Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Is there malware on this computer? [Solved]

Started by echet , Oct 08 2012 11:18 AM

  • This topic is locked This topic is locked

#1
echet
Posted 08 October 2012 - 11:18 AM

echet

    Member

  • Member
  • PipPip
  • 75 posts
Greetings,

A crappy thread title, I know, but it is simply what I am asking. A colleague of mine recently purchased her friend's old laptop and asked me to delete every non-vital software from it. I thought doing a factory restore would be the simplest method, but due to a corrupted backup, non-functional disks and other problems I decided the easy was no longer so easy and I am now doing a manual uninstall of sotware and files and reset of settings.

The computer itself is not misbehaving (except for the refusal to be reset), however the previous owner had an expired anti-virus software, and Limewire was installed and I know that's a recipe for malware. It appears all that was downloaded was music, but you never know. I've scanned with Malwarebytes and found nothing, but I know from experience that a good virus could evade that.

I would like to make sure I return the computer in as close to a new state as possible. If someone could take a look at the OTL log I've posted below and check for any signs of hidden malware, rootkits, etc I would greatly appreciate it.

The laptop is a Dell Inspiron 1545 running Windows Vista 64-bit Home Premium with 2GB RAM.

Thank you



OTL logfile created on: 10/7/2012 4:31:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 0.71 Gb Available Physical Memory | 36.22% Memory free
4.16 Gb Paging File | 2.27 Gb Available in Paging File | 54.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.29 Gb Total Space | 192.96 Gb Free Space | 66.93% Space Free | Partition Type: NTFS
Drive E: | 9.77 Gb Total Space | 3.12 Gb Free Space | 31.93% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/07 16:29:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/07 14:16:42 | 000,690,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
PRC - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/06/03 17:54:56 | 000,446,635 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
PRC - [2008/05/23 16:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/05/07 19:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/05/07 19:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2008/11/20 06:21:12 | 000,031,744 | ---- | M] () [Auto | Start_Pending] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/09/17 01:17:14 | 000,251,904 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_d14bcbef\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/09/17 01:17:02 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_d14bcbef\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2006/11/02 07:16:05 | 000,046,592 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (yksvc)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/07 14:16:45 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2008/07/27 14:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/05/07 19:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/11/12 12:18:12 | 000,040,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btblan.sys -- (Leapfrog-USBLAN)
DRV:64bit: - [2011/06/15 09:10:14 | 000,557,848 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2009/03/19 16:34:18 | 000,029,544 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/12/08 01:32:48 | 000,068,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/11/20 06:20:52 | 000,022,520 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008/10/27 07:21:50 | 001,374,712 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/09/17 04:28:08 | 007,897,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/09/17 01:17:24 | 000,458,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/09/04 01:29:22 | 000,199,728 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/09/03 04:44:22 | 000,307,456 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA009Vid.sys -- (OA009Vid)
DRV:64bit: - [2008/09/03 04:44:22 | 000,168,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA009Ufd.sys -- (OA009Ufd)
DRV:64bit: - [2008/09/01 06:19:24 | 000,392,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008/01/20 22:51:07 | 000,016,384 | ---- | M] () [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=3090114
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=3090114
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.xfinity.c...start_tech_main
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...C6-A8E7E42C6A32
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7DKUS_enUS316
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...&loc=search_box
IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.xfinit...art_tech_search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)


[2010/05/19 21:45:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Extensions
[2010/05/19 21:45:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Extensions\[email protected]

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden File not found
O4 - HKCU..\Run: [Download] "C:\Users\owner\AppData\Local\SupportSoft\ddoctorv2\owner\SSGet.exe" 120 "http://pcmctbc.cmc.m...veInstaller.exe" "EasySolveInstaller.exe" File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.co.../DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A9AB9F4-C516-4AA1-934F-85E475078386}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B24C4648-5852-4575-88DD-BB382A043F1F}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img29.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img29.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/07 16:28:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2012/10/07 13:27:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/09/30 22:32:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Roxio
[2012/09/30 22:32:47 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Roxio
[2012/09/30 15:47:39 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\InstallShield
[2012/09/26 15:44:49 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Innovative Solutions
[2012/09/26 15:18:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/09/26 15:14:14 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/09/25 03:02:28 | 000,000,000 | ---D | C] -- C:\Windows\Standalone System Sweeper
[2012/09/11 14:21:05 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Malwarebytes
[2012/09/11 14:21:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/11 14:21:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/11 14:20:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/11 14:17:32 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\owner\Desktop\mbam-setup-1.65.0.1400.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/07 16:29:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2012/10/07 16:23:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/07 15:13:45 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/07 15:13:45 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/07 15:13:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/07 15:13:32 | 2108,018,688 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/07 15:04:19 | 000,000,146 | ---- | M] () -- C:\Windows\WININIT.INI
[2012/10/07 12:51:31 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{226349F3-EFCC-4D31-84EB-BE4C57573BB0}.job
[2012/09/30 16:03:59 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/30 16:03:59 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/30 16:03:59 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/11 14:21:01 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/11 14:17:37 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\owner\Desktop\mbam-setup-1.65.0.1400.exe
[2012/09/11 13:20:16 | 000,006,144 | ---- | M] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/07 15:04:19 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI
[2012/09/30 14:25:55 | 000,525,792 | ---- | C] () -- C:\Windows\SysNative\difxapi.dll
[2012/09/11 14:21:01 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/11 14:20:59 | 000,025,928 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/16 14:14:12 | 000,000,680 | ---- | C] () -- C:\Users\owner\AppData\Local\d3d9caps.dat
[2009/04/21 22:00:07 | 000,242,813 | ---- | C] () -- C:\Users\owner\AppData\Roaming\UserTile.png
[2009/03/03 15:01:50 | 000,006,144 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2010/10/20 07:43:24 | 000,193,439 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-820331241-3209992572-4191969358-1000\$RKV674M\iTunes Music\P!nk\Greatest Hits...So Far!!!\Greatest Hits...So Far!!! - iTunes.itlp\images\home\N.png
[2006/11/02 11:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2011/01/21 11:56:31 | 012,898,304 | ---- | M] ()
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 11:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/03/03 00:53:36 | 000,891,392 | ---- | M] ()
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/03 00:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 22:50:58 | 000,513,024 | ---- | M] ()
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========


========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
gringo_pr
Posted 08 October 2012 - 04:38 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
echet
Posted 08 October 2012 - 11:43 PM

echet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Hello Gringo. Thanks for helping me. Here are the logs as you requested.


Results of screen317's Security Check version 0.99.51
Windows Vista Service Pack 1 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
Java™ 6 Update 35
Java™ 6 Update 7
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````



# AdwCleaner v2.004 - Logfile created 10/09/2012 at 01:08:07
# Updated 06/10/2012 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 1 (64 bits)
# User : owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\owner\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Users\owner\AppData\Local\Temp\AskSearch

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19088

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [1732 octets] - [09/10/2012 01:08:07]

########## EOF - C:\AdwCleaner[S1].txt - [1792 octets] ##########




RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6001 Service Pack 1) 64 bits version
Started in : Normal mode
User : owner [Admin rights]
Mode : Scan -- Date : 10/09/2012 01:22:28

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Download ("C:\Users\owner\AppData\Local\SupportSoft\ddoctorv2\owner\SSGet.exe" 120 "hxxp://pcmctbc.cmc.motive.com/motivedocs/EasySolveInstaller.exe" "EasySolveInstaller.exe") -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-820331241-3209992572-4191969358-1000[...]\Run : Download ("C:\Users\owner\AppData\Local\SupportSoft\ddoctorv2\owner\SSGet.exe" 120 "hxxp://pcmctbc.cmc.motive.com/motivedocs/EasySolveInstaller.exe" "EasySolveInstaller.exe") -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[SHELL][BLPATH] [ON_E:]HKLM\Software[...]\Winlogon : Shell (cmd.exe /k start cmd.exe) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> E:\windows\system32\config\SOFTWARE
-> E:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS543232L9A300 +++++
--- User ---
[MBR] 2eabacb3d2d34da0cd27e488dbc535c1
[BSP] 4011527ebf3026de28e0ab14c64f0d2c : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 10000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20561920 | Size: 295204 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt






  • 0

#4
gringo_pr
Posted 09 October 2012 - 12:00 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
echet
Posted 09 October 2012 - 08:17 PM

echet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
All scan have executed without any problems. Dell's PC Restore program still doesn't work but I expect that to be beyond repair. There were no noticeable symptoms of infection before, so there still aren't any.

Here is the COmboFix log.

ComboFix 12-10-09.01 - owner 10/09/2012 21:16:32.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2010.666 [GMT -4:00]
Running from: c:\users\owner\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-10 to 2012-10-10 )))))))))))))))))))))))))))))))
.
.
2012-10-10 01:26 . 2012-10-10 01:26 -------- d-----w- c:\users\owner\AppData\Local\temp
2012-10-10 01:26 . 2012-10-10 01:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-10 01:16 . 2012-10-10 01:16 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2510720C-75ED-48E0-A0F8-70C3CF7ACF82}\offreg.dll
2012-10-09 05:40 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2510720C-75ED-48E0-A0F8-70C3CF7ACF82}\mpengine.dll
2012-10-08 19:15 . 2012-10-08 19:15 -------- d-----w- c:\program files\CCleaner
2012-10-01 02:32 . 2012-10-01 02:32 -------- d-----w- c:\programdata\Roxio
2012-10-01 02:32 . 2012-10-01 02:32 -------- d-----w- c:\users\owner\AppData\Roaming\Roxio
2012-09-30 19:47 . 2012-09-30 19:47 -------- d-----w- c:\users\owner\AppData\Roaming\InstallShield
2012-09-30 18:25 . 2006-11-02 12:22 525792 ----a-w- c:\windows\system32\difxapi.dll
2012-09-26 19:44 . 2012-09-26 19:44 -------- d-----w- c:\users\owner\AppData\Local\Innovative Solutions
2012-09-26 19:16 . 2012-09-26 19:15 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-26 19:16 . 2012-09-26 19:15 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-26 19:14 . 2012-09-26 19:14 -------- d-----w- c:\programdata\McAfee
2012-09-25 07:02 . 2012-09-25 07:02 -------- d-----w- c:\windows\Standalone System Sweeper
2012-09-11 18:54 . 2012-09-11 18:55 -------- d-----w- c:\windows\F9D59E62845F49A28B75DDB00661673C.TMP
2012-09-11 18:21 . 2012-09-11 18:21 -------- d-----w- c:\users\owner\AppData\Roaming\Malwarebytes
2012-09-11 18:21 . 2012-09-11 18:21 -------- d-----w- c:\programdata\Malwarebytes
2012-09-11 18:20 . 2012-09-11 18:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-11 18:20 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 19:23 . 2012-09-07 18:16 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-08 19:23 . 2012-09-07 18:16 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-25 20:50 . 2006-11-02 12:35 64462936 ----a-w- c:\windows\system32\mrt.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 250808]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_d14bcbef\AESTSr64.exe [2008-09-17 86016]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-07 19:23]
.
2012-10-10 c:\windows\Tasks\User_Feed_Synchronization-{226349F3-EFCC-4D31-84EB-BE4C57573BB0}.job
- c:\windows\system32\msfeedssync.exe [2011-06-18 04:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-09-04 272896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-17 151064]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-17 209432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-17 181784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-20 3863040]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-30 172032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.xfinity.com/customer/start/?cid=xfstart_tech_main
mStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Desktop Software - c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2012-10-09 21:31:10
ComboFix-quarantined-files.txt 2012-10-10 01:31
.
Pre-Run: 219,687,100,416 bytes free
Post-Run: 220,025,683,968 bytes free
.
- - End Of File - - 5820A42BFC66B87EC7D00B1F135658F3
  • 0

#6
gringo_pr
Posted 09 October 2012 - 08:24 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello


that reports looks pretty good so I want to run these to make sure nothing shows up


tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
  • 0

#7
echet
Posted 09 October 2012 - 10:01 PM

echet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Here you go:


23:31:17.0114 1768 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24

23:31:17.0693 1768 ============================================================

23:31:17.0693 1768 Current date / time: 2012/10/09 23:31:17.0693

23:31:17.0693 1768 SystemInfo:

23:31:17.0693 1768

23:31:17.0693 1768 OS Version: 6.0.6001 ServicePack: 1.0

23:31:17.0693 1768 Product type: Workstation

23:31:17.0693 1768 ComputerName: OWNER-PC

23:31:17.0693 1768 UserName: owner

23:31:17.0693 1768 Windows directory: C:\Windows

23:31:17.0693 1768 System windows directory: C:\Windows

23:31:17.0693 1768 Running under WOW64

23:31:17.0693 1768 Processor architecture: Intel x64

23:31:17.0693 1768 Number of processors: 2

23:31:17.0693 1768 Page size: 0x1000

23:31:17.0693 1768 Boot type: Normal boot

23:31:17.0693 1768 ============================================================

23:31:18.0587 1768 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

23:31:18.0594 1768 ============================================================

23:31:18.0594 1768 \Device\Harddisk0\DR0:

23:31:18.0594 1768 MBR partitions:

23:31:18.0594 1768 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1388000

23:31:18.0594 1768 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x139C000, BlocksNum 0x240922B0

23:31:18.0594 1768 ============================================================

23:31:18.0630 1768 C: <-> \Device\Harddisk0\DR0\Partition2

23:31:18.0694 1768 E: <-> \Device\Harddisk0\DR0\Partition1

23:31:18.0694 1768 ============================================================

23:31:18.0694 1768 Initialize success

23:31:18.0694 1768 ============================================================

23:31:31.0161 3700 ============================================================

23:31:31.0161 3700 Scan started

23:31:31.0161 3700 Mode: Manual;

23:31:31.0161 3700 ============================================================

23:31:31.0974 3700 ================ Scan system memory ========================

23:31:31.0974 3700 System memory - ok

23:31:31.0975 3700 ================ Scan services =============================

23:31:32.0343 3700 [ 8C99ED256A889D647935A97C543B7B85 ] ACPI C:\Windows\system32\drivers\acpi.sys

23:31:32.0349 3700 ACPI - ok

23:31:32.0531 3700 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

23:31:32.0536 3700 AdobeFlashPlayerUpdateSvc - ok

23:31:32.0618 3700 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

23:31:32.0628 3700 adp94xx - ok

23:31:32.0676 3700 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys

23:31:32.0684 3700 adpahci - ok

23:31:32.0725 3700 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys

23:31:32.0728 3700 adpu160m - ok

23:31:32.0763 3700 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

23:31:32.0767 3700 adpu320 - ok

23:31:32.0818 3700 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

23:31:32.0819 3700 AeLookupSvc - ok

23:31:32.0911 3700 [ 05F4262FDBDFAECA7EF9B3F0807508FC ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_d14bcbef\AESTSr64.exe

23:31:32.0913 3700 AESTFilters - ok

23:31:33.0040 3700 [ 9BB97042FA331A0FB4BDD98B9280A50A ] AFD C:\Windows\system32\drivers\afd.sys

23:31:33.0048 3700 AFD - ok

23:31:33.0098 3700 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys

23:31:33.0128 3700 agp440 - ok

23:31:33.0178 3700 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys

23:31:33.0181 3700 aic78xx - ok

23:31:33.0216 3700 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe

23:31:33.0219 3700 ALG - ok

23:31:33.0279 3700 [ 9544C2C55541C0C6BFD7B489D0E7D430 ] aliide C:\Windows\system32\drivers\aliide.sys

23:31:33.0280 3700 aliide - ok

23:31:33.0309 3700 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys

23:31:33.0310 3700 amdide - ok

23:31:33.0357 3700 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

23:31:33.0359 3700 AmdK8 - ok

23:31:33.0409 3700 [ 8C85C812569DF851E7A2159147323DFA ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys

23:31:33.0422 3700 ApfiltrService - ok

23:31:33.0463 3700 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll

23:31:33.0465 3700 Appinfo - ok

23:31:33.0534 3700 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys

23:31:33.0537 3700 arc - ok

23:31:33.0577 3700 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys

23:31:33.0579 3700 arcsas - ok

23:31:33.0626 3700 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

23:31:33.0627 3700 AsyncMac - ok

23:31:33.0673 3700 [ F988BB0690CD660318037908E9B8DBF7 ] atapi C:\Windows\system32\drivers\atapi.sys

23:31:33.0674 3700 atapi - ok

23:31:33.0740 3700 [ 2A54B6A48AB6D2166271B05E9469326E ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

23:31:33.0749 3700 AudioEndpointBuilder - ok

23:31:33.0764 3700 [ 2A54B6A48AB6D2166271B05E9469326E ] AudioSrv C:\Windows\System32\Audiosrv.dll

23:31:33.0768 3700 AudioSrv - ok

23:31:33.0799 3700 [ 70A746DCA80368A4155BA9014DC103D9 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys

23:31:33.0801 3700 BCM42RLY - ok

23:31:33.0878 3700 [ B76505D76984D935214E118753BDB2CB ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys

23:31:33.0905 3700 BCM43XX - ok

23:31:33.0947 3700 Beep - ok

23:31:33.0996 3700 [ BC4737AAFFA5964E4F8827C9B8C0EB8E ] BFE C:\Windows\System32\bfe.dll

23:31:34.0005 3700 BFE - ok

23:31:34.0054 3700 [ D896A0D43F8AB81ECB1FC6C24DECFD58 ] BITS C:\Windows\system32\qmgr.dll

23:31:34.0084 3700 BITS - ok

23:31:34.0130 3700 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys

23:31:34.0157 3700 blbdrive - ok

23:31:34.0217 3700 [ F0F035FCEC3554CC1B70C5611BD87951 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

23:31:34.0220 3700 bowser - ok

23:31:34.0263 3700 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys

23:31:34.0264 3700 BrFiltLo - ok

23:31:34.0299 3700 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys

23:31:34.0300 3700 BrFiltUp - ok

23:31:34.0338 3700 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll

23:31:34.0341 3700 Browser - ok

23:31:34.0397 3700 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys

23:31:34.0420 3700 Brserid - ok

23:31:34.0458 3700 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys

23:31:34.0460 3700 BrSerWdm - ok

23:31:34.0494 3700 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys

23:31:34.0510 3700 BrUsbMdm - ok

23:31:34.0524 3700 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys

23:31:34.0525 3700 BrUsbSer - ok

23:31:34.0574 3700 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

23:31:34.0575 3700 BTHMODEM - ok

23:31:34.0610 3700 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

23:31:34.0613 3700 cdfs - ok

23:31:34.0631 3700 [ 3B2FB35363423ED60C8FBF15FC8680BD ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

23:31:34.0634 3700 cdrom - ok

23:31:34.0669 3700 [ EDFFFC8B6AFB609BF33DBE0A900426B6 ] CertPropSvc C:\Windows\System32\certprop.dll

23:31:34.0670 3700 CertPropSvc - ok

23:31:34.0707 3700 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys

23:31:34.0709 3700 circlass - ok

23:31:34.0769 3700 [ C12C4EE07843B595036DA0BAA6317936 ] CLFS C:\Windows\system32\CLFS.sys

23:31:34.0777 3700 CLFS - ok

23:31:34.0905 3700 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

23:31:34.0921 3700 clr_optimization_v2.0.50727_32 - ok

23:31:35.0006 3700 [ FA58B51ED71C9133E141164EAA7C54EB ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

23:31:35.0028 3700 clr_optimization_v2.0.50727_64 - ok

23:31:35.0205 3700 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

23:31:35.0234 3700 clr_optimization_v4.0.30319_32 - ok

23:31:35.0283 3700 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

23:31:35.0287 3700 clr_optimization_v4.0.30319_64 - ok

23:31:35.0335 3700 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

23:31:35.0337 3700 CmBatt - ok

23:31:35.0372 3700 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys

23:31:35.0373 3700 cmdide - ok

23:31:35.0408 3700 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

23:31:35.0409 3700 Compbatt - ok

23:31:35.0420 3700 COMSysApp - ok

23:31:35.0427 3700 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

23:31:35.0429 3700 crcdisk - ok

23:31:35.0460 3700 [ 4374F784121D8B3BB466B03F5E5EBD33 ] CryptSvc C:\Windows\system32\cryptsvc.dll

23:31:35.0487 3700 CryptSvc - ok

23:31:35.0596 3700 [ 52CDADE8289FF21F1F2215FF51A5F36C ] DcomLaunch C:\Windows\system32\rpcss.dll

23:31:35.0618 3700 DcomLaunch - ok

23:31:35.0707 3700 [ 3725C43C9E90731ECA651D506CC599A3 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

23:31:35.0711 3700 DfsC - ok

23:31:35.0832 3700 [ 1781F99840979EE7B126C9073C377FD0 ] DFSR C:\Windows\system32\DFSR.exe

23:31:35.0931 3700 DFSR - ok

23:31:36.0020 3700 [ FDAA0EDFCFB70CD529589AD654651B40 ] Dhcp C:\Windows\System32\dhcpcsvc.dll

23:31:36.0024 3700 Dhcp - ok

23:31:36.0081 3700 [ 2DC415FC05FB8A079F896CBBACB19324 ] disk C:\Windows\system32\drivers\disk.sys

23:31:36.0103 3700 disk - ok

23:31:36.0180 3700 [ DAF05293C1264E251D3A25E7E24B2DDF ] Dnscache C:\Windows\System32\dnsrslvr.dll

23:31:36.0182 3700 Dnscache - ok

23:31:36.0264 3700 [ DB29915209770D8B59654345EC2D943A ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe

23:31:36.0268 3700 DockLoginService - ok

23:31:36.0360 3700 [ CC661867677627F2911C2A4970DEE0F1 ] dot3svc C:\Windows\System32\dot3svc.dll

23:31:36.0391 3700 dot3svc - ok

23:31:36.0432 3700 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll

23:31:36.0436 3700 DPS - ok

23:31:36.0471 3700 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

23:31:36.0472 3700 drmkaud - ok

23:31:36.0536 3700 [ 412964040CE920FF83AFF6B5B551BF99 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

23:31:36.0553 3700 DXGKrnl - ok

23:31:36.0616 3700 [ 17D40652EF3E55EEAE187A89DF40965A ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys

23:31:36.0623 3700 e1express - ok

23:31:36.0640 3700 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys

23:31:36.0644 3700 E1G60 - ok

23:31:36.0670 3700 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll

23:31:36.0673 3700 EapHost - ok

23:31:36.0712 3700 [ 7343D950A34A95DCB7441642E3E6BEEF ] Ecache C:\Windows\system32\drivers\ecache.sys

23:31:36.0716 3700 Ecache - ok

23:31:36.0874 3700 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe

23:31:36.0888 3700 ehRecvr - ok

23:31:36.0928 3700 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe

23:31:36.0931 3700 ehSched - ok

23:31:36.0950 3700 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll

23:31:36.0951 3700 ehstart - ok

23:31:37.0009 3700 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys

23:31:37.0017 3700 elxstor - ok

23:31:37.0203 3700 [ E4EB76D0A8FC43DB7F36302E1F33791F ] EMDMgmt C:\Windows\system32\emdmgmt.dll

23:31:37.0232 3700 EMDMgmt - ok

23:31:37.0250 3700 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys

23:31:37.0251 3700 ErrDev - ok

23:31:37.0323 3700 [ 6B1A97BF9FEFBDC83F3C7C7D0F826C66 ] EventSystem C:\Windows\system32\es.dll

23:31:37.0330 3700 EventSystem - ok

23:31:37.0369 3700 [ 2A546B9A84658B0554B1EC35CD9ADAF5 ] exfat C:\Windows\system32\drivers\exfat.sys

23:31:37.0372 3700 exfat - ok

23:31:37.0425 3700 [ FE731D345ED9EEABBC72A59B35941834 ] fastfat C:\Windows\system32\drivers\fastfat.sys

23:31:37.0429 3700 fastfat - ok

23:31:37.0463 3700 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys

23:31:37.0488 3700 fdc - ok

23:31:37.0518 3700 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll

23:31:37.0519 3700 fdPHost - ok

23:31:37.0538 3700 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll

23:31:37.0540 3700 FDResPub - ok

23:31:37.0552 3700 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

23:31:37.0554 3700 FileInfo - ok

23:31:37.0584 3700 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys

23:31:37.0585 3700 Filetrace - ok

23:31:37.0611 3700 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

23:31:37.0633 3700 flpydisk - ok

23:31:37.0660 3700 [ 7DACF1A3A4219575070C6DC7C957428A ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

23:31:37.0667 3700 FltMgr - ok

23:31:37.0731 3700 [ 73D0F1D32EDAE3DCC4E84468BF910ADD ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

23:31:37.0733 3700 FontCache3.0.0.0 - ok

23:31:37.0764 3700 [ 29D99E860A1CA0A03C6A733FDD0DA703 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

23:31:37.0778 3700 Fs_Rec - ok

23:31:37.0817 3700 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

23:31:37.0819 3700 gagp30kx - ok

23:31:37.0862 3700 [ D279181E1CF2D85D31CDCFFD56B16795 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

23:31:37.0864 3700 GEARAspiWDM - ok

23:31:37.0913 3700 [ 9E5B254D58232EC8921EC3C5A94C81ED ] gpsvc C:\Windows\System32\gpsvc.dll

23:31:37.0929 3700 gpsvc - ok

23:31:37.0965 3700 [ 0C0D0F8A3FF09ECC81963D09EC6A0A84 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

23:31:37.0974 3700 HDAudBus - ok

23:31:38.0013 3700 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys

23:31:38.0015 3700 HidBth - ok

23:31:38.0038 3700 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys

23:31:38.0040 3700 HidIr - ok

23:31:38.0086 3700 [ 77E34697087CFDBCFD9E0009704FB5AF ] hidserv C:\Windows\System32\hidserv.dll

23:31:38.0087 3700 hidserv - ok

23:31:38.0100 3700 [ 128E2DA8483FDD4DD0C7B3F9ABD6F323 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

23:31:38.0102 3700 HidUsb - ok

23:31:38.0141 3700 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll

23:31:38.0144 3700 hkmsvc - ok

23:31:38.0193 3700 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys

23:31:38.0200 3700 HpCISSs - ok

23:31:38.0300 3700 [ E690736DA6C543F5D99C8FA27BEA31DB ] HTTP C:\Windows\system32\drivers\HTTP.sys

23:31:38.0331 3700 HTTP - ok

23:31:38.0359 3700 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys

23:31:38.0360 3700 i2omp - ok

23:31:38.0412 3700 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

23:31:38.0414 3700 i8042prt - ok

23:31:38.0566 3700 [ 7B96206E4BDD2FE582F0DBC46F5F410E ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

23:31:38.0573 3700 IAANTMON - ok

23:31:38.0731 3700 [ 4F6FB2CDBDEEFC47E7D2066E78254580 ] iaStor C:\Windows\system32\drivers\iastor.sys

23:31:38.0736 3700 iaStor - ok

23:31:38.0858 3700 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys

23:31:38.0870 3700 iaStorV - ok

23:31:39.0004 3700 [ 76EA63CDB2D88DAE7209691D089BEF1D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

23:31:39.0027 3700 idsvc - ok

23:31:39.0316 3700 [ D87D140CC33F68D4692BD213DF856811 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

23:31:39.0547 3700 igfx - ok

23:31:39.0595 3700 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys

23:31:39.0612 3700 iirsp - ok

23:31:39.0666 3700 [ 3A3B232140C33376E134E7B61A0EAA44 ] IKEEXT C:\Windows\System32\ikeext.dll

23:31:39.0676 3700 IKEEXT - ok

23:31:39.0875 3700 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys

23:31:39.0894 3700 intelide - ok

23:31:39.0931 3700 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

23:31:39.0932 3700 intelppm - ok

23:31:39.0963 3700 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

23:31:39.0966 3700 IPBusEnum - ok

23:31:39.0986 3700 [ 99B821F5BEBD6A3CC3FE564F802AE0FD ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

23:31:39.0988 3700 IpFilterDriver - ok

23:31:40.0057 3700 [ 3A0427F35E7F8C16BBC5B1BE32B8DE76 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

23:31:40.0062 3700 iphlpsvc - ok

23:31:40.0068 3700 IpInIp - ok

23:31:40.0101 3700 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys

23:31:40.0103 3700 IPMIDRV - ok

23:31:40.0143 3700 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys

23:31:40.0146 3700 IPNAT - ok

23:31:40.0200 3700 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys

23:31:40.0201 3700 IRENUM - ok

23:31:40.0249 3700 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys

23:31:40.0251 3700 isapnp - ok

23:31:40.0303 3700 [ 49E4CCBF74783FCE5D2CC1FF6480E1F4 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

23:31:40.0307 3700 iScsiPrt - ok

23:31:40.0342 3700 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys

23:31:40.0343 3700 iteatapi - ok

23:31:40.0364 3700 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys

23:31:40.0366 3700 iteraid - ok

23:31:40.0390 3700 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

23:31:40.0392 3700 kbdclass - ok

23:31:40.0446 3700 [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

23:31:40.0469 3700 kbdhid - ok

23:31:40.0504 3700 [ 80F4593E92FF960E4763380D3168E498 ] KeyIso C:\Windows\system32\lsass.exe

23:31:40.0505 3700 KeyIso - ok

23:31:40.0545 3700 [ CCDCCE6224E1E207E953AF826B98A9D9 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

23:31:40.0556 3700 KSecDD - ok

23:31:40.0609 3700 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

23:31:40.0611 3700 ksthunk - ok

23:31:40.0659 3700 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll

23:31:40.0669 3700 KtmRm - ok

23:31:40.0744 3700 [ 3F27C9CDAE606D74431E3AB39571A7F3 ] LanmanServer C:\Windows\System32\srvsvc.dll

23:31:40.0750 3700 LanmanServer - ok

23:31:40.0853 3700 [ 6E25FFC6FEAD6544C6E9F1D23329570C ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

23:31:40.0860 3700 LanmanWorkstation - ok

23:31:40.0913 3700 [ 797289607A5EBF31353AA5EAD141F872 ] Leapfrog-USBLAN C:\Windows\system32\DRIVERS\btblan.sys

23:31:40.0914 3700 Leapfrog-USBLAN - ok

23:31:40.0934 3700 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

23:31:40.0936 3700 lltdio - ok

23:31:40.0973 3700 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll

23:31:40.0981 3700 lltdsvc - ok

23:31:41.0000 3700 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll

23:31:41.0002 3700 lmhosts - ok

23:31:41.0055 3700 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

23:31:41.0068 3700 LSI_FC - ok

23:31:41.0099 3700 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

23:31:41.0101 3700 LSI_SAS - ok

23:31:41.0158 3700 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

23:31:41.0162 3700 LSI_SCSI - ok

23:31:41.0193 3700 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys

23:31:41.0215 3700 luafv - ok

23:31:41.0265 3700 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

23:31:41.0268 3700 Mcx2Svc - ok

23:31:41.0319 3700 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys

23:31:41.0334 3700 megasas - ok

23:31:41.0379 3700 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys

23:31:41.0388 3700 MegaSR - ok

23:31:41.0419 3700 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll

23:31:41.0422 3700 MMCSS - ok

23:31:41.0485 3700 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys

23:31:41.0501 3700 Modem - ok

23:31:41.0555 3700 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

23:31:41.0576 3700 monitor - ok

23:31:41.0611 3700 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

23:31:41.0614 3700 mouclass - ok

23:31:41.0642 3700 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

23:31:41.0643 3700 mouhid - ok

23:31:41.0663 3700 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys

23:31:41.0665 3700 MountMgr - ok

23:31:41.0709 3700 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys

23:31:41.0712 3700 mpio - ok

23:31:41.0747 3700 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

23:31:41.0750 3700 mpsdrv - ok

23:31:41.0930 3700 [ 8A670648C755867A3AA38DA50BA569AA ] MpsSvc C:\Windows\system32\mpssvc.dll

23:31:41.0961 3700 MpsSvc - ok

23:31:42.0004 3700 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys

23:31:42.0005 3700 Mraid35x - ok

23:31:42.0037 3700 [ FE2706C15F8345C342820E4E4583FEA0 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

23:31:42.0041 3700 MRxDAV - ok

23:31:42.0164 3700 [ B698EB9ACC7ECD4927D99D268918F912 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

23:31:42.0169 3700 mrxsmb - ok

23:31:42.0200 3700 [ 9A797E27FD28500EE13D43000C931435 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

23:31:42.0206 3700 mrxsmb10 - ok

23:31:42.0269 3700 [ F9425D610712533107A264E2D5B2154B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

23:31:42.0271 3700 mrxsmb20 - ok

23:31:42.0315 3700 [ 730B784962D22D2C6481EAE2370E7C8C ] msahci C:\Windows\system32\drivers\msahci.sys

23:31:42.0317 3700 msahci - ok

23:31:42.0335 3700 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys

23:31:42.0338 3700 msdsm - ok

23:31:42.0380 3700 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe

23:31:42.0400 3700 MSDTC - ok

23:31:42.0446 3700 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys

23:31:42.0447 3700 Msfs - ok

23:31:42.0474 3700 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

23:31:42.0476 3700 msisadrv - ok

23:31:42.0518 3700 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

23:31:42.0522 3700 MSiSCSI - ok

23:31:42.0532 3700 msiserver - ok

23:31:42.0579 3700 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

23:31:42.0580 3700 MSKSSRV - ok

23:31:42.0621 3700 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

23:31:42.0622 3700 MSPCLOCK - ok

23:31:42.0635 3700 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

23:31:42.0636 3700 MSPQM - ok

23:31:42.0664 3700 [ B8E32E6103FBBA9FBB1D0C11FF0D13B5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

23:31:42.0671 3700 MsRPC - ok

23:31:42.0708 3700 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

23:31:42.0733 3700 mssmbios - ok

23:31:42.0767 3700 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

23:31:42.0768 3700 MSTEE - ok

23:31:42.0789 3700 [ DDF133501F68D6988A0F55DFA88637B4 ] Mup C:\Windows\system32\Drivers\mup.sys

23:31:42.0791 3700 Mup - ok

23:31:42.0852 3700 [ C25022CDD18980846973B598900915F8 ] napagent C:\Windows\system32\qagentRT.dll

23:31:42.0863 3700 napagent - ok

23:31:42.0905 3700 [ 73B99C98FA3A2ED1566E02D6FE1913A5 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

23:31:42.0909 3700 NativeWifiP - ok

23:31:42.0972 3700 [ F9A3AE5C9F047D71A36A99F9ABCA7D02 ] NDIS C:\Windows\system32\drivers\ndis.sys

23:31:42.0987 3700 NDIS - ok

23:31:43.0017 3700 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

23:31:43.0018 3700 NdisTapi - ok

23:31:43.0036 3700 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

23:31:43.0038 3700 Ndisuio - ok

23:31:43.0094 3700 [ 52E3E8E35101399BE9B2938C992AA087 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

23:31:43.0099 3700 NdisWan - ok

23:31:43.0117 3700 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

23:31:43.0119 3700 NDProxy - ok

23:31:43.0140 3700 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

23:31:43.0142 3700 NetBIOS - ok

23:31:43.0165 3700 [ 7A29CA243A629230799754162D80120F ] netbt C:\Windows\system32\DRIVERS\netbt.sys

23:31:43.0171 3700 netbt - ok

23:31:43.0181 3700 [ 80F4593E92FF960E4763380D3168E498 ] Netlogon C:\Windows\system32\lsass.exe

23:31:43.0183 3700 Netlogon - ok

23:31:43.0243 3700 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll

23:31:43.0252 3700 Netman - ok

23:31:43.0281 3700 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll

23:31:43.0286 3700 netprofm - ok

23:31:43.0326 3700 [ B84613B469B98E09F50A748C1D02E132 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

23:31:43.0329 3700 NetTcpPortSharing - ok

23:31:43.0427 3700 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

23:31:43.0428 3700 nfrd960 - ok

23:31:43.0470 3700 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll

23:31:43.0475 3700 NlaSvc - ok

23:31:43.0509 3700 [ B06154E2A2C91E9BE5599FCA53BC4CD0 ] Npfs C:\Windows\system32\drivers\Npfs.sys

23:31:43.0529 3700 Npfs - ok

23:31:43.0562 3700 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll

23:31:43.0564 3700 nsi - ok

23:31:43.0592 3700 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

23:31:43.0593 3700 nsiproxy - ok

23:31:43.0661 3700 [ FE86BA5AC3B50E2CA911E9C60C07B638 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

23:31:43.0691 3700 Ntfs - ok

23:31:43.0719 3700 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys

23:31:43.0748 3700 Null - ok

23:31:43.0799 3700 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys

23:31:43.0802 3700 nvraid - ok

23:31:43.0820 3700 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys

23:31:43.0822 3700 nvstor - ok

23:31:43.0850 3700 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

23:31:43.0870 3700 nv_agp - ok

23:31:43.0876 3700 NwlnkFlt - ok

23:31:43.0888 3700 NwlnkFwd - ok

23:31:43.0943 3700 [ 706F5504AF9F28C8641DAB5EDDFDE03B ] OA009Ufd C:\Windows\system32\DRIVERS\OA009Ufd.sys

23:31:43.0947 3700 OA009Ufd - ok

23:31:43.0965 3700 [ 4BB946D5A9BC62B45D58108D29AE2E7D ] OA009Vid C:\Windows\system32\DRIVERS\OA009Vid.sys

23:31:43.0972 3700 OA009Vid - ok

23:31:44.0024 3700 [ 7B58953E2F263421FDBB09A192712A85 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

23:31:44.0047 3700 ohci1394 - ok

23:31:44.0100 3700 [ 430F35C5592D253F43A26B4F5A523DBF ] p2pimsvc C:\Windows\system32\p2psvc.dll

23:31:44.0130 3700 p2pimsvc - ok

23:31:44.0153 3700 [ 430F35C5592D253F43A26B4F5A523DBF ] p2psvc C:\Windows\system32\p2psvc.dll

23:31:44.0162 3700 p2psvc - ok

23:31:44.0217 3700 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys

23:31:44.0220 3700 Parport - ok

23:31:44.0255 3700 [ 5AB40C36894F4C06BDAB0C9A2FBA282D ] partmgr C:\Windows\system32\drivers\partmgr.sys

23:31:44.0258 3700 partmgr - ok

23:31:44.0286 3700 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll

23:31:44.0291 3700 PcaSvc - ok

23:31:44.0313 3700 [ 2A5B2A51559066EA84742909B5B2CD69 ] pci C:\Windows\system32\drivers\pci.sys

23:31:44.0318 3700 pci - ok

23:31:44.0365 3700 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys

23:31:44.0367 3700 pciide - ok

23:31:44.0478 3700 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

23:31:44.0501 3700 pcmcia - ok

23:31:44.0555 3700 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys

23:31:44.0570 3700 PEAUTH - ok

23:31:44.0699 3700 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe

23:31:44.0702 3700 PerfHost - ok

23:31:44.0787 3700 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll

23:31:44.0820 3700 pla - ok

23:31:44.0859 3700 [ 5AAA0C5534B05ED49919FCD9DBD11A5B ] PlugPlay C:\Windows\system32\umpnpmgr.dll

23:31:44.0867 3700 PlugPlay - ok

23:31:44.0901 3700 [ 430F35C5592D253F43A26B4F5A523DBF ] PNRPAutoReg C:\Windows\system32\p2psvc.dll

23:31:44.0910 3700 PNRPAutoReg - ok

23:31:44.0940 3700 [ 430F35C5592D253F43A26B4F5A523DBF ] PNRPsvc C:\Windows\system32\p2psvc.dll

23:31:44.0949 3700 PNRPsvc - ok

23:31:45.0022 3700 [ EEF3688D5E9592CBBBED00DE71DDA1EF ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

23:31:45.0033 3700 PolicyAgent - ok

23:31:45.0075 3700 [ F5739F2C6DB2534C384AD5150808E8F5 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

23:31:45.0078 3700 PptpMiniport - ok

23:31:45.0105 3700 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys

23:31:45.0107 3700 Processor - ok

23:31:45.0148 3700 [ B21FE10DAD3AB59E78DF7AA3FBF41E70 ] ProfSvc C:\Windows\system32\profsvc.dll

23:31:45.0153 3700 ProfSvc - ok

23:31:45.0170 3700 [ 80F4593E92FF960E4763380D3168E498 ] ProtectedStorage C:\Windows\system32\lsass.exe

23:31:45.0171 3700 ProtectedStorage - ok

23:31:45.0196 3700 [ 0E0E205A296095FE4C631E6A4775AD6C ] PSched C:\Windows\system32\DRIVERS\pacer.sys

23:31:45.0198 3700 PSched - ok

23:31:45.0394 3700 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys

23:31:45.0439 3700 ql2300 - ok

23:31:45.0484 3700 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

23:31:45.0499 3700 ql40xx - ok

23:31:45.0546 3700 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll

23:31:45.0553 3700 QWAVE - ok

23:31:45.0572 3700 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

23:31:45.0575 3700 QWAVEdrv - ok

23:31:46.0396 3700 [ 2A09A6B271D1F50ADF5E33B37D460DE6 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys

23:31:46.0484 3700 R300 - ok

23:31:46.0530 3700 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

23:31:46.0532 3700 RasAcd - ok

23:31:46.0563 3700 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll

23:31:46.0567 3700 RasAuto - ok

23:31:46.0596 3700 [ 3B9085F91EF00ABD15A6F36570E90E12 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

23:31:46.0600 3700 Rasl2tp - ok

23:31:46.0654 3700 [ D0C346D7DF0DF9B4899631796F177D56 ] RasMan C:\Windows\System32\rasmans.dll

23:31:46.0664 3700 RasMan - ok

23:31:46.0687 3700 [ 2CE1703C27196094FB6E4C6E439F2C21 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

23:31:46.0689 3700 RasPppoe - ok

23:31:46.0719 3700 [ FCD04FA67E8B40FA0AD361DD38593942 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

23:31:46.0722 3700 RasSstp - ok

23:31:46.0753 3700 [ 33FA5B6136D92EE0F53F021C79091300 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

23:31:46.0759 3700 rdbss - ok

23:31:46.0774 3700 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

23:31:46.0775 3700 RDPCDD - ok

23:31:46.0913 3700 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys

23:31:46.0935 3700 rdpdr - ok

23:31:46.0944 3700 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

23:31:46.0945 3700 RDPENCDD - ok

23:31:47.0021 3700 [ 7747082F672AA2846235C9CEA42E2E72 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

23:31:47.0026 3700 RDPWD - ok

23:31:47.0084 3700 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll

23:31:47.0087 3700 RemoteAccess - ok

23:31:47.0164 3700 [ 416C611369CBE49074B89CEE2F83ABEF ] RemoteRegistry C:\Windows\system32\regsvc.dll

23:31:47.0195 3700 RemoteRegistry - ok

23:31:47.0219 3700 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe

23:31:47.0221 3700 RpcLocator - ok

23:31:47.0261 3700 [ 52CDADE8289FF21F1F2215FF51A5F36C ] RpcSs C:\Windows\System32\rpcss.dll

23:31:47.0269 3700 RpcSs - ok

23:31:47.0320 3700 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

23:31:47.0348 3700 rspndr - ok

23:31:47.0393 3700 [ BA9306C027A92A7ED685F7C6E2D2B00B ] RTSTOR C:\Windows\system32\drivers\RTSTOR64.SYS

23:31:47.0396 3700 RTSTOR - ok

23:31:47.0446 3700 [ 80F4593E92FF960E4763380D3168E498 ] SamSs C:\Windows\system32\lsass.exe

23:31:47.0448 3700 SamSs - ok

23:31:47.0495 3700 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

23:31:47.0511 3700 sbp2port - ok

23:31:47.0548 3700 [ F024D560FEA06F8B56D673849EB89AE6 ] SCardSvr C:\Windows\System32\SCardSvr.dll

23:31:47.0553 3700 SCardSvr - ok

23:31:47.0630 3700 [ CE75D26E0A1106129F4D156851E298ED ] Schedule C:\Windows\system32\schedsvc.dll

23:31:47.0649 3700 Schedule - ok

23:31:47.0667 3700 [ EDFFFC8B6AFB609BF33DBE0A900426B6 ] SCPolicySvc C:\Windows\System32\certprop.dll

23:31:47.0668 3700 SCPolicySvc - ok

23:31:47.0734 3700 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll

23:31:47.0738 3700 SDRSVC - ok

23:31:47.0751 3700 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

23:31:47.0753 3700 secdrv - ok

23:31:47.0764 3700 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll

23:31:47.0767 3700 seclogon - ok

23:31:47.0789 3700 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll

23:31:47.0792 3700 SENS - ok

23:31:47.0826 3700 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys

23:31:47.0827 3700 Serenum - ok

23:31:47.0852 3700 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys

23:31:47.0854 3700 Serial - ok

23:31:47.0885 3700 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys

23:31:47.0886 3700 sermouse - ok

23:31:47.0981 3700 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll

23:31:48.0006 3700 SessionEnv - ok

23:31:48.0039 3700 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

23:31:48.0040 3700 sffdisk - ok

23:31:48.0053 3700 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

23:31:48.0055 3700 sffp_mmc - ok

23:31:48.0071 3700 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

23:31:48.0073 3700 sffp_sd - ok

23:31:48.0095 3700 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

23:31:48.0097 3700 sfloppy - ok

23:31:48.0134 3700 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll

23:31:48.0141 3700 SharedAccess - ok

23:31:48.0271 3700 [ 9235EC680D3DB17464B39C7C7DECB4DD ] ShellHWDetection C:\Windows\System32\shsvcs.dll

23:31:48.0279 3700 ShellHWDetection - ok

23:31:48.0335 3700 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys

23:31:48.0351 3700 SiSRaid2 - ok

23:31:48.0401 3700 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

23:31:48.0403 3700 SiSRaid4 - ok

23:31:48.0754 3700 [ A301D2CEFB4747DFE0C24425DCBE0B78 ] slsvc C:\Windows\system32\SLsvc.exe

23:31:48.0839 3700 slsvc - ok

23:31:48.0869 3700 [ F5DDF7C0AF85EB72CB295171F8C3CB35 ] SLUINotify C:\Windows\system32\SLUINotify.dll

23:31:48.0872 3700 SLUINotify - ok

23:31:48.0891 3700 [ 41EB2E8E005FEEDCAFCE301983EFF932 ] Smb C:\Windows\system32\DRIVERS\smb.sys

23:31:48.0896 3700 Smb - ok

23:31:48.0944 3700 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe

23:31:48.0951 3700 SNMPTRAP - ok

23:31:48.0975 3700 [ F9CB0672162F7F04248E2B82C1FF4617 ] spldr C:\Windows\system32\drivers\spldr.sys

23:31:48.0976 3700 spldr - ok

23:31:49.0041 3700 [ 92E6738D25C2123BE9515C0EAC0776CD ] Spooler C:\Windows\System32\spoolsv.exe

23:31:49.0048 3700 Spooler - ok

23:31:49.0143 3700 [ A8ABD7D0D907B45CF3831F4DD8644349 ] srv C:\Windows\system32\DRIVERS\srv.sys

23:31:49.0161 3700 srv - ok

23:31:49.0229 3700 [ 6C72EEA39E1C37B436A6D1532999F9EC ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

23:31:49.0248 3700 srv2 - ok

23:31:49.0272 3700 [ 7F69BCF9E6FA3D93C82EE6B87812666D ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

23:31:49.0276 3700 srvnet - ok

23:31:49.0302 3700 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

23:31:49.0308 3700 SSDPSRV - ok

23:31:49.0347 3700 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll

23:31:49.0352 3700 SstpSvc - ok

23:31:50.0175 3700 [ 67502C1DB282A9B0708E45DFAFE282E5 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_d14bcbef\STacSV64.exe

23:31:50.0199 3700 STacSV - ok

23:31:50.0263 3700 [ 3000130BF688878DB2E76C6BB2D354C0 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys

23:31:50.0275 3700 STHDA - ok

23:31:50.0306 3700 [ F14F7D7D68A66777FB999D5D0F21138D ] stisvc C:\Windows\System32\wiaservc.dll

23:31:50.0319 3700 stisvc - ok

23:31:50.0347 3700 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys

23:31:50.0348 3700 swenum - ok

23:31:50.0378 3700 [ DA34D6EB4A3154C0BEBAEB0A2483EF3E ] swprv C:\Windows\System32\swprv.dll

23:31:50.0388 3700 swprv - ok

23:31:50.0447 3700 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys

23:31:50.0469 3700 Symc8xx - ok

23:31:50.0502 3700 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys

23:31:50.0504 3700 Sym_hi - ok

23:31:50.0526 3700 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys

23:31:50.0528 3700 Sym_u3 - ok

23:31:50.0706 3700 [ BEA0D5521ED21DF8F6FFEED86DAEDE7B ] SysMain C:\Windows\system32\sysmain.dll

23:31:50.0723 3700 SysMain - ok

23:31:50.0752 3700 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll

23:31:50.0755 3700 TabletInputService - ok

23:31:50.0775 3700 [ 52091001CAF20AE84CF47023EE21B4BB ] TapiSrv C:\Windows\System32\tapisrv.dll

23:31:50.0785 3700 TapiSrv - ok

23:31:50.0803 3700 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll

23:31:50.0807 3700 TBS - ok

23:31:51.0089 3700 [ 7D86275FB640011B372FD566C0EAFA8D ] Tcpip C:\Windows\system32\drivers\tcpip.sys

23:31:51.0154 3700 Tcpip - ok

23:31:51.0311 3700 [ 7D86275FB640011B372FD566C0EAFA8D ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys

23:31:51.0324 3700 Tcpip6 - ok

23:31:51.0377 3700 [ C29D4B3B08AD0B7E8564814E4FF6A57B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

23:31:51.0379 3700 tcpipreg - ok

23:31:51.0416 3700 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

23:31:51.0418 3700 TDPIPE - ok

23:31:51.0468 3700 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

23:31:51.0493 3700 TDTCP - ok

23:31:51.0516 3700 [ 8C39C72E0E853DE04748C0337D9B9216 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

23:31:51.0518 3700 tdx - ok

23:31:51.0544 3700 [ 3F0EBF6EE609F2A276C0D5FAF244EC90 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

23:31:51.0548 3700 TermDD - ok

23:31:51.0599 3700 [ F870A5589D6A94B426EFB13689023946 ] TermService C:\Windows\System32\termsrv.dll

23:31:51.0612 3700 TermService - ok

23:31:51.0632 3700 [ 9235EC680D3DB17464B39C7C7DECB4DD ] Themes C:\Windows\system32\shsvcs.dll

23:31:51.0636 3700 Themes - ok

23:31:51.0663 3700 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll

23:31:51.0665 3700 THREADORDER - ok

23:31:51.0682 3700 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll

23:31:51.0690 3700 TrkWks - ok

23:31:51.0727 3700 [ AC6FF1DF22ED90BAD6417EE5A4C6E2F0 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

23:31:51.0729 3700 TrustedInstaller - ok

23:31:51.0765 3700 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

23:31:51.0790 3700 tssecsrv - ok

23:31:51.0822 3700 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys

23:31:51.0823 3700 tunmp - ok

23:31:51.0878 3700 [ 2DC2C423572946E9A3131425BDA73CB6 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

23:31:51.0889 3700 tunnel - ok

23:31:51.0938 3700 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

23:31:51.0961 3700 uagp35 - ok

23:31:51.0990 3700 [ ECA6629E33F122AFFF18A2AB7C3EB033 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

23:31:51.0996 3700 udfs - ok

23:31:52.0039 3700 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe

23:31:52.0042 3700 UI0Detect - ok

23:31:52.0083 3700 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

23:31:52.0085 3700 uliagpkx - ok

23:31:52.0113 3700 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys

23:31:52.0119 3700 uliahci - ok

23:31:52.0154 3700 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys

23:31:52.0158 3700 UlSata - ok

23:31:52.0189 3700 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys

23:31:52.0193 3700 ulsata2 - ok

23:31:52.0224 3700 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

23:31:52.0226 3700 umbus - ok

23:31:52.0261 3700 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll

23:31:52.0269 3700 upnphost - ok

23:31:52.0291 3700 USBAAPL64 - ok

23:31:52.0343 3700 [ 89842CE16285B73405284224CC386DCF ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

23:31:52.0347 3700 usbccgp - ok

23:31:52.0414 3700 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys

23:31:52.0416 3700 usbcir - ok

23:31:52.0455 3700 [ 07B738A1F57E4EC870406E74DA5754AF ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

23:31:52.0457 3700 usbehci - ok

23:31:52.0499 3700 [ B668E8E0EF2910F28BAF550B04DE57F2 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

23:31:52.0506 3700 usbhub - ok

23:31:52.0528 3700 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys

23:31:52.0531 3700 usbohci - ok

23:31:52.0567 3700 [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint C:\Windows\system32\drivers\usbprint.sys

23:31:52.0587 3700 usbprint - ok

23:31:52.0635 3700 [ 586D9876A4945779C8EEA926C0D16889 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

23:31:52.0637 3700 USBSTOR - ok

23:31:52.0677 3700 [ E76F2B26A5917F555844C128954BB52B ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

23:31:52.0679 3700 usbuhci - ok

23:31:52.0701 3700 [ 9190F03C82547AFA87367F1CECA88F3B ] UxSms C:\Windows\System32\uxsms.dll

23:31:52.0704 3700 UxSms - ok

23:31:52.0737 3700 [ C15A4A550CBA7B9F1F68B72528E04CE1 ] vds C:\Windows\System32\vds.exe

23:31:52.0754 3700 vds - ok

23:31:52.0799 3700 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

23:31:52.0824 3700 vga - ok

23:31:52.0846 3700 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys

23:31:52.0848 3700 VgaSave - ok

23:31:52.0872 3700 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys

23:31:52.0873 3700 viaide - ok

23:31:52.0882 3700 [ 793D9B32A1C462C91F6F70358283AC97 ] volmgr C:\Windows\system32\drivers\volmgr.sys

23:31:52.0884 3700 volmgr - ok

23:31:52.0918 3700 [ 5AA217DA5DC4FF5B9AC9AB86563B3223 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

23:31:52.0927 3700 volmgrx - ok

23:31:52.0966 3700 [ DE4307412D98050239026E56A7DFF3C0 ] volsnap C:\Windows\system32\drivers\volsnap.sys

23:31:52.0972 3700 volsnap - ok

23:31:53.0026 3700 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

23:31:53.0033 3700 vsmraid - ok

23:31:53.0217 3700 [ 186BD53F8A408AD20F5A056C05678629 ] VSS C:\Windows\system32\vssvc.exe

23:31:53.0245 3700 VSS - ok

23:31:53.0292 3700 [ BA29F34A61CB55C0DEE29E787542EDF4 ] W32Time C:\Windows\system32\w32time.dll

23:31:53.0302 3700 W32Time - ok

23:31:53.0339 3700 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

23:31:53.0340 3700 WacomPen - ok

23:31:53.0377 3700 [ AEA75207E443C8623C36B8D03596F84F ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys

23:31:53.0379 3700 Wanarp - ok

23:31:53.0387 3700 [ AEA75207E443C8623C36B8D03596F84F ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

23:31:53.0388 3700 Wanarpv6 - ok

23:31:53.0493 3700 [ 055449247C490E24B968B44FE8A969EB ] wcncsvc C:\Windows\System32\wcncsvc.dll

23:31:53.0509 3700 wcncsvc - ok

23:31:53.0533 3700 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

23:31:53.0537 3700 WcsPlugInService - ok

23:31:53.0584 3700 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys

23:31:53.0585 3700 Wd - ok

23:31:53.0630 3700 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

23:31:53.0648 3700 Wdf01000 - ok

23:31:53.0672 3700 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll

23:31:53.0676 3700 WdiServiceHost - ok

23:31:53.0684 3700 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll

23:31:53.0687 3700 WdiSystemHost - ok

23:31:53.0714 3700 [ 3D4AB55F8178FD0CD3CA45CD0EC9CF5B ] WebClient C:\Windows\System32\webclnt.dll

23:31:53.0730 3700 WebClient - ok

23:31:53.0812 3700 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll

23:31:53.0823 3700 Wecsvc - ok

23:31:53.0844 3700 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll

23:31:53.0849 3700 wercplsupport - ok

23:31:53.0881 3700 [ FC25242B3BCAF7E84D9184082274AE08 ] WerSvc C:\Windows\System32\WerSvc.dll

23:31:53.0885 3700 WerSvc - ok

23:31:53.0909 3700 WinDefend - ok

23:31:53.0920 3700 WinHttpAutoProxySvc - ok

23:31:54.0013 3700 [ AC98F38FEAB066A8F983D54FF3F4FD4C ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

23:31:54.0018 3700 Winmgmt - ok

23:31:54.0219 3700 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll

23:31:54.0273 3700 WinRM - ok

23:31:54.0351 3700 [ 0A69955261C1B54206ADC9BEB89517DE ] Wlansvc C:\Windows\System32\wlansvc.dll

23:31:54.0364 3700 Wlansvc - ok

23:31:54.0373 3700 wltrysvc - ok

23:31:54.0411 3700 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

23:31:54.0412 3700 WmiAcpi - ok

23:31:54.0452 3700 [ D303322DD577C3DEDA1251ED2E7A496C ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

23:31:54.0456 3700 wmiApSrv - ok

23:31:54.0485 3700 WMPNetworkSvc - ok

23:31:54.0512 3700 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll

23:31:54.0519 3700 WPCSvc - ok

23:31:54.0541 3700 [ A27C8F92D84E2DDC151978E4692C978E ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

23:31:54.0547 3700 WPDBusEnum - ok

23:31:54.0576 3700 [ 6329D1990DB931073B86AB5946D8E317 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys

23:31:54.0587 3700 WpdUsb - ok

23:31:54.0877 3700 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe

23:31:54.0898 3700 WPFFontCache_v0400 - ok

23:31:54.0936 3700 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

23:31:54.0937 3700 ws2ifsl - ok

23:31:54.0972 3700 [ CB8EA6D95949384925CCFCA21CC6DFD8 ] wscsvc C:\Windows\system32\wscsvc.dll

23:31:54.0975 3700 wscsvc - ok

23:31:54.0985 3700 WSearch - ok

23:31:55.0226 3700 [ FB3796754FE00F0BDC87A36F164A5F4D ] wuauserv C:\Windows\system32\wuaueng.dll

23:31:55.0304 3700 wuauserv - ok

23:31:55.0348 3700 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

23:31:55.0351 3700 WUDFRd - ok

23:31:55.0393 3700 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll

23:31:55.0401 3700 wudfsvc - ok

23:31:55.0426 3700 yksvc - ok

23:31:55.0463 3700 [ B681CADB266B151061E7BAA82B0D77B7 ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys

23:31:55.0472 3700 yukonx64 - ok

23:31:55.0505 3700 ================ Scan global ===============================

23:31:55.0526 3700 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll

23:31:55.0627 3700 [ 2D94E4CE322F12061D3FA7DBE65E9AC5 ] C:\Windows\system32\winsrv.dll

23:31:55.0652 3700 [ 2D94E4CE322F12061D3FA7DBE65E9AC5 ] C:\Windows\system32\winsrv.dll

23:31:55.0686 3700 [ DFAC660F0F139276CC9299812DE42719 ] C:\Windows\system32\services.exe

23:31:55.0692 3700 [Global] - ok

23:31:55.0695 3700 ================ Scan MBR ==================================

23:31:55.0705 3700 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0

23:31:57.0210 3700 \Device\Harddisk0\DR0 - ok

23:31:57.0211 3700 ================ Scan VBR ==================================

23:31:57.0234 3700 [ 3ADDB8764F8439347437A75007017CA3 ] \Device\Harddisk0\DR0\Partition1

23:31:57.0237 3700 \Device\Harddisk0\DR0\Partition1 - ok

23:31:57.0288 3700 [ 716F255622D1765C960696ABCF8EB10B ] \Device\Harddisk0\DR0\Partition2

23:31:57.0318 3700 \Device\Harddisk0\DR0\Partition2 - ok

23:31:57.0321 3700 ============================================================

23:31:57.0321 3700 Scan finished

23:31:57.0321 3700 ============================================================

23:31:57.0336 1520 Detected object count: 0

23:31:57.0336 1520 Actual detected object count: 0

23:32:54.0397 2524 ============================================================

23:32:54.0397 2524 Scan started

23:32:54.0397 2524 Mode: Manual;

23:32:54.0397 2524 ============================================================

23:32:54.0616 2524 ================ Scan system memory ========================

23:32:54.0616 2524 System memory - ok

23:32:54.0619 2524 ================ Scan services =============================

23:32:55.0518 2524 [ 8C99ED256A889D647935A97C543B7B85 ] ACPI C:\Windows\system32\drivers\acpi.sys

23:32:55.0522 2524 ACPI - ok

23:32:56.0383 2524 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

23:32:56.0386 2524 AdobeFlashPlayerUpdateSvc - ok

23:32:56.0627 2524 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

23:32:56.0632 2524 adp94xx - ok

23:32:56.0683 2524 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys

23:32:56.0686 2524 adpahci - ok

23:32:56.0723 2524 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys

23:32:56.0724 2524 adpu160m - ok

23:32:56.0762 2524 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

23:32:56.0764 2524 adpu320 - ok

23:32:56.0805 2524 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

23:32:56.0805 2524 AeLookupSvc - ok

23:32:57.0320 2524 [ 05F4262FDBDFAECA7EF9B3F0807508FC ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_d14bcbef\AESTSr64.exe

23:32:57.0321 2524 AESTFilters - ok

23:32:57.0388 2524 [ 9BB97042FA331A0FB4BDD98B9280A50A ] AFD C:\Windows\system32\drivers\afd.sys

23:32:57.0392 2524 AFD - ok

23:32:57.0440 2524 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys

23:32:57.0441 2524 agp440 - ok

23:32:57.0487 2524 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys

23:32:57.0488 2524 aic78xx - ok

23:32:57.0526 2524 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe

23:32:57.0527 2524 ALG - ok

23:32:57.0555 2524 [ 9544C2C55541C0C6BFD7B489D0E7D430 ] aliide C:\Windows\system32\drivers\aliide.sys

23:32:57.0555 2524 aliide - ok

23:32:57.0585 2524 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys

23:32:57.0585 2524 amdide - ok

23:32:57.0633 2524 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

23:32:57.0634 2524 AmdK8 - ok

23:32:57.0695 2524 [ 8C85C812569DF851E7A2159147323DFA ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys

23:32:57.0697 2524 ApfiltrService - ok

23:32:57.0728 2524 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll

23:32:57.0729 2524 Appinfo - ok

23:32:57.0788 2524 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys

23:32:57.0789 2524 arc - ok

23:32:57.0830 2524 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys

23:32:57.0831 2524 arcsas - ok

23:32:57.0869 2524 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

23:32:57.0869 2524 AsyncMac - ok

23:32:57.0926 2524 [ F988BB0690CD660318037908E9B8DBF7 ] atapi C:\Windows\system32\drivers\atapi.sys

23:32:57.0927 2524 atapi - ok

23:32:57.0972 2524 [ 2A54B6A48AB6D2166271B05E9469326E ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

23:32:57.0976 2524 AudioEndpointBuilder - ok

23:32:57.0991 2524 [ 2A54B6A48AB6D2166271B05E9469326E ] AudioSrv C:\Windows\System32\Audiosrv.dll

23:32:57.0996 2524 AudioSrv - ok

23:32:58.0064 2524 [ 70A746DCA80368A4155BA9014DC103D9 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys

23:32:58.0064 2524 BCM42RLY - ok

23:32:58.0230 2524 [ B76505D76984D935214E118753BDB2CB ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys

23:32:58.0243 2524 BCM43XX - ok

23:32:58.0258 2524 Beep - ok

23:32:58.0313 2524 [ BC4737AAFFA5964E4F8827C9B8C0EB8E ] BFE C:\Windows\System32\bfe.dll

23:32:58.0318 2524 BFE - ok

23:32:58.0385 2524 [ D896A0D43F8AB81ECB1FC6C24DECFD58 ] BITS C:\Windows\system32\qmgr.dll

23:32:58.0397 2524 BITS - ok

23:32:58.0450 2524 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys

23:32:58.0452 2524 blbdrive - ok

23:32:58.0504 2524 [ F0F035FCEC3554CC1B70C5611BD87951 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

23:32:58.0505 2524 bowser - ok

23:32:58.0560 2524 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys

23:32:58.0561 2524 BrFiltLo - ok

23:32:58.0597 2524 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys

23:32:58.0597 2524 BrFiltUp - ok

23:32:58.0636 2524 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll

23:32:58.0638 2524 Browser - ok

23:32:58.0684 2524 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys

23:32:58.0685 2524 Brserid - ok

23:32:58.0745 2524 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys

23:32:58.0746 2524 BrSerWdm - ok

23:32:58.0792 2524 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys

23:32:58.0792 2524 BrUsbMdm - ok

23:32:58.0810 2524 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys

23:32:58.0811 2524 BrUsbSer - ok

23:32:58.0860 2524 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

23:32:58.0861 2524 BTHMODEM - ok

23:32:58.0897 2524 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

23:32:58.0898 2524 cdfs - ok

23:32:58.0929 2524 [ 3B2FB35363423ED60C8FBF15FC8680BD ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

23:32:58.0930 2524 cdrom - ok

23:32:58.0955 2524 [ EDFFFC8B6AFB609BF33DBE0A900426B6 ] CertPropSvc C:\Windows\System32\certprop.dll

23:32:58.0957 2524 CertPropSvc - ok

23:32:58.0994 2524 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys

23:32:58.0995 2524 circlass - ok

23:32:59.0066 2524 [ C12C4EE07843B595036DA0BAA6317936 ] CLFS C:\Windows\system32\CLFS.sys

23:32:59.0070 2524 CLFS - ok

23:32:59.0226 2524 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

23:32:59.0227 2524 clr_optimization_v2.0.50727_32 - ok

23:32:59.0382 2524 [ FA58B51ED71C9133E141164EAA7C54EB ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

23:32:59.0384 2524 clr_optimization_v2.0.50727_64 - ok

23:32:59.0536 2524 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

23:32:59.0538 2524 clr_optimization_v4.0.30319_32 - ok

23:32:59.0649 2524 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

23:32:59.0651 2524 clr_optimization_v4.0.30319_64 - ok

23:32:59.0689 2524 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

23:32:59.0689 2524 CmBatt - ok

23:32:59.0759 2524 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys

23:32:59.0759 2524 cmdide - ok

23:32:59.0783 2524 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

23:32:59.0784 2524 Compbatt - ok

23:32:59.0794 2524 COMSysApp - ok

23:32:59.0820 2524 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

23:32:59.0821 2524 crcdisk - ok

23:32:59.0875 2524 [ 4374F784121D8B3BB466B03F5E5EBD33 ] CryptSvc C:\Windows\system32\cryptsvc.dll

23:32:59.0877 2524 CryptSvc - ok

23:32:59.0984 2524 [ 52CDADE8289FF21F1F2215FF51A5F36C ] DcomLaunch C:\Windows\system32\rpcss.dll

23:32:59.0993 2524 DcomLaunch - ok

23:33:00.0049 2524 [ 3725C43C9E90731ECA651D506CC599A3 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

23:33:00.0051 2524 DfsC - ok

23:33:00.0396 2524 [ 1781F99840979EE7B126C9073C377FD0 ] DFSR C:\Windows\system32\DFSR.exe

23:33:00.0432 2524 DFSR - ok

23:33:00.0491 2524 [ FDAA0EDFCFB70CD529589AD654651B40 ] Dhcp C:\Windows\System32\dhcpcsvc.dll

23:33:00.0494 2524 Dhcp - ok

23:33:00.0546 2524 [ 2DC415FC05FB8A079F896CBBACB19324 ] disk C:\Windows\system32\drivers\disk.sys

23:33:00.0547 2524 disk - ok

23:33:00.0622 2524 [ DAF05293C1264E251D3A25E7E24B2DDF ] Dnscache C:\Windows\System32\dnsrslvr.dll

23:33:00.0624 2524 Dnscache - ok

23:33:00.0795 2524 [ DB29915209770D8B59654345EC2D943A ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe

23:33:00.0797 2524 DockLoginService - ok

23:33:00.0891 2524 [ CC661867677627F2911C2A4970DEE0F1 ] dot3svc C:\Windows\System32\dot3svc.dll

23:33:00.0893 2524 dot3svc - ok

23:33:00.0944 2524 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll

23:33:00.0946 2524 DPS - ok

23:33:00.0980 2524 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

23:33:00.0981 2524 drmkaud - ok

23:33:01.0091 2524 [ 412964040CE920FF83AFF6B5B551BF99 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

23:33:01.0100 2524 DXGKrnl - ok

23:33:01.0171 2524 [ 17D40652EF3E55EEAE187A89DF40965A ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys

23:33:01.0175 2524 e1express - ok

23:33:01.0215 2524 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys

23:33:01.0217 2524 E1G60 - ok

23:33:01.0268 2524 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll

23:33:01.0270 2524 EapHost - ok

23:33:01.0297 2524 [ 7343D950A34A95DCB7441642E3E6BEEF ] Ecache C:\Windows\system32\drivers\ecache.sys

23:33:01.0299 2524 Ecache - ok

23:33:01.0362 2524 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe

23:33:01.0365 2524 ehRecvr - ok

23:33:01.0392 2524 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe

23:33:01.0394 2524 ehSched - ok

23:33:01.0448 2524 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll

23:33:01.0449 2524 ehstart - ok

23:33:01.0618 2524 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys

23:33:01.0622 2524 elxstor - ok

23:33:01.0712 2524 [ E4EB76D0A8FC43DB7F36302E1F33791F ] EMDMgmt C:\Windows\system32\emdmgmt.dll

23:33:01.0716 2524 EMDMgmt - ok

23:33:01.0748 2524 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys

23:33:01.0748 2524 ErrDev - ok

23:33:01.0810 2524 [ 6B1A97BF9FEFBDC83F3C7C7D0F826C66 ] EventSystem C:\Windows\system32\es.dll

23:33:01.0814 2524 EventSystem - ok

23:33:01.0900 2524 [ 2A546B9A84658B0554B1EC35CD9ADAF5 ] exfat C:\Windows\system32\drivers\exfat.sys

23:33:01.0902 2524 exfat - ok

23:33:01.0989 2524 [ FE731D345ED9EEABBC72A59B35941834 ] fastfat C:\Windows\system32\drivers\fastfat.sys

23:33:01.0991 2524 fastfat - ok

23:33:02.0027 2524 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys

23:33:02.0028 2524 fdc - ok

23:33:02.0093 2524 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll

23:33:02.0094 2524 fdPHost - ok

23:33:02.0114 2524 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll

23:33:02.0115 2524 FDResPub - ok

23:33:02.0156 2524 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

23:33:02.0157 2524 FileInfo - ok

23:33:02.0193 2524 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys

23:33:02.0194 2524 Filetrace - ok

23:33:02.0252 2524 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

23:33:02.0253 2524 flpydisk - ok

23:33:02.0324 2524 [ 7DACF1A3A4219575070C6DC7C957428A ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

23:33:02.0327 2524 FltMgr - ok

23:33:02.0396 2524 [ 73D0F1D32EDAE3DCC4E84468BF910ADD ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

23:33:02.0397 2524 FontCache3.0.0.0 - ok

23:33:02.0462 2524 [ 29D99E860A1CA0A03C6A733FDD0DA703 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

23:33:02.0463 2524 Fs_Rec - ok

23:33:02.0504 2524 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

23:33:02.0505 2524 gagp30kx - ok

23:33:02.0549 2524 [ D279181E1CF2D85D31CDCFFD56B16795 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

23:33:02.0550 2524 GEARAspiWDM - ok

23:33:02.0625 2524 [ 9E5B254D58232EC8921EC3C5A94C81ED ] gpsvc C:\Windows\System32\gpsvc.dll

23:33:02.0633 2524 gpsvc - ok

23:33:02.0663 2524 [ 0C0D0F8A3FF09ECC81963D09EC6A0A84 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

23:33:02.0664 2524 HDAudBus - ok

23:33:02.0711 2524 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys

23:33:02.0712 2524 HidBth - ok

23:33:02.0758 2524 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys

23:33:02.0759 2524 HidIr - ok

23:33:02.0806 2524 [ 77E34697087CFDBCFD9E0009704FB5AF ] hidserv C:\Windows\System32\hidserv.dll

23:33:02.0807 2524 hidserv - ok

23:33:02.0831 2524 [ 128E2DA8483FDD4DD0C7B3F9ABD6F323 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

23:33:02.0832 2524 HidUsb - ok

23:33:02.0872 2524 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll

23:33:02.0874 2524 hkmsvc - ok

23:33:02.0936 2524 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys

23:33:02.0937 2524 HpCISSs - ok

23:33:03.0064 2524 [ E690736DA6C543F5D99C8FA27BEA31DB ] HTTP C:\Windows\system32\drivers\HTTP.sys

23:33:03.0070 2524 HTTP - ok

23:33:03.0101 2524 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys

23:33:03.0102 2524 i2omp - ok

23:33:03.0154 2524 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

23:33:03.0155 2524 i8042prt - ok

23:33:03.0265 2524 [ 7B96206E4BDD2FE582F0DBC46F5F410E ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

23:33:03.0268 2524 IAANTMON - ok

23:33:03.0370 2524 [ 4F6FB2CDBDEEFC47E7D2066E78254580 ] iaStor C:\Windows\system32\drivers\iastor.sys

23:33:03.0375 2524 iaStor - ok

23:33:03.0428 2524 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys

23:33:03.0431 2524 iaStorV - ok

23:33:03.0575 2524 [ 76EA63CDB2D88DAE7209691D089BEF1D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

23:33:03.0583 2524 idsvc - ok

23:33:04.0003 2524 [ D87D140CC33F68D4692BD213DF856811 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

23:33:04.0077 2524 igfx - ok

23:33:04.0114 2524 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys

23:33:04.0115 2524 iirsp - ok

23:33:04.0178 2524 [ 3A3B232140C33376E134E7B61A0EAA44 ] IKEEXT C:\Windows\System32\ikeext.dll

23:33:04.0183 2524 IKEEXT - ok

23:33:04.0224 2524 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys

23:33:04.0225 2524 intelide - ok

23:33:04.0262 2524 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

23:33:04.0263 2524 intelppm - ok

23:33:04.0294 2524 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

23:33:04.0296 2524 IPBusEnum - ok

23:33:04.0317 2524 [ 99B821F5BEBD6A3CC3FE564F802AE0FD ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

23:33:04.0318 2524 IpFilterDriver - ok

23:33:04.0387 2524 [ 3A0427F35E7F8C16BBC5B1BE32B8DE76 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

23:33:04.0390 2524 iphlpsvc - ok

23:33:04.0399 2524 IpInIp - ok

23:33:04.0453 2524 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys

23:33:04.0454 2524 IPMIDRV - ok

23:33:04.0496 2524 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys

23:33:04.0497 2524 IPNAT - ok

23:33:04.0541 2524 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys

23:33:04.0542 2524 IRENUM - ok

23:33:04.0591 2524 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys

23:33:04.0591 2524 isapnp - ok

23:33:04.0649 2524 [ 49E4CCBF74783FCE5D2CC1FF6480E1F4 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

23:33:04.0652 2524 iScsiPrt - ok

23:33:04.0683 2524 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys

23:33:04.0684 2524 iteatapi - ok

23:33:04.0705 2524 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys

23:33:04.0706 2524 iteraid - ok

23:33:04.0743 2524 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

23:33:04.0744 2524 kbdclass - ok

23:33:04.0765 2524 [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

23:33:04.0766 2524 kbdhid - ok

23:33:04.0800 2524 [ 80F4593E92FF960E4763380D3168E498 ] KeyIso C:\Windows\system32\lsass.exe

23:33:04.0802 2524 KeyIso - ok

23:33:04.0869 2524 [ CCDCCE6224E1E207E953AF826B98A9D9 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

23:33:04.0874 2524 KSecDD - ok

23:33:04.0906 2524 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

23:33:04.0907 2524 ksthunk - ok

23:33:04.0967 2524 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll

23:33:04.0972 2524 KtmRm - ok

23:33:05.0051 2524 [ 3F27C9CDAE606D74431E3AB39571A7F3 ] LanmanServer C:\Windows\System32\srvsvc.dll

23:33:05.0055 2524 LanmanServer - ok

23:33:05.0139 2524 [ 6E25FFC6FEAD6544C6E9F1D23329570C ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

23:33:05.0143 2524 LanmanWorkstation - ok

23:33:05.0188 2524 [ 797289607A5EBF31353AA5EAD141F872 ] Leapfrog-USBLAN C:\Windows\system32\DRIVERS\btblan.sys

23:33:05.0189 2524 Leapfrog-USBLAN - ok

23:33:05.0209 2524 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

23:33:05.0210 2524 lltdio - ok

23:33:05.0249 2524 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll

23:33:05.0253 2524 lltdsvc - ok

23:33:05.0286 2524 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll

23:33:05.0288 2524 lmhosts - ok

23:33:05.0352 2524 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

23:33:05.0353 2524 LSI_FC - ok

23:33:05.0397 2524 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

23:33:05.0398 2524 LSI_SAS - ok

23:33:05.0466 2524 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

23:33:05.0468 2524 LSI_SCSI - ok

23:33:05.0501 2524 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys

23:33:05.0503 2524 luafv - ok

23:33:05.0551 2524 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

23:33:05.0553 2524 Mcx2Svc - ok

23:33:05.0605 2524 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys

23:33:05.0606 2524 megasas - ok

23:33:05.0667 2524 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys

23:33:05.0671 2524 MegaSR - ok

23:33:05.0705 2524 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll

23:33:05.0707 2524 MMCSS - ok

23:33:05.0739 2524 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys

23:33:05.0740 2524 Modem - ok

23:33:05.0785 2524 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

23:33:05.0786 2524 monitor - ok

23:33:05.0820 2524 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

23:33:05.0820 2524 mouclass - ok

23:33:05.0839 2524 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

23:33:05.0840 2524 mouhid - ok

23:33:05.0870 2524 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys

23:33:05.0871 2524 MountMgr - ok

23:33:05.0917 2524 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys

23:33:05.0918 2524 mpio - ok

23:33:05.0944 2524 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

23:33:05.0945 2524 mpsdrv - ok

23:33:06.0004 2524 [ 8A670648C755867A3AA38DA50BA569AA ] MpsSvc C:\Windows\system32\mpssvc.dll

23:33:06.0011 2524 MpsSvc - ok

23:33:06.0045 2524 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys

23:33:06.0046 2524 Mraid35x - ok

23:33:06.0088 2524 [ FE2706C15F8345C342820E4E4583FEA0 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

23:33:06.0089 2524 MRxDAV - ok

23:33:06.0154 2524 [ B698EB9ACC7ECD4927D99D268918F912 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

23:33:06.0156 2524 mrxsmb - ok

23:33:06.0244 2524 [ 9A797E27FD28500EE13D43000C931435 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

23:33:06.0247 2524 mrxsmb10 - ok

23:33:06.0310 2524 [ F9425D610712533107A264E2D5B2154B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

23:33:06.0311 2524 mrxsmb20 - ok

23:33:06.0357 2524 [ 730B784962D22D2C6481EAE2370E7C8C ] msahci C:\Windows\system32\drivers\msahci.sys

23:33:06.0358 2524 msahci - ok

23:33:06.0377 2524 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys

23:33:06.0378 2524 msdsm - ok

23:33:06.0408 2524 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe

23:33:06.0411 2524 MSDTC - ok

23:33:06.0465 2524 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys

23:33:06.0466 2524 Msfs - ok

23:33:06.0494 2524 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

23:33:06.0494 2524 msisadrv - ok

23:33:06.0550 2524 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

23:33:06.0553 2524 MSiSCSI - ok

23:33:06.0560 2524 msiserver - ok

23:33:06.0598 2524 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

23:33:06.0599 2524 MSKSSRV - ok

23:33:06.0629 2524 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

23:33:06.0630 2524 MSPCLOCK - ok

23:33:06.0640 2524 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

23:33:06.0641 2524 MSPQM - ok

23:33:06.0688 2524 [ B8E32E6103FBBA9FBB1D0C11FF0D13B5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

23:33:06.0692 2524 MsRPC - ok

23:33:06.0716 2524 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

23:33:06.0717 2524 mssmbios - ok

23:33:06.0742 2524 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

23:33:06.0742 2524 MSTEE - ok

23:33:06.0786 2524 [ DDF133501F68D6988A0F55DFA88637B4 ] Mup C:\Windows\system32\Drivers\mup.sys

23:33:06.0788 2524 Mup - ok

23:33:06.0861 2524 [ C25022CDD18980846973B598900915F8 ] napagent C:\Windows\system32\qagentRT.dll

23:33:06.0867 2524 napagent - ok

23:33:06.0903 2524 [ 73B99C98FA3A2ED1566E02D6FE1913A5 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

23:33:06.0905 2524 NativeWifiP - ok

23:33:06.0984 2524 [ F9A3AE5C9F047D71A36A99F9ABCA7D02 ] NDIS C:\Windows\system32\drivers\ndis.sys

23:33:06.0991 2524 NDIS - ok

23:33:07.0026 2524 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

23:33:07.0027 2524 NdisTapi - ok

23:33:07.0045 2524 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

23:33:07.0045 2524 Ndisuio - ok

23:33:07.0068 2524 [ 52E3E8E35101399BE9B2938C992AA087 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

23:33:07.0073 2524 NdisWan - ok

23:33:07.0103 2524 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

23:33:07.0104 2524 NDProxy - ok

23:33:07.0115 2524 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

23:33:07.0117 2524 NetBIOS - ok

23:33:07.0172 2524 [ 7A29CA243A629230799754162D80120F ] netbt C:\Windows\system32\DRIVERS\netbt.sys

23:33:07.0175 2524 netbt - ok

23:33:07.0200 2524 [ 80F4593E92FF960E4763380D3168E498 ] Netlogon C:\Windows\system32\lsass.exe

23:33:07.0202 2524 Netlogon - ok

23:33:07.0241 2524 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll

23:33:07.0246 2524 Netman - ok

23:33:07.0306 2524 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll

23:33:07.0310 2524 netprofm - ok

23:33:07.0356 2524 [ B84613B469B98E09F50A748C1D02E132 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

23:33:07.0357 2524 NetTcpPortSharing - ok

23:33:07.0412 2524 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

23:33:07.0413 2524 nfrd960 - ok

23:33:07.0457 2524 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll

23:33:07.0461 2524 NlaSvc - ok

23:33:07.0492 2524 [ B06154E2A2C91E9BE5599FCA53BC4CD0 ] Npfs C:\Windows\system32\drivers\Npfs.sys

23:33:07.0493 2524 Npfs - ok

23:33:07.0570 2524 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll

23:33:07.0572 2524 nsi - ok

23:33:07.0589 2524 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

23:33:07.0590 2524 nsiproxy - ok

23:33:07.0736 2524 [ FE86BA5AC3B50E2CA911E9C60C07B638 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

23:33:07.0751 2524 Ntfs - ok

23:33:07.0783 2524 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys

23:33:07.0783 2524 Null - ok

23:33:07.0851 2524 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys

23:33:07.0853 2524 nvraid - ok

23:33:07.0906 2524 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys

23:33:07.0907 2524 nvstor - ok

23:33:07.0958 2524 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

23:33:07.0959 2524 nv_agp - ok

23:33:07.0967 2524 NwlnkFlt - ok

23:33:07.0979 2524 NwlnkFwd - ok

23:33:08.0018 2524 [ 706F5504AF9F28C8641DAB5EDDFDE03B ] OA009Ufd C:\Windows\system32\DRIVERS\OA009Ufd.sys

23:33:08.0020 2524 OA009Ufd - ok

23:33:08.0052 2524 [ 4BB946D5A9BC62B45D58108D29AE2E7D ] OA009Vid C:\Windows\system32\DRIVERS\OA009Vid.sys

23:33:08.0055 2524 OA009Vid - ok

23:33:08.0098 2524 [ 7B58953E2F263421FDBB09A192712A85 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

23:33:08.0100 2524 ohci1394 - ok

23:33:08.0154 2524 [ 430F35C5592D253F43A26B4F5A523DBF ] p2pimsvc C:\Windows\system32\p2psvc.dll

23:33:08.0163 2524 p2pimsvc - ok

23:33:08.0211 2524 [ 430F35C5592D253F43A26B4F5A523DBF ] p2psvc C:\Windows\system32\p2psvc.dll

23:33:08.0221 2524 p2psvc - ok

23:33:08.0280 2524 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys

23:33:08.0282 2524 Parport - ok

23:33:08.0319 2524 [ 5AB40C36894F4C06BDAB0C9A2FBA282D ] partmgr C:\Windows\system32\drivers\partmgr.sys

23:33:08.0320 2524 partmgr - ok

23:33:08.0361 2524 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll

23:33:08.0364 2524 PcaSvc - ok

23:33:08.0410 2524 [ 2A5B2A51559066EA84742909B5B2CD69 ] pci C:\Windows\system32\drivers\pci.sys

23:33:08.0413 2524 pci - ok

23:33:08.0440 2524 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys

23:33:08.0441 2524 pciide - ok

23:33:08.0476 2524 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

23:33:08.0479 2524 pcmcia - ok

23:33:08.0546 2524 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys

23:33:08.0553 2524 PEAUTH - ok

23:33:09.0096 2524 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe

23:33:09.0098 2524 PerfHost - ok

23:33:09.0273 2524 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll

23:33:09.0287 2524 pla - ok

23:33:09.0368 2524 [ 5AAA0C5534B05ED49919FCD9DBD11A5B ] PlugPlay C:\Windows\system32\umpnpmgr.dll

23:33:09.0373 2524 PlugPlay - ok

23:33:09.0430 2524 [ 430F35C5592D253F43A26B4F5A523DBF ] PNRPAutoReg C:\Windows\system32\p2psvc.dll

23:33:09.0440 2524 PNRPAutoReg - ok

23:33:09.0465 2524 [ 430F35C5592D253F43A26B4F5A523DBF ] PNRPsvc C:\Windows\system32\p2psvc.dll

23:33:09.0474 2524 PNRPsvc - ok

23:33:09.0631 2524 [ EEF3688D5E9592CBBBED00DE71DDA1EF ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

23:33:09.0637 2524 PolicyAgent - ok

23:33:09.0683 2524 [ F5739F2C6DB2534C384AD5150808E8F5 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

23:33:09.0684 2524 PptpMiniport - ok

23:33:09.0724 2524 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys

23:33:09.0725 2524 Processor - ok

23:33:09.0797 2524 [ B21FE10DAD3AB59E78DF7AA3FBF41E70 ] ProfSvc C:\Windows\system32\profsvc.dll

23:33:09.0801 2524 ProfSvc - ok

23:33:09.0833 2524 [ 80F4593E92FF960E4763380D3168E498 ] ProtectedStorage C:\Windows\system32\lsass.exe

23:33:09.0835 2524 ProtectedStorage - ok

23:33:09.0926 2524 [ 0E0E205A296095FE4C631E6A4775AD6C ] PSched C:\Windows\system32\DRIVERS\pacer.sys

23:33:09.0927 2524 PSched - ok

23:33:10.0047 2524 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys

23:33:10.0059 2524 ql2300 - ok

23:33:10.0158 2524 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

23:33:10.0160 2524 ql40xx - ok

23:33:10.0298 2524 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll

23:33:10.0303 2524 QWAVE - ok

23:33:10.0347 2524 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

23:33:10.0348 2524 QWAVEdrv - ok

23:33:10.0482 2524 [ 2A09A6B271D1F50ADF5E33B37D460DE6 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys

23:33:10.0506 2524 R300 - ok

23:33:10.0573 2524 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

23:33:10.0573 2524 RasAcd - ok

23:33:10.0628 2524 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll

23:33:10.0631 2524 RasAuto - ok

23:33:10.0672 2524 [ 3B9085F91EF00ABD15A6F36570E90E12 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

23:33:10.0673 2524 Rasl2tp - ok

23:33:10.0775 2524 [ D0C346D7DF0DF9B4899631796F177D56 ] RasMan C:\Windows\System32\rasmans.dll

23:33:10.0780 2524 RasMan - ok

23:33:10.0818 2524 [ 2CE1703C27196094FB6E4C6E439F2C21 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

23:33:10.0819 2524 RasPppoe - ok

23:33:10.0873 2524 [ FCD04FA67E8B40FA0AD361DD38593942 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

23:33:10.0874 2524 RasSstp - ok

23:33:10.0930 2524 [ 33FA5B6136D92EE0F53F021C79091300 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

23:33:10.0934 2524 rdbss - ok

23:33:10.0972 2524 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

23:33:10.0972 2524 RDPCDD - ok

23:33:11.0119 2524 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys

23:33:11.0122 2524 rdpdr - ok

23:33:11.0131 2524 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

23:33:11.0132 2524 RDPENCDD - ok

23:33:11.0186 2524 [ 7747082F672AA2846235C9CEA42E2E72 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

23:33:11.0189 2524 RDPWD - ok

23:33:11.0271 2524 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll

23:33:11.0273 2524 RemoteAccess - ok

23:33:11.0340 2524 [ 416C611369CBE49074B89CEE2F83ABEF ] RemoteRegistry C:\Windows\system32\regsvc.dll

23:33:11.0344 2524 RemoteRegistry - ok

23:33:11.0395 2524 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe

23:33:11.0397 2524 RpcLocator - ok

23:33:11.0584 2524 [ 52CDADE8289FF21F1F2215FF51A5F36C ] RpcSs C:\Windows\System32\rpcss.dll

23:33:11.0593 2524 RpcSs - ok

23:33:11.0629 2524 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

23:33:11.0630 2524 rspndr - ok

23:33:11.0657 2524 [ BA9306C027A92A7ED685F7C6E2D2B00B ] RTSTOR C:\Windows\system32\drivers\RTSTOR64.SYS

23:33:11.0659 2524 RTSTOR - ok

23:33:11.0700 2524 [ 80F4593E92FF960E4763380D3168E498 ] SamSs C:\Windows\system32\lsass.exe

23:33:11.0702 2524 SamSs - ok

23:33:11.0782 2524 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

23:33:11.0783 2524 sbp2port - ok

23:33:11.0835 2524 [ F024D560FEA06F8B56D673849EB89AE6 ] SCardSvr C:\Windows\System32\SCardSvr.dll

23:33:11.0838 2524 SCardSvr - ok

23:33:11.0983 2524 [ CE75D26E0A1106129F4D156851E298ED ] Schedule C:\Windows\system32\schedsvc.dll

23:33:11.0993 2524 Schedule - ok

23:33:12.0098 2524 [ EDFFFC8B6AFB609BF33DBE0A900426B6 ] SCPolicySvc C:\Windows\System32\certprop.dll

23:33:12.0099 2524 SCPolicySvc - ok

23:33:12.0188 2524 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll

23:33:12.0191 2524 SDRSVC - ok

23:33:12.0238 2524 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

23:33:12.0239 2524 secdrv - ok

23:33:12.0284 2524 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll

23:33:12.0286 2524 seclogon - ok

23:33:12.0331 2524 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll

23:33:12.0334 2524 SENS - ok

23:33:12.0402 2524 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys

23:33:12.0403 2524 Serenum - ok

23:33:12.0439 2524 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys

23:33:12.0440 2524 Serial - ok

23:33:12.0460 2524 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys

23:33:12.0461 2524 sermouse - ok

23:33:12.0524 2524 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll

23:33:12.0527 2524 SessionEnv - ok

23:33:12.0570 2524 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

23:33:12.0571 2524 sffdisk - ok

23:33:12.0618 2524 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

23:33:12.0619 2524 sffp_mmc - ok

23:33:12.0658 2524 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

23:33:12.0659 2524 sffp_sd - ok

23:33:12.0704 2524 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

23:33:12.0705 2524 sfloppy - ok

23:33:12.0898 2524 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll

23:33:12.0903 2524 SharedAccess - ok

23:33:12.0964 2524 [ 9235EC680D3DB17464B39C7C7DECB4DD ] ShellHWDetection C:\Windows\System32\shsvcs.dll

23:33:12.0968 2524 ShellHWDetection - ok

23:33:13.0089 2524 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys

23:33:13.0090 2524 SiSRaid2 - ok

23:33:13.0232 2524 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

23:33:13.0233 2524 SiSRaid4 - ok

23:33:13.0460 2524 [ A301D2CEFB4747DFE0C24425DCBE0B78 ] slsvc C:\Windows\system32\SLsvc.exe

23:33:13.0482 2524 slsvc - ok

23:33:13.0522 2524 [ F5DDF7C0AF85EB72CB295171F8C3CB35 ] SLUINotify C:\Windows\system32\SLUINotify.dll

23:33:13.0526 2524 SLUINotify - ok

23:33:13.0545 2524 [ 41EB2E8E005FEEDCAFCE301983EFF932 ] Smb C:\Windows\system32\DRIVERS\smb.sys

23:33:13.0546 2524 Smb - ok

23:33:13.0642 2524 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe

23:33:13.0644 2524 SNMPTRAP - ok

23:33:13.0684 2524 [ F9CB0672162F7F04248E2B82C1FF4617 ] spldr C:\Windows\system32\drivers\spldr.sys

23:33:13.0685 2524 spldr - ok

23:33:13.0761 2524 [ 92E6738D25C2123BE9515C0EAC0776CD ] Spooler C:\Windows\System32\spoolsv.exe

23:33:13.0765 2524 Spooler - ok

23:33:13.0968 2524 [ A8ABD7D0D907B45CF3831F4DD8644349 ] srv C:\Windows\system32\DRIVERS\srv.sys

23:33:13.0972 2524 srv - ok

23:33:14.0021 2524 [ 6C72EEA39E1C37B436A6D1532999F9EC ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

23:33:14.0024 2524 srv2 - ok

23:33:14.0100 2524 [ 7F69BCF9E6FA3D93C82EE6B87812666D ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

23:33:14.0102 2524 srvnet - ok

23:33:14.0233 2524 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

23:33:14.0237 2524 SSDPSRV - ok

23:33:14.0287 2524 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll

23:33:14.0291 2524 SstpSvc - ok

23:33:14.0418 2524 [ 67502C1DB282A9B0708E45DFAFE282E5 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_d14bcbef\STacSV64.exe

23:33:14.0420 2524 STacSV - ok

23:33:14.0494 2524 [ 3000130BF688878DB2E76C6BB2D354C0 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys

23:33:14.0499 2524 STHDA - ok

23:33:14.0796 2524 [ F14F7D7D68A66777FB999D5D0F21138D ] stisvc C:\Windows\System32\wiaservc.dll

23:33:14.0803 2524 stisvc - ok

23:33:14.0878 2524 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys

23:33:14.0879 2524 swenum - ok

23:33:14.0988 2524 [ DA34D6EB4A3154C0BEBAEB0A2483EF3E ] swprv C:\Windows\System32\swprv.dll

23:33:14.0994 2524 swprv - ok

23:33:15.0067 2524 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys

23:33:15.0068 2524 Symc8xx - ok

23:33:15.0111 2524 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys

23:33:15.0112 2524 Sym_hi - ok

23:33:15.0135 2524 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys

23:33:15.0136 2524 Sym_u3 - ok

23:33:15.0405 2524 [ BEA0D5521ED21DF8F6FFEED86DAEDE7B ] SysMain C:\Windows\system32\sysmain.dll

23:33:15.0415 2524 SysMain - ok

23:33:15.0438 2524 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll

23:33:15.0442 2524 TabletInputService - ok

23:33:15.0595 2524 [ 52091001CAF20AE84CF47023EE21B4BB ] TapiSrv C:\Windows\System32\tapisrv.dll

23:33:15.0600 2524 TapiSrv - ok

23:33:15.0645 2524 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll

23:33:15.0648 2524 TBS - ok

23:33:16.0164 2524 [ 7D86275FB640011B372FD566C0EAFA8D ] Tcpip C:\Windows\system32\drivers\tcpip.sys

23:33:16.0177 2524 Tcpip - ok

23:33:16.0212 2524 [ 7D86275FB640011B372FD566C0EAFA8D ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys

23:33:16.0226 2524 Tcpip6 - ok

23:33:16.0297 2524 [ C29D4B3B08AD0B7E8564814E4FF6A57B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

23:33:16.0298 2524 tcpipreg - ok

23:33:16.0347 2524 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

23:33:16.0348 2524 TDPIPE - ok

23:33:16.0388 2524 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

23:33:16.0389 2524 TDTCP - ok

23:33:16.0436 2524 [ 8C39C72E0E853DE04748C0337D9B9216 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

23:33:16.0437 2524 tdx - ok

23:33:16.0475 2524 [ 3F0EBF6EE609F2A276C0D5FAF244EC90 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

23:33:16.0476 2524 TermDD - ok

23:33:16.0597 2524 [ F870A5589D6A94B426EFB13689023946 ] TermService C:\Windows\System32\termsrv.dll

23:33:16.0605 2524 TermService - ok

23:33:16.0675 2524 [ 9235EC680D3DB17464B39C7C7DECB4DD ] Themes C:\Windows\system32\shsvcs.dll

23:33:16.0679 2524 Themes - ok

23:33:16.0715 2524 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll

23:33:16.0717 2524 THREADORDER - ok

23:33:16.0958 2524 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll

23:33:16.0962 2524 TrkWks - ok

23:33:17.0048 2524 [ AC6FF1DF22ED90BAD6417EE5A4C6E2F0 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

23:33:17.0049 2524 TrustedInstaller - ok

23:33:17.0152 2524 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

23:33:17.0153 2524 tssecsrv - ok

23:33:17.0197 2524 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys

23:33:17.0198 2524 tunmp - ok

23:33:17.0254 2524 [ 2DC2C423572946E9A3131425BDA73CB6 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

23:33:17.0255 2524 tunnel - ok

23:33:17.0345 2524 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

23:33:17.0346 2524 uagp35 - ok

23:33:17.0388 2524 [ ECA6629E33F122AFFF18A2AB7C3EB033 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

23:33:17.0392 2524 udfs - ok

23:33:17.0438 2524 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe

23:33:17.0440 2524 UI0Detect - ok

23:33:17.0526 2524 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

23:33:17.0527 2524 uliagpkx - ok

23:33:17.0556 2524 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys

23:33:17.0559 2524 uliahci - ok

23:33:17.0609 2524 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys

23:33:17.0611 2524 UlSata - ok

23:33:17.0687 2524 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys

23:33:17.0689 2524 ulsata2 - ok

23:33:17.0733 2524 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

23:33:17.0734 2524 umbus - ok

23:33:17.0848 2524 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll

23:33:17.0853 2524 upnphost - ok

23:33:17.0866 2524 USBAAPL64 - ok

23:33:17.0911 2524 [ 89842CE16285B73405284224CC386DCF ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

23:33:17.0913 2524 usbccgp - ok

23:33:17.0990 2524 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys

23:33:17.0991 2524 usbcir - ok

23:33:18.0086 2524 [ 07B738A1F57E4EC870406E74DA5754AF ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

23:33:18.0087 2524 usbehci - ok

23:33:18.0239 2524 [ B668E8E0EF2910F28BAF550B04DE57F2 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

23:33:18.0242 2524 usbhub - ok

23:33:18.0315 2524 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys

23:33:18.0315 2524 usbohci - ok

23:33:18.0409 2524 [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint C:\Windows\system32\drivers\usbprint.sys

23:33:18.0411 2524 usbprint - ok

23:33:18.0466 2524 [ 586D9876A4945779C8EEA926C0D16889 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

23:33:18.0467 2524 USBSTOR - ok

23:33:18.0553 2524 [ E76F2B26A5917F555844C128954BB52B ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

23:33:18.0555 2524 usbuhci - ok

23:33:18.0755 2524 [ 9190F03C82547AFA87367F1CECA88F3B ] UxSms C:\Windows\System32\uxsms.dll

23:33:18.0757 2524 UxSms - ok

23:33:18.0826 2524 [ C15A4A550CBA7B9F1F68B72528E04CE1 ] vds C:\Windows\System32\vds.exe

23:33:18.0832 2524 vds - ok

23:33:18.0875 2524 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

23:33:18.0876 2524 vga - ok

23:33:18.0921 2524 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys

23:33:18.0922 2524 VgaSave - ok

23:33:18.0981 2524 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys

23:33:18.0982 2524 viaide - ok

23:33:19.0009 2524 [ 793D9B32A1C462C91F6F70358283AC97 ] volmgr C:\Windows\system32\drivers\volmgr.sys

23:33:19.0010 2524 volmgr - ok

23:33:19.0051 2524 [ 5AA217DA5DC4FF5B9AC9AB86563B3223 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

23:33:19.0055 2524 volmgrx - ok

23:33:19.0118 2524 [ DE4307412D98050239026E56A7DFF3C0 ] volsnap C:\Windows\system32\drivers\volsnap.sys

23:33:19.0121 2524 volsnap - ok

23:33:19.0201 2524 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

23:33:19.0202 2524 vsmraid - ok

23:33:19.0457 2524 [ 186BD53F8A408AD20F5A056C05678629 ] VSS C:\Windows\system32\vssvc.exe

23:33:19.0472 2524 VSS - ok

23:33:19.0672 2524 [ BA29F34A61CB55C0DEE29E787542EDF4 ] W32Time C:\Windows\system32\w32time.dll

23:33:19.0677 2524 W32Time - ok

23:33:19.0713 2524 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

23:33:19.0714 2524 WacomPen - ok

23:33:19.0785 2524 [ AEA75207E443C8623C36B8D03596F84F ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys

23:33:19.0786 2524 Wanarp - ok

23:33:19.0797 2524 [ AEA75207E443C8623C36B8D03596F84F ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

23:33:19.0798 2524 Wanarpv6 - ok

23:33:19.0846 2524 [ 055449247C490E24B968B44FE8A969EB ] wcncsvc C:\Windows\System32\wcncsvc.dll

23:33:19.0853 2524 wcncsvc - ok

23:33:19.0886 2524 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

23:33:19.0888 2524 WcsPlugInService - ok

23:33:19.0992 2524 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys

23:33:19.0993 2524 Wd - ok

23:33:20.0193 2524 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

23:33:20.0202 2524 Wdf01000 - ok

23:33:20.0247 2524 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll

23:33:20.0250 2524 WdiServiceHost - ok

23:33:20.0292 2524 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll

23:33:20.0295 2524 WdiSystemHost - ok

23:33:20.0375 2524 [ 3D4AB55F8178FD0CD3CA45CD0EC9CF5B ] WebClient C:\Windows\System32\webclnt.dll

23:33:20.0379 2524 WebClient - ok

23:33:20.0409 2524 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll

23:33:20.0413 2524 Wecsvc - ok

23:33:20.0429 2524 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll

23:33:20.0432 2524 wercplsupport - ok

23:33:20.0522 2524 [ FC25242B3BCAF7E84D9184082274AE08 ] WerSvc C:\Windows\System32\WerSvc.dll

23:33:20.0525 2524 WerSvc - ok

23:33:20.0674 2524 WinDefend - ok

23:33:20.0684 2524 WinHttpAutoProxySvc - ok

23:33:21.0006 2524 [ AC98F38FEAB066A8F983D54FF3F4FD4C ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

23:33:21.0009 2524 Winmgmt - ok

23:33:21.0437 2524 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll

23:33:21.0458 2524 WinRM - ok

23:33:21.0759 2524 [ 0A69955261C1B54206ADC9BEB89517DE ] Wlansvc C:\Windows\System32\wlansvc.dll

23:33:21.0767 2524 Wlansvc - ok

23:33:21.0776 2524 wltrysvc - ok

23:33:21.0819 2524 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

23:33:21.0820 2524 WmiAcpi - ok

23:33:21.0902 2524 [ D303322DD577C3DEDA1251ED2E7A496C ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

23:33:21.0904 2524 wmiApSrv - ok

23:33:21.0938 2524 WMPNetworkSvc - ok

23:33:22.0095 2524 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll

23:33:22.0099 2524 WPCSvc - ok

23:33:22.0149 2524 [ A27C8F92D84E2DDC151978E4692C978E ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

23:33:22.0152 2524 WPDBusEnum - ok

23:33:22.0261 2524 [ 6329D1990DB931073B86AB5946D8E317 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys

23:33:22.0262 2524 WpdUsb - ok

23:33:22.0960 2524 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe

23:33:22.0970 2524 WPFFontCache_v0400 - ok

23:33:23.0022 2524 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

23:33:23.0022 2524 ws2ifsl - ok

23:33:23.0069 2524 [ CB8EA6D95949384925CCFCA21CC6DFD8 ] wscsvc C:\Windows\system32\wscsvc.dll

23:33:23.0072 2524 wscsvc - ok

23:33:23.0082 2524 WSearch - ok

23:33:23.0433 2524 [ FB3796754FE00F0BDC87A36F164A5F4D ] wuauserv C:\Windows\system32\wuaueng.dll

23:33:23.0457 2524 wuauserv - ok

23:33:23.0545 2524 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

23:33:23.0546 2524 WUDFRd - ok

23:33:23.0623 2524 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll

23:33:23.0626 2524 wudfsvc - ok

23:33:23.0636 2524 yksvc - ok

23:33:23.0785 2524 [ B681CADB266B151061E7BAA82B0D77B7 ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys

23:33:23.0790 2524 yukonx64 - ok

23:33:23.0815 2524 ================ Scan global ===============================

23:33:23.0890 2524 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll

23:33:23.0989 2524 [ 2D94E4CE322F12061D3FA7DBE65E9AC5 ] C:\Windows\system32\winsrv.dll

23:33:24.0004 2524 [ 2D94E4CE322F12061D3FA7DBE65E9AC5 ] C:\Windows\system32\winsrv.dll

23:33:24.0084 2524 [ DFAC660F0F139276CC9299812DE42719 ] C:\Windows\system32\services.exe

23:33:24.0089 2524 [Global] - ok

23:33:24.0089 2524 ================ Scan MBR ==================================

23:33:24.0135 2524 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0

23:33:25.0747 2524 \Device\Harddisk0\DR0 - ok

23:33:25.0749 2524 ================ Scan VBR ==================================

23:33:25.0764 2524 [ 3ADDB8764F8439347437A75007017CA3 ] \Device\Harddisk0\DR0\Partition1

23:33:25.0789 2524 \Device\Harddisk0\DR0\Partition1 - ok

23:33:25.0829 2524 [ 716F255622D1765C960696ABCF8EB10B ] \Device\Harddisk0\DR0\Partition2

23:33:25.0859 2524 \Device\Harddisk0\DR0\Partition2 - ok

23:33:25.0861 2524 ============================================================

23:33:25.0861 2524 Scan finished

23:33:25.0861 2524 ============================================================

23:33:25.0877 3564 Detected object count: 0

23:33:25.0877 3564 Actual detected object count: 0



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-09 23:37:13
-----------------------------
23:37:14.011 OS Version: Windows x64 6.0.6001 Service Pack 1
23:37:14.011 Number of processors: 2 586 0x170A
23:37:14.012 ComputerName: OWNER-PC UserName: owner
23:37:15.181 Initialize success
23:38:26.288 AVAST engine defs: 12100901
23:39:10.053 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:39:10.059 Disk 0 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3
23:39:10.086 Disk 0 MBR read successfully
23:39:10.090 Disk 0 MBR scan
23:39:10.097 Disk 0 Windows VISTA default MBR code
23:39:10.102 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
23:39:10.115 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10000 MB offset 81920
23:39:10.135 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 295204 MB offset 20561920
23:39:10.167 Disk 0 scanning C:\Windows\system32\drivers
23:39:21.890 Service scanning
23:39:50.815 Modules scanning
23:39:50.831 Disk 0 trace - called modules:
23:39:50.868 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
23:39:50.881 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002aea790]
23:39:50.890 3 CLASSPNP.SYS[fffffa60013cdb3a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800273a050]
23:39:52.068 AVAST engine scan C:\Windows
23:39:55.357 AVAST engine scan C:\Windows\system32
23:44:18.236 AVAST engine scan C:\Windows\system32\drivers
23:44:37.945 AVAST engine scan C:\Users\owner
23:57:26.772 Disk 0 MBR has been saved successfully to "C:\Users\owner\Desktop\MBR.dat"
23:57:26.792 The log file has been saved successfully to "C:\Users\owner\Desktop\aswMBR.txt"
  • 0

#8
gringo_pr
Posted 09 October 2012 - 10:09 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo
  • 0

#9
echet
Posted 10 October 2012 - 12:59 PM

echet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
No problems running the can. There is nothing else, malware related anyway, that I can think to ask.

ComboFix 12-10-09.01 - owner 10/10/2012 0:25.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2010.857 [GMT -4:00]
Running from: c:\users\owner\Desktop\ComboFix.exe
Command switches used :: c:\users\owner\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-09-10 to 2012-10-10 )))))))))))))))))))))))))))))))
.
.
2012-10-10 04:33 . 2012-10-10 04:33 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-10-10 04:33 . 2012-10-10 04:33 -------- d-----w- c:\users\owner\AppData\Local\temp
2012-10-10 04:33 . 2012-10-10 04:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-10 03:37 . 2012-10-10 03:37 -------- d-----w- c:\users\owner\AppData\Local\Stardock_Corporation
2012-10-10 01:16 . 2012-10-10 01:16 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2510720C-75ED-48E0-A0F8-70C3CF7ACF82}\offreg.dll
2012-10-09 05:40 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2510720C-75ED-48E0-A0F8-70C3CF7ACF82}\mpengine.dll
2012-10-08 19:15 . 2012-10-08 19:15 -------- d-----w- c:\program files\CCleaner
2012-10-01 02:32 . 2012-10-01 02:32 -------- d-----w- c:\programdata\Roxio
2012-10-01 02:32 . 2012-10-01 02:32 -------- d-----w- c:\users\owner\AppData\Roaming\Roxio
2012-09-30 19:47 . 2012-09-30 19:47 -------- d-----w- c:\users\owner\AppData\Roaming\InstallShield
2012-09-30 18:25 . 2006-11-02 12:22 525792 ----a-w- c:\windows\system32\difxapi.dll
2012-09-26 19:44 . 2012-09-26 19:44 -------- d-----w- c:\users\owner\AppData\Local\Innovative Solutions
2012-09-26 19:16 . 2012-09-26 19:15 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-26 19:16 . 2012-09-26 19:15 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-26 19:14 . 2012-09-26 19:14 -------- d-----w- c:\programdata\McAfee
2012-09-25 07:02 . 2012-09-25 07:02 -------- d-----w- c:\windows\Standalone System Sweeper
2012-09-11 18:54 . 2012-09-11 18:55 -------- d-----w- c:\windows\F9D59E62845F49A28B75DDB00661673C.TMP
2012-09-11 18:21 . 2012-09-11 18:21 -------- d-----w- c:\users\owner\AppData\Roaming\Malwarebytes
2012-09-11 18:21 . 2012-09-11 18:21 -------- d-----w- c:\programdata\Malwarebytes
2012-09-11 18:20 . 2012-09-11 18:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-11 18:20 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 19:23 . 2012-09-07 18:16 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-08 19:23 . 2012-09-07 18:16 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-25 20:50 . 2006-11-02 12:35 64462936 ----a-w- c:\windows\system32\mrt.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 250808]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_d14bcbef\AESTSr64.exe [2008-09-17 86016]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 77678131
*NewlyCreated* - ASWMBR
*NewlyCreated* - WS2IFSL
*Deregistered* - 77678131
*Deregistered* - aswMBR
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-07 19:23]
.
2012-10-10 c:\windows\Tasks\User_Feed_Synchronization-{226349F3-EFCC-4D31-84EB-BE4C57573BB0}.job
- c:\windows\system32\msfeedssync.exe [2011-06-18 04:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-09-04 272896]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-17 151064]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-17 209432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-17 181784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-20 3863040]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-30 172032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.xfinity.com/customer/start/?cid=xfstart_tech_main
mStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2012-10-10 00:37:00
ComboFix-quarantined-files.txt 2012-10-10 04:37
ComboFix2.txt 2012-10-10 01:31
.
Pre-Run: 263,327,068,160 bytes free
Post-Run: 263,493,939,200 bytes free
.
- - End Of File - - F1E914B3826619A3848B0498171F210E



  • 0

#10
gringo_pr
Posted 10 October 2012 - 04:04 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

Advertisements

#11
echet
Posted 10 October 2012 - 07:41 PM

echet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Having Wifi problems so this is a transcription to my smartphone


Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Advaced Audio FX Engine
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for he 2007 Office System
Consumer In-Home Service Agreement
Dell Getting Started Guide
Dell Webcam Central
EDocs
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 6 Update 35
Java™ 6 Update 7
Malwarebytes Anti Malware version 1.65.0.1400
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Works
PowerDVD
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2316473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
  • 0

#12
gringo_pr
Posted 10 October 2012 - 08:00 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

When did the wifi problems start?

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 35
Java™ 6 Update 7
 [/list]

  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#13
echet
Posted 10 October 2012 - 08:49 PM

echet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Hi,
The Wi-Fi problems aren't related to the computer. We had a power outage earlier and my router doesn't handle that well. Ususally I have to reset it and then adjust all the settings again. It should be okay at this point. I just wanted you to know in case there were typos in what I was writing. I didn't want you to think "Mircosoft" was some kind of virus. I'm running the scans now and will post what you asked when I'm done.
  • 0

#14
gringo_pr
Posted 10 October 2012 - 08:58 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Thank you for letting me know - kinda had me worried that I messed something up



Gringo
  • 0

#15
echet
Posted 10 October 2012 - 09:51 PM

echet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Okay, scans are done. No problems. Here are the logs:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.11.04

Windows Vista Service Pack 1 x64 NTFS
Internet Explorer 8.0.6001.19088
owner :: OWNER-PC [administrator]

10/10/2012 11:34:44 PM
mbam-log-2012-10-10 (23-34-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199974
Time elapsed: 5 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:47:55 PM, on 10/10/2012
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xfinity.c...start_tech_main
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} (DellSystem.Scanner) - http://xserv.dell.co.../DellSystem.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_d14bcbef\AESTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_d14bcbef\STacSV64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 7018 bytes



  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP