Jump to content

D.D.S. Logs for Exile


Recommended Posts

Welcome to the forum

Please go to your control panels add/remove programs and uninstall:

NetMeter 1.1.4 BETA

http://www.bleepingc...r.exe-3644.html

-------------------------------------------------

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

---------------------

Next....

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!)

Post back the report.

MrC

Link to post
Share on other sites

Hi, MrC,

I have to take exception to the NetMeter issue. This is a program that I have used for years, on various computers, with no problems. It is available widely on the Web by various shareware/freeware distributors and has been reviewed favorably by many. The .exe is 576kB; I could zip it and send it to you for evaluation if you like. I depend on this program to monitor Internet in/out traffic. Can you suggest an alternative?

Link to post
Share on other sites

Okay, Charlie,

Thanks for sticking with me on this. Here's the RogueKiller report:

************************************************************************

RogueKiller V7.4.4 [05/08/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version

Started in : Normal mode

User: Jim [Admin rights]

Mode: Scan -- Date: 05/10/2012 12:25:37

¤¤¤ Bad processes: 1 ¤¤¤

[sUSP PATH] V0500Mon.exe -- C:\Windows\V0500Mon.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 10 ¤¤¤

[sUSP PATH] HKLM\[...]\Wow6432Node\Run : V0500Mon.exe (C:\Windows\V0500Mon.exe) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[FOLDER] plugs : c:\users\jim\appdata\roaming\adobe\plugs --> FOUND

[FOLDER] shed : c:\users\jim\appdata\roaming\adobe\shed --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3500620AS ATA Device +++++

--- User ---

[MBR] ecd013456e6c0a9bc99cae972239a87d

[bSP] 150fe8091c5ed2ca05f312c1055477c6 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 461899 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

************************************************************************

Note that the first thing it did was to kill: C:\Windows\V0500Mon.exe. I had checked the Web about this some time ago, and was informed that it's probably an okay application if the system has a Dynex Webcam, which mine does. The computer seems to run without it, however; after the RK scan it hasn't come back. I just tried the Webcam in a couple of applications, and it still works without that .exe running. I wonder if I should find where it starts up and kill it for good.

I checked with the guy who wrote that NetMeter utility, here's the conversation for your evaluation:

************************************************************************************************

On 10.05.2012 02:58, Jim Wood, CPEW wrote:

>

> Hi,

>

> I have used NetMeter for years, on several computers, and have never had

> a problem with it. I’m currently running 1.1.4BETA on a Vista/64

> machine. I picked up a Trojan the other day, finally got rid of it, and

> sent a log file to the Malwarebytes people. They said that NetMeter

> 1.1.4BETA is a virus and linked me to this site:

> http://www.bleepingcomputer.com/startups/NetMeter.exe-3644.html

> I think they may be mistaken, but can you comment, please?

>

> J. Wood

> Brea, California

Hi,

There may be another program named "NetMeter.exe" which is malware - I

can assure you though that my NetMeter isn't.

See the Softpedia page for example:

http://www.softpedia.com/get/Network-Tools/Bandwidth-Tools/NetMeter.shtml

http://www.softpedia.com/progClean/NetMeter-Clean-23932.html

Best regards

Oliver

************************************************************************************************

Link to post
Share on other sites

¤¤¤ Bad processes: 1 ¤¤¤

[sUSP PATH] V0500Mon.exe -- C:\Windows\V0500Mon.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 10 ¤¤¤

[sUSP PATH] HKLM\[...]\Wow6432Node\Run : V0500Mon.exe (C:\Windows\V0500Mon.exe) -> FOUND

Seems OK:

http://www.systemloo...0500Mon.exe+&s=

---------------------------------

OK, run RogueKiller again and click Scan

When the scan completes > click on the Particular Files / Folders: tab

Put a check next to all of these and uncheck the rest:

¤¤¤ Particular Files / Folders: ¤¤¤

[FOLDER] plugs : c:\users\jim\appdata\roaming\adobe\plugs --> FOUND

[FOLDER] shed : c:\users\jim\appdata\roaming\adobe\shed --> FOUND

Now click Delete on the right hand column.

--------------------------------------------------------

Next........

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

Thanks, MrC,

I followed your instructions; RogueKiller nailed that V0500Mon.exe thing again, but no matter, it'll start with the next boot. I ran the TDSS utility and selected Delete for the one file per your instructions, leaving one possibility: McciCMService64. I believe this is associated with some AT&T modem installation or assistance matter, which I don't use anymore. Anyway, here's the log:

20:55:51.0028 6184 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18

20:55:51.0511 6184 ============================================================

20:55:51.0511 6184 Current date / time: 2012/05/11 20:55:51.0511

20:55:51.0511 6184 SystemInfo:

20:55:51.0511 6184

20:55:51.0511 6184 OS Version: 6.0.6002 ServicePack: 2.0

20:55:51.0511 6184 Product type: Workstation

20:55:51.0511 6184 ComputerName: SYS030409

20:55:51.0512 6184 UserName: Jim

20:55:51.0512 6184 Windows directory: C:\Windows

20:55:51.0512 6184 System windows directory: C:\Windows

20:55:51.0512 6184 Running under WOW64

20:55:51.0512 6184 Processor architecture: Intel x64

20:55:51.0512 6184 Number of processors: 2

20:55:51.0512 6184 Page size: 0x1000

20:55:51.0512 6184 Boot type: Normal boot

20:55:51.0512 6184 ============================================================

20:55:52.0693 6184 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

20:55:52.0737 6184 ============================================================

20:55:52.0737 6184 \Device\Harddisk0\DR0:

20:55:52.0737 6184 MBR partitions:

20:55:52.0738 6184 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000

20:55:52.0738 6184 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x38625830

20:55:52.0738 6184 ============================================================

20:55:52.0757 6184 C: <-> \Device\Harddisk0\DR0\Partition1

20:55:52.0783 6184 D: <-> \Device\Harddisk0\DR0\Partition0

20:55:52.0783 6184 ============================================================

20:55:52.0783 6184 Initialize success

20:55:52.0783 6184 ============================================================

20:56:02.0204 7424 ============================================================

20:56:02.0204 7424 Scan started

20:56:02.0204 7424 Mode: Manual; SigCheck; TDLFS;

20:56:02.0204 7424 ============================================================

20:56:03.0507 7424 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys

20:56:03.0655 7424 ACPI - ok

20:56:03.0723 7424 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

20:56:03.0750 7424 adp94xx - ok

20:56:03.0788 7424 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

20:56:03.0808 7424 adpahci - ok

20:56:03.0841 7424 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

20:56:03.0854 7424 adpu160m - ok

20:56:03.0872 7424 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

20:56:03.0886 7424 adpu320 - ok

20:56:03.0933 7424 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll

20:56:03.0959 7424 AeLookupSvc - ok

20:56:04.0040 7424 AERTFilters (0d7a11395c0a33d9e7587cdb9866efad) C:\Windows\system32\AERTSr64.exe

20:56:04.0053 7424 AERTFilters - ok

20:56:04.0111 7424 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys

20:56:04.0133 7424 AFD - ok

20:56:04.0169 7424 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

20:56:04.0184 7424 agp440 - ok

20:56:04.0219 7424 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

20:56:04.0235 7424 aic78xx - ok

20:56:04.0253 7424 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe

20:56:04.0291 7424 ALG - ok

20:56:04.0321 7424 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys

20:56:04.0335 7424 aliide - ok

20:56:04.0348 7424 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

20:56:04.0364 7424 amdide - ok

20:56:04.0381 7424 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

20:56:04.0427 7424 AmdK8 - ok

20:56:04.0517 7424 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll

20:56:04.0537 7424 Appinfo - ok

20:56:04.0576 7424 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

20:56:04.0595 7424 arc - ok

20:56:04.0657 7424 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

20:56:04.0682 7424 arcsas - ok

20:56:04.0818 7424 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

20:56:04.0841 7424 aspnet_state - ok

20:56:04.0866 7424 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

20:56:04.0902 7424 AsyncMac - ok

20:56:04.0954 7424 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys

20:56:04.0969 7424 atapi - ok

20:56:05.0038 7424 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll

20:56:05.0067 7424 AudioEndpointBuilder - ok

20:56:05.0073 7424 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll

20:56:05.0102 7424 AudioSrv - ok

20:56:05.0461 7424 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

20:56:05.0595 7424 AVGIDSAgent - ok

20:56:05.0740 7424 AVGIDSDriver (fa46adf6e497cf185160f09e603ce2a3) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

20:56:05.0798 7424 AVGIDSDriver - ok

20:56:05.0827 7424 AVGIDSEH (d6b93e5d8b96a66f55a4d2ee7f24667c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

20:56:05.0849 7424 AVGIDSEH - ok

20:56:05.0888 7424 AVGIDSFilter (ff6551f1ab0da3b30c9dec923f21b504) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

20:56:05.0901 7424 AVGIDSFilter - ok

20:56:05.0967 7424 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys

20:56:05.0982 7424 Avgldx64 - ok

20:56:06.0024 7424 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys

20:56:06.0033 7424 Avgmfx64 - ok

20:56:06.0062 7424 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys

20:56:06.0071 7424 Avgrkx64 - ok

20:56:06.0123 7424 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys

20:56:06.0139 7424 Avgtdia - ok

20:56:06.0282 7424 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

20:56:06.0297 7424 avgwd - ok

20:56:06.0313 7424 BCMH43XX - ok

20:56:06.0388 7424 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll

20:56:06.0423 7424 BFE - ok

20:56:06.0512 7424 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll

20:56:06.0577 7424 BITS - ok

20:56:06.0664 7424 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

20:56:06.0710 7424 blbdrive - ok

20:56:06.0756 7424 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys

20:56:06.0777 7424 bowser - ok

20:56:06.0804 7424 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

20:56:06.0843 7424 BrFiltLo - ok

20:56:06.0875 7424 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

20:56:06.0901 7424 BrFiltUp - ok

20:56:06.0938 7424 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll

20:56:06.0972 7424 Browser - ok

20:56:06.0994 7424 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

20:56:07.0043 7424 Brserid - ok

20:56:07.0063 7424 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

20:56:07.0110 7424 BrSerWdm - ok

20:56:07.0143 7424 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

20:56:07.0189 7424 BrUsbMdm - ok

20:56:07.0199 7424 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

20:56:07.0247 7424 BrUsbSer - ok

20:56:07.0275 7424 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

20:56:07.0321 7424 BTHMODEM - ok

20:56:07.0397 7424 CAXHWBS2 (6c2dd66a3db32450d661ba89b18b1941) C:\Windows\system32\DRIVERS\CAXHWBS2.sys

20:56:07.0413 7424 CAXHWBS2 - ok

20:56:07.0426 7424 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

20:56:07.0458 7424 cdfs - ok

20:56:07.0510 7424 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys

20:56:07.0539 7424 cdrom - ok

20:56:07.0586 7424 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll

20:56:07.0615 7424 CertPropSvc - ok

20:56:07.0654 7424 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys

20:56:07.0693 7424 circlass - ok

20:56:07.0744 7424 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys

20:56:07.0768 7424 CLFS - ok

20:56:07.0846 7424 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:56:07.0861 7424 clr_optimization_v2.0.50727_32 - ok

20:56:07.0924 7424 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

20:56:07.0935 7424 clr_optimization_v2.0.50727_64 - ok

20:56:08.0038 7424 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

20:56:08.0050 7424 clr_optimization_v4.0.30319_32 - ok

20:56:08.0081 7424 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

20:56:08.0093 7424 clr_optimization_v4.0.30319_64 - ok

20:56:08.0121 7424 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

20:56:08.0133 7424 cmdide - ok

20:56:08.0143 7424 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys

20:56:08.0156 7424 Compbatt - ok

20:56:08.0159 7424 COMSysApp - ok

20:56:08.0222 7424 CprDrvr (ab6f42636e53abacce29d9135b42e831) C:\Windows\system32\DRIVERS\CprDrvr.sys

20:56:08.0239 7424 CprDrvr - ok

20:56:08.0279 7424 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

20:56:08.0294 7424 crcdisk - ok

20:56:08.0349 7424 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll

20:56:08.0382 7424 CryptSvc - ok

20:56:08.0459 7424 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll

20:56:08.0568 7424 DcomLaunch - ok

20:56:08.0610 7424 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys

20:56:08.0630 7424 DfsC - ok

20:56:08.0884 7424 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe

20:56:08.0992 7424 DFSR - ok

20:56:09.0147 7424 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll

20:56:09.0174 7424 Dhcp - ok

20:56:09.0239 7424 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys

20:56:09.0253 7424 disk - ok

20:56:09.0309 7424 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll

20:56:09.0329 7424 Dnscache - ok

20:56:09.0372 7424 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll

20:56:09.0405 7424 dot3svc - ok

20:56:09.0444 7424 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll

20:56:09.0486 7424 DPS - ok

20:56:09.0523 7424 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

20:56:09.0552 7424 drmkaud - ok

20:56:09.0629 7424 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys

20:56:09.0668 7424 DXGKrnl - ok

20:56:09.0768 7424 e1express (a458e7d986f51c827640f5d1f1e886e4) C:\Windows\system32\DRIVERS\e1e6032e.sys

20:56:09.0788 7424 e1express - ok

20:56:09.0822 7424 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

20:56:09.0876 7424 E1G60 - ok

20:56:09.0920 7424 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll

20:56:09.0947 7424 EapHost - ok

20:56:10.0017 7424 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys

20:56:10.0032 7424 Ecache - ok

20:56:10.0099 7424 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe

20:56:10.0117 7424 ehRecvr - ok

20:56:10.0169 7424 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe

20:56:10.0185 7424 ehSched - ok

20:56:10.0206 7424 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll

20:56:10.0221 7424 ehstart - ok

20:56:10.0252 7424 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

20:56:10.0276 7424 elxstor - ok

20:56:10.0334 7424 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll

20:56:10.0362 7424 EMDMgmt - ok

20:56:10.0375 7424 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys

20:56:10.0389 7424 ErrDev - ok

20:56:10.0450 7424 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll

20:56:10.0494 7424 EventSystem - ok

20:56:10.0556 7424 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys

20:56:10.0578 7424 exfat - ok

20:56:10.0642 7424 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys

20:56:10.0679 7424 fastfat - ok

20:56:10.0730 7424 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

20:56:10.0785 7424 fdc - ok

20:56:10.0808 7424 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll

20:56:10.0894 7424 fdPHost - ok

20:56:10.0935 7424 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll

20:56:10.0996 7424 FDResPub - ok

20:56:11.0016 7424 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

20:56:11.0030 7424 FileInfo - ok

20:56:11.0050 7424 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

20:56:11.0084 7424 Filetrace - ok

20:56:11.0106 7424 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

20:56:11.0138 7424 flpydisk - ok

20:56:11.0182 7424 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys

20:56:11.0198 7424 FltMgr - ok

20:56:11.0311 7424 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll

20:56:11.0351 7424 FontCache - ok

20:56:11.0420 7424 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

20:56:11.0432 7424 FontCache3.0.0.0 - ok

20:56:11.0484 7424 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys

20:56:11.0500 7424 Fs_Rec - ok

20:56:11.0539 7424 FTDIBUS (82d4bd620f7e27ea268ea0e2f701a7ae) C:\Windows\system32\drivers\ftdibus.sys

20:56:11.0552 7424 FTDIBUS - ok

20:56:11.0583 7424 FTSER2K (1fa21ff2d7b50b528d8b73db34ad06bc) C:\Windows\system32\drivers\ftser2k.sys

20:56:11.0598 7424 FTSER2K - ok

20:56:11.0627 7424 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

20:56:11.0648 7424 gagp30kx - ok

20:56:11.0717 7424 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll

20:56:11.0772 7424 gpsvc - ok

20:56:11.0932 7424 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

20:56:11.0957 7424 gupdate - ok

20:56:11.0966 7424 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

20:56:11.0978 7424 gupdatem - ok

20:56:12.0035 7424 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys

20:56:12.0074 7424 HDAudBus - ok

20:56:12.0110 7424 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

20:56:12.0156 7424 HidBth - ok

20:56:12.0180 7424 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys

20:56:12.0225 7424 HidIr - ok

20:56:12.0274 7424 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll

20:56:12.0299 7424 hidserv - ok

20:56:12.0343 7424 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys

20:56:12.0369 7424 HidUsb - ok

20:56:12.0413 7424 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll

20:56:12.0456 7424 hkmsvc - ok

20:56:12.0475 7424 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

20:56:12.0490 7424 HpCISSs - ok

20:56:12.0564 7424 HSF_DPV (60f1d0ede7ae2b92b3a8886e825b7147) C:\Windows\system32\DRIVERS\CAX_DPV.sys

20:56:12.0613 7424 HSF_DPV - ok

20:56:12.0766 7424 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys

20:56:12.0801 7424 HTTP - ok

20:56:12.0827 7424 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

20:56:12.0845 7424 i2omp - ok

20:56:12.0888 7424 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

20:56:12.0939 7424 i8042prt - ok

20:56:12.0995 7424 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

20:56:13.0011 7424 iaStorV - ok

20:56:13.0122 7424 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

20:56:13.0151 7424 idsvc - ok

20:56:13.0575 7424 igfx (df87170ec724080676c18d5a0af87fc5) C:\Windows\system32\DRIVERS\igdkmd64.sys

20:56:13.0748 7424 igfx - ok

20:56:13.0844 7424 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

20:56:13.0856 7424 iirsp - ok

20:56:13.0913 7424 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll

20:56:13.0948 7424 IKEEXT - ok

20:56:14.0036 7424 IntcAzAudAddService (b3fb479a7c0626499eb5989bc087cf8d) C:\Windows\system32\drivers\RTKVHD64.sys

20:56:14.0100 7424 IntcAzAudAddService - ok

20:56:14.0193 7424 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

20:56:14.0209 7424 intelide - ok

20:56:14.0234 7424 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

20:56:14.0270 7424 intelppm - ok

20:56:14.0318 7424 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll

20:56:14.0354 7424 IPBusEnum - ok

20:56:14.0396 7424 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:56:14.0421 7424 IpFilterDriver - ok

20:56:14.0489 7424 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll

20:56:14.0508 7424 iphlpsvc - ok

20:56:14.0512 7424 IpInIp - ok

20:56:14.0560 7424 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

20:56:14.0599 7424 IPMIDRV - ok

20:56:14.0618 7424 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

20:56:14.0657 7424 IPNAT - ok

20:56:14.0700 7424 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

20:56:14.0733 7424 IRENUM - ok

20:56:14.0757 7424 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

20:56:14.0770 7424 isapnp - ok

20:56:14.0822 7424 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys

20:56:14.0839 7424 iScsiPrt - ok

20:56:14.0879 7424 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

20:56:14.0895 7424 iteatapi - ok

20:56:14.0936 7424 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

20:56:14.0949 7424 iteraid - ok

20:56:14.0970 7424 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

20:56:14.0984 7424 kbdclass - ok

20:56:15.0019 7424 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys

20:56:15.0044 7424 kbdhid - ok

20:56:15.0087 7424 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

20:56:15.0105 7424 KeyIso - ok

20:56:15.0134 7424 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys

20:56:15.0156 7424 KSecDD - ok

20:56:15.0190 7424 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

20:56:15.0228 7424 ksthunk - ok

20:56:15.0286 7424 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll

20:56:15.0336 7424 KtmRm - ok

20:56:15.0388 7424 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll

20:56:15.0415 7424 LanmanServer - ok

20:56:15.0500 7424 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll

20:56:15.0538 7424 LanmanWorkstation - ok

20:56:15.0668 7424 LFSys (a1fb2e67deb4a435858a697c4e30259b) C:\Windows\syswow64\drivers\LFSys64.sys

20:56:15.0687 7424 LFSys - ok

20:56:15.0714 7424 LHidFilt (0a7d6ed578d85f0c35353424ee3f5245) C:\Windows\system32\DRIVERS\LHidFilt.Sys

20:56:15.0730 7424 LHidFilt - ok

20:56:15.0755 7424 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

20:56:15.0803 7424 lltdio - ok

20:56:15.0840 7424 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll

20:56:15.0899 7424 lltdsvc - ok

20:56:15.0927 7424 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll

20:56:15.0983 7424 lmhosts - ok

20:56:16.0010 7424 LMouFilt (6542e2e6db58118fbb1b82a68ce3aff9) C:\Windows\system32\DRIVERS\LMouFilt.Sys

20:56:16.0021 7424 LMouFilt - ok

20:56:16.0078 7424 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

20:56:16.0092 7424 LSI_FC - ok

20:56:16.0119 7424 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

20:56:16.0135 7424 LSI_SAS - ok

20:56:16.0151 7424 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

20:56:16.0165 7424 LSI_SCSI - ok

20:56:16.0197 7424 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

20:56:16.0229 7424 luafv - ok

20:56:16.0332 7424 McciCMService64 (be3d584d7c021eb7d89166eecb83c341) C:\Program Files\Common Files\Motive\McciCMService.exe

20:56:16.0363 7424 McciCMService64 ( UnsignedFile.Multi.Generic ) - warning

20:56:16.0363 7424 McciCMService64 - detected UnsignedFile.Multi.Generic (1)

20:56:16.0420 7424 MCHPUSB (ba3963a603f0504eb2a1475b335eab53) C:\Windows\system32\DRIVERS\mchpusb64.sys

20:56:16.0434 7424 MCHPUSB - ok

20:56:16.0525 7424 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll

20:56:16.0552 7424 Mcx2Svc - ok

20:56:16.0607 7424 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys

20:56:16.0619 7424 mdmxsdk - ok

20:56:16.0666 7424 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

20:56:16.0679 7424 megasas - ok

20:56:16.0715 7424 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

20:56:16.0735 7424 MegaSR - ok

20:56:16.0779 7424 meprog - ok

20:56:16.0800 7424 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll

20:56:16.0836 7424 MMCSS - ok

20:56:16.0878 7424 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

20:56:16.0917 7424 Modem - ok

20:56:16.0937 7424 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

20:56:17.0001 7424 monitor - ok

20:56:17.0028 7424 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

20:56:17.0046 7424 mouclass - ok

20:56:17.0066 7424 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

20:56:17.0098 7424 mouhid - ok

20:56:17.0148 7424 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

20:56:17.0162 7424 MountMgr - ok

20:56:17.0195 7424 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

20:56:17.0209 7424 mpio - ok

20:56:17.0241 7424 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

20:56:17.0265 7424 mpsdrv - ok

20:56:17.0322 7424 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll

20:56:17.0364 7424 MpsSvc - ok

20:56:17.0387 7424 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

20:56:17.0402 7424 Mraid35x - ok

20:56:17.0443 7424 MREMP50 - ok

20:56:17.0531 7424 MREMP50a64 - ok

20:56:17.0536 7424 MRESP50 - ok

20:56:17.0543 7424 MRESP50a64 - ok

20:56:17.0585 7424 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys

20:56:17.0605 7424 MRxDAV - ok

20:56:17.0667 7424 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys

20:56:17.0689 7424 mrxsmb - ok

20:56:17.0742 7424 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:56:17.0784 7424 mrxsmb10 - ok

20:56:17.0818 7424 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:56:17.0858 7424 mrxsmb20 - ok

20:56:17.0885 7424 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys

20:56:17.0900 7424 msahci - ok

20:56:17.0919 7424 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

20:56:17.0945 7424 msdsm - ok

20:56:17.0980 7424 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe

20:56:18.0032 7424 MSDTC - ok

20:56:18.0089 7424 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

20:56:18.0120 7424 Msfs - ok

20:56:18.0161 7424 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

20:56:18.0177 7424 msisadrv - ok

20:56:18.0207 7424 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll

20:56:18.0251 7424 MSiSCSI - ok

20:56:18.0255 7424 msiserver - ok

20:56:18.0286 7424 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

20:56:18.0317 7424 MSKSSRV - ok

20:56:18.0349 7424 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

20:56:18.0382 7424 MSPCLOCK - ok

20:56:18.0418 7424 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

20:56:18.0449 7424 MSPQM - ok

20:56:18.0496 7424 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys

20:56:18.0513 7424 MsRPC - ok

20:56:18.0523 7424 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

20:56:18.0536 7424 mssmbios - ok

20:56:18.0629 7424 MSSQL$SQLEXPRESS - ok

20:56:18.0676 7424 MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE

20:56:18.0689 7424 MSSQLServerADHelper100 - ok

20:56:18.0708 7424 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

20:56:18.0748 7424 MSTEE - ok

20:56:18.0780 7424 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys

20:56:18.0797 7424 Mup - ok

20:56:18.0852 7424 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll

20:56:18.0906 7424 napagent - ok

20:56:18.0959 7424 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys

20:56:19.0001 7424 NativeWifiP - ok

20:56:19.0071 7424 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys

20:56:19.0100 7424 NDIS - ok

20:56:19.0128 7424 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

20:56:19.0153 7424 NdisTapi - ok

20:56:19.0201 7424 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

20:56:19.0232 7424 Ndisuio - ok

20:56:19.0274 7424 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys

20:56:19.0299 7424 NdisWan - ok

20:56:19.0341 7424 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

20:56:19.0369 7424 NDProxy - ok

20:56:19.0380 7424 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

20:56:19.0418 7424 NetBIOS - ok

20:56:19.0465 7424 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys

20:56:19.0491 7424 netbt - ok

20:56:19.0513 7424 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

20:56:19.0531 7424 Netlogon - ok

20:56:19.0582 7424 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll

20:56:19.0623 7424 Netman - ok

20:56:19.0978 7424 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:56:20.0007 7424 NetMsmqActivator - ok

20:56:20.0012 7424 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:56:20.0030 7424 NetPipeActivator - ok

20:56:20.0071 7424 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll

20:56:20.0114 7424 netprofm - ok

20:56:20.0118 7424 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:56:20.0133 7424 NetTcpActivator - ok

20:56:20.0139 7424 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:56:20.0152 7424 NetTcpPortSharing - ok

20:56:20.0189 7424 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

20:56:20.0202 7424 nfrd960 - ok

20:56:20.0222 7424 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll

20:56:20.0261 7424 NlaSvc - ok

20:56:20.0348 7424 nm3 (f554c5fd7bd1efa4da5cfe2eed86391f) C:\Windows\system32\DRIVERS\nm3.sys

20:56:20.0365 7424 nm3 - ok

20:56:20.0472 7424 nmservice (cd2fe9c33cfd0fe0af124e05907e5c3d) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

20:56:20.0513 7424 nmservice - ok

20:56:20.0560 7424 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys

20:56:20.0591 7424 Npfs - ok

20:56:20.0635 7424 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll

20:56:20.0724 7424 nsi - ok

20:56:20.0751 7424 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

20:56:20.0784 7424 nsiproxy - ok

20:56:20.0876 7424 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys

20:56:20.0933 7424 Ntfs - ok

20:56:21.0067 7424 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

20:56:21.0099 7424 Null - ok

20:56:21.0130 7424 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

20:56:21.0144 7424 nvraid - ok

20:56:21.0193 7424 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

20:56:21.0209 7424 nvstor - ok

20:56:21.0255 7424 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

20:56:21.0286 7424 nv_agp - ok

20:56:21.0311 7424 NwlnkFlt - ok

20:56:21.0316 7424 NwlnkFwd - ok

20:56:21.0443 7424 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

20:56:21.0467 7424 odserv - ok

20:56:21.0477 7424 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys

20:56:21.0548 7424 ohci1394 - ok

20:56:21.0596 7424 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

20:56:21.0608 7424 ose - ok

20:56:21.0683 7424 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

20:56:21.0716 7424 p2pimsvc - ok

20:56:21.0725 7424 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

20:56:21.0756 7424 p2psvc - ok

20:56:21.0786 7424 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys

20:56:21.0833 7424 Parport - ok

20:56:21.0859 7424 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys

20:56:21.0876 7424 partmgr - ok

20:56:21.0920 7424 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll

20:56:21.0945 7424 PcaSvc - ok

20:56:21.0980 7424 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys

20:56:22.0022 7424 pci - ok

20:56:22.0061 7424 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys

20:56:22.0077 7424 pciide - ok

20:56:22.0098 7424 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

20:56:22.0112 7424 pcmcia - ok

20:56:22.0163 7424 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys

20:56:22.0175 7424 pcouffin - ok

20:56:22.0209 7424 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

20:56:22.0267 7424 PEAUTH - ok

20:56:22.0353 7424 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe

20:56:22.0399 7424 PerfHost - ok

20:56:22.0501 7424 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll

20:56:22.0560 7424 pla - ok

20:56:22.0628 7424 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll

20:56:22.0675 7424 PlugPlay - ok

20:56:22.0718 7424 pnarp (4ff73a83a25d0eead4f5e6c841bb6704) C:\Windows\system32\DRIVERS\pnarp.sys

20:56:22.0733 7424 pnarp - ok

20:56:22.0808 7424 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

20:56:22.0854 7424 PNRPAutoReg - ok

20:56:22.0865 7424 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

20:56:22.0919 7424 PNRPsvc - ok

20:56:22.0970 7424 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll

20:56:23.0061 7424 PolicyAgent - ok

20:56:23.0104 7424 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys

20:56:23.0129 7424 PptpMiniport - ok

20:56:23.0159 7424 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys

20:56:23.0190 7424 Processor - ok

20:56:23.0240 7424 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll

20:56:23.0272 7424 ProfSvc - ok

20:56:23.0314 7424 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

20:56:23.0332 7424 ProtectedStorage - ok

20:56:23.0367 7424 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys

20:56:23.0396 7424 PSched - ok

20:56:23.0443 7424 purendis (9a68a89f10f283a23afee2a1bfe4bffb) C:\Windows\system32\DRIVERS\purendis.sys

20:56:23.0455 7424 purendis - ok

20:56:23.0494 7424 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys

20:56:23.0508 7424 PxHlpa64 - ok

20:56:23.0563 7424 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

20:56:23.0609 7424 ql2300 - ok

20:56:23.0659 7424 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

20:56:23.0679 7424 ql40xx - ok

20:56:23.0736 7424 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll

20:56:23.0771 7424 QWAVE - ok

20:56:23.0804 7424 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

20:56:23.0826 7424 QWAVEdrv - ok

20:56:23.0981 7424 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys

20:56:24.0111 7424 R300 - ok

20:56:24.0212 7424 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

20:56:24.0244 7424 RasAcd - ok

20:56:24.0306 7424 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll

20:56:24.0345 7424 RasAuto - ok

20:56:24.0385 7424 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys

20:56:24.0415 7424 Rasl2tp - ok

20:56:24.0465 7424 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll

20:56:24.0506 7424 RasMan - ok

20:56:24.0553 7424 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys

20:56:24.0583 7424 RasPppoe - ok

20:56:24.0628 7424 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys

20:56:24.0645 7424 RasSstp - ok

20:56:24.0691 7424 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys

20:56:24.0730 7424 rdbss - ok

20:56:24.0773 7424 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

20:56:24.0820 7424 RDPCDD - ok

20:56:24.0866 7424 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

20:56:24.0900 7424 rdpdr - ok

20:56:24.0906 7424 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

20:56:24.0938 7424 RDPENCDD - ok

20:56:25.0044 7424 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys

20:56:25.0062 7424 RDPWD - ok

20:56:25.0091 7424 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll

20:56:25.0140 7424 RemoteAccess - ok

20:56:25.0192 7424 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll

20:56:25.0224 7424 RemoteRegistry - ok

20:56:25.0254 7424 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe

20:56:25.0275 7424 RpcLocator - ok

20:56:25.0347 7424 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll

20:56:25.0397 7424 RpcSs - ok

20:56:25.0467 7424 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys

20:56:25.0484 7424 RsFx0103 - ok

20:56:25.0507 7424 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

20:56:25.0546 7424 rspndr - ok

20:56:25.0596 7424 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

20:56:25.0618 7424 SamSs - ok

20:56:25.0646 7424 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

20:56:25.0664 7424 sbp2port - ok

20:56:25.0713 7424 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll

20:56:25.0761 7424 SCardSvr - ok

20:56:25.0837 7424 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll

20:56:25.0887 7424 Schedule - ok

20:56:25.0927 7424 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll

20:56:25.0962 7424 SCPolicySvc - ok

20:56:26.0003 7424 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll

20:56:26.0044 7424 SDRSVC - ok

20:56:26.0167 7424 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

20:56:26.0183 7424 SeaPort - ok

20:56:26.0232 7424 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

20:56:26.0279 7424 secdrv - ok

20:56:26.0286 7424 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll

20:56:26.0325 7424 seclogon - ok

20:56:26.0370 7424 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll

20:56:26.0408 7424 SENS - ok

20:56:26.0460 7424 Ser2pl64 (bc7ed37fba7cd8a46a63c6edfe98bb36) C:\Windows\system32\DRIVERS\ser2pl64.sys

20:56:26.0475 7424 Ser2pl64 - ok

20:56:26.0493 7424 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\DRIVERS\serenum.sys

20:56:26.0549 7424 Serenum - ok

20:56:26.0576 7424 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys

20:56:26.0624 7424 Serial - ok

20:56:26.0629 7424 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

20:56:26.0662 7424 sermouse - ok

20:56:26.0710 7424 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll

20:56:26.0749 7424 SessionEnv - ok

20:56:26.0787 7424 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

20:56:26.0819 7424 sffdisk - ok

20:56:26.0827 7424 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

20:56:26.0860 7424 sffp_mmc - ok

20:56:26.0885 7424 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

20:56:26.0916 7424 sffp_sd - ok

20:56:26.0935 7424 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

20:56:26.0988 7424 sfloppy - ok

20:56:27.0025 7424 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll

20:56:27.0086 7424 SharedAccess - ok

20:56:27.0162 7424 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll

20:56:27.0186 7424 ShellHWDetection - ok

20:56:27.0230 7424 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

20:56:27.0244 7424 SiSRaid2 - ok

20:56:27.0256 7424 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

20:56:27.0275 7424 SiSRaid4 - ok

20:56:27.0468 7424 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe

20:56:27.0553 7424 slsvc - ok

20:56:27.0699 7424 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll

20:56:27.0734 7424 SLUINotify - ok

20:56:27.0802 7424 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys

20:56:27.0829 7424 Smb - ok

20:56:27.0891 7424 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe

20:56:27.0914 7424 SNMPTRAP - ok

20:56:28.0783 7424 SNP2UVC (61f2199588bfbf983cc40e665953656d) C:\Windows\system32\DRIVERS\snp2uvc.sys

20:56:28.0964 7424 SNP2UVC - ok

20:56:29.0093 7424 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys

20:56:29.0129 7424 spldr - ok

20:56:29.0172 7424 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe

20:56:29.0195 7424 Spooler - ok

20:56:29.0324 7424 SQLAgent$SQLEXPRESS (12e6d95cde974b131defaa44bab8b056) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE

20:56:29.0342 7424 SQLAgent$SQLEXPRESS - ok

20:56:29.0466 7424 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

20:56:29.0479 7424 SQLBrowser - ok

20:56:29.0526 7424 SQLWriter (6d65985945b03ca59b67d0b73702fc7b) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

20:56:29.0538 7424 SQLWriter - ok

20:56:29.0595 7424 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys

20:56:29.0619 7424 srv - ok

20:56:29.0666 7424 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys

20:56:29.0684 7424 srv2 - ok

20:56:29.0729 7424 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys

20:56:29.0747 7424 srvnet - ok

20:56:29.0791 7424 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll

20:56:29.0840 7424 SSDPSRV - ok

20:56:29.0881 7424 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll

20:56:29.0909 7424 SstpSvc - ok

20:56:29.0982 7424 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll

20:56:30.0043 7424 stisvc - ok

20:56:30.0413 7424 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

20:56:30.0461 7424 stllssvr - ok

20:56:30.0507 7424 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

20:56:30.0533 7424 swenum - ok

20:56:30.0593 7424 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll

20:56:30.0647 7424 swprv - ok

20:56:30.0755 7424 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

20:56:30.0768 7424 Symc8xx - ok

20:56:30.0786 7424 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

20:56:30.0813 7424 Sym_hi - ok

20:56:30.0822 7424 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

20:56:30.0836 7424 Sym_u3 - ok

20:56:30.0902 7424 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll

20:56:30.0962 7424 SysMain - ok

20:56:30.0995 7424 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll

20:56:31.0031 7424 TabletInputService - ok

20:56:31.0084 7424 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll

20:56:31.0120 7424 TapiSrv - ok

20:56:31.0161 7424 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll

20:56:31.0251 7424 TBS - ok

20:56:31.0321 7424 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys

20:56:31.0371 7424 Tcpip - ok

20:56:31.0385 7424 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys

20:56:31.0462 7424 Tcpip6 - ok

20:56:31.0507 7424 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys

20:56:31.0527 7424 tcpipreg - ok

20:56:31.0554 7424 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

20:56:31.0592 7424 TDPIPE - ok

20:56:31.0620 7424 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

20:56:31.0660 7424 TDTCP - ok

20:56:31.0708 7424 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys

20:56:31.0738 7424 tdx - ok

20:56:31.0766 7424 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys

20:56:31.0785 7424 TermDD - ok

20:56:31.0840 7424 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll

20:56:31.0931 7424 TermService - ok

20:56:31.0981 7424 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll

20:56:32.0004 7424 Themes - ok

20:56:32.0041 7424 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll

20:56:32.0078 7424 THREADORDER - ok

20:56:32.0159 7424 TotRec7 (96de4fed634eae753073c8515f1b30d3) C:\Windows\system32\drivers\TotRec7.sys

20:56:32.0183 7424 TotRec7 - ok

20:56:32.0226 7424 TotRec8 (e4561f36020a64cdbb92d94e92cba1b1) C:\Windows\system32\drivers\TotRec8.sys

20:56:32.0238 7424 TotRec8 - ok

20:56:32.0277 7424 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll

20:56:32.0317 7424 TrkWks - ok

20:56:32.0384 7424 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe

20:56:32.0413 7424 TrustedInstaller - ok

20:56:32.0461 7424 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

20:56:32.0500 7424 tssecsrv - ok

20:56:32.0543 7424 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

20:56:32.0561 7424 tunmp - ok

20:56:32.0599 7424 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys

20:56:32.0616 7424 tunnel - ok

20:56:32.0648 7424 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

20:56:32.0665 7424 uagp35 - ok

20:56:32.0725 7424 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys

20:56:32.0758 7424 udfs - ok

20:56:32.0773 7424 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe

20:56:32.0832 7424 UI0Detect - ok

20:56:32.0870 7424 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

20:56:32.0883 7424 uliagpkx - ok

20:56:32.0910 7424 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

20:56:32.0926 7424 uliahci - ok

20:56:32.0980 7424 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

20:56:32.0993 7424 UlSata - ok

20:56:33.0015 7424 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

20:56:33.0030 7424 ulsata2 - ok

20:56:33.0069 7424 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

20:56:33.0101 7424 umbus - ok

20:56:33.0133 7424 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys

20:56:33.0192 7424 UMPass - ok

20:56:33.0237 7424 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll

20:56:33.0282 7424 upnphost - ok

20:56:33.0339 7424 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys

20:56:33.0370 7424 usbaudio - ok

20:56:33.0427 7424 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

20:56:33.0457 7424 usbccgp - ok

20:56:33.0484 7424 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

20:56:33.0542 7424 usbcir - ok

20:56:33.0579 7424 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys

20:56:33.0609 7424 usbehci - ok

20:56:33.0626 7424 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys

20:56:33.0660 7424 usbhub - ok

20:56:33.0731 7424 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys

20:56:33.0796 7424 usbohci - ok

20:56:33.0829 7424 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys

20:56:33.0869 7424 usbprint - ok

20:56:33.0930 7424 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys

20:56:33.0955 7424 usbscan - ok

20:56:33.0996 7424 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS

20:56:34.0022 7424 USBSTOR - ok

20:56:34.0073 7424 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

20:56:34.0098 7424 usbuhci - ok

20:56:34.0144 7424 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys

20:56:34.0186 7424 usbvideo - ok

20:56:34.0234 7424 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll

20:56:34.0266 7424 UxSms - ok

20:56:34.0300 7424 V0500Dev (78b3efdc12d6e62736001b8249079dd8) C:\Windows\system32\DRIVERS\V0500Vid.sys

20:56:34.0315 7424 V0500Dev - ok

20:56:34.0381 7424 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe

20:56:34.0434 7424 vds - ok

20:56:34.0468 7424 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

20:56:34.0510 7424 vga - ok

20:56:34.0534 7424 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

20:56:34.0572 7424 VgaSave - ok

20:56:34.0612 7424 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

20:56:34.0627 7424 viaide - ok

20:56:34.0803 7424 Viewpoint Manager Service - ok

20:56:34.0939 7424 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys

20:56:34.0963 7424 volmgr - ok

20:56:35.0044 7424 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys

20:56:35.0083 7424 volmgrx - ok

20:56:35.0130 7424 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys

20:56:35.0173 7424 volsnap - ok

20:56:35.0217 7424 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

20:56:35.0247 7424 vsmraid - ok

20:56:35.0376 7424 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe

20:56:35.0436 7424 VSS - ok

20:56:35.0698 7424 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll

20:56:35.0759 7424 W32Time - ok

20:56:35.0821 7424 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

20:56:35.0885 7424 WacomPen - ok

20:56:35.0952 7424 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

20:56:35.0989 7424 Wanarp - ok

20:56:35.0993 7424 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

20:56:36.0031 7424 Wanarpv6 - ok

20:56:36.0089 7424 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll

20:56:36.0120 7424 wcncsvc - ok

20:56:36.0145 7424 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll

20:56:36.0180 7424 WcsPlugInService - ok

20:56:36.0227 7424 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

20:56:36.0241 7424 Wd - ok

20:56:36.0286 7424 Wdf01000 (dbb4397d703a755facb05486c449c507) C:\Windows\system32\drivers\Wdf01000.sys

20:56:36.0311 7424 Wdf01000 - ok

20:56:36.0335 7424 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll

20:56:36.0377 7424 WdiServiceHost - ok

20:56:36.0380 7424 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll

20:56:36.0423 7424 WdiSystemHost - ok

20:56:36.0492 7424 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll

20:56:36.0523 7424 WebClient - ok

20:56:36.0565 7424 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll

20:56:36.0594 7424 Wecsvc - ok

20:56:36.0608 7424 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll

20:56:36.0648 7424 wercplsupport - ok

20:56:36.0679 7424 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll

20:56:36.0719 7424 WerSvc - ok

20:56:36.0789 7424 winachsf (a53cde6beea165fe9b430476eede3c54) C:\Windows\system32\DRIVERS\CAX_CNXT.sys

20:56:36.0821 7424 winachsf - ok

20:56:36.0876 7424 WinDefend - ok

20:56:36.0892 7424 WinHttpAutoProxySvc - ok

20:56:36.0977 7424 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll

20:56:37.0016 7424 Winmgmt - ok

20:56:37.0158 7424 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll

20:56:37.0265 7424 WinRM - ok

20:56:37.0416 7424 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll

20:56:37.0464 7424 Wlansvc - ok

20:56:37.0736 7424 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

20:56:37.0809 7424 wlidsvc - ok

20:56:37.0923 7424 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys

20:56:37.0942 7424 WmiAcpi - ok

20:56:38.0022 7424 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe

20:56:38.0061 7424 wmiApSrv - ok

20:56:38.0117 7424 WMPNetworkSvc - ok

20:56:38.0164 7424 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll

20:56:38.0228 7424 WPCSvc - ok

20:56:38.0272 7424 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll

20:56:38.0320 7424 WPDBusEnum - ok

20:56:38.0355 7424 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys

20:56:38.0372 7424 WpdUsb - ok

20:56:38.0505 7424 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe

20:56:38.0570 7424 WPFFontCache_v0400 - ok

20:56:38.0608 7424 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

20:56:38.0639 7424 ws2ifsl - ok

20:56:38.0670 7424 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\System32\wscsvc.dll

20:56:38.0700 7424 wscsvc - ok

20:56:38.0748 7424 WSDPrintDevice (de5f5212ab34221dd1618b5fefe8db6c) C:\Windows\system32\DRIVERS\WSDPrint.sys

20:56:38.0777 7424 WSDPrintDevice - ok

20:56:38.0796 7424 WSDScan (c48e6ef92be6bfef9ee2430c42eaf2bd) C:\Windows\system32\DRIVERS\WSDScan.sys

20:56:38.0827 7424 WSDScan - ok

20:56:38.0831 7424 WSearch - ok

20:56:38.0996 7424 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll

20:56:39.0110 7424 wuauserv - ok

20:56:39.0258 7424 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

20:56:39.0353 7424 WUDFRd - ok

20:56:39.0391 7424 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll

20:56:39.0465 7424 wudfsvc - ok

20:56:39.0511 7424 WUSB54GCv3 (c088056dfba2b3a6955ea596ee5cc507) C:\Windows\system32\DRIVERS\WUSB54GCv3.sys

20:56:39.0536 7424 WUSB54GCv3 - ok

20:56:39.0542 7424 XAudio (f22e443518bc599d12888daf292a56d8) C:\Windows\system32\DRIVERS\xaudio64.sys

20:56:39.0555 7424 XAudio - ok

20:56:39.0603 7424 XAudioService (963c27034bba4ac52a13f7a3c657c708) C:\Windows\system32\DRIVERS\xaudio64.exe

20:56:39.0621 7424 XAudioService - ok

20:56:39.0674 7424 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0

20:56:39.0802 7424 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

20:56:39.0802 7424 \Device\Harddisk0\DR0 - detected TDSS File System (1)

20:56:39.0825 7424 Boot (0x1200) (2bd43f59bd1fa455adf4cc796604d954) \Device\Harddisk0\DR0\Partition0

20:56:39.0827 7424 \Device\Harddisk0\DR0\Partition0 - ok

20:56:39.0831 7424 Boot (0x1200) (32c325547acdbc4f5cb3e5a96cad24a1) \Device\Harddisk0\DR0\Partition1

20:56:39.0834 7424 \Device\Harddisk0\DR0\Partition1 - ok

20:56:39.0834 7424 ============================================================

20:56:39.0834 7424 Scan finished

20:56:39.0834 7424 ============================================================

20:56:39.0849 7344 Detected object count: 2

20:56:39.0850 7344 Actual detected object count: 2

20:57:54.0722 7344 McciCMService64 ( UnsignedFile.Multi.Generic ) - skipped by user

20:57:54.0722 7344 McciCMService64 ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:57:54.0837 7344 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

20:57:54.0841 7344 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

20:57:54.0872 7344 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

20:57:54.0880 7344 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

20:57:54.0916 7344 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

20:57:54.0950 7344 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

20:57:54.0952 7344 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

20:57:54.0954 7344 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

20:57:54.0956 7344 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

20:57:54.0962 7344 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

20:57:54.0967 7344 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

20:57:54.0970 7344 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

20:57:54.0970 7344 \Device\Harddisk0\DR0\TDLFS - deleted

20:57:54.0971 7344 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

Link to post
Share on other sites

TDSSKiller found the malware.

-----------------------------

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:

If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Hello again, MrC

I followed your instructions, running ComboFix after temporarily disabling my AVG antivirus. ComboFix seems to have run just fine; I watched it while it did its thing. After ComboFix finished scanning and rebooted my computer, my antivirus started automatically, as usual, and immediately identified ComboFix as a threat. I was given two options, either to quarantine the "virus" or to ignore it. I chose the latter, and ComboFix then completed and created the file, which I have attached below.

There was some 'desktopicon' item under appdata/roaming which ComboFix found interesting and deleted; have you ever heard of that before? Also I note in the log that there are several items that are evidently inaccessible, all having to do with Macromedia Flash objects. I have heard that these are in the "supercookie" category and can hold information that one might not want others to access. Do you know of any way to clear those files and keep Flash from creating inaccessible ones?

Thanks so much for your help; here's the log:

ComboFix 12-05-13.03 - Jim 05/13/2012 11:15:30.1.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4084.2421 [GMT -7:00]

Running from: c:\users\Jim\Desktop\ComboFix.exe

AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Jim\AppData\Roaming\Desktopicon

c:\users\Jim\AppData\Roaming\Desktopicon\config.ini

.

.

((((((((((((((((((((((((( Files Created from 2012-04-13 to 2012-05-13 )))))))))))))))))))))))))))))))

.

.

2012-05-08 20:02 . 2012-05-08 20:02 -------- d-----w- c:\program files (x86)\Burrrn

2012-05-08 17:41 . 2012-04-03 08:22 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-08 17:41 . 2012-04-02 13:59 2766848 ----a-w- c:\windows\system32\win32k.sys

2012-05-07 23:14 . 2012-05-07 23:14 -------- d-----w- c:\program files\Microsoft ATS

2012-05-07 18:52 . 2012-05-07 23:36 -------- d-----w- c:\programdata\F4D55F170000265200256BC3570F1C8B

2012-05-07 18:52 . 2012-05-07 23:36 -------- d-----w- c:\program files (x86)\Common Files\XML

2012-04-30 18:50 . 2012-05-07 23:34 -------- d-----w- c:\program files\Lantronix

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-04 22:56 . 2009-12-06 02:53 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-18 02:21 . 2012-03-18 02:21 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-14 16:58 . 2011-10-27 01:11 2379552 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll

2012-03-09 01:50 . 2012-03-09 01:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll

2012-03-09 01:37 . 2012-03-09 01:37 302448 ----a-w- c:\windows\WLXPGSS.SCR

2012-02-29 15:37 . 2012-04-11 16:12 5632 ----a-w- c:\windows\system32\wmi.dll

2012-02-29 15:37 . 2012-04-11 16:12 219136 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 15:35 . 2012-04-11 16:12 78848 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 15:11 . 2012-04-11 16:12 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-02-29 15:11 . 2012-04-11 16:12 172032 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-02-29 15:09 . 2012-04-11 16:12 157696 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-02-29 13:52 . 2012-04-11 16:12 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-02-28 11:30 . 2012-04-11 16:07 916992 ----a-w- c:\windows\SysWow64\wininet.dll

2012-02-28 11:25 . 2012-04-11 16:07 43520 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-02-28 11:25 . 2012-04-11 16:07 1469440 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-02-28 11:25 . 2012-04-11 16:07 71680 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-02-28 11:25 . 2012-04-11 16:07 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-02-28 10:07 . 2012-04-11 16:07 385024 ----a-w- c:\windows\SysWow64\html.iec

2012-02-28 08:12 . 2012-04-11 16:07 133632 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-02-28 08:08 . 2012-04-11 16:07 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-02-28 06:34 . 2012-04-11 16:07 1147392 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 06:30 . 2012-04-11 16:07 56832 ----a-w- c:\windows\system32\licmgr10.dll

2012-02-28 06:30 . 2012-04-11 16:07 1538560 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-28 06:30 . 2012-04-11 16:07 77312 ----a-w- c:\windows\system32\iesetup.dll

2012-02-28 06:30 . 2012-04-11 16:07 132096 ----a-w- c:\windows\system32\iesysprep.dll

2012-02-28 05:41 . 2012-04-11 16:07 479232 ----a-w- c:\windows\system32\html.iec

2012-02-28 05:00 . 2012-04-11 16:07 162816 ----a-w- c:\windows\system32\ieUnatt.exe

2012-02-28 04:58 . 2012-04-11 16:07 1638912 ----a-w- c:\windows\system32\mshtml.tlb

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"c:\program files (x86)\NetMeter\NetMeter.exe"="c:\program files (x86)\NetMeter\NetMeter.exe" [2009-08-09 293888]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-27 15026056]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480]

"LFService"="c:\program files (x86)\Lock Folder XP\LFService.exe" [2011-10-28 60248]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux6"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

R4 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSr64.exe [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-25 19:06]

.

2012-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-25 19:06]

.

2012-05-13 c:\windows\Tasks\User_Feed_Synchronization-{DD75B0B2-BE0A-4434-A78C-7821C4935A5C}.job

- c:\windows\system32\msfeedssync.exe [2012-04-11 08:09]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RAVCpl64.exe" [2008-07-18 6453760]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\system32\blank.htm

uInternet Settings,ProxyOverride = <local>

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

Trusted Zone: $talisma_url$

Trusted Zone: usps.com\ecap-ws-prod

Trusted Zone: usps.com\ecap21

Trusted Zone: usps.com\shop

Trusted Zone: usps.com\sss-web

Trusted Zone: usps.com\webapps

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{A949DB4D-ABD6-48A1-82FE-FE02CE1DCEB1}: NameServer = 192.168.5.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

ShellIconOverlayIdentifiers-{C5994560-53D9-4125-87C9-F193FC689CB2} - (no file)

ShellIconOverlayIdentifiers-{C5994561-53D9-4125-87C9-F193FC689CB2} - (no file)

ShellIconOverlayIdentifiers-{C5994562-53D9-4125-87C9-F193FC689CB2} - (no file)

ShellIconOverlayIdentifiers-{C5994563-53D9-4125-87C9-F193FC689CB2} - (no file)

ShellIconOverlayIdentifiers-{C5994564-53D9-4125-87C9-F193FC689CB2} - (no file)

ShellIconOverlayIdentifiers-{C5994565-53D9-4125-87C9-F193FC689CB2} - (no file)

ShellIconOverlayIdentifiers-{C5994566-53D9-4125-87C9-F193FC689CB2} - (no file)

ShellIconOverlayIdentifiers-{C5994567-53D9-4125-87C9-F193FC689CB2} - (no file)

ShellIconOverlayIdentifiers-{C5994568-53D9-4125-87C9-F193FC689CB2} - (no file)

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe

c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe

.

**************************************************************************

.

Completion time: 2012-05-13 11:32:19 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-13 18:32

.

Pre-Run: 347,560,878,080 bytes free

Post-Run: 347,444,465,664 bytes free

.

- - End Of File - - 39A1DEF1734F770F6950E1596FA28A82

Link to post
Share on other sites

That's great, MrC; no rush at all. I just ran Ccleaner, which gets rid of Internet files, etc., and also ran their Registry Cleaner utility, which is supposed to be one of the more benign cleaners of this type. At least I've never had it delete any values that gave me subsequent grief. Lo and behold, it found some registry entries for programs that I never knew I had, which might have been deleted with this last ComboFix exercise. I've attached an image of what the Ccleaner log looked like before I allowed it to delete these registry values. Have no idea what Wget and swearware are (or were), evidently nothing I can't do without.

Thanks!

post-111838-0-74876600-1336943801.jpg

Link to post
Share on other sites

Hi, MrC...

I don't like registry cleaners either, but Ccleaner seems to be the most gentle of all. It will delete links to missing files, and that's all. The computer seems to be running fine now. In fact, it seems to start Windows substantially faster than before all this. Again, many thanks for all your help. I have had friends with similar problems and will send them here. I recommend Malwarebytes at every opportunity.

Link to post
Share on other sites

OK.....a little clean-up to do,

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

-------------------------------

You have out date Java on the system, older versions are vulnerable to malware.

Please go to your control panels add/remove programs and uninstall these:

Java™ 6 Update 13

Then download and install the latest version Java™ 7 Update 4.

http://www.java.com/...load/manual.jsp <---latest version

http://www.java.com/...d/installed.jsp <---verify your Java

-----------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.