | 000,000,000 | ---D | C] -- C:\Users\rmrnt\AppData\Roaming\smkits
[2012/04/08 11:05:40 | 000,000,000 | ---D | C] -- C:\Users\rmrnt\Desktop\Projects
[2012/03/24 17:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/03/24 17:45:23 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/03/24 17:45:23 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/03/24 17:45:23 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

========== Files - Modified Within 30 Days ==========

[2012/04/23 10:30:32 | 000,016,384 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/23 10:30:32 | 000,016,384 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/23 10:24:05 | 000,098,992 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\00146047.sys
[2012/04/23 10:24:01 | 000,000,461 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2012/04/23 10:23:32 | 000,000,220 | ---- | M] () -- C:\Windows\tasks\MoveOU.job
[2012/04/23 10:23:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/23 10:23:02 | 1552,281,600 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/23 10:19:33 | 002,072,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\rmrnt\Desktop\tdsskiller.exe
[2012/04/23 09:59:01 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/04/23 09:05:22 | 004,472,002 | R--- | M] (Swearware) -- C:\Users\rmrnt\Desktop\ComboFix.exe
[2012/04/22 21:44:34 | 000,108,703 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/04/20 14:02:49 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\rmrnt\Desktop\aswMBR.exe
[2012/04/20 13:46:55 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\rmrnt\Desktop\unhide.exe
[2012/04/20 10:56:13 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\rmrnt\Desktop\OTL.exe
[2012/04/20 09:30:13 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/20 09:17:46 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/04/18 15:07:09 | 000,000,832 | ---- | M] () -- C:\Users\rmrnt\Desktop\Postdye Fallout Lite SAP.accdb - Shortcut.lnk
[2012/04/12 12:01:16 | 000,672,932 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/12 12:01:16 | 000,126,840 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/24 17:45:18 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/03/24 17:45:18 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/03/24 17:45:18 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/03/24 17:45:17 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

========== Files Created - No Company Name ==========

[2012/04/23 09:11:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/23 09:11:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/23 09:11:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/23 09:11:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/23 09:11:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/20 13:50:03 | 000,002,030 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk
[2012/04/20 13:50:03 | 000,001,990 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/04/20 13:50:03 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/04/20 13:50:03 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/04/20 13:50:03 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/04/20 13:50:03 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/04/20 13:50:03 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/04/20 13:50:03 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/20 13:50:02 | 000,001,933 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Forefront Endpoint Protection 2010.lnk
[2012/04/20 09:17:46 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/04/18 15:07:09 | 000,000,832 | ---- | C] () -- C:\Users\rmrnt\Desktop\Postdye Fallout Lite SAP.accdb - Shortcut.lnk
[2012/02/29 22:38:52 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini
[2011/10/20 14:20:04 | 000,000,000 | ---- | C] () -- C:\Windows\aaLicView.INI
[2011/10/17 16:35:09 | 000,000,093 | ---- | C] () -- C:\Users\rmrnt\AppData\Local\fusioncache.dat
[2011/06/22 22:55:52 | 000,000,461 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2011/04/20 13:39:52 | 000,108,703 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/11/05 21:50:22 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/11/05 21:50:22 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/11/05 21:50:21 | 000,870,544 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2010/11/05 21:50:21 | 000,127,896 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2010/11/05 21:50:21 | 000,051,068 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2010/11/05 21:50:21 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/11/05 21:50:21 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/11/05 18:10:19 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/11/04 15:13:32 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2010/09/13 15:26:59 | 000,278,528 | ---- | C] () -- C:\Windows\System32\nthtapi.dll
[2010/09/13 15:26:59 | 000,075,264 | ---- | C] () -- C:\Windows\System32\pbnote60.dll
[2010/09/13 15:25:17 | 000,000,187 | ---- | C] () -- C:\Windows\PVS.INI
[2010/09/13 15:24:47 | 000,000,247 | ---- | C] () -- C:\Windows\npd.ini
[2010/09/13 15:24:06 | 000,000,553 | ---- | C] () -- C:\Windows\ENV.INI
[2010/09/13 15:23:18 | 000,000,393 | ---- | C] () -- C:\Windows\mfs.ini
[2010/09/13 15:22:54 | 000,000,715 | ---- | C] () -- C:\Windows\rmrebate.ini
[2010/09/13 15:22:21 | 000,000,279 | ---- | C] () -- C:\Windows\PURCHORD.INI
[2010/09/13 15:21:55 | 000,000,109 | ---- | C] () -- C:\Windows\coststd.ini
[2010/09/13 15:21:17 | 000,000,410 | ---- | C] () -- C:\Windows\FPA.INI
[2010/09/13 15:19:47 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/09/13 15:14:55 | 000,000,000 | ---- | C] () -- C:\Windows\gigen.INI
[2010/09/13 15:03:31 | 000,000,220 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/09/13 15:01:18 | 000,000,369 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/09/13 14:44:13 | 000,004,685 | ---- | C] () -- C:\Windows\saplogon.ini
[2010/09/13 14:44:12 | 000,000,362 | ---- | C] () -- C:\Windows\sapmsg.ini
[2010/09/13 14:38:28 | 000,095,744 | ---- | C] () -- C:\Windows\System32\h5rtf32.dll
[2010/09/13 14:38:28 | 000,051,200 | ---- | C] () -- C:\Windows\System32\h5tool32.dll
[2010/09/13 14:38:27 | 001,064,960 | ---- | C] () -- C:\Windows\System32\h5krnl32.dll
[2010/09/13 14:38:27 | 000,188,928 | ---- | C] () -- C:\Windows\System32\h5icon32.dll
[2010/09/13 14:38:27 | 000,175,616 | ---- | C] () -- C:\Windows\System32\h5menu32.dll
[2010/09/13 13:53:03 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2010/11/04 13:17:15 | 000,000,000 | ---D | M] -- C:\Users\rmrnt\AppData\Roaming\Adobe
[2011/10/20 14:22:53 | 000,000,000 | ---D | M] -- C:\Users\rmrnt\AppData\Roaming\ArchestrA
[2009/07/14 00:54:12 | 000,000,000 | ---D | M] -- C:\Users\rmrnt\AppData\Roaming\Identities
[2010/09/13 14:52:30 | 000,000,000 | ---D | M] -- C:\Users\rmrnt\AppData\Roaming\Macromedia
[2012/04/20 09:30:46 | 000,000,000 | ---D | M] -- C:\Users\rmrnt\AppData\Roaming\Malwarebytes
[2011/09/24 08:02:37 | 000,000,000 | ---D | M] -- C:\Users\rmrnt\AppData\Roaming\Media Player Classic
[2012/03/29 09:06:34 | 000,000,000 | --SD | M] -- C:\Users\rmrnt\AppData\Roaming\Microsoft
[2011/12/02 11:54:56 | 000,000,000 | ---D | M] -- C:\Users\rmrnt\AppData\Roaming\Mozilla
[2012/04/18 12:39:13 | 000,000,000 | ---D | M] -- C:\Users\rmrnt\AppData\Roaming\SAP
[2012/04/19 08:48:49 | 000,000,000 | ---D | M] -- C:\Users\rmrnt\AppData\Roaming\smkits

< MD5 for: ATAPI.SYS >
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_6acd47459c3a74fb\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_dda2ecda9bf2e50d\atapi.sys

< MD5 for: EXPLORER.EXE >
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/12/16 04:03:08 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/12/16 04:03:08 | 000,673,048 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/12/16 04:03:08 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/12/16 04:03:08 | 000,673,048 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 21:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2009/07/13 21:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2009/07/13 21:15:20 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\expsrv.dll
[2011/03/11 01:40:24 | 001,137,664 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\mfc42.dll
[2010/04/14 09:13:12 | 001,355,776 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msvbvm50.dll
[2009/07/13 21:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msvbvm60.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\MpNWMon.sys

< >

< End of report >


OTL Extras logfile created on: 4/23/2012 10:27:47 AM - Run 2
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\rmrnt\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 54.83% Memory free
3.86 Gb Paging File | 2.76 Gb Available in Paging File | 71.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.58 Gb Total Space | 199.49 Gb Free Space | 85.77% Space Free | Partition Type: NTFS
Drive D: | 300.00 Mb Total Space | 275.22 Mb Free Space | 91.74% Space Free | Partition Type: NTFS
Drive G: | 300.00 Gb Total Space | 17.32 Gb Free Space | 5.77% Space Free | Partition Type: NTFS
Drive H: | 300.00 Gb Total Space | 17.32 Gb Free Space | 5.77% Space Free | Partition Type: NTFS
Drive Q: | 300.00 Gb Total Space | 17.32 Gb Free Space | 5.77% Space Free | Partition Type: NTFS

Computer Name: 77SY4Q1 | User Name: rmrnt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 522

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"DoNotAllowExceptions" = 0
"DefaultInboundAction" = 1
"DisableNotifications" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\Attachmate\E!E2K\Extra.exe:*:Enabled:Attachmate Extra! - E!E2K\extra.exe" = %ProgramFiles%\Attachmate\E!E2K\Extra.exe:*:Enabled:Attachmate Extra! - E!E2K\extra.exe
"%ProgramFiles%\E!PC\EXTRA.EXE:*:Enabled:Attachmate Extra! - E!PC\extra.exe" = %ProgramFiles%\E!PC\EXTRA.EXE:*:Enabled:Attachmate Extra! - E!PC\extra.exe -- (Attachmate Corporation)
"%ProgramFiles%\TightVNC\tvnserver.exe:169.146.0.0/16,10.1.0.0/16,10.2.0.0/16,10.5.0.0/16,10.8.0.0/16:Enabled:TightVNC Server" = %ProgramFiles%\TightVNC\tvnserver.exe:169.146.0.0/16,10.1.0.0/16,10.2.0.0/16,10.5.0.0/16,10.8.0.0/16:Enabled:TightVNC Server -- (GlavSoft LLC.)
"%ProgramFiles%\TightVNC\vncviewer.exe:169.146.0.0/16,10.1.0.0/16,10.2.0.0/16,10.5.0.0/16,10.8.0.0/16:Enabled:TightVNC Viewer" = %ProgramFiles%\TightVNC\vncviewer.exe:169.146.0.0/16,10.1.0.0/16,10.2.0.0/16,10.5.0.0/16,10.8.0.0/16:Enabled:TightVNC Viewer
"%ProgramFiles(x86)%\Attachmate\E!E2K\Extra.exe:*:Enabled:Attachmate Extra! - E!E2K\extra.exe" = %ProgramFiles(x86)%\Attachmate\E!E2K\Extra.exe:*:Enabled:Attachmate Extra! - E!E2K\extra.exe
"%ProgramFiles(x86)%\E!PC\EXTRA.EXE:*:Enabled:Attachmate Extra! - E!PC\extra.exe" = %ProgramFiles(x86)%\E!PC\EXTRA.EXE:*:Enabled:Attachmate Extra! - E!PC\extra.exe
"%ProgramFiles(x86)%\TightVNC\tvnserver.exe:169.146.0.0/16,10.1.0.0/16,10.2.0.0/16,10.8.0.0/16:Enabled:TightVNC Server" = %ProgramFiles(x86)%\TightVNC\tvnserver.exe:169.146.0.0/16,10.1.0.0/16,10.2.0.0/16,10.8.0.0/16:Enabled:TightVNC Server
"%ProgramFiles(x86)%\TightVNC\vncviewer.exe:169.146.0.0/16,10.1.0.0/16,10.2.0.0/16,10.8.0.0/16:Enabled:TightVNC Viewer" = %ProgramFiles(x86)%\TightVNC\vncviewer.exe:169.146.0.0/16,10.1.0.0/16,10.2.0.0/16,10.8.0.0/16:Enabled:TightVNC Viewer
"%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player" = %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player
"%SystemDrive%\DocuPACT\Common files\IICLIENT.exe:*:Enabled:Docupact - iiClient.exe" = %SystemDrive%\DocuPACT\Common files\IICLIENT.exe:*:Enabled:Docupact - iiClient.exe
"%SystemDrive%\WIN32APP\XCURSION\x86\wxserver.exe:*:Enabled:eXcursion Server - wxserver.exe" = %SystemDrive%\WIN32APP\XCURSION\x86\wxserver.exe:*:Enabled:eXcursion Server - wxserver.exe
"%windir%\PCHealth\Helpctr\Binaries\Helpsvc.exe:*:Enabled:SMS Helper - Helpsvc.exe" = %windir%\PCHealth\Helpctr\Binaries\Helpsvc.exe:*:Enabled:SMS Helper - Helpsvc.exe
"%windir%\System32\msra.exe:169.146.0.0/16,10.1.0.0/16,10.2.0.0/16,10.8.0.0/16:Enabled:Remote Assistance - msra.exe" = %windir%\System32\msra.exe:169.146.0.0/16,10.1.0.0/16,10.2.0.0/16,10.8.0.0/16:Enabled:Remote Assistance - msra.exe -- (Microsoft Corporation)
"%windir%\System32\r_server.exe:169.146.0.0/16,10.1.0.0/16,10.2.0.0/16,10.8.0.0/16:Enabled:Remote Administrator Server - r_server.exe" = %windir%\System32\r_server.exe:169.146.0.0/16,10.1.0.0/16,10.2.0.0/16,10.8.0.0/16:Enabled:Remote Administrator Server - r_server.exe
"%windir%\System32\raserver.exe:169.146.0.0/16,10.1.0.0/16,10.2.0.0/16,10.8.0.0/16:Enabled:Remote Assistance - raserver.exe" = %windir%\System32\raserver.exe:169.146.0.0/16,10.1.0.0/16,10.2.0.0/16,10.8.0.0/16:Enabled:Remote Assistance - raserver.exe -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"1022:TCP:*:Enabled:1022 - Ricoh and Lanier Copier/Scanner" = 1022:TCP:*:Enabled:1022 - Ricoh and Lanier Copier/Scanner
"2701:TCP:*:Enabled:2701 - SMS General" = 2701:TCP:*:Enabled:2701 - SMS General
"2702:TCP:*:Enabled:2702 - SMS Remote" = 2702:TCP:*:Enabled:2702 - SMS Remote
"2703:TCP:*:Enabled:2703 - SMS Chat" = 2703:TCP:*:Enabled:2703 - SMS Chat
"2704:TCP:*:Enabled:2704 - SMS File Transfer" = 2704:TCP:*:Enabled:2704 - SMS File Transfer
"5656:TCP:*:Enabled:5656 - Sametime File Transfer" = 5656:TCP:*:Enabled:5656 - Sametime File Transfer
"62515:UDP:169.146.0.0/16,10.0.0.0/8,127.0.0.0/8,localsubnet:Enabled:62515 - Cisco VPN Client" = 62515:UDP:169.146.0.0/16,10.0.0.0/8,127.0.0.0/8,localsubnet:Enabled:62515 - Cisco VPN Client
"9876:TCP:*:Enabled:9876 - Acronis Backup" = 9876:TCP:*:Enabled:9876 - Acronis Backup
"135:TCP:169.146.0.0/16,10.1.0.0/16,10.2.0.0/16,10.5.0.0/16,10.8.0.0/16:Enabled:135 - Remote Assistance" = 135:TCP:169.146.0.0/16,10.1.0.0/16,10.2.0.0/16,10.5.0.0/16,10.8.0.0/16:Enabled:135 - Remote Assistance
"1523:TCP:*:Enabled:1523 - Conerstone" = 1523:TCP:*:Enabled:1523 - Conerstone

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 0
"AllowOutboundSourceQuench" = 0
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 1
"AllowInboundRouterRequest" = 0
"AllowOutboundTimeExceeded" = 0
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 0
"AllowInboundMaskRequest" = 0
"AllowOutboundPacketTooBig" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" = 169.146.0.0/16,10.1.0.0/16,10.2.0.0/16,10.8.0.0/16

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = *

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = 169.146.0.0/16,10.1.0.0/16,10.2.0.0/16,10.8.0.0/16

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"FPS-ICMP6-ERQ-In-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|[email protected],-28545|[email protected],-28547|[email protected],-28502|
"FPS-ICMP4-ERQ-In-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|[email protected],-28543|[email protected],-28547|[email protected],-28502|
"WMI-ASYNC-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LA4=169.146.0.0/255.255.0.0|LA4=10.1.0.0/255.255.0.0|LA4=10.2.0.0/255.255.0.0|LA4=10.5.0.0/255.255.0.0|LA4=10.8.0.0/255.255.0.0|RA4=LocalSubnet|RA6=LocalSubnet|RA4=169.146.0.0/255.255.0.0|RA4=10.1.0.0/255.255.0.0|RA4=10.2.0.0/255.255.0.0|RA4=10.5.0.0/255.255.0.0|RA4=10.8.0.0/255.255.0.0|App=%systemroot%\system32\wbem\unsecapp.exe|[email protected],-34256|[email protected],-34257|[email protected],-34251|
"WMI-WINMGMT-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34254|[email protected],-34255|[email protected],-34251|Security=Authenticate|
"WMI-RPCSS-In-TCP" = [String data over 1000 bytes]
"WMI-ASYNC-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LA4=169.146.0.0/255.255.0.0|LA4=10.1.0.0/255.255.0.0|LA4=10.2.0.0/255.255.0.0|LA4=10.5.0.0/255.255.0.0|LA4=10.8.0.0/255.255.0.0|RA4=169.146.0.0/255.255.0.0|RA4=10.1.0.0/255.255.0.0|RA4=10.2.0.0/255.255.0.0|RA4=10.5.0.0/255.255.0.0|RA4=10.8.0.0/255.255.0.0|App=%systemroot%\system32\wbem\unsecapp.exe|[email protected],-34256|[email protected],-34257|[email protected],-34251|
"WMI-WINMGMT-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34254|[email protected],-34255|[email protected],-34251|Security=Authenticate|
"WMI-RPCSS-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|LA4=169.146.0.0/255.255.0.0|LA4=10.1.0.0/255.255.0.0|LA4=10.2.0.0/255.255.0.0|LA4=10.5.0.0/255.255.0.0|LA4=10.8.0.0/255.255.0.0|RA4=169.146.0.0/255.255.0.0|RA4=10.1.0.0/255.255.0.0|RA4=10.2.0.0/255.255.0.0|RA4=10.5.0.0/255.255.0.0|RA4=10.8.0.0/255.255.0.0|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|[email protected],-34252|[email protected],-34253|[email protected],-34251|
"{0C14D56D-A2FB-43DB-84F7-7E2541FE4E99}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|App=C:\program files\eurotherm\series6000\runtime\bin\jrew.exe|Name=EuroChem - SiVance|

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile]
"DoNotAllowExceptions" = 0
"DefaultInboundAction" = 1
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile]
"DoNotAllowExceptions" = 0
"DefaultInboundAction" = 1
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications\List]
"%ProgramFiles%\TightVNC\tvnserver.exe:169.146.0.0/16,10.1.0.0/16,10.2.0.0/16,10.5.0.0/16,10.8.0.0/16:Enabled:TightVNC Server" = %ProgramFiles%\TightVNC\tvnserver.exe:169.146.0.0/16,10.1.0.0/16,10.2.0.0/16,10.5.0.0/16,10.8.0.0/16:Enabled:TightVNC Server -- (GlavSoft LLC.)
"%ProgramFiles%\TightVNC\vncviewer.exe:169.146.0.0/16,10.1.0.0/16,10.2.0.0/16,10.5.0.0/16,10.8.0.0/16:Enabled:TightVNC Viewer" = %ProgramFiles%\TightVNC\vncviewer.exe:169.146.0.0/16,10.1.0.0/16,10.2.0.0/16,10.5.0.0/16,10.8.0.0/16:Enabled:TightVNC Viewer
"%ProgramFiles(x86)%\TightVNC\tvnserver.exe:169.146.0.0/16,10.1.0.0/16,10.2.0.0/16,10.5.0.0/16,10.8.0.0/16:Enabled:TightVNC Server" = %ProgramFiles(x86)%\TightVNC\tvnserver.exe:169.146.0.0/16,10.1.0.0/16,10.2.0.0/16,10.5.0.0/16,10.8.0.0/16:Enabled:TightVNC Server
"%ProgramFiles(x86)%\TightVNC\vncviewer.exe:169.146.0.0/16,10.1.0.0/16,10.2.0.0/16,10.5.0.0/16,10.8.0.0/16:Enabled:TightVNC Viewer" = %ProgramFiles(x86)%\TightVNC\vncviewer.exe:169.146.0.0/16,10.1.0.0/16,10.2.0.0/16,10.5.0.0/16,10.8.0.0/16:Enabled:TightVNC Viewer
"%windir%\System32\msra.exe:169.146.0.0/16,10.1.0.0/16,10.2.0.0/16,10.5.0.0/16,10.8.0.0/16:Enabled:Remote Assistance - msra.exe" = %windir%\System32\msra.exe:169.146.0.0/16,10.1.0.0/16,10.2.0.0/16,10.5.0.0/16,10.8.0.0/16:Enabled:Remote Assistance - msra.exe -- (Microsoft Corporation)
"%windir%\System32\r_server.exe:169.146.0.0/16,10.1.0.0/16,10.2.0.0/16,10.5.0.0/16,10.8.0.0/16:Enabled:Remote Administrator Server - r_server.exe" = %windir%\System32\r_server.exe:169.146.0.0/16,10.1.0.0/16,10.2.0.0/16,10.5.0.0/16,10.8.0.0/16:Enabled:Remote Administrator Server - r_server.exe
"%windir%\System32\raserver.exe:169.146.0.0/16,10.1.0.0/16,10.2.0.0/16,10.5.0.0/16,10.8.0.0/16:Enabled:Remote Assistance - raserver.exe" = %windir%\System32\raserver.exe:169.146.0.0/16,10.1.0.0/16,10.2.0.0/16,10.5.0.0/16,10.8.0.0/16:Enabled:Remote Assistance - raserver.exe -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts\List]
"62515:UDP:169.146.0.0/16,10.0.0.0/8,127.0.0.0/8,localsubnet:Enabled:62515 - Cisco VPN Client" = 62515:UDP:169.146.0.0/16,10.0.0.0/8,127.0.0.0/8,localsubnet:Enabled:62515 - Cisco VPN Client
"135:TCP:169.146.0.0/16,10.1.0.0/16,10.2.0.0/16,10.5.0.0/16,10.8.0.0/16:Enabled:135 - Remote Assistance" = 135:TCP:169.146.0.0/16,10.1.0.0/16,10.2.0.0/16,10.5.0.0/16,10.8.0.0/16:Enabled:135 - Remote Assistance

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 0
"AllowOutboundSourceQuench" = 0
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 1
"AllowInboundRouterRequest" = 0
"AllowOutboundTimeExceeded" = 0
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 0
"AllowInboundMaskRequest" = 0
"AllowOutboundPacketTooBig" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" = 169.146.0.0/16,10.1.0.0/16,10.2.0.0/16,10.8.0.0/16

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint]
"Enabled" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = 169.146.0.0/16,10.1.0.0/16,10.2.0.0/16,10.8.0.0/16

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\UPnPFramework]
"Enabled" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DefaultInboundAction" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0002E158-98D4-48d2-81A9-AD23D62AB2A5}" = Wonderware Information Server Client Components
"{00400438-D043-43B3-9CD9-2F0158F0AF0D}" = Wonderware Historian Client Japanese Language
"{06374431-03B2-4119-A94C-B54D2CF9C752}" = PVS
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0FB5A600-1B7E-4B40-B50C-59D4A8C3DABC}" = AXIS H.264 Video Decoder
"{139764AD-3B6E-46C9-BFDD-B359D342971F}" = AXIS MPEG-4 Video Decoder
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{217C0907-B08E-4234-BD60-7E19C5D1530C}" = Raw Materials Rebate System
"{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{35758C34-FD40-4345-8DB5-92AB214EBB88}" = NPD Local
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4017F323-33BC-4046-8C3E-B7B08FABD8A6}" = SARA
"{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{516BE4D7-F8E6-49C8-8376-2806FDB1D368}" = Wonderware Historian Client French Language
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6A8E66CE-BF45-4D4B-9471-5BDAC9398F0E}" = SMART
"{6F8E9CEC-7201-44A0-9912-D6F1FFC2B909}" = Wonderware Historian Client German Language
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7807F002-848E-41C8-BCDD-CBEEB6567CEE}" = Purchase Order
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E885332-830B-4C77-8EBD-9ED242FBB4C7}" = Microsoft Forefront Endpoint Protection 2010 Server Management
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{AE4BB00D-3A7E-4EC8-99A0-326BD4B4645C}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A04C0921-0BDC-4DEC-9778-81A934C9FF16}" = SMS Client Setup Bootstrap
"{A47A9101-6EB5-4314-BDA1-297880FBB908}" = Microsoft redistributable runtime DLLs VS2008 SP1(x86)
"{A5A63519-F5C2-4F4A-849A-F28A1AB3D522}" = Sentinel Protection Installer 7.5.0
"{A843F650-DD5C-4EEA-A2DF-36CC3914EB63}" = FPA System
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5676-5A64-900000000003}" = Adobe Reader Extended Language Support Font Pack
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B4183D24-43C7-4E2D-8098-86051EE70889}" = WASTE
"{B6547E13-8C04-4E58-B40E-1583BEFE3D33}" = Wonderware Historian Client
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7F56284-B15F-4481-98D1-5F4673B871DE}" = ArchestrA License Server
"{C8B8C745-D288-41B4-9512-01E397F77449}" = Dell System Manager
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}" = vcredist_x86
"{D7EC8A27-CDA2-46AE-8A26-4104A04FA5BE}" = 32 Bit HP CIO Components Installer
"{E11DFB27-BAF4-46D6-AD76-D5519C0E6786}" = Lotus Notes 8.5.2
"{E60146B0-C083-47BE-BD6B-EFA57AC8D9B1}" = RightFax Product Suite - Client
"{ED18C4AD-BB39-43F7-86BF-E35494FC2D96}" = Wonderware Historian Client Simplified Chinese Language
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{EF8137E6-5F98-4065-843F-8AA738F5FADF}" = AXIS AAC Audio Decoder
"{F1912044-6E08-431E-9B6D-90ED10C0B739}" = DB2 Connect Personal Edition
"{F3739759-70B3-4C8B-B476-9A3FB390B8C8}" = Plant Cost System
"{F92CEDDB-2009-4039-88A6-CF0D85D31F21}" = RightFax Product Suite - Client
"{FFE1764A-2C58-4D21-959D-84489709B933}" = RemoteView Client
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"CutePDF Writer Installation" = CutePDF Writer 2.8
"EXTRA! Personal Client 32-bit" = EXTRA! Personal Client 32-bit
"EXTRA!/RALLY! 6.5 Service Pack" = EXTRA!/RALLY! 6.5 Service Pack
"GPL Ghostscript 8.61" = GPL Ghostscript 8.61
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"InstallShield_{FFE1764A-2C58-4D21-959D-84489709B933}" = RemoteView Client
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.5.0 (Standard)
"Longwatch Video Historian" = Longwatch Video Historian
"Lotus NotesSQL 2.06 driver" = Lotus NotesSQL 2.06 driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Forefront Endpoint Protection 2010
"MQSeries Client" = MQSeries Client
"Ninotech Path Copy" = Ninotech Path Copy 4.0
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"SAP_ECL" = ECL Viewer
"SAP_JNet" = SAP JNet
"SAP_WUS" = SAPSetup Automatic Workstation Update Service
"SAPBI" = SAP Business Explorer
"SAPGUI710" = SAP GUI for Windows 7.20
"TightVNC" = TightVNC 2.0.4
"TVWiz" = Intel® TV Wizard
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"c3bdfcf21f04b315" = Manufacturing Execution System

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >



Event Viewer logs:


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 23/04/2012 11:04:05 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 23/04/2012 3:00:17 PM
Type: Error Category: 0
Event: 1119 Source: Microsoft Antimalware
Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: file:_C:\TDSSKiller_Quarantine\23.04.2012_10.19.47\mbr0000\mbr0000\tsk0001.dta Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Remove Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.125.307.0, AS: 1.125.307.0, NIS: 11.0.0.0 Engine Version: AM: 1.1.8304.0, NIS: 2.0.8001.0

Log: 'System' Date/Time: 23/04/2012 2:50:51 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48} and APPID {B292921D-AF50-400C-9B75-0C57A7F29BA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 23/04/2012 2:50:05 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: cdrom PxHelp20

Log: 'System' Date/Time: 23/04/2012 2:49:58 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The risdpcie service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 23/04/2012 2:49:52 PM
Type: Error Category: 0
Event: 5719 Source: NETLOGON
This computer was not able to set up a secure session with a domain controller in domain MLKNNTP0 due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 23/04/2012 2:50:46 PM
Type: Warning Category: 0
Event: 1085 Source: Microsoft-Windows-GroupPolicy
Windows failed to apply the Group Policy Environment settings. Group Policy Environment settings might have its own log file. Please click on the "More information" link.

Log: 'System' Date/Time: 23/04/2012 2:50:05 PM
Type: Warning Category: 0
Event: 1085 Source: Microsoft-Windows-GroupPolicy
Windows failed to apply the Group Policy Services settings. Group Policy Services settings might have its own log file. Please click on the "More information" link.

Log: 'System' Date/Time: 23/04/2012 2:50:06 PM
Type: Warning Category: 0
Event: 1116 Source: Microsoft Antimalware
Microsoft Antimalware has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: file:_C:\TDSSKiller_Quarantine\23.04.2012_10.19.47\mbr0000\mbr0000\tsk0001.dta Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Signature Version: AV: 1.125.307.0, AS: 1.125.307.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8304.0, NIS: 0.0.0.0

Log: 'System' Date/Time: 23/04/2012 2:50:00 PM
Type: Warning Category: 0
Event: 1085 Source: Microsoft-Windows-GroupPolicy
Windows failed to apply the Group Policy Network Shares settings. Group Policy Network Shares settings might have its own log file. Please click on the "More information" link.

Log: 'System' Date/Time: 23/04/2012 2:49:53 PM
Type: Warning Category: 0
Event: 19 Source: Sentinel
The event description cannot be found.

Log: 'System' Date/Time: 23/04/2012 2:49:48 PM
Type: Warning Category: 0
Event: 27 Source: e1kexpress
Intel® 82577LM Gigabit Network Connection Network link has been disconnected.

Log: 'System' Date/Time: 23/04/2012 2:49:45 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_0A5C&PID_5800&MI_01\7&66de6c9&1&0001.

Log: 'System' Date/Time: 23/04/2012 2:48:39 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 23/04/2012 2:48:39 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv.dll



Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 23/04/2012 11:05:01 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 23/04/2012 2:50:46 PM
Type: Error Category: 2
Event: 8194 Source: Group Policy Environment
The client-side extension could not remove user policy settings for 'Pendleton User Policy {BD751E70-4AAF-41F9-9876-C7E2DF2261FD}' because it failed with error code '0x8007000d The data is invalid.' See trace file for more details.

Log: 'Application' Date/Time: 23/04/2012 2:50:05 PM
Type: Error Category: 2
Event: 8194 Source: Group Policy Services
The client-side extension could not remove computer policy settings for 'Default Computer Group Policy Items {105AA080-8148-4C7A-BBB3-51AD395B76E6}' because it failed with error code '0x8007000d The data is invalid.' See trace file for more details.

Log: 'Application' Date/Time: 23/04/2012 2:50:00 PM
Type: Error Category: 2
Event: 8194 Source: Group Policy Network Shares
The client-side extension could not remove computer policy settings for 'Default Computer Group Policy Items {105AA080-8148-4C7A-BBB3-51AD395B76E6}' because it failed with error code '0x8007000d The data is invalid.' See trace file for more details.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 23/04/2012 2:49:58 PM
Type: Warning Category: 2
Event: 4098 Source: Group Policy Local Users and Groups
The computer '%ComputerName%\Install' preference item in the 'Default Computer Group Policy Items {105AA080-8148-4C7A-BBB3-51AD395B76E6}' Group Policy object did not apply because it failed with error code '0x8007089a The specified username is invalid.' This error was suppressed.

Log: 'Application' Date/Time: 23/04/2012 2:48:35 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 18 user registry handles leaked from \Registry\User\S-1-5-21-1900634312-1620658625-8547516-7086:
Process 1156 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1900634312-1620658625-8547516-7086
Process 944 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1900634312-1620658625-8547516-7086
Process 944 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1900634312-1620658625-8547516-7086
Process 944 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1900634312-1620658625-8547516-7086
Process 944 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1900634312-1620658625-8547516-7086
Process 944 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1900634312-1620658625-8547516-7086\Software\Microsoft\SystemCertificates\TrustedPeople
Process 944 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1900634312-1620658625-8547516-7086\Software\Microsoft\SystemCertificates\trust
Process 944 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1900634312-1620658625-8547516-7086\Software\Microsoft\SystemCertificates\My
Process 944 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1900634312-1620658625-8547516-7086\Software\Microsoft\SystemCertificates\CA
Process 944 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1900634312-1620658625-8547516-7086\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1348 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1900634312-1620658625-8547516-7086\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1348 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1900634312-1620658625-8547516-7086\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 944 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1900634312-1620658625-8547516-7086\Software\Microsoft\SystemCertificates\Root
Process 944 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1900634312-1620658625-8547516-7086\Software\Microsoft\SystemCertificates\Disallowed
Process 944 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1900634312-1620658625-8547516-7086\Software\Policies\Microsoft\SystemCertificates
Process 944 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1900634312-1620658625-8547516-7086\Software\Policies\Microsoft\SystemCertificates
Process 944 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1900634312-1620658625-8547516-7086\Software\Policies\Microsoft\SystemCertificates
Process 944 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1900634312-1620658625-8547516-7086\Software\Policies\Microsoft\SystemCertificates



Let me know if there is anything else I need to do
  • 0

#6
RKinner
Posted 23 April 2012 - 10:04 PM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
It looks like TDSSKiller found something and removed it for us. See if aswMBR will run now.

The OTL scan found a bunch of files that are locked and wouldn't let it check the MD5 checksum. This is always suspicious but it may not mean anything. Try submitting the following files to www.virustotal.com

C:\Windows\system32\dxtmsft.dll
C:\Windows\system32\dxtrans.dll
C:\Windows\system32\expsrv.dll
C:\Windows\system32\mfc42.dll
C:\Windows\system32\msvbvm50.dll
C:\Windows\system32\msvbvm60.dll
C:\Windows\system32\drivers\MpNWMon.sys

Hopefully they will give you a result of 0/43 or so but if not please copy and paste the full report for the file into a reply.
  • 0

#7
Neason
Posted 24 April 2012 - 07:21 AM

Neason

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
They all scanned clean and aswMBR didn't find anything to fix.
  • 0

#8
RKinner
Posted 24 April 2012 - 09:49 AM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
I think we got it all then. I do see a problem with Roxio software so you might uninstall it and reinstall but otherwise it looks good.

You can cleanup:

We need to clean up System Restore.

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]
Run OTL. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again (If you do not run OTL cleanup):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP