c4poa Posted May 16, 2012 ID:552051 Share Posted May 16, 2012 MalwareBytes finds nothing. I found another topic on this same issue and tried following the steps through in that one but still seem to have infections of some type.Things I have downloaded and ran include:DefoggerMWbytesSuperAntiSpyware (which did find and clean many items)MBRchecker (said MBR was corrupt)TDSkiller (doesn't appear to run or do anything)Security CheckComboFixADAwareAny help would be greatly appreciated. I have included the two files as instructed in the I'm infected now what section.Thanks in advance!.DDS (Ver_2011-08-26.01) - NTFSx86Internet Explorer: 8.0.7600.16385Run by isck at 16:30:38 on 2012-05-16Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3575.2218 [GMT -5:00].AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\SUPERAntiSpyware\SASCORE.EXEC:\Program Files\Dell\KACE\AMPAgent.exeC:\Windows\system32\DWRCS.EXEc:\Program Files\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exeC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exec:\Program Files\Common Files\EFI\EFI ES-1000 Service\ES1000Server.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Fiery\Fiery Bridge\x86\MailboxSyncService.exeC:\Windows\system32\atieclxx.exeC:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files\New World Systems\New World Automatic Updater\NewWorld.Management.Updater.Service.exeC:\Program Files\New World Systems\Aegis MSP\NWClientUpdate.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\DWRCST.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\New World Systems\New World Automatic Updater\NewWorld.Management.Updater.TaskbarNotifier.exeC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exeC:\Windows\system32\taskhost.exeC:\Program Files\Shoreline Communications\ShoreWare Client\STCLogin.exeC:\Windows\System32\svchost.exe -k swprvC:\Windows\system32\REGSVR32.exeC:\Windows\system32\conhost.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_1&u=55DE4C068F6DC1B5B7E0C04FB3EAF819uInternet Settings,ProxyServer = 10.0.8.97:8080uInternet Settings,ProxyOverride = 206.176.*;*.siouxfalls.org;*.riss.net;*.hidta.net;*.laidlawtransit.com;10.*;*.hud.gov;*.microsoft.com;*.siouxlandlib.org;oclc.org;*.hdnr.org;*.esri.com;*.usgs.*;*.slkids.org;*.geographynetwork.com;*.eeoc.gov;*.uiuonline.org;192.168.*;<local>BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLLBHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllBHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllTB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dlluRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exemRun: [Client Access Service] "c:\program files\ibm\client access\cwbsvstr.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbyloginmRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServicesmRun: [New World Update Notifier] c:\program files\new world systems\new world automatic updater\NewWorld.Management.Updater.TaskbarNotifier.exemRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservicemRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"mRun: [DameWare MRC Agent] c:\windows\system32\DWRCST.exedRun: [Workrave] c:\program files\workrave\lib\Workrave.exeuPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)uPolicies-explorer: NoSMBalloonTip = 1 (0x1)uPolicies-explorer: NoSimpleStartMenu = 1 (0x1)mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableLUA = 0 (0x0)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)mPolicies-system: PromptOnSecureDesktop = 0 (0x0)mPolicies-system: HideFastUserSwitching = 0 (0x0)IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.htmlIE: {c95fe080-8f5d-11d2-a20b-00aa003c157a}IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dllTrusted Zone: ehsmed.comTrusted Zone: insiteTrusted Zone: siouxfalls.orgTrusted Zone: siouxfalls.org\utilitiespayTrusted Zone: siouxfallsparks.orgTrusted Zone: siouxfallssd.govTrusted Zone: siouxfallssd.org\cicitrix3.cityTrusted Zone: siouxfallssd.org\cityofsf.cityTrusted Zone: siouxlandlib.orgTrusted Zone: sireencoder01Trusted Zone: slkids.orgTrusted Zone: ehsmed.comTrusted Zone: insiteTrusted Zone: siouxfalls.orgTrusted Zone: siouxfalls.org\utilitiespayTrusted Zone: siouxfallsparks.orgTrusted Zone: siouxfallssd.govTrusted Zone: siouxfallssd.org\cicitrix3.cityTrusted Zone: siouxfallssd.org\cityofsf.cityTrusted Zone: siouxlandlib.orgTrusted Zone: sireencoder01Trusted Zone: slkids.orgDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cabDPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cabDPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cabTCP: DhcpNameServer = 10.0.8.22 10.0.8.23 10.0.8.27TCP: Interfaces\{809F1405-D635-4A71-AEC8-E869FFCDDBEB} : DhcpNameServer = 10.0.8.22 10.0.8.23 10.0.8.27Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLLNotify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLLSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLLSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL.============= SERVICES / DRIVERS ===============.R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-2-18 64512]R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2007-2-15 26624]R1 NEOFLTR_650_15551;Juniper Networks TDI Filter Driver (NEOFLTR_650_15551);c:\windows\system32\drivers\NEOFLTR_650_15551.SYS [2010-7-16 85360]R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]R2 AMPAgent;Dell KACE Agent;c:\program files\dell\kace\AMPAgent.exe [2012-1-16 2772072]R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-12-21 137144]R2 EFI ES1000;EFI ES1000;c:\program files\common files\efi\efi es-1000 service\ES1000Service.exe [2011-2-17 11776]R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-1-12 810144]R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-12-21 95384]R2 Fiery Bridge Mailbox Synchronization;Fiery Bridge Mailbox Synchronization;c:\program files\fiery\fiery bridge\x86\MailboxSyncService.exe [2011-2-17 94208]R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\common files\juniper networks\juns\dsAccessService.exe [2010-3-17 132464]R2 NewWorldUpdaterService;New World Updater;c:\program files\new world systems\new world automatic updater\NewWorld.Management.Updater.Service.exe [2011-1-12 32768]R2 NWClientUpdate;NWS Client Update;c:\program files\new world systems\aegis msp\NWClientUpdate.exe [2011-6-28 53248]R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2007-2-7 3712]R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2010-7-14 215208]R3 staccel;staccel;c:\windows\system32\drivers\staccel.sys [2011-12-22 32864]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-28 136176]S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-2-18 2152152]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-28 136176]S3 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-2-18 15232]S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-12-27 31124344]S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-16 1343400].=============== Created Last 30 ================.2012-05-16 20:20:35 -------- d-sh--w- C:\$RECYCLE.BIN2012-05-16 20:20:22 -------- d-----w- c:\users\isck\appdata\local\temp2012-05-16 18:29:47 98816 ----a-w- c:\windows\sed.exe2012-05-16 18:29:47 518144 ----a-w- c:\windows\SWREG.exe2012-05-16 18:29:47 256000 ----a-w- c:\windows\PEV.exe2012-05-16 18:29:47 208896 ----a-w- c:\windows\MBR.exe2012-05-16 18:28:35 -------- d-----w- C:\ComboFix2012-05-16 18:00:28 -------- d-----w- c:\users\isck\appdata\roaming\Blekko2012-05-16 17:59:25 -------- d-----w- c:\users\isck\appdata\roaming\Ad-Aware Antivirus2012-05-16 16:22:12 -------- d-----w- c:\users\isck\appdata\roaming\SUPERAntiSpyware.com2012-05-16 16:21:51 -------- d-----w- c:\programdata\SUPERAntiSpyware.com2012-05-16 16:21:51 -------- d-----w- c:\program files\SUPERAntiSpyware2012-05-16 16:16:47 -------- d-----w- c:\users\isck\appdata\roaming\Malwarebytes2012-05-16 16:16:37 -------- d-----w- c:\programdata\Malwarebytes2012-05-16 16:16:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-05-16 16:07:50 -------- d-----w- c:\users\isck\appdata\local\ESET2012-05-14 08:18:50 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{75f10b06-fffe-43e6-af3e-119aa575ccab}\offreg.dll2012-05-14 08:18:07 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{75f10b06-fffe-43e6-af3e-119aa575ccab}\mpengine.dll2012-05-01 08:00:47 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe2012-05-01 08:00:47 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe.==================== Find3M ====================.2012-04-16 19:34:47 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-04-16 19:34:47 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-02-23 15:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe2012-02-17 19:55:20 47616 ----a-w- c:\windows\system32\U2LHFW.dll2012-02-17 19:55:06 45056 ----a-w- c:\windows\system32\U2LGMFO.dll.============= FINISH: 16:36:27.25 ===============DDS.txtAttach.txt Link to post Share on other sites More sharing options...
Staff CatByte Posted May 16, 2012 Staff ID:552063 Share Posted May 16, 2012 Hi,Please do the following:For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to the disclaimer.[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there[*]Press Scan button.[*]type exit and reboot the computer normally[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply. Link to post Share on other sites More sharing options...
c4poa Posted May 17, 2012 Author ID:552200 Share Posted May 17, 2012 When I try to enter System Recovery Options from Advanced Boot Options the pc hangs at Starting Windows.When I use the Windows installation disc, I get to the Choose your language settings and click Next and then have no OS's listed to repair.Suggestions? and Thanks for your help! Link to post Share on other sites More sharing options...
Staff CatByte Posted May 17, 2012 Staff ID:552459 Share Posted May 17, 2012 Hi,Please do the followingRefer to the ComboFix User's Guide Download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Place ComboFix.exe on your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.You can get help on disabling your protection programs hereDouble click on ComboFix.exe & follow the prompts.Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next replyNote: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.---------------------------------------------------------------------------------------------Ensure your AntiVirus and AntiSpyware applications are re-enabled.---------------------------------------------------------------------------------------------NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error. Link to post Share on other sites More sharing options...
c4poa Posted May 18, 2012 Author ID:552626 Share Posted May 18, 2012 No matter what I try now I cannot get ComboFix to run. It does the initial extract popup window but then nothing else. I have uninstalled MalwareB, SAS, ADaware, and both items added with install of PC Tools, disabled Eset and ComboFix does not appear to run. Help? Link to post Share on other sites More sharing options...
c4poa Posted May 18, 2012 Author ID:552649 Share Posted May 18, 2012 I found a similar issue here and followed steps provided which did run and did appear to find and clean Rootkit.Boot.SST.b when I ran TDSKiller from Malwarebytes\Chameleon directory and starting up the Chameleon program. Sorry for trying steps other than what has been prescribed but those are not working and we obviously don't work same times of day and I need to either get this machine up and running or start the reload process. Thanks again for any help you can provide! Link to post Share on other sites More sharing options...
c4poa Posted May 18, 2012 Author ID:552650 Share Posted May 18, 2012 12:02:39.0695 5592 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:5712:02:40.0459 5592 ============================================================12:02:40.0459 5592 Current date / time: 2012/05/18 12:02:40.045912:02:40.0459 5592 SystemInfo:12:02:40.0459 5592 12:02:40.0459 5592 OS Version: 6.1.7600 ServicePack: 0.012:02:40.0459 5592 Product type: Workstation12:02:40.0459 5592 ComputerName: CSMSW829412:02:40.0459 5592 UserName: isck12:02:40.0459 5592 Windows directory: C:\Windows12:02:40.0459 5592 System windows directory: C:\Windows12:02:40.0459 5592 Processor architecture: Intel x8612:02:40.0459 5592 Number of processors: 412:02:40.0459 5592 Page size: 0x100012:02:40.0459 5592 Boot type: Normal boot12:02:40.0459 5592 ============================================================12:02:41.0239 5592 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005012:02:41.0239 5592 ============================================================12:02:41.0239 5592 \Device\Harddisk0\DR0:12:02:41.0239 5592 MBR partitions:12:02:41.0239 5592 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3200012:02:41.0239 5592 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E26B012:02:41.0239 5592 ============================================================12:02:41.0270 5592 C: <-> \Device\Harddisk0\DR0\Partition112:02:41.0270 5592 ============================================================12:02:41.0270 5592 Initialize success12:02:41.0270 5592 ============================================================12:02:46.0606 5888 ============================================================12:02:46.0606 5888 Scan started12:02:46.0606 5888 Mode: Manual;12:02:46.0606 5888 ============================================================12:02:51.0521 5888 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys12:02:51.0521 5888 1394ohci - ok12:02:51.0552 5888 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys12:02:51.0552 5888 ACPI - ok12:02:51.0583 5888 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys12:02:51.0583 5888 AcpiPmi - ok12:02:51.0630 5888 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\Windows\system32\drivers\adfs.sys12:02:51.0630 5888 adfs - ok12:02:51.0661 5888 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys12:02:51.0661 5888 adp94xx - ok12:02:51.0692 5888 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys12:02:51.0692 5888 adpahci - ok12:02:51.0724 5888 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys12:02:51.0724 5888 adpu320 - ok12:02:51.0755 5888 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll12:02:51.0755 5888 AeLookupSvc - ok12:02:51.0802 5888 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys12:02:51.0802 5888 AFD - ok12:02:51.0817 5888 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys12:02:51.0833 5888 agp440 - ok12:02:51.0848 5888 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys12:02:51.0848 5888 aic78xx - ok12:02:51.0911 5888 aksfridge (730e9d3bb324fb1899005aea63c6782d) C:\Windows\system32\drivers\aksfridge.sys12:02:51.0911 5888 aksfridge - ok12:02:51.0926 5888 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe12:02:51.0926 5888 ALG - ok12:02:51.0942 5888 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys12:02:51.0942 5888 aliide - ok12:02:51.0973 5888 AMD External Events Utility (b19505648f033393e907e2e419fde8b3) C:\Windows\system32\atiesrxx.exe12:02:51.0973 5888 AMD External Events Utility - ok12:02:51.0989 5888 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys12:02:51.0989 5888 amdagp - ok12:02:52.0020 5888 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys12:02:52.0020 5888 amdide - ok12:02:52.0036 5888 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys12:02:52.0036 5888 AmdK8 - ok12:02:52.0051 5888 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys12:02:52.0051 5888 AmdPPM - ok12:02:52.0082 5888 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys12:02:52.0082 5888 amdsata - ok12:02:52.0114 5888 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys12:02:52.0114 5888 amdsbs - ok12:02:52.0129 5888 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys12:02:52.0129 5888 amdxata - ok12:02:52.0254 5888 AMPAgent (f3d3fd6fdcd1b2b514fe71479f567320) C:\Program Files\Dell\KACE\AMPAgent.exe12:02:52.0254 5888 AMPAgent - ok12:02:52.0363 5888 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys12:02:52.0363 5888 AppID - ok12:02:52.0394 5888 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll12:02:52.0394 5888 AppIDSvc - ok12:02:52.0410 5888 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll12:02:52.0410 5888 Appinfo - ok12:02:52.0441 5888 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll12:02:52.0441 5888 AppMgmt - ok12:02:52.0472 5888 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys12:02:52.0472 5888 arc - ok12:02:52.0488 5888 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys12:02:52.0488 5888 arcsas - ok12:02:52.0519 5888 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys12:02:52.0519 5888 AsyncMac - ok12:02:52.0535 5888 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys12:02:52.0535 5888 atapi - ok12:02:52.0675 5888 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys12:02:52.0738 5888 atikmdag - ok12:02:52.0831 5888 ATMsrvc (523ca82a8810f4354e6425406afbc130) C:\Windows\System32\ATMsrvc.exe12:02:52.0831 5888 ATMsrvc - ok12:02:52.0863 5888 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll12:02:52.0863 5888 AudioEndpointBuilder - ok12:02:52.0863 5888 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll12:02:52.0863 5888 Audiosrv - ok12:02:52.0894 5888 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll12:02:52.0894 5888 AxInstSV - ok12:02:52.0941 5888 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys12:02:52.0941 5888 b06bdrv - ok12:02:52.0987 5888 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys12:02:52.0987 5888 b57nd60x - ok12:02:53.0034 5888 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll12:02:53.0034 5888 BDESVC - ok12:02:53.0034 5888 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys12:02:53.0034 5888 Beep - ok12:02:53.0097 5888 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\system32\qmgr.dll12:02:53.0112 5888 BITS - ok12:02:53.0159 5888 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys12:02:53.0159 5888 blbdrive - ok12:02:53.0206 5888 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys12:02:53.0206 5888 bowser - ok12:02:53.0221 5888 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys12:02:53.0221 5888 BrFiltLo - ok12:02:53.0237 5888 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys12:02:53.0237 5888 BrFiltUp - ok12:02:53.0299 5888 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys12:02:53.0299 5888 BridgeMP - ok12:02:53.0331 5888 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll12:02:53.0331 5888 Browser - ok12:02:53.0362 5888 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys12:02:53.0362 5888 Brserid - ok12:02:53.0393 5888 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys12:02:53.0393 5888 BrSerWdm - ok12:02:53.0409 5888 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys12:02:53.0409 5888 BrUsbMdm - ok12:02:53.0409 5888 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys12:02:53.0409 5888 BrUsbSer - ok12:02:53.0424 5888 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys12:02:53.0424 5888 BTHMODEM - ok12:02:53.0455 5888 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll12:02:53.0455 5888 bthserv - ok12:02:53.0487 5888 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys12:02:53.0487 5888 cdfs - ok12:02:53.0518 5888 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys12:02:53.0518 5888 cdrom - ok12:02:53.0549 5888 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll12:02:53.0549 5888 CertPropSvc - ok12:02:53.0580 5888 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys12:02:53.0580 5888 circlass - ok12:02:53.0596 5888 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys12:02:53.0596 5888 CLFS - ok12:02:53.0658 5888 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe12:02:53.0658 5888 clr_optimization_v2.0.50727_32 - ok12:02:53.0689 5888 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe12:02:53.0689 5888 clr_optimization_v4.0.30319_32 - ok12:02:53.0705 5888 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys12:02:53.0721 5888 CmBatt - ok12:02:53.0736 5888 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys12:02:53.0736 5888 cmdide - ok12:02:53.0767 5888 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys12:02:53.0767 5888 CNG - ok12:02:53.0783 5888 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys12:02:53.0783 5888 Compbatt - ok12:02:53.0814 5888 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys12:02:53.0814 5888 CompositeBus - ok12:02:53.0814 5888 COMSysApp - ok12:02:53.0830 5888 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys12:02:53.0830 5888 crcdisk - ok12:02:53.0861 5888 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll12:02:53.0861 5888 CryptSvc - ok12:02:53.0877 5888 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys12:02:53.0877 5888 CSC - ok12:02:53.0908 5888 CscService (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll12:02:53.0908 5888 CscService - ok12:02:53.0939 5888 Cwbrxd (06ff22f453f1c74dff504d3292f5d91c) C:\Windows\CWBRXD.EXE12:02:53.0939 5888 Cwbrxd - ok12:02:53.0970 5888 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll12:02:53.0970 5888 DcomLaunch - ok12:02:53.0986 5888 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll12:02:53.0986 5888 defragsvc - ok12:02:54.0048 5888 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys12:02:54.0048 5888 DfsC - ok12:02:54.0079 5888 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll12:02:54.0079 5888 Dhcp - ok12:02:54.0095 5888 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys12:02:54.0095 5888 discache - ok12:02:54.0142 5888 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys12:02:54.0142 5888 Disk - ok12:02:54.0173 5888 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll12:02:54.0173 5888 Dnscache - ok12:02:54.0189 5888 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll12:02:54.0189 5888 dot3svc - ok12:02:54.0220 5888 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys12:02:54.0220 5888 Dot4 - ok12:02:54.0251 5888 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys12:02:54.0251 5888 Dot4Print - ok12:02:54.0282 5888 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys12:02:54.0282 5888 dot4usb - ok12:02:54.0314 5888 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll12:02:54.0314 5888 DPS - ok12:02:54.0329 5888 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys12:02:54.0329 5888 drmkaud - ok12:02:54.0376 5888 DwMirror (383182215a2c238e76b86e3b5ede40eb) C:\Windows\system32\DRIVERS\DamewareMini.sys12:02:54.0376 5888 DwMirror - ok12:02:54.0392 5888 DWMRCS - ok12:02:54.0407 5888 dwvkbd (5a402c57f621114c99f813c6ae7bc37a) C:\Windows\system32\DRIVERS\dwvkbd.sys12:02:54.0407 5888 dwvkbd - ok12:02:54.0438 5888 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys12:02:54.0454 5888 DXGKrnl - ok12:02:54.0485 5888 e1kexpress (3d042b4c6fdde698a3d6bd0b6191c92f) C:\Windows\system32\DRIVERS\e1k6232.sys12:02:54.0485 5888 e1kexpress - ok12:02:54.0532 5888 eamonm (04cba07e73f152970fc34d66d3892e2a) C:\Windows\system32\DRIVERS\eamonm.sys12:02:54.0532 5888 eamonm - ok12:02:54.0548 5888 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll12:02:54.0548 5888 EapHost - ok12:02:54.0641 5888 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys12:02:54.0688 5888 ebdrv - ok12:02:54.0766 5888 EFI ES1000 (7d10cb5a6cdc761a0faa7730053a83d8) c:\Program Files\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe12:02:54.0766 5888 EFI ES1000 - ok12:02:54.0860 5888 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe12:02:54.0860 5888 EFS - ok12:02:54.0922 5888 ehdrv (fe7824239d132ad9ebd8645fe1199b30) C:\Windows\system32\DRIVERS\ehdrv.sys12:02:54.0922 5888 ehdrv - ok12:02:54.0984 5888 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe12:02:55.0000 5888 ehRecvr - ok12:02:55.0016 5888 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe12:02:55.0016 5888 ehSched - ok12:02:55.0062 5888 EhttpSrv (68d91a34ce51cf15c45dd68f7f1257e8) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe12:02:55.0062 5888 EhttpSrv - ok12:02:55.0125 5888 ekrn (191d8eccc40f05b52fac0513f35ba01d) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe12:02:55.0125 5888 ekrn - ok12:02:55.0203 5888 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys12:02:55.0203 5888 elxstor - ok12:02:55.0234 5888 epfwwfpr (ddb45f6371714601a43e8be38145be18) C:\Windows\system32\DRIVERS\epfwwfpr.sys12:02:55.0234 5888 epfwwfpr - ok12:02:55.0250 5888 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys12:02:55.0250 5888 ErrDev - ok12:02:55.0281 5888 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll12:02:55.0281 5888 EventSystem - ok12:02:55.0312 5888 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys12:02:55.0312 5888 exfat - ok12:02:55.0312 5888 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys12:02:55.0328 5888 fastfat - ok12:02:55.0359 5888 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe12:02:55.0359 5888 Fax - ok12:02:55.0374 5888 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys12:02:55.0374 5888 fdc - ok12:02:55.0390 5888 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll12:02:55.0390 5888 fdPHost - ok12:02:55.0390 5888 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll12:02:55.0406 5888 FDResPub - ok12:02:55.0468 5888 Fiery Bridge Mailbox Synchronization (8d9cd7634ff2227b4d6cafa0583288ac) C:\Program Files\Fiery\Fiery Bridge\x86\MailboxSyncService.exe12:02:55.0468 5888 Fiery Bridge Mailbox Synchronization - ok12:02:55.0484 5888 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys12:02:55.0484 5888 FileInfo - ok12:02:55.0499 5888 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys12:02:55.0499 5888 Filetrace - ok12:02:55.0546 5888 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe12:02:55.0562 5888 FLEXnet Licensing Service - ok12:02:55.0577 5888 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys12:02:55.0577 5888 flpydisk - ok12:02:55.0608 5888 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys12:02:55.0608 5888 FltMgr - ok12:02:55.0655 5888 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll12:02:55.0655 5888 FontCache - ok12:02:55.0718 5888 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe12:02:55.0718 5888 FontCache3.0.0.0 - ok12:02:55.0733 5888 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys12:02:55.0749 5888 FsDepends - ok12:02:55.0749 5888 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys12:02:55.0749 5888 Fs_Rec - ok12:02:55.0780 5888 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys12:02:55.0780 5888 fvevol - ok12:02:55.0811 5888 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys12:02:55.0811 5888 gagp30kx - ok12:02:55.0843 5888 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll12:02:55.0843 5888 gpsvc - ok12:02:55.0921 5888 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe12:02:55.0921 5888 gupdate - ok12:02:55.0921 5888 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe12:02:55.0921 5888 gupdatem - ok12:02:55.0999 5888 hardlock (a9d587e31dbee3e9bd97fefece0ba874) C:\Windows\system32\drivers\hardlock.sys12:02:56.0014 5888 hardlock - ok12:02:56.0014 5888 hasplms - ok12:02:56.0030 5888 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys12:02:56.0030 5888 hcw85cir - ok12:02:56.0077 5888 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys12:02:56.0077 5888 HdAudAddService - ok12:02:56.0092 5888 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys12:02:56.0092 5888 HDAudBus - ok12:02:56.0123 5888 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys12:02:56.0139 5888 HECI - ok12:02:56.0139 5888 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys12:02:56.0139 5888 HidBatt - ok12:02:56.0170 5888 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys12:02:56.0170 5888 HidBth - ok12:02:56.0186 5888 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys12:02:56.0186 5888 HidIr - ok12:02:56.0217 5888 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll12:02:56.0217 5888 hidserv - ok12:02:56.0264 5888 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys12:02:56.0264 5888 HidUsb - ok12:02:56.0295 5888 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll12:02:56.0295 5888 hkmsvc - ok12:02:56.0311 5888 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll12:02:56.0311 5888 HomeGroupListener - ok12:02:56.0342 5888 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll12:02:56.0342 5888 HomeGroupProvider - ok12:02:56.0357 5888 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys12:02:56.0357 5888 HpSAMD - ok12:02:56.0404 5888 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys12:02:56.0404 5888 HTTP - ok12:02:56.0420 5888 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys12:02:56.0420 5888 hwpolicy - ok12:02:56.0685 5888 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys12:02:56.0701 5888 i8042prt - ok12:02:56.0747 5888 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys12:02:56.0747 5888 iaStorV - ok12:02:56.0825 5888 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe12:02:56.0825 5888 IDriverT - ok12:02:56.0903 5888 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe12:02:56.0919 5888 idsvc - ok12:02:56.0966 5888 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys12:02:56.0966 5888 iirsp - ok12:02:57.0013 5888 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll12:02:57.0013 5888 IKEEXT - ok12:02:57.0028 5888 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys12:02:57.0044 5888 intelide - ok12:02:57.0059 5888 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys12:02:57.0059 5888 intelppm - ok12:02:57.0075 5888 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll12:02:57.0075 5888 IPBusEnum - ok12:02:57.0091 5888 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys12:02:57.0091 5888 IpFilterDriver - ok12:02:57.0106 5888 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll12:02:57.0122 5888 iphlpsvc - ok12:02:57.0137 5888 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys12:02:57.0137 5888 IPMIDRV - ok12:02:57.0153 5888 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys12:02:57.0153 5888 IPNAT - ok12:02:57.0169 5888 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys12:02:57.0184 5888 IRENUM - ok12:02:57.0200 5888 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys12:02:57.0200 5888 isapnp - ok12:02:57.0231 5888 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys12:02:57.0231 5888 iScsiPrt - ok12:02:57.0293 5888 JuniperAccessService (f476e9c7d58a4937612040f3b0e11912) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe12:02:57.0293 5888 JuniperAccessService - ok12:02:57.0325 5888 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys12:02:57.0325 5888 kbdclass - ok12:02:57.0356 5888 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys12:02:57.0356 5888 kbdhid - ok12:02:57.0387 5888 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe12:02:57.0387 5888 KeyIso - ok12:02:57.0403 5888 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys12:02:57.0403 5888 KSecDD - ok12:02:57.0418 5888 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys12:02:57.0418 5888 KSecPkg - ok12:02:57.0449 5888 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll12:02:57.0465 5888 KtmRm - ok12:02:57.0496 5888 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\System32\srvsvc.dll12:02:57.0496 5888 LanmanServer - ok12:02:57.0528 5888 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll12:02:57.0528 5888 LanmanWorkstation - ok12:02:57.0543 5888 Lavasoft Kernexplorer - ok12:02:57.0574 5888 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys12:02:57.0574 5888 lltdio - ok12:02:57.0606 5888 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll12:02:57.0606 5888 lltdsvc - ok12:02:57.0621 5888 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll12:02:57.0621 5888 lmhosts - ok12:02:57.0652 5888 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys12:02:57.0652 5888 LSI_FC - ok12:02:57.0668 5888 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys12:02:57.0668 5888 LSI_SAS - ok12:02:57.0684 5888 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys12:02:57.0684 5888 LSI_SAS2 - ok12:02:57.0699 5888 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys12:02:57.0699 5888 LSI_SCSI - ok12:02:57.0730 5888 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys12:02:57.0730 5888 luafv - ok12:02:57.0762 5888 mbamchameleon (5dc35c6ecff38c91db3511c63d0000d9) C:\Windows\system32\drivers\mbamchameleon.sys12:02:57.0762 5888 mbamchameleon - ok12:02:57.0777 5888 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll12:02:57.0777 5888 Mcx2Svc - ok12:02:57.0855 5888 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe12:02:57.0855 5888 MDM - ok12:02:57.0871 5888 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys12:02:57.0871 5888 megasas - ok12:02:57.0902 5888 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys12:02:57.0918 5888 MegaSR - ok12:02:57.0980 5888 Microsoft SharePoint Workspace Audit Service - ok12:02:57.0996 5888 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll12:02:57.0996 5888 MMCSS - ok12:02:58.0011 5888 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys12:02:58.0011 5888 Modem - ok12:02:58.0042 5888 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys12:02:58.0042 5888 monitor - ok12:02:58.0058 5888 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys12:02:58.0058 5888 mouclass - ok12:02:58.0089 5888 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys12:02:58.0089 5888 mouhid - ok12:02:58.0105 5888 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys12:02:58.0105 5888 mountmgr - ok12:02:58.0136 5888 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys12:02:58.0136 5888 mpio - ok12:02:58.0136 5888 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys12:02:58.0136 5888 mpsdrv - ok12:02:58.0152 5888 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys12:02:58.0152 5888 MRxDAV - ok12:02:58.0198 5888 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys12:02:58.0198 5888 mrxsmb - ok12:02:58.0230 5888 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys12:02:58.0230 5888 mrxsmb10 - ok12:02:58.0245 5888 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys12:02:58.0245 5888 mrxsmb20 - ok12:02:58.0261 5888 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys12:02:58.0261 5888 msahci - ok12:02:58.0276 5888 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys12:02:58.0276 5888 msdsm - ok12:02:58.0292 5888 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe12:02:58.0292 5888 MSDTC - ok12:02:58.0323 5888 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys12:02:58.0323 5888 Msfs - ok12:02:58.0339 5888 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys12:02:58.0339 5888 mshidkmdf - ok12:02:58.0354 5888 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys12:02:58.0354 5888 msisadrv - ok12:02:58.0386 5888 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll12:02:58.0386 5888 MSiSCSI - ok12:02:58.0386 5888 msiserver - ok12:02:58.0432 5888 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys12:02:58.0432 5888 MSKSSRV - ok12:02:58.0432 5888 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys12:02:58.0432 5888 MSPCLOCK - ok12:02:58.0448 5888 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys12:02:58.0448 5888 MSPQM - ok12:02:58.0464 5888 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys12:02:58.0464 5888 MsRPC - ok12:02:58.0479 5888 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys12:02:58.0495 5888 mssmbios - ok12:02:58.0510 5888 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys12:02:58.0510 5888 MSTEE - ok12:02:58.0526 5888 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys12:02:58.0526 5888 MTConfig - ok12:02:58.0542 5888 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys12:02:58.0542 5888 Mup - ok12:02:58.0573 5888 NAL (cbbbbcace1abda7336410df4ab3c74d7) C:\Windows\system32\Drivers\iqvw32.sys12:02:58.0573 5888 NAL - ok12:02:58.0604 5888 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll12:02:58.0604 5888 napagent - ok12:02:58.0651 5888 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys12:02:58.0651 5888 NativeWifiP - ok12:02:58.0698 5888 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys12:02:58.0713 5888 NDIS - ok12:02:58.0729 5888 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys12:02:58.0729 5888 NdisCap - ok12:02:58.0744 5888 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys12:02:58.0744 5888 NdisTapi - ok12:02:58.0760 5888 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys12:02:58.0760 5888 Ndisuio - ok12:02:58.0776 5888 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys12:02:58.0776 5888 NdisWan - ok12:02:58.0791 5888 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys12:02:58.0791 5888 NDProxy - ok12:02:58.0822 5888 NEOFLTR_650_15551 (4647fc4045012d54c0b3bbf848887734) C:\Windows\system32\Drivers\NEOFLTR_650_15551.SYS12:02:58.0822 5888 NEOFLTR_650_15551 - ok12:02:58.0869 5888 Net Driver HPZ12 (f7c14f5077bf2bc476c348b88a7f74e2) C:\Windows\system32\HPZinw12.dll12:02:58.0869 5888 Net Driver HPZ12 - ok12:02:58.0900 5888 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys12:02:58.0900 5888 NetBIOS - ok12:02:58.0916 5888 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys12:02:58.0916 5888 NetBT - ok12:02:58.0947 5888 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe12:02:58.0947 5888 Netlogon - ok12:02:58.0978 5888 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll12:02:58.0978 5888 Netman - ok12:02:59.0010 5888 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll12:02:59.0010 5888 netprofm - ok12:02:59.0072 5888 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe12:02:59.0088 5888 NetTcpPortSharing - ok12:02:59.0166 5888 NewWorldUpdaterService (619fb0ba9f6451c9a8de0ef35944ac4d) C:\Program Files\New World Systems\New World Automatic Updater\NewWorld.Management.Updater.Service.exe12:02:59.0166 5888 NewWorldUpdaterService - ok12:02:59.0213 5888 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys12:02:59.0213 5888 nfrd960 - ok12:02:59.0228 5888 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll12:02:59.0244 5888 NlaSvc - ok12:02:59.0259 5888 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys12:02:59.0259 5888 Npfs - ok12:02:59.0275 5888 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll12:02:59.0275 5888 nsi - ok12:02:59.0291 5888 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys12:02:59.0306 5888 nsiproxy - ok12:02:59.0384 5888 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys12:02:59.0415 5888 Ntfs - ok12:02:59.0493 5888 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys12:02:59.0493 5888 Null - ok12:02:59.0525 5888 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys12:02:59.0525 5888 nvraid - ok12:02:59.0556 5888 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys12:02:59.0556 5888 nvstor - ok12:02:59.0587 5888 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys12:02:59.0587 5888 nv_agp - ok12:02:59.0665 5888 NWClientUpdate (63afd786477de10ab499c4e661330df9) C:\Program Files\New World Systems\Aegis MSP\NWClientUpdate.exe12:02:59.0665 5888 NWClientUpdate - ok12:02:59.0681 5888 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys12:02:59.0681 5888 ohci1394 - ok12:02:59.0743 5888 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE12:02:59.0759 5888 ose - ok12:02:59.0899 5888 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE12:02:59.0977 5888 osppsvc - ok12:03:00.0071 5888 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll12:03:00.0071 5888 p2pimsvc - ok12:03:00.0102 5888 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll12:03:00.0102 5888 p2psvc - ok12:03:00.0133 5888 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys12:03:00.0133 5888 Parport - ok12:03:00.0149 5888 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys12:03:00.0149 5888 partmgr - ok12:03:00.0164 5888 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys12:03:00.0164 5888 Parvdm - ok12:03:00.0180 5888 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll12:03:00.0180 5888 PcaSvc - ok12:03:00.0211 5888 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys12:03:00.0211 5888 pci - ok12:03:00.0227 5888 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys12:03:00.0227 5888 pciide - ok12:03:00.0258 5888 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys12:03:00.0258 5888 pcmcia - ok12:03:00.0273 5888 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys12:03:00.0273 5888 pcw - ok12:03:00.0305 5888 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys12:03:00.0305 5888 PEAUTH - ok12:03:00.0351 5888 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll12:03:00.0367 5888 PeerDistSvc - ok12:03:00.0414 5888 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll12:03:00.0445 5888 pla - ok12:03:00.0539 5888 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll12:03:00.0554 5888 PlugPlay - ok12:03:00.0601 5888 Pml Driver HPZ12 (e638656001c52a1faa34f92e6d3a086b) C:\Windows\system32\HPZipm12.dll12:03:00.0601 5888 Pml Driver HPZ12 - ok12:03:00.0632 5888 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll12:03:00.0632 5888 PNRPAutoReg - ok12:03:00.0648 5888 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll12:03:00.0648 5888 PNRPsvc - ok12:03:00.0679 5888 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll12:03:00.0679 5888 PolicyAgent - ok12:03:00.0710 5888 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll12:03:00.0710 5888 Power - ok12:03:00.0757 5888 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys12:03:00.0757 5888 PptpMiniport - ok12:03:00.0773 5888 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys12:03:00.0773 5888 Processor - ok12:03:00.0804 5888 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll12:03:00.0820 5888 ProfSvc - ok12:03:00.0835 5888 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe12:03:00.0835 5888 ProtectedStorage - ok12:03:00.0866 5888 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys12:03:00.0866 5888 Psched - ok12:03:00.0913 5888 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys12:03:00.0929 5888 ql2300 - ok12:03:01.0007 5888 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys12:03:01.0007 5888 ql40xx - ok12:03:01.0038 5888 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll12:03:01.0038 5888 QWAVE - ok12:03:01.0054 5888 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys12:03:01.0054 5888 QWAVEdrv - ok12:03:01.0054 5888 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys12:03:01.0054 5888 RasAcd - ok12:03:01.0085 5888 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys12:03:01.0100 5888 RasAgileVpn - ok12:03:01.0116 5888 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll12:03:01.0116 5888 RasAuto - ok12:03:01.0132 5888 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys12:03:01.0132 5888 Rasl2tp - ok12:03:01.0178 5888 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll12:03:01.0178 5888 RasMan - ok12:03:01.0210 5888 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys12:03:01.0225 5888 RasPppoe - ok12:03:01.0225 5888 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys12:03:01.0225 5888 RasSstp - ok12:03:01.0241 5888 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys12:03:01.0241 5888 rdbss - ok12:03:01.0272 5888 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys12:03:01.0272 5888 rdpbus - ok12:03:01.0288 5888 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys12:03:01.0288 5888 RDPCDD - ok12:03:01.0288 5888 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys12:03:01.0288 5888 RDPDR - ok12:03:01.0303 5888 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys12:03:01.0303 5888 RDPENCDD - ok12:03:01.0319 5888 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys12:03:01.0319 5888 RDPREFMP - ok12:03:01.0350 5888 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\Windows\system32\drivers\RDPWD.sys12:03:01.0350 5888 RDPWD - ok12:03:01.0381 5888 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys12:03:01.0381 5888 rdyboost - ok12:03:01.0397 5888 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll12:03:01.0397 5888 RemoteAccess - ok12:03:01.0428 5888 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll12:03:01.0428 5888 RemoteRegistry - ok12:03:01.0444 5888 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll12:03:01.0459 5888 RpcEptMapper - ok12:03:01.0475 5888 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe12:03:01.0475 5888 RpcLocator - ok12:03:01.0490 5888 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll12:03:01.0490 5888 RpcSs - ok12:03:01.0522 5888 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys12:03:01.0522 5888 rspndr - ok12:03:01.0537 5888 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys12:03:01.0537 5888 s3cap - ok12:03:01.0568 5888 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe12:03:01.0568 5888 SamSs - ok12:03:01.0600 5888 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys12:03:01.0600 5888 sbp2port - ok12:03:01.0631 5888 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll12:03:01.0631 5888 SCardSvr - ok12:03:01.0646 5888 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys12:03:01.0646 5888 scfilter - ok12:03:01.0709 5888 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll12:03:01.0709 5888 Schedule - ok12:03:01.0865 5888 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll12:03:01.0865 5888 SCPolicySvc - ok12:03:01.0912 5888 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll12:03:01.0912 5888 SDRSVC - ok12:03:01.0943 5888 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys12:03:01.0943 5888 secdrv - ok12:03:01.0958 5888 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll12:03:01.0974 5888 seclogon - ok12:03:02.0005 5888 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll12:03:02.0005 5888 SENS - ok12:03:02.0021 5888 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll12:03:02.0021 5888 SensrSvc - ok12:03:02.0052 5888 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys12:03:02.0052 5888 Serenum - ok12:03:02.0052 5888 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys12:03:02.0068 5888 Serial - ok12:03:02.0083 5888 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys12:03:02.0083 5888 sermouse - ok12:03:02.0099 5888 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll12:03:02.0099 5888 SessionEnv - ok12:03:02.0114 5888 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys12:03:02.0114 5888 sffdisk - ok12:03:02.0130 5888 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys12:03:02.0130 5888 sffp_mmc - ok12:03:02.0146 5888 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys12:03:02.0146 5888 sffp_sd - ok12:03:02.0161 5888 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys12:03:02.0161 5888 sfloppy - ok12:03:02.0239 5888 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll12:03:02.0255 5888 ShellHWDetection - ok12:03:02.0270 5888 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys12:03:02.0270 5888 sisagp - ok12:03:02.0302 5888 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys12:03:02.0302 5888 SiSRaid2 - ok12:03:02.0317 5888 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys12:03:02.0317 5888 SiSRaid4 - ok12:03:02.0348 5888 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys12:03:02.0348 5888 Smb - ok12:03:02.0380 5888 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe12:03:02.0380 5888 SNMPTRAP - ok12:03:02.0395 5888 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys12:03:02.0395 5888 spldr - ok12:03:02.0427 5888 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe12:03:02.0427 5888 Spooler - ok12:03:02.0505 5888 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe12:03:02.0551 5888 sppsvc - ok12:03:02.0614 5888 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll12:03:02.0614 5888 sppuinotify - ok12:03:02.0676 5888 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys12:03:02.0676 5888 srv - ok12:03:02.0707 5888 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys12:03:02.0707 5888 srv2 - ok12:03:02.0723 5888 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys12:03:02.0723 5888 srvnet - ok12:03:02.0754 5888 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll12:03:02.0754 5888 SSDPSRV - ok12:03:02.0770 5888 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll12:03:02.0770 5888 SstpSvc - ok12:03:02.0801 5888 staccel (463bac682ba75050a5a93025b9cc52c2) C:\Windows\system32\DRIVERS\staccel.sys12:03:02.0801 5888 staccel - ok12:03:02.0817 5888 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys12:03:02.0817 5888 stexstor - ok12:03:02.0848 5888 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll12:03:02.0848 5888 StiSvc - ok12:03:02.0879 5888 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys12:03:02.0879 5888 storflt - ok12:03:02.0895 5888 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll12:03:02.0895 5888 StorSvc - ok12:03:02.0910 5888 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys12:03:02.0910 5888 storvsc - ok12:03:02.0926 5888 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys12:03:02.0926 5888 swenum - ok12:03:02.0941 5888 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll12:03:02.0957 5888 swprv - ok12:03:02.0988 5888 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll12:03:02.0988 5888 SysMain - ok12:03:03.0004 5888 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll12:03:03.0004 5888 TabletInputService - ok12:03:03.0019 5888 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll12:03:03.0035 5888 TapiSrv - ok12:03:03.0051 5888 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll12:03:03.0051 5888 TBS - ok12:03:03.0113 5888 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys12:03:03.0144 5888 Tcpip - ok12:03:03.0285 5888 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys12:03:03.0285 5888 TCPIP6 - ok12:03:03.0378 5888 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys12:03:03.0394 5888 tcpipreg - ok12:03:03.0394 5888 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys12:03:03.0394 5888 TDPIPE - ok12:03:03.0425 5888 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys12:03:03.0425 5888 TDTCP - ok12:03:03.0456 5888 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys12:03:03.0456 5888 tdx - ok12:03:03.0472 5888 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys12:03:03.0472 5888 TermDD - ok12:03:03.0519 5888 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll12:03:03.0519 5888 TermService - ok12:03:03.0534 5888 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll12:03:03.0534 5888 Themes - ok12:03:03.0565 5888 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll12:03:03.0565 5888 THREADORDER - ok12:03:03.0597 5888 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys12:03:03.0597 5888 TPM - ok12:03:03.0612 5888 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll12:03:03.0628 5888 TrkWks - ok12:03:03.0659 5888 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe12:03:03.0659 5888 TrustedInstaller - ok12:03:03.0690 5888 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys12:03:03.0690 5888 tssecsrv - ok12:03:03.0706 5888 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys12:03:03.0706 5888 tunnel - ok12:03:03.0737 5888 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys12:03:03.0737 5888 uagp35 - ok12:03:03.0768 5888 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys12:03:03.0768 5888 udfs - ok12:03:03.0799 5888 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe12:03:03.0799 5888 UI0Detect - ok12:03:03.0831 5888 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys12:03:03.0831 5888 uliagpkx - ok12:03:03.0862 5888 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys12:03:03.0862 5888 umbus - ok12:03:03.0877 5888 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys12:03:03.0877 5888 UmPass - ok12:03:03.0909 5888 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll12:03:03.0909 5888 UmRdpService - ok12:03:03.0924 5888 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll12:03:03.0924 5888 upnphost - ok12:03:04.0018 5888 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys12:03:04.0034 5888 usbccgp - ok12:03:04.0158 5888 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys12:03:04.0174 5888 usbcir - ok12:03:04.0205 5888 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys12:03:04.0221 5888 usbehci - ok12:03:04.0252 5888 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys12:03:04.0252 5888 usbhub - ok12:03:04.0268 5888 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys12:03:04.0268 5888 usbohci - ok12:03:04.0299 5888 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys12:03:04.0299 5888 usbprint - ok12:03:04.0314 5888 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS12:03:04.0314 5888 USBSTOR - ok12:03:04.0361 5888 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys12:03:04.0361 5888 usbuhci - ok12:03:04.0392 5888 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll12:03:04.0392 5888 UxSms - ok12:03:04.0439 5888 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe12:03:04.0439 5888 VaultSvc - ok12:03:04.0470 5888 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys12:03:04.0470 5888 vdrvroot - ok12:03:04.0502 5888 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe12:03:04.0502 5888 vds - ok12:03:04.0580 5888 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys12:03:04.0580 5888 vga - ok12:03:04.0595 5888 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys12:03:04.0595 5888 VgaSave - ok12:03:04.0626 5888 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys12:03:04.0626 5888 vhdmp - ok12:03:04.0689 5888 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys12:03:04.0689 5888 viaagp - ok12:03:04.0720 5888 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys12:03:04.0736 5888 ViaC7 - ok12:03:04.0751 5888 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys12:03:04.0751 5888 viaide - ok12:03:04.0798 5888 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys12:03:04.0798 5888 vmbus - ok12:03:04.0829 5888 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys12:03:04.0829 5888 VMBusHID - ok12:03:04.0845 5888 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys12:03:04.0860 5888 volmgr - ok12:03:04.0907 5888 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys12:03:04.0907 5888 volmgrx - ok12:03:04.0938 5888 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys12:03:04.0938 5888 volsnap - ok12:03:04.0970 5888 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys12:03:04.0970 5888 vsmraid - ok12:03:05.0016 5888 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe12:03:05.0032 5888 VSS - ok12:03:05.0063 5888 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys12:03:05.0063 5888 vwifibus - ok12:03:05.0079 5888 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll12:03:05.0079 5888 W32Time - ok12:03:05.0110 5888 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys12:03:05.0110 5888 WacomPen - ok12:03:05.0126 5888 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys12:03:05.0126 5888 WANARP - ok12:03:05.0141 5888 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys12:03:05.0141 5888 Wanarpv6 - ok12:03:05.0204 5888 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe12:03:05.0235 5888 WatAdminSvc - ok12:03:05.0344 5888 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe12:03:05.0360 5888 wbengine - ok12:03:05.0391 5888 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll12:03:05.0406 5888 WbioSrvc - ok12:03:05.0438 5888 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll12:03:05.0438 5888 wcncsvc - ok12:03:05.0469 5888 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll12:03:05.0469 5888 WcsPlugInService - ok12:03:05.0516 5888 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys12:03:05.0516 5888 Wd - ok12:03:05.0547 5888 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys12:03:05.0547 5888 Wdf01000 - ok12:03:05.0578 5888 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll12:03:05.0578 5888 WdiServiceHost - ok12:03:05.0578 5888 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll12:03:05.0578 5888 WdiSystemHost - ok12:03:05.0625 5888 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll12:03:05.0625 5888 WebClient - ok12:03:05.0640 5888 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll12:03:05.0640 5888 Wecsvc - ok12:03:05.0656 5888 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll12:03:05.0656 5888 wercplsupport - ok12:03:05.0672 5888 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll12:03:05.0672 5888 WerSvc - ok12:03:05.0719 5888 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys12:03:05.0719 5888 WfpLwf - ok12:03:05.0719 5888 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys12:03:05.0719 5888 WIMMount - ok12:03:05.0781 5888 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll12:03:05.0781 5888 WinDefend - ok12:03:05.0781 5888 WinHttpAutoProxySvc - ok12:03:05.0828 5888 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll12:03:05.0828 5888 Winmgmt - ok12:03:05.0875 5888 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll12:03:05.0890 5888 WinRM - ok12:03:05.0921 5888 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll12:03:05.0937 5888 Wlansvc - ok12:03:05.0984 5888 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys12:03:05.0984 5888 WmiAcpi - ok12:03:06.0031 5888 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe12:03:06.0046 5888 wmiApSrv - ok12:03:06.0109 5888 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe12:03:06.0124 5888 WMPNetworkSvc - ok12:03:06.0218 5888 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll12:03:06.0218 5888 WPCSvc - ok12:03:06.0218 5888 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll12:03:06.0233 5888 WPDBusEnum - ok12:03:06.0249 5888 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys12:03:06.0265 5888 ws2ifsl - ok12:03:06.0296 5888 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\system32\wscsvc.dll12:03:06.0296 5888 wscsvc - ok12:03:06.0296 5888 WSearch - ok12:03:06.0358 5888 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll12:03:06.0374 5888 wuauserv - ok12:03:06.0483 5888 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys12:03:06.0483 5888 WudfPf - ok12:03:06.0514 5888 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys12:03:06.0514 5888 WUDFRd - ok12:03:06.0545 5888 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll12:03:06.0545 5888 wudfsvc - ok12:03:06.0561 5888 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll12:03:06.0561 5888 WwanSvc - ok12:03:06.0577 5888 ztoiwqog - ok12:03:06.0592 5888 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR012:03:06.0623 5888 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected12:03:06.0623 5888 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)12:03:06.0639 5888 Boot (0x1200) (bc8cfa994a06c0eeaccdb54a1d7ffa2f) \Device\Harddisk0\DR0\Partition012:03:06.0639 5888 \Device\Harddisk0\DR0\Partition0 - ok12:03:06.0655 5888 Boot (0x1200) (e462baacba48c3ee6011a027b357dd9d) \Device\Harddisk0\DR0\Partition112:03:06.0655 5888 \Device\Harddisk0\DR0\Partition1 - ok12:03:06.0655 5888 ============================================================12:03:06.0655 5888 Scan finished12:03:06.0655 5888 ============================================================12:03:06.0655 4108 Detected object count: 112:03:06.0655 4108 Actual detected object count: 112:03:49.0934 4108 \Device\Harddisk0\DR0\# - copied to quarantine12:03:49.0934 4108 \Device\Harddisk0\DR0 - copied to quarantine12:03:50.0012 4108 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine12:03:50.0012 4108 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine12:03:50.0012 4108 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine12:03:50.0012 4108 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine12:03:50.0028 4108 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine12:03:50.0028 4108 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine12:03:50.0028 4108 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine12:03:50.0044 4108 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine12:03:50.0044 4108 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine12:03:50.0044 4108 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine12:03:50.0059 4108 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine12:03:50.0059 4108 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine12:03:50.0075 4108 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine12:03:50.0106 4108 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine12:03:50.0106 4108 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine12:03:50.0122 4108 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine12:03:50.0122 4108 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine12:03:50.0184 4108 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine12:03:50.0200 4108 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine12:03:50.0215 4108 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine12:03:50.0340 4108 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine12:03:50.0356 4108 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine12:03:50.0356 4108 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot12:03:50.0402 4108 \Device\Harddisk0\DR0 - ok12:03:50.0621 4108 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure12:04:05.0084 5996 Deinitialize success Link to post Share on other sites More sharing options...
Staff CatByte Posted May 18, 2012 Staff ID:552670 Share Posted May 18, 2012 very good, the chameleon folder was my next step!see if you can get ComboFix to run now, download a fresh copy firstmake sure your security programs are disabled before running it Link to post Share on other sites More sharing options...
c4poa Posted May 18, 2012 Author ID:552676 Share Posted May 18, 2012 Do I perhaps need to put Combofix in the chameleon folder too? It still does not appear to be running after the initial decompress window that pops up for a shore time? Link to post Share on other sites More sharing options...
Staff CatByte Posted May 18, 2012 Staff ID:552679 Share Posted May 18, 2012 Delete the copy you have on your desktop and download a fresh copy but rename it to svchost.exe before saving ittry running it first without the chameleon folder, if it still wont run, try it in the chameleon folder, if it still wont run, try running it in safe mode.There must still be some active malware even after TDSSKiller quarantined a number of bad files.To Enter Safemode Go to Start> Shut off your Computer> RestartAs the computer starts to boot-up, Tap the F8 KEY repeatedly,this will bring up a menu.Use the Up and Down Arrow Keys to scroll up to Safemode Then press the Enter Key on your Keyboard go into your usual accountIf still no joy,re-run TDSSKiller,when the window opens, click on Change Parametersunder ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”click OK Press Start ScanIf Malicious objects are found then ensure Cure is selectedIf TDLFS File System is found then ensure Delete is selectedThen click Continue > Reboot now[*]Copy and paste the log in your next replyA copy of the log will be saved automatically to the root of the drive (typically C:\) Link to post Share on other sites More sharing options...
c4poa Posted May 18, 2012 Author ID:552683 Share Posted May 18, 2012 Here is the log file after the second time I ran TDSKiller from chameleon earlier. Maybe you can see something that will help us. I'll proceed with last instructions...12:18:03.0299 1048 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:5712:18:03.0798 1048 ============================================================12:18:03.0798 1048 Current date / time: 2012/05/18 12:18:03.079812:18:03.0798 1048 SystemInfo:12:18:03.0798 1048 12:18:03.0798 1048 OS Version: 6.1.7600 ServicePack: 0.012:18:03.0798 1048 Product type: Workstation12:18:03.0798 1048 ComputerName: CSMSW829412:18:03.0798 1048 UserName: isck12:18:03.0798 1048 Windows directory: C:\Windows12:18:03.0798 1048 System windows directory: C:\Windows12:18:03.0798 1048 Processor architecture: Intel x8612:18:03.0798 1048 Number of processors: 412:18:03.0798 1048 Page size: 0x100012:18:03.0798 1048 Boot type: Normal boot12:18:03.0798 1048 ============================================================12:18:04.0828 1048 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005012:18:04.0828 1048 ============================================================12:18:04.0828 1048 \Device\Harddisk0\DR0:12:18:04.0828 1048 MBR partitions:12:18:04.0828 1048 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3200012:18:04.0828 1048 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E26B012:18:04.0828 1048 ============================================================12:18:04.0859 1048 C: <-> \Device\Harddisk0\DR0\Partition112:18:04.0859 1048 ============================================================12:18:04.0859 1048 Initialize success12:18:04.0859 1048 ============================================================12:18:06.0544 1680 ============================================================12:18:06.0544 1680 Scan started12:18:06.0544 1680 Mode: Manual;12:18:06.0544 1680 ============================================================12:18:09.0805 1680 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys12:18:09.0820 1680 1394ohci - ok12:18:09.0852 1680 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys12:18:09.0867 1680 ACPI - ok12:18:09.0883 1680 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys12:18:09.0898 1680 AcpiPmi - ok12:18:09.0930 1680 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\Windows\system32\drivers\adfs.sys12:18:09.0945 1680 adfs - ok12:18:09.0992 1680 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys12:18:10.0023 1680 adp94xx - ok12:18:10.0055 1680 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys12:18:10.0070 1680 adpahci - ok12:18:10.0086 1680 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys12:18:10.0101 1680 adpu320 - ok12:18:10.0117 1680 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll12:18:10.0133 1680 AeLookupSvc - ok12:18:10.0179 1680 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys12:18:10.0195 1680 AFD - ok12:18:10.0211 1680 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys12:18:10.0226 1680 agp440 - ok12:18:10.0257 1680 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys12:18:10.0273 1680 aic78xx - ok12:18:10.0320 1680 aksfridge (730e9d3bb324fb1899005aea63c6782d) C:\Windows\system32\drivers\aksfridge.sys12:18:10.0351 1680 aksfridge - ok12:18:10.0367 1680 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe12:18:10.0367 1680 ALG - ok12:18:10.0382 1680 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys12:18:10.0398 1680 aliide - ok12:18:10.0413 1680 AMD External Events Utility (b19505648f033393e907e2e419fde8b3) C:\Windows\system32\atiesrxx.exe12:18:10.0429 1680 AMD External Events Utility - ok12:18:10.0429 1680 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys12:18:10.0445 1680 amdagp - ok12:18:10.0476 1680 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys12:18:10.0491 1680 amdide - ok12:18:10.0554 1680 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys12:18:10.0569 1680 AmdK8 - ok12:18:10.0585 1680 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys12:18:10.0616 1680 AmdPPM - ok12:18:10.0663 1680 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys12:18:10.0679 1680 amdsata - ok12:18:10.0710 1680 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys12:18:10.0725 1680 amdsbs - ok12:18:10.0741 1680 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys12:18:10.0757 1680 amdxata - ok12:18:10.0897 1680 AMPAgent (f3d3fd6fdcd1b2b514fe71479f567320) C:\Program Files\Dell\KACE\AMPAgent.exe12:18:10.0913 1680 AMPAgent - ok12:18:10.0991 1680 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys12:18:11.0006 1680 AppID - ok12:18:11.0037 1680 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll12:18:11.0037 1680 AppIDSvc - ok12:18:11.0069 1680 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll12:18:11.0069 1680 Appinfo - ok12:18:11.0084 1680 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll12:18:11.0084 1680 AppMgmt - ok12:18:11.0115 1680 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys12:18:11.0131 1680 arc - ok12:18:11.0147 1680 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys12:18:11.0162 1680 arcsas - ok12:18:11.0193 1680 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys12:18:11.0209 1680 AsyncMac - ok12:18:11.0209 1680 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys12:18:11.0225 1680 atapi - ok12:18:11.0365 1680 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys12:18:11.0443 1680 atikmdag - ok12:18:11.0537 1680 ATMsrvc (523ca82a8810f4354e6425406afbc130) C:\Windows\System32\ATMsrvc.exe12:18:11.0552 1680 ATMsrvc - ok12:18:11.0583 1680 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll12:18:11.0583 1680 AudioEndpointBuilder - ok12:18:11.0583 1680 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll12:18:11.0583 1680 Audiosrv - ok12:18:11.0615 1680 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll12:18:11.0615 1680 AxInstSV - ok12:18:11.0677 1680 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys12:18:11.0677 1680 b06bdrv - ok12:18:11.0724 1680 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys12:18:11.0740 1680 b57nd60x - ok12:18:11.0771 1680 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll12:18:11.0771 1680 BDESVC - ok12:18:11.0802 1680 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys12:18:11.0818 1680 Beep - ok12:18:11.0833 1680 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\system32\qmgr.dll12:18:11.0849 1680 BITS - ok12:18:11.0864 1680 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys12:18:11.0880 1680 blbdrive - ok12:18:11.0911 1680 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys12:18:11.0927 1680 bowser - ok12:18:11.0942 1680 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys12:18:11.0958 1680 BrFiltLo - ok12:18:11.0958 1680 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys12:18:11.0958 1680 BrFiltUp - ok12:18:11.0989 1680 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys12:18:12.0020 1680 BridgeMP - ok12:18:12.0067 1680 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll12:18:12.0067 1680 Browser - ok12:18:12.0098 1680 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys12:18:12.0098 1680 Brserid - ok12:18:12.0130 1680 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys12:18:12.0130 1680 BrSerWdm - ok12:18:12.0145 1680 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys12:18:12.0145 1680 BrUsbMdm - ok12:18:12.0145 1680 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys12:18:12.0161 1680 BrUsbSer - ok12:18:12.0161 1680 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys12:18:12.0176 1680 BTHMODEM - ok12:18:12.0208 1680 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll12:18:12.0223 1680 bthserv - ok12:18:12.0239 1680 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys12:18:12.0254 1680 cdfs - ok12:18:12.0286 1680 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys12:18:12.0317 1680 cdrom - ok12:18:12.0332 1680 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll12:18:12.0348 1680 CertPropSvc - ok12:18:12.0364 1680 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys12:18:12.0364 1680 circlass - ok12:18:12.0379 1680 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys12:18:12.0395 1680 CLFS - ok12:18:12.0442 1680 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe12:18:12.0442 1680 clr_optimization_v2.0.50727_32 - ok12:18:12.0488 1680 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe12:18:12.0488 1680 clr_optimization_v4.0.30319_32 - ok12:18:12.0504 1680 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys12:18:12.0520 1680 CmBatt - ok12:18:12.0551 1680 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys12:18:12.0551 1680 cmdide - ok12:18:12.0582 1680 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys12:18:12.0598 1680 CNG - ok12:18:12.0613 1680 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys12:18:12.0613 1680 Compbatt - ok12:18:12.0644 1680 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys12:18:12.0644 1680 CompositeBus - ok12:18:12.0644 1680 COMSysApp - ok12:18:12.0660 1680 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys12:18:12.0676 1680 crcdisk - ok12:18:12.0707 1680 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll12:18:12.0707 1680 CryptSvc - ok12:18:12.0722 1680 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys12:18:12.0754 1680 CSC - ok12:18:12.0785 1680 CscService (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll12:18:12.0785 1680 CscService - ok12:18:12.0832 1680 Cwbrxd (06ff22f453f1c74dff504d3292f5d91c) C:\Windows\CWBRXD.EXE12:18:12.0832 1680 Cwbrxd - ok12:18:12.0863 1680 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll12:18:12.0863 1680 DcomLaunch - ok12:18:12.0878 1680 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll12:18:12.0878 1680 defragsvc - ok12:18:12.0941 1680 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys12:18:12.0956 1680 DfsC - ok12:18:12.0988 1680 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll12:18:13.0003 1680 Dhcp - ok12:18:13.0019 1680 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys12:18:13.0034 1680 discache - ok12:18:13.0050 1680 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys12:18:13.0066 1680 Disk - ok12:18:13.0097 1680 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll12:18:13.0097 1680 Dnscache - ok12:18:13.0128 1680 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll12:18:13.0128 1680 dot3svc - ok12:18:13.0159 1680 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys12:18:13.0191 1680 Dot4 - ok12:18:13.0206 1680 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys12:18:13.0222 1680 Dot4Print - ok12:18:13.0253 1680 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys12:18:13.0284 1680 dot4usb - ok12:18:13.0331 1680 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll12:18:13.0347 1680 DPS - ok12:18:13.0362 1680 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys12:18:13.0378 1680 drmkaud - ok12:18:13.0409 1680 DwMirror (383182215a2c238e76b86e3b5ede40eb) C:\Windows\system32\DRIVERS\DamewareMini.sys12:18:13.0409 1680 DwMirror - ok12:18:13.0440 1680 DWMRCS - ok12:18:13.0456 1680 dwvkbd (5a402c57f621114c99f813c6ae7bc37a) C:\Windows\system32\DRIVERS\dwvkbd.sys12:18:13.0471 1680 dwvkbd - ok12:18:13.0518 1680 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys12:18:13.0565 1680 DXGKrnl - ok12:18:13.0612 1680 e1kexpress (3d042b4c6fdde698a3d6bd0b6191c92f) C:\Windows\system32\DRIVERS\e1k6232.sys12:18:13.0627 1680 e1kexpress - ok12:18:13.0659 1680 eamonm (04cba07e73f152970fc34d66d3892e2a) C:\Windows\system32\DRIVERS\eamonm.sys12:18:13.0690 1680 eamonm - ok12:18:13.0690 1680 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll12:18:13.0705 1680 EapHost - ok12:18:13.0799 1680 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys12:18:13.0861 1680 ebdrv - ok12:18:13.0939 1680 EFI ES1000 (7d10cb5a6cdc761a0faa7730053a83d8) c:\Program Files\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe12:18:13.0939 1680 EFI ES1000 - ok12:18:14.0033 1680 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe12:18:14.0033 1680 EFS - ok12:18:14.0095 1680 ehdrv (fe7824239d132ad9ebd8645fe1199b30) C:\Windows\system32\DRIVERS\ehdrv.sys12:18:14.0111 1680 ehdrv - ok12:18:14.0189 1680 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe12:18:14.0189 1680 ehRecvr - ok12:18:14.0220 1680 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe12:18:14.0220 1680 ehSched - ok12:18:14.0267 1680 EhttpSrv (68d91a34ce51cf15c45dd68f7f1257e8) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe12:18:14.0267 1680 EhttpSrv - ok12:18:14.0329 1680 ekrn (191d8eccc40f05b52fac0513f35ba01d) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe12:18:14.0329 1680 ekrn - ok12:18:14.0407 1680 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys12:18:14.0439 1680 elxstor - ok12:18:14.0470 1680 epfwwfpr (ddb45f6371714601a43e8be38145be18) C:\Windows\system32\DRIVERS\epfwwfpr.sys12:18:14.0485 1680 epfwwfpr - ok12:18:14.0501 1680 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys12:18:14.0517 1680 ErrDev - ok12:18:14.0548 1680 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll12:18:14.0563 1680 EventSystem - ok12:18:14.0626 1680 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys12:18:14.0641 1680 exfat - ok12:18:14.0673 1680 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys12:18:14.0688 1680 fastfat - ok12:18:14.0735 1680 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe12:18:14.0735 1680 Fax - ok12:18:14.0766 1680 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys12:18:14.0798 1680 fdc - ok12:18:14.0829 1680 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll12:18:14.0829 1680 fdPHost - ok12:18:14.0844 1680 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll12:18:14.0844 1680 FDResPub - ok12:18:14.0922 1680 Fiery Bridge Mailbox Synchronization (8d9cd7634ff2227b4d6cafa0583288ac) C:\Program Files\Fiery\Fiery Bridge\x86\MailboxSyncService.exe12:18:14.0922 1680 Fiery Bridge Mailbox Synchronization - ok12:18:14.0954 1680 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys12:18:14.0969 1680 FileInfo - ok12:18:14.0985 1680 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys12:18:15.0000 1680 Filetrace - ok12:18:15.0047 1680 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe12:18:15.0047 1680 FLEXnet Licensing Service - ok12:18:15.0078 1680 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys12:18:15.0094 1680 flpydisk - ok12:18:15.0141 1680 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys12:18:15.0156 1680 FltMgr - ok12:18:15.0250 1680 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll12:18:15.0266 1680 FontCache - ok12:18:15.0359 1680 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe12:18:15.0359 1680 FontCache3.0.0.0 - ok12:18:15.0375 1680 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys12:18:15.0390 1680 FsDepends - ok12:18:15.0390 1680 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys12:18:15.0406 1680 Fs_Rec - ok12:18:15.0422 1680 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys12:18:15.0453 1680 fvevol - ok12:18:15.0468 1680 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys12:18:15.0484 1680 gagp30kx - ok12:18:15.0515 1680 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll12:18:15.0531 1680 gpsvc - ok12:18:15.0609 1680 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe12:18:15.0609 1680 gupdate - ok12:18:15.0609 1680 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe12:18:15.0609 1680 gupdatem - ok12:18:15.0671 1680 hardlock (a9d587e31dbee3e9bd97fefece0ba874) C:\Windows\system32\drivers\hardlock.sys12:18:15.0687 1680 hardlock - ok12:18:15.0687 1680 hasplms - ok12:18:15.0702 1680 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys12:18:15.0718 1680 hcw85cir - ok12:18:15.0749 1680 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys12:18:15.0780 1680 HdAudAddService - ok12:18:15.0796 1680 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys12:18:15.0812 1680 HDAudBus - ok12:18:15.0843 1680 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys12:18:15.0858 1680 HECI - ok12:18:15.0874 1680 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys12:18:15.0890 1680 HidBatt - ok12:18:15.0921 1680 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys12:18:15.0936 1680 HidBth - ok12:18:15.0952 1680 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys12:18:15.0968 1680 HidIr - ok12:18:15.0983 1680 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll12:18:15.0999 1680 hidserv - ok12:18:16.0014 1680 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys12:18:16.0030 1680 HidUsb - ok12:18:16.0046 1680 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll12:18:16.0046 1680 hkmsvc - ok12:18:16.0061 1680 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll12:18:16.0061 1680 HomeGroupListener - ok12:18:16.0077 1680 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll12:18:16.0092 1680 HomeGroupProvider - ok12:18:16.0108 1680 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys12:18:16.0139 1680 HpSAMD - ok12:18:16.0186 1680 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys12:18:16.0202 1680 HTTP - ok12:18:16.0217 1680 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys12:18:16.0233 1680 hwpolicy - ok12:18:16.0264 1680 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys12:18:16.0280 1680 i8042prt - ok12:18:16.0311 1680 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys12:18:16.0327 1680 iaStorV - ok12:18:16.0405 1680 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe12:18:16.0405 1680 IDriverT - ok12:18:16.0483 1680 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe12:18:16.0498 1680 idsvc - ok12:18:16.0561 1680 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys12:18:16.0576 1680 iirsp - ok12:18:16.0607 1680 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll12:18:16.0623 1680 IKEEXT - ok12:18:16.0654 1680 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys12:18:16.0670 1680 intelide - ok12:18:16.0717 1680 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys12:18:16.0732 1680 intelppm - ok12:18:16.0748 1680 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll12:18:16.0748 1680 IPBusEnum - ok12:18:16.0779 1680 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys12:18:16.0795 1680 IpFilterDriver - ok12:18:16.0810 1680 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll12:18:16.0810 1680 iphlpsvc - ok12:18:16.0841 1680 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys12:18:16.0857 1680 IPMIDRV - ok12:18:16.0873 1680 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys12:18:16.0904 1680 IPNAT - ok12:18:16.0935 1680 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys12:18:16.0951 1680 IRENUM - ok12:18:16.0982 1680 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys12:18:17.0013 1680 isapnp - ok12:18:17.0044 1680 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys12:18:17.0060 1680 iScsiPrt - ok12:18:17.0278 1680 JuniperAccessService (f476e9c7d58a4937612040f3b0e11912) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe12:18:17.0278 1680 JuniperAccessService - ok12:18:17.0341 1680 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys12:18:17.0356 1680 kbdclass - ok12:18:17.0387 1680 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys12:18:17.0403 1680 kbdhid - ok12:18:17.0450 1680 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe12:18:17.0450 1680 KeyIso - ok12:18:17.0481 1680 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys12:18:17.0481 1680 KSecDD - ok12:18:17.0497 1680 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys12:18:17.0512 1680 KSecPkg - ok12:18:17.0528 1680 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll12:18:17.0543 1680 KtmRm - ok12:18:17.0559 1680 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\System32\srvsvc.dll12:18:17.0559 1680 LanmanServer - ok12:18:17.0590 1680 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll12:18:17.0590 1680 LanmanWorkstation - ok12:18:17.0606 1680 Lavasoft Kernexplorer - ok12:18:17.0637 1680 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys12:18:17.0653 1680 lltdio - ok12:18:17.0668 1680 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll12:18:17.0668 1680 lltdsvc - ok12:18:17.0684 1680 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll12:18:17.0684 1680 lmhosts - ok12:18:17.0715 1680 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys12:18:17.0731 1680 LSI_FC - ok12:18:17.0746 1680 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys12:18:17.0762 1680 LSI_SAS - ok12:18:17.0777 1680 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys12:18:17.0809 1680 LSI_SAS2 - ok12:18:17.0840 1680 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys12:18:17.0856 1680 LSI_SCSI - ok12:18:17.0871 1680 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys12:18:17.0887 1680 luafv - ok12:18:17.0934 1680 mbamchameleon (5dc35c6ecff38c91db3511c63d0000d9) C:\Windows\system32\drivers\mbamchameleon.sys12:18:17.0934 1680 mbamchameleon - ok12:18:17.0949 1680 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll12:18:17.0949 1680 Mcx2Svc - ok12:18:18.0027 1680 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe12:18:18.0027 1680 MDM - ok12:18:18.0043 1680 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys12:18:18.0074 1680 megasas - ok12:18:18.0105 1680 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys12:18:18.0105 1680 MegaSR - ok12:18:18.0183 1680 Microsoft SharePoint Workspace Audit Service - ok12:18:18.0199 1680 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll12:18:18.0199 1680 MMCSS - ok12:18:18.0230 1680 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys12:18:18.0230 1680 Modem - ok12:18:18.0261 1680 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys12:18:18.0277 1680 monitor - ok12:18:18.0292 1680 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys12:18:18.0308 1680 mouclass - ok12:18:18.0339 1680 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys12:18:18.0355 1680 mouhid - ok12:18:18.0370 1680 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys12:18:18.0386 1680 mountmgr - ok12:18:18.0402 1680 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys12:18:18.0417 1680 mpio - ok12:18:18.0417 1680 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys12:18:18.0433 1680 mpsdrv - ok12:18:18.0682 1680 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys12:18:18.0698 1680 MRxDAV - ok12:18:18.0745 1680 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys12:18:18.0792 1680 mrxsmb - ok12:18:18.0823 1680 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys12:18:18.0838 1680 mrxsmb10 - ok12:18:18.0854 1680 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys12:18:18.0885 1680 mrxsmb20 - ok12:18:18.0901 1680 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys12:18:18.0916 1680 msahci - ok12:18:18.0932 1680 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys12:18:18.0948 1680 msdsm - ok12:18:18.0963 1680 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe12:18:18.0963 1680 MSDTC - ok12:18:18.0994 1680 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys12:18:19.0010 1680 Msfs - ok12:18:19.0010 1680 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys12:18:19.0026 1680 mshidkmdf - ok12:18:19.0041 1680 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys12:18:19.0057 1680 msisadrv - ok12:18:19.0088 1680 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll12:18:19.0088 1680 MSiSCSI - ok12:18:19.0088 1680 msiserver - ok12:18:19.0135 1680 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys12:18:19.0135 1680 MSKSSRV - ok12:18:19.0135 1680 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys12:18:19.0150 1680 MSPCLOCK - ok12:18:19.0166 1680 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys12:18:19.0166 1680 MSPQM - ok12:18:19.0182 1680 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys12:18:19.0182 1680 MsRPC - ok12:18:19.0197 1680 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys12:18:19.0213 1680 mssmbios - ok12:18:19.0228 1680 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys12:18:19.0244 1680 MSTEE - ok12:18:19.0260 1680 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys12:18:19.0275 1680 MTConfig - ok12:18:19.0291 1680 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys12:18:19.0291 1680 Mup - ok12:18:19.0322 1680 NAL (cbbbbcace1abda7336410df4ab3c74d7) C:\Windows\system32\Drivers\iqvw32.sys12:18:19.0338 1680 NAL - ok12:18:19.0369 1680 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll12:18:19.0369 1680 napagent - ok12:18:19.0416 1680 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys12:18:19.0431 1680 NativeWifiP - ok12:18:19.0463 1680 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys12:18:19.0494 1680 NDIS - ok12:18:19.0509 1680 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys12:18:19.0541 1680 NdisCap - ok12:18:19.0556 1680 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys12:18:19.0556 1680 NdisTapi - ok12:18:19.0572 1680 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys12:18:19.0603 1680 Ndisuio - ok12:18:19.0619 1680 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys12:18:19.0634 1680 NdisWan - ok12:18:19.0634 1680 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys12:18:19.0650 1680 NDProxy - ok12:18:19.0681 1680 NEOFLTR_650_15551 (4647fc4045012d54c0b3bbf848887734) C:\Windows\system32\Drivers\NEOFLTR_650_15551.SYS12:18:19.0681 1680 NEOFLTR_650_15551 - ok12:18:19.0728 1680 Net Driver HPZ12 (f7c14f5077bf2bc476c348b88a7f74e2) C:\Windows\system32\HPZinw12.dll12:18:19.0728 1680 Net Driver HPZ12 - ok12:18:19.0759 1680 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys12:18:19.0775 1680 NetBIOS - ok12:18:19.0790 1680 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys12:18:19.0821 1680 NetBT - ok12:18:19.0837 1680 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe12:18:19.0853 1680 Netlogon - ok12:18:19.0884 1680 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll12:18:19.0884 1680 Netman - ok12:18:19.0899 1680 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll12:18:19.0899 1680 netprofm - ok12:18:19.0962 1680 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe12:18:19.0962 1680 NetTcpPortSharing - ok12:18:20.0055 1680 NewWorldUpdaterService (619fb0ba9f6451c9a8de0ef35944ac4d) C:\Program Files\New World Systems\New World Automatic Updater\NewWorld.Management.Updater.Service.exe12:18:20.0055 1680 NewWorldUpdaterService - ok12:18:20.0087 1680 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys12:18:20.0102 1680 nfrd960 - ok12:18:20.0133 1680 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll12:18:20.0133 1680 NlaSvc - ok12:18:20.0165 1680 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys12:18:20.0180 1680 Npfs - ok12:18:20.0180 1680 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll12:18:20.0180 1680 nsi - ok12:18:20.0196 1680 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys12:18:20.0211 1680 nsiproxy - ok12:18:20.0258 1680 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys12:18:20.0289 1680 Ntfs - ok12:18:20.0367 1680 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys12:18:20.0383 1680 Null - ok12:18:20.0414 1680 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys12:18:20.0430 1680 nvraid - ok12:18:20.0430 1680 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys12:18:20.0461 1680 nvstor - ok12:18:20.0492 1680 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys12:18:20.0508 1680 nv_agp - ok12:18:20.0586 1680 NWClientUpdate (63afd786477de10ab499c4e661330df9) C:\Program Files\New World Systems\Aegis MSP\NWClientUpdate.exe12:18:20.0601 1680 NWClientUpdate - ok12:18:20.0617 1680 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys12:18:20.0617 1680 ohci1394 - ok12:18:20.0679 1680 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE12:18:20.0679 1680 ose - ok12:18:20.0835 1680 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE12:18:20.0867 1680 osppsvc - ok12:18:20.0960 1680 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll12:18:20.0960 1680 p2pimsvc - ok12:18:20.0976 1680 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll12:18:20.0992 1680 p2psvc - ok12:18:21.0023 1680 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys12:18:21.0038 1680 Parport - ok12:18:21.0054 1680 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys12:18:21.0070 1680 partmgr - ok12:18:21.0101 1680 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys12:18:21.0116 1680 Parvdm - ok12:18:21.0132 1680 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll12:18:21.0148 1680 PcaSvc - ok12:18:21.0226 1680 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys12:18:21.0272 1680 pci - ok12:18:21.0288 1680 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys12:18:21.0319 1680 pciide - ok12:18:21.0350 1680 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys12:18:21.0366 1680 pcmcia - ok12:18:21.0444 1680 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys12:18:21.0460 1680 pcw - ok12:18:21.0491 1680 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys12:18:21.0506 1680 PEAUTH - ok12:18:21.0569 1680 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll12:18:21.0584 1680 PeerDistSvc - ok12:18:21.0647 1680 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll12:18:21.0678 1680 pla - ok12:18:21.0787 1680 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll12:18:21.0787 1680 PlugPlay - ok12:18:21.0834 1680 Pml Driver HPZ12 (e638656001c52a1faa34f92e6d3a086b) C:\Windows\system32\HPZipm12.dll12:18:21.0834 1680 Pml Driver HPZ12 - ok12:18:21.0850 1680 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll12:18:21.0865 1680 PNRPAutoReg - ok12:18:21.0881 1680 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll12:18:21.0881 1680 PNRPsvc - ok12:18:21.0912 1680 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll12:18:21.0912 1680 PolicyAgent - ok12:18:21.0928 1680 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll12:18:21.0943 1680 Power - ok12:18:21.0990 1680 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys12:18:22.0006 1680 PptpMiniport - ok12:18:22.0021 1680 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys12:18:22.0037 1680 Processor - ok12:18:22.0068 1680 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll12:18:22.0084 1680 ProfSvc - ok12:18:22.0115 1680 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe12:18:22.0115 1680 ProtectedStorage - ok12:18:22.0146 1680 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys12:18:22.0162 1680 Psched - ok12:18:22.0208 1680 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys12:18:22.0240 1680 ql2300 - ok12:18:22.0318 1680 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys12:18:22.0333 1680 ql40xx - ok12:18:22.0364 1680 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll12:18:22.0364 1680 QWAVE - ok12:18:22.0396 1680 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys12:18:22.0411 1680 QWAVEdrv - ok12:18:22.0411 1680 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys12:18:22.0427 1680 RasAcd - ok12:18:22.0458 1680 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys12:18:22.0474 1680 RasAgileVpn - ok12:18:22.0489 1680 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll12:18:22.0505 1680 RasAuto - ok12:18:22.0505 1680 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys12:18:22.0520 1680 Rasl2tp - ok12:18:22.0552 1680 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll12:18:22.0567 1680 RasMan - ok12:18:22.0583 1680 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys12:18:22.0599 1680 RasPppoe - ok12:18:22.0630 1680 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys12:18:22.0645 1680 RasSstp - ok12:18:22.0661 1680 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys12:18:22.0677 1680 rdbss - ok12:18:22.0692 1680 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys12:18:22.0723 1680 rdpbus - ok12:18:22.0739 1680 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys12:18:22.0755 1680 RDPCDD - ok12:18:22.0770 1680 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys12:18:22.0770 1680 RDPDR - ok12:18:22.0786 1680 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys12:18:22.0801 1680 RDPENCDD - ok12:18:22.0817 1680 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys12:18:22.0817 1680 RDPREFMP - ok12:18:22.0848 1680 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\Windows\system32\drivers\RDPWD.sys12:18:22.0864 1680 RDPWD - ok12:18:22.0895 1680 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys12:18:22.0895 1680 rdyboost - ok12:18:22.0926 1680 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll12:18:22.0926 1680 RemoteAccess - ok12:18:22.0942 1680 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll12:18:22.0957 1680 RemoteRegistry - ok12:18:22.0973 1680 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll12:18:22.0973 1680 RpcEptMapper - ok12:18:22.0989 1680 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe12:18:23.0004 1680 RpcLocator - ok12:18:23.0020 1680 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll12:18:23.0020 1680 RpcSs - ok12:18:23.0051 1680 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys12:18:23.0067 1680 rspndr - ok12:18:23.0113 1680 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys12:18:23.0129 1680 s3cap - ok12:18:23.0160 1680 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe12:18:23.0160 1680 SamSs - ok12:18:23.0238 1680 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys12:18:23.0254 1680 sbp2port - ok12:18:23.0332 1680 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll12:18:23.0332 1680 SCardSvr - ok12:18:23.0363 1680 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys12:18:23.0363 1680 scfilter - ok12:18:23.0457 1680 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll12:18:23.0457 1680 Schedule - ok12:18:23.0472 1680 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll12:18:23.0488 1680 SCPolicySvc - ok12:18:23.0503 1680 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll12:18:23.0503 1680 SDRSVC - ok12:18:23.0550 1680 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys12:18:23.0566 1680 secdrv - ok12:18:23.0581 1680 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll12:18:23.0581 1680 seclogon - ok12:18:23.0597 1680 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll12:18:23.0597 1680 SENS - ok12:18:23.0613 1680 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll12:18:23.0628 1680 SensrSvc - ok12:18:23.0644 1680 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys12:18:23.0659 1680 Serenum - ok12:18:23.0675 1680 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys12:18:23.0691 1680 Serial - ok12:18:23.0847 1680 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys12:18:23.0862 1680 sermouse - ok12:18:23.0878 1680 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll12:18:23.0893 1680 SessionEnv - ok12:18:23.0909 1680 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys12:18:23.0925 1680 sffdisk - ok12:18:23.0940 1680 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys12:18:23.0956 1680 sffp_mmc - ok12:18:23.0971 1680 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys12:18:23.0987 1680 sffp_sd - ok12:18:23.0987 1680 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys12:18:24.0003 1680 sfloppy - ok12:18:24.0034 1680 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll12:18:24.0034 1680 ShellHWDetection - ok12:18:24.0065 1680 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys12:18:24.0081 1680 sisagp - ok12:18:24.0112 1680 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys12:18:24.0143 1680 SiSRaid2 - ok12:18:24.0159 1680 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys12:18:24.0190 1680 SiSRaid4 - ok12:18:24.0221 1680 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys12:18:24.0237 1680 Smb - ok12:18:24.0268 1680 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe12:18:24.0268 1680 SNMPTRAP - ok12:18:24.0284 1680 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys12:18:24.0284 1680 spldr - ok12:18:24.0315 1680 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe12:18:24.0315 1680 Spooler - ok12:18:24.0393 1680 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe12:18:24.0455 1680 sppsvc - ok12:18:24.0518 1680 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll12:18:24.0533 1680 sppuinotify - ok12:18:24.0564 1680 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys12:18:24.0580 1680 srv - ok12:18:24.0611 1680 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys12:18:24.0627 1680 srv2 - ok12:18:24.0642 1680 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys12:18:24.0674 1680 srvnet - ok12:18:24.0705 1680 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll12:18:24.0705 1680 SSDPSRV - ok12:18:24.0705 1680 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll12:18:24.0705 1680 SstpSvc - ok12:18:24.0752 1680 staccel (463bac682ba75050a5a93025b9cc52c2) C:\Windows\system32\DRIVERS\staccel.sys12:18:24.0752 1680 staccel - ok12:18:24.0767 1680 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys12:18:24.0783 1680 stexstor - ok12:18:24.0798 1680 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll12:18:24.0814 1680 StiSvc - ok12:18:24.0830 1680 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys12:18:24.0845 1680 storflt - ok12:18:24.0845 1680 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll12:18:24.0845 1680 StorSvc - ok12:18:24.0876 1680 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys12:18:24.0876 1680 storvsc - ok12:18:24.0892 1680 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys12:18:24.0892 1680 swenum - ok12:18:24.0923 1680 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll12:18:24.0923 1680 swprv - ok12:18:24.0970 1680 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll12:18:24.0970 1680 SysMain - ok12:18:25.0001 1680 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll12:18:25.0001 1680 TabletInputService - ok12:18:25.0017 1680 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll12:18:25.0032 1680 TapiSrv - ok12:18:25.0032 1680 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll12:18:25.0048 1680 TBS - ok12:18:25.0157 1680 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys12:18:25.0220 1680 Tcpip - ok12:18:25.0344 1680 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys12:18:25.0344 1680 TCPIP6 - ok12:18:25.0438 1680 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys12:18:25.0454 1680 tcpipreg - ok12:18:25.0469 1680 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys12:18:25.0485 1680 TDPIPE - ok12:18:25.0516 1680 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys12:18:25.0532 1680 TDTCP - ok12:18:25.0547 1680 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys12:18:25.0578 1680 tdx - ok12:18:25.0594 1680 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys12:18:25.0594 1680 TermDD - ok12:18:25.0625 1680 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll12:18:25.0641 1680 TermService - ok12:18:25.0657 1680 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll12:18:25.0657 1680 Themes - ok12:18:25.0688 1680 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll12:18:25.0688 1680 THREADORDER - ok12:18:25.0703 1680 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys12:18:25.0735 1680 TPM - ok12:18:25.0781 1680 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll12:18:25.0781 1680 TrkWks - ok12:18:25.0813 1680 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe12:18:25.0813 1680 TrustedInstaller - ok12:18:25.0844 1680 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys12:18:25.0875 1680 tssecsrv - ok12:18:25.0937 1680 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys12:18:25.0969 1680 tunnel - ok12:18:25.0984 1680 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys12:18:26.0000 1680 uagp35 - ok12:18:26.0031 1680 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys12:18:26.0047 1680 udfs - ok12:18:26.0078 1680 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe12:18:26.0078 1680 UI0Detect - ok12:18:26.0109 1680 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys12:18:26.0125 1680 uliagpkx - ok12:18:26.0140 1680 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys12:18:26.0156 1680 umbus - ok12:18:26.0171 1680 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys12:18:26.0187 1680 UmPass - ok12:18:26.0203 1680 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll12:18:26.0218 1680 UmRdpService - ok12:18:26.0234 1680 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll12:18:26.0234 1680 upnphost - ok12:18:26.0281 1680 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys12:18:26.0296 1680 usbccgp - ok12:18:26.0327 1680 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys12:18:26.0343 1680 usbcir - ok12:18:26.0390 1680 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys12:18:26.0405 1680 usbehci - ok12:18:26.0421 1680 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys12:18:26.0452 1680 usbhub - ok12:18:26.0483 1680 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys12:18:26.0483 1680 usbohci - ok12:18:26.0515 1680 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys12:18:26.0530 1680 usbprint - ok12:18:26.0546 1680 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS12:18:26.0561 1680 USBSTOR - ok12:18:26.0561 1680 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys12:18:26.0577 1680 usbuhci - ok12:18:26.0593 1680 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll12:18:26.0608 1680 UxSms - ok12:18:26.0624 1680 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe12:18:26.0624 1680 VaultSvc - ok12:18:26.0655 1680 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys12:18:26.0671 1680 vdrvroot - ok12:18:26.0686 1680 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe12:18:26.0702 1680 vds - ok12:18:26.0733 1680 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys12:18:26.0749 1680 vga - ok12:18:26.0749 1680 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys12:18:26.0780 1680 VgaSave - ok12:18:26.0795 1680 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys12:18:26.0811 1680 vhdmp - ok12:18:26.0842 1680 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys12:18:26.0842 1680 viaagp - ok12:18:26.0858 1680 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys12:18:26.0889 1680 ViaC7 - ok12:18:26.0905 1680 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys12:18:26.0920 1680 viaide - ok12:18:26.0936 1680 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys12:18:26.0951 1680 vmbus - ok12:18:26.0967 1680 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys12:18:26.0967 1680 VMBusHID - ok12:18:26.0983 1680 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys12:18:26.0998 1680 volmgr - ok12:18:27.0029 1680 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys12:18:27.0061 1680 volmgrx - ok12:18:27.0279 1680 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys12:18:27.0310 1680 volsnap - ok12:18:27.0357 1680 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys12:18:27.0373 1680 vsmraid - ok12:18:27.0404 1680 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe12:18:27.0435 1680 VSS - ok12:18:27.0451 1680 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys12:18:27.0466 1680 vwifibus - ok12:18:27.0482 1680 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll12:18:27.0482 1680 W32Time - ok12:18:27.0513 1680 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys12:18:27.0529 1680 WacomPen - ok12:18:27.0544 1680 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys12:18:27.0560 1680 WANARP - ok12:18:27.0560 1680 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys12:18:27.0576 1680 Wanarpv6 - ok12:18:27.0638 1680 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe12:18:27.0654 1680 WatAdminSvc - ok12:18:27.0747 1680 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe12:18:27.0778 1680 wbengine - ok12:18:27.0778 1680 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll12:18:27.0794 1680 WbioSrvc - ok12:18:27.0825 1680 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll12:18:27.0825 1680 wcncsvc - ok12:18:27.0841 1680 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll12:18:27.0841 1680 WcsPlugInService - ok12:18:27.0888 1680 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys12:18:27.0888 1680 Wd - ok12:18:27.0919 1680 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys12:18:27.0950 1680 Wdf01000 - ok12:18:27.0981 1680 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll12:18:27.0981 1680 WdiServiceHost - ok12:18:27.0981 1680 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll12:18:27.0981 1680 WdiSystemHost - ok12:18:28.0012 1680 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll12:18:28.0012 1680 WebClient - ok12:18:28.0044 1680 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll12:18:28.0044 1680 Wecsvc - ok12:18:28.0059 1680 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll12:18:28.0059 1680 wercplsupport - ok12:18:28.0075 1680 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll12:18:28.0075 1680 WerSvc - ok12:18:28.0122 1680 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys12:18:28.0122 1680 WfpLwf - ok12:18:28.0137 1680 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys12:18:28.0153 1680 WIMMount - ok12:18:28.0215 1680 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll12:18:28.0215 1680 WinDefend - ok12:18:28.0215 1680 WinHttpAutoProxySvc - ok12:18:28.0262 1680 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll12:18:28.0262 1680 Winmgmt - ok12:18:28.0309 1680 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll12:18:28.0324 1680 WinRM - ok12:18:28.0356 1680 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll12:18:28.0387 1680 Wlansvc - ok12:18:28.0418 1680 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys12:18:28.0434 1680 WmiAcpi - ok12:18:28.0480 1680 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe12:18:28.0480 1680 wmiApSrv - ok12:18:28.0558 1680 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe12:18:28.0574 1680 WMPNetworkSvc - ok12:18:28.0652 1680 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll12:18:28.0668 1680 WPCSvc - ok12:18:28.0668 1680 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll12:18:28.0668 1680 WPDBusEnum - ok12:18:28.0714 1680 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys12:18:28.0730 1680 ws2ifsl - ok12:18:28.0746 1680 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\system32\wscsvc.dll12:18:28.0761 1680 wscsvc - ok12:18:28.0761 1680 WSearch - ok12:18:28.0824 1680 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll12:18:28.0839 1680 wuauserv - ok12:18:28.0917 1680 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys12:18:28.0933 1680 WudfPf - ok12:18:28.0964 1680 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys12:18:28.0964 1680 WUDFRd - ok12:18:28.0995 1680 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll12:18:28.0995 1680 wudfsvc - ok12:18:29.0011 1680 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll12:18:29.0011 1680 WwanSvc - ok12:18:29.0011 1680 ztoiwqog - ok12:18:29.0027 1680 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR012:18:29.0183 1680 \Device\Harddisk0\DR0 - ok12:18:29.0183 1680 Boot (0x1200) (bc8cfa994a06c0eeaccdb54a1d7ffa2f) \Device\Harddisk0\DR0\Partition012:18:29.0183 1680 \Device\Harddisk0\DR0\Partition0 - ok12:18:29.0198 1680 Boot (0x1200) (e462baacba48c3ee6011a027b357dd9d) \Device\Harddisk0\DR0\Partition112:18:29.0198 1680 \Device\Harddisk0\DR0\Partition1 - ok12:18:29.0198 1680 ============================================================12:18:29.0198 1680 Scan finished12:18:29.0198 1680 ============================================================12:18:29.0214 3928 Detected object count: 012:18:29.0214 3928 Actual detected object count: 012:18:42.0866 2812 Deinitialize success Link to post Share on other sites More sharing options...
c4poa Posted May 18, 2012 Author ID:552701 Share Posted May 18, 2012 Got further It said preparing to run ComboFix in dos like window but never did anything more for at least 90 mins... Here is rerun log from TDSSKiller:15:22:51.0547 0124 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:5715:22:52.0046 0124 ============================================================15:22:52.0046 0124 Current date / time: 2012/05/18 15:22:52.004615:22:52.0046 0124 SystemInfo:15:22:52.0046 0124 15:22:52.0046 0124 OS Version: 6.1.7600 ServicePack: 0.015:22:52.0046 0124 Product type: Workstation15:22:52.0046 0124 ComputerName: CSMSW829415:22:52.0046 0124 UserName: isck15:22:52.0062 0124 Windows directory: C:\Windows15:22:52.0062 0124 System windows directory: C:\Windows15:22:52.0062 0124 Processor architecture: Intel x8615:22:52.0062 0124 Number of processors: 415:22:52.0062 0124 Page size: 0x100015:22:52.0062 0124 Boot type: Safe boot with network15:22:52.0062 0124 ============================================================15:22:52.0795 0124 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005015:22:52.0795 0124 ============================================================15:22:52.0795 0124 \Device\Harddisk0\DR0:15:22:52.0795 0124 MBR partitions:15:22:52.0795 0124 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3200015:22:52.0795 0124 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E26B015:22:52.0795 0124 ============================================================15:22:52.0826 0124 C: <-> \Device\Harddisk0\DR0\Partition115:22:52.0826 0124 ============================================================15:22:52.0826 0124 Initialize success15:22:52.0826 0124 ============================================================15:22:55.0338 0304 ============================================================15:22:55.0338 0304 Scan started15:22:55.0338 0304 Mode: Manual;15:22:55.0338 0304 ============================================================15:22:56.0133 0304 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys15:22:56.0133 0304 1394ohci - ok15:22:56.0180 0304 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys15:22:56.0196 0304 ACPI - ok15:22:56.0227 0304 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys15:22:56.0227 0304 AcpiPmi - ok15:22:56.0274 0304 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\Windows\system32\drivers\adfs.sys15:22:56.0274 0304 adfs - ok15:22:56.0320 0304 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys15:22:56.0336 0304 adp94xx - ok15:22:56.0367 0304 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys15:22:56.0367 0304 adpahci - ok15:22:56.0398 0304 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys15:22:56.0398 0304 adpu320 - ok15:22:56.0414 0304 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll15:22:56.0414 0304 AeLookupSvc - ok15:22:56.0476 0304 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys15:22:56.0476 0304 AFD - ok15:22:56.0492 0304 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys15:22:56.0492 0304 agp440 - ok15:22:56.0523 0304 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys15:22:56.0523 0304 aic78xx - ok15:22:56.0586 0304 aksfridge (730e9d3bb324fb1899005aea63c6782d) C:\Windows\system32\drivers\aksfridge.sys15:22:56.0586 0304 aksfridge - ok15:22:56.0601 0304 Scan interrupted by user!15:22:56.0601 0304 Scan interrupted by user!15:22:56.0601 0304 Scan interrupted by user!15:22:56.0601 0304 ============================================================15:22:56.0601 0304 Scan finished15:22:56.0601 0304 ============================================================15:22:56.0617 0176 Detected object count: 015:22:56.0617 0176 Actual detected object count: 015:23:14.0182 0348 ============================================================15:23:14.0182 0348 Scan started15:23:14.0182 0348 Mode: Manual; TDLFS;15:23:14.0182 0348 ============================================================15:23:14.0276 0348 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys15:23:14.0276 0348 1394ohci - ok15:23:14.0323 0348 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys15:23:14.0323 0348 ACPI - ok15:23:14.0338 0348 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys15:23:14.0338 0348 AcpiPmi - ok15:23:14.0354 0348 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\Windows\system32\drivers\adfs.sys15:23:14.0354 0348 adfs - ok15:23:14.0401 0348 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys15:23:14.0401 0348 adp94xx - ok15:23:14.0432 0348 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys15:23:14.0432 0348 adpahci - ok15:23:14.0463 0348 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys15:23:14.0463 0348 adpu320 - ok15:23:14.0479 0348 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll15:23:14.0479 0348 AeLookupSvc - ok15:23:14.0541 0348 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys15:23:14.0541 0348 AFD - ok15:23:14.0557 0348 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys15:23:14.0557 0348 agp440 - ok15:23:14.0588 0348 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys15:23:14.0588 0348 aic78xx - ok15:23:14.0635 0348 aksfridge (730e9d3bb324fb1899005aea63c6782d) C:\Windows\system32\drivers\aksfridge.sys15:23:14.0635 0348 aksfridge - ok15:23:14.0635 0348 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe15:23:14.0635 0348 ALG - ok15:23:14.0666 0348 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys15:23:14.0666 0348 aliide - ok15:23:14.0697 0348 AMD External Events Utility (b19505648f033393e907e2e419fde8b3) C:\Windows\system32\atiesrxx.exe15:23:14.0713 0348 AMD External Events Utility - ok15:23:14.0713 0348 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys15:23:14.0713 0348 amdagp - ok15:23:14.0744 0348 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys15:23:14.0744 0348 amdide - ok15:23:14.0775 0348 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys15:23:14.0775 0348 AmdK8 - ok15:23:14.0775 0348 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys15:23:14.0775 0348 AmdPPM - ok15:23:14.0806 0348 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys15:23:14.0806 0348 amdsata - ok15:23:14.0838 0348 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys15:23:14.0838 0348 amdsbs - ok15:23:14.0853 0348 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys15:23:14.0853 0348 amdxata - ok15:23:14.0978 0348 AMPAgent (f3d3fd6fdcd1b2b514fe71479f567320) C:\Program Files\Dell\KACE\AMPAgent.exe15:23:15.0009 0348 AMPAgent - ok15:23:15.0087 0348 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys15:23:15.0087 0348 AppID - ok15:23:15.0134 0348 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll15:23:15.0134 0348 AppIDSvc - ok15:23:15.0150 0348 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll15:23:15.0150 0348 Appinfo - ok15:23:15.0181 0348 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll15:23:15.0181 0348 AppMgmt - ok15:23:15.0196 0348 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys15:23:15.0196 0348 arc - ok15:23:15.0228 0348 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys15:23:15.0228 0348 arcsas - ok15:23:15.0243 0348 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys15:23:15.0259 0348 AsyncMac - ok15:23:15.0274 0348 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys15:23:15.0274 0348 atapi - ok15:23:15.0399 0348 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys15:23:15.0462 0348 atikmdag - ok15:23:15.0586 0348 ATMsrvc (523ca82a8810f4354e6425406afbc130) C:\Windows\System32\ATMsrvc.exe15:23:15.0586 0348 ATMsrvc - ok15:23:15.0618 0348 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll15:23:15.0618 0348 AudioEndpointBuilder - ok15:23:15.0618 0348 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll15:23:15.0618 0348 Audiosrv - ok15:23:15.0649 0348 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll15:23:15.0664 0348 AxInstSV - ok15:23:15.0696 0348 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys15:23:15.0711 0348 b06bdrv - ok15:23:15.0758 0348 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys15:23:15.0758 0348 b57nd60x - ok15:23:15.0820 0348 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll15:23:15.0820 0348 BDESVC - ok15:23:15.0836 0348 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys15:23:15.0836 0348 Beep - ok15:23:15.0852 0348 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\system32\qmgr.dll15:23:15.0867 0348 BITS - ok15:23:15.0898 0348 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys15:23:15.0898 0348 blbdrive - ok15:23:15.0930 0348 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys15:23:15.0930 0348 bowser - ok15:23:15.0976 0348 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys15:23:15.0976 0348 BrFiltLo - ok15:23:15.0976 0348 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys15:23:15.0976 0348 BrFiltUp - ok15:23:15.0992 0348 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys15:23:15.0992 0348 BridgeMP - ok15:23:16.0039 0348 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll15:23:16.0039 0348 Browser - ok15:23:16.0054 0348 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys15:23:16.0054 0348 Brserid - ok15:23:16.0086 0348 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys15:23:16.0086 0348 BrSerWdm - ok15:23:16.0101 0348 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys15:23:16.0101 0348 BrUsbMdm - ok15:23:16.0117 0348 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys15:23:16.0117 0348 BrUsbSer - ok15:23:16.0132 0348 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys15:23:16.0132 0348 BTHMODEM - ok15:23:16.0164 0348 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll15:23:16.0164 0348 bthserv - ok15:23:16.0195 0348 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys15:23:16.0210 0348 cdfs - ok15:23:16.0242 0348 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys15:23:16.0242 0348 cdrom - ok15:23:16.0273 0348 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll15:23:16.0273 0348 CertPropSvc - ok15:23:16.0304 0348 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys15:23:16.0304 0348 circlass - ok15:23:16.0320 0348 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys15:23:16.0320 0348 CLFS - ok15:23:16.0366 0348 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe15:23:16.0366 0348 clr_optimization_v2.0.50727_32 - ok15:23:16.0429 0348 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe15:23:16.0429 0348 clr_optimization_v4.0.30319_32 - ok15:23:16.0444 0348 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys15:23:16.0444 0348 CmBatt - ok15:23:16.0460 0348 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys15:23:16.0460 0348 cmdide - ok15:23:16.0507 0348 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys15:23:16.0507 0348 CNG - ok15:23:16.0522 0348 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys15:23:16.0522 0348 Compbatt - ok15:23:16.0538 0348 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys15:23:16.0538 0348 CompositeBus - ok15:23:16.0554 0348 COMSysApp - ok15:23:16.0585 0348 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys15:23:16.0585 0348 crcdisk - ok15:23:16.0600 0348 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll15:23:16.0600 0348 CryptSvc - ok15:23:16.0632 0348 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys15:23:16.0632 0348 CSC - ok15:23:16.0647 0348 CscService (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll15:23:16.0663 0348 CscService - ok15:23:16.0710 0348 Cwbrxd (06ff22f453f1c74dff504d3292f5d91c) C:\Windows\CWBRXD.EXE15:23:16.0710 0348 Cwbrxd - ok15:23:16.0741 0348 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll15:23:16.0741 0348 DcomLaunch - ok15:23:16.0772 0348 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll15:23:16.0772 0348 defragsvc - ok15:23:16.0819 0348 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys15:23:16.0819 0348 DfsC - ok15:23:16.0850 0348 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll15:23:16.0850 0348 Dhcp - ok15:23:16.0881 0348 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys15:23:16.0881 0348 discache - ok15:23:16.0912 0348 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys15:23:16.0912 0348 Disk - ok15:23:16.0944 0348 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll15:23:16.0944 0348 Dnscache - ok15:23:16.0975 0348 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll15:23:16.0990 0348 dot3svc - ok15:23:17.0022 0348 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys15:23:17.0022 0348 Dot4 - ok15:23:17.0053 0348 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys15:23:17.0053 0348 Dot4Print - ok15:23:17.0084 0348 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys15:23:17.0084 0348 dot4usb - ok15:23:17.0131 0348 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll15:23:17.0131 0348 DPS - ok15:23:17.0146 0348 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys15:23:17.0146 0348 drmkaud - ok15:23:17.0193 0348 DwMirror (383182215a2c238e76b86e3b5ede40eb) C:\Windows\system32\DRIVERS\DamewareMini.sys15:23:17.0193 0348 DwMirror - ok15:23:17.0224 0348 DWMRCS - ok15:23:17.0224 0348 dwvkbd (5a402c57f621114c99f813c6ae7bc37a) C:\Windows\system32\DRIVERS\dwvkbd.sys15:23:17.0224 0348 dwvkbd - ok15:23:17.0271 0348 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys15:23:17.0271 0348 DXGKrnl - ok15:23:17.0287 0348 e1kexpress (3d042b4c6fdde698a3d6bd0b6191c92f) C:\Windows\system32\DRIVERS\e1k6232.sys15:23:17.0287 0348 e1kexpress - ok15:23:17.0318 0348 eamonm (04cba07e73f152970fc34d66d3892e2a) C:\Windows\system32\DRIVERS\eamonm.sys15:23:17.0318 0348 eamonm - ok15:23:17.0334 0348 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll15:23:17.0334 0348 EapHost - ok15:23:17.0427 0348 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys15:23:17.0490 0348 ebdrv - ok15:23:17.0568 0348 EFI ES1000 (7d10cb5a6cdc761a0faa7730053a83d8) c:\Program Files\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe15:23:17.0568 0348 EFI ES1000 - ok15:23:17.0646 0348 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe15:23:17.0646 0348 EFS - ok15:23:17.0724 0348 ehdrv (fe7824239d132ad9ebd8645fe1199b30) C:\Windows\system32\DRIVERS\ehdrv.sys15:23:17.0724 0348 ehdrv - ok15:23:17.0770 0348 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe15:23:17.0786 0348 ehRecvr - ok15:23:17.0817 0348 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe15:23:17.0817 0348 ehSched - ok15:23:17.0880 0348 EhttpSrv (68d91a34ce51cf15c45dd68f7f1257e8) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe15:23:17.0880 0348 EhttpSrv - ok15:23:17.0926 0348 ekrn (191d8eccc40f05b52fac0513f35ba01d) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe15:23:17.0942 0348 ekrn - ok15:23:18.0004 0348 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys15:23:18.0020 0348 elxstor - ok15:23:18.0036 0348 epfwwfpr (ddb45f6371714601a43e8be38145be18) C:\Windows\system32\DRIVERS\epfwwfpr.sys15:23:18.0036 0348 epfwwfpr - ok15:23:18.0051 0348 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys15:23:18.0051 0348 ErrDev - ok15:23:18.0114 0348 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll15:23:18.0114 0348 EventSystem - ok15:23:18.0129 0348 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys15:23:18.0129 0348 exfat - ok15:23:18.0145 0348 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys15:23:18.0145 0348 fastfat - ok15:23:18.0192 0348 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe15:23:18.0192 0348 Fax - ok15:23:18.0207 0348 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys15:23:18.0207 0348 fdc - ok15:23:18.0223 0348 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll15:23:18.0223 0348 fdPHost - ok15:23:18.0238 0348 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll15:23:18.0238 0348 FDResPub - ok15:23:18.0316 0348 Fiery Bridge Mailbox Synchronization (8d9cd7634ff2227b4d6cafa0583288ac) C:\Program Files\Fiery\Fiery Bridge\x86\MailboxSyncService.exe15:23:18.0316 0348 Fiery Bridge Mailbox Synchronization - ok15:23:18.0348 0348 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys15:23:18.0348 0348 FileInfo - ok15:23:18.0363 0348 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys15:23:18.0363 0348 Filetrace - ok15:23:18.0410 0348 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe15:23:18.0410 0348 FLEXnet Licensing Service - ok15:23:18.0441 0348 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys15:23:18.0441 0348 flpydisk - ok15:23:18.0472 0348 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys15:23:18.0472 0348 FltMgr - ok15:23:18.0519 0348 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll15:23:18.0550 0348 FontCache - ok15:23:18.0628 0348 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe15:23:18.0628 0348 FontCache3.0.0.0 - ok15:23:18.0660 0348 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys15:23:18.0660 0348 FsDepends - ok15:23:18.0675 0348 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys15:23:18.0675 0348 Fs_Rec - ok15:23:18.0691 0348 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys15:23:18.0691 0348 fvevol - ok15:23:18.0738 0348 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys15:23:18.0738 0348 gagp30kx - ok15:23:18.0784 0348 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll15:23:18.0784 0348 gpsvc - ok15:23:18.0878 0348 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe15:23:18.0878 0348 gupdate - ok15:23:18.0878 0348 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe15:23:18.0878 0348 gupdatem - ok15:23:18.0940 0348 hardlock (a9d587e31dbee3e9bd97fefece0ba874) C:\Windows\system32\drivers\hardlock.sys15:23:18.0940 0348 hardlock - ok15:23:18.0940 0348 hasplms - ok15:23:18.0956 0348 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys15:23:18.0956 0348 hcw85cir - ok15:23:19.0003 0348 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys15:23:19.0003 0348 HdAudAddService - ok15:23:19.0034 0348 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys15:23:19.0034 0348 HDAudBus - ok15:23:19.0050 0348 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys15:23:19.0065 0348 HECI - ok15:23:19.0065 0348 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys15:23:19.0065 0348 HidBatt - ok15:23:19.0081 0348 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys15:23:19.0081 0348 HidBth - ok15:23:19.0128 0348 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys15:23:19.0128 0348 HidIr - ok15:23:19.0143 0348 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll15:23:19.0143 0348 hidserv - ok15:23:19.0174 0348 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys15:23:19.0174 0348 HidUsb - ok15:23:19.0190 0348 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll15:23:19.0190 0348 hkmsvc - ok15:23:19.0206 0348 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll15:23:19.0206 0348 HomeGroupListener - ok15:23:19.0221 0348 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll15:23:19.0237 0348 HomeGroupProvider - ok15:23:19.0268 0348 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys15:23:19.0268 0348 HpSAMD - ok15:23:19.0315 0348 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys15:23:19.0315 0348 HTTP - ok15:23:19.0330 0348 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys15:23:19.0330 0348 hwpolicy - ok15:23:19.0362 0348 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys15:23:19.0362 0348 i8042prt - ok15:23:19.0393 0348 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys15:23:19.0408 0348 iaStorV - ok15:23:19.0486 0348 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe15:23:19.0486 0348 IDriverT - ok15:23:19.0564 0348 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe15:23:19.0580 0348 idsvc - ok15:23:19.0642 0348 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys15:23:19.0658 0348 iirsp - ok15:23:19.0689 0348 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll15:23:19.0705 0348 IKEEXT - ok15:23:19.0720 0348 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys15:23:19.0720 0348 intelide - ok15:23:19.0752 0348 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys15:23:19.0752 0348 intelppm - ok15:23:19.0752 0348 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll15:23:19.0767 0348 IPBusEnum - ok15:23:19.0798 0348 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys15:23:19.0798 0348 IpFilterDriver - ok15:23:19.0814 0348 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll15:23:19.0814 0348 iphlpsvc - ok15:23:19.0845 0348 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys15:23:19.0845 0348 IPMIDRV - ok15:23:19.0861 0348 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys15:23:19.0861 0348 IPNAT - ok15:23:19.0876 0348 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys15:23:19.0876 0348 IRENUM - ok15:23:19.0892 0348 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys15:23:19.0908 0348 isapnp - ok15:23:19.0923 0348 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys15:23:19.0923 0348 iScsiPrt - ok15:23:19.0986 0348 JuniperAccessService (f476e9c7d58a4937612040f3b0e11912) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe15:23:19.0986 0348 JuniperAccessService - ok15:23:20.0032 0348 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys15:23:20.0032 0348 kbdclass - ok15:23:20.0048 0348 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys15:23:20.0048 0348 kbdhid - ok15:23:20.0064 0348 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe15:23:20.0064 0348 KeyIso - ok15:23:20.0095 0348 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys15:23:20.0095 0348 KSecDD - ok15:23:20.0110 0348 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys15:23:20.0110 0348 KSecPkg - ok15:23:20.0142 0348 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll15:23:20.0142 0348 KtmRm - ok15:23:20.0188 0348 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\System32\srvsvc.dll15:23:20.0188 0348 LanmanServer - ok15:23:20.0204 0348 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll15:23:20.0204 0348 LanmanWorkstation - ok15:23:20.0251 0348 Lavasoft Kernexplorer - ok15:23:20.0266 0348 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys15:23:20.0266 0348 lltdio - ok15:23:20.0298 0348 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll15:23:20.0298 0348 lltdsvc - ok15:23:20.0298 0348 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll15:23:20.0298 0348 lmhosts - ok15:23:20.0329 0348 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys15:23:20.0344 0348 LSI_FC - ok15:23:20.0344 0348 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys15:23:20.0344 0348 LSI_SAS - ok15:23:20.0376 0348 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys15:23:20.0376 0348 LSI_SAS2 - ok15:23:20.0391 0348 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys15:23:20.0391 0348 LSI_SCSI - ok15:23:20.0422 0348 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys15:23:20.0422 0348 luafv - ok15:23:20.0454 0348 mbamchameleon (5dc35c6ecff38c91db3511c63d0000d9) C:\Windows\system32\drivers\mbamchameleon.sys15:23:20.0454 0348 mbamchameleon - ok15:23:20.0485 0348 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll15:23:20.0485 0348 Mcx2Svc - ok15:23:20.0563 0348 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe15:23:20.0563 0348 MDM - ok15:23:20.0578 0348 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys15:23:20.0578 0348 megasas - ok15:23:20.0610 0348 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys15:23:20.0610 0348 MegaSR - ok15:23:20.0672 0348 Microsoft SharePoint Workspace Audit Service - ok15:23:20.0703 0348 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll15:23:20.0703 0348 MMCSS - ok15:23:20.0719 0348 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys15:23:20.0734 0348 Modem - ok15:23:20.0750 0348 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys15:23:20.0750 0348 monitor - ok15:23:20.0766 0348 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys15:23:20.0766 0348 mouclass - ok15:23:20.0797 0348 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys15:23:20.0797 0348 mouhid - ok15:23:20.0812 0348 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys15:23:20.0812 0348 mountmgr - ok15:23:20.0828 0348 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys15:23:20.0828 0348 mpio - ok15:23:20.0844 0348 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys15:23:20.0844 0348 mpsdrv - ok15:23:20.0875 0348 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys15:23:20.0875 0348 MRxDAV - ok15:23:20.0906 0348 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys15:23:20.0906 0348 mrxsmb - ok15:23:20.0953 0348 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys15:23:20.0953 0348 mrxsmb10 - ok15:23:20.0968 0348 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys15:23:20.0968 0348 mrxsmb20 - ok15:23:21.0000 0348 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys15:23:21.0000 0348 msahci - ok15:23:21.0031 0348 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys15:23:21.0031 0348 msdsm - ok15:23:21.0046 0348 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe15:23:21.0046 0348 MSDTC - ok15:23:21.0062 0348 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys15:23:21.0062 0348 Msfs - ok15:23:21.0062 0348 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys15:23:21.0062 0348 mshidkmdf - ok15:23:21.0093 0348 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys15:23:21.0093 0348 msisadrv - ok15:23:21.0124 0348 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll15:23:21.0124 0348 MSiSCSI - ok15:23:21.0124 0348 msiserver - ok15:23:21.0171 0348 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys15:23:21.0171 0348 MSKSSRV - ok15:23:21.0187 0348 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys15:23:21.0187 0348 MSPCLOCK - ok15:23:21.0187 0348 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys15:23:21.0187 0348 MSPQM - ok15:23:21.0202 0348 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys15:23:21.0202 0348 MsRPC - ok15:23:21.0234 0348 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys15:23:21.0234 0348 mssmbios - ok15:23:21.0265 0348 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys15:23:21.0265 0348 MSTEE - ok15:23:21.0280 0348 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys15:23:21.0280 0348 MTConfig - ok15:23:21.0296 0348 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys15:23:21.0296 0348 Mup - ok15:23:21.0327 0348 NAL (cbbbbcace1abda7336410df4ab3c74d7) C:\Windows\system32\Drivers\iqvw32.sys15:23:21.0327 0348 NAL - ok15:23:21.0358 0348 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll15:23:21.0358 0348 napagent - ok15:23:21.0421 0348 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys15:23:21.0421 0348 NativeWifiP - ok15:23:21.0452 0348 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys15:23:21.0468 0348 NDIS - ok15:23:21.0499 0348 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys15:23:21.0499 0348 NdisCap - ok15:23:21.0514 0348 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys15:23:21.0514 0348 NdisTapi - ok15:23:21.0530 0348 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys15:23:21.0530 0348 Ndisuio - ok15:23:21.0546 0348 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys15:23:21.0546 0348 NdisWan - ok15:23:21.0561 0348 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys15:23:21.0561 0348 NDProxy - ok15:23:21.0592 0348 NEOFLTR_650_15551 (4647fc4045012d54c0b3bbf848887734) C:\Windows\system32\Drivers\NEOFLTR_650_15551.SYS15:23:21.0592 0348 NEOFLTR_650_15551 - ok15:23:21.0655 0348 Net Driver HPZ12 (f7c14f5077bf2bc476c348b88a7f74e2) C:\Windows\system32\HPZinw12.dll15:23:21.0655 0348 Net Driver HPZ12 - ok15:23:21.0670 0348 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys15:23:21.0670 0348 NetBIOS - ok15:23:21.0686 0348 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys15:23:21.0686 0348 NetBT - ok15:23:21.0717 0348 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe15:23:21.0717 0348 Netlogon - ok15:23:21.0764 0348 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll15:23:21.0764 0348 Netman - ok15:23:21.0795 0348 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll15:23:21.0795 0348 netprofm - ok15:23:21.0858 0348 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe15:23:21.0858 0348 NetTcpPortSharing - ok15:23:21.0951 0348 NewWorldUpdaterService (619fb0ba9f6451c9a8de0ef35944ac4d) C:\Program Files\New World Systems\New World Automatic Updater\NewWorld.Management.Updater.Service.exe15:23:21.0951 0348 NewWorldUpdaterService - ok15:23:21.0998 0348 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys15:23:21.0998 0348 nfrd960 - ok15:23:22.0029 0348 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll15:23:22.0045 0348 NlaSvc - ok15:23:22.0060 0348 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys15:23:22.0060 0348 Npfs - ok15:23:22.0060 0348 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll15:23:22.0060 0348 nsi - ok15:23:22.0076 0348 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys15:23:22.0076 0348 nsiproxy - ok15:23:22.0138 0348 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys15:23:22.0154 0348 Ntfs - ok15:23:22.0248 0348 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys15:23:22.0248 0348 Null - ok15:23:22.0279 0348 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys15:23:22.0279 0348 nvraid - ok15:23:22.0310 0348 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys15:23:22.0310 0348 nvstor - ok15:23:22.0341 0348 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys15:23:22.0341 0348 nv_agp - ok15:23:22.0419 0348 NWClientUpdate (63afd786477de10ab499c4e661330df9) C:\Program Files\New World Systems\Aegis MSP\NWClientUpdate.exe15:23:22.0419 0348 NWClientUpdate - ok15:23:22.0450 0348 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys15:23:22.0450 0348 ohci1394 - ok15:23:22.0513 0348 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE15:23:22.0513 0348 ose - ok15:23:22.0653 0348 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE15:23:22.0731 0348 osppsvc - ok15:23:22.0809 0348 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll15:23:22.0809 0348 p2pimsvc - ok15:23:22.0856 0348 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll15:23:22.0856 0348 p2psvc - ok15:23:22.0872 0348 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys15:23:22.0887 0348 Parport - ok15:23:22.0903 0348 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys15:23:22.0903 0348 partmgr - ok15:23:22.0918 0348 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys15:23:22.0918 0348 Parvdm - ok15:23:22.0950 0348 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll15:23:22.0950 0348 PcaSvc - ok15:23:22.0965 0348 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys15:23:22.0965 0348 pci - ok15:23:22.0996 0348 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys15:23:22.0996 0348 pciide - ok15:23:23.0028 0348 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys15:23:23.0028 0348 pcmcia - ok15:23:23.0043 0348 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys15:23:23.0043 0348 pcw - ok15:23:23.0074 0348 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys15:23:23.0074 0348 PEAUTH - ok15:23:23.0106 0348 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll15:23:23.0121 0348 PeerDistSvc - ok15:23:23.0184 0348 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll15:23:23.0215 0348 pla - ok15:23:23.0324 0348 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll15:23:23.0324 0348 PlugPlay - ok15:23:23.0371 0348 Pml Driver HPZ12 (e638656001c52a1faa34f92e6d3a086b) C:\Windows\system32\HPZipm12.dll15:23:23.0371 0348 Pml Driver HPZ12 - ok15:23:23.0386 0348 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll15:23:23.0402 0348 PNRPAutoReg - ok15:23:23.0418 0348 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll15:23:23.0418 0348 PNRPsvc - ok15:23:23.0433 0348 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll15:23:23.0449 0348 PolicyAgent - ok15:23:23.0480 0348 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll15:23:23.0480 0348 Power - ok15:23:23.0527 0348 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys15:23:23.0527 0348 PptpMiniport - ok15:23:23.0558 0348 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys15:23:23.0558 0348 Processor - ok15:23:23.0589 0348 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll15:23:23.0589 0348 ProfSvc - ok15:23:23.0636 0348 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe15:23:23.0636 0348 ProtectedStorage - ok15:23:23.0652 0348 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys15:23:23.0652 0348 Psched - ok15:23:23.0698 0348 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys15:23:23.0745 0348 ql2300 - ok15:23:23.0823 0348 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys15:23:23.0823 0348 ql40xx - ok15:23:23.0854 0348 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll15:23:23.0854 0348 QWAVE - ok15:23:23.0870 0348 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys15:23:23.0870 0348 QWAVEdrv - ok15:23:23.0870 0348 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys15:23:23.0886 0348 RasAcd - ok15:23:23.0917 0348 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys15:23:23.0917 0348 RasAgileVpn - ok15:23:23.0932 0348 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll15:23:23.0932 0348 RasAuto - ok15:23:23.0948 0348 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys15:23:23.0948 0348 Rasl2tp - ok15:23:23.0964 0348 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll15:23:23.0979 0348 RasMan - ok15:23:23.0995 0348 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys15:23:23.0995 0348 RasPppoe - ok15:23:24.0010 0348 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys15:23:24.0010 0348 RasSstp - ok15:23:24.0026 0348 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys15:23:24.0026 0348 rdbss - ok15:23:24.0042 0348 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys15:23:24.0042 0348 rdpbus - ok15:23:24.0057 0348 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys15:23:24.0057 0348 RDPCDD - ok15:23:24.0073 0348 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys15:23:24.0073 0348 RDPDR - ok15:23:24.0088 0348 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys15:23:24.0088 0348 RDPENCDD - ok15:23:24.0088 0348 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys15:23:24.0088 0348 RDPREFMP - ok15:23:24.0120 0348 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\Windows\system32\drivers\RDPWD.sys15:23:24.0120 0348 RDPWD - ok15:23:24.0151 0348 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys15:23:24.0151 0348 rdyboost - ok15:23:24.0166 0348 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll15:23:24.0166 0348 RemoteAccess - ok15:23:24.0198 0348 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll15:23:24.0198 0348 RemoteRegistry - ok15:23:24.0229 0348 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll15:23:24.0229 0348 RpcEptMapper - ok15:23:24.0244 0348 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe15:23:24.0244 0348 RpcLocator - ok15:23:24.0260 0348 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll15:23:24.0260 0348 RpcSs - ok15:23:24.0307 0348 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys15:23:24.0307 0348 rspndr - ok15:23:24.0322 0348 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys15:23:24.0322 0348 s3cap - ok15:23:24.0338 0348 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe15:23:24.0354 0348 SamSs - ok15:23:24.0385 0348 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys15:23:24.0400 0348 sbp2port - ok15:23:24.0416 0348 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll15:23:24.0416 0348 SCardSvr - ok15:23:24.0447 0348 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys15:23:24.0447 0348 scfilter - ok15:23:24.0494 0348 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll15:23:24.0510 0348 Schedule - ok15:23:24.0541 0348 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll15:23:24.0541 0348 SCPolicySvc - ok15:23:24.0556 0348 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll15:23:24.0556 0348 SDRSVC - ok15:23:24.0588 0348 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys15:23:24.0588 0348 secdrv - ok15:23:24.0603 0348 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll15:23:24.0603 0348 seclogon - ok15:23:24.0634 0348 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll15:23:24.0634 0348 SENS - ok15:23:24.0634 0348 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll15:23:24.0634 0348 SensrSvc - ok15:23:24.0666 0348 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys15:23:24.0666 0348 Serenum - ok15:23:24.0681 0348 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys15:23:24.0681 0348 Serial - ok15:23:24.0697 0348 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys15:23:24.0712 0348 sermouse - ok15:23:24.0728 0348 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll15:23:24.0728 0348 SessionEnv - ok15:23:24.0759 0348 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys15:23:24.0759 0348 sffdisk - ok15:23:24.0775 0348 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys15:23:24.0775 0348 sffp_mmc - ok15:23:24.0790 0348 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys15:23:24.0790 0348 sffp_sd - ok15:23:24.0822 0348 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys15:23:24.0822 0348 sfloppy - ok15:23:24.0853 0348 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll15:23:24.0853 0348 ShellHWDetection - ok15:23:24.0868 0348 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys15:23:24.0868 0348 sisagp - ok15:23:24.0900 0348 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys15:23:24.0900 0348 SiSRaid2 - ok15:23:24.0915 0348 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys15:23:24.0915 0348 SiSRaid4 - ok15:23:24.0931 0348 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys15:23:24.0931 0348 Smb - ok15:23:24.0978 0348 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe15:23:24.0978 0348 SNMPTRAP - ok15:23:24.0993 0348 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys15:23:24.0993 0348 spldr - ok15:23:25.0009 0348 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe15:23:25.0009 0348 Spooler - ok15:23:25.0087 0348 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe15:23:25.0134 0348 sppsvc - ok15:23:25.0196 0348 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll15:23:25.0212 0348 sppuinotify - ok15:23:25.0243 0348 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys15:23:25.0243 0348 srv - ok15:23:25.0290 0348 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys15:23:25.0305 0348 srv2 - ok15:23:25.0305 0348 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys15:23:25.0305 0348 srvnet - ok15:23:25.0336 0348 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll15:23:25.0336 0348 SSDPSRV - ok15:23:25.0352 0348 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll15:23:25.0352 0348 SstpSvc - ok15:23:25.0383 0348 staccel (463bac682ba75050a5a93025b9cc52c2) C:\Windows\system32\DRIVERS\staccel.sys15:23:25.0383 0348 staccel - ok15:23:25.0399 0348 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys15:23:25.0399 0348 stexstor - ok15:23:25.0414 0348 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll15:23:25.0414 0348 StiSvc - ok15:23:25.0446 0348 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys15:23:25.0446 0348 storflt - ok15:23:25.0446 0348 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll15:23:25.0446 0348 StorSvc - ok15:23:25.0477 0348 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys15:23:25.0477 0348 storvsc - ok15:23:25.0492 0348 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys15:23:25.0492 0348 swenum - ok15:23:25.0524 0348 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll15:23:25.0524 0348 swprv - ok15:23:25.0555 0348 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll15:23:25.0570 0348 SysMain - ok15:23:25.0586 0348 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll15:23:25.0602 0348 TabletInputService - ok15:23:25.0602 0348 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll15:23:25.0617 0348 TapiSrv - ok15:23:25.0617 0348 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll15:23:25.0617 0348 TBS - ok15:23:25.0695 0348 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys15:23:25.0726 0348 Tcpip - ok15:23:25.0851 0348 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys15:23:25.0867 0348 TCPIP6 - ok15:23:25.0945 0348 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys15:23:25.0945 0348 tcpipreg - ok15:23:25.0960 0348 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys15:23:25.0960 0348 TDPIPE - ok15:23:26.0007 0348 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys15:23:26.0007 0348 TDTCP - ok15:23:26.0023 0348 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys15:23:26.0023 0348 tdx - ok15:23:26.0038 0348 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys15:23:26.0038 0348 TermDD - ok15:23:26.0070 0348 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll15:23:26.0085 0348 TermService - ok15:23:26.0101 0348 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll15:23:26.0101 0348 Themes - ok15:23:26.0116 0348 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll15:23:26.0116 0348 THREADORDER - ok15:23:26.0148 0348 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys15:23:26.0148 0348 TPM - ok15:23:26.0163 0348 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll15:23:26.0179 0348 TrkWks - ok15:23:26.0226 0348 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe15:23:26.0226 0348 TrustedInstaller - ok15:23:26.0241 0348 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys15:23:26.0241 0348 tssecsrv - ok15:23:26.0257 0348 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys15:23:26.0272 0348 tunnel - ok15:23:26.0304 0348 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys15:23:26.0304 0348 uagp35 - ok15:23:26.0319 0348 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys15:23:26.0319 0348 udfs - ok15:23:26.0350 0348 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe15:23:26.0350 0348 UI0Detect - ok15:23:26.0382 0348 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys15:23:26.0382 0348 uliagpkx - ok15:23:26.0397 0348 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys15:23:26.0397 0348 umbus - ok15:23:26.0413 0348 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys15:23:26.0413 0348 UmPass - ok15:23:26.0428 0348 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll15:23:26.0428 0348 UmRdpService - ok15:23:26.0460 0348 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll15:23:26.0460 0348 upnphost - ok15:23:26.0491 0348 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys15:23:26.0491 0348 usbccgp - ok15:23:26.0522 0348 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys15:23:26.0522 0348 usbcir - ok15:23:26.0538 0348 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys15:23:26.0538 0348 usbehci - ok15:23:26.0569 0348 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys15:23:26.0569 0348 usbhub - ok15:23:26.0569 0348 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys15:23:26.0569 0348 usbohci - ok15:23:26.0600 0348 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys15:23:26.0600 0348 usbprint - ok15:23:26.0616 0348 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS15:23:26.0616 0348 USBSTOR - ok15:23:26.0631 0348 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys15:23:26.0631 0348 usbuhci - ok15:23:26.0647 0348 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll15:23:26.0647 0348 UxSms - ok15:23:26.0678 0348 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe15:23:26.0678 0348 VaultSvc - ok15:23:26.0709 0348 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys15:23:26.0709 0348 vdrvroot - ok15:23:26.0725 0348 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe15:23:26.0740 0348 vds - ok15:23:26.0772 0348 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys15:23:26.0772 0348 vga - ok15:23:26.0787 0348 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys15:23:26.0787 0348 VgaSave - ok15:23:26.0803 0348 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys15:23:26.0803 0348 vhdmp - ok15:23:26.0834 0348 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys15:23:26.0834 0348 viaagp - ok15:23:26.0850 0348 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys15:23:26.0850 0348 ViaC7 - ok15:23:26.0865 0348 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys15:23:26.0865 0348 viaide - ok15:23:26.0881 0348 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys15:23:26.0881 0348 vmbus - ok15:23:26.0912 0348 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys15:23:26.0928 0348 VMBusHID - ok15:23:26.0943 0348 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys15:23:26.0943 0348 volmgr - ok15:23:26.0959 0348 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys15:23:26.0959 0348 volmgrx - ok15:23:27.0006 0348 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys15:23:27.0006 0348 volsnap - ok15:23:27.0037 0348 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys15:23:27.0037 0348 vsmraid - ok15:23:27.0068 0348 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe15:23:27.0084 0348 VSS - ok15:23:27.0115 0348 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys15:23:27.0115 0348 vwifibus - ok15:23:27.0130 0348 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll15:23:27.0130 0348 W32Time - ok15:23:27.0162 0348 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys15:23:27.0162 0348 WacomPen - ok15:23:27.0193 0348 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys15:23:27.0193 0348 WANARP - ok15:23:27.0193 0348 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys15:23:27.0193 0348 Wanarpv6 - ok15:23:27.0255 0348 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe15:23:27.0302 0348 WatAdminSvc - ok15:23:27.0396 0348 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe15:23:27.0427 0348 wbengine - ok15:23:27.0442 0348 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll15:23:27.0442 0348 WbioSrvc - ok15:23:27.0489 0348 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll15:23:27.0489 0348 wcncsvc - ok15:23:27.0489 0348 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll15:23:27.0505 0348 WcsPlugInService - ok15:23:27.0536 0348 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys15:23:27.0536 0348 Wd - ok15:23:27.0567 0348 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys15:23:27.0567 0348 Wdf01000 - ok15:23:27.0583 0348 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll15:23:27.0583 0348 WdiServiceHost - ok15:23:27.0583 0348 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll15:23:27.0583 0348 WdiSystemHost - ok15:23:27.0630 0348 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll15:23:27.0630 0348 WebClient - ok15:23:27.0645 0348 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll15:23:27.0645 0348 Wecsvc - ok15:23:27.0645 0348 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll15:23:27.0661 0348 wercplsupport - ok15:23:27.0676 0348 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll15:23:27.0676 0348 WerSvc - ok15:23:27.0723 0348 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys15:23:27.0723 0348 WfpLwf - ok15:23:27.0723 0348 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys15:23:27.0723 0348 WIMMount - ok15:23:27.0786 0348 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll15:23:27.0801 0348 WinDefend - ok15:23:27.0801 0348 WinHttpAutoProxySvc - ok15:23:27.0832 0348 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll15:23:27.0832 0348 Winmgmt - ok15:23:27.0879 0348 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll15:23:27.0895 0348 WinRM - ok15:23:27.0942 0348 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll15:23:27.0973 0348 Wlansvc - ok15:23:28.0004 0348 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys15:23:28.0004 0348 WmiAcpi - ok15:23:28.0066 0348 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe15:23:28.0066 0348 wmiApSrv - ok15:23:28.0144 0348 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe15:23:28.0160 0348 WMPNetworkSvc - ok15:23:28.0238 0348 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll15:23:28.0238 0348 WPCSvc - ok15:23:28.0254 0348 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll15:23:28.0254 0348 WPDBusEnum - ok15:23:28.0269 0348 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys15:23:28.0269 0348 ws2ifsl - ok15:23:28.0300 0348 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\system32\wscsvc.dll15:23:28.0300 0348 wscsvc - ok15:23:28.0316 0348 WSearch - ok15:23:28.0378 0348 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll15:23:28.0394 0348 wuauserv - ok15:23:28.0488 0348 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys15:23:28.0488 0348 WudfPf - ok15:23:28.0519 0348 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys15:23:28.0519 0348 WUDFRd - ok15:23:28.0550 0348 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll15:23:28.0566 0348 wudfsvc - ok15:23:28.0581 0348 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll15:23:28.0581 0348 WwanSvc - ok15:23:28.0581 0348 ztoiwqog - ok15:23:28.0581 0348 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR015:23:28.0784 0348 \Device\Harddisk0\DR0 - ok15:23:28.0784 0348 Boot (0x1200) (bc8cfa994a06c0eeaccdb54a1d7ffa2f) \Device\Harddisk0\DR0\Partition015:23:28.0784 0348 \Device\Harddisk0\DR0\Partition0 - ok15:23:28.0800 0348 Boot (0x1200) (e462baacba48c3ee6011a027b357dd9d) \Device\Harddisk0\DR0\Partition115:23:28.0800 0348 \Device\Harddisk0\DR0\Partition1 - ok15:23:28.0800 0348 ============================================================15:23:28.0800 0348 Scan finished15:23:28.0800 0348 ============================================================15:23:28.0815 0340 Detected object count: 015:23:28.0815 0340 Actual detected object count: 015:23:51.0623 2044 Deinitialize success Link to post Share on other sites More sharing options...
Staff CatByte Posted May 18, 2012 Staff ID:552706 Share Posted May 18, 2012 Please run the following:Please open your MalwareBytes AntiMalware ProgramClick the Update Tab and search for updatesIf an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish, so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected. <-- very importantWhen disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. NEXTGo here to run an online scanner from ESET.Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activeX control to installClick StartMake sure that the option Remove found threats is unticked and the Scan Archives option is ticked.Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.Click ScanWait for the scan to finishWhen the scan completes, press the LIST OF THREATS FOUND buttonPress EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop Include the contents of this report in your next reply.Press the BACK button.Press Finish Link to post Share on other sites More sharing options...
c4poa Posted May 21, 2012 Author ID:553257 Share Posted May 21, 2012 Here is first item requested:Malwarebytes Anti-Malware 1.61.0.1400www.malwarebytes.orgDatabase version: v2012.05.18.07Windows 7 x86 NTFSInternet Explorer 8.0.7600.16385isck :: CSMSW8294 [administrator]5/18/2012 3:52:14 PMmbam-log-2012-05-18 (15-52-14).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 577119Time elapsed: 7 minute(s), 9 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 2HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.Folders Detected: 0(No malicious items detected)Files Detected: 1C:\ProgramData\BqEfsLDpnJeRUB.exe (Trojan.FakeHDD) -> Quarantined and deleted successfully.(end)And here is the Second:C:\TDSSKiller_Quarantine\18.05.2012_12.02.40\mbr0000\tdlfs0000\tsk0005.dta Win32/Olmasco.O trojanC:\TDSSKiller_Quarantine\18.05.2012_12.02.40\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmasco.W trojanC:\TDSSKiller_Quarantine\18.05.2012_12.02.40\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmasco.O trojanC:\TDSSKiller_Quarantine\18.05.2012_12.02.40\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmasco.X trojanC:\TDSSKiller_Quarantine\18.05.2012_12.02.40\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmasco.O trojanC:\TDSSKiller_Quarantine\18.05.2012_12.02.40\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmasco.R trojanC:\TDSSKiller_Quarantine\18.05.2012_12.02.40\mbr0000\tdlfs0000\tsk0011.dta a variant of Win32/Olmasco.Q trojanC:\TDSSKiller_Quarantine\18.05.2012_12.02.40\mbr0000\tdlfs0000\tsk0012.dta Win64/Olmasco.X trojanC:\Windows\Installer\{d05cbaad-40bf-4a66-8bf6-bbd31405a6a6}\n a variant of Win32/Kryptik.AFTS trojanC:\Windows\Installer\{d05cbaad-40bf-4a66-8bf6-bbd31405a6a6}\U\80000032.@ probably a variant of Win32/Sirefef.EU trojanOperating memory a variant of Win32/Sirefef.EZ trojan Link to post Share on other sites More sharing options...
Staff CatByte Posted May 21, 2012 Staff ID:553284 Share Posted May 21, 2012 Hi,We're still not entirely out of the woods yet, so stay with me.Please run the following:Go to Start->Run and type in notepad and hit OK.Then copy and paste the content of the following codebox into Notepad:@echo offif exist results.txt del results.txtFOR %%H IN ("C:\Windows\Installer\{d05cbaad-40bf-4a66-8bf6-bbd31405a6a6}\n""C:\Windows\Installer\{d05cbaad-40bf-4a66-8bf6-bbd31405a6a6}\U\80000032.@") DO (attrib -r -h -s %%Hdel /q /f %%H >> results.txt 2>>&1)rmdir /S /Q "C:\Windows\Installer\{d05cbaad-40bf-4a66-8bf6-bbd31405a6a6}" >> results.txt 2>>&1del %0 start notepad results.txtdel %0 Save the file to your DESKTOP as "fix.bat". Make sure to save it with the quotes. Once saved, the icon to click should look like this on your desktop: Double click fix.bat. to run it. A small black box should open and close - this is normal.Please post the content of results.txtNEXTPlease download aswMBR.exe and save it to your desktop.Double click aswMBR.exe to start the tool. When asked if you want to download Avast's virus definitions please select Yes.Click ScanUpon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet. You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well. NEXTDownload OTL to your DesktopDouble click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.Select All UsersUnder the Custom Scan box paste this innetsvcs%SYSTEMDRIVE%\*.exe/md5startexplorer.exewinlogon.exeUserinit.exesvchost.exe/md5stop%systemroot%\*. /rp /sDRIVESCREATERESTOREPOINTClick the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Post both logsNEXTPlease advise how the computer is running now and if there are any outstanding isues Link to post Share on other sites More sharing options...
c4poa Posted May 21, 2012 Author ID:553302 Share Posted May 21, 2012 Prior to running these three scans, pc started playing music out of the blue? There were no applications running in task manager. It played for about 4 minutes while I was searching for where it came from and then it just stopped? Here are the logs and I will reboot and see what happens.results.txtMBR.zipaswMBR.txtOTL.TxtExtras.Txt Link to post Share on other sites More sharing options...
Staff CatByte Posted May 21, 2012 Staff ID:553308 Share Posted May 21, 2012 Hi,Please run the following:Run OTL.exeCopy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL:OTLMOD - [2009/07/13 20:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dllDRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ztoiwqog.sys -- (ztoiwqog)IE - HKU\S-1-5-21-1417001333-329068152-1801674531-1492\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 206.176.*;*.siouxfalls.org;*.riss.net;*.hidta.net;*.laidlawtransit.com;10.*;*.hud.gov;*.microsoft.com;*.siouxlandlib.org;oclc.org;*.hdnr.org;*.esri.com;*.usgs.*;*.slkids.org;*.geographynetwork.com;*.eeoc.gov;*.uiuonline.org;192.168.*;<local>O3 - HKU\S-1-5-21-1417001333-329068152-1801674531-1492\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.[2012/05/18 08:30:47 | 000,000,128 | ---- | M] () -- C:\ProgramData\-BqEfsLDpnJeRUBr[2012/05/18 08:30:47 | 000,000,000 | ---- | M] () -- C:\ProgramData\-BqEfsLDpnJeRUB[2012/05/18 08:30:45 | 000,000,256 | ---- | M] () -- C:\ProgramData\BqEfsLDpnJeRUB:filesC:\Windows\Installer\{d05cbaad-40bf-4a66-8bf6-bbd31405a6a6}\n C:\Windows\Installer\{d05cbaad-40bf-4a66-8bf6-bbd31405a6a6}\U\80000032.@ C:\Windows\Installer\{d05cbaad-40bf-4a66-8bf6-bbd31405a6a6}C:\Windows\assembly\GAC\Desktop.iniipconfig /flushdns /c:Commands[purity][emptytemp][Reboot]Then click the Run Fix button at the topLet the program run unhindered, reboot when it is doneThen post the OTL log NEXTPlease try running ComboFix again Link to post Share on other sites More sharing options...
c4poa Posted May 21, 2012 Author ID:553310 Share Posted May 21, 2012 reboot keeps producing full time Eset virus swr to prompt Threat found in memory. Object memory C:\windows\assembly\GAC\Desktop.ini Threat: a variant of Win32/Sirefef.EZ trojan Information: Deleted (after the next restart) But it didn't as same msg came back afer another reboot. Also still missing many items off of start menu that appear to continue to be hidden? Also many folders at root C:\ are hidden as well. Thanks for the continued help! Link to post Share on other sites More sharing options...
c4poa Posted May 21, 2012 Author ID:553320 Share Posted May 21, 2012 OTL ran and rebooted and then came up with OTL has stopped working. Check online or Close program I clicked CLOSE and then Exception Ereaderror in module OTL.exe at 00016A6B. Error Reading DiskPartitionInfo1.ActiveThen ran ComboFix successfully... attached is log..ComboFix 12-05-21.04 - isck 05/21/2012 11:29:47.2.4 - x86Running from: c:\users\isck\Desktop\ComboFix.exe * Created a new restore point..((((((((((((((((((((((((( Files Created from 2012-04-21 to 2012-05-21 )))))))))))))))))))))))))))))))..2012-05-21 15:57 . 2012-05-21 15:57 -------- d-----w- C:\_OTL2012-05-18 17:03 . 2012-05-18 17:03 -------- d-----w- C:\TDSSKiller_Quarantine2012-05-18 17:02 . 2012-05-18 19:22 28488 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2012-05-18 16:59 . 2012-05-18 16:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-05-18 16:59 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-05-18 15:17 . 2012-05-18 15:17 -------- d-----w- c:\users\isck\AppData\Local\Threat Expert2012-05-18 13:43 . 2012-05-18 15:31 -------- d-----w- c:\program files\PC Tools2012-05-18 13:42 . 2012-05-18 15:31 -------- d-----w- c:\program files\Common Files\PC Tools2012-05-18 13:42 . 2012-04-23 19:17 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys2012-05-18 13:41 . 2012-05-18 15:30 -------- d-----w- c:\programdata\PC Tools2012-05-18 13:41 . 2012-05-18 13:41 -------- d-----w- c:\users\isck\AppData\Roaming\TestApp2012-05-18 13:36 . 2012-05-18 13:36 -------- d-sh--w- c:\windows\system32\%APPDATA%2012-05-16 20:58 . 2012-05-16 20:58 105 ---ha-w- C:\prefs.js2012-05-16 20:43 . 2012-05-16 20:43 -------- d-----w- c:\users\Administrator\AppData\Local\adawarebp2012-05-16 20:20 . 2012-05-21 16:38 -------- d-----w- c:\users\isck\AppData\Local\temp2012-05-16 17:59 . 2012-05-16 21:02 -------- d-----w- c:\users\isck\AppData\Roaming\Ad-Aware Antivirus2012-05-16 16:16 . 2012-05-16 16:16 -------- d-----w- c:\users\isck\AppData\Roaming\Malwarebytes2012-05-16 16:16 . 2012-05-16 16:16 -------- d--h--w- c:\programdata\Malwarebytes2012-05-16 16:07 . 2012-05-16 16:07 -------- d-----w- c:\users\isck\AppData\Local\ESET2012-05-14 08:18 . 2012-04-18 08:06 6734704 ---ha-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{75F10B06-FFFE-43E6-AF3E-119AA575CCAB}\mpengine.dll2012-05-01 08:00 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe2012-05-01 08:00 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-04-16 19:34 . 2012-04-02 19:31 418464 ---ha-w- c:\windows\system32\FlashPlayerApp.exe2012-04-16 19:34 . 2011-06-09 20:04 70304 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-02-23 15:18 . 2010-07-16 13:21 237072 ---h--w- c:\windows\system32\MpSigStub.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2007-03-12 24627]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2011-02-17 611712]"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]"New World Update Notifier"="c:\program files\New World Systems\New World Automatic Updater\NewWorld.Management.Updater.TaskbarNotifier.exe" [2011-01-12 163840]"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]"DameWare MRC Agent"="c:\windows\system32\DWRCST.exe" [2010-04-07 85528].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"Workrave"="c:\program files\Workrave\lib\Workrave.exe" [2011-03-24 3871246].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0)"HideFastUserSwitching"= 0 (0x0).[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoSMBalloonTip"= 1 (0x1)"NoSimpleStartMenu"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"aux"=wdmaud.drv.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1417001333-329068152-1801674531-12324\Scripts\Logon\0\0]"Script"=bginfo.bat.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1417001333-329068152-1801674531-1492\Scripts\Logon\0\0]"Script"=workraveconfig.bat.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1417001333-329068152-1801674531-1499\Scripts\Logon\0\0]"Script"=workraveconfig.bat.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1417001333-329068152-1801674531-1499\Scripts\Logon\1\0]"Script"=bginfo.bat.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1417001333-329068152-1801674531-1500\Scripts\Logon\0\0]"Script"=workraveconfig.bat.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1417001333-329068152-1801674531-1557\Scripts\Logon\0\0]"Script"=workraveconfig.bat.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1417001333-329068152-1801674531-19199\Scripts\Logon\0\0]"Script"=workraveconfig.bat.R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-28 136176]R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-28 136176]R3 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run [x]R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-05-18 28488]R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-12-28 31124344]R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-16 1343400]S1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\DRIVERS\dwvkbd.sys [2007-02-15 26624]S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]S1 NEOFLTR_650_15551;Juniper Networks TDI Filter Driver (NEOFLTR_650_15551);c:\windows\system32\Drivers\NEOFLTR_650_15551.SYS [2010-04-10 85360]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]S2 AMPAgent;Dell KACE Agent;c:\program files\Dell\KACE\AMPAgent.exe [2012-01-16 2772072]S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144]S2 EFI ES1000;EFI ES1000;c:\program files\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe [2009-10-19 11776]S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-01-12 810144]S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 95384]S2 Fiery Bridge Mailbox Synchronization;Fiery Bridge Mailbox Synchronization;c:\program files\Fiery\Fiery Bridge\x86\MailboxSyncService.exe [2008-01-24 94208]S2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2010-03-17 132464]S2 NewWorldUpdaterService;New World Updater;c:\program files\New World Systems\New World Automatic Updater\NewWorld.Management.Updater.Service.exe [2011-01-12 32768]S2 NWClientUpdate;NWS Client Update;c:\program files\New World Systems\Aegis MSP\NWClientUpdate.exe [2011-04-27 53248]S3 DwMirror;DwMirror;c:\windows\system32\DRIVERS\DamewareMini.sys [2007-02-07 3712]S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2010-01-07 215208]S3 staccel;staccel;c:\windows\system32\DRIVERS\staccel.sys [2011-12-22 32864]..[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12.Contents of the 'Scheduled Tasks' folder.2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-28 17:53].2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-28 17:53]..------- Supplementary Scan -------.uStart Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_1&u=55DE4C068F6DC1B5B7E0C04FB3EAF819uInternet Settings,ProxyServer = 10.0.8.97:8080IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlIE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}Trusted Zone: ehsmed.comTrusted Zone: insiteTrusted Zone: siouxfalls.orgTrusted Zone: siouxfalls.org\utilitiespayTrusted Zone: siouxfallsparks.orgTrusted Zone: siouxfallssd.govTrusted Zone: siouxfallssd.org\cicitrix3.cityTrusted Zone: siouxfallssd.org\cityofsf.cityTrusted Zone: siouxlandlib.orgTrusted Zone: sireencoder01Trusted Zone: slkids.orgTrusted Zone: ehsmed.comTrusted Zone: insiteTrusted Zone: siouxfalls.orgTrusted Zone: siouxfalls.org\utilitiespayTrusted Zone: siouxfallsparks.orgTrusted Zone: siouxfallssd.govTrusted Zone: siouxfallssd.org\cicitrix3.cityTrusted Zone: siouxfallssd.org\cityofsf.cityTrusted Zone: siouxlandlib.orgTrusted Zone: sireencoder01Trusted Zone: slkids.orgTCP: DhcpNameServer = 10.0.8.22 10.0.8.23 10.0.8.27.- - - - ORPHANS REMOVED - - - -.ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLLNotify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\windows\system32\DWRCS.EXEc:\program files\Common Files\EFI\EFI ES-1000 Service\ES1000Server.exec:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exec:\windows\system32\atieclxx.exec:\windows\system32\conhost.exec:\program files\Adobe\Acrobat 10.0\Acrobat\AcroDist.exec:\windows\system32\sppsvc.exec:\\?\c:\windows\system32\wbem\WMIADAP.EXE.**************************************************************************.Completion time: 2012-05-21 11:42:50 - machine was rebootedComboFix-quarantined-files.txt 2012-05-21 16:42.Pre-Run: 103,628,812,288 bytes freePost-Run: 103,065,759,744 bytes free.- - End Of File - - 7368573D856F1C997794FE74EA9C8293 Link to post Share on other sites More sharing options...
Staff CatByte Posted May 21, 2012 Staff ID:553328 Share Posted May 21, 2012 please run the following:Please download Unhide.exe to your desktop:Double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the hidden attributes from all the files on your system. Note: If you had purposely hidden any files, then you will need to hide them again after this tool has run.NEXTThere should be an older ComboFix log at C:\qoobox\combofix2.txt if you can please locate itNEXTDownload and run the following script, it will restore the default Win7 start menuhttp://download.bleepingcomputer.com/grinler/fakehdd/win7-32-sm-reset.exe Link to post Share on other sites More sharing options...
c4poa Posted May 21, 2012 Author ID:553361 Share Posted May 21, 2012 Here is the OTL log I missed last time:OTL logfile created on: 5/21/2012 10:10:29 AM - Run 1OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\isck\Desktop Professional (Version = 6.1.7600) - Type = NTWorkstationInternet Explorer (Version = 8.0.7600.16385)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy3.49 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 67.60% Memory free3.49 Gb Paging File | 2.54 Gb Available in Paging File | 72.88% Paging File freePaging file location(s): [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 148.93 Gb Total Space | 95.77 Gb Free Space | 64.31% Space Free | Partition Type: NTFSDrive H: | 1658.88 Gb Total Space | 18.63 Gb Free Space | 1.12% Space Free | Partition Type: NTFSDrive J: | 1367.04 Gb Total Space | 13.10 Gb Free Space | 0.96% Space Free | Partition Type: NTFSDrive S: | 1004.40 Gb Total Space | 46.56 Gb Free Space | 4.64% Space Free | Partition Type: NTFSComputer Name: CSMSW8294 | User Name: isck | NOT logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick ScanCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2012/05/21 10:08:21 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\isck\Desktop\OTL.exePRC - [2011/07/15 23:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exePRC - [2011/04/27 13:51:18 | 000,053,248 | -H-- | M] () -- C:\Program Files\New World Systems\Aegis MSP\NWClientUpdate.exePRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exePRC - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exePRC - [2011/01/12 16:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exePRC - [2011/01/12 10:25:22 | 000,163,840 | -H-- | M] () -- C:\Program Files\New World Systems\New World Automatic Updater\NewWorld.Management.Updater.TaskbarNotifier.exePRC - [2011/01/12 10:25:22 | 000,032,768 | -H-- | M] () -- C:\Program Files\New World Systems\New World Automatic Updater\NewWorld.Management.Updater.Service.exePRC - [2010/04/07 12:12:10 | 000,085,528 | -H-- | M] (DameWare Development) -- C:\Windows\System32\DWRCST.EXEPRC - [2010/04/07 12:12:04 | 000,241,688 | -H-- | M] (DameWare Development LLC) -- C:\Windows\System32\DWRCS.EXEPRC - [2010/03/17 01:40:14 | 000,132,464 | -H-- | M] (Juniper Networks) -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exePRC - [2009/10/19 13:39:08 | 000,011,776 | -H-- | M] (Electronics for Imaging, Inc.) -- c:\Program Files\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exePRC - [2009/10/16 20:12:54 | 000,045,056 | -H-- | M] (Electronics for Imaging, Inc.) -- c:\Program Files\Common Files\EFI\EFI ES-1000 Service\ES1000Server.exePRC - [2009/08/18 02:36:36 | 000,348,160 | -H-- | M] (AMD) -- C:\Windows\System32\atieclxx.exePRC - [2009/08/18 02:36:08 | 000,176,128 | -H-- | M] (AMD) -- C:\Windows\System32\atiesrxx.exePRC - [2009/07/13 20:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE========== Modules (No Company Name) ==========MOD - [2012/02/17 04:12:45 | 000,771,584 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dllMOD - [2012/02/17 04:12:26 | 012,431,360 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ff30db6905f8ec024fc808ed8779c0f3\System.Windows.Forms.ni.dllMOD - [2012/02/17 04:12:21 | 001,586,688 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a09ee392fa90849f2e9313a1ebbe0279\System.Drawing.ni.dllMOD - [2012/02/17 04:12:08 | 005,452,800 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dllMOD - [2012/02/17 04:12:06 | 000,971,264 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dllMOD - [2012/02/17 04:12:05 | 007,952,384 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dllMOD - [2011/10/14 03:09:53 | 011,490,304 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dllMOD - [2011/03/17 00:11:16 | 004,297,568 | -H-- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODFMOD - [2011/01/12 10:25:22 | 000,163,840 | -H-- | M] () -- C:\Program Files\New World Systems\New World Automatic Updater\NewWorld.Management.Updater.TaskbarNotifier.exeMOD - [2011/01/12 10:25:12 | 000,004,096 | -H-- | M] () -- C:\Program Files\New World Systems\New World Automatic Updater\NewWorld.Management.Updater.Interfaces.dllMOD - [2010/10/20 15:45:26 | 008,801,120 | -H-- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dllMOD - [2009/07/13 20:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dllMOD - [2007/05/31 17:00:22 | 000,155,648 | -H-- | M] () -- C:\Program Files\Fiery\Fiery Bridge\x86\cfscore1.0.0.0.dll========== Win32 Services (SafeList) ==========SRV - [2012/01/16 02:24:00 | 002,772,072 | -H-- | M] (Dell Inc.) [Auto | Stopped] -- C:\Program Files\Dell\KACE\AMPAgent.exe -- (AMPAgent)SRV - [2011/04/27 13:51:18 | 000,053,248 | -H-- | M] () [Auto | Running] -- C:\Program Files\New World Systems\Aegis MSP\NWClientUpdate.exe -- (NWClientUpdate)SRV - [2011/02/16 15:35:21 | 000,655,624 | -H-- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)SRV - [2011/01/12 16:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)SRV - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)SRV - [2011/01/12 10:25:22 | 000,032,768 | -H-- | M] () [Auto | Running] -- C:\Program Files\New World Systems\New World Automatic Updater\NewWorld.Management.Updater.Service.exe -- (NewWorldUpdaterService)SRV - [2010/12/27 23:50:30 | 031,124,344 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)SRV - [2010/07/16 14:31:52 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)SRV - [2010/04/07 12:12:04 | 000,241,688 | -H-- | M] (DameWare Development LLC) [Auto | Running] -- C:\Windows\System32\DWRCS.EXE -- (DWMRCS)SRV - [2010/03/17 01:40:14 | 000,132,464 | -H-- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe -- (JuniperAccessService)SRV - [2009/10/19 13:39:08 | 000,011,776 | -H-- | M] (Electronics for Imaging, Inc.) [Auto | Running] -- c:\Program Files\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe -- (EFI ES1000)SRV - [2009/08/18 02:36:08 | 000,176,128 | -H-- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2009/04/21 12:59:02 | 002,869,760 | -H-- | M] (Aladdin Knowledge Systems Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\hasplms.exe -- (hasplms)SRV - [2008/01/24 11:00:50 | 000,094,208 | -H-- | M] (Electronics For Imaging) [Auto | Stopped] -- C:\Program Files\Fiery\Fiery Bridge\x86\MailboxSyncService.exe -- (Fiery Bridge Mailbox Synchronization)SRV - [2007/03/12 05:40:00 | 000,065,585 | -H-- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\Windows\cwbrxd.exe -- (Cwbrxd)SRV - [2000/05/24 16:20:36 | 000,015,360 | -H-- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\ATMsrvc.exe -- (ATMsrvc)========== Driver Services (SafeList) ==========DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ztoiwqog.sys -- (ztoiwqog)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\isck\AppData\Local\Temp\aswMBR.sys -- (aswMBR)DRV - [2012/05/18 14:22:20 | 000,028,488 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamchameleon.sys -- (mbamchameleon)DRV - [2011/12/22 15:28:02 | 000,032,864 | -H-- | M] (ShoreTel, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\staccel.sys -- (staccel)DRV - [2010/12/21 15:04:06 | 000,137,144 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)DRV - [2010/12/21 15:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)DRV - [2010/12/21 13:47:38 | 000,095,384 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)DRV - [2010/04/10 14:04:12 | 000,085,360 | -H-- | M] (Juniper Networks) [Kernel | System | Running] -- C:\Windows\System32\drivers\NEOFLTR_650_15551.SYS -- (NEOFLTR_650_15551) Juniper Networks TDI Filter Driver (NEOFLTR_650_15551)DRV - [2010/01/07 10:36:28 | 000,215,208 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel®DRV - [2009/10/14 12:29:54 | 000,030,880 | -H-- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL)DRV - [2009/09/17 16:54:14 | 000,041,088 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®DRV - [2009/08/18 03:48:06 | 004,994,560 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)DRV - [2009/07/13 20:19:10 | 000,175,824 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)DRV - [2009/07/13 20:19:10 | 000,040,896 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)DRV - [2009/07/13 20:19:10 | 000,028,224 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)DRV - [2009/07/13 18:28:47 | 000,005,632 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)DRV - [2009/07/13 18:28:45 | 000,017,920 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)DRV - [2009/07/13 18:12:52 | 000,030,720 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)DRV - [2009/07/09 14:18:56 | 000,587,776 | -H-- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)DRV - [2009/01/16 12:42:28 | 000,352,256 | -H-- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)DRV - [2007/02/15 05:00:00 | 000,026,624 | -H-- | M] (DameWare) [Kernel | System | Running] -- C:\Windows\System32\drivers\dwvkbd.sys -- (dwvkbd)DRV - [2007/02/07 05:00:00 | 000,003,712 | -H-- | M] (DameWare Development, LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DamewareMini.sys -- (DwMirror)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Update_Check_Page = http://insiteIE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1417001333-329068152-1801674531-1492\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_1&u=55DE4C068F6DC1B5B7E0C04FB3EAF819IE - HKU\S-1-5-21-1417001333-329068152-1801674531-1492\..\SearchScopes,DefaultScope = {B7A53ACF-CCD6-4B51-B9C4-9125CA0D716B}IE - HKU\S-1-5-21-1417001333-329068152-1801674531-1492\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKU\S-1-5-21-1417001333-329068152-1801674531-1492\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=55DE4C068F6DC1B5B7E0C04FB3EAF819&q={searchTerms}IE - HKU\S-1-5-21-1417001333-329068152-1801674531-1492\..\SearchScopes\{B7A53ACF-CCD6-4B51-B9C4-9125CA0D716B}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}IE - HKU\S-1-5-21-1417001333-329068152-1801674531-1492\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1417001333-329068152-1801674531-1492\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 206.176.*;*.siouxfalls.org;*.riss.net;*.hidta.net;*.laidlawtransit.com;10.*;*.hud.gov;*.microsoft.com;*.siouxlandlib.org;oclc.org;*.hdnr.org;*.esri.com;*.usgs.*;*.slkids.org;*.geographynetwork.com;*.eeoc.gov;*.uiuonline.org;192.168.*;<local>IE - HKU\S-1-5-21-1417001333-329068152-1801674531-1492\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.0.8.97:8080========== FireFox ==========FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not foundFF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/05/16 11:01:23 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/05/16 11:00:52 | 000,000,000 | -H-D | M]O1 HOSTS File: ([2012/05/16 14:55:03 | 000,000,027 | -H-- | M]) - C:\Windows\System32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O3 - HKU\S-1-5-21-1417001333-329068152-1801674531-1492\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.O3 - HKU\S-1-5-21-1417001333-329068152-1801674531-1492\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)O4 - HKLM..\Run: [Client Access Service] C:\Program Files\IBM\Client Access\cwbsvstr.exe (IBM Corporation)O4 - HKLM..\Run: [DameWare MRC Agent] C:\Windows\System32\DWRCST.EXE (DameWare Development)O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)O4 - HKLM..\Run: [New World Update Notifier] C:\Program Files\New World Systems\New World Automatic Updater\NewWorld.Management.Updater.TaskbarNotifier.exe ()O4 - HKU\.DEFAULT..\Run: [Workrave] C:\Program Files\Workrave\lib\Workrave.exe (The Workrave development team)O4 - HKU\S-1-5-18..\Run: [Workrave] C:\Program Files\Workrave\lib\Workrave.exe (The Workrave development team)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main presentO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows presentO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter presentO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\New Windows presentO7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\New Windows presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\New Windows presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\New Windows presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery presentO7 - HKU\S-1-5-21-1417001333-329068152-1801674531-1492\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-1417001333-329068152-1801674531-1492\Software\Policies\Microsoft\Internet Explorer\New Windows presentO7 - HKU\S-1-5-21-1417001333-329068152-1801674531-1492\Software\Policies\Microsoft\Internet Explorer\Recovery presentO7 - HKU\S-1-5-21-1417001333-329068152-1801674531-1492\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-1417001333-329068152-1801674531-1492\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1O7 - HKU\S-1-5-21-1417001333-329068152-1801674531-1492\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1O7 - HKU\S-1-5-21-1417001333-329068152-1801674531-1492\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1O7 - HKU\S-1-5-21-1417001333-329068152-1801674531-1492\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\pnrpnsp.dll File not foundO10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\pnrpnsp.dll File not foundO10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\pnrpnsp.dll File not foundO10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\pnrpnsp.dll File not foundO10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\pnrpnsp.dll File not foundO10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\pnrpnsp.dll File not foundO10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\pnrpnsp.dll File not foundO10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\pnrpnsp.dll File not foundO10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\pnrpnsp.dll File not foundO10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\pnrpnsp.dll File not foundO10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\pnrpnsp.dll File not foundO10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\pnrpnsp.dll File not foundO10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\pnrpnsp.dll File not foundO10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\pnrpnsp.dll File not foundO10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\pnrpnsp.dll File not foundO10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\pnrpnsp.dll File not foundO15 - HKLM\..Trusted Domains: ehsmed.com ([]http in Trusted sites)O15 - HKLM\..Trusted Domains: insite ([]http in Trusted sites)O15 - HKLM\..Trusted Domains: siouxfalls.org ([]http in Trusted sites)O15 - HKLM\..Trusted Domains: siouxfalls.org ([utilitiespay] https in Trusted sites)O15 - HKLM\..Trusted Domains: siouxfallsparks.org ([]http in Trusted sites)O15 - HKLM\..Trusted Domains: siouxfallssd.gov ([]http in Trusted sites)O15 - HKLM\..Trusted Domains: siouxfallssd.org ([cicitrix3.city] http in Trusted sites)O15 - HKLM\..Trusted Domains: siouxfallssd.org ([ciiprism01.city] http in Local intranet)O15 - HKLM\..Trusted Domains: siouxfallssd.org ([ciiprism01.city] https in Local intranet)O15 - HKLM\..Trusted Domains: siouxfallssd.org ([cityofsf.city] http in Trusted sites)O15 - HKLM\..Trusted Domains: siouxlandlib.org ([]http in Trusted sites)O15 - HKLM\..Trusted Domains: sireencoder01 ([]http in Trusted sites)O15 - HKLM\..Trusted Domains: slkids.org ([]http in Trusted sites)O15 - HKU\S-1-5-21-1417001333-329068152-1801674531-1492\..Trusted Domains: ehsmed.com ([]http in Trusted sites)O15 - HKU\S-1-5-21-1417001333-329068152-1801674531-1492\..Trusted Domains: insite ([]http in Trusted sites)O15 - HKU\S-1-5-21-1417001333-329068152-1801674531-1492\..Trusted Domains: siouxfalls.org ([]http in Trusted sites)O15 - HKU\S-1-5-21-1417001333-329068152-1801674531-1492\..Trusted Domains: siouxfalls.org ([utilitiespay] https in Trusted sites)O15 - HKU\S-1-5-21-1417001333-329068152-1801674531-1492\..Trusted Domains: siouxfallsparks.org ([]http in Trusted sites)O15 - HKU\S-1-5-21-1417001333-329068152-1801674531-1492\..Trusted Domains: siouxfallssd.gov ([]http in Trusted sites)O15 - HKU\S-1-5-21-1417001333-329068152-1801674531-1492\..Trusted Domains: siouxfallssd.org ([cicitrix3.city] http in Trusted sites)O15 - HKU\S-1-5-21-1417001333-329068152-1801674531-1492\..Trusted Domains: siouxfallssd.org ([ciiprism01.city] http in Local intranet)O15 - HKU\S-1-5-21-1417001333-329068152-1801674531-1492\..Trusted Domains: siouxfallssd.org ([ciiprism01.city] https in Local intranet)O15 - HKU\S-1-5-21-1417001333-329068152-1801674531-1492\..Trusted Domains: siouxfallssd.org ([cityofsf.city] http in Trusted sites)O15 - HKU\S-1-5-21-1417001333-329068152-1801674531-1492\..Trusted Domains: siouxlandlib.org ([]http in Trusted sites)O15 - HKU\S-1-5-21-1417001333-329068152-1801674531-1492\..Trusted Domains: sireencoder01 ([]http in Trusted sites)O15 - HKU\S-1-5-21-1417001333-329068152-1801674531-1492\..Trusted Domains: slkids.org ([]http in Trusted sites)O15 - HKU\S-1-5-21-1417001333-329068152-1801674531-1492\..Trusted Ranges: Range1 ([http] in Trusted sites)O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupControlXP Class)O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.8.22 10.0.8.23 10.0.8.27O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = city.siouxfallssd.orgO17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{809F1405-D635-4A71-AEC8-E869FFCDDBEB}: DhcpNameServer = 10.0.8.22 10.0.8.23 10.0.8.27O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not foundO28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not foundO28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]O32 - AutoRun File - [2000/01/18 12:01:14 | 000,002,419 | ---- | M] () - H:\AUTO.WS -- [ NTFS ]O32 - AutoRun File - [2012/03/16 13:41:05 | 000,000,000 | ---D | M] - H:\AutoCite Transfer -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *)O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)NetSvcs: FastUserSwitchingCompatibility - File not foundNetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)NetSvcs: Nla - File not foundNetSvcs: Ntmssvc - File not foundNetSvcs: NWCWorkstation - File not foundNetSvcs: Nwsapagent - File not foundNetSvcs: Sharedaccess - File not foundNetSvcs: SRService - File not foundNetSvcs: WmdmPmSp - File not foundNetSvcs: LogonHours - File not foundNetSvcs: PCAudit - File not foundNetSvcs: helpsvc - File not foundNetSvcs: uploadmgr - File not foundCREATERESTOREPOINTRestore point Set: OTL Restore Point========== Files/Folders - Created Within 30 Days ==========[2012/05/21 10:08:21 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\isck\Desktop\OTL.exe[2012/05/21 09:59:29 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\isck\Desktop\aswMBR.exe[2012/05/18 14:23:25 | 000,000,000 | --SD | C] -- C:\LOXIF[2012/05/18 12:03:49 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine[2012/05/18 11:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2012/05/18 11:59:51 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys[2012/05/18 11:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2012/05/18 10:40:01 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW[2012/05/18 10:28:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi[2012/05/18 10:17:40 | 000,000,000 | ---D | C] -- C:\Users\isck\AppData\Local\Threat Expert[2012/05/18 08:43:08 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools[2012/05/18 08:42:01 | 000,203,088 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys[2012/05/18 08:42:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools[2012/05/18 08:41:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP[2012/05/18 08:41:39 | 000,000,000 | ---D | C] -- C:\Users\isck\AppData\Roaming\TestApp[2012/05/18 08:41:39 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools[2012/05/18 08:36:45 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%[2012/05/16 16:19:48 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\isck\Desktop\dds.scr[2012/05/16 15:20:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2012/05/16 15:20:22 | 000,000,000 | -H-D | C] -- C:\Windows\temp[2012/05/16 15:20:22 | 000,000,000 | ---D | C] -- C:\Users\isck\AppData\Local\temp[2012/05/16 13:29:47 | 000,518,144 | -H-- | C] (SteelWerX) -- C:\Windows\SWREG.exe[2012/05/16 13:29:47 | 000,406,528 | -H-- | C] (SteelWerX) -- C:\Windows\SWSC.exe[2012/05/16 13:29:47 | 000,060,416 | -H-- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[2012/05/16 13:28:40 | 000,000,000 | -H-D | C] -- C:\Windows\ERDNT[2012/05/16 13:14:26 | 000,000,000 | ---D | C] -- C:\Qoobox[2012/05/16 13:00:28 | 000,000,000 | ---D | C] -- C:\Users\isck\AppData\Roaming\Blekko[2012/05/16 12:59:25 | 000,000,000 | ---D | C] -- C:\Users\isck\AppData\Roaming\Ad-Aware Antivirus[2012/05/16 12:58:05 | 006,236,280 | ---- | C] (Lavasoft Limited) -- C:\Users\isck\Desktop\Adaware_Installer.exe[2012/05/16 12:53:33 | 000,000,000 | ---D | C] -- C:\Users\isck\Desktop\tdsskiller[2012/05/16 11:21:30 | 012,903,112 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\isck\Desktop\SUPERAntiSpyware.exe[2012/05/16 11:16:47 | 000,000,000 | ---D | C] -- C:\Users\isck\AppData\Roaming\Malwarebytes[2012/05/16 11:16:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes[2012/05/16 11:14:26 | 000,000,000 | ---D | C] -- C:\Users\isck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery[2012/05/16 11:14:23 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\isck\Desktop\mbam-setup-1.61.0.1400.exe[2012/05/16 11:07:50 | 000,000,000 | ---D | C] -- C:\Users\isck\AppData\Local\ESET[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2012/05/21 10:08:21 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\isck\Desktop\OTL.exe[2012/05/21 10:07:23 | 000,000,512 | ---- | M] () -- C:\Users\isck\Desktop\MBR.dat[2012/05/21 09:59:37 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\isck\Desktop\aswMBR.exe[2012/05/21 09:33:01 | 000,000,882 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2012/05/21 04:18:58 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2012/05/21 04:18:58 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2012/05/20 15:33:03 | 000,000,878 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2012/05/18 16:02:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2012/05/18 14:22:20 | 000,028,488 | ---- | M] () -- C:\Windows\System32\drivers\mbamchameleon.sys[2012/05/18 14:11:01 | 000,000,146 | ---- | M] () -- C:\Users\isck\Desktop\Fake hdd - Malwarebytes Forum.url[2012/05/18 14:06:20 | 000,000,146 | ---- | M] () -- C:\Users\isck\Desktop\ESET can't remove Win32-Olmarik.TDL4 - Malwarebytes Forum.url[2012/05/18 11:59:52 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2012/05/18 10:17:51 | 000,000,120 | ---- | M] () -- C:\Users\isck\Desktop\Malwarebytes Forum.url[2012/05/18 08:30:47 | 000,000,128 | ---- | M] () -- C:\ProgramData\-BqEfsLDpnJeRUBr[2012/05/18 08:30:47 | 000,000,000 | ---- | M] () -- C:\ProgramData\-BqEfsLDpnJeRUB[2012/05/18 08:30:45 | 000,000,256 | ---- | M] () -- C:\ProgramData\BqEfsLDpnJeRUB[2012/05/17 11:05:34 | 000,639,058 | -H-- | M] () -- C:\Windows\System32\perfh009.dat[2012/05/17 11:05:34 | 000,111,178 | -H-- | M] () -- C:\Windows\System32\perfc009.dat[2012/05/16 16:17:55 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\isck\Desktop\dds.scr[2012/05/16 15:58:15 | 000,000,105 | -H-- | M] () -- C:\prefs.js[2012/05/16 15:53:23 | 000,869,194 | ---- | M] () -- C:\Users\isck\Desktop\SecurityCheck.exe[2012/05/16 14:55:03 | 000,000,027 | -H-- | M] () -- C:\Windows\System32\drivers\etc\hosts[2012/05/16 13:05:53 | 000,080,384 | ---- | M] () -- C:\Users\isck\Desktop\MBRCheck.exe[2012/05/16 12:59:21 | 006,236,280 | ---- | M] (Lavasoft Limited) -- C:\Users\isck\Desktop\Adaware_Installer.exe[2012/05/16 12:53:25 | 002,107,843 | ---- | M] () -- C:\Users\isck\Desktop\tdsskiller.zip[2012/05/16 12:52:38 | 000,050,477 | ---- | M] () -- C:\Users\isck\Desktop\Defogger.exe[2012/05/16 11:21:38 | 012,903,112 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\isck\Desktop\SUPERAntiSpyware.exe[2012/05/16 11:15:48 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\isck\Desktop\mbam-setup-1.61.0.1400.exe[2012/05/16 11:09:54 | 008,405,015 | -H-- | M] () -- C:\Windows\hlktmp[2012/05/14 12:11:55 | 000,000,064 | -H-- | M] () -- C:\Windows\System32\rp_stats.dat[2012/05/14 12:11:55 | 000,000,044 | -H-- | M] () -- C:\Windows\System32\rp_rules.dat[2012/05/10 13:12:12 | 004,178,504 | -H-- | M] () -- C:\Windows\System32\FNTCACHE.DAT[2012/05/10 11:17:09 | 001,216,896 | ---- | M] () -- C:\Windows\ATMREG.ATM[2012/04/23 14:17:56 | 000,203,088 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]========== Files Created - No Company Name ==========[2012/05/21 10:07:23 | 000,000,512 | ---- | C] () -- C:\Users\isck\Desktop\MBR.dat[2012/05/18 14:11:01 | 000,000,146 | ---- | C] () -- C:\Users\isck\Desktop\Fake hdd - Malwarebytes Forum.url[2012/05/18 14:06:20 | 000,000,146 | ---- | C] () -- C:\Users\isck\Desktop\ESET can't remove Win32-Olmarik.TDL4 - Malwarebytes Forum.url[2012/05/18 12:02:09 | 000,028,488 | ---- | C] () -- C:\Windows\System32\drivers\mbamchameleon.sys[2012/05/18 11:59:52 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2012/05/18 10:17:51 | 000,000,120 | ---- | C] () -- C:\Users\isck\Desktop\Malwarebytes Forum.url[2012/05/18 08:30:47 | 000,000,128 | ---- | C] () -- C:\ProgramData\-BqEfsLDpnJeRUBr[2012/05/18 08:30:47 | 000,000,000 | ---- | C] () -- C:\ProgramData\-BqEfsLDpnJeRUB[2012/05/18 08:30:45 | 000,000,256 | ---- | C] () -- C:\ProgramData\BqEfsLDpnJeRUB[2012/05/16 15:58:15 | 000,000,105 | -H-- | C] () -- C:\prefs.js[2012/05/16 15:53:19 | 000,869,194 | ---- | C] () -- C:\Users\isck\Desktop\SecurityCheck.exe[2012/05/16 13:29:47 | 000,256,000 | -H-- | C] () -- C:\Windows\PEV.exe[2012/05/16 13:29:47 | 000,208,896 | -H-- | C] () -- C:\Windows\MBR.exe[2012/05/16 13:29:47 | 000,098,816 | -H-- | C] () -- C:\Windows\sed.exe[2012/05/16 13:29:47 | 000,080,412 | -H-- | C] () -- C:\Windows\grep.exe[2012/05/16 13:29:47 | 000,068,096 | -H-- | C] () -- C:\Windows\zip.exe[2012/05/16 13:05:51 | 000,080,384 | ---- | C] () -- C:\Users\isck\Desktop\MBRCheck.exe[2012/05/16 12:53:10 | 002,107,843 | ---- | C] () -- C:\Users\isck\Desktop\tdsskiller.zip[2012/05/16 12:52:36 | 000,050,477 | ---- | C] () -- C:\Users\isck\Desktop\Defogger.exe[2012/05/16 10:24:36 | 008,405,015 | -H-- | C] () -- C:\Windows\hlktmp[2011/12/08 15:01:31 | 000,000,105 | -H-- | C] () -- C:\Windows\ODBC.INI[2011/05/02 14:17:17 | 000,000,064 | -H-- | C] () -- C:\Windows\System32\rp_stats.dat[2011/05/02 14:17:17 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\rp_rules.dat[2011/03/16 12:28:40 | 000,000,000 | -H-- | C] () -- C:\Windows\Listdb.INI[2011/03/16 12:27:18 | 000,000,000 | -H-- | C] () -- C:\Windows\TRANSfer.INI[2011/03/03 16:28:15 | 000,411,983 | -H-- | C] () -- C:\Windows\ripview.exe[2011/03/03 16:28:15 | 000,282,523 | -H-- | C] () -- C:\Windows\riplog.exe[2011/02/18 17:54:43 | 000,000,960 | -H-- | C] () -- C:\Windows\System32\DWRCCMDError.ini[2011/02/17 17:09:27 | 004,178,504 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT[2011/02/17 15:14:17 | 000,000,545 | -H-- | C] () -- C:\Windows\ODBCINST.INI[2011/02/17 15:08:06 | 000,044,344 | -H-- | C] () -- C:\Windows\System32\drivers\i1display.sys[2011/02/17 14:44:08 | 000,598,016 | -H-- | C] () -- C:\Windows\System32\psCamDat.dll[2011/02/17 14:44:08 | 000,372,736 | -H-- | C] () -- C:\Windows\System32\CDFILSYS.dll[2010/11/05 10:52:17 | 000,109,056 | ---- | C] () -- C:\Windows\System32\t2embed.dll[2010/07/16 08:36:02 | 000,024,630 | -H-- | C] () -- C:\Windows\System32\cwbunplp.exe[2010/07/16 08:35:57 | 000,172,032 | -H-- | C] () -- C:\Windows\System32\cwbrw.dll[2010/07/16 08:35:57 | 000,126,976 | -H-- | C] () -- C:\Windows\cwbzip.exe[2010/07/16 08:35:57 | 000,024,576 | -H-- | C] () -- C:\Windows\System32\cwbsv.dll[2010/07/16 08:35:57 | 000,020,529 | -H-- | C] () -- C:\Windows\System32\cwbwiz.dll[2010/07/16 08:35:57 | 000,020,480 | -H-- | C] () -- C:\Windows\System32\cwbsy.dll[2010/07/16 08:35:57 | 000,020,480 | -H-- | C] () -- C:\Windows\System32\cwbnl.dll[2010/07/16 08:35:57 | 000,020,480 | -H-- | C] () -- C:\Windows\System32\cwbco.dll[2010/07/16 08:35:57 | 000,016,384 | -H-- | C] () -- C:\Windows\System32\cwbnldlg.dll[2010/07/16 08:35:57 | 000,016,384 | -H-- | C] () -- C:\Windows\System32\cwbad.dll[2010/07/14 18:03:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin[2010/07/14 16:22:28 | 000,023,086 | RHS- | C] () -- C:\ProgramData\ntuser.pol========== LOP Check ==========[2010/07/16 13:46:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IBM[2010/07/16 13:46:18 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IBM[2010/11/05 12:47:03 | 000,000,000 | ---D | M] -- C:\Users\Default - Copy\AppData\Roaming\IBM[2010/07/16 13:46:18 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IBM[2012/05/16 16:02:55 | 000,000,000 | ---D | M] -- C:\Users\isck\AppData\Roaming\Ad-Aware Antivirus[2012/05/16 13:00:28 | 000,000,000 | ---D | M] -- C:\Users\isck\AppData\Roaming\Blekko[2012/01/24 16:08:40 | 000,000,000 | ---D | M] -- C:\Users\isck\AppData\Roaming\Fiery[2010/07/16 13:46:18 | 000,000,000 | ---D | M] -- C:\Users\isck\AppData\Roaming\IBM[2012/05/18 08:41:39 | 000,000,000 | ---D | M] -- C:\Users\isck\AppData\Roaming\TestApp[2010/07/16 13:46:18 | 000,000,000 | ---D | M] -- C:\Users\iscm\AppData\Roaming\IBM[2011/06/01 15:37:18 | 000,000,000 | ---D | M] -- C:\Users\iscs\AppData\Roaming\Fiery[2010/07/16 13:46:18 | 000,000,000 | ---D | M] -- C:\Users\iscs\AppData\Roaming\IBM[2010/07/16 13:46:18 | 000,000,000 | ---D | M] -- C:\Users\iskah\AppData\Roaming\IBM[2010/07/16 13:46:18 | 000,000,000 | ---D | M] -- C:\Users\iskb1\AppData\Roaming\IBM[2011/02/18 10:26:04 | 000,000,000 | ---D | M] -- C:\Users\isms\AppData\Roaming\Fiery[2010/07/16 13:46:18 | 000,000,000 | ---D | M] -- C:\Users\isms\AppData\Roaming\IBM[2011/03/25 16:18:58 | 000,000,000 | ---D | M] -- C:\Users\isms\AppData\Roaming\OrgPlus9[2011/02/17 17:11:06 | 000,000,000 | ---D | M] -- C:\Users\ismsa\AppData\Roaming\Fiery[2011/02/17 14:13:17 | 000,000,000 | ---D | M] -- C:\Users\ismsa\AppData\Roaming\Hemera[2010/07/16 13:46:18 | 000,000,000 | ---D | M] -- C:\Users\ismsa\AppData\Roaming\IBM[2011/02/17 14:54:07 | 000,000,000 | ---D | M] -- C:\Users\ismsa\AppData\Roaming\WinBatch[2011/02/22 12:12:53 | 000,000,000 | ---D | M] -- C:\Users\issw\AppData\Roaming\Fiery[2010/07/16 13:46:18 | 000,000,000 | ---D | M] -- C:\Users\issw\AppData\Roaming\IBM[2011/03/16 10:25:05 | 000,000,000 | ---D | M] -- C:\Users\issw\AppData\Roaming\ShoreWare Client[2011/02/18 12:03:39 | 000,000,000 | ---D | M] -- C:\Users\matttest\AppData\Roaming\Fiery[2010/07/16 13:46:18 | 000,000,000 | ---D | M] -- C:\Users\matttest\AppData\Roaming\IBM[2012/02/08 09:11:12 | 000,000,000 | ---D | M] -- C:\Users\msjg\AppData\Roaming\Dictaphone[2011/03/16 10:43:30 | 000,000,000 | ---D | M] -- C:\Users\msjg\AppData\Roaming\Fiery[2011/10/06 14:17:04 | 000,000,000 | ---D | M] -- C:\Users\msjg\AppData\Roaming\Hemera[2010/07/16 13:46:18 | 000,000,000 | ---D | M] -- C:\Users\msjg\AppData\Roaming\IBM[2011/03/16 12:44:53 | 000,000,000 | ---D | M] -- C:\Users\msjg\AppData\Roaming\New World Systems[2011/07/25 08:56:11 | 000,000,000 | ---D | M] -- C:\Users\msjg\AppData\Roaming\OrgPlus9[2012/05/16 06:39:56 | 000,000,000 | ---D | M] -- C:\Users\msjg\AppData\Roaming\ShoreWare Client[2011/03/24 12:56:00 | 000,000,000 | ---D | M] -- C:\Users\msjg\AppData\Roaming\UPD_TEMP[2011/03/16 12:42:00 | 000,000,000 | ---D | M] -- C:\Users\msjg\AppData\Roaming\WeatherBug[2011/06/23 06:28:48 | 000,000,000 | ---D | M] -- C:\Users\msjg\AppData\Roaming\Workrave[2011/06/30 18:07:01 | 000,000,000 | ---D | M] -- C:\Users\msjh\AppData\Roaming\Dictaphone[2011/06/30 16:05:12 | 000,000,000 | ---D | M] -- C:\Users\msjh\AppData\Roaming\Fiery[2010/07/16 13:46:18 | 000,000,000 | ---D | M] -- C:\Users\msjh\AppData\Roaming\IBM[2011/06/30 19:49:49 | 000,000,000 | ---D | M] -- C:\Users\msjh\AppData\Roaming\UPD_TEMP[2011/04/25 12:10:17 | 000,000,000 | ---D | M] -- C:\Users\msjk\AppData\Roaming\Fiery[2010/07/16 13:46:18 | 000,000,000 | ---D | M] -- C:\Users\msjk\AppData\Roaming\IBM[2011/04/14 12:38:26 | 000,000,000 | ---D | M] -- C:\Users\mssv\AppData\Roaming\Fiery[2010/07/16 13:46:18 | 000,000,000 | ---D | M] -- C:\Users\mssv\AppData\Roaming\IBM[2011/02/18 11:51:00 | 000,000,000 | ---D | M] -- C:\Users\off10pro\AppData\Roaming\Fiery[2010/07/16 13:46:18 | 000,000,000 | ---D | M] -- C:\Users\off10pro\AppData\Roaming\IBM[2012/01/10 17:27:26 | 000,000,000 | ---D | M] -- C:\Users\prrd\AppData\Roaming\Fiery[2010/07/16 13:46:18 | 000,000,000 | ---D | M] -- C:\Users\prrd\AppData\Roaming\IBM[2012/01/10 17:44:32 | 000,000,000 | ---D | M] -- C:\Users\prrd\AppData\Roaming\ShoreWare Client[2012/05/18 16:02:17 | 000,032,594 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT========== Purity Check ==================== Custom Scans ==========< %SYSTEMDRIVE%\*.exe >< MD5 for: EXPLORER.EXE >[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe[2011/02/26 00:33:07 | 002,614,784 | -H-- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\ERDNT\cache\explorer.exe[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe< MD5 for: SVCHOST.EXE >[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe[2009/07/13 20:14:41 | 000,020,992 | -H-- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe< MD5 for: USERINIT.EXE >[2009/07/13 20:14:43 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe< MD5 for: WINLOGON.EXE >[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe[2009/10/28 01:17:59 | 000,285,696 | -H-- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe[2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe[2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe[2009/10/28 00:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe[2009/07/13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe< %systemroot%\*. /rp /s >========== Drive Information ==========Physical Drives---------------Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk mediaInterface type: IDEMedia Type: Fixed hard disk mediaModel: ST3160318AS ATA DevicePartitions: 2Status: OKStatus Info: 0Partitions---------------DeviceID: Disk #0, Partition #0PartitionType: Installable File SystemBootable: TrueBootPartition: TruePrimaryPartition: TrueSize: 0.00GBStarting Offset: 1048576Hidden sectors: 0DeviceID: Disk #0, Partition #1PartitionType: Installable File SystemBootable: FalseBootPartition: FalsePrimaryPartition: TrueSize: 149.00GBStarting Offset: 105906176Hidden sectors: 0< >========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction========== Alternate Data Streams ==========@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2< End of report >The unhide items seemed to help with folders but the start menu, program shortcuts under the folders are still gone. Many say (empty). For example I click start, programs, MS Office 2010, and the only thing I see is a folder with MS Office 2010 Tools and when I click that it only has (empty). Under Microsoft Silverlight is same thing (empty). Thanks again! Link to post Share on other sites More sharing options...
Staff CatByte Posted May 22, 2012 Staff ID:553826 Share Posted May 22, 2012 Hi,were you able to run the instructions from this post here?http://forums.malwarebytes.org/index.php?showtopic=109967&view=findpost&p=553328(especially the zip folder)Please delete the copy of ComboFix that you have on your desktop and download a fresh copy and run it (it's recently been updated)http://download.bleepingcomputer.com/sUBs/ComboFix.exe Link to post Share on other sites More sharing options...
c4poa Posted May 23, 2012 Author ID:554018 Share Posted May 23, 2012 I was able to run both the unhide and win7-32-sm-reset.exe sucessfully. Not sure what you mean by (especially the zip folder)??Here is new ComboLog.txt from freshly downloaded/new copy of comboFix:ComboFix 12-05-23.01 - isck 05/23/2012 9:22.3.4 - x86Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3575.2368 [GMT -5:00]Running from: c:\users\isck\Desktop\ComboFix.exeAV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\msjk\Desktop\Internet Explorer.lnkc:\users\mssv\Desktop\Internet Explorer.lnk..((((((((((((((((((((((((( Files Created from 2012-04-23 to 2012-05-23 )))))))))))))))))))))))))))))))..2012-05-22 16:14 . 2012-05-22 16:15 -------- d-----w- c:\users\isck\AppData\Local\Google2012-05-22 15:41 . 2012-05-22 15:42 -------- d-----w- c:\users\isck\AppData\Roaming\vlc2012-05-22 15:37 . 2012-05-22 15:37 -------- d-----w- c:\users\isck\AppData\Roaming\ShoreWare Client2012-05-22 15:10 . 2012-05-22 15:10 -------- d-----w- c:\users\isck\AppData\Roaming\Dictaphone2012-05-21 15:57 . 2012-05-21 15:57 -------- d-----w- C:\_OTL2012-05-18 17:03 . 2012-05-18 17:03 -------- d-----w- C:\TDSSKiller_Quarantine2012-05-18 17:02 . 2012-05-18 19:22 28488 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2012-05-18 16:59 . 2012-05-18 16:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-05-18 16:59 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-05-18 15:17 . 2012-05-18 15:17 -------- d-----w- c:\users\isck\AppData\Local\Threat Expert2012-05-18 13:43 . 2012-05-18 15:31 -------- d-----w- c:\program files\PC Tools2012-05-18 13:42 . 2012-05-18 15:31 -------- d-----w- c:\program files\Common Files\PC Tools2012-05-18 13:42 . 2012-04-23 19:17 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys2012-05-18 13:41 . 2012-05-18 15:30 -------- d-----w- c:\programdata\PC Tools2012-05-18 13:41 . 2012-05-18 13:41 -------- d-----w- c:\users\isck\AppData\Roaming\TestApp2012-05-18 13:36 . 2012-05-18 13:36 -------- d-sh--w- c:\windows\system32\%APPDATA%2012-05-16 20:58 . 2012-05-16 20:58 105 ----a-w- C:\prefs.js2012-05-16 20:43 . 2012-05-16 20:43 -------- d-----w- c:\users\Administrator\AppData\Local\adawarebp2012-05-16 17:59 . 2012-05-16 21:02 -------- d-----w- c:\users\isck\AppData\Roaming\Ad-Aware Antivirus2012-05-16 16:16 . 2012-05-16 16:16 -------- d-----w- c:\users\isck\AppData\Roaming\Malwarebytes2012-05-16 16:16 . 2012-05-16 16:16 -------- d-----w- c:\programdata\Malwarebytes2012-05-16 16:07 . 2012-05-16 16:07 -------- d-----w- c:\users\isck\AppData\Local\ESET2012-05-14 08:18 . 2012-04-18 08:06 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{75F10B06-FFFE-43E6-AF3E-119AA575CCAB}\mpengine.dll2012-05-01 08:00 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe2012-05-01 08:00 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-04-16 19:34 . 2012-04-02 19:31 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-04-16 19:34 . 2011-06-09 20:04 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl..((((((((((((((((((((((((((((( SnapShot@2012-05-16_19.56.32 ))))))))))))))))))))))))))))))))))))))))).+ 2009-07-14 04:55 . 2012-05-22 16:10 38110 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin+ 2012-05-18 14:13 . 2012-05-21 11:47 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat+ 2012-05-21 13:12 . 2012-05-21 14:30 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012052120120522\index.dat+ 2012-05-21 13:12 . 2012-05-21 13:10 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012051420120521\index.dat+ 2012-05-18 13:35 . 2012-05-18 13:35 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT+ 2012-05-18 13:36 . 2012-05-21 14:50 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat+ 2012-05-18 13:36 . 2012-05-18 13:35 16384 c:\windows\System32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat+ 2011-02-11 20:42 . 2012-05-18 15:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2011-02-11 20:42 . 2012-05-16 18:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2012-05-18 15:33 . 2012-05-18 15:31 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat+ 2012-05-18 15:33 . 2012-05-18 15:31 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat+ 2012-05-18 15:33 . 2012-05-18 15:31 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat+ 2011-02-11 20:42 . 2012-05-18 15:33 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2011-02-11 20:42 . 2012-05-16 18:16 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2010-07-14 21:17 . 2012-05-18 15:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat- 2010-07-14 21:17 . 2012-05-16 18:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2011-02-13 07:13 . 2012-05-23 16:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2011-02-13 07:13 . 2012-05-16 15:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2010-07-15 15:09 . 2012-05-16 15:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2010-07-15 15:09 . 2012-05-23 16:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2012-05-22 16:15 . 2012-05-22 16:15 65536 c:\windows\Installer\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe+ 2012-05-22 16:15 . 2012-05-22 16:15 65536 c:\windows\Installer\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe+ 2012-05-22 16:15 . 2012-05-22 16:15 65536 c:\windows\Installer\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe+ 2012-05-22 16:15 . 2012-05-22 16:15 65536 c:\windows\Installer\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe+ 2012-05-22 16:15 . 2012-05-22 16:15 65536 c:\windows\Installer\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe+ 2012-05-22 16:15 . 2012-05-22 16:15 65536 c:\windows\Installer\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe+ 2012-05-22 16:15 . 2012-05-22 16:15 65536 c:\windows\Installer\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}\ARPPRODUCTICON.exe+ 2010-11-05 16:00 . 2012-05-22 16:10 1676 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1417001333-329068152-1801674531-1492_UserData.bin+ 2012-05-21 16:00 . 2012-05-23 14:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat- 2012-05-16 16:04 . 2012-05-16 18:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat+ 2012-05-21 16:00 . 2012-05-23 14:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat- 2012-05-16 16:04 . 2012-05-16 18:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat+ 2009-07-14 02:05 . 2012-05-23 14:32 651272 c:\windows\System32\perfh009.dat+ 2009-07-14 02:05 . 2012-05-23 14:32 115196 c:\windows\System32\perfc009.dat- 2010-07-14 21:13 . 2012-05-16 16:47 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat+ 2010-07-14 21:13 . 2012-05-21 14:58 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat+ 2011-02-11 20:33 . 2012-05-23 16:20 409600 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2012-05-19 08:25 . 2012-05-20 02:16 495876 c:\windows\System32\config\systemprofile\AppData\Roaming\Adobe\Acrobat\9.0\UserCache.bin- 2009-07-14 02:03 . 2012-05-16 19:55 7340032 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT+ 2009-07-14 02:03 . 2012-05-23 15:39 7340032 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT+ 2011-02-11 20:33 . 2012-05-23 16:20 8011776 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2012-04-14 09:44 . 2012-04-14 09:44 1328128 c:\windows\Installer\100a2f.msi+ 2009-07-14 04:41 . 2012-05-23 16:20 11960320 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2007-03-12 24627]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2011-02-17 611712]"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]"New World Update Notifier"="c:\program files\New World Systems\New World Automatic Updater\NewWorld.Management.Updater.TaskbarNotifier.exe" [2011-01-12 163840]"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]"DameWare MRC Agent"="c:\windows\system32\DWRCST.exe" [2010-04-07 85528].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"Workrave"="c:\program files\Workrave\lib\Workrave.exe" [2011-03-24 3871246].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0)"HideFastUserSwitching"= 0 (0x0).[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoSMBalloonTip"= 1 (0x1)"NoSimpleStartMenu"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"aux"=wdmaud.drv.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1417001333-329068152-1801674531-12324\Scripts\Logon\0\0]"Script"=bginfo.bat.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1417001333-329068152-1801674531-1492\Scripts\Logon\0\0]"Script"=workraveconfig.bat.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1417001333-329068152-1801674531-1499\Scripts\Logon\0\0]"Script"=workraveconfig.bat.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1417001333-329068152-1801674531-1499\Scripts\Logon\1\0]"Script"=bginfo.bat.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1417001333-329068152-1801674531-1500\Scripts\Logon\0\0]"Script"=workraveconfig.bat.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1417001333-329068152-1801674531-1557\Scripts\Logon\0\0]"Script"=workraveconfig.bat.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1417001333-329068152-1801674531-19199\Scripts\Logon\0\0]"Script"=workraveconfig.bat.R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-28 136176]R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-28 136176]R3 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run [x]R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-05-18 28488]R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-12-28 31124344]R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-16 1343400]S1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\DRIVERS\dwvkbd.sys [2007-02-15 26624]S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]S1 NEOFLTR_650_15551;Juniper Networks TDI Filter Driver (NEOFLTR_650_15551);c:\windows\system32\Drivers\NEOFLTR_650_15551.SYS [2010-04-10 85360]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]S2 AMPAgent;Dell KACE Agent;c:\program files\Dell\KACE\AMPAgent.exe [2012-01-16 2772072]S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144]S2 EFI ES1000;EFI ES1000;c:\program files\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe [2009-10-19 11776]S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-01-12 810144]S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 95384]S2 Fiery Bridge Mailbox Synchronization;Fiery Bridge Mailbox Synchronization;c:\program files\Fiery\Fiery Bridge\x86\MailboxSyncService.exe [2008-01-24 94208]S2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2010-03-17 132464]S2 NewWorldUpdaterService;New World Updater;c:\program files\New World Systems\New World Automatic Updater\NewWorld.Management.Updater.Service.exe [2011-01-12 32768]S2 NWClientUpdate;NWS Client Update;c:\program files\New World Systems\Aegis MSP\NWClientUpdate.exe [2011-04-27 53248]S3 DwMirror;DwMirror;c:\windows\system32\DRIVERS\DamewareMini.sys [2007-02-07 3712]S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2010-01-07 215208]S3 staccel;staccel;c:\windows\system32\DRIVERS\staccel.sys [2011-12-22 32864]..[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12.Contents of the 'Scheduled Tasks' folder.2012-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-28 17:53].2012-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-28 17:53]..------- Supplementary Scan -------.uStart Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_1&u=55DE4C068F6DC1B5B7E0C04FB3EAF819uInternet Settings,ProxyServer = 10.0.8.97:8080IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}Trusted Zone: ehsmed.comTrusted Zone: insiteTrusted Zone: siouxfalls.orgTrusted Zone: siouxfalls.org\utilitiespayTrusted Zone: siouxfallsparks.orgTrusted Zone: siouxfallssd.govTrusted Zone: siouxfallssd.org\cicitrix3.cityTrusted Zone: siouxfallssd.org\cityofsf.cityTrusted Zone: siouxlandlib.orgTrusted Zone: sireencoder01Trusted Zone: slkids.orgTrusted Zone: ehsmed.comTrusted Zone: insiteTrusted Zone: siouxfalls.orgTrusted Zone: siouxfalls.org\utilitiespayTrusted Zone: siouxfallsparks.orgTrusted Zone: siouxfallssd.govTrusted Zone: siouxfallssd.org\cicitrix3.cityTrusted Zone: siouxfallssd.org\cityofsf.cityTrusted Zone: siouxlandlib.orgTrusted Zone: sireencoder01Trusted Zone: slkids.orgTCP: DhcpNameServer = 10.0.8.22 10.0.8.23 10.0.8.27..--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\windows\system32\DWRCS.EXEc:\program files\Common Files\EFI\EFI ES-1000 Service\ES1000Server.exec:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exec:\windows\system32\atieclxx.exec:\windows\servicing\TrustedInstaller.exec:\windows\system32\taskhost.exec:\windows\system32\conhost.exec:\program files\Adobe\Acrobat 10.0\Acrobat\AcroDist.exe.**************************************************************************.Completion time: 2012-05-23 11:25:49 - machine was rebootedComboFix-quarantined-files.txt 2012-05-23 16:25ComboFix2.txt 2012-05-21 16:42.Pre-Run: 100,720,222,208 bytes freePost-Run: 100,791,574,528 bytes free.- - End Of File - - 2651EA3D8F8CBCFE7C01BCEF439DE689 Link to post Share on other sites More sharing options...
c4poa Posted May 23, 2012 Author ID:554023 Share Posted May 23, 2012 maybe this explains why I have mising icons?Unhide by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/Copyright 2008-2012 BleepingComputer.comMore Information about Unhide.exe can be found at this link: http://www.bleepingcomputer.com/forums/topic405109.htmlProgram started at: 05/21/2012 01:04:08 PMWindows Version: Windows 7Please be patient while your files are made visible again.Processing the C:\ driveFinished processing the C:\ drive. 267997 files processed.The C:\Users\isck\AppData\Local\Temp\smtmp\ folder does not exist!!Unhide cannot restore your missing shortcuts!!Please see this topic in order to learn how to restore defaultStart Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.htmlSearching for Windows Registry changes made by FakeHDD rogues. - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop * HidNoChangingWallPaperden policy was found and deleted! - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced * Start_ShowPrinters was set to 0! It was set back to 1! * Start_ShowSetProgramAccessAndDefaults was set to 0! It was set back to 1! * Start_ShowNetConn was set to 0! It was set back to 1! * Start_TrackDocs was set to 0! It was set back to 1! * Start_TrackProgs was set to 0! It was set back to 1! * Start_ShowUser was set to 0! It was set back to 1! * Start_ShowMyGames was set to 0! It was set back to 1!Restarting Explorer.exe in order to apply changes.Program finished at: 05/21/2012 01:08:11 PMExecution time: 0 hours(s), 4 minute(s), and 2 seconds(s) Link to post Share on other sites More sharing options...
Staff CatByte Posted May 23, 2012 Staff ID:554132 Share Posted May 23, 2012 yes, malware moves them into a temporary folder, which unfortunately was emptied before unhide.exe was run.The programs are still on your system, the shortcuts just need to be rebuilt, if you give me a list of what you are missing, we can work through rebuilding them.(sometimes it's just easier to reinstall the programs)Are there any other outstanding issues?Did the win7-32-sm-reset.exe restore the default entries? Link to post Share on other sites More sharing options...
Recommended Posts